Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Bogon list

  • From: Stephen Griffin
  • Date: Fri Jun 07 15:31:44 2002

In the referenced message, Stephen J. Wilcox said:
> On Thu, 6 Jun 2002, Stephen Griffin wrote:
> > 
> > In the referenced message, Sean M. Doran said:
> > > Basically, arguing that the routing system should carry around
> > > even more information is backwards.  It should carry less.  
> > > If IXes need numbers at all (why???) then use RFC 1918 addresses
> > > and choose one of the approaches above to deal with questions
> > > about why 1918 addresses result in "messy traceroutes."
> > > 
> > > Fewer routes, less address consumption, tastes great, less filling.
> > > 
> > > 	Sean.
> > 
> > Do you:
> > 1) Not believe in PMTU-D
> RFC1918 does not break path-mtu, filtering it does tho.. 

sending RFC1918 addressed packets across enterprise boundaries is
against RFC1918. RFC1918 states to filter ingress/egress at enterprise
boundaries. Hence, filtering RFC1918 addresses is part of RFC1918.

Therefore, the use of addresses where they are likely to generate
traffic which violates RFC1918, is, well, a violation of RFC1918.
This applies regardless of the ICMP error message generated.

> > 2) Not believe in filtering RFC1918 sourced traffic at enterprise boundaries
> > (of which an exchange would be a boundary)
> What for? You'll find many more much more mailicious packets coming from
> legit routable address space.

Who said anything about malicious? In any event, ICMP error messages
are generally useful with a few minor exceptions. Things like Source
Quench, unreachables, TTL expired, and Can't Frag (as examples of useful

> For p2p you can use unnumbered.. it wont work on exchanges but i agree
> they shouldnt be rfc1918. 

I agree, however, most folks want to see the topology, some just choose
to violate RFC1918 in order to do it.

> Steve

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.