It used to be that "be conservative in what you send, be liberal in what you accept" was the rule. Unfortunately, that is getting less and less the case. And that is causing more and more breakage. In this case, you have two sides of the coin: 1) Those who filter ICMP's in 1918 space are being not-very-liberal in what they accept. However, given the "current" attacks which usually end up being a large portion of ICMP's from 1918 space, filtering on this space on your "net-facing" links is becoming a necessary protection on most networks. 2) Those who number internet-visible links with 1918 space are being not-very-conservative in what they send. However, given the pressure of address space conservation, this seems to be happening more and more. When a network path contains 1) and 2) in a "conservative in what you accept, liberal in what you send" configuration, breakage WILL occur. Most notably MTU path discovery will cease to function in some cases. This breakage tends to be hard to detect by the average user and/or net admin. How many people even know that MTU discovery exists or what the symptoms of breakage are? Personally, I think the most common symptom is people will call your help desk saying "This @#*$ thing doesn't work, fix it." Also, all along the path there are useful ICMP messages that get sent back. ICMP Source Quench packets for telling the sender to slow down. ICMP Unreachables to indicate the path has failed. Etc. Etc. Etc. If these ICMP packets originate from a 1918 numbered interface, breakage of that function will occur. Flows won't slow down. Traceroutes will star out on that interface, etc. (Now I've said that I'm a little worried that Traceroutes at least some of the time don't use ICMP - but regardless the symptom is the same regardless of the underlying protocol used). I think it is a given that filtering ICMP's (and everything else) from bogons is here to stay. In that context, the only way for the network to function correctly is to not send "useful" packets from 1918 space. Which includes ICMP generated by routers using 1918 space. - Forrest W. Christian (forrestc@imach.com) KD7EHZ ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ----------------------------------------------------------------------