What's a bogon?
By stretch | Wednesday, January 21, 2009 at 12:00 a.m. UTC
A bogon route is a type of route which shouldn't exist on the global Internet. More specifically, "bogon" (derived from the word "bogus") refers to an advertisement for a prefix within a reserved or otherwise unallocated IP network.
A service provider assigns IP prefixes to customers from the blocks it receives from its regional Internet registry (RIR) like ARIN or RIPE. These registries in turn have been granted large chunks of the IP address space from IANA. To date, most of the IPv4 address space has already been allocated to registries; this address space shortage is the primary motivation behind the migration to IPv6. However, some IPv4 blocks remain unallocated or reserved, and should never be seen on the Internet.
A current list of all prefixes as allocated (or not) by IANA can be found here. The list effectively partitions the sum of all IPv4 address space into 256 /8 chunks and lists the status of each. Below is an excerpt from IANA's database:
Prefix Designation Date Whois Status 000/8 IANA - Local Identification 1981-09 RESERVED 001/8 IANA UNALLOCATED 002/8 IANA UNALLOCATED 003/8 General Electric Company 1994-05 LEGACY ... 076/8 ARIN 2005-06 whois.arin.net ALLOCATED 077/8 RIPE NCC 2006-08 whois.ripe.net ALLOCATED ...
Notice the status of each block. 0.0.0.0/8 is reserved whereas 188.8.131.52/8 and 184.108.40.206/8 are unallocated. A route advertising a subnet within any of these blocks is considered a bogon. The remaining addresses in the excerpt are valid; 220.127.116.11/8 and 18.104.22.168/8 have been allocated to ARIN and RIPE, respectively, and 22.214.171.124/8 was assigned to General Electric in the early days of the Internet back when IANA assigned prefixes to organizations directly.
So why do bogons appear on the Internet in the first place? Unfortunately, many ISPs fail to prudently filter route advertisements they receive from customers. As such, bogon routes originated from these customers sometimes make it onto the Internet. This may be accidental, as is typically the case with reserved ranges, or it may be done maliciously by a site serving malware, for example.
Fortunately blocking bogon routes at a high level is fairly straightforward. A number of bogon lists are maintained to ease the implementation of bogon filters, such as those by Team Cymru. More advanced methods of bogon tracking include peering with a dedicated route server or automatically referencing WHOIS filters, but updating a simple access list on a regular basis will suffice for most organizations. The key is to remember that the bogon list is dynamic, and prefixes will be added and removed over time.
About the Author
Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.
Posted in Routing
January 21, 2009 at 11:21 p.m. UTC
Good info! I check your web site every morning looking for interesting information. Thanks.
October 15, 2009 at 4:52 a.m. UTC
What is "000/8 IANA - Local Identification" reserved for?
Can I use it for internal/private devices or commercial (interal only) networking products?
January 4, 2011 at 5:59 a.m. UTC
You could use it. As long as you filtered it going out the network. I'm not sure you want to get into a habit of picking arbitrary addresses for numbering. Are the current 1918 address pools not big enough for you?