In reality, from what I see, most large ISP doesn't care about RFC1918.
I've been dealing with this issue for a while.
Not all of them, because I didn't deal with all of them.
But some of them has strange policy for ACL, because it has large impact
on router platform CPU utilization.
Strictly some ISP doesn't allow to put ACL for more than 24 hours
including RFC1918 ip address space originated traffic.
So I'm doing it from our core router to block those traffic, and fun to
watch the counters increasing so rapidly. ^.^
For an example,
[EMAIL PROTECTED]> show firewall filter XXX-in
Filter: XXX-in
Counters:
Name Bytes
Packets
XXX-in-default 430738360735883 743436641099
XXX-in-rfc1918-10 12742937908 41900221
XXX-in-loopback 785367140 2678266
XXX-in-dhcp-default 36982506 413978
XXX-in-rfc1918-172-16 1240646548 13026411
XXX-in-test-net 44318 621
XXX-in-rfc1918-192-168 1806857741 17309861
XXX-in-reserved-e-class 0 0
ospf-deny 14135
35
h323 8785570
186042
XXX-in-microsoft 305199975828 5751955784
ms-exclude 424428929
696688
on-fire 173190029170
5970455314
I'm wondering whether this is really about router platform issue, and
they want their customer including smaller ISPs to bill more because of
these junk traffic.
Hyun
Andrew Kirch wrote:
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
David Schwartz
Sent: Wednesday, May 17, 2006 1:37 PM
To: [EMAIL PROTECTED]
Subject: RE: private ip addresses from ISP
Our router is running BGP and connecting to our
upstream provider with /30 network. Our log reveals
that there are private IP addresses reaching our
router's interface that is facing our upstream ISP.
How could this be possible? Should upstream ISP be
blocking private IP address according to standard
configuration? Could the packet be stripped and IP be
converted somehow during the transition? It happens in
many Tier-1 ISP though !
Thank you for your information
Do you mean:
1) You are seeing BGP routes for addresses inside private space?
2) You are seeing packets with destination IPs inside private
space
arriving at your interface from your ISP?
3) You are seeing packets with source IPs inside private space
arriving at
your interface from your ISP?
If 1, feel free to filter them. You ISP probably uses them
internally and
is leaking them to you. Feel free to complain if you want.
If 2, make sure you aren't advertising routes into RFC1918 space
to
your
ISP. If not, you should definitely ask them what's up.
If 3, that's normal. These are packets your ISP received that
are
addressed
to you and the ISP is leaving to you the decision of whether to accept
them
or not. Feel free to filter them out if you wish. (It won't break
anything
that's not already broken.)
Sorry to dig this up from last week but I have to strongly disagree with
point #3.
From RFC 1918
Because private addresses have no global meaning, routing information
about private networks shall not be propagated on inter-enterprise
links, and packets with private source or destination addresses
should not be forwarded across such links. Routers in networks not
using private address space, especially those of Internet service
providers, are expected to be configured to reject (filter out)
routing information about private networks.
The ISP shouldn't be "leaving" anything to the end-user, these packets
should be dropped as a matter of course, along with any routing
advertisements for RFC 1918 space(From #1). ISP's who leak 1918 space
into my network piss me off, and get irate phone calls for their
trouble.
Andrew