[67112] in North American Network Operators' Group
Re: Strange public traceroutes return private RFC1918 addresses
daemon@ATHENA.MIT.EDU (Pekka Savola)
Tue Feb 3 01:01:31 2004
Date: Tue, 3 Feb 2004 07:58:46 +0200 (EET)
From: Pekka Savola <pekkas@netcore.fi>
To: "Rubens Kuhl Jr." <rubens@email.com>
Cc: nanog@merit.edu
In-Reply-To: <0c5901c3e9fa$7b61f920$020ba8c0@NOTEBOOK>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 3 Feb 2004, Rubens Kuhl Jr. wrote:
> Using real but announced IPs for routers will make their packets fail
> unicast-RPF checks, dropping traceroute and PMTUD responses as happens with
> RFC1918 addresses.
I guess you meant "unannounced".
This is the case for those who run uRPF towards their upstream (or
transit ISPs peering with them who'd run uRPF on the peering links).
I don't think too many folks do that.
But I see very little point in not announcing them. Equally well you
could just set up an acl at the edge which drops or rate-limits the
traffic. Well, you might not be able to if you're using a vendor
the implementation of which doesn't allow you to do that.. :)
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
