Yeah, definitely talking about use that is deep behind multiple layers of firewalls, or maybe even air-gapped with respect to routable protocols. I won't say what sort of industry runs large piles of ancient gear, but you could probably guess... On Wed, Jan 20, 2021 at 10:13 AM Brandon Martin <lists.nanog@monmotha.net> wrote:
On 1/20/21 9:58 AM, j k wrote:
My question becomes, what level of risk are these companies taking on by using the DoD ranges on their internal networks? And have they quantified the costs of this outage against moving to IPv6?
Honestly I can't think of much unless maybe they're a defense contractor that would potentially end up with DoD ranges (non-isolated/classified networks) in their view of the global routing table. Appropriately treating it like "my networks" and/or RFC1918 in your routing policies (not exporting it, not accepting routes for it, etc.) would be required to properly ensure network stability of course.
Some OSes treat RFC1918 space as inherently "special" (extra trusted, etc.) and wouldn't treat the DoD ranges as such, but those behaviors are typically undesirable or at least not relied on on a network of that scale, anyway.
Not that I'd recommend it. -- Brandon Martin