From owner-freebsd-isp  Wed Dec 19 20: 8:43 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from lily.ezo.net (lily.ezo.net [206.102.130.13])
	by hub.freebsd.org (Postfix) with ESMTP id CAEC537B417
	for <freebsd-isp@FreeBSD.ORG>; Wed, 19 Dec 2001 20:08:39 -0800 (PST)
Received: from savvyd (c3-1a119.neo.rr.com [24.93.230.119])
	by lily.ezo.net (8.11.3/8.11.3) with SMTP id fBK4BQN26926;
	Wed, 19 Dec 2001 23:11:27 -0500 (EST)
Message-ID: <003101c1890c$370d5cc0$22b197ce@ezo.net>
From: "Jim Flowers" <jflowers@ezo.net>
To: "Forrest W. Christian" <forrestc@imach.com>
Cc: <portmaster-users@portmasters.com>, <freebsd-isp@FreeBSD.ORG>
References: <Pine.BSF.4.21.0112191352570.18716-100000@workhorse.iMach.com>
Subject: Re: Infrastructure Design with Portmasters and FreeBSD/Zebra (long)
Date: Wed, 19 Dec 2001 23:10:08 -0500
Organization: EZNets, Inc.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

Well, I understand your caution.  Perhaps I did not explain very well that
in the proposed concept machines on the RFC1918 network are never allowed to
exchange packets with machines on the Internet and, in fact, are prevented
from doing so by filter rules in the edge routers.  The RFC1918 network is
only a transit network consisting of our own routing devices (all with
ospf).  The only Internet connections are initiated from/to our public and
public/secure networks/devices where path MTU discovery should work.

Thanks for the reply.

From: "Forrest W. Christian" <forrestc@imach.com>
To: "Jim Flowers" <jflowers@ezo.net>
Cc: <portmaster-users@portmasters.com>; <freebsd-isp@FreeBSD.ORG>
Sent: Wednesday, December 19, 2001 4:20 PM
Subject: Re: Infrastructure Design with Portmasters and FreeBSD/Zebra (long)


> I'm going to be very specific about this:
>
> Using 1918 space as you have described is bad.  Very bad.
>
> To make a long story short, if you use 1918 space, it will break things in
> weird and unusual ways.  The reason for this is a lot of providers discard
> any packets with a source address of 1918.  Certain internet protocols
> require each router along the path to be able to reply with ICMP messages
> with their own address.  If they are in the 1918 space, these will most
> likely be discarded causing the functionality which needs these to break.
>
> Most notably, this will break MTU path discovery which can cause a whole
> set of other problems which I won't go into.  It also will prevent ICMP
> Source qwench messages which are used to provide for some additional flow
> control by certain ip stacks.
>
> The only place to use 1918 space is behind a NAT box or on a network which
> will never be connected to the internet.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message