On Wed, 30 Jun 2010 tkap...@gmail.com wrote:
...And several shops filter on per-/8 RIR allocation min + maxes, too!
Bassically, a /24 isn't a safe, global assumption, unless from swamp space
and/or a RIR portion specifically created for micro-allocations.
Take note of the cisco "isp ingress strcit" prefix list on the ftp site. Folks
*are* using the examples linked from:
http://blogs.cisco.com/security/comments/surprise_all_your_prefix_are_belong_to_us/
Or you could look at http://jonsblog.lewis.org/2008/01/19#bgp
IIRC, even when I wrote that, there were one or more /8s from which RIPE
said the longest prefix they'd allocate was >24. 91/8, 193/8, and 194/7
are all listed as longest prefix = /29! When I wrote the filter
referenced above, I chose to ignore this and filter these ranges denying
/25 and longer.
Does RIPE really expect everyone to accept BGP routes as long as /29?
I just checked our BGP feed from Level3, and they're not sending us
anything longer than /24.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
