[lug] Perl 101

rise rise at knavery.net
Fri Apr 19 13:44:10 MDT 2002 

On Fri, 19 Apr 2002, John Hernandez wrote:

> This is probably a nitpick, but that's not precisely true.  They are
> actually as "routable" as other addresses.

To be pedantic, the RFC specifies:

   Because private addresses have no global meaning, routing
   information about private networks shall not be propagated on
   inter-enterprise links, and packets with private source or
   destination addresses should not be forwarded across such
   links. Routers in networks not using private address space,
   especially those of Internet service providers, are expected to be
   configured to reject (filter out) routing information about private
   networks. If such a router receives such information the rejection
   shall not be treated as a routing protocol error.

They're often called "non-routable" because routing across the
Internet is the primary interesting case and "globally non-routable"
costs a whole word slot in conversation (oh, horror of horrors).  Yes,
you can use them within a single enterprise and route them to your
heart's content, but you can't get them routed across the Internet
which I'd call a significant decrease in routability.

I'd rather people learn the approximation that they're not routable
since if they learn enough about routing to not be a danger to the
rest of the net they should be able to figure out the full situation.
There are enough RFC1918 routes announced to the Internet and hurriedly
withdrawn that I'd say the point isn't getting across.

> It's perhaps better to say that RFC1918 addresses should not be
> allowed (or expected) to propagate beyond your autonomous system
> (onto the Internet).  In other words, they should not be allowed to
> penetrate your AS border.

I thought of that phrasing, but AS != enterprise.  There are quite a
few multi-AS enterprises that could legitimately use 1918 space across
their internal AS boundaries.  On that same front, not propagating
route announcements for them isn't a recommended practice, it's a
requirement.  In more modern IETF terminology it's a MUST NOT not a
SHOULD NOT.

> Also, I think the original poster mentioned that command line pings to
> that address work fine, so his problem is likely in the code somewhere.

I'd be more inclined to guess firewalling that dislikes some
particular of Net::Ping's ICMP packets - he does note that he sees
activity lights for the pings and that code works for me with every
pingable IP I've tried (including setting up 192.168.1.108 on one of
my local interfaces).  The best way is probably to slap something
user-friendly like ipgrab on the interface and compare a command-line
ping with one from Net::Ping.  This kind of stuff is why Paul Barry's
perl networking book starts by building a packet sniffer for debugging
(well, that and it's fun).

-- 
Jonathan Conway						      rise at knavery.net
history is paling & my surge protection failed, & so I FRIED
						- Concrete Blonde, "Fried"

More information about the LUG mailing list