Re: rfc1918 ignorant

[Daniel Karrenberg <daniel.karrenberg () ripe net>]

On 23.07 10:07, Kevin Oberman wrote:
> "In order to use private address space, an enterprise needs to
> determine which hosts do not need to have network layer connectivity
> outside the enterprise in the foreseeable future and thus could be
> classified as private. Such hosts will use the private address space
> defined above.  Private hosts can communicate with all other hosts
> inside the enterprise, both public and private. However, they cannot
> have IP connectivity to any host outside of the enterprise. While not
> having external (outside of the enterprise) IP connectivity private
> hosts can still have access to external services via mediating
> gateways (e.g., application layer gateways)."
>
> As I read this, packets with a source address in 19298 space should
> NEVER appear outside the enterprise. Comcast and many others seem to
> blithely ignore this for convenience sake. (It's not like they need a
> huge amount of space to give private addresses to these links.)

You read this correctly. We also wrote: 

   It is strongly recommended that routers which connect enterprises to
   external networks are set up with appropriate packet and routing
   filters at both ends of the link in order to prevent packet and
   routing information leakage. An enterprise should also filter any
   private networks from inbound routing information in order to protect
   itself from ambiguous routing situations which can occur if routes to
   the private address space point outside the enterprise.

I consider this quite explicit. I also consider this still very valid.

Imho the PMTU argument is moot. This should not be an issue at all other
than on the edges these days.  Should it nonetheless be an issue it 
can be done in the "boundary" routers which have interfaces numbered 
public address space. I do not know all the details here, so if 
I am wrong in detail, please tell me.

Daniel