[c-nsp] Private IP in point to point link on internet

Pierre Emeriaud petrus.lt at gmail.com
Tue Jun 21 17:40:24 EDT 2016


>> I'm not 100 percent sure how it breaks the path discovery, I would love to
>> test this too, as we have a few of these setups in place.
>
>
> The issue is that many routers, when the need arises to fragment packets,
> will send back an icmp 'fragmentation needed' message, *from the source ip
> address of the interface that was traversed*. So, if you have a p2p link
> with your end being 192.168.1.1, your router may very well send the packet
> with that ip. And, many providers filter packets with rfc1918 addresses
> inbound and outbound,

That, and urpf. We use unannounced netblocs (but publics) for our
backbone links and loopbacks, and while this has served us well (go
on, try to send a packet -or a billion- to it), our network is pretty
much opaque to anyone doing urpf, because ttl expired will be dropped.
This makes traceroutes less useful...

when two best practices collides...


More information about the cisco-nsp mailing list