Strange public traceroutes return private RFC1918 addresses

Bob Snyder rsnyder at toontown.erial.nj.us
Tue Feb 3 15:15:01 UTC 2004


Michael.Dillon at radianz.com wrote:

>If RFC1918 addresses are used only on interfaces with jumbo MTUs
>on the order of 9000 bytes then it doesn't break PMTUD in a
>1500 byte Ethernet world. And it doesn't break traceroute.
>We just lose the DNS hint about the router location.
>  
>
I'm confused about your traceroute comment. You're assuming a packet 
with a RFC1918 source address won't be dropped. In many cases, it will, 
and should be. Each organization is permitted to use the RFC1918 address 
space internally for any purpose they see fit. This often means they 
don't want people outside the organization to be able to generate 
packets with source addresses for machines they consider to be internal. 
It makes sense to drop such packets as they come in to your AS.

Assuming that a packet with an RFC1918 source address will get dropped 
as it crosses in to a new AS, this will break traceroute hops, Path MTU 
Discovery, Network/Host unreachable, or any other ICMP that needs to be 
generated from a router with a RFC1918 address.

Is everyone filtering RFC1918 at their edge? No. But my impression is 
that more and more places are. Certainly anyone who uses either Team 
Cymru's Bogon services or similar services (doesn't Cisco now do this in 
IOS as well?) will be blocking them...

Bob



More information about the NANOG mailing list