nanog mailing list archives
RE: rfc1918 ignorant
From: Dave Temkin <dave () ordinaryworld com>
Date: Wed, 23 Jul 2003 13:40:03 -0400 (EDT)
Except you're making assumptions as to how that router is used. If it's being used for purely transit then your third paragraph doesn't apply at all. The traffic is not originating or terminating there, it is merely passing through. -- David Temkin On Wed, 23 Jul 2003, David Schwartz wrote:
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of variable () ednet co uk Sent: Wednesday, July 23, 2003 6:10 AM To: Dave Temkin Cc: nanog () merit edu Subject: re: rfc1918 ignorant On Wed, 23 Jul 2003, Dave Temkin wrote:Is this really an issue? So long as they're not advertising the space I see no issue with routing traffic through a 10. network as transit. If you have no reason to reach their router directly (and afterCisco's lastexploit, I'd think no one would want anyone to reach theirrouter directly:-) ), what's the harm done?If Frank's seeing the IP in his traceroute then the network concerned isn't properly filtering traffic leaving their borders as per BCP38: http://www.faqs.org/rfcs/bcp/bcp38.htmlThey're not complying with RFC1918 either: In order to use private address space, an enterprise needs to determine which hosts do not need to have network layer connectivity outside the enterprise in the foreseeable future and thus could be classified as private. Such hosts will use the private address space defined above. Private hosts can communicate with all other hosts inside the enterprise, both public and private. However, they cannot have IP connectivity to any host outside of the enterprise. While not having external (outside of the enterprise) IP connectivity private hosts can still have access to external services via mediating gateways (e.g., application layer gateways). All other hosts will be public and will use globally unique address space assigned by an Internet Registry. Public hosts can communicate with other hosts inside the enterprise both public and private and can have IP connectivity to public hosts outside the enterprise. Public hosts do not have connectivity to private hosts of other enterprises. and Because private addresses have no global meaning, routing information about private networks shall not be propagated on inter-enterprise links, and packets with private source or destination addresses should not be forwarded across such links. Routers in networks not using private address space, especially those of Internet service providers, are expected to be configured to reject (filter out) routing information about private networks. If such a router receives such information the rejection shall not be treated as a routing protocol error. Indirect references to such addresses should be contained within the enterprise. Prominent examples of such references are DNS Resource Records and other information referring to internal private addresses. In particular, Internet service providers should take measures to prevent such leakage. It's pretty clear that devices with network layer connectivity outside the etnerprise are not private and thus can't be numbered inside private IP space. DS
Current thread:
- Re: rfc1918 ignorant, (continued)
- Re: rfc1918 ignorant David Lesher (Jul 23)
- Re: rfc1918 ignorant Vinny Abello (Jul 23)
- Re: rfc1918 ignorant Haesu (Jul 23)
- Re: rfc1918 ignorant Henk Uijterwaal (RIPE-NCC) (Jul 23)
- re: rfc1918 ignorant Dave Temkin (Jul 23)
- re: rfc1918 ignorant variable (Jul 23)
- source filtering (Re: rfc1918 ignorant) Jared Mauch (Jul 23)
- Re: source filtering (Re: rfc1918 ignorant) variable (Jul 24)
- Re: source filtering (Re: rfc1918 ignorant) Jared Mauch (Jul 24)
- re: rfc1918 ignorant variable (Jul 23)
- RE: rfc1918 ignorant David Schwartz (Jul 23)
- RE: rfc1918 ignorant Dave Temkin (Jul 23)
- Re: rfc1918 ignorant Lyndon Nerenberg (Jul 23)
- Re: rfc1918 ignorant Dave Temkin (Jul 23)
- Re: rfc1918 ignorant Lyndon Nerenberg (Jul 23)
- Re: rfc1918 ignorant Kevin Oberman (Jul 23)
- Re: rfc1918 ignorant Dave Temkin (Jul 23)
- Re: rfc1918 ignorant Petri Helenius (Jul 23)
- Re: rfc1918 ignorant John Palmer (Jul 23)
- Re: rfc1918 ignorant Petri Helenius (Jul 23)
- Re: rfc1918 ignorant Kevin Oberman (Jul 23)
- Re: rfc1918 ignorant bdragon (Jul 23)