-----Original Message----- From: Jared Mauch [mailto:jared@puck.Nether.net] Sent: Thursday, October 10, 2002 12:59 PM To: Iljitsch van Beijnum Cc: Richard A Steenbergen; nanog@merit.edu Subject: Re: Who does source address validation? (was Re: what's that smell?)

People number out of 1918 space primarily for a few reasons, be them good or not:

1) Internal use 2) Cost involved.. nobody else needs to telnet to my p2p links but me, and i don't want to pay {regional_rir} for my internal use to reduce costs 3) "security" of not being a "publicly" accessible network.

I'll stick my neck out (others from my company monitor this list...) and say that we are not really worried about #3. With #1, if we could get more space, we would not need/want to (except for the test lab) to use RFC1918 space. This leads to #2, which is the issue. We are a growing company. We are expanding our list of regional offices, plus our home office is growing. I'd rather use globally unique addresses for all this, but the cost of additional space (we have outgrown the /24 we have traditionally used), the cost of an ASN, and the cheapness of NAT and "bandwidth/link managers" have driven us to use RFC1918 space. As long as the cost and ease of doing global unique addresses and BGP is greater than the cost and ease of a NAT/link manager setup, businesses will continue to use RFC1918 space, and ignore (or remain blissfully unaware of) the pain it may or may not cause others. James H. Smith II I speak for me, and what I observe, which gets me in enough trouble as it is...