On Mon, 2 Feb 2009 18:50:49 +0100 Chris Meidinger <cmeidin...@sendmail.com> wrote: > On 02.02.2009, at 18:38, valdis.kletni...@vt.edu wrote: > >>>> What reason could you possibly have to use non RFC 1918 space on a > >>>> closed network? It's very bad practice - unfortunately I do see
Of course, this is a different question. the discussion started over people using randomly selected non RFC 1918 space. Using your own public IP block in a closed network is another issue. I see no operational issue there. There is the social issue of using up scarce resources of course. > Also to avoid being required to NAT at all. Security benefits IMHO > from using RFC1918 space in a corporate network - you have an > automatic requirement that there must be a NAT rule somewhere in order > for a duplex connection to happen. However, in a more open environment > like a university or a laboratory, there may be no reason to require > all connections to be proxied/translated etc. In which case you are using properly assigned IP space. > This is a bit off-topic, but I thought I'd mention that this is one > reason I recommend use of the 172.16/12 block to people building or > renumbering enterprise networks. Most people seem to use 10/8 in large > organizations and 192.168/16 in smaller ones, so it raises your > chances of not having to get into heavy natting down the road. My > theory on this is that most people who don't deal with CIDR on a daily > basis find the /12 netmask a bit confusing and just avoid the block at > all. My office is small so I just grabbed 192.168.250.0/24. The 250 was taken from the office address. It was a level of randomness that made conflict with future VPN arrangements less likely. Not impossible, of course. -- D'Arcy J.M. Cain <da...@druid.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
