nanog mailing list archives
Re: RFC1918 addresses to permit in for VPN?
From: Andrew Brown <twofsonet () graffiti com>
Date: Sun, 31 Dec 2000 23:52:13 -0500
so any isp which lets the outside world see a packet with a source in 1918 space is in direct violation of 1918.... Nevertheless, the operational reality is that having a traceroute that shows RFC1918 addresses is more useful than a traceroute that shows * * *, and therefore I suspect most operators will continue to permit RFC1918 addresses into their networks as long as a few questionable individuals use them to source traffic.
i think it's only useful to show that (a) something's there and (b) it doesn't slow down the traceroute. to combat (b), mtr is your friend.
(If they even bother to think about it.)
there would, at least, be confusion about where the packet came from. never mind the fact that pmtud would be slightly confused if the icmp errors came back from an rfc1918 address to a nat that was operating or a private network that used the same address block, consider two networks that use the same blocks of rfc1918 space for point to point addressing on public interfaces (that, of course, don't require global reachability) that are trying to diagnose a routing problem. a bit of creative route flapping and it would become impossible. -- |-----< "CODE WARRIOR" >-----| codewarrior () daemon org * "ah! i see you have the internet twofsonet () graffiti com (Andrew Brown) that goes *ping*!" andrew () crossbar com * "information is power -- share the wealth."
Current thread:
- Re: RFC1918 addresses to permit in for VPN?, (continued)
- Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? John Fraizer (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Bill Woodcock (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Randy Bush (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Mark Mentovai (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Randy Bush (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? John Hawkinson (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Dana Hudes (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)
- RE: RFC1918 addresses to permit in for VPN? Jason Lewis (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)
- RE: RFC1918 addresses to permit in for VPN? Bill Woodcock (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Adam Rothschild (Dec 30)
- Re: RFC1918 addresses to permit in for VPN? Steve Sobol (Dec 30)