Request comment: list of IPs to block outbound

Stephen Satchell list at satchell.net
Wed Oct 23 05:38:53 UTC 2019


On 10/22/19 10:11 PM, Grant Taylor via NANOG wrote:
> The explicit nature of RFC 6598 is on purpose so that there is no chance
> that it will conflict with RFC 1918.  This is important because it means
> that RFC 6598 can /safely/ be used for Carrier Grade NAT by ISPs without
> any fear of conflicting with any potential RFC 1918 IP space that
> clients may be using.
> 
> RFC 6598 ∉ RFC 1918 and RFC 1918 ∉ RFC 6598
> RFC 6598 and RFC 1918 are mutually exclusive of each other.
> 
> Yes, you can run RFC 6598 in your home network.  But you have nobody to
> complain to if (when) your ISP starts using RFC 6598 Shared Address
> Space to support Carrier Grade NAT and you end up with an IP conflict.
> 
> Aside from that caveat, sure, use RFC 6598.

So, to the reason for the comment request, you are telling me not to
blackhole 100.64/10 in the edge router downstream from an ISP as a
general rule, and to accept source addresses from this netblock.  Do I
understand you correctly?

FWIW, I think I've received this recommendation before.  The current
version of my NetworkManager dispatcher-d-bcp38.sh script has the
creation of the blackhole route already disabled; i.e., the netblock is
not quarantined.



More information about the NANOG mailing list