| draft-ietf-grow-private-ip-sp-cores-00.txt | draft-ietf-grow-private-ip-sp-cores-01.txt | |||
|---|---|---|---|---|
| Network Working Group A. Kirkham | Network Working Group A. Kirkham | |||
| Internet-Draft Palo Alto Networks | Internet-Draft Palo Alto Networks | |||
| Obsoletes: None (if approved) March 28, 2012 | Obsoletes: None (if approved) April 10, 2012 | |||
| Intended status: Informational | Intended status: Informational | |||
| Expires: September 29, 2012 | Expires: October 12, 2012 | |||
| Issues with Private IP Addressing in the Internet | Issues with Private IP Addressing in the Internet | |||
| draft-ietf-grow-private-ip-sp-cores-00 | draft-ietf-grow-private-ip-sp-cores-01 | |||
| Abstract | Abstract | |||
| The purpose of this document is to provide a discussion of the | The purpose of this document is to provide a discussion of the | |||
| potential problems of using private, RFC1918, or non-globally- | potential problems of using private, RFC1918, or non-globally- | |||
| routable addressing within the core of an SP network. The discussion | routable addressing within the core of an SP network. The discussion | |||
| focuses on link addresses and to a small extent loopback addresses. | focuses on link addresses and to a small extent loopback addresses. | |||
| While many of the issues are well recognised within the ISP | While many of the issues are well recognised within the ISP | |||
| community, there appears to be no document that collectively | community, there appears to be no document that collectively | |||
| describes the issues. | describes the issues. | |||
| skipping to change at page 1, line 48 | skipping to change at page 1, line 48 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 29, 2012. | This Internet-Draft will expire on October 12, 2012. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 10, line 19 | skipping to change at page 10, line 19 | |||
| range is assigned by both the administrator of a corporate network | range is assigned by both the administrator of a corporate network | |||
| and their ISP. Some applications discover the outside address of | and their ISP. Some applications discover the outside address of | |||
| their local CPE to determine if that address is reserver for special | their local CPE to determine if that address is reserver for special | |||
| use. Application behavior may then be based on this determination. | use. Application behavior may then be based on this determination. | |||
| [weil-shared-transition-space-request] provides further analysis of | [weil-shared-transition-space-request] provides further analysis of | |||
| this situation. | this situation. | |||
| To address this scenario and others, at the time of writing, work was | To address this scenario and others, at the time of writing, work was | |||
| in progress to obtain a dedicated /10 address block for the purpose | in progress to obtain a dedicated /10 address block for the purpose | |||
| of Shared CGN (Carrier Grade NAT) Address Space. Please refer to | of Shared CGN (Carrier Grade NAT) Address Space. Please refer to | |||
| [bdgks-arin-shared-transition-space] and [weil-shared-transition- | [weil-shared-transition-space-request] for details. The purpose of | |||
| space-request] for details. The purpose of Shared CGN Address Space | Shared CGN Address Space is to number CPE (Customer Premise | |||
| is to number CPE (Customer Premise Equipment) interfaces that connect | Equipment) interfaces that connect to CGN devices. As explained in | |||
| to CGN devices. As explained in [weil-shared-transition-space- | [weil-shared-transition-space-request], RFC1918 addressing has issues | |||
| request], RFC1918 addressing has issues when used in this deployment | when used in this deployment scenario. | |||
| scenario. | ||||
| 6. Interactions with edge anti-spoofing techniques | 6. Interactions with edge anti-spoofing techniques | |||
| Denial of service attacks and distributed denial of attacks can make | Denial of service attacks and distributed denial of attacks can make | |||
| use of spoofed source IP addresses in an attempt to obfuscate the | use of spoofed source IP addresses in an attempt to obfuscate the | |||
| source of an attack. RFC2827 (Network Ingress Filtering) strongly | source of an attack. RFC2827 (Network Ingress Filtering) strongly | |||
| recommends that providers of Internet connectivity implement | recommends that providers of Internet connectivity implement | |||
| filtering to prevent packets using source addresses outside of their | filtering to prevent packets using source addresses outside of their | |||
| legitimately assigned and advertised prefix ranges. Such filtering | legitimately assigned and advertised prefix ranges. Such filtering | |||
| should also prevent packets with private source addresses from | should also prevent packets with private source addresses from | |||
| skipping to change at page 14, line 35 | skipping to change at page 14, line 35 | |||
| [RFC3021] Retana, A., White, R., Fuller, V., and D. McPherson, | [RFC3021] Retana, A., White, R., Fuller, V., and D. McPherson, | |||
| "Using 31-Bit Prefixes on IPv4 Point-to-Point Links", | "Using 31-Bit Prefixes on IPv4 Point-to-Point Links", | |||
| December 2000. | December 2000. | |||
| [RFC6304] Abley, J. and W. Maton, "AS112 Nameserver Operations", | [RFC6304] Abley, J. and W. Maton, "AS112 Nameserver Operations", | |||
| July 2011. | July 2011. | |||
| [RFC792] Postel, J., "RFC792 Internet Control Message Protocol", | [RFC792] Postel, J., "RFC792 Internet Control Message Protocol", | |||
| September 1981. | September 1981. | |||
| [bdgks-arin-shared-transition-space] | ||||
| Barber, S., Delong, O., Grundemann, C., Kuarsingh, V., and | ||||
| B. Schliesser, "ARIN Draft Policy 2011-5: Shared | ||||
| Transition Space". | ||||
| [weil-shared-transition-space-request] | [weil-shared-transition-space-request] | |||
| Weil, J., Kuarsingh, V., Donley, C., Liljenstolpe, C., and | Weil, J., Kuarsingh, V., Donley, C., Liljenstolpe, C., and | |||
| M. Azinger, "IANA Reserved IPv4 Prefix for Shared CGN | M. Azinger, "IANA Reserved IPv4 Prefix for Shared CGN | |||
| Space". | Space". | |||
| Appendix A. Acknowledgments | Appendix A. Acknowledgments | |||
| The author would like to thank the following people for their input | The author would like to thank the following people for their input | |||
| and review - Dan Wing (Cisco Systems), Roland Dobbins (Arbor | and review - Dan Wing (Cisco Systems), Roland Dobbins (Arbor | |||
| Networks), Philip Smith (APNIC), Barry Greene (ISC), Anton Ivanov | Networks), Philip Smith (APNIC), Barry Greene (ISC), Anton Ivanov | |||
| skipping to change at page 15, line 22 | skipping to change at page 15, line 18 | |||
| Index | Index | |||
| H | H | |||
| http://tools.ietf.org/html/draft-ietf-dnsop-as112-ops-08 11 | http://tools.ietf.org/html/draft-ietf-dnsop-as112-ops-08 11 | |||
| http://tools.ietf.org/html/rfc2827 5 | http://tools.ietf.org/html/rfc2827 5 | |||
| Author's Address | Author's Address | |||
| Anthony Kirkham | Anthony Kirkham | |||
| Palo Alto Networks | Palo Alto Networks | |||
| Level 32, 100 Miller St | Level 32, 101 Miller St | |||
| North Sydney, New South Wales 2060 | North Sydney, New South Wales 2060 | |||
| Australia | Australia | |||
| Phone: +61 7 33530902 | Phone: +61 7 33530902 | |||
| Email: tkirkham@paloaltonetworks.com | Email: tkirkham@paloaltonetworks.com | |||
| End of changes. 7 change blocks. | ||||
| 16 lines changed or deleted | 10 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||