On Sun, Mar 07, 2004 at 08:35:54PM +0000, Christopher L. Morrow wrote:
Here is a sticky point... There are reasons to allow 10.x.x.x sources to transit a network. Mostly the reasons come back to 'broken' configurations or 'broken' hardware. The reasons still equate to customer calls and 'broken' networking fromm their perspective. I think the thing you are actually driving at is the 'intent' of the packet, which is quite tough for the router to determine.
Putting rubber to the road eventually, we actually went ahead and packetfiltered rfc1918 space on our edge. I know paul and stephen will be crowing with joy here, as we had several arguments about it in previous lives, but having gone ahead and filtered it, nothing appears to have broken, or at least nothing got called in. We've been doing it for several months now. /vijay