Date: Wed, 19 Dec 2001 23:10:08 -0500 From: "Jim Flowers" <jflowers@ezo.net> To: "Forrest W. Christian" <forrestc@imach.com> Cc: <portmaster-users@portmasters.com>, <freebsd-isp@FreeBSD.ORG> Subject: Re: Infrastructure Design with Portmasters and FreeBSD/Zebra (long) Message-ID: <003101c1890c$370d5cc0$22b197ce@ezo.net> References: <Pine.BSF.4.21.0112191352570.18716-100000@workhorse.iMach.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, I understand your caution. Perhaps I did not explain very well that in the proposed concept machines on the RFC1918 network are never allowed to exchange packets with machines on the Internet and, in fact, are prevented from doing so by filter rules in the edge routers. The RFC1918 network is only a transit network consisting of our own routing devices (all with ospf). The only Internet connections are initiated from/to our public and public/secure networks/devices where path MTU discovery should work. Thanks for the reply. From: "Forrest W. Christian" <forrestc@imach.com> To: "Jim Flowers" <jflowers@ezo.net> Cc: <portmaster-users@portmasters.com>; <freebsd-isp@FreeBSD.ORG> Sent: Wednesday, December 19, 2001 4:20 PM Subject: Re: Infrastructure Design with Portmasters and FreeBSD/Zebra (long) > I'm going to be very specific about this: > > Using 1918 space as you have described is bad. Very bad. > > To make a long story short, if you use 1918 space, it will break things in > weird and unusual ways. The reason for this is a lot of providers discard > any packets with a source address of 1918. Certain internet protocols > require each router along the path to be able to reply with ICMP messages > with their own address. If they are in the 1918 space, these will most > likely be discarded causing the functionality which needs these to break. > > Most notably, this will break MTU path discovery which can cause a whole > set of other problems which I won't go into. It also will prevent ICMP > Source qwench messages which are used to provide for some additional flow > control by certain ip stacks. > > The only place to use 1918 space is behind a NAT box or on a network which > will never be connected to the internet. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003101c1890c$370d5cc0$22b197ce>