On Wed, 15 Aug 2001 10:40:12 EDT, "Christopher A. Woodfield" said:
If you're talking about assigning RFC1918 space to router interfaces that transit traffic, a la @home, keep in mind that this can break PMTU-D, and makes for messy (and slow) traceroutes when external hosts try to resolve unresolvable reverse DNS entries.
If you're talking about giving the workstations in your NOC private IP addresses, using NAT to access your core routers, I see no more a problem with that than I do with people using home DSL routers that utilize NAT.
There are those who would say using a NAT on a DSL router is evil. ;) A better solution would be to have your NOC, your status monitoring systems, your routers, your switches - all connected to a private subnet without using NAT. The LAST thing you want in the middle of a crisis is trying to debug a NAT problem ;) Whether to number your management network with a /24 out of RFC1918 space, or a /2something out of your own address space, and how heavily firewalled/isolated to make it, will depend on your paranoia level and how it balances against ease-of-use concerns - if you have a fully isolated management net, it's more secure, but a bitch to fix things from home ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech