What's a bogon?

By stretch | Wednesday, January 21, 2009 at 12:00 a.m. UTC

A bogon route is a type of route which shouldn't exist on the global Internet. More specifically, "bogon" (derived from the word "bogus") refers to an advertisement for a prefix within a reserved or otherwise unallocated IP network.

A service provider assigns IP prefixes to customers from the blocks it receives from its regional Internet registry (RIR) like ARIN or RIPE. These registries in turn have been granted large chunks of the IP address space from IANA. To date, most of the IPv4 address space has already been allocated to registries; this address space shortage is the primary motivation behind the migration to IPv6. However, some IPv4 blocks remain unallocated or reserved, and should never be seen on the Internet.

A current list of all prefixes as allocated (or not) by IANA can be found here. The list effectively partitions the sum of all IPv4 address space into 256 /8 chunks and lists the status of each. Below is an excerpt from IANA's database:

Prefix  Designation                       Date      Whois               Status

000/8   IANA - Local Identification       1981-09                       RESERVED
001/8   IANA                                                            UNALLOCATED
002/8   IANA                                                            UNALLOCATED
003/8   General Electric Company          1994-05                       LEGACY
...
076/8   ARIN                              2005-06   whois.arin.net      ALLOCATED
077/8   RIPE NCC                          2006-08   whois.ripe.net      ALLOCATED
...

Notice the status of each block. 0.0.0.0/8 is reserved whereas 1.0.0.0/8 and 2.0.0.0/8 are unallocated. A route advertising a subnet within any of these blocks is considered a bogon. The remaining addresses in the excerpt are valid; 76.0.0.0/8 and 77.0.0.0/8 have been allocated to ARIN and RIPE, respectively, and 3.0.0.0/8 was assigned to General Electric in the early days of the Internet back when IANA assigned prefixes to organizations directly.

So why do bogons appear on the Internet in the first place? Unfortunately, many ISPs fail to prudently filter route advertisements they receive from customers. As such, bogon routes originated from these customers sometimes make it onto the Internet. This may be accidental, as is typically the case with reserved ranges, or it may be done maliciously by a site serving malware, for example.

Fortunately blocking bogon routes at a high level is fairly straightforward. A number of bogon lists are maintained to ease the implementation of bogon filters, such as those by Team Cymru. More advanced methods of bogon tracking include peering with a dedicated route server or automatically referencing WHOIS filters, but updating a simple access list on a regular basis will suffice for most organizations. The key is to remember that the bogon list is dynamic, and prefixes will be added and removed over time.

About the Author

Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.

Posted in Routing

Comments


wildrussian (guest)
January 21, 2009 at 11:21 p.m. UTC

Good info! I check your web site every morning looking for interesting information. Thanks.


Magellan (guest)
October 15, 2009 at 4:52 a.m. UTC

What is "000/8 IANA - Local Identification" reserved for?

Can I use it for internal/private devices or commercial (interal only) networking products?


JacksLivr
January 4, 2011 at 5:59 a.m. UTC

You could use it. As long as you filtered it going out the network. I'm not sure you want to get into a habit of picking arbitrary addresses for numbering. Are the current 1918 address pools not big enough for you?

Comments have closed for this article due to its age.