RE: rfc 1918?

[woods () weird com (Greg A. Woods)]

[ On Thursday, February 22, 2001 at 19:12:14 (-0500), Mark Radabaugh wrote: ]
> Subject: RE: rfc 1918?
>
>  I can see that packets destined for RFC1918 addresses will leave our network
> (due to default routes) but are promptly dropped at the first BGP speaking
> router they encounter.  Is it worth the extra router processing time to check
> all outgoing packet destinations as well?  I can't see where this extra
> filtering is worth the trouble.

I suppose that depends on just how far away the first BGP speaking
router is from your network border(s), and how properly configured it
is.

In practical terms I suppose it also depends on just exactly what
filtering technology you've deployed, and just exactly how close it is
to being overloaded.  If you are already pushing your router's CPU too
hard (and if your filters are done by your router's CPU rather than an
ASIC) then obviously reducing your filter load will be in your own best
interests and not filtering destination addresses against RFC-1918 will
be one relatively benign way of reducing the filter load.  However if
your router's CPU is only partially utilised now (even if you push your
pipe to capacity), then adding such destination filters won't hurt
anyone.

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods () acm org>      <robohack!woods>
Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>