nanog mailing list archives

Re: Private use of non-RFC1918 IP space

From: "D'Arcy J.M. Cain" <darcy () druid net>
Date: Mon, 2 Feb 2009 13:42:05 -0500

On Mon, 2 Feb 2009 18:50:49 +0100
Chris Meidinger <cmeidinger () sendmail com> wrote:

On 02.02.2009, at 18:38, Valdis.Kletnieks () vt edu wrote:

What reason could you possibly have to use non RFC 1918 space on a
closed network?  It's very bad practice - unfortunately I do see


Of course, this is a different question.  the discussion started over
people using randomly selected non RFC 1918 space.  Using your own
public IP block in a closed network is another issue.  I see no
operational issue there.  There is the social issue of using up scarce
resources of course.

Also to avoid being required to NAT at all. Security benefits IMHO  
from using RFC1918 space in a corporate network - you have an  
automatic requirement that there must be a NAT rule somewhere in order  
for a duplex connection to happen. However, in a more open environment  
like a university or a laboratory, there may be no reason to require  
all connections to be proxied/translated etc.


In which case you are using properly assigned IP space.

This is a bit off-topic, but I thought I'd mention that this is one  
reason I recommend use of the 172.16/12 block to people building or  
renumbering enterprise networks. Most people seem to use 10/8 in large  
organizations and 192.168/16 in smaller ones, so it raises your  
chances of not having to get into heavy natting down the road. My  
theory on this is that most people who don't deal with CIDR on a daily  
basis find the /12 netmask a bit confusing and just avoid the block at  
all.


My office is small so I just grabbed 192.168.250.0/24.  The 250 was
taken from the office address.  It was a level of randomness that made
conflict with future VPN arrangements less likely.  Not impossible, of
course.

-- 
D'Arcy J.M. Cain <darcy () druid net>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.

Current thread:

Re: Private use of non-RFC1918 IP space, (continued)
- Re: Private use of non-RFC1918 IP space Suresh Ramasubramanian (Feb 02)
- RE: Private use of non-RFC1918 IP space Paul Stewart (Feb 02)
  - Re: Private use of non-RFC1918 IP space sthaug (Feb 02)
    - Re: Re: Private use of non-RFC1918 IP space mikelieman (Feb 02)
    - RE: Re: Private use of non-RFC1918 IP space Matlock, Kenneth L (Feb 02)
    - Re: Private use of non-RFC1918 IP space Colin Alston (Feb 02)
    - Re: Private use of non-RFC1918 IP space Chuck Anderson (Feb 02)
    - Re: Private use of non-RFC1918 IP space D'Arcy J.M. Cain (Feb 02)
    - Re: Private use of non-RFC1918 IP space Valdis . Kletnieks (Feb 02)
    - Re: Private use of non-RFC1918 IP space Chris Meidinger (Feb 02)
    - Re: Private use of non-RFC1918 IP space D'Arcy J.M. Cain (Feb 02)
    - Re: Private use of non-RFC1918 IP space sthaug (Feb 02)
    - Re: Private use of non-RFC1918 IP space D'Arcy J.M. Cain (Feb 02)
    - Re: Private use of non-RFC1918 IP space sthaug (Feb 02)
    - Re: Private use of non-RFC1918 IP space Andre Sencioles Vitorio Oliveira (Feb 02)
    - Re: Private use of non-RFC1918 IP space Tico (Feb 02)
    - Re: Private use of non-RFC1918 IP space Måns Nilsson (Feb 02)
    - Re: Private use of non-RFC1918 IP space D'Arcy J.M. Cain (Feb 02)
    - Re: Private use of non-RFC1918 IP space sthaug (Feb 02)
    - RE: Private use of non-RFC1918 IP space Matlock, Kenneth L (Feb 02)
    - RE: Private use of non-RFC1918 IP space Paul Stewart (Feb 02)

(Thread continues...)