Re: address spoofing

[Phil Howard <phil () whistler intur net>]

> > Greg A. Woods wrote:
> >
> > > my upstream provider to use RFC1918 on inter-router links, but they do
> > > anyway.  I'd like them to filter those addresses too, but they won't.
> >
> > I do agree they should be filtered out.
> >
> > At what point should we draw the line and say who can, and who cannot,
> > use RFC1918 addresses on links?  My first thought would be any link over
> > which traffic from more than one AS transits, or between AS's, should
> > always be fully routable.  Any better ideas?
>
> Somewhere along the lines of this thread, the point has been lost (IMHO).

Perhaps the original point was lost, or has been obscured.  There are
other points that have been brought up that impact the original.  That's
why they always get brought up.


> If a provider uses 1918 addresses on internal links, who cares? And when
> you say 'filter' them, do you mean filter them in routing announcements,
> or filter any traffic to/from that ips?

Filter them totally as needed.


> If the former, than thats good, you should do that; it should be part of
> your martian filters. If the latter, thats fine too, but traceroutes will
> '*' on those hops.
>
> But, once again, who cares? Conservation of IP space is good at worst.

I'd agree.


> > > won't be using precious unique IPs and feel the pressure to use RFC1918
> > > numbers instead).  I'm certainly no expert at this, but from the outside
> > > I've seen it done quite successfully.  It sure cuts down on the hop
> > > count visible from traceroute too!
>
> Using 1918 space will have no bearing on hop count or visibility of the
> hop. Thats rediculous.

The context was missed.  I was referring to the FR cloud.

-- 
Phil Howard           KA9WGN
phil () intur net phil () ipal net