Incompetance abounds at the InterNIC

Phil Howard phil at
Wed Jan 20 19:20:33 UTC 1999

Adam D. McKenna wrote:

> :This "communication" you speak of will involve probably thousands of
> :companies when you consider the whole range of all of them that
> interconnect
> :(even though they don't interroute).  Any one of them that already has an
> :established addressing _MAY_ end up connecting to any other of them that
> :already has established addressing.  That means this "communication" has
> :to basically implement an entire allocation structure.  And every business
> :that is not even yet connected would have to be sure their use of RFC1918
> :space conforms to this allocation structure.
> You don't sound very sure of your arguments.  To which thousand companies
> are you referring?

Maybe it's my American accent that makes me sound that way?

I don't need to know the thousands of companies by name.  I do know that
one of my customers simply had no choice but to use real external addresses
because of the requirements of the companies they connect to.  I do know
that two major automobile companies are involved, as well as several
large corporations they do construction work for.  In addition, there
are over a hundred sub-contracting companies they connect to.

> :Basically, it's like saying, RFC1918 space will no longer be private
> :address space that can be used on a whim, but instead will now be allocated
> :by yet another entity.
> Usage of RFC1918 space shouldn't be determined by "whims", it should be
> planned just like anything else at a company is planned, and it should be
> accounted for.

In a big company, certainly.  In my previous job, that was my role.

In a real small company, "planned and accounted for" == "whim".

But the issue with RFC1918 is whether or not a company should be able to use
those RFC1918 addresses internally, and in such a way that will not conflict
with the external connections they have to other companies.  This is something
that RFCs have failed to address and I don't think they ever can.  But I could
be proven wrong by one that does whenever someone works out a solution to the
problem.  Of course at this late date, such a solution would not see the light
of deployment for a long time thereafter (which is the same problem that keeps
NAT from being there now, though it is slowing going into place).

> There was a discussion of low-priced high-capacity NAT solutions a few
> months ago on NANOG, I'm sure if you look in the archives you will find it.

Were they there 4 years ago when the approach now in place was initially
decided on?  NAT is being deployed, but business does not just go changing
things that currently work, so it usually goes into new remote offices and
new subnets.

> :Yes, if you were starting this kind of thing today, NAT would probably be
> :the better way to go.  But as well all know, business does not just go
> around
> :spending money to revamp what is currently working fine.
> That's fine.  As long as they don't mind spending time and money renumbering
> their entire network once it gets connected to the internet.

That's my point.  With real addresses, it addressed the issues of having to
renumber when new business interconnections were made, or when any of them
decided to get on the Internet.  NAT was not viable then, as it is today.

NAT didn't make it to the sudden growth party, unfortunately.  In fact I still
have cases of customers we initially put on NAT only to find too many problems
and end up giving them a /28 or something which makes things work just fine.
I suspect the Ascend Pipeline NAT is buggy, but I just don't have the time to
diagnose it.  It costs less to number them on a real address block than to
deal with wanna-be-techies on phone tech support.

> :And further, that also makes 10/8 unavailable for actual internal uses for
> :which RFC1918 was intended.  And since many such companies already do have
> :RFC1918 in use for the intended purposes, this isn't the space that can be
> :just simply moved in to.
> RFC1918 is entitled "Address allocation for private internets".  I think it
> describes exactly what you are talking about.

Nope.  It completely misses.

There are TWO separate concepts here:

1.  Private internal networks that do not go outside of a given company.

2.  External networks that connect between companies, and have at least some
    addresses (NAT would help keep these to a minimum) that other companies
    (not necessarily all of them but you never know) need to see UNIQUELY.

#1 is what RFC1918 is for, and #2 is the case where RFC1918 won't work and
real addresses (or some other solution) is needed.  If you do try to use
RFC1918 for #2, then you break it for #1 ... or rather, those businesses
that do use RFC1918 for #1 cannot use it for #2.

> :Dream on.
> :
> :You have to include _EVERY_ company that might ever do this.
> Not really.  Companies do not usually route their entire corporate network
> to each other.  When one company wants to connect to another, all they need
> to do is come up with one or two common subnets that neither company is
> using at that particular time, and only route between those IP's.  That way,
> it doesn't matter to company A what company G which is two "corporate hops"
> away is doing.

No, but they have to route enough of it.  NAT would help today but it was
not available when this common practice went into place.  But it is gradually
coming into place.  It won't make a sudden entrance because that is not how
business works.

Company A and company G will matter to the company inbetween those two hops.
That middle company (company C) wants company A and company G to have
different addresses.  That's easy if there are just 3 such companies.
Now when company A connects to company X and company G connects to company
Y the problem grows exponentially.  Eventually ... and soon ... it gets to
the point you just need a central address space allocation administration
for all of it.  That's where the use of real addreses took hold a few years
ago.  If that were just starting today, then definitely NAT would be the
big thing to go with to keep the space usage small.  But some of the issues
would stil exist even with NAT, such as a central administration of the
addresses of all the routers and firewall boxes so that no two firewalls
have the same address.  You still can't take RFC1918 for that because it
still breaks RFC1918's intent which is for internal networks that need to
be directly addressable at the firewall which also needs to see unique
external nets, too.

 --    *-----------------------------*      Phil Howard KA9WGN       *    --
  --   | Inturnet, Inc.              | Director of Internet Services |   --
   --  | Business Internet Solutions |       eng at        |  --
    -- *-----------------------------*      phil at        * --

More information about the NANOG mailing list