On Sun, 8 Feb 1998, Peter Ford wrote:
Do most ISPs explicitly block private IP addresses (e.g. 10.X.X.X) at their borders?
Do the "default-less" ISPs filter private addresses or do they let routing/forwarding do the work?
This comes in two parts. First, nearly all clueful providers will filter BGP announcements of private IP space. While such announcements should never happen, they happen amazingly often. People that filter these announcements may be... half the Internet, but I'm cynical today. Second, some providers filter traffic using private IP space. This is a significantly smaller percent. One problem that you can run into if you do filter traffic from private IP space is that if someone is using a router using private IP space on an interface, you can break PMTU-D by doing this filtering. Another problem (but a lesser one) is that traceroute to sites passing through a router using a private address on an interface will show a row of timeouts. This is the fault of the person using private IP addresses for a router and having that router generate ICMP messages using that address, but... If you are using private address space internally for router interfaces or whatever, then you want to filter it to prevent spoofing. But if you do that then you cause problems with other people who do the exact same thing you are doing which isn't too smart. I do see an amazing amount of traffic (ie. attempted connections) from machines using private addresses. While others are far more qualified to judge numbers than I am, I wouldn't say it is clear that most block them, but a reasonable minority do.