Addressing authorities have the concepts of:
Private address space
Registered address space that is globally routable
Registered address space that is NOT globally routable
Admittedly, address space continues to be tight, and it's beginning
to be time to start thinking about IPv6 (which has the same
concepts). But it's certainly not unheard of to request unique space
that will not go into the global table, for environments where it is
specifically not planned to connect to the Internet, but where too
many organizations are involved to coordinate private addressing.
Think, for example, of interbank networks, credit authorization
networks, and interagency classified networks. The address
registries may put a caveat on an address request that you agree to
renumber into provider-assigned space, or do a new justification, if
you subsequently connect to the Internet.
IPv6 finally has a "killer application." The third generation
wireless industry has mandated V6, so we now have a real driver for
its use. Don't expect everything to convert overnight -- hey, I still
see Bisync that hasn't gone to SNA.
Peter van Oene wrote,
>I'm just curious why people seem to disregard the concept of using
>NAT and registered addresses together? Just because you have unique
>addressing doesn't mean you have to announce the prefixes to the
>Internet. I would highly suggest you use registered space in the
>same way that you would use 1918 space. In this way, you can still
>take advantage of NAT for its limited role in security.
>
>If security is a key concern, NAT is really not a huge component of
>the solution. Organizations really need to embrace and enforce
>policy and support them with electronic means including properly
>configured and deployed firewalls, IDS systems, logging systems
>(physical/electronic) etc.
>
>
>
>*********** REPLY SEPARATOR ***********
>
>On 1/10/2001 at 8:47 AM Steve Smith wrote:
>
>>We had a MASSIVE dispute within our company about this. We bought
>>another company and they uses registered IPs on everything down to the
>>workstation. They claimed NAT caused problems with most programs and it
>>was just easier to use registered IPs.
>>
>>We had a meeting with 3 different CCIE's that worked for Cisco and 2
>>security consulting firms and decided, although it would be nice to use
>>registered IPs, it was more efficient and secure to use private IPs. We
>>then tested the "apps that won't work with NAT" and found 99 percent of
>>them worked fine if the server and firewalls where configed correctly.
>>
>>Don't get me wrong, NAT can and does have some minor downfalls but
>>overall, in my opinion, it's does its job.
>>
>>regards,
>>Steve
>>
>>-----Original Message-----
>>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>>Sent: Wednesday, January 10, 2001 7:08 AM
>>To: [EMAIL PROTECTED]
>>Cc: [EMAIL PROTECTED]
>>Subject: Using Register IP Address on your Private network
>>
>>
>>
>> I have a question here? Why would anyone use register addresses on
>>their
>>private network, while you can use UN-register addresses like 10.X.X.X ?
>>Do
>>you really need to burn register addresses on a private network?
>>
>>I would like to hear anyone opinion on this subject
>>
>>Brian
>>
>>_________________________________
>>FAQ, list archives, and subscription info:
>>http://www.groupstudy.com/list/cisco.html
>>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>>
>>_________________________________
>>FAQ, list archives, and subscription info:
>>http://www.groupstudy.com/list/cisco.html
>>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
