RFC1918 in public networks
Gert Doering gert at space.net
Thu Sep 27 09:57:59 CEST 2001
Hi,
On Thu, Sep 27, 2001 at 08:43:24AM +0100, Robin Cragg wrote:
> We are a medium sized ISP, and as such we have a publicly visible network
> using non-private IP space. I am looking to renumber our entire network to
> private IP space, and was wondering if any other members have done this.
> The only problem I can see is that traceroutes from outside our AS will
> fail at our border routers, which will make troubleshooting harder. Has
> anyone done this and would they recommend it?
Don't do this. If you use private addresses behind your firewall and
use NAT, that's your decision, but DO NOT USE rfc1918 space for
publically visible infrastructure (think ICMP packets like host
unreachable, fragmentation required, etc.).
You MUST NOT send packets with RFC1918 source addresses into the world,
and simply denying those packets will break things.
Gert Doering
-- NetMaster
--
SpaceNet AG Mail: netmaster at Space.Net
Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0
80807 Muenchen Fax : +49-89-32356-299
[ lir-wg Archives ]