[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Writeups on why RFC1918 is bad?



Hi,

Regarding the local addressing debate...

I had the misfortune to having to participate in a discussion where a
multiple-branch (20-30+) enterprise, which has deployed private addresses
and network-to-network VPN's inside it, wants to start using IPv6.

I'm wondering whether there exist any educational material why
RFC1918-like addressing is really *NOT* a good idea (or even, list and
evaluate the tradeoffs), and how to get around it. ("If one can state 
clearly arguments why they shouldn't be doing it with IPv4, maybe it's 
easier to convince them not to do so with IPv6").

It seems to me that there is a very severe need for a way to enlighten 
folks like that if we ever want to be successful..

http://www.cs.utk.edu/~moore/what-nats-break.html is interesting, but not 
focused enough for RFC1918-like addressing itself.

I.e., what I'd like to see is whether anyone has written up something
regarding either "why local addressing would be a bad idea with IPv6", or
"why local addressing is a bad idea with IPv4", especially from the 
security point-of-view.

btw., one way to probably avoid the two-faced DNS issues with local 
addressing is probably to simply use a different naming for internal 
commuications like with example.com --> example.internal.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------