[c-nsp] Private IP in point to point link on internet
Mark Tinka
mark.tinka at seacom.mu
Tue Jun 21 17:24:55 EDT 2016
On 21/Jun/16 21:42, Mike wrote:
>
>
> The issue is that many routers, when the need arises to fragment
> packets, will send back an icmp 'fragmentation needed' message, *from
> the source ip address of the interface that was traversed*. So, if you
> have a p2p link with your end being 192.168.1.1, your router may very
> well send the packet with that ip. And, many providers filter packets
> with rfc1918 addresses inbound and outbound, meaning that the
> likelyhood of the icmp message reaching the initiator of the flow in
> the first place, is low to zero. Its a devil of a problem to diagnose,
> but it's real, and for that reason I reccomend making sure your gear
> can source these with a valid ip instead.
Not to mention that RFC 1918 space is poorly routable on the Internet.
Mark.
More information about the cisco-nsp
mailing list