Hi,
If you are referring to a visible routing advertisement for 1.2.3.0/24 in the global BGP routing tables, then nothing has been seen of this prefix.
If you are referring to the use of individual addresses drawn from this prefix in local contexts, then the profile of unsolicited traffic that is directed to this address points to an inference of a considerable level of local use of this prefix, which of course if unauthorised local use given that this prefix has not been allocated or assigned for end use.
If you are referring to further studies of the "dark traffic" in 1.2.3.0/24 as a followup to the original work in 2010, then we have not performed any followup analysis of this prefix since then, but as the incoming traffic was so large at the time, and the studies on 1.0.0.0/24 and 1.1.1.0/24 point to increasing traffic since then, there is no reason to believe that the fate of 1.2.3.0/24 is any different
Is this prefix useable in local contexts? Its a balance between this unauthorised use and the associated traffic profile associated with this address, and the desire of some operators to use "memorable" IP addresses for DNS services. Some folk may find this attractive, despite the downside of associated noise, while others will continue to use "quieter" IP addresses for such a service.
kind regards,
Geoff
On 27 Jan 2014, at 4:10 pm, Aftab Siddiqui aftab.siddiqui@gmail.com wrote:
Hi Geoff,
Do we have any stats showing how many times 1.2.3.4/24 was hijacked in past 1 month.
Regards,
Aftab A. Siddiqui
On Mon, Jan 27, 2014 at 2:11 AM, Geoff Huston gih@apnic.net wrote:
On 27 Jan 2014, at 4:04 am, Jahangir Hossain jrjahangir@gmail.com wrote:
Is it not possible to minimize this unsolicited incoming traffic ?
Nope - thats the problem with unsolicited incoming traffic!
The way in which you can limit this incoming dross is to limit the scope of the advertisement of the prefix.
I'd certainly recommend to anyone contemplating using this prefix in the manner proposed here is that they use BGP's NOEXPORT community and similar means to limit the extent to which the route advertisement is propagated.
regards,
Geoff
sig-policy mailing list
sig-policy@lists.apnic.net
http://mailman.apnic.net/mailman/listinfo/sig-policy