Naiming Shen [mailto:[EMAIL PROTECTED] wrote: > ] Naiming Shen wrote: > ] > ] <SNIP> > ] > ] > If any IP users think using rfc1918 is a disaster, > again, it's their > ] > choice to avoid them(if they can get globally routable > addresses). > ] > ] If one chooses to ignore any standards it's their problem. > ] Which indeed is true. > ] > ] > there are many reasons to use rfc1918 addresses, not all > related to > ] > the internet security. > ] > ] Name and eloborate on them. > > some examples which are not security specific: > > - to use the same gateway address in multiple locations for devices > like laptops, assume someone does not want to run dhcp overhead.
IPv6 also has RA, I don't see a point here. Also if you are talking gateways then you are also quite possibly talking about internet connected devices, thus you will need to be globally unique. > - someone does not want the addresses to be global dns > reachable. some ISPs assign private addresses on all > their backbone links just for that. > the names showing up when they do internal troubleshooting, > but not in external domain traceroute. Use a /48 out of the ISP's /32 and use that for those backbone links. Then even people who are outside of the network still can find out that this address space is owned by that ISP. As for names showing up, those can only be handy to identify them. Otherwise either use seperate DNS's or use BIND's 'view' capability. Ofcourse other DNS implementations might have other facilities. > - in router/etc documentation, its nice to have diagrams > showing routers having 10.x.x.x addresses in their > configuration examples, its not good to put legal > addresses over there. That's where 2001:db8::/32 is for. > - of course in v4, addresses are not free. In IPv6 they won't be free either. If you want 'free' space just pick some random addresses and use them. But then don't complain that you can't route it over the internet etc. > - its safer to use private addresses during testing, e.g. routing > protocol testing in lab. even if you leak out those addresses by > mistake, the chances are your peer, or upstream is filtering them, > so the damage is minimized. Then don't route it to the outside. Use firewalls etc. One could also 'forget' to filter 2001:db8::/32 or any other space. How many IPv4 smurfamp gateways where there still on the internet? and how many ISP's do actually filter on egress from their customers? > i think my point on this related to SL is that, the SL space > is already carved and well known already to everyone, what is > the point to reclaim it for "normal" use? though i'm absolutely > against to have routing/dns support to SL. I don't see any relation whatsoever to the above points. Also IPv6 is currently still not heavily deployed and still be carved so that problems related to SL will be gone. Also if you don't need routing then use fe80::/10. And what do you mean for not having SL support in DNS? How are you going to let an application get to that host then? Are you letting the user remember and type in a 128bits address? And what about security specific reasons? Greets, Jeroen -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
