On Wed, 10 Nov 2004, Jerry Eyers wrote:
I have devices that have no need, never will have a need, to ever talk outside of the internal networks, nor do I want some brain dead user to drop some stupid little device on the network and tada, route access to some of my inside network simply because the addresses are valid. I want my inside addresses to be non accessible from the 'real world', ever. If IPv6 can't offer me the luxury (even if it is not valid or justified) then I see no reason to change from IPv4 to IPv6 in the core. Just do it on the periphery. It is VERY expensive to a corporation to accomplish a renumber, and if there is no benefit, then.....
Depending on putting devices on 1918 for security is dangerious. All it takes is one little misconfigured router (or less than strict filters) and any of your peer's customers can start talking to your backend database servers. Assuming that just because they are 1918 address they are not remotely visable is a dangerous simplification. eg I just hopped though 3 providers (using default routes) to ping a well known [1] 192.168.x.x address. [1] - In NZ. -- Simon J. Lyall. | Very Busy | Mail: simon@darkmere.gen.nz "To stay awake all night adds a day to your life" - Stilgar | eMT.