uPRF strict more

Blake Hudson blake at ispn.net
Thu Sep 30 13:19:01 UTC 2021


On 9/29/2021 5:30 PM, Sabri Berisha wrote:
> ----- On Sep 29, 2021, at 8:03 AM, Blake Hudson blake at ispn.net wrote:
>
> Hi Blake,
>
>>      200 deny ip 10.0.0.0 0.255.255.255 any (91057035 matches)
>>      210 deny ip 172.16.0.0 0.15.255.255 any (1366408 matches)
>>      220 deny ip 192.168.0.0 0.0.255.255 any (18325538 matches)
> These could perhaps be ICMP host unreachables transmitted by your
> peers' infrastructure? I've seen my share of production networks
> running on RFC1918 space while routing public blocks.

That's entirely possible, wouldn't even need to be one of my peers. It 
could be from the remote end or one of it's peers (a host unreachable 
would likely come from the remote end, I suppose a net unreachable could 
come from anywhere in the path). Not sure I want to change anything on 
my end to accommodate someone's use of RFC-1918 addresses on the public 
internet.


More information about the NANOG mailing list