This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] All-Probe Traceroute + detect RFC1918 addresses
- Previous message (by thread): [atlas] All-Probe Traceroute + detect RFC1918 addresses
- Next message (by thread): [atlas] All-Probe Traceroute + detect RFC1918 addresses
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bjørn Mork
bjorn at mork.no
Fri Sep 17 15:23:24 CEST 2021
Jeroen Massar via ripe-atlas <ripe-atlas at ripe.net> writes: > If one sees RFC1918 in a traceroute (especially >5 hops away, thus > just not the client->CPE hops), it indicates that every hop in the > middle is not filtering at least RFC1918; more likely they are thus > just doing any kind of reverse prefix filtering aka the largest part > of BCP38. To be difficult again.... But I don't think you can make that assumption unless you are able to detect that the ICMP errors cross some network border. Using RFC1918 on links in your own network is fine. And having them show up in traceroutes is a feature. To illustrate, this a traceroute from a standard mobile netowrk access to one of the DNS resolvers used from that access: bjorn at miraculix:~$ traceroute -e 130.67.15.198 traceroute to 130.67.15.198 (130.67.15.198), 30 hops max, 60 byte packets 1 77.16.1.8.tmi.telenormobil.no (77.16.1.8) 435.127 ms 644.941 ms 644.890 ms 2 ti0006c360-ae17-0.ti.telenor.net (146.172.18.85) <MPLS:L=18694,E=2,S=0,T=1/L=26,E=2,S=1,T=1> 653.783 ms 653.735 ms 653.686 ms 3 ti0300c360-ae4-0.ti.telenor.net (146.172.23.174) <MPLS:L=844,E=2,S=0,T=1/L=26,E=2,S=1,T=2> 653.638 ms 653.592 ms 653.543 ms 4 10.67.115.189 (10.67.115.189) 653.481 ms 653.432 ms 653.383 ms 5 * * * 6 ti0001a401-ae18-21.ti.telenor.net (213.142.76.153) 653.270 ms 206.020 ms 32.959 ms 7 ti0275c360-ae49-0.ti.telenor.net (146.172.22.98) <MPLS:L=8866,E=0,S=1,T=1> 33.781 ms 32.122 ms 35.930 ms 8 ti0275a400-ae1-0.ti.telenor.net (146.172.101.94) 37.812 ms 40.701 ms 40.666 ms 9 ns11.e.nsc.no (130.67.15.198) 40.628 ms 40.591 ms 40.555 ms So you can see the RFC1918 address on one of the links between the VPN with the PGW and the Internet. So what? It's still one ISP. And much more useful info than hop number 5. Bjørn
- Previous message (by thread): [atlas] All-Probe Traceroute + detect RFC1918 addresses
- Next message (by thread): [atlas] All-Probe Traceroute + detect RFC1918 addresses
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]