[NLNOG] bgp filter guide bogon prefixes 192.88.99.0/24

Job Snijders job at instituut.net
Tue Jun 25 14:58:55 CEST 2019 

Hi all,

Thanks for reaching out! It is always enjoyable to see people use the
things that we created! :-)

Christopher is spot-on. This aspect of global 6to4 anycast experiment
has been deprecated, because we've come to learn that relying on 6to4
proved to be a challenge.

If you look at IANA's "IPv4 Special Registry"
https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
we can confirm that the 192.88.99.0/24 prefix no longer is assigned
for the purposes of 6to4. At the time when RFC 7526 was written it was
perhaps too early to have IETF consensus on whether recommending or
mandating a degree of packet filtering or route filtering the
192.88.99.0/24 prefix. This is why there is a bit of a time gap
between the publication of the RFC and me actually recommending to add
the prefix to your bogon list.

As an anecdotal datapoint: NTT's Global IP Network (AS 2914) added
"192.88.99.0/24 le 32" and "2002::/16 le 128" to its bogon filters in
June 2018 and has not received any notifications that this posed an
issue for any of our customers or partners. See
https://seclists.org/nanog/2018/Jun/411

Kind regards,

Job

On Tue, Jun 25, 2019 at 2:40 PM Hansen, Christoffer
<christoffer at netravnen.de> wrote:
>
> personal opinion here.
>
> On 25/06/2019 10:41, Lannert, Julian wrote:
> > Can you tell me the reasoning behind the decision to include this prefix in your bogon list?
>
> Reading rfc7526[0]
> """
> 6.  Operational Recommendations
>
>    (...) Internet service
>    providers that do not operate an anycast relay but do provide their
>    customers with a route to 192.88.99.1 SHOULD verify that it does in
>    fact lead to an operational anycast relay (...)
>
> 7.  IANA Considerations
>
>    (...)
>    "Deprecated (6to4 Relay Anycast)" and added a reference to this RFC.
>    (...)
>
> """
>
> Reading the above. It makes sense to include it since status has changed
> to deprecated. rfc7526 is from May 2015. Job only recently-ish included
> 192.88.99.0/24 in the guide (June 2018) [1].
>
> Reading writeup[2]
> """
> Technical Summary
>
>    (...) It recommends that future products should not support 6to4
>    anycast and that existing deployments should be reviewed. (...)
> """
>
> In the light of 6to4 should be less-and-less supported by newer
> products. It makes perfect sense to start explicitly blocking the prefix
> in the DFZ, too.
>
> /christoffer
>
> [0]: https://tools.ietf.org/html/rfc7526
> [1]: https://github.com/NLNOG/bgpfilterguide/commit/488ad78
> [2]:
> https://datatracker.ietf.org/doc/draft-ietf-v6ops-6to4-to-historic/shepherdwriteup/
>

More information about the NLNOG mailing list