private ip addresses from ISP

Andrew Kirch akirch at allthingsit.com
Mon May 22 20:30:37 UTC 2006 


> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf
Of
> David Schwartz
> Sent: Wednesday, May 17, 2006 1:37 PM
> To: nanog at nanog.org
> Subject: RE: private ip addresses from ISP
> 
> 
> 
> > Our router is running BGP and connecting to our
> > upstream provider with /30 network.   Our log reveals
> > that there are private IP addresses reaching our
> > router's interface that is facing our upstream ISP.
> > How could this be possible?  Should upstream ISP be
> > blocking private IP address according to standard
> > configuration?  Could the packet be stripped and IP be
> > converted somehow during the transition? It happens in
> > many Tier-1 ISP though !
> >
> > Thank you for your information
> 
> 	Do you mean:
> 
> 	1) You are seeing BGP routes for addresses inside private space?
> 
> 	2) You are seeing packets with destination IPs inside private
space
> arriving at your interface from your ISP?
> 
> 	3) You are seeing packets with source IPs inside private space
> arriving at
> your interface from your ISP?
> 
> 	If 1, feel free to filter them. You ISP probably uses them
> internally and
> is leaking them to you. Feel free to complain if you want.
> 
> 	If 2, make sure you aren't advertising routes into RFC1918 space
to
> your
> ISP. If not, you should definitely ask them what's up.
> 
> 	If 3, that's normal. These are packets your ISP received that
are
> addressed
> to you and the ISP is leaving to you the decision of whether to accept
> them
> or not. Feel free to filter them out if you wish. (It won't break
anything
> that's not already broken.)
Sorry to dig this up from last week but I have to strongly disagree with
point #3.  
>From RFC 1918
   Because private addresses have no global meaning, routing information
   about private networks shall not be propagated on inter-enterprise
   links, and packets with private source or destination addresses
   should not be forwarded across such links. Routers in networks not
   using private address space, especially those of Internet service
   providers, are expected to be configured to reject (filter out)
   routing information about private networks.

The ISP shouldn't be "leaving" anything to the end-user, these packets
should be dropped as a matter of course, along with any routing
advertisements for RFC 1918 space(From #1). ISP's who leak 1918 space
into my network piss me off, and get irate phone calls for their
trouble.

Andrew

More information about the NANOG mailing list