North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: private ip addresses from ISP

  • From: Patrick W. Gilmore
  • Date: Tue May 23 12:25:00 2006

On May 23, 2006, at 3:33 AM, Richard A Steenbergen wrote:

From RFC 1918
Because private addresses have no global meaning, routing information
about private networks shall not be propagated on inter-enterprise
links, and packets with private source or destination addresses
should not be forwarded across such links. Routers in networks not
using private address space, especially those of Internet service
providers, are expected to be configured to reject (filter out)
routing information about private networks.

The ISP shouldn't be "leaving" anything to the end-user, these packets
should be dropped as a matter of course, along with any routing
advertisements for RFC 1918 space(From #1). ISP's who leak 1918 space
into my network piss me off, and get irate phone calls for their
The section you quoted from RFC1918 specifically addresses routes, not
I know it was late when you wrote that, RAS, but from the _very_first_sentence_:

and packets with private source or destination addresses
   should not be forwarded across such links

If you're receiving RFC1918 *routes* from anyone, you need to
thwack them over the head with a cluebat a couple of times until the cluey
filling oozes out. If you're receiving RFC1918 sourced packets, for the
most part you really shouldn't care. There are semi-legitimate reasons for
packets with those sources addresses to float around the Internet, and
they don't hurt anything. If you really can't stand seeing an RFC1918
sourced packet over the Internet it is more of a personality problem than
a networking problem, so a good shrink is probably going to be more useful
than a good firewall.
Incorrect.  Not to mention Just Plain Wrong.

Please read BCP38 again.  (For the first time? :)