[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RFC 1918 -- was: Re: [K12OSN] Gconfd trouble on new install



On Wed, Jun 12, 2002 at 11:52:45AM -0400, R P Herrold wrote:
> On Wed, 12 Jun 2002 jam McQuil com wrote:

> > As for the 'NON-ROUTABLE', all of these addresses are fully
> > routable.  The real issue is that the 10.0.0.0 and the 192.168.0.0
> > networks are "PRIVATE".  that is, they will NEVER be allocated
> > to anybody, so they won't end up in the core routers on the
> > internet, therefore, those packets won't get routed on the
> > internet.

> Don't overstate the case.  RFC 1918 _suggests_ behavior which 
> an RFC compliant and suggested behaviour following sysadmin 
> will follow.  Only IANA will NEVER allocate them publicly.

>    http://www.isi.edu/in-notes/rfc1918.txt

> It is not at all uncommon to find 'leaks' at the borders by 
> RFC ignorant administrators.  

Where RFC1918 numbers are routed, it is only by the mutual agreement of
(or mutual misconfiguration by ;) the administrators of the networks
involved.  Such mutual agreements do not exist among any of the tier-1
Internet providers, or even usually between the tier-1's and the tier-2's.
I work for a tier-2 ISP that uses RFC1918 numbers liberally, and has
customers that also use them liberally; but neither our upstream provider
nor our customers can see our RFC1918 networks (by virtue of firewalls
rather than lack of routes), and no one else can see our customers'
private networks, either.

> Similarly, the converse case is true as well;  good practice
> it to conserve IP space, and to use only whan one 'owns'; the
> penalty is mysterious routing errors and a need to do custom
> routing.  I often see private internal networks which choose
> to use IP ranges which are externally assigned to some one
> else.  They still use it in their internal network.  I have
> sanitized some other details.

One large company that drives us batty in this regard is John Deere -- not
because John Deere uses IPs that don't belong to them, but because many of
the IPs that DO belong to them are distributed out to other companies in
the area that have connections to them.  So many of our customers end up
using public IPs on their private networks, and need to have them NATted
to go out to the Internet, because John Deere does NOT provide them with
Internet access to go with those IPs... :)

Steve Langasek
postmodern programmer





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]