Private use of non-RFC1918 IP space

D'Arcy J.M. Cain darcy at druid.net
Mon Feb 2 12:42:05 CST 2009


On Mon, 2 Feb 2009 18:50:49 +0100
Chris Meidinger <cmeidinger at sendmail.com> wrote:
> On 02.02.2009, at 18:38, Valdis.Kletnieks at vt.edu wrote:
> >>>> What reason could you possibly have to use non RFC 1918 space on a
> >>>> closed network?  It's very bad practice - unfortunately I do see  

Of course, this is a different question.  the discussion started over
people using randomly selected non RFC 1918 space.  Using your own
public IP block in a closed network is another issue.  I see no
operational issue there.  There is the social issue of using up scarce
resources of course.

> Also to avoid being required to NAT at all. Security benefits IMHO  
> from using RFC1918 space in a corporate network - you have an  
> automatic requirement that there must be a NAT rule somewhere in order  
> for a duplex connection to happen. However, in a more open environment  
> like a university or a laboratory, there may be no reason to require  
> all connections to be proxied/translated etc.

In which case you are using properly assigned IP space.

> This is a bit off-topic, but I thought I'd mention that this is one  
> reason I recommend use of the 172.16/12 block to people building or  
> renumbering enterprise networks. Most people seem to use 10/8 in large  
> organizations and 192.168/16 in smaller ones, so it raises your  
> chances of not having to get into heavy natting down the road. My  
> theory on this is that most people who don't deal with CIDR on a daily  
> basis find the /12 netmask a bit confusing and just avoid the block at  
> all.

My office is small so I just grabbed 192.168.250.0/24.  The 250 was
taken from the office address.  It was a level of randomness that made
conflict with future VPN arrangements less likely.  Not impossible, of
course.

-- 
D'Arcy J.M. Cain <darcy at druid.net>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.




More information about the NANOG mailing list