On 2025-08-19 17:34, Sriram, Kotikalapudi (Fed) via NANOG wrote:
Question: Can a prefix be never routed on the Internet but used only one-way for source address in IP packets?
You can have a prefix used for router interfaces, but not advertised to the internet and still have them appear in traceroutes (send icmp unreach ttl expired) using their interface IPs. One of my upstreams was doing this for a long time, but they currently appear to now be advertising the prefix in question - I suspect to avoid people filtering the icmps from it. Some other udp protocols including DNS in some contexts like some resolver libraries doesn't actually care what IP a reply comes from.. so it might send a request to one IP on a multihomed server and receive the answer from a different IP (which could be unadvertised). I doubt there are many intentional use cases for this, but there might be some stuff limping along working that way because it works. Generally I don't think people should be filtering this stuff - if someone was doing something malicious - they could presumably just spoof it from an advertised IP, but I also wouldn't be surprised if it's on many best practice tickbox lists by now.. and I'm guessing you're looking at adding it to another one. -Rob