rfc1918 ignorant (fwd)

Daniel Senie dts at senie.com
Wed Jul 23 22:03:13 UTC 2003


At 02:11 PM 7/23/2003, Dave Temkin wrote:

>---------- Forwarded message ----------
>Date: Wed, 23 Jul 2003 07:53:26 -1000
>From: DOUGS at oceanic.com
>To: oberman at es.net
>Cc: dave at ordinaryworld.com
>Subject: RE: rfc1918 ignorant
>
>There's a common misconception reflected here that I wanted to correct.  I
>don't have nanog-post, so I apologize if its not appropriate to reply
>directly.  You may repost my comments if you'd like.
>
>[Kevin Oberman <mailto:oberman at es.net> wrote on Wednesday, July 23,
>2003 7:07 AM:]
> > Comcast and many others seem to
> > blithely ignore this for convenience sake. (It's not like they need a
> > huge amount of space to give private addresses to these links.)
>
>ARIN required cable operators to use RFC 1918 space for the management
>agents of the bridge cable modems that have been rolled out to the millions
>of residential cable modem customers.  Doing so obviously requires a 1918
>address on the cable router, but Cisco's implementation requires that
>address to be the primary interface address.  There is also a publicly
>routable secondary which in fact is the gateway address to the customer, but
>isn't the address returned in a traceroute.  Cisco has by far the lead in
>market share of the first gen Docsis cable modem router market so any trace
>to a cable modem customer is going to show this.

When MediaOne (remember them?) deployed the cable modems here (LanCity 
stuff, originally), traceroutes did NOT show the 10/8 address from the 
router at the head end. ATT bought MediaOne, and now we've got Comcast. The 
service quality has stayed low, and the price has jumped quite a bit, and 
somewhere along the line a change happened and the 10/8 address of the 
router did start showing up. Now it's possible the router in the head end 
got changed and that was the cause. I really don't know.


>In fact, Comcast and others _do_ need a huge amount of private IP space
>because of this.  We didn't "blithely ignore" the RFC, but didn't have a
>choice in implementation.  Perhaps Cisco will improve their implementation
>for the next round of CMTS development...

Perhaps Comcast and others should INSIST that Cisco fix their bug, rather 
than just wish for a fix. Cable companies are buying lots of gear from 
them. Why not use that purchasing muscle to get this issue resolved? Or are 
the cable companies really interested in selling Internet service, or an 
"online service" like AOL? At some point, if you're going to sell Internet 
Service, it'd be nice if Internet standards and requirements are met.


>Filtering of RFC 1918 space by cable ISPs is of course another topic.
>
>-Doug-
>
>[Kevin Oberman <mailto:oberman at es.net> wrote on Wednesday, July 23,
>2003 7:07 AM:]
> >> Date: Wed, 23 Jul 2003 08:59:18 -0400 (EDT)
> >> From: Dave Temkin <dave at ordinaryworld.com>
> >> Sender: owner-nanog at merit.edu
> >>
> >>
> >> Is this really an issue?  So long as they're not advertising the
> >> space I see no issue with routing traffic through a 10. network as
> >> transit. If you have no reason to reach their router directly (and
> >> after Cisco's last exploit, I'd think no one would want anyone to
> >> reach their router directly :-) ), what's the harm done?
> >>
> >> RFC1918 merely states that it shouldn't be routed on the global
> >> internet, not that it can't be used for transit space.
> >
> > That's not what is in my copy of 1918.
> >
> > "In order to use private address space, an enterprise needs to
> > determine which hosts do not need to have network layer connectivity
> > outside the enterprise in the foreseeable future and thus could be
> > classified as private. Such hosts will use the private address space
> > defined above.  Private hosts can communicate with all other hosts
> > inside the enterprise, both public and private. However, they cannot
> > have IP connectivity to any host outside of the enterprise. While not
> > having external (outside of the enterprise) IP connectivity private
> > hosts can still have access to external services via mediating
> > gateways (e.g., application layer gateways)."
> >
> > As I read this, packets with a source address in 19298 space should
> > NEVER appear outside the enterprise. Comcast and many others seem to
> > blithely ignore this for convenience sake. (It's not like they need a
> > huge amount of space to give private addresses to these links.)




More information about the NANOG mailing list