i can't imagine a user being allocated ip space in that block would be to happy paying for traffic they were not requesting in the first place. (not that it's any different from most current practices). On 13/04/10 15:02, Nathan Ward wrote:
On 13/04/2010, at 2:37 PM, Florent Bouron wrote:
Well, we know that some sites run Net 1 behind a NAT when they should be running an RFC 1918 prefix. We also know that pretty much everbody is configured to drop RFC 1918 destination packets, but since Net 1 is a valid prefix there is no reason to drop it.
So the real question is probably: why are packets being sent to addresses that are behind NATs?
Put it this way, if a device that implement NAT, translates the 1/8 IP address to the real IPs the customer owns and has a subnet within 1/8 directly attached, but also participates in dynamic routing with border routers or ISP routers, whether you use NAT or not, the 1/8 network will be injected into the ISP's routing tables ...
With a poorly configured router at the ISP and the user's site, sure. However that doesn't explain why there are packets on the wider Internet that are destined to 1/8 addresses.
I think Brian is right in suggesting peer to peer, and I imagine there are other things as well. For example, responses to packets sourced from 1/8 addresses. Perhaps there is a NAT somewhere that only NATs TCP, UDP and ICMP, and doesn't drop other protocols. Perhaps there is a botnet sending packets from 1/8 addresses, because that was a random address that the script kiddie that put it together came up with. There are any number of scenarios that could be causing traffic to 1/8.
I'm not convinced it is operationally useful for us to know why this is happening, just that it is, and how to avoid it impacting us. If it's being caused by people using 1/8 when they shouldn't have, they'll have to fix it soon enough.
It occurs to me that 1/8 could perhaps be primarily given to APNIC members who are asking for IPv4 space for dynamic end users. If the assumption that most 1/8 users are end users behind bad NATs is correct then impact is limited to preventing peer to peer between the two hosts, and most peer to peer systems have ways to minimise the negative impact of these situations, either with help from other hosts or alternative peers. If, however, someone got a 1/8 address for a web server or similar, then impact would be quite a bit worse.
-- Nathan Ward _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
-- *Leon Strong *| Technical Engineer *DDI:* +64 9 950 2203 *Fax:* +64 9 302 0518 *Mobile:* +64 21 0202 8870 *Freephone:* 0800 SMX SMX (769 769) Level 15, 19 Victoria Street, Auckland, New Zealand | SMX Ltd | smx.co.nz http://smx.co.nz SMX | Business Email Specialists The information contained in this email and any attachments is confidential. If you are not the intended recipient then you must not use, disseminate, distribute or copy any information contained in this email or any attachments. If you have received this email in error or you are not the originally intended recipient please contact SMX immediately and destroy this email. ______________________________________________________________________________ This email has been scrubbed for your protection by SMX. For more information visit http://smxemail.com ______________________________________________________________________________