North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: General question on rfc1918
> From [email protected] Tue Nov 13 09:12:04 2007 > Cc: "[email protected]" <[email protected]> > From: Joe Abley <[email protected]> > To: Drew Weaver <[email protected]> > Subject: Re: General question on rfc1918 > Date: Tue, 13 Nov 2007 10:10:26 -0500 > > > > On 13-Nov-2007, at 10:08, Drew Weaver wrote: > > > Hi there, I just had a real quick question. I hope this is > > found to be on topic. > > > > Is it to be expected to see rfc1918 src'd packets coming from > > transit carriers? > > You should not send packets with RFC1918 source or destination > addresses to the Internet. Everybody should follow this advice. If > everybody did follow that advice, you wouldn't see the packets you are > seeing. Really? What do you do if a 'network internal' device -- a legitimate use of RFC1918 addresses -- discovers 'host/network unreachable' for an external-origin packet transitinng that device? <evil grin> Your comment _is_ "generally correct", but there are some significant 'corner cases' that do complicate life. Packets that could conceivably generate a reply/response and have an RFC 1918 address (source -or- dest) should be ingress *and* egress filtered -- unless there is specific agreement with the adjacent network with regard to coordinated use of specific portions of that space. Packets which are strictly error/status reporting -- e.g. IMP 'unreachable', 'ttl exceeded', 'redirect', etc. -- should *NOT* be filtered at network boundaries _solely_ because of an RFC1918 source address.