nanog mailing list archives
Re: BCP38 exceptions for RFC1918 space
From: Valdis.Kletnieks () vt edu
Date: Sun, 15 Aug 2010 12:26:38 -0400
On Sun, 15 Aug 2010 18:14:41 +0200, Florian Weimer said:
What's the current consensus on exempting private network space from source address validation? Is it recommended? Discouraged?
What you do on your internal networks and internal transit is your business. BCP38 talks about where you connect to the rest of the world. RFC 1918 is specific that you're supposed to get all medieval on any escaping packets: It is strongly recommended that routers which connect enterprises to external networks are set up with appropriate packet and routing filters at both ends of the link in order to prevent packet and routing information leakage. An enterprise should also filter any private networks from inbound routing information in order to protect itself from ambiguous routing situations which can occur if routes to the private address space point outside the enterprise.
(One argument in favor of exceptions is that it makes PMTUD work if transfer networks use private address space.)
And that connection that's trying to use PMTU got established across the commodity internet, how, exactly? ;) That implies you let some routing info escape and got one of those "ambiguous routing situations".
Attachment:
_bin
Description:
Current thread:
- BCP38 exceptions for RFC1918 space Florian Weimer (Aug 15)
- Re: BCP38 exceptions for RFC1918 space Valdis . Kletnieks (Aug 15)
- Re: BCP38 exceptions for RFC1918 space Florian Weimer (Aug 15)
- Re: BCP38 exceptions for RFC1918 space Valdis . Kletnieks (Aug 15)
- Re: BCP38 exceptions for RFC1918 space Florian Weimer (Aug 15)
- Re: BCP38 exceptions for RFC1918 space Adam Armstrong (Aug 15)
- Re: BCP38 exceptions for RFC1918 space Valdis . Kletnieks (Aug 16)
- Re: BCP38 exceptions for RFC1918 space Joe Greco (Aug 16)
- Re: BCP38 exceptions for RFC1918 space Valdis . Kletnieks (Aug 16)
- RE: BCP38 exceptions for RFC1918 space Leigh Porter (Aug 23)
- Re: BCP38 exceptions for RFC1918 space Ali (Aug 23)
- Re: BCP38 exceptions for RFC1918 space Joel Jaeggli (Aug 23)
- Re: BCP38 exceptions for RFC1918 space Florian Weimer (Aug 15)
- Re: BCP38 exceptions for RFC1918 space Valdis . Kletnieks (Aug 15)