At 09:51 AM 1/20/99 -0600, you wrote:
Using RFC1918 space for this won't work because there has to be some kind of administration of the space to ensure enough uniqueness that no two companies that are visible to any one company have the same addressing. There can be only one such administration of any practicality even though this "closed Internet" is chopped into isolated segments.
Sure it will. It requires (gasp) some COMMUNICATION between the companies involved. I don't know of many companies who between them will completely fill 10.0.0.0/8 with all the machines that need to interconnect. I mean that's a pissload of machines. SIXTEEN MILLION machines.
Further, many companies with these networks also allow direct access to the real open Internet. That means for sure that addresses in use on the open Internet cannot be duplicated anywhere else. So the allocation of space within the closed network has to be unique even compared to the open Internet.
The best way to do this is with a firewall (companies doing this probably already have one, otherwise their "private" network ain't so private), and just about every firewall worth putting on a box will do NAT. You map individual machines that need their own IP address directly through on a one-to-one relationship, and the rest you let the firewall masquerade through. Conserves "real" IP space.
So it makes sense that every company connecting this way must obtain their own unique address space.
No, it doesn't.
1. There is not enough space in RFC1918 to assign UNIQUE addresses to each company that interconnects with many other companies, that further interconnect with many others, and on and on.
There's 16,000,000 addresses in 10/8... not to mention the rest of the space. Seems like VERY poor space management if the people involved can't fit in there.
2. Even if there was enough space, there is no one doing any administration of such space to ensure that all such assignments are sufficiently unique to ensure that every company connecting to many others will never see two or more such companies using the space part of RFC1918 space.
So the companies come together - once - and allocate space for each other. If the companies have such a good relationship that they are allowing people in behind their firewalls and such, then communication amongst them shouldn't be a foreign concept.
Likewise, name spaces also have to be unique, and the NS servers that are authority for them may not be reachable by you or perhaps even anyone else on the open Internet. But that doesn't mean they aren't real and being used by many different businesses.
This is an interesting concept... perhaps there ought to be an RFC1918-like TLD "prv" or something, which is reserved for resolving addesses that will only ever sit on RFC1918 space. Set aside certain addresses in RFC1918 space that the root servers could ostensibly "point" to as being the "official" nameservers for that TLD, ... Hmmmm.. just a thought. D