[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Writeups on why RFC1918 is bad?



Pekka,

The document came out of the IAB, while the NAT WG was active, so there was a
lot of diplomacy between the IAB, the IESG, and the NAT WG chairs, to get to
a version of the document that everybody was happy with. Since we don't have
a NAT WG today, that side of it might be easier, but it can very easily become
a religious war.

    Brian

Pekka Savola wrote:
> 
> Hi,
> 
> On Mon, 15 Sep 2003, Brian E Carpenter wrote:
> > I believe RFC 2993 actually covers all the issues (including the one
> > of VPNs between RFC 1918 sites, especially in section 7.6).
> 
> Thanks for the pointer.  Yes, RFC 2993 seems to cover many aspects which
> seem surprisingly familiar ;-), but I'm not sure if it answers questions
> like : "I want to use NAT or RFC1918 for purpose X.  Why shouldn't I do
> it?  (Why might I want to do it anyway?)  What other feasible ways are
> there to do it without such mechanisms?"
> 
> In other words, the document seems to cover the scenarios using a broad
> overview -- it may not be applicable to the most common cases of
> deployment.
> 
> But then again, I'll have to go read the RFC in detail.
> 
> > Given how difficult it was to get that RFC published, I wonder if it
> > is worth the effort of writing what would efefctively be the same
> > document, but with an emphasis on ambiguity instead of translation.
> 
> I can certainly envision how this could turn ugly.  Could you elaborate a
> bit on the difficulties that came across?
> 
> Pekka
> 
> > Pekka Savola wrote:
> > >
> > > Hi,
> > >
> > > Regarding the local addressing debate...
> > >
> > > I had the misfortune to having to participate in a discussion where a
> > > multiple-branch (20-30+) enterprise, which has deployed private addresses
> > > and network-to-network VPN's inside it, wants to start using IPv6.
> > >
> > > I'm wondering whether there exist any educational material why
> > > RFC1918-like addressing is really *NOT* a good idea (or even, list and
> > > evaluate the tradeoffs), and how to get around it. ("If one can state
> > > clearly arguments why they shouldn't be doing it with IPv4, maybe it's
> > > easier to convince them not to do so with IPv6").
> > >
> > > It seems to me that there is a very severe need for a way to enlighten
> > > folks like that if we ever want to be successful..
> > >
> > > http://www.cs.utk.edu/~moore/what-nats-break.html is interesting, but not
> > > focused enough for RFC1918-like addressing itself.
> > >
> > > I.e., what I'd like to see is whether anyone has written up something
> > > regarding either "why local addressing would be a bad idea with IPv6", or
> > > "why local addressing is a bad idea with IPv4", especially from the
> > > security point-of-view.
> > >
> > > btw., one way to probably avoid the two-faced DNS issues with local
> > > addressing is probably to simply use a different naming for internal
> > > commuications like with example.com --> example.internal.
> > >
> > > --
> > > Pekka Savola                 "You each name yourselves king, yet the
> > > Netcore Oy                    kingdom bleeds."
> > > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> > >
> > > --------------------------------------------------------------------
> > > IETF IPv6 working group mailing list
> > > ipv6@ietf.org
> > > Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
> > > --------------------------------------------------------------------
> >
> >
> 
> --
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

-- 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Brian E Carpenter 
Distinguished Engineer, Internet Standards & Technology, IBM 

NEW ADDRESS <brc@zurich.ibm.com> PLEASE UPDATE ADDRESS BOOK

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------