Browse Source

When ARIN prepared for the IPv4-pocolypse, they put aside a /10 for

**smaller than /24 allocations**.  Our default ruleset will not allow
those, even though they will be for various pieces of critical dual-stack
infrastructure to help IPv6-only systems survive.
This adds a default rule to allow those blocks.  With it, I see the
RIPE announced test blocks on our AMS-IX peers.
ARIN announced this block and policy at, enjoy
https://www.arin.net/announcements/2014/20140130.html
OK benno@, claudio@, sthen@, florian@
OPENBSD_5_9
phessler 9 years ago
parent
commit
7c2e84f5c2
1 changed files with 7 additions and 1 deletions
  1. +7
    -1
      src/etc/examples/bgpd.conf

+ 7
- 1
src/etc/examples/bgpd.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: bgpd.conf,v 1.1 2014/07/11 17:10:30 henning Exp $
# $OpenBSD: bgpd.conf,v 1.2 2015/09/11 14:55:30 phessler Exp $
# sample bgpd configuration file # sample bgpd configuration file
# see bgpd.conf(5) # see bgpd.conf(5)
@ -87,6 +87,12 @@ allow from any inet6 prefixlen 16 - 48
#allow from any prefix 0.0.0.0/0 #allow from any prefix 0.0.0.0/0
#allow from any prefix ::/0 #allow from any prefix ::/0
# https://www.arin.net/announcements/2014/20140130.html
# This block will be subject to a minimum size allocation of /28 and a
# maximum size allocation of /24. ARIN should use sparse allocation when
# possible within that /10 block.
allow from any inet prefix 23.128.0.0/10 prefixlen 24 - 28 # ARIN IPv6 transition
# filter bogus networks according to RFC5735 # filter bogus networks according to RFC5735
deny from any prefix 0.0.0.0/8 prefixlen >= 8 # 'this' network [RFC1122] deny from any prefix 0.0.0.0/8 prefixlen >= 8 # 'this' network [RFC1122]
deny from any prefix 10.0.0.0/8 prefixlen >= 8 # private space [RFC1918] deny from any prefix 10.0.0.0/8 prefixlen >= 8 # private space [RFC1918]


Loading…
Cancel
Save