What do you mean by "reaching"? Two quick observations from a mis-configuration point of view: If you mean you are seeing BGP routes for those networks: Sometimes ISPs null route private addresses with static routes in their networks and they accidentally leak (redistribute) to customers/peers. There are obviously other reasons too, but you can filter stuff like that yourself. Just don't accept routes for private IP space from you upstream. If you mean you are getting traffic destined for RFC1918 space, then make sure you aren't announcing those networks to your upstreams by accident. Poor upstream configs/filters could allow stuff like that to escape to peers of the upstream. (stranger things have happened) It's not normal or necessary to see those routes or traffic. Just contact your upstream and point it out they should fix it. Ivan Groenewald <ivang@xtrahost.co.uk> CTO Tel: 0845 345 0919 Xtraordinary Hosting, 6 The Clocktower, South Gyle, Edinburgh, EH12 9LB http://www.xtrahost.co.uk -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of adrian kok Sent: Wednesday, May 17, 2006 2:48 PM To: nanog@nanog.org Subject: private ip addresses from ISP Hi all Have you had this experience? Our router is running BGP and connecting to our upstream provider with /30 network. Our log reveals that there are private IP addresses reaching our router's interface that is facing our upstream ISP. How could this be possible? Should upstream ISP be blocking private IP address according to standard configuration? Could the packet be stripped and IP be converted somehow during the transition? It happens in many Tier-1 ISP though ! Thank you for your information