North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: General question on rfc1918

  • From: Joe Abley
  • Date: Tue Nov 13 11:10:01 2007

On 13-Nov-2007, at 10:35, Robert Bonomi wrote:

On 13-Nov-2007, at 10:08, Drew Weaver wrote:

      Hi there, I just had a real quick question. I hope this is
found to be on topic.

Is it to be expected to see rfc1918 src'd packets coming from
transit carriers?

You should not send packets with RFC1918 source or destination
addresses to the Internet. Everybody should follow this advice. If
everybody did follow that advice, you wouldn't see the packets you are

Really? What do you do if a 'network internal' device -- a legitimate
use of RFC1918 addresses -- discovers 'host/network unreachable' for an
external-origin packet transitinng that device? <evil grin>

You drop the packet at your border before it is sent out to the Internet.

This is why numbering interfaces in the data path of non-internal traffic is a bad idea.

Packets which are strictly error/status reporting -- e.g. IMP 'unreachable',
'ttl exceeded', 'redirect', etc. -- should *NOT* be filtered at network
boundaries _solely_ because of an RFC1918 source address.

I respectfully disagree.