[100810] in North American Network Operators' Group
Re: General question on rfc1918
daemon@ATHENA.MIT.EDU (Joe Greco)
Tue Nov 13 10:28:26 2007
From: Joe Greco <jgreco@ns.sol.net>
To: drew.weaver@thenap.com (Drew Weaver)
Date: Tue, 13 Nov 2007 09:20:47 -0600 (CST)
Cc: nanog@merit.edu (nanog@merit.edu)
In-Reply-To: <B7152C470C9BF3448ED33F16A75D81C14D0FDF0265@exchanga.thenap.com> from "Drew Weaver" at Nov 13, 2007 10:08:58 AM
Errors-To: owner-nanog@merit.edu
> Hi there, I just had a real quick question. I hope this is found to be on topic.
>
> Is it to be expected to see rfc1918 src'd packets coming from transit carriers?
>
> We have filters in place on our edge (obviously) but should we be seeing traffic from 192.168.0.0 and 10.0.0.0 et cetera hitting our transit interfaces?
>
> I guess I'm not sure why large carrier networks wouldn't simply filter this in their core?
[pick-a-random-BCP38-snipe ...]
It's a feature: You can tell which of your providers does BCP38 this way.
Heh.
It's the networking equivalent of all the bad sorts of DOS/Windows
programming. You know, the rule that says "once it can run successfully,
it must be correct." Never mind checking for exceptional conditions,
buffer overruns, etc.
It's the same class of problem where corporate IT departments, listening
to some idiot, filter all ICMP, and are convinced this is okay because
they can reach ${one-web-site-of-your-choice}, and refuse to contemplate
that they might have broken something.
Once your network is routing packets and you aren't hearing complaints
about being unable to reach a destination, it's got to be configured
correctly ... right?
Consider it life on the Internet. Do their job for them.
Around here, we've been doing BCP38 since before there was a BCP38.
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
