[128740] in North American Network Operators' Group
Re: BCP38 exceptions for RFC1918 space
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sun Aug 15 12:26:49 2010
To: Florian Weimer <fw@deneb.enyo.de>
In-Reply-To: Your message of "Sun, 15 Aug 2010 18:14:41 +0200."
<87vd7bg8em.fsf@mid.deneb.enyo.de>
From: Valdis.Kletnieks@vt.edu
Date: Sun, 15 Aug 2010 12:26:38 -0400
Cc: nanog@merit.edu
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1281889598_5254P
Content-Type: text/plain; charset=us-ascii
On Sun, 15 Aug 2010 18:14:41 +0200, Florian Weimer said:
> What's the current consensus on exempting private network space from
> source address validation? Is it recommended? Discouraged?
What you do on your internal networks and internal transit is your business.
BCP38 talks about where you connect to the rest of the world.
RFC 1918 is specific that you're supposed to get all medieval on any escaping packets:
It is strongly recommended that routers which connect enterprises to
external networks are set up with appropriate packet and routing
filters at both ends of the link in order to prevent packet and
routing information leakage. An enterprise should also filter any
private networks from inbound routing information in order to protect
itself from ambiguous routing situations which can occur if routes to
the private address space point outside the enterprise.
> (One argument in favor of exceptions is that it makes PMTUD work if
> transfer networks use private address space.)
And that connection that's trying to use PMTU got established across the
commodity internet, how, exactly? ;) That implies you let some routing
info escape and got one of those "ambiguous routing situations".
--==_Exmh_1281889598_5254P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFMaBU+cC3lWbTT17ARAse7AJ46vPYhrNtVHjmFX/a+4ZuX6fJrGwCfRyiX
H3QUuhkW5Z26sfd4eJ8ugmk=
=cwqe
-----END PGP SIGNATURE-----
--==_Exmh_1281889598_5254P--
