North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: private ip addresses from ISP
- From: Patrick W. Gilmore
- Date: Tue May 23 12:25:00 2006
On May 23, 2006, at 3:33 AM, Richard A Steenbergen wrote:
From RFC 1918
Because private addresses have no global meaning, routing
information
about private networks shall not be propagated on inter-enterprise
links, and packets with private source or destination addresses
should not be forwarded across such links. Routers in networks not
using private address space, especially those of Internet service
providers, are expected to be configured to reject (filter out)
routing information about private networks.
The ISP shouldn't be "leaving" anything to the end-user, these
packets
should be dropped as a matter of course, along with any routing
advertisements for RFC 1918 space(From #1). ISP's who leak 1918 space
into my network piss me off, and get irate phone calls for their
trouble.
The section you quoted from RFC1918 specifically addresses routes, not
packets.
I know it was late when you wrote that, RAS, but from the
_very_first_sentence_:
and packets with private source or destination addresses
should not be forwarded across such links
If you're receiving RFC1918 *routes* from anyone, you need to
thwack them over the head with a cluebat a couple of times until
the cluey
filling oozes out. If you're receiving RFC1918 sourced packets, for
the
most part you really shouldn't care. There are semi-legitimate
reasons for
packets with those sources addresses to float around the Internet, and
they don't hurt anything. If you really can't stand seeing an RFC1918
sourced packet over the Internet it is more of a personality
problem than
a networking problem, so a good shrink is probably going to be more
useful
than a good firewall.
Incorrect. Not to mention Just Plain Wrong.
Please read BCP38 again. (For the first time? :)
--
TTFN,
patrick
|