Request for comment -- BCP38

Baldur Norddahl baldur.norddahl at gmail.com
Mon Sep 26 19:05:28 UTC 2016


Den 26. sep. 2016 18.02 skrev "Mike Hammett" <nanog at ics-il.net>:
>
> The only asymmetric routing broken is when the source isn't in public
Internet route-able space. That just leaves those multi-ISP WAN routers
that NAT it.

Some of our IP transits implement filtering. All of our transits assigned
/30 subnets on the transit ports from their own range (the alternate would
have be to ask us to supply the /30 from our pool).

Our provider edge router will send back ICMP packets using the interface
address from the interface that received the original packet. It will then
route the packet using our normal routing table.

This means we can receive some packet on transit port A and then route out
a ICMP response on port B using the interface address from port A. But
transit B filters this ICMP packet because it has a source address
belonging to transit A.

>From this follows that BCP38 can break things like traceroute and path MTU
discovery in what is a very common setup. The only reason we do not have a
bigger problem is that few networks will have a downward MTU change at this
point in the network.

Regards

Baldur



More information about the NANOG mailing list