[nsp] 192.168.x.y from upstream
Daniel Roesen
dr at cluenet.de
Mon Mar 10 18:50:46 EST 2003
On Mon, Mar 10, 2003 at 01:56:09PM +0100, Gert Doering wrote:
> Because many ISPs are lazy and do not properly filter packets before
> the packets leave their networks.
Lazyness is not the only reason. It's also a matter of scale.
> Proper network management consist of (relating to RFC1918 only):
>
> - don't use RFC 1918 addresses for the ISP backbone networks
> (because traceroute and other ICMP responses might end up being
> sent with those addresses, which violates RFC 1918)
>
> - filter your customer access lines so that customers can only generate
> packets with source IPs that belong to them ("anti-spoofing"), see
> also RFC 2827 "Network Ingress Filtering".
None of these two prevent a downstream customer of yours to receive
traffic with RFC1918 source addresses.
Regards,
Daniel
More information about the cisco-nsp
mailing list