nanog mailing list archives

Re: rfc1918 ignorant

From: "John Palmer" <nanog () adns net>
Date: Wed, 23 Jul 2003 13:38:58 -0500


When the RFC's are broken, then what do you do?

RFC's are to be followed if one can operate one's network
under those constraints. Often times, RFC's don't take into
account real world considerations.

For instance: The "rule" that there should be only one root
server network does not provide a solution to the problem of
a corrupt monopoly gaining control over that one root server
network (as is the case now).

----- Original Message -----
From: "Petri Helenius" <pete () he iki fi>
To: "Dave Temkin" <dave () ordinaryworld com>; "Kevin Oberman" <oberman () es net>
Cc: "Lyndon Nerenberg" <lyndon () orthanc ab ca>; "David Schwartz" <davids () webmaster com>; <variable () ednet co 
uk>; <nanog () merit edu>
Sent: Wednesday, July 23, 2003 13:19
Subject: Re: rfc1918 ignorant


Unless of course I block ICMP for the purposes of denying traceroute but
still allow DF/etc.  Then it's not "broken" as you say.

Sure, but people "blocking all ICMP" haven´t usually heard that there are different
types and codes in ICMP.

It´s surprising how many large www sites do not work if your MTU is less
than 1500. Even if you do PMTU. (because the packets vanish somewhere
before or at the server).

Pete


--
David Temkin

On Wed, 23 Jul 2003, Kevin Oberman wrote:

Date: Wed, 23 Jul 2003 13:50:05 -0400 (EDT)
From: Dave Temkin <dave () ordinaryworld com>
Sender: owner-nanog () merit edu


Needs is a tough call.  Plenty of networks block ICMP at the border and
could very well be using 1918 addressing in between and you'd have no
idea.


And the network is broken.

People persist in blocking ICMP and then complain when things don't
work right. Even if you explain why blocking ICMP is breaking
something, they say "ICMP is evil and we have to block it". OK. they
are broken and when things don't work, they need to tell their
customers that they are choosing to run a network that does not work
correctly. (Not that I expect anyone to do this.)

I don't see anything "tough" about this call.

Current thread:

Re: source filtering (Re: rfc1918 ignorant), (continued)
- - - Re: source filtering (Re: rfc1918 ignorant) variable (Jul 24)
    - Re: source filtering (Re: rfc1918 ignorant) Jared Mauch (Jul 24)
    - RE: rfc1918 ignorant David Schwartz (Jul 23)
    - RE: rfc1918 ignorant Dave Temkin (Jul 23)
    - Re: rfc1918 ignorant Lyndon Nerenberg (Jul 23)
    - Re: rfc1918 ignorant Dave Temkin (Jul 23)
    - Re: rfc1918 ignorant Lyndon Nerenberg (Jul 23)
    - Re: rfc1918 ignorant Kevin Oberman (Jul 23)
    - Re: rfc1918 ignorant Dave Temkin (Jul 23)
    - Re: rfc1918 ignorant Petri Helenius (Jul 23)
    - Re: rfc1918 ignorant John Palmer (Jul 23)
    - Re: rfc1918 ignorant Petri Helenius (Jul 23)
    - Re: rfc1918 ignorant Kevin Oberman (Jul 23)
    - Re: rfc1918 ignorant bdragon (Jul 23)
    - Re: rfc1918 ignorant Valdis . Kletnieks (Jul 23)
    - Re: rfc1918 ignorant Jared Mauch (Jul 23)
    - Re: rfc1918 ignorant Kevin Oberman (Jul 23)
  - Re: rfc1918 ignorant Kevin Oberman (Jul 23)
    - Re: rfc1918 ignorant Daniel Karrenberg (Jul 23)
  - Re: rfc1918 ignorant bdragon (Jul 23)
- RE: rfc1918 ignorant Ben Buxton (Jul 23)

(Thread continues...)