[c-nsp] rfc1918 from ISP
Justin M. Streiner
streiner at cluebyfour.org
Wed May 17 00:56:55 EDT 2006
On Wed, 17 May 2006, adrian kok wrote:
> Our router is running BGP and connecting to our
> upstream provider with /30 network. Our log reveals
> that there are private IP addresses reaching our
> router's interface that is facing our upstream ISP.
> How could this be possible? Should upstream ISP be
> blocking private IP address according to standard
> configuration? Could the packet be stripped and IP be
> converted somehow during the transition? It happens in
> many Tier-1 ISP though !
It sounds like your upstream provider is not filtering out RFC1918 address
space - they should be. You can also filter packets with RFC1918 and
unassigned address space from entering and leaving your network.
If you mean that your upstream provider is announcing (leaking) routes for
non-routable address ranges to you via BGP, 1) let them know - they should
not be doing this and something is broken, 2) filter them out on your
side. You should also have filters in place to prevent you from doing the
same to them.
jms
More information about the cisco-nsp
mailing list