Re: [PEN-TEST] advertising private IP numbers?

[Bennett Todd <bet () RAHUL NET>]

2000-12-22-10:51:20 Joe Shaw:
> It's considered in bad form to advertise rfc1918 space, and any
> network person will be laughed at for doing so.

Advertise routes to, absolutely. More than laughed at, even.
Shunned.

> However, you will sometimes find RFC1918 space used for
> interconnections between routers, like what you saw in your
> traceroute.

I'm fond of doing it myself.

> This is generally not considered best practice if you want things
> like Path-MTU discovery to work.

Path Maximum-Transmit-Unit Discovery (PMTU-D) is important in
today's internet, breaking it is Very Nasty, it causes obscure and
hard-to-reproduce occasional failures, which are consistent for some
unfortunate few. Really nasty.

However, use of RFC 1918 addrs in this fashion does not break PMTU-D
unless a router using an RFC1918 link addr has interfaces with
different MTUs attached to it; if you follow a strict rule of never
assigning an RFC 1918 addr to an interface on a router that has
interfaces with different MTUs, I _believe_ you'll never ever break
PMTU-D with the RFC 1918 link addrs trick.

The other thing to do is to simply block RFC 1918 addrs at your
borders, so that other people tracerouting your net won't see the
RFC 1918 addrs in their traceroutes, post 'em to nanog, and laugh at
you:-). Let 'em hang waiting for a timeout as they get no answers
from the intermediate routers that have RFC1918 link addrs.

-Bennett

Attachment: _bin
Description: