BCP38 exceptions for RFC1918 space

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Aug 16 06:02:35 CDT 2010


On Sun, 15 Aug 2010 19:02:50 +0200, Florian Weimer said:
> * Valdis Kletnieks:
> 
> > On Sun, 15 Aug 2010 18:46:49 +0200, Florian Weimer said:
> >
> >> > And that connection that's trying to use PMTU got established across the
> >> > commodity internet, how, exactly? ;)
> >> 
> >> ICMP "fragmentation needed, but DF set" messages carry the a addresses
> >> of intermediate routers which generate them (potentially in response
> >> to MTU drops) as source addresses, not the IP addresses of the peers
> >> in a connection.
> >
> > If any long-haul carriers are originating ICMP packets for other people's
> > consumption from 1918 addresses rather than addresses in their address space,
> > it's time to name-n-shame so the rest of us can vote with our feet and
> > checkbooks.  There's no excuse for that in this day and age.
> 
> What does "originating" mean?  Creating the packets?  Or forwarding
> them?

Either way, there's no excuse.

First off, remember that BCP38 and 1918 don't apply on your set of
interconnected private networks, no matter how big a net it is.  You want to
filter between two of your private nets, go ahead.  You don't want to, that's
OK to.  The fun starts when those packets leave your network(s) and hit the
public Internet.

Now that we have that squared away...

Either that intermediate router originated the ICMP 'frag needed' packet, in
which case somebody needs to be smacked for originating a 1918-addressed packet
on the public internet, or it's forwarding the packet.  And if it's forwarding
the packet, then somebody *else* needs to be smacked for injecting that packet
into the public internet.

What *possible* use case would require a 1918-sourced packet to be traversing
the public internet? We're all waiting with bated breath to hear this one. ;)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20100816/b2300147/attachment.bin>


More information about the NANOG mailing list