> Zhuangshunwan wrote : > then if other communities "ASN:666" are widespread in the wild
They are. I am the operator of one of the largest ASN:666 BGP blacklist feeds; in the past, I have opposed the standardization of ASN:666 because the text was too vague. Long story made short : there is not enough separation between source-based BGP backlists and destination-based ones. As of now, it appears to me that destination-based ASN:666 communities are becoming a de-facto standard; which means that my own source-based ASN:666 BGP feed needs to adopt another community. I suggest that, if some standardization effort is to take place again, the ASN:666 scheme is used for destination-based BGP blacklist feeds, and that the ASN:888 scheme is used for source-based BGP backlist feeds. In there, I am happy to follow the lead of Team Cymru in their bogon BGP feed, which is the origin of all BGP blacklist feeds. https://team-cymru.com/community-services/bogon-reference/bogon-reference-bgp/ In other words : the :666 community shall be used when one wants to backlist one's own prefixes (possibly a /32), a destination-based backlist. While the :888 community shall be used when one wants to blacklist an IP address by the source, which means a high level of trust in the feed, as any contributor to said feed has potentially the ability to blacklist a source IP. Respectfully submitted. Michel. _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
