Re: DoD IP Space

[Dorn Hetzel <dorn () hetzel org>]

Yeah, definitely talking about use that is deep behind multiple layers of
firewalls, or maybe even air-gapped with respect to routable protocols.  I
won't say what sort of industry runs large piles of ancient gear, but you
could probably guess...

On Wed, Jan 20, 2021 at 10:13 AM Brandon Martin <lists.nanog () monmotha net>
wrote:

> On 1/20/21 9:58 AM, j k wrote:
> > My question becomes, what level of risk are these companies taking on by
> > using the DoD ranges on their internal networks? And have they
> > quantified the costs of this outage against moving to IPv6?
>
> Honestly I can't think of much unless maybe they're a defense contractor
> that would potentially end up with DoD ranges (non-isolated/classified
> networks) in their view of the global routing table.  Appropriately
> treating it like "my networks" and/or RFC1918 in your routing policies
> (not exporting it, not accepting routes for it, etc.) would be required
> to properly ensure network stability of course.
>
> Some OSes treat RFC1918 space as inherently "special" (extra trusted,
> etc.) and wouldn't treat the DoD ranges as such, but those behaviors are
> typically undesirable or at least not relied on on a network of that
> scale, anyway.
>
> Not that I'd recommend it.
> --
> Brandon Martin