Someones being naughty again...

Marc Slemko marcs at znep.com
Sat Mar 14 07:36:10 UTC 1998


On Sat, 14 Mar 1998, Blake Willis wrote:

> IMHO, the decision to use private IP space for hosts/routers/interfaces in
> a network is really a matter of necessity or security.  I am familiar with
> a few corporate networks with nationwide WANs (as well as a major ISP or
> two) that use 10.0.0.0/8 and other private networks for all their backbone
> equipment, simply because they lack the public address space to do
> otherwise.  Others do it for the very reason that their equipment is
> unreachable from the outside world.  Whatever the reason, as long as you
> keep it within your own AS and don't announce or listen to it from
> anywhere else, there is nothing wrong with setting a network up this way.

No.  The assumption that life is as simple as that is the biggest
problem with most uses of private IP space.

It _does_ break things if not done with very careful attention.  Most of
the people using it have no clue about how it can break things and are
bewildered when it is explained to them.

For example?  A router with one ATM interface going to the world with a
high MTU with an ethernet on the other side.  Say you use private IP space
for links on that router.  Say someone on the Internet filters traffic
from private netblocks; lots of people do.  There _can_ be machines that
are completely unable to transfer data (eg. download a web page) from
another because you just broken path MTU discovery.  This is not a made up
situation, this is a real example that I have had to deal with of how
using private IP space for
network interfaces used for public traffic does break things in some
situations.

Now, you can avoid this problem by being careful to ensure that there is
no MTU change on any router using private address space for the relevant
interface, or that all systems downstream of it don't have a MTU larger
than the MTU on the low MTU interface, etc.  But that is just hacks to get
around the basic problem; while they may be acceptable in your situation,
and I am not trying to claim it is never appropriate, most people that I
have seen with problems like this never had a chance to decide that
because they don't have the faintest understanding of issues like this. 




More information about the NANOG mailing list