Adding Martian Addresses

Problem

You want to add a martian address to the JUNOS default martian list.

Solution

Specify the martian address in the [edit routing-options] hierarchy:

	[edit routing-options]
	aviva@router1# set martians 1.0.0.0/0 tHRough 1.0.0.0/32

 

Discussion

Martian addresses are prefixes reserved for a specific purpose and not subject to future allocation by the IANA. You should never see traffic from these prefixes; if you do, it generally indicates that a system somewhere on the network is misconfigured. By default, the JUNOS software ignores all martian addresses and does not install them in the routing table. The JUNOS software maintains the following martian addresses by default:

	aviva@router1> show route martians
	inet.0:
	 0.0.0.0/0 exact -- allowed
	 0.0.0.0/8 orlonger -- 
disallowed
	 127.0.0.0/8 orlonger -- disallowed
	 128.0.0.0/16 orlonger -- disallowed
	 191.255.0.0/16 orlonger -- disallowed
	 192.0.0.0/24 orlonger -- disallowed
	 223.255.255.0/24 orlonger -- disallowed
	 240.0.0.0/4 orlonger -- disallowed
	…
	inet6.0:
	 ::1/128 exact -- disallowed

These correspond to the all-zeros and all-ones classful network numbers, as well as the Class E network space. All of the former addresses were reserved by IANA (and many still are), and routing for the latter is undefined.

There is no permanent list of martian addresses because the address spaces that IANA chooses to reserve and make available for allocation change over time. Some martian addresses are not included in the JUNOS defaults, and some of the address blocks included in the JUNOS software default martian list have since been made available for allocation by IANA (see RFC 3330).

This recipe adds an address to the martian list on a router. Look at the martian routes in the routing table to verify that the address has been added:

	aviva@router1> show route martians table inet.0
	inet.0:
	 0.0.0.0/0 exact -- allowed
	 0.0.0.0/8 orlonger -- disallowed
	 127.0.0.0/8 orlonger -- disallowed
	 128.0.0.0/16 orlonger -- disallowed
	 191.255.0.0/16 orlonger -- disallowed
	 192.0.0.0/24 orlonger -- disallowed
	 223.255.255.0/24 orlonger -- disallowed
	 240.0.0.0/4 orlonger -- disallowed
	 1.0.0.0/0 through 1.0.0.0/32-- disallowed

The disallowed keyword in the output means that the route is treated like a martian and is blocked.

As the IANA allocations change, you will want to remove some of the prefix blocks from the list to override the defaults. To change the JUNOS defaults so the only martians are 0.0.0.0/8 (addresses on this network), 127.0.0.0/8 (loopback address), and 240.0.0.0/4 (experimental address block, formerly the Class E addresses), configure the martian addresses to allow the remaining defaults:

	[edit routing-options]
	aviva@router1# set martians 128.0.0.0/16 orlonger allow
	aviva@router1# set martians 191.255.0.0/16 orlonger allow
	aviva@router1# set martians 192.0.0.0/24 orlonger allow
	aviva@router1# set martians 223.255.255.0/24 orlonger allow

You can verify that these prefixes are now accepted:

	aviva@router1> show route martians table inet.0
	inet.0:
	 0.0.0.0/0 exact -- 
allowed
	 0.0.0.0/8 orlonger -- disallowed
	 127.0.0.0/8 orlonger -- disallowed
	 128.0.0.0/16 orlonger -- allowed
	 191.255.0.0/16 orlonger -- allowed
	 192.0.0.0/24 orlonger -- allowed
	 223.255.255.0/24 orlonger -- allowed
	 240.0.0.0/4 orlonger -- disallowed

The allowed keyword in the output means that the routes are now accepted.

RFC 3330, Special-Use IPv4 Addresses, describes specialized IPv4 address blocks that have been assigned to IANA to manage. Team Cymru maintains information about other prefixes that you might want to mark as martians (see http://www.cymru.com/gillsr/documents/junos-bgp-template.pdf and http://www.cymru.com/gillsr/documents/junos-martians.txt).

See Also

RFC 3330, Special-Use IPv4 Addresses and Team Cmyru (http://www.cymru.com/gillsr/documents/junos-bgp-template.pdf and http://www.cymru.com/gillsr/documents/junos-martians.txt)


Router Configuration and File Management

Basic Router Security and Access Control

IPSec

SNMP

Logging

NTP

Router Interfaces

IP Routing

Routing Policy and Firewall Filters

RIP

IS-IS

OSPF

BGP

MPLS

VPNs

IP Multicast



JUNOS Cookbook
Junos Cookbook (Cookbooks (OReilly))
ISBN: 0596100140
EAN: 2147483647
Year: 2007
Pages: 290
Authors: Aviva Garrett

Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net