* Valdis Kletnieks: > On Sun, 15 Aug 2010 18:14:41 +0200, Florian Weimer said: >> What's the current consensus on exempting private network space from >> source address validation? Is it recommended? Discouraged? > > What you do on your internal networks and internal transit is your business. > BCP38 talks about where you connect to the rest of the world.
I'm seeing them across AS boundaries, otherwise I wouldn't have bothered. > RFC 1918 is specific that you're supposed to get all medieval on any > escaping packets: Yeah, but sometimes, the current practice moves on. 8-) >> (One argument in favor of exceptions is that it makes PMTUD work if >> transfer networks use private address space.) > > And that connection that's trying to use PMTU got established across the > commodity internet, how, exactly? ;) ICMP "fragmentation needed, but DF set" messages carry the a addresses of intermediate routers which generate them (potentially in response to MTU drops) as source addresses, not the IP addresses of the peers in a connection. > That implies you let some routing info escape and got one of those > "ambiguous routing situations". Not really, I'm afraid.