[191748] in North American Network Operators' Group
Re: Request for comment -- BCP38
daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Sep 26 15:22:51 2016
X-Original-To: nanog@nanog.org
From: Florian Weimer <fw@deneb.enyo.de>
To: Baldur Norddahl <baldur.norddahl@gmail.com>
Date: Mon, 26 Sep 2016 21:22:45 +0200
In-Reply-To: <CAPkb-7CUr-TCgNh1ERu559oxX1k7UFsN7aD1SM-c+O5fKTvDQQ@mail.gmail.com>
(Baldur Norddahl's message of "Mon, 26 Sep 2016 21:05:28 +0200")
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
* Baldur Norddahl:
> Den 26. sep. 2016 18.02 skrev "Mike Hammett" <nanog@ics-il.net>:
>>
>> The only asymmetric routing broken is when the source isn't in public
> Internet route-able space. That just leaves those multi-ISP WAN routers
> that NAT it.
>
> Some of our IP transits implement filtering. All of our transits assigned
> /30 subnets on the transit ports from their own range (the alternate would
> have be to ask us to supply the /30 from our pool).
>
> Our provider edge router will send back ICMP packets using the interface
> address from the interface that received the original packet. It will then
> route the packet using our normal routing table.
>
> This means we can receive some packet on transit port A and then route out
> a ICMP response on port B using the interface address from port A. But
> transit B filters this ICMP packet because it has a source address
> belonging to transit A.
Interesting. But this looks like a feature request for the router
vendor, and not like an issue with BCP 38 filtering as such.
> From this follows that BCP38 can break things like traceroute and path MTU
> discovery in what is a very common setup.
That doesn't follow. In order to break PMTUD, you also need an MTU
drop. Is that a common configuration for routers in points in the
network where this would matter?
