[wellylug] Routing the unroutable, aka 10.0.0.0/8
Ewen McNeill
wellylug at ewen.mcneill.gen.nz
Fri Sep 26 18:25:27 NZST 2014
On 26/09/14 15:50, Christian Gagneraud wrote:
> Not only Firewall, what about BGP and co? How do you announce to the
> world that 10.X.Y.Z belongs to your AS, when these IP address are
> supposed to be private?
You don't. At least not to the Internet. But router linknets (ie, the
hop-by-hop links between routers that talk directly to each other) don't
need to be reachable from anywhere else. Even ISPs that still use
globally unique addresses for those will often either not advertise the
linknet block, or firewall at their border.
(You see it in traceroutes without it being routed because the
traceroute "got to here" packets only need a route to the destination --
ie, your system that initiated the traceroute. Even now relatively
little checks for valid sources.)
Ewen
More information about the wellylug
mailing list