I know the various issues about IPv6. Many people suggest that NAT is part of the solution, at least for company networks. But where i work, NAT is not : we're running out RFC1918 addresses...
From RFC 1918:
> The Internet Assigned Numbers Authority (IANA) has reserved the
> following three blocks of the IP address space for private internets:
>
> 10.0.0.0 - 10.255.255.255 (10/8 prefix)
> 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
> 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
>
I really doubt a single company needs 2^24 = 16 million addresses, as provided by the 10/8 prefix. Ok, expect for ISPs...
2.
Le mercredi, 19 septembre 2007, 12:13 par Colin
Come on, you may be running out of space in some 192.168.0.0/24 network... But are you running out of space with 10.0.0.0/8 or 172.16.0.0/12 ?
3.
Le mercredi, 19 septembre 2007, 12:19 par fatal
If the "solution" is NAT, then the solution for running out of rfc1918-adresses are multiple layers of NAT!
When you started using NAT you already decided that all computers doesn't need to be able to reach eachother, now you just have to decide which computers in your own network doesn't need to reach each other.
As you might have understood: My opinion is that NAT isn't a solution, only problems. Use unique adresses for all hosts. You can request them without problems. Just answer yes when you are asked if you've considered using RFC1918-adresses. There is no shortage of v4 adresses and won't be for a long time... (When there'll actually be shortage, then it'll really be time to move to v6).
4.
Le mercredi, 19 septembre 2007, 13:48 par Benoît DEJEAN
Yes, running out of 10/8 and 172.16/12.
fatal > no you don't understand: i'm talking about the company internal network. Now try to request 2 /8 ...
I am wondering how you can easily run out of 10/8 addresses. You can fit more than 500000 addresses in that range, even if you split in in several subnets.
Even with very inefficient splits for your subnets, it is likely that you have many more RFC1918 addresses than users, or than computers that need to be addressable from other computers in your internal network(s). If some of your computers do not need to be addressable even from your internal network(s), then the obvious solution is to put these in their own NATed networks. Two or more of these "second-level" NATed networks can easily share the same address range because their internal addresses will not be visible from the other parts of your network.
7.
Le mercredi, 19 septembre 2007, 16:45 par Benoît DEJEAN
You can 'waste' a lot of address space if your network is very complicated, ie, you have a lot of routing subnets, routers, etc. The company network is very wide : many routes that are longer than 15 hops.
Moreover, the address allocation is not best-fit. Subnets often match their organizational unit / department / site / country. Like each country has one or many 10.0/16. The group policy doesn't allow second-level NAT.
I believe a lot of big companies may experience this address shortage.
I do not think that you 'waste' a lot of address space if your network is very complicated. You waste it if your network is not well designed.
I am working for a company that had more than 100,000 employees a few years ago (a bit less now). And our intranet covers more than 100 countries. I maintain several subnets; some of them have public IP addresses and some others have RFC1918 private IP addresses. I have never had any problems with address shortage among the private IP addresses.
I am convinced that it is simply a matter of getting the correct network design and policies in place. Otherwise there should be no good reason to run out of 10/8 addresses, even taking into account heavy subnetting and avoidance of some private addresses already 'hijacked' by some careless vendors of networking equipment.
Commentaires
From RFC 1918:
> The Internet Assigned Numbers Authority (IANA) has reserved the
> following three blocks of the IP address space for private internets:
>
> 10.0.0.0 - 10.255.255.255 (10/8 prefix)
> 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
> 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
>
I really doubt a single company needs 2^24 = 16 million addresses, as provided by the 10/8 prefix. Ok, expect for ISPs...
Come on, you may be running out of space in some 192.168.0.0/24 network... But are you running out of space with 10.0.0.0/8 or 172.16.0.0/12 ?
If the "solution" is NAT, then the solution for running out of rfc1918-adresses are multiple layers of NAT!
When you started using NAT you already decided that all computers doesn't need to be able to reach eachother, now you just have to decide which computers in your own network doesn't need to reach each other.
As you might have understood: My opinion is that NAT isn't a solution, only problems. Use unique adresses for all hosts. You can request them without problems. Just answer yes when you are asked if you've considered using RFC1918-adresses. There is no shortage of v4 adresses and won't be for a long time... (When there'll actually be shortage, then it'll really be time to move to v6).
Yes, running out of 10/8 and 172.16/12.
fatal > no you don't understand: i'm talking about the company internal network. Now try to request 2 /8 ...
Use 15/8. That range is used by HP for internal systems only, so as long as you hide it behind NAT, there shouldn't be a problem
I am wondering how you can easily run out of 10/8 addresses. You can fit more than 500000 addresses in that range, even if you split in in several subnets.
Even with very inefficient splits for your subnets, it is likely that you have many more RFC1918 addresses than users, or than computers that need to be addressable from other computers in your internal network(s). If some of your computers do not need to be addressable even from your internal network(s), then the obvious solution is to put these in their own NATed networks. Two or more of these "second-level" NATed networks can easily share the same address range because their internal addresses will not be visible from the other parts of your network.
You can 'waste' a lot of address space if your network is very complicated, ie, you have a lot of routing subnets, routers, etc. The company network is very wide : many routes that are longer than 15 hops.
Moreover, the address allocation is not best-fit. Subnets often match their organizational unit / department / site / country. Like each country has one or many 10.0/16. The group policy doesn't allow second-level NAT.
I believe a lot of big companies may experience this address shortage.
If you're running out of 10/8 (16777216 addresses) then your network design sucks.
I do not think that you 'waste' a lot of address space if your network is very complicated. You waste it if your network is not well designed.
I am working for a company that had more than 100,000 employees a few years ago (a bit less now). And our intranet covers more than 100 countries. I maintain several subnets; some of them have public IP addresses and some others have RFC1918 private IP addresses. I have never had any problems with address shortage among the private IP addresses.
I am convinced that it is simply a matter of getting the correct network design and policies in place. Otherwise there should be no good reason to run out of 10/8 addresses, even taking into account heavy subnetting and avoidance of some private addresses already 'hijacked' by some careless vendors of networking equipment.