[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BCP38 exceptions for RFC1918 space
- Subject: BCP38 exceptions for RFC1918 space
- From: fw at deneb.enyo.de (Florian Weimer)
- Date: Sun, 15 Aug 2010 18:46:49 +0200
- In-reply-to: <67328.1281889598@localhost> (Valdis Kletnieks's message of "Sun, 15 Aug 2010 12:26:38 -0400")
- References: <[email protected]> <67328.1281889598@localhost>
* Valdis Kletnieks:
> On Sun, 15 Aug 2010 18:14:41 +0200, Florian Weimer said:
>> What's the current consensus on exempting private network space from
>> source address validation? Is it recommended? Discouraged?
>
> What you do on your internal networks and internal transit is your business.
> BCP38 talks about where you connect to the rest of the world.
I'm seeing them across AS boundaries, otherwise I wouldn't have
bothered.
> RFC 1918 is specific that you're supposed to get all medieval on any
> escaping packets:
Yeah, but sometimes, the current practice moves on. 8-)
>> (One argument in favor of exceptions is that it makes PMTUD work if
>> transfer networks use private address space.)
>
> And that connection that's trying to use PMTU got established across the
> commodity internet, how, exactly? ;)
ICMP "fragmentation needed, but DF set" messages carry the a addresses
of intermediate routers which generate them (potentially in response
to MTU drops) as source addresses, not the IP addresses of the peers
in a connection.
> That implies you let some routing info escape and got one of those
> "ambiguous routing situations".
Not really, I'm afraid.