Educause Security Discussion mailing list archives

Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide?

From: Jeff Kell <jeff-kell () UTC EDU>
Date: Mon, 30 Apr 2007 10:45:59 -0400

Buz Dale wrote:

Maybe instead of using the whole 10.0.0.0 you only route the smaller
class "c"s that are assigned.  Then you could drop anything to or from
the address ranges that aren't assigned.


Precisely.  Install a lowest-priority static null route to 10.0.0.0/8 at your core.  Actual live, legitimately 
advertised subnets will override the null.  Rogues go in the bit bucket.

Jeff

Current thread:

Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Buz Dale (Apr 30)
- <Possible follow-ups>
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Clifford Collins (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Jeff Kell (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Glenn Forbes Fleming Larratt (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Jeff Kell (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Valdis Kletnieks (May 01)