From owner-freebsd-isp Wed Dec 19 19:56:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id 7114337B405 for ; Wed, 19 Dec 2001 19:56:17 -0800 (PST) Received: from savvyd (c3-1a119.neo.rr.com [24.93.230.119]) by lily.ezo.net (8.11.3/8.11.3) with SMTP id fBK3x4N26697; Wed, 19 Dec 2001 22:59:04 -0500 (EST) Message-ID: <002b01c1890a$7d553920$22b197ce@ezo.net> From: "Jim Flowers" To: "Krzysztof Adamski" Cc: , References: Subject: Re: (PM) Infrastructure Design with Portmasters and FreeBSD/Zebra (long) Date: Wed, 19 Dec 2001 22:57:46 -0500 Organization: EZNets, Inc. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org OK, thanks for the heads up. I think that what you are cautioning against is that the `ICMP can't fragment' message will not be returned over the Internet to a sender with an RFC1918 address (particularly as I deny them at the edge router). OTOH, in my proposed layout one of the basic concepts is that hosts with RFC1918 addresses are never allowed to exchange packets with hosts on the Internet so this situation should never arise. All the working system hosts and customer hosts have public addresses and in this case the Internet sourced ICMP messages should be routed over the RFC1918 network correctly - er, right? :-) Shouldn't this work equally well for the PM3 dialups (who all have public addresses) as long as their host/router supports pathMTU discovery? Also, the inter-pop routers don't involve the Internet and as they are under my administration I will advertise the RFC1918 addresses with ospf for any inter-pop transmissions. I am more interested in the security aspects than reclaiming the addresses but it is also appealing to not have to justify the usage each time we (or a customer) want another block (It has been a hassle). Currently, we have about 100 subnets on the 5 Class Cs with about 55% still available as we NAT most of our commercial users. Thanks again for your reply. Jim Flowers - EZNets, Inc. ----- Original Message ----- From: "Krzysztof Adamski" To: "Jim Flowers" Subject: Re: (PM) Infrastructure Design with Portmasters and FreeBSD/Zebra (long) > Replacing routable IPs with RFC1918 on a PM will work just fine, but there > is one problem with it. It breaks Path-MTU-discovery protocol. This would > be a problem for routers that can have different MTU size of different > interfaces, like a PM with dial in users. > If you are efficiently using your address space you should not have a > problem with getting more addresses. > > K To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message