North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Packets from net 10 (no, not the lyrics)

  • From: bmanning
  • Date: Tue Sep 23 12:09:58 1997
  • Posted-date: Tue, 23 Sep 1997 08:54:52 -0700 (PDT)

> 
> What about providers that use portions of the private address space on
> their network (up to and including the client's serial interface)?
> 
> Mohamad
> 
> On Tue, 23 Sep 1997 [email protected] wrote:
> 
> > > Should I be filtering all reserved space at my border, or would
> > > it be reasonable for me to expect the big guys not to take packets
> > > with clearly inappropriate source addresses?
> > 
> > 	Yes you should. (and with kudos to Andrew)
> > 
> > !	Loopback
> > access-list 100 deny   ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> > !	RFC 1918 private blocks
> > access-list 100 deny   ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> > access-list 100 deny   ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
> > access-list 100 deny   ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> > !	Test Network
> > access-list 100 deny   ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
> > !	Tiny networks.
> > access-list 100 deny   ip any 255.255.255.128 0.0.0.127
> > access-list 100 permit ip any any
> > 

	The operative phrase here is border. 
	That means ASN border, i.e. where you BGP
	peer with others.  At the provider/subscriber
	interface, within your IGP, using RFC 1918 space
	is ok.

-- 
--bill