BCP38 exceptions for RFC1918 space
fw at deneb.enyo.de
Sun Aug 15 11:46:49 CDT 2010
* Valdis Kletnieks:
> On Sun, 15 Aug 2010 18:14:41 +0200, Florian Weimer said:
>> What's the current consensus on exempting private network space from
>> source address validation? Is it recommended? Discouraged?
> What you do on your internal networks and internal transit is your business.
> BCP38 talks about where you connect to the rest of the world.
I'm seeing them across AS boundaries, otherwise I wouldn't have
> RFC 1918 is specific that you're supposed to get all medieval on any
> escaping packets:
Yeah, but sometimes, the current practice moves on. 8-)
>> (One argument in favor of exceptions is that it makes PMTUD work if
>> transfer networks use private address space.)
> And that connection that's trying to use PMTU got established across the
> commodity internet, how, exactly? ;)
ICMP "fragmentation needed, but DF set" messages carry the a addresses
of intermediate routers which generate them (potentially in response
to MTU drops) as source addresses, not the IP addresses of the peers
in a connection.
> That implies you let some routing info escape and got one of those
> "ambiguous routing situations".
Not really, I'm afraid.
More information about the NANOG