At 01:10 AM 5/31/97 -0700, Danny McPherson wrote:
You can have an internal mesh made up of entireley rfc1918 address space, and not leak these routes to the rest of the world, I've only once caught MCI leaking stuff from a test lab, which was kinda annoying, but not really anything bad, and a polite e-mail message to them got an immediate fix of the problem.
i'd think most providers filter rfc1918 addresses both inbound and
outbound at
naps (mci does, i believe), although maybe not to customers...
This is unfortunately not the case. I was bombarded by someone with a 172.16.x.x address for several days, at a rate of a significant fraction of my T1. When I asked, folks said they don't filter the traffic at their attachment points because the routers they have there couldn't handle doing any filtering due to limitations in the router architecture, softare or both. ISPs should at the very least do ingress filtering from customers, but really should also filter RFC 1918 addresses and ideally not-yet-assigned addresses from all links. Of course they may have to buy routers which are capable of performing such work.
using reserved address space internally (as long is it remains internal), seems like a good idea to me - isn't that why it was reserved?
Exactly. Their use is an excellent idea. Daniel Senie mailto:dts@openroute.com Sr. Staff Engineer http://www.openroute.com/ OpenROUTE Networks, Inc. (a wholly owned subsidiary of Proteon, Inc.)