RFC3330

From: PANDI MOORTHY (moorthypandi@gmail.com)
Date: Sat Dec 29 2007 - 12:51:14 ART

• Next message: Scott Morris: "RE: RFC3330"
• Previous message: Darren Johnson: "RE: Lab Config Management"
• Next in thread: Scott Morris: "RE: RFC3330"
• Maybe reply: Scott Morris: "RE: RFC3330"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi

This is regarding Scott Morris previous post on RFC3330 address

Could you please confirm do we need to include these address to the filter
list?

14.0.0.0/8 -- Public data network

24.0.0.0/8 --- Cable TV network

192.88.99.0/24 --- 6to4 Relay Anycast

I am reading the RFC, looks like the above address also included

http://www.faqs.org/rfcs/rfc3330.html

These are the prefix already included in my Prefix filter:

--------------------------------------------------------------

ip prefix-list AS1009-FILTER seq 15 deny 10.0.0.0/8 le 32

ip prefix-list AS1009-FILTER seq 20 deny 172.16.0.0/12 le 32

ip prefix-list AS1009-FILTER seq 25 deny 192.168.0.0/16 le 32

* *

ip prefix-list AS1009-FILTER seq 30 deny 224.0.0.0/4 le 32

ip prefix-list AS1009-FILTER seq 35 deny 240.0.0.0/4 le 32

ip prefix-list AS1009-FILTER seq 40 deny 0.0.0.0/8 le 32

ip prefix-list AS1009-FILTER seq 45 deny 127.0.0.0/8 le 32

ip prefix-list AS1009-FILTER seq 50 deny 128.0.0.0/16 le 32

ip prefix-list AS1009-FILTER seq 55 deny 191.255.0.0/16 le 32

ip prefix-list AS1009-FILTER seq 60 deny 192.0.0.0/24 le 32

ip prefix-list AS1009-FILTER seq 65 deny 233.255.255.0/24 le 32

ip prefix-list AS1009-FILTER seq 70 deny 192.0.2.0/24 le 32

ip prefix-list AS1009-FILTER seq 75 deny 198.18.0.0/15 le 32

ip prefix-list AS1009-FILTER seq 80 deny 169.254.0.0/16 le 32

ip prefix-list AS1009-FILTER seq 90 permit 0.0.0.0/0 le 32

Regards
Pandi

Scott Morris to Arun, Koen, comserv
show details Mar 31 Reply

There was also a post we discussed RFC3330 just a couple weeks ago:
On Thu, 15 Mar 2007, Scott Morris wrote:
| There's a number of networks from that list that have been deprecated
| from filtering (e.g. they've been assigned!)...
|
| But You should already know the RFC 1918 ones (included), then others
| should be obvious:
|
| 127/8 Loopbacks
| 169.254/16 Microsoft
| 224/4 Multicast
| 240/4 Research
|
| Then there's the first and last class of each class grouping:
|
| 0/8 and 127/8 (above)
| 128/16 and 191.255/16
| 192.0.0/24 and 223.255.255/24
|
| Then there are some odd ones for testing purposes:
|
| 192.0.2/24
| 198.18/15
|
| All the rest have been otherwise allocated.
|
| So if you just understand the breakdowns there, honestly, about the
| only thing to really memorize (something new anyway) are those two
| testing networks.
|
| Just my thoughts. Yes, it's irritating, but not that bad!
|
HTH,

Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPexpert VP - Curriculum Development
IPexpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Arun
Kumar Arumuganainar
Sent: Saturday, March 31, 2007 1:05 AM
To: Koen Zeilstra; comserv@groupstudy.com
Subject: RE: filtering on RFC3330 & Brussels SP this friday
Hi ,
This is what I found in a Cisco Technote for Various infrastructure
protection ACL
http://cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a
1
a55.shtml
!--- Deny special-use address sources.!--- Refer to RFC 3330 for additional
special use addresses.access-list 110 deny ip host 0.0.0.0 anyaccess-list
110 deny ip 127.0.0.0 0.255.255.255 anyaccess-list 110 deny ip 192.0.2.0
0.0.0.255 anyaccess-list 110 deny ip 224.0.0.0 31.255.255.255 any!--- Filter
RFC 1918 space.access-list 110 deny ip 10.0.0.0 0.255.255.255 anyaccess-list
110 deny ip 172.16.0.0 0.15.255.255 anyaccess-list 110 deny ip 192.168.0.0
0.0.255.255
any!--- Deny your space as source from entering your AS.!--- Deploy only at
the AS edge.access-list 110 deny ip YOUR_CIDR_BLOCK any!--- Permit
BGP.access-list 110 permit tcp host bgp_peer host router_ip eq bgp
access-list 110 permit tcp host bgp_peer eq bgp host router_ip!--- Deny
access to internal infrastructure addresses.access-list 110 deny ip any
INTERNAL_INFRASTRUCTURE_ADDRESSES!--- Permit transit traffic.access-list 110
permit ip any any

> Date: Wed, 28 Mar 2007 12:46:08 +0000> From: koen@koenzeilstra.com> To:
comserv@groupstudy.com> Subject: filtering on RFC3330 & Brussels SP this
friday> > Hi group,> > What would be the best prefix list to filter on
friday> > RFC3330
addresses in > routing updates?> > ip prefix-list RFC3330 deny 0.0.0.0/8 le
32> ip prefix-list RFC3330 deny 10.0.0.0/8 le 32> ip prefix-list RFC3330
32> deny
14.0.0.0/8 le 32> ip prefix-list RFC3330 deny 24.0.0.0/8 le 32> ip
prefix-list RFC3330 deny 39.0.0.0/8 le 32> ip prefix-list RFC3330 deny
127.0.0.0/8 le 32> ip prefix-list RFC3330 deny 128.0.0.0/16 le 32> ip
prefix-list RFC3330 deny
169.254.0.0/16 le 32> ip prefix-list RFC3330 deny 172.16.0.0/12 le 32> ip
prefix-list RFC3330 deny 191.255.0.0/16 le 32> ip prefix-list RFC3330 deny
192.0.0.0/24 le 32> ip prefix-list RFC3330 deny 192.0.2.0/24 le 32> ip
prefix-list RFC3330 deny 192.88.99.0/24 le 32> ip prefix-list RFC3330 deny
192.168.0.0/16 le 32> ip prefix-list RFC3330 deny 198.18.0.0/15 le 32> ip
prefix-list RFC3330 deny 223.255.255.255.0/24 le 32> ip prefix-list RFC3330
deny 224.0.0.0/4 le 32> ip prefix-list RFC3330 deny 240.0.0.0/4 le 32> ip
prefix-list RFC3330 permit 0.0.0.0/0 le 32> !> > Is there anyone going to
Brussels for SP this Friday??> > regards,> > Koen> >

• Next message: Scott Morris: "RE: RFC3330"
• Previous message: Darren Johnson: "RE: Lab Config Management"
• Next in thread: Scott Morris: "RE: RFC3330"
• Maybe reply: Scott Morris: "RE: RFC3330"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:32 ARST