[ On Thursday, February 22, 2001 at 19:12:14 (-0500), Mark Radabaugh wrote: ]
Subject: RE: rfc 1918?
I can see that packets destined for RFC1918 addresses will leave our network (due to default routes) but are promptly dropped at the first BGP speaking router they encounter. Is it worth the extra router processing time to check all outgoing packet destinations as well? I can't see where this extra filtering is worth the trouble.
I suppose that depends on just how far away the first BGP speaking router is from your network border(s), and how properly configured it is. In practical terms I suppose it also depends on just exactly what filtering technology you've deployed, and just exactly how close it is to being overloaded. If you are already pushing your router's CPU too hard (and if your filters are done by your router's CPU rather than an ASIC) then obviously reducing your filter load will be in your own best interests and not filtering destination addresses against RFC-1918 will be one relatively benign way of reducing the filter load. However if your router's CPU is only partially utilised now (even if you push your pipe to capacity), then adding such destination filters won't hurt anyone. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>