Re: BCP38 exceptions for RFC1918 space

[Florian Weimer <fw () deneb enyo de>]

* Valdis Kletnieks:

> On Sun, 15 Aug 2010 18:14:41 +0200, Florian Weimer said:
> > What's the current consensus on exempting private network space from
> > source address validation?  Is it recommended?  Discouraged?
>
> What you do on your internal networks and internal transit is your business.
> BCP38 talks about where you connect to the rest of the world.

I'm seeing them across AS boundaries, otherwise I wouldn't have
bothered.

> RFC 1918 is specific that you're supposed to get all medieval on any
> escaping packets:

Yeah, but sometimes, the current practice moves on. 8-)

> > (One argument in favor of exceptions is that it makes PMTUD work if
> > transfer networks use private address space.)
>
> And that connection that's trying to use PMTU got established across the
> commodity internet, how, exactly? ;)

ICMP "fragmentation needed, but DF set" messages carry the a addresses
of intermediate routers which generate them (potentially in response
to MTU drops) as source addresses, not the IP addresses of the peers
in a connection.

> That implies you let some routing info escape and got one of those
> "ambiguous routing situations".

Not really, I'm afraid.