Re: : Can a prefix be never routed on Internet but used only for source address in IP packets?
ICMP packets from internal devices. Example “unreachable”. Kind Regards, Jakob ---------------------------- Question: Can a prefix be never routed on the Internet but used only one-way for source address in IP packets? That is. a user owns an IP prefix. They never advertise a route to it in BGP on the Internet. But they use the prefix solely for source address in IP traffic from a source to a destination (sink). In this set up, the destination server obviously cannot/doesn't return any acknowledgements etc. to the source. Anyone aware if there is any such known application in use on the Internet - even if it is rare? Thanks. Sriram
I believe IXP networks are usually like this. Globally assigned IPs, and routers can use their IPs on the network to originate ICMP packets (e.g. TTL exceeded during traceroute; or packet too big) but putting a route to the IXP network on the internet is strictly prohibited. On 19 August 2025 20:40:20 CEST, "Jakob Heitz (jheitz) via NANOG" <nanog@lists.nanog.org> wrote:
ICMP packets from internal devices. Example “unreachable”.
Kind Regards, Jakob
---------------------------- Question: Can a prefix be never routed on the Internet but used only one-way for source address in IP packets?
That is. a user owns an IP prefix. They never advertise a route to it in BGP on the Internet. But they use the prefix solely for source address in IP traffic from a source to a destination (sink). In this set up, the destination server obviously cannot/doesn't return any acknowledgements etc. to the source. Anyone aware if there is any such known application in use on the Internet - even if it is rare? Thanks.
Sriram
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/HXWFW2SZ...
I believe IXP networks are usually like this. Globally assigned IPs, and routers can use their IPs on the network to originate ICMP packets (e.g. TTL exceeded during traceroute; or packet too big)
actually, the inter participant bgp peering (and peering with RSs) is done using TCP over that non-announced address space. randy
nanog--- via NANOG wrote on 20/08/2025 04:10:
I believe IXP networks are usually like this. Globally assigned IPs, and routers can use their IPs on the network to originate ICMP packets (e.g. TTL exceeded during traceroute; or packet too big) but putting a route to the IXP network on the internet is strictly prohibited. There's no prohibition here. It's an issue for the IXP's routing policy as to whether their peering lan prefix(es) should be announced or not. Some do, many don't.
The thing that IXPs don't like is when second or third parties become inventive in ways that override the intention of the IXP, for example, originating the address block from their own ASN, or putting in special-case filters to single out ixp prefixes for special treatment, or that sort of thing. It would also help if connected parties used next-hop-self at their IXP routers so that peering lan prefixes are not carried in their IGPs. Nick
participants (4)
-
Jakob Heitz (jheitz) -
nanog@immibis.com -
Nick Hilliard -
Randy Bush