North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Someones being naughty again...

  • From: Blake Willis
  • Date: Sun Mar 15 12:07:03 1998

IMHO, the decision to use private IP space for hosts/routers/interfaces in
a network is really a matter of necessity or security.  I am familiar with
a few corporate networks with nationwide WANs (as well as a major ISP or
two) that use and other private networks for all their backbone
equipment, simply because they lack the public address space to do
otherwise.  Others do it for the very reason that their equipment is
unreachable from the outside world.  Whatever the reason, as long as you
keep it within your own AS and don't announce or listen to it from
anywhere else, there is nothing wrong with setting a network up this way.
That was the whole point of 1918.  The RFC was published because large
chunks of public address space were being allocated to networks that
weren't connected to the internet (case in point:  one of our federal
customers has a /14, a /15, and a /16 in class B space, and has had them
for several years.  We just added them to the RA and started announcing
them last month.  There were several interesting reactions around here
when people noticed the RADIUS entry for his <modem> connection with those
netmasks!) Of course, if your company gets bought by another company that
also uses private space, you're going to have to invest in some shiny new
hardware that can do NAT between your two networks when it comes time to

Blake Willis
Network Engineer, New Customers				[email protected]
CAIS Internet, a CGX Communications Company

On Fri, 13 Mar 1998, Marc Slemko wrote:

> On Fri, 13 Mar 1998, Pat Darisme wrote:
> > 
> > I don't see a problem here ?
> Not unless you have a larger MTU on the "outside" interface than
> the "inside" interface, then you lose bigtime.
> I would check to see if this is the case in this situation, but
> those addresses don't come into my network so I can't.
> Offhand, I can't think of any other problems but I really discourage
> people from using internal address space for this purpose because it:
> 	- breaks stuff like path MTU discovery, etc. when filtered.
> 	- prevents easy identification of links, whose they are, etc.
> 	  because you can't have reverse DNS and the addresses don't
> 	  belong to you.
> 	- causes confusion when multiple networks that are using such
> 	  addresses are merged or interconnected in the wrong (right)
> 	  way.
> I like the idea behind why you would do it, but... can't justify it.