nanog mailing list archives
Re: RFC1918 addresses to permit in for VPN?
From: "Daniel L. Golding" <dan () netrail net>
Date: Fri, 29 Dec 2000 13:38:45 -0500 (EST)
This is one of the benchmarks of cluelessness. The other is that the addresses don't have reverse DNS. As has been said here, many times, using RFC1918 addresses on interfaces, breaks Path MTU discovery, due to martians filters on network boundaries. Daniel Golding NetRail,Inc. "Better to light a candle than to curse the darkness" On Fri, 29 Dec 2000, Andrew Brown wrote:
speaking of rfc1918 addresses...one of my machines at home got poked at, so i did the usual thing which was perhaps waste about five minutes poking back from some place else if i feel like it. what i saw piqued my interest: % traceroute -f12 213.123.76.29 traceroute to 213.123.76.29 (213.123.76.29), 30 hops max, 40 byte packets 12 core1-pos10-0.bletchley.ukcore.bt.net (62.6.196.217) 349.804 ms 391.793 ms 354.819 ms 13 vhsaccess1-pos7-0.bletchley.fixed.bt.net (62.6.197.134) 472.775 ms 413.810 ms 429.770 ms 14 213.120.207.218 (213.120.207.218) 288.801 ms 285.806 ms 376.831 ms 15 172.16.93.125 (172.16.93.125) 348.788 ms 383.831 ms 274.826 ms 16 172.16.93.49 (172.16.93.49) 284.805 ms 426.828 ms 869.717 ms 17 172.16.93.37 (172.16.93.37) 243.793 ms 386.818 ms 394.838 ms 18 172.16.93.1 (172.16.93.1) 399.757 ms 281.851 ms 324.813 ms 19 192.168.250.17 (192.168.250.17) 279.814 ms 315.717 ms 241.842 ms 20 213.123.76.29 (213.123.76.29) 241.812 ms 247.859 ms 193.838 ms now i've seen people using 10.x.x.x addresses for the endpoints of the occasional serial link, but this makes it look like most of british telecom's backbone uses private addressing. i wonder what would happen to them if someone were to leak a route into them for those addresses? -- |-----< "CODE WARRIOR" >-----| codewarrior () daemon org * "ah! i see you have the internet twofsonet () graffiti com (Andrew Brown) that goes *ping*!" andrew () crossbar com * "information is power -- share the wealth."
Current thread:
- RFC1918 addresses to permit in for VPN? Miguel A.L. Paraz (Dec 28)
- <Possible follow-ups>
- Re: RFC1918 addresses to permit in for VPN? Sean Donelan (Dec 28)
- Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? John Fraizer (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? John Fraizer (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? John Fraizer (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? Daniel L. Golding (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? Simon Lyall (Dec 29)
- RE: RFC1918 addresses to permit in for VPN? Deron J. Ringen (Dec 29)
- RE: RFC1918 addresses to permit in for VPN? John Fraizer (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? Geoffrey Zinderdine (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? Bill Fumerola (Dec 30)
- RE: RFC1918 addresses to permit in for VPN? Randy Bush (Dec 31)
- RE: RFC1918 addresses to permit in for VPN? Derek J. Balling (Dec 31)
- RE: RFC1918 addresses to permit in for VPN? Randy Bush (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)