Great Circle Associates Firewalls
(October 1996)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: RFC1627
From: Rabid Wombat <wombat @ mcfeely . bsfs . org>
Date: Mon, 21 Oct 1996 21:30:06 -0400 (EDT)
To: Brad Isley <bisley @ Lanier . COM>
Cc: firewalls @ GreatCircle . COM
In-reply-to: <199610211940 . PAA14388 @ ss . lanier . com>


On Mon, 21 Oct 1996, Brad Isley wrote:

> > 
> > It doesn't matter whether it was superceded or not. AS A HISTORICAL
> > DOCUMENT listing arguments against private networks it's relevant.
> 
> True.
> 
> It's helpful to keep in mind that those of us who CANNOT get addresses
> (thank you, NIC, for refusing to allocate the addresses we need) NAT is
> the only option we have for now - and it works.  Now if Cisco's PIX
> would leave our remote shell connections open long enough to finish...
> 



The "Summary" from RFC1627 (Lear, Fair,Crocker, Kessler):

 "Re-use of Internet addresses for private IP networks is the topic of
   the recent RFC 1597 [1].  It reserves a set of IP network numbers,
   for (re-)use by any number of organizations, so long as those
   networks are not routed outside any single, private IP network.  RFC
   1597 departs from the basic architectural rule that IP addresses must
   be globally unique, and it does so without having had the benefit of
   the usual, public review and approval by the IETF or IAB.  This
   document restates the arguments for maintaining a unique address
   space.  Concerns for Internet architecture and operations, as well as
   IETF procedure, are explored."



The difference is that RFC1918 has been subject to public review, and has 
been approved as "best current practice" by the IETF.

I contacted Yakov Rekhter of Cisco (Thanks, Paul, for passing on the email) 
and his comment was that RFC1918 went through the IETF review and 
standardization process, whereas RFC1597 and RFC1627 did not. Thanks to 
both for their time.

Check out the CIDR / IETF mailing list archives for the details of 
discussion of 1918 becoming b.c.p.

There was a fair amount of discussion concerning 1918, and some of it was 
obviously politically charged - however, 1918 remains b.c.p.

A primary 1627 concern over running out of address space in IPv4 remains a
valid long term concern, but it does not counter using 1918. There are
issues beyond simple lack of address space causing organizations to
implement NAT - a principle reason being the need to implement classless
inter-domain routing (CIDR) to reduce the size of routing tables. 

As for "not being able to get addresses", AFAIK, you can still get 
addresses from the NIC. There's no guarantee, however, that anyone will 
route your addresses if you are less than /19 (I think that's where 
Sprint is drawing the line, anyway), so you are, by necessity, going to 
need to get your addresses from an upstream provider if you want to be 
routed by others. This leads to a "can't take it with you" 
situation regarding "your" IP addresses, which can lead to expensive 
re-numbering if you decide to change your upstream ...

This is a politically charged issue, as some see it as a "haves vs. have
nots" issue of the large ISPs keeping out/down smaller competitors. 
The reality of the situation, however,  is that routing tables have grown 
beyond manageable size, and the hardware/software combinations needed to 
handle the current state of the Internet without CIDR just don't exist. 

See the CIDR FAQ:
http://www.lab.unisource.ch/services/internet/direct/cidr.html

-r.w.




References:
Indexed By Date Previous: RE: Crystal vs. Black Box
From: Greg Broiles <gbroiles @ netbox . com>
Next: Re: IP addresses
From: Rabid Wombat <wombat @ mcfeely . bsfs . org>
Indexed By Thread Previous: Re: RFC1627
From: Brad Isley <bisley @ Lanier . COM>
Next: re: IP addresses
From: "Jim Leo" <ADMIN @ everett . pitt . cc . nc . us>

Google
 
Search Internet Search www.greatcircle.com