Hi all
Have you had this experience?
Our router is running BGP and connecting to our
upstream provider with /30 network. Our log reveals
that there are private IP addresses reaching our
router's interface that is facing our upstream ISP.
How could this be possible? Should upstream ISP be
blocking private IP address according to standard
configuration? Could the packet be stripped and IP be
converted somehow during the transition? It happens in
many Tier-1 ISP though !
Thank you for your information
What do you mean by "reaching"?
Two quick observations from a mis-configuration point of view:
If you mean you are seeing BGP routes for those networks: Sometimes ISPs
null route private addresses with static routes in their networks and they
accidentally leak (redistribute) to customers/peers. There are obviously
other reasons too, but you can filter stuff like that yourself. Just don't
accept routes for private IP space from you upstream.
If you mean you are getting traffic destined for RFC1918 space, then make
sure you aren't announcing those networks to your upstreams by accident.
Poor upstream configs/filters could allow stuff like that to escape to peers
of the upstream. (stranger things have happened)
It's not normal or necessary to see those routes or traffic. Just contact
your upstream and point it out they should fix it.
Ivan Groenewald <ivang@xtrahost.co.uk>
CTO
Tel: 0845 345 0919
Xtraordinary Hosting, 6 The Clocktower, South Gyle, Edinburgh, EH12 9LB
http://www.xtrahost.co.uk
[..]
If you mean you are getting traffic destined for RFC1918 space, then make
sure you aren't announcing those networks to your upstreams by accident.
Poor upstream configs/filters could allow stuff like that to escape to peers
of the upstream. (stranger things have happened)
[..]
On a related note, RIPE has started an "IP Anti-Spoofing Task Force",
see http://www.ripe.net/ripe/tf/anti-spoofing/ for more information.
Greets,
Jeroen
Our router is running BGP and connecting to our
upstream provider with /30 network. Our log reveals
that there are private IP addresses reaching our
router's interface that is facing our upstream ISP.
How could this be possible? Should upstream ISP be
blocking private IP address according to standard
configuration? Could the packet be stripped and IP be
converted somehow during the transition? It happens in
many Tier-1 ISP though !
Thank you for your information
Do you mean:
1) You are seeing BGP routes for addresses inside private space?
2) You are seeing packets with destination IPs inside private space
arriving at your interface from your ISP?
3) You are seeing packets with source IPs inside private space arriving at
your interface from your ISP?
If 1, feel free to filter them. You ISP probably uses them internally and
is leaking them to you. Feel free to complain if you want.
If 2, make sure you aren't advertising routes into RFC1918 space to your
ISP. If not, you should definitely ask them what's up.
If 3, that's normal. These are packets your ISP received that are addressed
to you and the ISP is leaving to you the decision of whether to accept them
or not. Feel free to filter them out if you wish. (It won't break anything
that's not already broken.)
DS