|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Maybe I'm misreading this but...
On Fri, 16 Oct 1998, I Am Not An Isp wrote: > So, as I stated in my last post, it will work unless you filter RFC1918 > space. I've received lots & lots of replies saying "I filter it", or "I > RFC1918 in my own LAN, so the firewall drops the packets assuming they are > spoofed" or stuff like that. This is fine, and possibly even desirable. > However, there is nothing to distinguish a packet with RFC1918 space as the > source address from any other "legal" packet on the 'Net other than your > own administrative policies - which can break *anything* on the 'Net, not > just PMTU with RFC1918 space. Sorry, but I have no control over your > policy. So, if someone asks "does this break...", the answer is no. Well, with this definition, I could just decide to start using someone else's address space and if you filter it your policies have broken things, not me. Private address space is intended to be used for networks not directly connected to the Internet. We filter every external link to prevent private addresses flowing in either direction, outside packets claiming to be from our address space, inside packets not coming from our address space (and transit customers), and inside packets going to our address space. Until router CPU or number of filter entries are a problem, it makes sense to make sure everything is what is expected, and to drop anything that isn't. If they really don't want to use up valid addresses for the point-to-point links, why not just run the interfaces unnumbered instead? John Tamplin Traveller Information Services [email protected] 2104 West Ferry Way 256/705-7007 - FAX 256/705-7100 Huntsville, AL 35801
|