RE: rfc 1918?

This is not an issue of paranoia (except for those who actually use
PRIVATE addresses internally and have properly configured
their gateways
to be paranoid about even seeing such packets, let alone
routing them).

Unless I'm mistaken, a prime reason for the evolution of RFC 1918
addresses was that it was once common practice for people to
help themselves to PUBLIC address space to use on PRIVATE
networks. As the world got more connected, these addresses
occasionally got leaked and caused address conflicts.

Using RFC 1918 addresses prevents conflicts with public/registered
space. Obviously the possibility of leakage still exists,
but with RFC 1918 the havoc potential is diminished to a mere
irritant level. Which is what the incident that started this
thread appeared to be.

[ On Friday, February 23, 2001 at 08:46:00 (-0600), Mark Borchers wrote: ]

Subject: RE: rfc 1918?

Unless I'm mistaken, a prime reason for the evolution of RFC 1918
addresses was that it was once common practice for people to
help themselves to PUBLIC address space to use on PRIVATE
networks. As the world got more connected, these addresses
occasionally got leaked and caused address conflicts.

Indeed, which is what I was alluding to when I said I still know of
several private networks using public address space.

Using RFC 1918 addresses prevents conflicts with public/registered
space. Obviously the possibility of leakage still exists,
but with RFC 1918 the havoc potential is diminished to a mere
irritant level. Which is what the incident that started this
thread appeared to be.

Well, it depends on just how much of an ierritant it gets to be.

If you agressively filter all RFC-1918 addressed packets at your borders
because you use such addresses internally and don't want any spoofing to
happen, but then your users start complaing because they have traceroute
problems, Path-MTU-discovery problems, etc., etc., etc., etc., then it
starts to look a lot more like general havoc again.

Either people have to really use RFC-1918 private address space properly
and ensure it never ever leaks (and maybe even some core locations have
to start filtering it where they can just to provide the helpful service
of helping correct other people's mistakes), or we have to give up on
using common private address space completely. When providers treat
their public transit links as if they were part of an internal network
for this purpose thing are way out of hand.

"Greg A. Woods" wrote:

Either people have to really use RFC-1918 private address space properly
and ensure it never ever leaks (and maybe even some core locations have
to start filtering it where they can just to provide the helpful service
of helping correct other people's mistakes), or we have to give up on
using common private address space completely. When providers treat

I can already hear the counterpoint on this one: "Transit providers are
to provide transit only. It is not up to backbone operators to filter
traffic in order to correct their customers'/peers' mistakes." Remember
that long thread from a few months back? I completely agree with you on
the point that 1918 addresses should never be seen outside of the
internal networks they are used on; however, if we start having transit
providers filter to correct their downstreams' lack of such, then those
providers end up acting as either Mommy (to clean up after us) or Big
Brother (to keep an eye on us), and I'm pretty sure the last thing
anybody wants is anything resembling high-level "policing" of the Net.
The best, and possibly the only workable, solution to this problem is
for people to stop being lazy and start being responsible.
<pause for laughter at the previous comment>