Adding Martian Addresses

Problem

You want to add a martian address to the JUNOS default martian list.

Solution

Specify the martian address in the [edit routing-options] hierarchy:

[edit routing-options] aviva@router1# set martians 1.0.0.0/0 tHRough 1.0.0.0/32

 

Discussion

Martian addresses are prefixes reserved for a specific purpose and not subject to future allocation by the IANA. You should never see traffic from these prefixes; if you do, it generally indicates that a system somewhere on the network is misconfigured. By default, the JUNOS software ignores all martian addresses and does not install them in the routing table. The JUNOS software maintains the following martian addresses by default:

aviva@router1> show route martians inet.0: 0.0.0.0/0 exact -- allowed 0.0.0.0/8 orlonger -- disallowed 127.0.0.0/8 orlonger -- disallowed 128.0.0.0/16 orlonger -- disallowed 191.255.0.0/16 orlonger -- disallowed 192.0.0.0/24 orlonger -- disallowed 223.255.255.0/24 orlonger -- disallowed 240.0.0.0/4 orlonger -- disallowed … inet6.0: ::1/128 exact -- disallowed

These correspond to the all-zeros and all-ones classful network numbers, as well as the Class E network space. All of the former addresses were reserved by IANA (and many still are), and routing for the latter is undefined.

There is no permanent list of martian addresses because the address spaces that IANA chooses to reserve and make available for allocation change over time. Some martian addresses are not included in the JUNOS defaults, and some of the address blocks included in the JUNOS software default martian list have since been made available for allocation by IANA (see RFC 3330).

This recipe adds an address to the martian list on a router. Look at the martian routes in the routing table to verify that the address has been added:

aviva@router1> show route martians table inet.0 inet.0: 0.0.0.0/0 exact -- allowed 0.0.0.0/8 orlonger -- disallowed 127.0.0.0/8 orlonger -- disallowed 128.0.0.0/16 orlonger -- disallowed 191.255.0.0/16 orlonger -- disallowed 192.0.0.0/24 orlonger -- disallowed 223.255.255.0/24 orlonger -- disallowed 240.0.0.0/4 orlonger -- disallowed 1.0.0.0/0 through 1.0.0.0/32-- disallowed

The disallowed keyword in the output means that the route is treated like a martian and is blocked.

As the IANA allocations change, you will want to remove some of the prefix blocks from the list to override the defaults. To change the JUNOS defaults so the only martians are 0.0.0.0/8 (addresses on this network), 127.0.0.0/8 (loopback address), and 240.0.0.0/4 (experimental address block, formerly the Class E addresses), configure the martian addresses to allow the remaining defaults:

[edit routing-options] aviva@router1# set martians 128.0.0.0/16 orlonger allow aviva@router1# set martians 191.255.0.0/16 orlonger allow aviva@router1# set martians 192.0.0.0/24 orlonger allow aviva@router1# set martians 223.255.255.0/24 orlonger allow

You can verify that these prefixes are now accepted:

aviva@router1> show route martians table inet.0 inet.0: 0.0.0.0/0 exact -- allowed 0.0.0.0/8 orlonger -- disallowed 127.0.0.0/8 orlonger -- disallowed 128.0.0.0/16 orlonger -- allowed 191.255.0.0/16 orlonger -- allowed 192.0.0.0/24 orlonger -- allowed 223.255.255.0/24 orlonger -- allowed 240.0.0.0/4 orlonger -- disallowed

The allowed keyword in the output means that the routes are now accepted.

RFC 3330, Special-Use IPv4 Addresses, describes specialized IPv4 address blocks that have been assigned to IANA to manage. Team Cymru maintains information about other prefixes that you might want to mark as martians (see http://www.cymru.com/gillsr/documents/junos-bgp-template.pdf and http://www.cymru.com/gillsr/documents/junos-martians.txt).

See Also

RFC 3330, Special-Use IPv4 Addresses and Team Cmyru (http://www.cymru.com/gillsr/documents/junos-bgp-template.pdf and http://www.cymru.com/gillsr/documents/junos-martians.txt)

Related

Категории