[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Private use of non-RFC1918 IP space
On Mon, 2 Feb 2009 18:50:49 +0100
Chris Meidinger <cmeidinger at sendmail.com> wrote:
> On 02.02.2009, at 18:38, Valdis.Kletnieks at vt.edu wrote:
> >>>> What reason could you possibly have to use non RFC 1918 space on a
> >>>> closed network? It's very bad practice - unfortunately I do see
Of course, this is a different question. the discussion started over
people using randomly selected non RFC 1918 space. Using your own
public IP block in a closed network is another issue. I see no
operational issue there. There is the social issue of using up scarce
resources of course.
> Also to avoid being required to NAT at all. Security benefits IMHO
> from using RFC1918 space in a corporate network - you have an
> automatic requirement that there must be a NAT rule somewhere in order
> for a duplex connection to happen. However, in a more open environment
> like a university or a laboratory, there may be no reason to require
> all connections to be proxied/translated etc.
In which case you are using properly assigned IP space.
> This is a bit off-topic, but I thought I'd mention that this is one
> reason I recommend use of the 172.16/12 block to people building or
> renumbering enterprise networks. Most people seem to use 10/8 in large
> organizations and 192.168/16 in smaller ones, so it raises your
> chances of not having to get into heavy natting down the road. My
> theory on this is that most people who don't deal with CIDR on a daily
> basis find the /12 netmask a bit confusing and just avoid the block at
> all.
My office is small so I just grabbed 192.168.250.0/24. The 250 was
taken from the office address. It was a level of randomness that made
conflict with future VPN arrangements less likely. Not impossible, of
course.
--
D'Arcy J.M. Cain <darcy at druid.net> | Democracy is three wolves
http://www.druid.net/darcy/ | and a sheep voting on
+1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.