On Sat, 14 Mar 1998, Blake Willis wrote:
IMHO, the decision to use private IP space for hosts/routers/interfaces in a network is really a matter of necessity or security. I am familiar with a few corporate networks with nationwide WANs (as well as a major ISP or two) that use 10.0.0.0/8 and other private networks for all their backbone equipment, simply because they lack the public address space to do otherwise. Others do it for the very reason that their equipment is unreachable from the outside world. Whatever the reason, as long as you keep it within your own AS and don't announce or listen to it from anywhere else, there is nothing wrong with setting a network up this way.
No. The assumption that life is as simple as that is the biggest problem with most uses of private IP space. It _does_ break things if not done with very careful attention. Most of the people using it have no clue about how it can break things and are bewildered when it is explained to them. For example? A router with one ATM interface going to the world with a high MTU with an ethernet on the other side. Say you use private IP space for links on that router. Say someone on the Internet filters traffic from private netblocks; lots of people do. There _can_ be machines that are completely unable to transfer data (eg. download a web page) from another because you just broken path MTU discovery. This is not a made up situation, this is a real example that I have had to deal with of how using private IP space for network interfaces used for public traffic does break things in some situations. Now, you can avoid this problem by being careful to ensure that there is no MTU change on any router using private address space for the relevant interface, or that all systems downstream of it don't have a MTU larger than the MTU on the low MTU interface, etc. But that is just hacks to get around the basic problem; while they may be acceptable in your situation, and I am not trying to claim it is never appropriate, most people that I have seen with problems like this never had a chance to decide that because they don't have the faintest understanding of issues like this.