[12573] in North American Network Operators' Group
Re: Packets from net 10 (no, not the lyrics)
daemon@ATHENA.MIT.EDU (bmanning@ISI.EDU)
Tue Sep 23 12:20:30 1997
From: bmanning@ISI.EDU
To: eljazzar@ns.utk.edu (Mohamad Eljazzar)
Date: Tue, 23 Sep 1997 08:54:52 -0700 (PDT)
Cc: bmanning@ISI.EDU, nanog@merit.edu, eljazzar@ns.utk.edu
In-Reply-To: <Pine.SOL.3.95.970923112558.14741A-100000@eclipse.ns.utk.edu> from "Mohamad Eljazzar" at Sep 23, 97 11:29:17 am
>
> What about providers that use portions of the private address space on
> their network (up to and including the client's serial interface)?
>
> Mohamad
>
> On Tue, 23 Sep 1997 bmanning@ISI.EDU wrote:
>
> > > Should I be filtering all reserved space at my border, or would
> > > it be reasonable for me to expect the big guys not to take packets
> > > with clearly inappropriate source addresses?
> >
> > Yes you should. (and with kudos to Andrew)
> >
> > ! Loopback
> > access-list 100 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> > ! RFC 1918 private blocks
> > access-list 100 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> > access-list 100 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
> > access-list 100 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> > ! Test Network
> > access-list 100 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
> > ! Tiny networks.
> > access-list 100 deny ip any 255.255.255.128 0.0.0.127
> > access-list 100 permit ip any any
> >
The operative phrase here is border.
That means ASN border, i.e. where you BGP
peer with others. At the provider/subscriber
interface, within your IGP, using RFC 1918 space
is ok.
--
--bill
