[arin-ppml] ULA-C

George Bonser gbonser at seven.com
Mon Apr 12 02:45:38 EDT 2010 

Inline

> -----Original Message-----
> From: Owen DeLong [mailto:owen at delong.com]
> Sent: Sunday, April 11, 2010 11:30 PM
> To: George Bonser
> Cc: joel jaeggli; mcr at sandelman.ca; arin-ppml at arin.net
> Subject: Re: [arin-ppml] ULA-C
> 
> 
> On Apr 11, 2010, at 10:24 PM, George Bonser wrote:
> 
> > Can you tell me how RFC1918 space can be routed across the global
> > internet?
> >
> I didn't say it could be done without misconfiguration.  I said that
it
> doesn't
> protect you as much as you think in the case of misconfiguration.
> 
> > No transit provider in the world accepts those routes and assuming
> that
> > such traffic would have to traverse at least three networks
> > (originating, at least one transit and the destination), having all
> > three misconfigured is quite unlikely.
> >
> And yet, time and time again, they show up in the routing tables.

Yes, but probably not to the destination network you are trying to get
to. You are missing my point.  RFC1918 being in the routing table does
not equate to that being the RFC1918 address of the network you would be
targeting.  In fact, they might have eleventy zillion paths to 10/8 for
all I know.  I suppose email is too difficult a forum for me to express
myself on this subject.  Just because RFC1918 addresses might be present
in the routing table doesn't mean you can access foo.com's RFC1918 space
from bar.com.  It just means that SOMEONE is announcing the same space
from someplace and that you are believing it.

For a purposeful end to end connection to be made from foo.com to
bar.com's RFC1918 space there would need to be an incredible number of
mistakes to be made along the path.  So imagine you are connecting from
192.168.1.1 to 192.168.2.2 ...whose 192.168.2.2 are you connecting to?  

In the case if unique private space, that problem goes away.  Anyone
with unique private space would potentially be reachable IF A: they
announced it  B: their transit provider believed it C: their peers
believed it D: destination network believes it.

I think the case of all four of those cases being true is less than if
one is using global space.  If one is using global space then everyone
will believe it as a matter of course.



> 
> > But I have never seen a transit network that will pass RFC1918
> traffic.
> 
> Look harder, it has definitely happened.

Granted, it possibly has.  I haven't noticed, basically because I block
such announcements at the front door.

More information about the ARIN-PPML mailing list