[59894] in North American Network Operators' Group
Re: rfc1918 ignorant
daemon@ATHENA.MIT.EDU (bdragon@gweep.net)
Wed Jul 23 16:49:01 2003
To: dave@ordinaryworld.com (Dave Temkin)
Date: Wed, 23 Jul 2003 16:47:31 -0400 (EDT)
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.50.0307230857210.27647-100000@ordinaryworld.com> from "Dave Temkin" at Jul 23, 2003 08:59:18 AM
From: bdragon@gweep.net
Errors-To: owner-nanog-outgoing@merit.edu
> Is this really an issue? So long as they're not advertising the space I
> see no issue with routing traffic through a 10. network as transit. If
> you have no reason to reach their router directly (and after Cisco's last
> exploit, I'd think no one would want anyone to reach their router directly
> :-) ), what's the harm done?
>
> RFC1918 merely states that it shouldn't be routed on the global internet,
> not that it can't be used for transit space.
RFC1918:
Because private addresses have no global meaning, routing information
about private networks shall not be propagated on inter-enterprise
links, and packets with private source or destination addresses
--------------------------------------------------------
should not be forwarded across such links. Routers in networks not
-----------------------------------------
using private address space, especially those of Internet service
providers, are expected to be configured to reject (filter out)
routing information about private networks. If such a router receives
such information the rejection shall not be treated as a routing
protocol error.
By virtue of using RFC1918 addresses on packet-passing interfaces
(those which generate ICMP error messages) it is a violation of RFC1918.
One could, in turn, disable those messages, or filter them, but as others
point out, that breaks such things as PMTU-D.
Also, those who think their RFC1918-numbered device is not directly reachable
solely due to being RFC1918 numbered, are deluded.
