Re: [Idr] some questions from {RC, LC, EC} analysis presentation in GROW

Michel Py <> Tue, 10 August 2021 02:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 73A183A2282; Mon, 9 Aug 2021 19:27:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id lErDPULZsOlB; Mon, 9 Aug 2021 19:27:50 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id D50473A22AC; Mon, 9 Aug 2021 19:27:49 -0700 (PDT)
Received: from newserver.arneill-py.local ([fe80::498f:921e:4318:b41]) by newserver.arneill-py.local ([fe80::498f:921e:4318:b41%12]) with mapi id 14.03.0513.000; Mon, 9 Aug 2021 19:27:42 -0700
From: Michel Py <>
To: 'Zhuangshunwan' <>, "Sriram, Kotikalapudi (Fed)" <>
CC: IDR <>, GROW WG <>
Thread-Topic: some questions from {RC, LC, EC} analysis presentation in GROW
Thread-Index: AQHXiHXG0T0iPqYYLk6NCjnOwJ+5gatinG8AgADwG9OAB9cbw4AAmMdAgAAKoVA=
Date: Tue, 10 Aug 2021 02:27:41 +0000
Message-ID: <F04ED1585899D842B482E7ADCA581B84A9BD196E@newserver.arneill-py.local>
References: <>, <>, <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: [fe80::498f:921e:4318:b41]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Idr] some questions from {RC, LC, EC} analysis presentation in GROW
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 10 Aug 2021 02:28:04 -0000

> Zhuangshunwan wrote :
> then if other communities "ASN:666" are widespread in the wild

They are.

I am the operator of one of the largest ASN:666 BGP blacklist feeds; in the past, I have opposed the standardization of ASN:666 because the text was too vague.
Long story made short : there is not enough separation between source-based BGP backlists and destination-based ones.

As of now, it appears to me that destination-based ASN:666 communities are becoming a de-facto standard; which means that my own source-based ASN:666 BGP feed needs to adopt another community.

I suggest that, if some standardization effort is to take place again, the ASN:666 scheme is used for destination-based BGP blacklist feeds, and that the ASN:888 scheme is used for source-based BGP backlist feeds.
In there, I am happy to follow the lead of Team Cymru in their bogon BGP feed, which is the origin of all BGP blacklist feeds.

In other words : the :666 community shall be used when one wants to backlist one's own prefixes (possibly a /32), a destination-based backlist. While the :888 community shall be used when one wants to blacklist an IP address by the source, which means a high level of trust in the feed, as any contributor to said feed has potentially the ability to blacklist a source IP.

Respectfully submitted.