Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] Blocking RFC1918 from connectors: It's happening!

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] Blocking RFC1918 from connectors: It's happening!


Chronological Thread 
  • From: Adair Thaxton <>
  • To: "" <>
  • Subject: Re: [Security-WG] Blocking RFC1918 from connectors: It's happening!
  • Date: Fri, 10 May 2019 19:45:01 +0000

Brian Pullin's answer:

The INTERFACE-CONNECTORS are direct connected interfaces and that is the
only thing I was made aware of by Nathan. We can approach peering but it
will be difficult in I2PX(TRCPS). In R&E the peers are mostly controlled
by access list (prefix list) and we do not allow the RFC1918 in to the
prefix list. They would still be able to send RFC1918 packets but not
advertise the address.

This is something we can spend more time on after we fix the connectors.



On 5/10/19 2:43 PM, Michael H Lambert wrote:
>> On 10 May 2019, at 14:15, Adair Thaxton <> wrote:
>>
>> Internet2 will be implementing the new INTERFACE-CONNECTOR filter to
>> block RFC1918 packets being sent via connectors.
>
> Will these filters also be applied to peer interfaces once they are deemed
> stable on connector interfaces?
>
> Michael
>
>



Archive powered by MHonArc 2.6.19.

Top of Page