This is not an issue of paranoia (except for those who actually use PRIVATE addresses internally and have properly configured their gateways to be paranoid about even seeing such packets, let alone routing them).
Unless I'm mistaken, a prime reason for the evolution of RFC 1918 addresses was that it was once common practice for people to help themselves to PUBLIC address space to use on PRIVATE networks. As the world got more connected, these addresses occasionally got leaked and caused address conflicts. Using RFC 1918 addresses prevents conflicts with public/registered space. Obviously the possibility of leakage still exists, but with RFC 1918 the havoc potential is diminished to a mere irritant level. Which is what the incident that started this thread appeared to be.
[ On Friday, February 23, 2001 at 08:46:00 (-0600), Mark Borchers wrote: ]
Subject: RE: rfc 1918?
Unless I'm mistaken, a prime reason for the evolution of RFC 1918 addresses was that it was once common practice for people to help themselves to PUBLIC address space to use on PRIVATE networks. As the world got more connected, these addresses occasionally got leaked and caused address conflicts.
Indeed, which is what I was alluding to when I said I still know of several private networks using public address space.
Using RFC 1918 addresses prevents conflicts with public/registered space. Obviously the possibility of leakage still exists, but with RFC 1918 the havoc potential is diminished to a mere irritant level. Which is what the incident that started this thread appeared to be.
Well, it depends on just how much of an ierritant it gets to be. If you agressively filter all RFC-1918 addressed packets at your borders because you use such addresses internally and don't want any spoofing to happen, but then your users start complaing because they have traceroute problems, Path-MTU-discovery problems, etc., etc., etc., etc., then it starts to look a lot more like general havoc again. Either people have to really use RFC-1918 private address space properly and ensure it never ever leaks (and maybe even some core locations have to start filtering it where they can just to provide the helpful service of helping correct other people's mistakes), or we have to give up on using common private address space completely. When providers treat their public transit links as if they were part of an internal network for this purpose thing are way out of hand. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
"Greg A. Woods" wrote:
Either people have to really use RFC-1918 private address space properly and ensure it never ever leaks (and maybe even some core locations have to start filtering it where they can just to provide the helpful service of helping correct other people's mistakes), or we have to give up on using common private address space completely. When providers treat
I can already hear the counterpoint on this one: "Transit providers are to provide transit only. It is not up to backbone operators to filter traffic in order to correct their customers'/peers' mistakes." Remember that long thread from a few months back? I completely agree with you on the point that 1918 addresses should never be seen outside of the internal networks they are used on; however, if we start having transit providers filter to correct their downstreams' lack of such, then those providers end up acting as either Mommy (to clean up after us) or Big Brother (to keep an eye on us), and I'm pretty sure the last thing anybody wants is anything resembling high-level "policing" of the Net. The best, and possibly the only workable, solution to this problem is for people to stop being lazy and start being responsible. <pause for laughter at the previous comment> -- Scott Francis scott@ [work:] v i r t u a l i s . c o m darkuncle@ [home:] d a r k u n c l e . n e t PGP fingerprint 7ABF E2E9 CD54 A1A8 804D 179A 8802 0FBA CB33 CCA7 illum oportet crescere me autem minui
participants (3)
-
Mark Borchers -
Scott Francis -
woods@weird.com