Hi there, I just had a real quick question. I hope this is found to be on topic.
Is it to be expected to see rfc1918 src'd packets coming from transit carriers?
We have filters in place on our edge (obviously) but should we be seeing traffic from 192.168.0.0 and 10.0.0.0 et cetera hitting our transit interfaces?
I guess I'm not sure why large carrier networks wouldn't simply filter this in their core?
[pick-a-random-BCP38-snipe ...] It's a feature: You can tell which of your providers does BCP38 this way. Heh. It's the networking equivalent of all the bad sorts of DOS/Windows programming. You know, the rule that says "once it can run successfully, it must be correct." Never mind checking for exceptional conditions, buffer overruns, etc. It's the same class of problem where corporate IT departments, listening to some idiot, filter all ICMP, and are convinced this is okay because they can reach ${one-web-site-of-your-choice}, and refuse to contemplate that they might have broken something. Once your network is routing packets and you aren't hearing complaints about being unable to reach a destination, it's got to be configured correctly ... right? Consider it life on the Internet. Do their job for them. Around here, we've been doing BCP38 since before there was a BCP38. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.