[c-nsp] Private IP in point to point link on internet

Tom Hill tom at ninjabadger.net
Wed Jun 22 17:22:46 EDT 2016


On 22/06/16 21:32, Nick Cutting wrote:
> That space also "should" be non-routable over the internet - I know a
> few sneaky enterprises using it,  - wasn’t that carved out for CGN?

Correct - it was specifically ear marked for CGN, so as not to conflict
with your customer's own use of RFC1918.  It should not be visible on
the Internet, in much the same way as RFC1918 should not:

"Packets with Shared Address Space source or destination addresses
 MUST NOT be forwarded across Service Provider boundaries.  Service
 Providers MUST filter such packets on ingress links.  One exception
 to this paragraph's proscription is in the case of business
 relationships, such as hosted CGN services."

 https://tools.ietf.org/html/rfc6598

However, that is not to say that ISPs don't use RFC1918, or
100.64.0.0/10 in their point-to-point links, but you're not meant to be
routing back to them when they send you TTL exceeded responses from such
addresses.

In the OP's situation, it might work well enough, but you will be
leaking ICMP responses from non-routable addresses.  Use a publicly
routable, unique IPv4 address pair if you can help of it - /31s are
brilliant for decreasing your usage - or use MPLS forwarding and disable
TTL decrementing on your LSRs.

Regards,

-- 
Tom


More information about the cisco-nsp mailing list