[nsp] 192.168.x.y from upstream

Daniel Roesen dr at cluenet.de
Mon Mar 10 18:50:46 EST 2003

On Mon, Mar 10, 2003 at 01:56:09PM +0100, Gert Doering wrote:
> Because many ISPs are lazy and do not properly filter packets before
> the packets leave their networks.

Lazyness is not the only reason. It's also a matter of scale.

> Proper network management consist of (relating to RFC1918 only):
>  - don't use RFC 1918 addresses for the ISP backbone networks
>    (because traceroute and other ICMP responses might end up being
>    sent with those addresses, which violates RFC 1918)
>  - filter your customer access lines so that customers can only generate
>    packets with source IPs that belong to them ("anti-spoofing"), see
>    also RFC 2827 "Network Ingress Filtering".

None of these two prevent a downstream customer of yours to receive
traffic with RFC1918 source addresses.


More information about the cisco-nsp mailing list