General question on rfc1918
Phil Regnauld
regnauld at catpipe.net
Tue Nov 13 16:16:58 UTC 2007
Joe Abley (jabley) writes:
>
> You drop the packet at your border before it is sent out to the Internet.
>
> This is why numbering interfaces in the data path of non-internal traffic is
> a bad idea.
Unfortunately many providers have the bad habit of using RFC1918
for interconnect, on the basis that a) it saves IPs b) it makes
the interconnect "not vulnerable" [1].
> > Packets which are strictly error/status reporting -- e.g. IMP
> > 'unreachable',
> > 'ttl exceeded', 'redirect', etc. -- should *NOT* be filtered at network
> > boundaries _solely_ because of an RFC1918 source address.
>
> I respectfully disagree.
Same here, and even if egress filtering didn't catch it, many inbound
filters will.
[1] I'v also heard of ISPs having an entire /16 of routable addresses
for their interconnect, but they just don't advertise to peers.
More information about the NANOG
mailing list