Uhhh...PMTU-d can break as routers will send back icmp cant-frag packets from those link addresses and rpf, filtering, etc will bring tcp connections to a standstill. Don't filter rfc1918? umm good luck convincing the rest of the net to eliminiate their filters. The basic premise of building public networks is that you have to work around other peoples policies. If it's corporate nets, then sure you can control it all, but not here. Though the PMTU-d point is arguable (what are your internal links doing with crummy MTU, for example). BB
Is this really an issue? So long as they're not advertising the space I see no issue with routing traffic through a 10. network as transit. If you have no reason to reach their router directly (and after Cisco's last exploit, I'd think no one would want anyone to reach their router directly :-) ), what's the harm done?
RFC1918 merely states that it shouldn't be routed on the global internet, not that it can't be used for transit space.
<--------------------------->
Is there a site to "report" networks/isps that still leak rfc1918 space? By leaking I not only mean "don't filter", but actually _use_ in their network?
If someone is keeping a list, feel free to add ServerBeach.com. All traceroutes to servers housed there, pass by 10.10.10.3.
traceroute to www.serverbeach.com ... 20. 64-132-228-70.gen.twtelecom.net 21. 10.10.10.3 22. 66.139.72.12
Kind Regards, Frank Louwers
-- Openminds bvba www.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium -- David Temkin
Good point on the PMTU, you're correct and I wasn't thinking about that (though generally that would have come from the inside router, unless one of those routers was where the MTU limitation was). Engineered *correctly *I don't see an issue. I never implied that people should remove filters for 1918, that's silly. On Wed, 23 Jul 2003, Ben Buxton wrote:
Uhhh...PMTU-d can break as routers will send back icmp cant-frag packets from those link addresses and rpf, filtering, etc will bring tcp connections to a standstill.
Don't filter rfc1918? umm good luck convincing the rest of the net to eliminiate their filters. The basic premise of building public networks is that you have to work around other peoples policies. If it's corporate nets, then sure you can control it all, but not here.
Though the PMTU-d point is arguable (what are your internal links doing with crummy MTU, for example).
BB
Is this really an issue? So long as they're not advertising the space I see no issue with routing traffic through a 10. network as transit. If you have no reason to reach their router directly (and after Cisco's last exploit, I'd think no one would want anyone to reach their router directly :-) ), what's the harm done?
RFC1918 merely states that it shouldn't be routed on the global internet, not that it can't be used for transit space.
<--------------------------->
Is there a site to "report" networks/isps that still leak rfc1918 space? By leaking I not only mean "don't filter", but actually _use_ in their network?
If someone is keeping a list, feel free to add ServerBeach.com. All traceroutes to servers housed there, pass by 10.10.10.3.
traceroute to www.serverbeach.com ... 20. 64-132-228-70.gen.twtelecom.net 21. 10.10.10.3 22. 66.139.72.12
Kind Regards, Frank Louwers
-- Openminds bvba www.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium -- David Temkin
participants (2)
-
Ben Buxton -
Dave Temkin