What are bogons


(Martin M) #1

We started using LAG interfaces to help with some pt to pt business customers having an issue reaching certain sites and I was told it is due to Bogon issues. I do not understand what bogons are and what they do.


(Lazaros Agapides) #2

Hello Martin

Bogons are bogus IP addresses, that is fake addresses. Bogon space is a term used to refer to the range of IP addresses that are not allowable or routable on the Internet. These addresses are not in any range allocated or delegated by the Internet Assigned Numbers Authority (IANA) or a delegated regional Internet registry (RIR) and are not allowed for public Internet use. An example of bogons is the attempted use of private IP addresses on the Internet. Addresses such as 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and 169.254.0.0/16 are reserved for private use and are not allowed on the Internet.

Bogon filtering is the process by which you filter addresses within these ranges on interfaces where you know they should not exist. For example, you would perform bogon filtering on an Internet-facing interface, because any packet that arrives with a private IP address on such an interface must be bogus, and thus may be part of an attempt at an attack on the network.

I hope this has been helpful!

Laz


(Martin M) #3

so is there a list of bogons that can be referenced to update the bogons being filtered. Why would bogons not be filtered? Is there a reason not to filter them. Can multiple uplinks to a network device with individual link addresses cause bogon issues?


(Lazaros Agapides) #4

Hello Martin

Specifically, the following IPv4 ranges are considered bogons:

0.0.0.0/8
10.0.0.0/8
100.64.0.0/10
127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.0.0.0/24
192.0.2.0/24
192.168.0.0/16
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24
224.0.0.0/3

Once again, these are IP address ranges that you should NEVER see on an Internet facing interface on the edge of your network. Best practice dictates that you should always implement at the very least an incoming access list on Internet facing interfaces that blocks these addresses. More precisely, such filtering should be implemented on the edge device that has a routable public IP address on its Internet facing interface.

If you have multiple links, you may have a situation where packets being sent on one of the uplinks have private IP addresses in the IP headers, and these packets somehow make it to an interface with a public IP address that may have bogon filtering configured. You should verify that the private and public address spaces you use have no situations in which they would coexist on the same network segment.

I hope this has been helpful!

Laz