General question on rfc1918

Phil Regnauld regnauld at
Tue Nov 13 16:16:58 UTC 2007

Joe Abley (jabley) writes:
>  You drop the packet at your border before it is sent out to the Internet.
>  This is why numbering interfaces in the data path of non-internal traffic is 
>  a bad idea.

	Unfortunately many providers have the bad habit of using RFC1918
	for interconnect, on the basis that a) it saves IPs b) it makes
	the interconnect "not vulnerable" [1].

> > Packets which are strictly error/status reporting -- e.g. IMP 
> > 'unreachable',
> > 'ttl exceeded', 'redirect', etc. -- should *NOT* be filtered at network
> > boundaries  _solely_ because of an RFC1918 source address.
>  I respectfully disagree.

	Same here, and even if egress filtering didn't catch it, many inbound
	filters will.

	[1] I'v also heard of ISPs having an entire /16 of routable addresses
	for their interconnect, but they just don't advertise to peers.

More information about the NANOG mailing list