"Richard A. Steenbergen" wrote:
The goal of RFC1918 is to create private address space which is not guarenteed to be unique and therefore can not be routed between ASs.
No, it is guaranted to be unique only when it is never connected to the Internet. We don't have ARIN allocating private addrs, and that's half the problem: you can easily get two clowns using the same 10.0.0.x block and they will gladly whizz themselves when they start trying to chat.
It really doesn't matter if you have a 1918-space sourced packet on your network (any more then any other packet you might wish to filter), as long as you don't tell others how to reach it (or let yourself be told).
Or until you try to communicate with another ISP who also thinks they're at the center of the universe and is using the same block to send ICMP messages back to you. The only time you can use private addresses is when you can guarantee that those systems will not try to communicate with the rest of the Internet using those addrs. Do any of your dial-up systems use the addresses? Do any of your border routers? If any of them will ever send any messages whatsoever, they are in violation. It's really that simple. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/