nanog mailing list archives
Re: Private use of non-RFC1918 IP space
From: "D'Arcy J.M. Cain" <darcy () druid net>
Date: Mon, 2 Feb 2009 13:42:05 -0500
On Mon, 2 Feb 2009 18:50:49 +0100 Chris Meidinger <cmeidinger () sendmail com> wrote:
On 02.02.2009, at 18:38, Valdis.Kletnieks () vt edu wrote:What reason could you possibly have to use non RFC 1918 space on a closed network? It's very bad practice - unfortunately I do see
Of course, this is a different question. the discussion started over people using randomly selected non RFC 1918 space. Using your own public IP block in a closed network is another issue. I see no operational issue there. There is the social issue of using up scarce resources of course.
Also to avoid being required to NAT at all. Security benefits IMHO from using RFC1918 space in a corporate network - you have an automatic requirement that there must be a NAT rule somewhere in order for a duplex connection to happen. However, in a more open environment like a university or a laboratory, there may be no reason to require all connections to be proxied/translated etc.
In which case you are using properly assigned IP space.
This is a bit off-topic, but I thought I'd mention that this is one reason I recommend use of the 172.16/12 block to people building or renumbering enterprise networks. Most people seem to use 10/8 in large organizations and 192.168/16 in smaller ones, so it raises your chances of not having to get into heavy natting down the road. My theory on this is that most people who don't deal with CIDR on a daily basis find the /12 netmask a bit confusing and just avoid the block at all.
My office is small so I just grabbed 192.168.250.0/24. The 250 was taken from the office address. It was a level of randomness that made conflict with future VPN arrangements less likely. Not impossible, of course. -- D'Arcy J.M. Cain <darcy () druid net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
Current thread:
- Re: Private use of non-RFC1918 IP space, (continued)
- Re: Private use of non-RFC1918 IP space Suresh Ramasubramanian (Feb 02)
- RE: Private use of non-RFC1918 IP space Paul Stewart (Feb 02)
- Re: Private use of non-RFC1918 IP space sthaug (Feb 02)
- Re: Re: Private use of non-RFC1918 IP space mikelieman (Feb 02)
- RE: Re: Private use of non-RFC1918 IP space Matlock, Kenneth L (Feb 02)
- Re: Private use of non-RFC1918 IP space Colin Alston (Feb 02)
- Re: Private use of non-RFC1918 IP space Chuck Anderson (Feb 02)
- Re: Private use of non-RFC1918 IP space sthaug (Feb 02)
- Re: Private use of non-RFC1918 IP space D'Arcy J.M. Cain (Feb 02)
- Re: Private use of non-RFC1918 IP space Valdis . Kletnieks (Feb 02)
- Re: Private use of non-RFC1918 IP space Chris Meidinger (Feb 02)
- Re: Private use of non-RFC1918 IP space D'Arcy J.M. Cain (Feb 02)
- Re: Private use of non-RFC1918 IP space sthaug (Feb 02)
- Re: Private use of non-RFC1918 IP space D'Arcy J.M. Cain (Feb 02)
- Re: Private use of non-RFC1918 IP space sthaug (Feb 02)
- Re: Private use of non-RFC1918 IP space Andre Sencioles Vitorio Oliveira (Feb 02)
- Re: Private use of non-RFC1918 IP space Tico (Feb 02)
- Re: Private use of non-RFC1918 IP space Måns Nilsson (Feb 02)
- Re: Private use of non-RFC1918 IP space D'Arcy J.M. Cain (Feb 02)
- Re: Private use of non-RFC1918 IP space sthaug (Feb 02)
- RE: Private use of non-RFC1918 IP space Matlock, Kenneth L (Feb 02)
- RE: Private use of non-RFC1918 IP space Paul Stewart (Feb 02)