rfc1918 ignorant
bdragon at gweep.net
bdragon at gweep.net
Wed Jul 23 20:47:31 UTC 2003
> Is this really an issue? So long as they're not advertising the space I
> see no issue with routing traffic through a 10. network as transit. If
> you have no reason to reach their router directly (and after Cisco's last
> exploit, I'd think no one would want anyone to reach their router directly
> :-) ), what's the harm done?
>
> RFC1918 merely states that it shouldn't be routed on the global internet,
> not that it can't be used for transit space.
RFC1918:
Because private addresses have no global meaning, routing information
about private networks shall not be propagated on inter-enterprise
links, and packets with private source or destination addresses
--------------------------------------------------------
should not be forwarded across such links. Routers in networks not
-----------------------------------------
using private address space, especially those of Internet service
providers, are expected to be configured to reject (filter out)
routing information about private networks. If such a router receives
such information the rejection shall not be treated as a routing
protocol error.
By virtue of using RFC1918 addresses on packet-passing interfaces
(those which generate ICMP error messages) it is a violation of RFC1918.
One could, in turn, disable those messages, or filter them, but as others
point out, that breaks such things as PMTU-D.
Also, those who think their RFC1918-numbered device is not directly reachable
solely due to being RFC1918 numbered, are deluded.
More information about the NANOG
mailing list