[c-nsp] smaller PI

Jon Lewis jlewis at lewis.org
Wed Jun 30 09:57:47 EDT 2010


On Wed, 30 Jun 2010 tkapela at gmail.com wrote:

> ...And several shops filter on per-/8 RIR allocation min + maxes, too! Bassically, a /24 isn't a safe, global assumption, unless from swamp space and/or a RIR portion specifically created for micro-allocations.
>
> Take note of the cisco "isp ingress strcit" prefix list on the ftp site. Folks *are* using the examples linked from:
>
> http://blogs.cisco.com/security/comments/surprise_all_your_prefix_are_belong_to_us/

Or you could look at http://jonsblog.lewis.org/2008/01/19#bgp

IIRC, even when I wrote that, there were one or more /8s from which RIPE 
said the longest prefix they'd allocate was >24.  91/8, 193/8, and 194/7 
are all listed as longest prefix = /29!  When I wrote the filter 
referenced above, I chose to ignore this and filter these ranges denying 
/25 and longer.

Does RIPE really expect everyone to accept BGP routes as long as /29?

I just checked our BGP feed from Level3, and they're not sending us 
anything longer than /24.

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


More information about the cisco-nsp mailing list