Jeroen Massar via ripe-atlas <ripe-atlas@ripe.net> writes:
If one sees RFC1918 in a traceroute (especially >5 hops away, thus just not the client->CPE hops), it indicates that every hop in the middle is not filtering at least RFC1918; more likely they are thus just doing any kind of reverse prefix filtering aka the largest part of BCP38.
To be difficult again.... But I don't think you can make that assumption unless you are able to detect that the ICMP errors cross some network border. Using RFC1918 on links in your own network is fine. And having them show up in traceroutes is a feature. To illustrate, this a traceroute from a standard mobile netowrk access to one of the DNS resolvers used from that access: bjorn@miraculix:~$ traceroute -e 130.67.15.198 traceroute to 130.67.15.198 (130.67.15.198), 30 hops max, 60 byte packets 1 77.16.1.8.tmi.telenormobil.no (77.16.1.8) 435.127 ms 644.941 ms 644.890 ms 2 ti0006c360-ae17-0.ti.telenor.net (146.172.18.85) <MPLS:L=18694,E=2,S=0,T=1/L=26,E=2,S=1,T=1> 653.783 ms 653.735 ms 653.686 ms 3 ti0300c360-ae4-0.ti.telenor.net (146.172.23.174) <MPLS:L=844,E=2,S=0,T=1/L=26,E=2,S=1,T=2> 653.638 ms 653.592 ms 653.543 ms 4 10.67.115.189 (10.67.115.189) 653.481 ms 653.432 ms 653.383 ms 5 * * * 6 ti0001a401-ae18-21.ti.telenor.net (213.142.76.153) 653.270 ms 206.020 ms 32.959 ms 7 ti0275c360-ae49-0.ti.telenor.net (146.172.22.98) <MPLS:L=8866,E=0,S=1,T=1> 33.781 ms 32.122 ms 35.930 ms 8 ti0275a400-ae1-0.ti.telenor.net (146.172.101.94) 37.812 ms 40.701 ms 40.666 ms 9 ns11.e.nsc.no (130.67.15.198) 40.628 ms 40.591 ms 40.555 ms So you can see the RFC1918 address on one of the links between the VPN with the PGW and the Internet. So what? It's still one ISP. And much more useful info than hop number 5. Bjørn