[c-nsp] Private IP in point to point link on internet
Nick Cutting
ncutting at edgetg.com
Tue Jun 21 17:05:04 EDT 2016
I have never come across a command that lets you change the source ip / interface of the ICMP messages on a cisco router. It usually chooses the interface it was received on, which is the outgoing interface in the RPF
-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mike
Sent: Tuesday, June 21, 2016 3:42 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Private IP in point to point link on internet
On 06/21/2016 07:37 AM, Nick Cutting wrote:
> We have a few providers in HK who deliver our public /24's via a /30 RFC 1918 Address.
>
> I'm not 100 percent sure how it breaks the path discovery, I would love to test this too, as we have a few of these setups in place.
The issue is that many routers, when the need arises to fragment packets, will send back an icmp 'fragmentation needed' message, *from the source ip address of the interface that was traversed*. So, if you have a p2p link with your end being 192.168.1.1, your router may very well send the packet with that ip. And, many providers filter packets with rfc1918 addresses inbound and outbound, meaning that the likelyhood of the icmp message reaching the initiator of the flow in the first place, is low to zero. Its a devil of a problem to diagnose, but it's real, and for that reason I reccomend making sure your gear can source these with a valid ip instead.
Mike-
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list