Download Complete PDF Send Feedback Print This Page

Previous

Synchronize Contents

Next

Martian Addresses

Martians are networks that are considered illegal to be routed on the Internet.

Related Topics

Martian Addresses Overview

martian

Martian Addresses Overview

The martian command allows additions to the list of martian addresses. An accept option can also be specified to explicitly allow a subset of a range that was disallowed. The martian command can also be used for route filtering. Any prefixes that are declared to be martians will be automatically filtered out from all received and advertised routes. However routes already in the routing table will not be removed if declared as martian until the next neighbor or protocol reset (for example, a BGP neighbor soft reconfig).

RFC 1918 specifies these networks as part of the private Internet space:

  • 10.0.0.0 - 10.255.255.255 (10/8 prefix)
  • 172.16 - 172.31.255.255 (172.16/12 prefix)
  • 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

The prefixes are considered un-routable between autonomous systems. However, these prefixes can be routed within autonomous systems. Advanced Routing Suite does not treat these as martian addresses, but the martian command will allow you to treat private address space as illegal for routing within an autonomous system. RFC 1700 specifies common usage for IP numbers.

The default list of martians is:

  • 127/8 (127.0.0.0 netmask 255.0.0.0) - 127.x.x.x is specified by RFC 1700 to loop back addresses. RFC 1700 (page 4, item g) states "these addresses should never appear outside a host". Address 127.0.0.1 is normally used as a loopback address.
  • 224/3 - these are the multicast addresses.

martian

Name

martian - configures a martian address

Syntax

martian ipv4-addr ipv4-address [ mask mask |
masklen masklen ] [ accept | reject ]
[ (ge length) || (le length) ]?

no martian ipv4-addr ipv4-address [ mask mask |
masklen masklen ] [ accept | reject ]
[ (ge length) || (le length) ]?

Mode

Global Configuration

Parameters

IPv4

ipv4-addr ipv4-address - specify ipv4-addr with an address in dotted-quad format that, when combined with mask or masklen, specifies a set of martian addresses

mask mask | masklen masklen - specify either an integer mask length (from 0 to 32, inclusive) or specify a contiguous mask in dotted-quad format

accept | reject - specify whether the prefix should be allowed to be routed or should be rejected

ge length - optionally specify that the configured martian matches prefix and mask pairs with exactly the same prefix address and with mask lengths that are greater than or equal to this value. The value range for length is 0 to 32, inclusive. Additionally, it must be at least the value of masklen (or the number of significant bits in mask) and no greater than the value of le.

le length - optionally specify that the configured martian matches prefix and mask pairs with exactly the same prefix address and with mask lengths that are less than or equal to this value. The value range for length is 0 to 32, inclusive. Additionally, it must be at least the value of masklen (or the number of significant bits in mask) and no less than the value of ge.

Description

Use the martian command to configure one or more martian addresses. Martians are networks that are considered illegal to be routed on the Internet. This command allows you to specify private Internet space as un-routable. Conversely, you can use the accept option to explicitly allow a subset of a range that was disallowed.

If neither ge nor le is specified, then ge and le default to the configured masklen (or to the IPv4 contiguous mask value).

If ge is specified, but le is not, then le defaults to the maximum mask length for the address family.

If le is specified but ge is not, then ge defaults to masklen.

Note: Order is not important when specifying ranges. For example, you may want to configure a range to be unroutable, then configure a more specific range within that range to be routable. The lookup always finds the most specific entry (the match with the longest prefix) regardless of the order in which the entries were entered.

Default

The default list of martians include:

127/8 - specified by RFC 1700 to loop back addresses. RFC 1700 (page 4, item g) states "these addresses should never appear outside a host." Address 127.0.0.1 is normally used as a loopback address.

224/3 - the multicast addresses

Command History

NGC 2.2 - This command was introduced.

Examples

Example 1

The following example configures 35/8 as a martian prefix.

(config)# martian ipv4-addr 35.0.0.0 masklen 8 reject

Example 2

In this example, the IPv4 address 127.168.14.15, which would normally be considered a martian route per RFC 1918, is removed from the martian list.

(config)# martian ipv4-addr 127.168.14.15 masklen 32 accept

Example 3

The following example configures the IPv4 addresses within 32.0.0.0, with a mask-length of 8 and a prefix length of at least 16, as martian addresses.

(config)# martian ipv4-addr 32.0.0.0 masklen 8 reject ge 16

  
Top of Page ©2013 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print