General question on rfc1918

• Previous message (by thread): General question on rfc1918
• Next message (by thread): General question on rfc1918
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Joe Abley (jabley) writes:
> 
>  You drop the packet at your border before it is sent out to the Internet.
> 
>  This is why numbering interfaces in the data path of non-internal traffic is 
>  a bad idea.

	Unfortunately many providers have the bad habit of using RFC1918
	for interconnect, on the basis that a) it saves IPs b) it makes
	the interconnect "not vulnerable" [1].

> > Packets which are strictly error/status reporting -- e.g. IMP 
> > 'unreachable',
> > 'ttl exceeded', 'redirect', etc. -- should *NOT* be filtered at network
> > boundaries  _solely_ because of an RFC1918 source address.
> 
>  I respectfully disagree.

	Same here, and even if egress filtering didn't catch it, many inbound
	filters will.

	[1] I'v also heard of ISPs having an entire /16 of routable addresses
	for their interconnect, but they just don't advertise to peers.

• Previous message (by thread): General question on rfc1918
• Next message (by thread): General question on rfc1918
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]