|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Someones being naughty again...
IMHO, the decision to use private IP space for hosts/routers/interfaces in a network is really a matter of necessity or security. I am familiar with a few corporate networks with nationwide WANs (as well as a major ISP or two) that use 10.0.0.0/8 and other private networks for all their backbone equipment, simply because they lack the public address space to do otherwise. Others do it for the very reason that their equipment is unreachable from the outside world. Whatever the reason, as long as you keep it within your own AS and don't announce or listen to it from anywhere else, there is nothing wrong with setting a network up this way. That was the whole point of 1918. The RFC was published because large chunks of public address space were being allocated to networks that weren't connected to the internet (case in point: one of our federal customers has a /14, a /15, and a /16 in class B space, and has had them for several years. We just added them to the RA and started announcing them last month. There were several interesting reactions around here when people noticed the RADIUS entry for his <modem> connection with those netmasks!) Of course, if your company gets bought by another company that also uses private space, you're going to have to invest in some shiny new hardware that can do NAT between your two networks when it comes time to merge..... --------------------------------------------------------------------------- Blake Willis Network Engineer, New Customers [email protected] CAIS Internet, a CGX Communications Company --------------------------------------------------------------------------- On Fri, 13 Mar 1998, Marc Slemko wrote: > On Fri, 13 Mar 1998, Pat Darisme wrote: > > > > > I don't see a problem here ? > > Not unless you have a larger MTU on the "outside" interface than > the "inside" interface, then you lose bigtime. > > I would check to see if this is the case in this situation, but > those addresses don't come into my network so I can't. > > Offhand, I can't think of any other problems but I really discourage > people from using internal address space for this purpose because it: > > - breaks stuff like path MTU discovery, etc. when filtered. > - prevents easy identification of links, whose they are, etc. > because you can't have reverse DNS and the addresses don't > belong to you. > - causes confusion when multiple networks that are using such > addresses are merged or interconnected in the wrong (right) > way. > > I like the idea behind why you would do it, but... can't justify it. > >
|