Hi, On Fri, Sep 17, 2021 at 04:17:47PM +0200, Bjørn Mork wrote:
Section 5:
It is strongly recommended that routers which connect enterprises to external networks are set up with appropriate packet and routing filters at both ends of the link in order to prevent packet and routing information leakage.
I think that speaks very clearly about "you can do in your network whatever you want, but nobody else wants to see that"
This fails to consider the situation where you are using RFC1918 addresses on that link, which is common for mobile network access today.
It doesn't. It is very clear that *if* you do, it's your responsibility to ensure ICMP packets are not sent from a RFC1918 address. This is not a fault in the RFC, it's a fault in the way these people build their networks.
My example didn't make that clear, but the traceroute probes are sent from an RFC1918 address:
bjorn@miraculix:~$ ip route get 130.67.15.198 130.67.15.198 dev wwan0 src 10.82.241.88 uid 1000 cache
So you should drop packets using RFC1918 addresses on that link?
"What happens inside your network happens inside your network" (and the RFC explicitly permits that, of course), but we do not want to see it on someone else's network.
Given the age of the document, the language used to be less STRONG back then.
Sure. Assigning RFC1918 addresses to customers was also unheard of, and didn't even need to be mentioned.
If that is CGN'ed, it's not violating the RFC. Leaking packets from addresse that do not belong to you does. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279