nanog mailing list archives
Re: private ip addresses from ISP
From: Hyunseog Ryu <r.hyunseog () ieee org>
Date: Tue, 23 May 2006 01:49:26 -0500
In reality, from what I see, most large ISP doesn't care about RFC1918. I've been dealing with this issue for a while. Not all of them, because I didn't deal with all of them.But some of them has strange policy for ACL, because it has large impact on router platform CPU utilization. Strictly some ISP doesn't allow to put ACL for more than 24 hours including RFC1918 ip address space originated traffic. So I'm doing it from our core router to block those traffic, and fun to watch the counters increasing so rapidly. ^.^
For an example, hryu@chc-core-r1> show firewall filter XXX-in Filter: XXX-in Counters:Name Bytes Packets
XXX-in-default 430738360735883 743436641099 XXX-in-rfc1918-10 12742937908 41900221 XXX-in-loopback 785367140 2678266 XXX-in-dhcp-default 36982506 413978 XXX-in-rfc1918-172-16 1240646548 13026411 XXX-in-test-net 44318 621 XXX-in-rfc1918-192-168 1806857741 17309861 XXX-in-reserved-e-class 0 0ospf-deny 14135 35 h323 8785570 186042
XXX-in-microsoft 305199975828 5751955784ms-exclude 424428929 696688 on-fire 173190029170 5970455314
I'm wondering whether this is really about router platform issue, and they want their customer including smaller ISPs to bill more because of these junk traffic.
Hyun Andrew Kirch wrote:
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On BehalfOfDavid Schwartz Sent: Wednesday, May 17, 2006 1:37 PM To: nanog () nanog org Subject: RE: private ip addresses from ISPOur router is running BGP and connecting to our upstream provider with /30 network. Our log reveals that there are private IP addresses reaching our router's interface that is facing our upstream ISP. How could this be possible? Should upstream ISP be blocking private IP address according to standard configuration? Could the packet be stripped and IP be converted somehow during the transition? It happens in many Tier-1 ISP though ! Thank you for your informationDo you mean: 1) You are seeing BGP routes for addresses inside private space? 2) You are seeing packets with destination IPs inside privatespacearriving at your interface from your ISP? 3) You are seeing packets with source IPs inside private space arriving at your interface from your ISP? If 1, feel free to filter them. You ISP probably uses them internally and is leaking them to you. Feel free to complain if you want. If 2, make sure you aren't advertising routes into RFC1918 spacetoyour ISP. If not, you should definitely ask them what's up. If 3, that's normal. These are packets your ISP received thatareaddressed to you and the ISP is leaving to you the decision of whether to accept them or not. Feel free to filter them out if you wish. (It won't breakanythingthat's not already broken.)Sorry to dig this up from last week but I have to strongly disagree withpoint #3.From RFC 1918Because private addresses have no global meaning, routing information about private networks shall not be propagated on inter-enterprise links, and packets with private source or destination addresses should not be forwarded across such links. Routers in networks not using private address space, especially those of Internet service providers, are expected to be configured to reject (filter out) routing information about private networks. The ISP shouldn't be "leaving" anything to the end-user, these packets should be dropped as a matter of course, along with any routing advertisements for RFC 1918 space(From #1). ISP's who leak 1918 space into my network piss me off, and get irate phone calls for their trouble. Andrew
Current thread:
- private ip addresses from ISP adrian kok (May 17)
- RE: private ip addresses from ISP Ivan Groenewald (May 17)
- RIPE IP Anti-Spoofing Task Force (Was: private ip addresses from ISP) Jeroen Massar (May 17)
- RE: private ip addresses from ISP David Schwartz (May 17)
- <Possible follow-ups>
- RE: private ip addresses from ISP Andrew Kirch (May 22)
- Re: private ip addresses from ISP Hyunseog Ryu (May 22)
- Re: private ip addresses from ISP Richard A Steenbergen (May 23)
- Re: private ip addresses from ISP Edward B. DREGER (May 23)
- Re: private ip addresses from ISP Patrick W. Gilmore (May 23)
- Re: private ip addresses from ISP Richard A Steenbergen (May 23)
- Re: private ip addresses from ISP sthaug (May 23)
- Re: private ip addresses from ISP Patrick W. Gilmore (May 23)
- RE: private ip addresses from ISP Ivan Groenewald (May 17)
- Re: private ip addresses from ISP Daniel Senie (May 23)
- RE: private ip addresses from ISP Frank Bulk (May 23)