Define "network border." I used to block all traffic from or to RFC1918 addresses, but my present upstream is using 10.0.0.0/8 and 172.16.0.0/16, at least, for their internal use. So, the IP address of the WAN interface on my router connecting to them has a 10.0.0.0/8 address. If I block incoming traffic to 10.0.0.0/8, they can't monitor my net.
They are using (wasting) the whole 10.0.0.0/8 on one LAN? Sheesh! I've picked 172.30.0.0/16 to be divided up into 16384 /30's to use for numbered links. I'll probably choose another piece of address space in 172.16.0.0/12 for a LAN for a few special things like "permanent" DNS server addresses that will "never" change. My current thinking is to leave 10.0.0.0/8 workable between customers, let 172.16.0.0/12 be for special uses, and let customers do with 192.168.0.0/16 whatever they wish. There's no real ideal solution. How far from the intent of RFC1918 has that gone? -- -- *-----------------------------* Phil Howard KA9WGN * -- -- | Inturnet, Inc. | Director of Internet Services | -- -- | Business Internet Solutions | eng at intur.net | -- -- *-----------------------------* philh at intur.net * --