An empirical study of "bogon" route advertisements

Abstract

An important factor in the robustness of the interdomain routing system is whether the routers in autonomous systems (ASes) filter routes for "bogon" address space---i.e., private address space and address space that has not been allocated by the Internet Assigned Numbers Authority (IANA). This paper presents an empirical study of bogon route announcements, as observed at eight vantage points on the Internet. On average, we observe several bogon routes leaked every few days; a small number of ASes also temporarily leak hundreds of bogon routes. About 40% of these bogon routes are not withdrawn for at least a day. We observed 110 different ASes originating routes for bogon prefixes and a few ASes that were responsible for advertising a disproportionate number of these routes. We also find that some ASes that do filter unallocated prefixes continue to filter them for as long as five months after they have been allocated, mistakenly filtering valid routes. Both of these types of delinquencies have serious implications: the failure to filter valid prefixes can could make nefarious activities such as denial of service attacks difficult to trace; failure to update filters when new prefixes are allocated prevents legitimate routes from being globally visible.