Wisdom of using 100.64/10 (RFC6598) space in an Amazon VPC deployment

• Previous message (by thread): Wisdom of using 100.64/10 (RFC6598) space in an Amazon VPC deployment
• Next message (by thread): Wisdom of using 100.64/10 (RFC6598) space in an Amazon VPC deployment
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 23, 2015 at 9:02 AM, Eric Germann <ekgermann at cctec.com> wrote:

> In spitballing, the boat hasn’t sailed too far to say “Why not use 100.64/10 in the VPC?”

Read RFC6598.
If you can assure the conditions are met that are listed in.... 4.
Use of Shared CGN Space..

Then usage of the 100.64/10  shared space may be applicable,  under
other conditions it may be risky;   the proper usage of IP addresses
is in accordance with the standards or by the registrant under the
right assignment agreements.

If you are just needing space to squat on regardless of the
standardized usage,  then you might do anything you want ---  you may
as well use 25/8  or  11.0.0.0/8  internally,   after taking steps to
ensure you will not be leaking Reverse DNS queries, routes,  or
anything like that,  this space is larger than a /10 and would provide
more expansion flexibility.


> Then, the customer would be allocated a /28 or larger (depending on needs) to NAT on their side and NAT it once.  After that, no more NAT for the VPC and it boils down to firewall rules.  Their device needs to NAT outbound before it fires it down the tunnel which pfSense and ASA’s appear to be able to do.
>

--
-JH

• Previous message (by thread): Wisdom of using 100.64/10 (RFC6598) space in an Amazon VPC deployment
• Next message (by thread): Wisdom of using 100.64/10 (RFC6598) space in an Amazon VPC deployment
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]