North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Packets from net 10 (no, not the lyrics)
> > What about providers that use portions of the private address space on > their network (up to and including the client's serial interface)? > > Mohamad > > On Tue, 23 Sep 1997 [email protected] wrote: > > > > Should I be filtering all reserved space at my border, or would > > > it be reasonable for me to expect the big guys not to take packets > > > with clearly inappropriate source addresses? > > > > Yes you should. (and with kudos to Andrew) > > > > ! Loopback > > access-list 100 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 > > ! RFC 1918 private blocks > > access-list 100 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 > > access-list 100 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255 > > access-list 100 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255 > > ! Test Network > > access-list 100 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255 > > ! Tiny networks. > > access-list 100 deny ip any 255.255.255.128 0.0.0.127 > > access-list 100 permit ip any any > > The operative phrase here is border. That means ASN border, i.e. where you BGP peer with others. At the provider/subscriber interface, within your IGP, using RFC 1918 space is ok. -- --bill
|