North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: General question on rfc1918

  • From: Phil Regnauld
  • Date: Tue Nov 13 11:34:31 2007

Joe Abley (jabley) writes:
>  You drop the packet at your border before it is sent out to the Internet.
>  This is why numbering interfaces in the data path of non-internal traffic is 
>  a bad idea.

	Unfortunately many providers have the bad habit of using RFC1918
	for interconnect, on the basis that a) it saves IPs b) it makes
	the interconnect "not vulnerable" [1].

> > Packets which are strictly error/status reporting -- e.g. IMP 
> > 'unreachable',
> > 'ttl exceeded', 'redirect', etc. -- should *NOT* be filtered at network
> > boundaries  _solely_ because of an RFC1918 source address.
>  I respectfully disagree.

	Same here, and even if egress filtering didn't catch it, many inbound
	filters will.

	[1] I'v also heard of ISPs having an entire /16 of routable addresses
	for their interconnect, but they just don't advertise to peers.