North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: RFC1918 addresses to permit in for VPN?
> Your points are valid, but when did we begin discussing NATs in this thread? From: Randy Bush <[email protected]> To: "Deron J. Ringen" <[email protected]> Cc: "Simon Lyall" <[email protected]>, <[email protected]> Subject: RE: RFC1918 addresses to permit in for VPN? Date: Sun, 31 Dec 2000 11:29:20 -0800 > That makes perfect sense to me...there is not a better way to protect > a box from a DOS/hack than to only give it a private address. this is a common fantasy. changing the its license place does not change the vulnerability of your car to an accident. randy i figured that "protect a box from a DOS attack than to give it a private address" was natted. but you're right, my assumption could have been incorrect. apologies. > I thought that this was another discussion about using RFC 1918 address > space on publicly visible interfaces. we seem to have taken a couple of derived threads from that. and i have trouble staying polite about that disease. it seems to usually start with two delusions: o the inter-router links will take a lot of space, which /30s (and soon /31s) do not. o they are 'inside' the network so will not affect outsiders. i.e. section 3 of 1918 clearly states Because private addresses have no global meaning, routing information about private networks shall not be propagated on inter-enterprise links, and packets with private source or destination addresses should not be forwarded across such links. so any isp which lets the outside world see a packet with a source in 1918 space is in direct violation of 1918. > People are afraid, without reason, of ARIN and the other RIRs i would not say without reason. we have an entire sub-department to deal with address space acquition and assignment. the small new isp may find the process daunting, and the traditional attitude of some rirs has not always been customer friendly (this is changing at last). randy