BCP38 exceptions for RFC1918 space

Florian Weimer fw at deneb.enyo.de
Sun Aug 15 11:46:49 CDT 2010


* Valdis Kletnieks:

> On Sun, 15 Aug 2010 18:14:41 +0200, Florian Weimer said:
>> What's the current consensus on exempting private network space from
>> source address validation?  Is it recommended?  Discouraged?
>
> What you do on your internal networks and internal transit is your business.
> BCP38 talks about where you connect to the rest of the world.

I'm seeing them across AS boundaries, otherwise I wouldn't have
bothered.

> RFC 1918 is specific that you're supposed to get all medieval on any
> escaping packets:

Yeah, but sometimes, the current practice moves on. 8-)

>> (One argument in favor of exceptions is that it makes PMTUD work if
>> transfer networks use private address space.)
>
> And that connection that's trying to use PMTU got established across the
> commodity internet, how, exactly? ;)

ICMP "fragmentation needed, but DF set" messages carry the a addresses
of intermediate routers which generate them (potentially in response
to MTU drops) as source addresses, not the IP addresses of the peers
in a connection.

> That implies you let some routing info escape and got one of those
> "ambiguous routing situations".

Not really, I'm afraid.




More information about the NANOG mailing list