Test Route

Robert E. Seastrom rs at ss1.digex.net
Tue Jan 31 14:46:07 UTC 1995


> From: David R Conrad <davidc at iij.ad.jp> 
>  
> Yeah, there are 2^32 bits of address space, after all. 

There are?  I always thought there were 32 bits of address space, not 2^32, 
and the code that I wrote even worked...  :)

> >After all, if we all do our jobs right, maybe someday we can make 
> >the firewalls go away.... 
>  
> If we all do our jobs right, it won't matter if someone uses 1597 
> space.  Firewalls will never go away -- they're too useful. 

Firewalls are a kludge; they're necessitated only by the lack of strong 
authentication in the stack.  I daresay that if the current level of threat 
continues to escalate (to quote a friend, "it's a bad neighborhood out 
there"), I foresee that the need for Joe Everyman to run a firewall will 
diminish or disappear, and sooner - not later.

Now, I won't dispute that there will be some places where either because of 
legacy systems in house or paranoia they continue to run a firewall.  But the 
95% solution will be in place, and if they previously chose to use 1597-style 
addresses, the 95% of the world who decided they didn't need firewalls 
anymore because of strong authentication will be forced to renumber.

I am more than willing to admit that 1597 has its uses, and people who find 
rfcs 1597 and 1627 on their own, read them, and figure out whether they want 
to bear the risks and consequences should feel free to use the addresses.
That *doesn't* mean, however, that it should be promoted or upgraded from 
"informational" to "recommended", and I no longer recommend it to "casual" IP 
users.

The concept of globally unique addressing is simply far too powerful and far 
too useful for us to summarily and without further thought assert that 
firewalls are a fact of life that will be with us forever.

							---Rob






More information about the NANOG mailing list