Re: Bogon list

[Richard A Steenbergen <ras () e-gerbil net>]

On Thu, Jun 06, 2002 at 06:34:48PM -0400, Stephen Griffin wrote:
> Do you:
> 1) Not believe in PMTU-D

Yes.

> 2) Not believe in filtering RFC1918 sourced traffic at enterprise
> boundaries

Yes.

> I would love if RFC1918 were adhered to such that L3 packet-passing
> devices either weren't numbered out of those blocks, or allowed what
> juniper allows with the ability to select the ip address with which
> packets sourced by the L3 packet-passing device sent traffic (other than
> primary ip on destination interface). The latter would permit
> intra-enterprise use of RFC1918 addresses, while still conforming with
> RFC1918. Failing that, use of RFC1918 addresses in places where
> inter-provider packets get RFC1918 sources, is a violation of RFC1918.

Why? Why do you care about your inter-device link IPs other than for 
traceroute results? Please, someone tell me another reason why they're 
important. :)

There are very legitimate reasons for wanting that communication to be 
one-way, for example DoS attacks directed at the IPs which show up in 
traceroutes. But using RFC1918 IPs is not practical for large networks, 
since you can't communicate any DNS information about those IPs.

Even if there was an option to source ICMP from loopbacks (which I 
support, the OPTION is nice), I wouldn't use it. The devices along the 
path is far less important than the actual path, and you would immediately 
lose the ability to see which of multiple circuits is being taken between 
two endpoints. Loopbacks are better used for administrative access.

-- 
Richard A Steenbergen <ras () e-gerbil net>       http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)