Request for comment -- BCP38

Florian Weimer fw at deneb.enyo.de
Mon Sep 26 19:22:45 UTC 2016


* Baldur Norddahl:

> Den 26. sep. 2016 18.02 skrev "Mike Hammett" <nanog at ics-il.net>:
>>
>> The only asymmetric routing broken is when the source isn't in public
> Internet route-able space. That just leaves those multi-ISP WAN routers
> that NAT it.
>
> Some of our IP transits implement filtering. All of our transits assigned
> /30 subnets on the transit ports from their own range (the alternate would
> have be to ask us to supply the /30 from our pool).
>
> Our provider edge router will send back ICMP packets using the interface
> address from the interface that received the original packet. It will then
> route the packet using our normal routing table.
>
> This means we can receive some packet on transit port A and then route out
> a ICMP response on port B using the interface address from port A. But
> transit B filters this ICMP packet because it has a source address
> belonging to transit A.

Interesting.  But this looks like a feature request for the router
vendor, and not like an issue with BCP 38 filtering as such.

> From this follows that BCP38 can break things like traceroute and path MTU
> discovery in what is a very common setup.

That doesn't follow.  In order to break PMTUD, you also need an MTU
drop.  Is that a common configuration for routers in points in the
network where this would matter?



More information about the NANOG mailing list