Re: DoD IP Space

[Eric Kuhnke <eric.kuhnke () gmail com>]

Organizations that I have seen doing as you describe, because they ran out
of RFC1918 IP space, are also often using their existing private IP space
wastefully in the first place. Rather than using DoD /8s internally, if
they absolutely need to support v4-only equipment on their internal
management networks, they might be better served by considering that maybe
every POP doesn't need its own /24.

I'm talking about things I've seen where all of the management/monitoring
IPs of the equipment at a site might fit very comfortably in a v4 /27. But
that would be a labor intensive IP space and management address auditing
process of renumbering things, fixing internal DNS and rDNS, and updating
any myriad of things that might have the direct IP addresses of stuff
hardcoded into configuration files.

Rather than doing all of the above, they simply go "hey here's a /8 that's
highly unlikely our management network will ever need to talk to it in a
global routing table", and continue on with their /24 plan per tiny POP.



On Wed, Jan 20, 2021 at 8:38 AM Dorn Hetzel <dorn () hetzel org> wrote:

> I am aware of some companies that have used parts of a DoD /8 internally
> to address devices in the field that are too old to ever support IPV6.
> Those devices also never interact with the public internet, and never will,
> so for them, I guess the only risk would be that some other internal system
> that wants to talk to those devices would not also be able to talk to any
> endpoint on the public internet that wound up using space allocated from
> that block, some time in the future.  Is that about right or am I missing
> some key failure point?
>
> On Wed, Jan 20, 2021 at 9:59 AM j k <jsklein () gmail com> wrote:
>
> > My question becomes, what level of risk are these companies taking on by
> > using the DoD ranges on their internal networks? And have they
> > quantified the costs of this outage against moving to IPv6?
> >
> > Joe Klein
> >
> > "inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene
> > 1)
> > "*I skate to where the puck is going to be, not to where it has been."
> > -- *Wayne Gretzky
> > "I never lose. I either win or learn" - Nelson Mandela
> >
> >
> > On Wed, Jan 20, 2021 at 9:06 AM John Curran <jcurran () istaff org> wrote:
> >
> > > Indeed.
> > > /John
> > >
> > > > On Jan 20, 2021, at 8:47 AM, Cynthia Revström <me () cynthia re> wrote:
> > > >
> > > > But if you do this, make sure you keep track of where you might have
> > > put policies like this in, in case the DoD sells some the space or whatever
> > > in the future.