[NTLUG:Discuss] internet routing of private IPs causing problems..
Richard Geoffrion
ntlug at rain4us.net
Wed Jan 9 11:28:16 CST 2008
Am I misunderstanding something about RFC1918 (
http://www.rfc-archive.org/getrfc.php?rfc=1918 )? It is my
understanding that RFC1918 dictates that the private ip address ranges...
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
...are to be filtered out from routers from routers that are on the
internet (ie ISP routers)? Quote:
"Routers in networks not using private address space, especially
those of Internet service providers, are expected to be configured
to reject (filter out) routing information about private networks."
That SEEMS pretty clear cut to me and in all my years of networking has
been the standard. Now I'm being told by a (supposedly) major
DATA/TELCOM company that it is the responsibility of the customer
premise equipment performing NAT to filter outbound requests to IP
address in the specified private address range.
I am frustrated and a bit upset at what I am perceiving as either
ignorance, stupidity, or blatant uncaring on the part of a seemingly
lazy ISP. It makes it kind of hard to monitor online status of an
internal device when an outside device at the ISP responds to a ping to
a private IP address.
Do I have the high-ground here or does the ISP have any shred of
evidence on which to stand?
(I do see in the RFC where it is recommended that... "an enterprise
should also filter any private networks from inbound routing information
in order to protect itself from ambiguous routing situations which can
occur if routes to the private address space point outside the
enterprise." I'll need to see how to implement that without screwing
up my routing tables.)
--
Richard
More information about the Discuss
mailing list