icmp rpf

Mark Kent mark at noc.mainstreet.net
Sun Sep 24 21:59:50 UTC 2006

A smaller North American network provider, with a modest North
American backbone, numbers their internal routers on public IP space
that they do not announce to the world.

One of the largest North American network providers filters/drops
ICMP messages so that they only pass those with a source IP
address that appears in their routing table.

As a result, traceroutes from big.net into small.net have numerous
hops that time out.

Traceroutes from elsewhere that go into small.net but return on
big.net also have numerous hops that time out.

We do all still think that traceroute is important, don't we?

If so, which of these two nets is unreasonable in their actions/policies?

Please note that we're not talking about RFC1918 space, or reserved IP
space of any kind.   Also, think about the scenario where some failure
happens leaving big.net with an incomplete routing table, thus breaking
traceroute when it is perhaps most needed.


More information about the NANOG mailing list