nanog mailing list archives
Re: RFC1918 addresses to permit in for VPN?
From: Randy Bush <randy () psg com>
Date: Sun, 31 Dec 2000 16:01:58 -0800
Your points are valid, but when did we begin discussing NATs in this thread?
From: Randy Bush <randy () psg com> To: "Deron J. Ringen" <djr () eng bellsouth net> Cc: "Simon Lyall" <simon.lyall () ihug co nz>, <nanog () merit edu> Subject: RE: RFC1918 addresses to permit in for VPN? Date: Sun, 31 Dec 2000 11:29:20 -0800 > That makes perfect sense to me...there is not a better way to protect > a box from a DOS/hack than to only give it a private address. this is a common fantasy. changing the its license place does not change the vulnerability of your car to an accident. randy i figured that "protect a box from a DOS attack than to give it a private address" was natted. but you're right, my assumption could have been incorrect. apologies.
I thought that this was another discussion about using RFC 1918 address space on publicly visible interfaces.
we seem to have taken a couple of derived threads from that. and i have trouble staying polite about that disease. it seems to usually start with two delusions: o the inter-router links will take a lot of space, which /30s (and soon /31s) do not. o they are 'inside' the network so will not affect outsiders. i.e. section 3 of 1918 clearly states Because private addresses have no global meaning, routing information about private networks shall not be propagated on inter-enterprise links, and packets with private source or destination addresses should not be forwarded across such links. so any isp which lets the outside world see a packet with a source in 1918 space is in direct violation of 1918.
People are afraid, without reason, of ARIN and the other RIRs
i would not say without reason. we have an entire sub-department to deal with address space acquition and assignment. the small new isp may find the process daunting, and the traditional attitude of some rirs has not always been customer friendly (this is changing at last). randy
Current thread:
- Re: RFC1918 addresses to permit in for VPN?, (continued)
- Re: RFC1918 addresses to permit in for VPN? Geoffrey Zinderdine (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? Bill Fumerola (Dec 30)
- RE: RFC1918 addresses to permit in for VPN? Randy Bush (Dec 31)
- RE: RFC1918 addresses to permit in for VPN? Derek J. Balling (Dec 31)
- RE: RFC1918 addresses to permit in for VPN? Randy Bush (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? John Fraizer (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Bill Woodcock (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Randy Bush (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Mark Mentovai (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Randy Bush (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? John Hawkinson (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Dana Hudes (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)
- RE: RFC1918 addresses to permit in for VPN? Jason Lewis (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)
- RE: RFC1918 addresses to permit in for VPN? Bill Woodcock (Dec 31)