nanog mailing list archives
Re: General question on rfc1918
From: Phil Regnauld <regnauld () catpipe net>
Date: Tue, 13 Nov 2007 17:16:58 +0100
Joe Abley (jabley) writes:
You drop the packet at your border before it is sent out to the Internet. This is why numbering interfaces in the data path of non-internal traffic is a bad idea.
Unfortunately many providers have the bad habit of using RFC1918 for interconnect, on the basis that a) it saves IPs b) it makes the interconnect "not vulnerable" [1].
Packets which are strictly error/status reporting -- e.g. IMP 'unreachable', 'ttl exceeded', 'redirect', etc. -- should *NOT* be filtered at network boundaries _solely_ because of an RFC1918 source address.I respectfully disagree.
Same here, and even if egress filtering didn't catch it, many inbound filters will. [1] I'v also heard of ISPs having an entire /16 of routable addresses for their interconnect, but they just don't advertise to peers.
Current thread:
- Re: General question on rfc1918, (continued)
- Re: General question on rfc1918 Justin M. Streiner (Nov 13)
- RE: General question on rfc1918 Drew Weaver (Nov 13)
- Re: General question on rfc1918 Joe Greco (Nov 13)
- Re: General question on rfc1918 Sean Donelan (Nov 13)
- Another question on rfc1918 Michael Painter (Nov 23)
- Re: Another question on rfc1918 Robert E. Seastrom (Nov 23)
- Re: Another question on rfc1918 Randy Bush (Nov 23)
- Re: Another question on rfc1918 Bruce M Simpson (Nov 24)
- Re: General question on rfc1918 Robert Bonomi (Nov 13)
- Re: General question on rfc1918 Joe Abley (Nov 13)
- Re: General question on rfc1918 Phil Regnauld (Nov 13)
- Re: General question on rfc1918 Joe Abley (Nov 13)
- Re: General question on rfc1918 Paul Ferguson (Nov 13)
- Re: General question on rfc1918 Justin M. Streiner (Nov 13)