[34994] in North American Network Operators' Group
RE: rfc 1918?
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Fri Feb 23 05:23:44 2001
Date: Fri, 23 Feb 2001 10:19:01 +0000 (GMT)
From: "Stephen J. Wilcox" <steve@opaltelecom.co.uk>
To: Mark Radabaugh <mark@amplex.net>
Cc: North America Network Operators Group Mailing List <nanog@merit.edu>
In-Reply-To: <OJEIKHIHKAKFFKDPLLLLIEDHEPAA.mark@amplex.net>
Message-ID: <Pine.LNX.4.10.10102231015290.2552-100000@rem.opaltelecom.co.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
This only can apply to small networks, specifically stub networks, if
you're carrying transit or have multiple connections out you'll find
filters which only allow your own ips in and out start dropping a whole
lot else!
But i think you have the right idea, filters should be applied at the
provider edge to such stub networks and then no nasty ips will get through
to the provider network and hence the internet.
Oh, and I dont think I showed my opinion on my last mail, i think use of
1918 on p2p is wrong! But.. as so many large networks do it you cant just
filter it out and assume everything will work.
Steve
On Thu, 22 Feb 2001, Mark Radabaugh wrote:
> It is my intention to avoid having 1918 addresses leaving my network.
>
> At our egress points the filters are fairly short -- they allow only traffic
> with our IP source addresses to leave. This was my interpretation of the RFC's.
> Some in this discussion seem to be saying that we should also filter for RFC1918
> destinations. Am I reading this correctly?
>
> I can see that packets destined for RFC1918 addresses will leave our network
> (due to default routes) but are promptly dropped at the first BGP speaking
> router they encounter. Is it worth the extra router processing time to check
> all outgoing packet destinations as well? I can't see where this extra
> filtering is worth the trouble.
>
> Mark Radabaugh
> VP, Amplex
> (419)833-3635
> mark@amplex.net
>
>
>
>
>
