[c-nsp] smaller PI
Jon Lewis
jlewis at lewis.org
Wed Jun 30 09:57:47 EDT 2010
On Wed, 30 Jun 2010 tkapela at gmail.com wrote:
> ...And several shops filter on per-/8 RIR allocation min + maxes, too! Bassically, a /24 isn't a safe, global assumption, unless from swamp space and/or a RIR portion specifically created for micro-allocations.
>
> Take note of the cisco "isp ingress strcit" prefix list on the ftp site. Folks *are* using the examples linked from:
>
> http://blogs.cisco.com/security/comments/surprise_all_your_prefix_are_belong_to_us/
Or you could look at http://jonsblog.lewis.org/2008/01/19#bgp
IIRC, even when I wrote that, there were one or more /8s from which RIPE
said the longest prefix they'd allocate was >24. 91/8, 193/8, and 194/7
are all listed as longest prefix = /29! When I wrote the filter
referenced above, I chose to ignore this and filter these ranges denying
/25 and longer.
Does RIPE really expect everyone to accept BGP routes as long as /29?
I just checked our BGP feed from Level3, and they're not sending us
anything longer than /24.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list