Home page logo
/

nanog logo nanog mailing list archives

Re: Register.com .....routing issue?
From: "Eric A. Hall" <ehall () ehsco com>
Date: Wed, 5 Sep 2001 23:12:10 -0500


<measl () mfn org> said:

As for "How", remember that private space is no different from public
space, except for the "gentlemans agreement" we all have not to route it
externally.  For use as transit networks, private space _almost always_ a
Good Idea.

Umm, it's socially irresponsible.

Traceroutes through RFC-1918 space are worthless. My reverse lookups don't
work for your private addresses meaning that I have no idea who's network is
eating the packets.

Even worse is when they overlap with a local set. Traceroutes through local
10.0.0.0 into ISP 10.0.0.0 are extraordinarily confusing when ISP-B's routers
are showing up as RTR-x.local.net. What fun figuring out why there's a router
loop through my first hop after it's already left that network.

Also a blast trying to decipher ICMP errors like host unreachable and Frag
Req'd messages that appear to orignate from nowhere in particular.

You should also be ingress/egress filtering packets with these addresses. That
means no traceroutes, no path MTU discovery, no errors, no nothing. If you or
your peers aren't having problems, then you aren't filtering.

It's anti-clever to use RFC 1918 space on public networks. I'm sorry that it's
too much work to use valid addresses on your network but please don't try to
pass it off as being good behavior.

--
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault