Re: [Idr] some questions from {RC, LC, EC} analysis presentation in GROW
Michel Py <michel@arneill-py.sacramento.ca.us> Tue, 10 August 2021 02:27 UTC
Return-Path: <michel@arneill-py.sacramento.ca.us>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73A183A2282; Mon, 9 Aug 2021 19:27:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lErDPULZsOlB; Mon, 9 Aug 2021 19:27:50 -0700 (PDT)
Received: from arneill-py.sacramento.ca.us (arneill-py.sacramento.ca.us [173.166.233.21]) by ietfa.amsl.com (Postfix) with ESMTP id D50473A22AC; Mon, 9 Aug 2021 19:27:49 -0700 (PDT)
Received: from newserver.arneill-py.local ([fe80::498f:921e:4318:b41]) by newserver.arneill-py.local ([fe80::498f:921e:4318:b41%12]) with mapi id 14.03.0513.000; Mon, 9 Aug 2021 19:27:42 -0700
From: Michel Py <michel@arneill-py.sacramento.ca.us>
To: 'Zhuangshunwan' <zhuangshunwan@huawei.com>, "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
CC: IDR <idr@ietf.org>, GROW WG <grow@ietf.org>
Thread-Topic: some questions from {RC, LC, EC} analysis presentation in GROW
Thread-Index: AQHXiHXG0T0iPqYYLk6NCjnOwJ+5gatinG8AgADwG9OAB9cbw4AAmMdAgAAKoVA=
Date: Tue, 10 Aug 2021 02:27:41 +0000
Message-ID: <F04ED1585899D842B482E7ADCA581B84A9BD196E@newserver.arneill-py.local>
References: <SA1PR09MB8142ADE02512DB13887086AC84F09@SA1PR09MB8142.namprd09.prod.outlook.com>, <76c169816a174f4c8907af0e8b64b932@huawei.com>, <SA1PR09MB8142D8366448EDD90909FDEC84F19@SA1PR09MB8142.namprd09.prod.outlook.com> <SA1PR09MB8142699ECB6700439DC4D32A84F69@SA1PR09MB8142.namprd09.prod.outlook.com> <a618abaf2b1f41419aabd03c8b16aa20@huawei.com>
In-Reply-To: <a618abaf2b1f41419aabd03c8b16aa20@huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [fe80::498f:921e:4318:b41]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/imjTzXSwSRdex-hSV2znfFLjzes>
Subject: Re: [Idr] some questions from {RC, LC, EC} analysis presentation in GROW
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Aug 2021 02:28:04 -0000
> Zhuangshunwan wrote : > then if other communities "ASN:666" are widespread in the wild They are. I am the operator of one of the largest ASN:666 BGP blacklist feeds; in the past, I have opposed the standardization of ASN:666 because the text was too vague. Long story made short : there is not enough separation between source-based BGP backlists and destination-based ones. As of now, it appears to me that destination-based ASN:666 communities are becoming a de-facto standard; which means that my own source-based ASN:666 BGP feed needs to adopt another community. I suggest that, if some standardization effort is to take place again, the ASN:666 scheme is used for destination-based BGP blacklist feeds, and that the ASN:888 scheme is used for source-based BGP backlist feeds. In there, I am happy to follow the lead of Team Cymru in their bogon BGP feed, which is the origin of all BGP blacklist feeds. https://team-cymru.com/community-services/bogon-reference/bogon-reference-bgp/ In other words : the :666 community shall be used when one wants to backlist one's own prefixes (possibly a /32), a destination-based backlist. While the :888 community shall be used when one wants to blacklist an IP address by the source, which means a high level of trust in the feed, as any contributor to said feed has potentially the ability to blacklist a source IP. Respectfully submitted. Michel.
- [Idr] some questions from {RC, LC, EC} analysis p… Sriram, Kotikalapudi (Fed)
- Re: [Idr] [GROW] some questions from {RC, LC, EC}… Nick Hilliard
- Re: [Idr] some questions from {RC, LC, EC} analys… Zhuangshunwan
- Re: [Idr] some questions from {RC, LC, EC} analys… Sriram, Kotikalapudi (Fed)
- Re: [Idr] some questions from {RC, LC, EC} analys… Sriram, Kotikalapudi (Fed)
- Re: [Idr] some questions from {RC, LC, EC} analys… Zhuangshunwan
- Re: [Idr] some questions from {RC, LC, EC} analys… Zhuangshunwan
- Re: [Idr] some questions from {RC, LC, EC} analys… Michel Py
- Re: [Idr] some questions from {RC, LC, EC} analys… Zhuangshunwan
- Re: [Idr] some questions from {RC, LC, EC} analys… Sriram, Kotikalapudi (Fed)
- Re: [Idr] some questions from {RC, LC, EC} analys… Zhuangshunwan