nanog mailing list archives

Re: General question on rfc1918

From: Phil Regnauld <regnauld () catpipe net>
Date: Tue, 13 Nov 2007 17:16:58 +0100


Joe Abley (jabley) writes:


 You drop the packet at your border before it is sent out to the Internet.

 This is why numbering interfaces in the data path of non-internal traffic is 
 a bad idea.


        Unfortunately many providers have the bad habit of using RFC1918
        for interconnect, on the basis that a) it saves IPs b) it makes
        the interconnect "not vulnerable" [1].

Packets which are strictly error/status reporting -- e.g. IMP 
'unreachable',
'ttl exceeded', 'redirect', etc. -- should *NOT* be filtered at network
boundaries  _solely_ because of an RFC1918 source address.


 I respectfully disagree.


        Same here, and even if egress filtering didn't catch it, many inbound
        filters will.

        [1] I'v also heard of ISPs having an entire /16 of routable addresses
        for their interconnect, but they just don't advertise to peers.

Current thread:

Re: General question on rfc1918, (continued)
- Re: General question on rfc1918 Justin M. Streiner (Nov 13)
  - RE: General question on rfc1918 Drew Weaver (Nov 13)
- Re: General question on rfc1918 Joe Greco (Nov 13)
- Re: General question on rfc1918 Sean Donelan (Nov 13)
- Another question on rfc1918 Michael Painter (Nov 23)
  - Re: Another question on rfc1918 Robert E. Seastrom (Nov 23)
  - Re: Another question on rfc1918 Randy Bush (Nov 23)
  - Re: Another question on rfc1918 Bruce M Simpson (Nov 24)
- Re: General question on rfc1918 Robert Bonomi (Nov 13)
  - Re: General question on rfc1918 Joe Abley (Nov 13)
    - Re: General question on rfc1918 Phil Regnauld (Nov 13)
- Re: General question on rfc1918 Paul Ferguson (Nov 13)