nanog mailing list archives
RE: private ip addresses from ISP
From: "Andrew Kirch" <akirch () allthingsit com>
Date: Tue, 23 May 2006 09:32:35 -0400
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf
Of
Robert Bonomi Sent: Tuesday, May 23, 2006 9:22 AM To: nanog () nanog org Cc: davids () webmaster com Subject: Re: private ip addresses from ISPDate: Tue, 23 May 2006 03:33:34 -0400 From: Richard A Steenbergen <ras () e-gerbil net> To: nanog () nanog org Subject: Re: private ip addresses from ISP On Mon, May 22, 2006 at 04:30:37PM -0400, Andrew Kirch wrote:3) You are seeing packets with source IPs inside private
space
arriving at your interface from your ISP?...Sorry to dig this up from last week but I have to strongly
disagree
withpoint #3.From RFC 1918Because private addresses have no global meaning, routinginformationabout private networks shall not be propagated on
inter-enterprise
links, and packets with private source or destination addresses should not be forwarded across such links. Routers in networks
not
using private address space, especially those of Internet
service
providers, are expected to be configured to reject (filter out) routing information about private networks. The ISP shouldn't be "leaving" anything to the end-user, these
packets
should be dropped as a matter of course, along with any routing advertisements for RFC 1918 space(From #1). ISP's who leak 1918
space
into my network piss me off, and get irate phone calls for their trouble.The section you quoted from RFC1918 specifically addresses routes,
not
packets.I quote, from the material cited above: " ..., and packets with private source or destination addresses should not be forwarded across such links. ... " There are some types of packets that can legitimately have RFC1918
source
addresses -- 'TTL exceeded' for example -- that one should
legitimately
allow across network boundaries.If you're receiving RFC1918 *routes* from anyone, you need
to
thwack them over the head with a cluebat a couple of times until theclueyfilling oozes out. If you're receiving RFC1918 sourced packets, for
the
most part you really shouldn't care.*I* care. When those packets contain 'malicious' content, for example. When the provider =cannot= tell me which of _their_own_customers_ originated that attack, for example. (This provider has inbound source-filtering
on
their Internet 'gateway' routers, but *not* on their customer-facing equipment (either inbound or outbound.) It's even more comical when the NSP uses RFC1918 space internally, and does *not* filter those source addresses from their customers.There are semi-legitimate
reasons
forpackets with those sources addresses to float around the Internet,
and
they don't hurt anything.I guess you don't mind paying for transit of packets that _cannot_possibly_ have any legitimate purpose on your network. Some of us, on the other hand, _do_ object. YMMV
Well said, I think that Robert has done a phenomenal job of summing up my point. I don't want this trash on my network. The pertinent RFC says it shouldn't be entering my network from *your* network (for varying values of your). I don't buy the argue that the end user should decide what traffic they do and don't want when the RFC states unequivocally that the traffic shouldn't be there. Even reasonably large networks are often run by people with no appreciable networking experience, MCSE, MCP MCP+I etc. This is a simple fact of life. Andrew
Current thread:
- Re: private ip addresses from ISP, (continued)
- Re: private ip addresses from ISP Hyunseog Ryu (May 22)
- Re: private ip addresses from ISP Richard A Steenbergen (May 23)
- Re: private ip addresses from ISP Edward B. DREGER (May 23)
- Re: private ip addresses from ISP Patrick W. Gilmore (May 23)
- Re: private ip addresses from ISP Richard A Steenbergen (May 23)
- Re: private ip addresses from ISP sthaug (May 23)
- Re: private ip addresses from ISP Patrick W. Gilmore (May 23)
- Re: private ip addresses from ISP Daniel Senie (May 23)
- RE: private ip addresses from ISP Frank Bulk (May 23)
- Re: private ip addresses from ISP Joe Maimon (May 23)
- RE: private ip addresses from ISP Brian Johnson (May 23)
- Re: private ip addresses from ISP Joe Maimon (May 23)
- Re: private ip addresses from ISP Joseph S D Yao (May 23)
- Re: private ip addresses from ISP Joe Maimon (May 23)
- Re: private ip addresses from ISP Joseph S D Yao (May 23)
- Re: private ip addresses from ISP Joseph S D Yao (May 23)
- Re: private ip addresses from ISP Michael . Dillon (May 24)