North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: General question on rfc1918
- From: Joe Abley
- Date: Tue Nov 13 11:10:01 2007
On 13-Nov-2007, at 10:35, Robert Bonomi wrote:
On 13-Nov-2007, at 10:08, Drew Weaver wrote:
Hi there, I just had a real quick question. I hope this is
found to be on topic.
Is it to be expected to see rfc1918 src'd packets coming from
transit carriers?
You should not send packets with RFC1918 source or destination
addresses to the Internet. Everybody should follow this advice. If
everybody did follow that advice, you wouldn't see the packets you
are
seeing.
Really? What do you do if a 'network internal' device -- a legitimate
use of RFC1918 addresses -- discovers 'host/network unreachable' for
an
external-origin packet transitinng that device? <evil grin>
You drop the packet at your border before it is sent out to the
Internet.
This is why numbering interfaces in the data path of non-internal
traffic is a bad idea.
Packets which are strictly error/status reporting -- e.g. IMP
'unreachable',
'ttl exceeded', 'redirect', etc. -- should *NOT* be filtered at
network
boundaries _solely_ because of an RFC1918 source address.
I respectfully disagree.
Joe
|