nanog mailing list archives
Re: DoD IP Space
From: Eric Kuhnke <eric.kuhnke () gmail com>
Date: Wed, 20 Jan 2021 13:01:36 -0800
Organizations that I have seen doing as you describe, because they ran out of RFC1918 IP space, are also often using their existing private IP space wastefully in the first place. Rather than using DoD /8s internally, if they absolutely need to support v4-only equipment on their internal management networks, they might be better served by considering that maybe every POP doesn't need its own /24. I'm talking about things I've seen where all of the management/monitoring IPs of the equipment at a site might fit very comfortably in a v4 /27. But that would be a labor intensive IP space and management address auditing process of renumbering things, fixing internal DNS and rDNS, and updating any myriad of things that might have the direct IP addresses of stuff hardcoded into configuration files. Rather than doing all of the above, they simply go "hey here's a /8 that's highly unlikely our management network will ever need to talk to it in a global routing table", and continue on with their /24 plan per tiny POP. On Wed, Jan 20, 2021 at 8:38 AM Dorn Hetzel <dorn () hetzel org> wrote:
I am aware of some companies that have used parts of a DoD /8 internally to address devices in the field that are too old to ever support IPV6. Those devices also never interact with the public internet, and never will, so for them, I guess the only risk would be that some other internal system that wants to talk to those devices would not also be able to talk to any endpoint on the public internet that wound up using space allocated from that block, some time in the future. Is that about right or am I missing some key failure point? On Wed, Jan 20, 2021 at 9:59 AM j k <jsklein () gmail com> wrote:My question becomes, what level of risk are these companies taking on by using the DoD ranges on their internal networks? And have they quantified the costs of this outage against moving to IPv6? Joe Klein "inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene 1) "*I skate to where the puck is going to be, not to where it has been." -- *Wayne Gretzky "I never lose. I either win or learn" - Nelson Mandela On Wed, Jan 20, 2021 at 9:06 AM John Curran <jcurran () istaff org> wrote:Indeed. /JohnOn Jan 20, 2021, at 8:47 AM, Cynthia Revström <me () cynthia re> wrote: But if you do this, make sure you keep track of where you might haveput policies like this in, in case the DoD sells some the space or whatever in the future.
Current thread:
- Re: DoD IP Space, (continued)
- Re: DoD IP Space Randy Bush (Jan 21)
- Re: DoD IP Space Randy Bush (Jan 21)
- Re: DoD IP Space Doug Barton (Jan 22)
- Re: DoD IP Space Dorn Hetzel (Jan 20)
- Re: DoD IP Space Bryan Fields (Jan 20)
- Re: DoD IP Space John Curran (Jan 20)
- Re: DoD IP Space Brandon Martin (Jan 20)
- Re: DoD IP Space John Curran (Jan 20)
- Re: DoD IP Space Eric Kuhnke (Jan 20)
- Re: DoD IP Space Bryan Fields (Jan 20)
- Re: DoD IP Space Eric Kuhnke (Jan 20)
- Re: DoD IP Space Sabri Berisha (Jan 20)
- Re: DoD IP Space Owen DeLong (Jan 20)
- Re: DoD IP Space borg (Jan 21)
- Re: DoD IP Space Clayton Zekelman (Jan 22)
- Re: DoD IP Space Izaac (Jan 22)