[SNIP] We had a similar discussion a long while ago (2 years?) on whether having RFC1918 addressed router interface could break Path MTU discovery. The general upshot is that the RFC specifically says that no packets with a reserved address in the header (source or destination) should leave the network in question. Also, the RFC says it is not at all unreasonable (but not required) for a network to filter packets with RFC1918 addresses in the source. (To prevent attacks and things like that.) So it is nearly impossible to stay 100% compliant and address router interfaces with RFC1918 addresses. (Unless you NAT or something.) All IIRC - I did not dig up the thread to double-check. TTFN, patrick P.S. Please do not yell at me about this, I am just summarizing a past thread I thought might be relevant. I got yelled at enough during the last thread where I argued that it was not such a bad thing 'cause it conserved space and stuff. Really, I only need 14 people to point out the sections of the RFC I missed before I get the point. :p
If the only excuse for outlawing RFC 1918 router interface addresses is breaking path MTU discovery, then it seems to me that it should be perfectly legal to use RFC 1918 addresses for most router point-to-points; the only place where the Path MTU Discovery argument could possibly apply would be when a box routes between different interfaces onto links with different link MTUs. Considering how often Path MTU Discovery doesn't work, folks normally try pretty hard to avoid that circumstance anyway, so I'd expect a great many routers to be able to be assigned RFC 1918 addrs on their point-to-points with no operational problems. -Bennett
Yo Bennet! Sounds like circular reasoning: Path MTU discovery is broken beacuse poeple use RFC1918 addresses in routers. Since Path MTU discovery is broken then there is no need to follow RFC1918. RGDS GGRY On Fri, 14 Jul 2000, Bennett Todd wrote:
Date: Fri, 14 Jul 2000 15:00:14 -0400 From: Bennett Todd <bet@rahul.net> To: nanog@merit.edu Subject: Re: RFC 1918
If the only excuse for outlawing RFC 1918 router interface addresses is breaking path MTU discovery, then it seems to me that it should be perfectly legal to use RFC 1918 addresses for most router point-to-points; the only place where the Path MTU Discovery argument could possibly apply would be when a box routes between different interfaces onto links with different link MTUs. Considering how often Path MTU Discovery doesn't work, folks normally try pretty hard to avoid that circumstance anyway, so I'd expect a great many routers to be able to be assigned RFC 1918 addrs on their point-to-points with no operational problems.
-Bennett
--------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
2000-07-14-15:39:00 Gary E. Miller:
Yo Bennet!
Hi!
Sounds like circular reasoning:
Circular reasoning is certainly easy to create, thanks for this nice specimen.
Path MTU discovery is broken beacuse poeple use RFC1918 addresses in routers.
That's not my claim. Path MTU discovery is rarely needed. That's an observation in practice, not a claim about how things are supposed to be or anything. In those rare occasions when it's needed, it often works. But when people have a setup that leaves them with a path that bottlenecks in the middle to less than normal ethernet MTU, and thus and would frag for many or most connection, they do tend to find a few sites that they cannot visit, because the sites have servers with Path MTU discovery left enabled behind firewalls (or load balancers, or other gizmos) that break it by not correctly forwarding the ICMP Must Frag error packets back.
Since Path MTU discovery is broken then there is no need to follow RFC1918.
Well, that's not my claim either, I don't know where you come up with this argument, should we put your name on it? I claim rather that most routers _never_ have an operational need to talk directly to random strangers, i.e. to have their interface addresses leak. So sure, honor RFC 1918 strictly and utterly and to the letter: put egress filters for the addrs that would guarantee that anyone who tried to traceroute through you would see timeouts as the replies were blocked. If that makes whingers happier, groove on it. If your router doesn't have any different-MTU interfaces that it routes between, then there's no harm in using RFC 1918 addresses on the endpoints of inter-router links. -Bennett
participants (3)
-
Bennett Todd
-
Gary E. Miller
-
Patrick W. Gilmore