[48577] in North American Network Operators' Group
Re: Bogon list
daemon@ATHENA.MIT.EDU (Stephen Griffin)
Fri Jun 7 15:29:35 2002
In-Reply-To: <Pine.LNX.4.21.0206071021520.28920-100000@staff.opaltelecom.net> from "Stephen J. Wilcox" at "Jun 7, 2002 10:26:53 am"
To: steve@opaltelecom.co.uk (Stephen J. Wilcox)
Date: Fri, 7 Jun 2002 15:28:56 -0400 (EDT)
From: Stephen Griffin <stephen.griffin@rcn.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
In the referenced message, Stephen J. Wilcox said:
>
> On Thu, 6 Jun 2002, Stephen Griffin wrote:
>
> >
> > In the referenced message, Sean M. Doran said:
> > > Basically, arguing that the routing system should carry around
> > > even more information is backwards. It should carry less.
> > > If IXes need numbers at all (why???) then use RFC 1918 addresses
> > > and choose one of the approaches above to deal with questions
> > > about why 1918 addresses result in "messy traceroutes."
> > >
> > > Fewer routes, less address consumption, tastes great, less filling.
> > >
> > > Sean.
> >
> > Do you:
> > 1) Not believe in PMTU-D
>
> RFC1918 does not break path-mtu, filtering it does tho..
sending RFC1918 addressed packets across enterprise boundaries is
against RFC1918. RFC1918 states to filter ingress/egress at enterprise
boundaries. Hence, filtering RFC1918 addresses is part of RFC1918.
Therefore, the use of addresses where they are likely to generate
traffic which violates RFC1918, is, well, a violation of RFC1918.
This applies regardless of the ICMP error message generated.
> > 2) Not believe in filtering RFC1918 sourced traffic at enterprise boundaries
> > (of which an exchange would be a boundary)
>
> What for? You'll find many more much more mailicious packets coming from
> legit routable address space.
Who said anything about malicious? In any event, ICMP error messages
are generally useful with a few minor exceptions. Things like Source
Quench, unreachables, TTL expired, and Can't Frag (as examples of useful
icmp.)
<snip>
> For p2p you can use unnumbered.. it wont work on exchanges but i agree
> they shouldnt be rfc1918.
I agree, however, most folks want to see the topology, some just choose
to violate RFC1918 in order to do it.
> Steve
