[100812] in North American Network Operators' Group
Re: General question on rfc1918
daemon@ATHENA.MIT.EDU (Joe Abley)
Tue Nov 13 11:10:49 2007
Cc: nanog@merit.edu
From: Joe Abley <jabley@ca.afilias.info>
To: Robert Bonomi <bonomi@mail.r-bonomi.com>
In-Reply-To: <200711131535.lADFZYwY022643@mail.r-bonomi.com>
Date: Tue, 13 Nov 2007 10:39:47 -0500
Errors-To: owner-nanog@merit.edu
On 13-Nov-2007, at 10:35, Robert Bonomi wrote:
>> On 13-Nov-2007, at 10:08, Drew Weaver wrote:
>>
>>> Hi there, I just had a real quick question. I hope this is
>>> found to be on topic.
>>>
>>> Is it to be expected to see rfc1918 src'd packets coming from
>>> transit carriers?
>>
>> You should not send packets with RFC1918 source or destination
>> addresses to the Internet. Everybody should follow this advice. If
>> everybody did follow that advice, you wouldn't see the packets you
>> are
>> seeing.
>
> Really? What do you do if a 'network internal' device -- a legitimate
> use of RFC1918 addresses -- discovers 'host/network unreachable' for
> an
> external-origin packet transitinng that device? <evil grin>
You drop the packet at your border before it is sent out to the
Internet.
This is why numbering interfaces in the data path of non-internal
traffic is a bad idea.
> Packets which are strictly error/status reporting -- e.g. IMP
> 'unreachable',
> 'ttl exceeded', 'redirect', etc. -- should *NOT* be filtered at
> network
> boundaries _solely_ because of an RFC1918 source address.
I respectfully disagree.
Joe