nanog mailing list archives
Re: Private use of non-RFC1918 IP space
From: Chris Meidinger <cmeidinger () sendmail com>
Date: Mon, 2 Feb 2009 18:50:49 +0100
On 02.02.2009, at 18:38, Valdis.Kletnieks () vt edu wrote:
On Mon, 02 Feb 2009 12:20:25 EST, "D'Arcy J.M. Cain" said:On Mon, 02 Feb 2009 18:03:57 +0100 (CET) sthaug () nethelp no wrote:What reason could you possibly have to use non RFC 1918 space on aclosed network? It's very bad practice - unfortunately I do see it donesometimes....There are sometimes good reasons to do this, for instance to ensure uniqueness in the face of mergers and acquisitions.
Also to avoid being required to NAT at all. Security benefits IMHO from using RFC1918 space in a corporate network - you have an automatic requirement that there must be a NAT rule somewhere in order for a duplex connection to happen. However, in a more open environment like a university or a laboratory, there may be no reason to require all connections to be proxied/translated etc.
How does that help? If you are renumbering due to a merger, couldn't you just agree on separate private space just as easily?They don't renumber, they end up just double-NAT or triple-NAT betweem themerged units. I think one poor soul posted here that they had quintuple-NAT'ing going on due to a long string of mergers....
This is a bit off-topic, but I thought I'd mention that this is one reason I recommend use of the 172.16/12 block to people building or renumbering enterprise networks. Most people seem to use 10/8 in large organizations and 192.168/16 in smaller ones, so it raises your chances of not having to get into heavy natting down the road. My theory on this is that most people who don't deal with CIDR on a daily basis find the /12 netmask a bit confusing and just avoid the block at all.
Cheers, Chris
Current thread:
- Private use of non-RFC1918 IP space Trey Darley (Feb 02)
- Re: Private use of non-RFC1918 IP space Suresh Ramasubramanian (Feb 02)
- RE: Private use of non-RFC1918 IP space Paul Stewart (Feb 02)
- Re: Private use of non-RFC1918 IP space sthaug (Feb 02)
- Re: Re: Private use of non-RFC1918 IP space mikelieman (Feb 02)
- RE: Re: Private use of non-RFC1918 IP space Matlock, Kenneth L (Feb 02)
- Re: Private use of non-RFC1918 IP space Colin Alston (Feb 02)
- Re: Private use of non-RFC1918 IP space Chuck Anderson (Feb 02)
- Re: Private use of non-RFC1918 IP space sthaug (Feb 02)
- Re: Private use of non-RFC1918 IP space D'Arcy J.M. Cain (Feb 02)
- Re: Private use of non-RFC1918 IP space Valdis . Kletnieks (Feb 02)
- Re: Private use of non-RFC1918 IP space Chris Meidinger (Feb 02)
- Re: Private use of non-RFC1918 IP space D'Arcy J.M. Cain (Feb 02)
- Re: Private use of non-RFC1918 IP space sthaug (Feb 02)
- Re: Private use of non-RFC1918 IP space D'Arcy J.M. Cain (Feb 02)
- Re: Private use of non-RFC1918 IP space sthaug (Feb 02)
- Re: Private use of non-RFC1918 IP space Andre Sencioles Vitorio Oliveira (Feb 02)
- Re: Private use of non-RFC1918 IP space Tico (Feb 02)
- Re: Private use of non-RFC1918 IP space Måns Nilsson (Feb 02)
- Re: Private use of non-RFC1918 IP space D'Arcy J.M. Cain (Feb 02)
- Re: Private use of non-RFC1918 IP space sthaug (Feb 02)
- RE: Private use of non-RFC1918 IP space Matlock, Kenneth L (Feb 02)