22 Feb
2021
22 Feb
'21
4:27 p.m.
using them in an enclosed private network is not what
it was designed for
The point of an internet address registry is not to ensure global
connectivity between every address at all times. It's just a mutually
agreed upon way to ensure uniqueness so that various networks can
optionally connect to each other without having conflicts. It's always
been perfectly acceptable to use globally unique addressing on private
networks so that when they later decide to peer with other networks, they
can do so.
On Mon, Feb 22, 2021 at 6:53 AM pete M via 44Net <44net(a)mailman.ampr.org>
wrote:
"- 44.168.80.0/23, which is an internal, private network for hams, and
which is not reachable from public Internet
This allows for clear distinction about what is on Internet and what is
not, and it simplifies firewall policy management."
"73 de TK1BI"
Here is one way of doing things that I dont like much, and at the same
time I do understand why you do it that way. But for me that /23 of adress
space is being lost. the /23 could be using one of the private subnet that
are already available to us. That way you are sure that no one nowhere
will jump in the group.
The 44 net adress space is by definition routable from all over the
world.(if route tables are built for it. ) using them in an enclosed
private network is not what it was designed for.
One thing to consider for the adress space is that some will not want
people from other adress spaces to connect to them. I know that a firewall
can reject whole ip space 100% of the ip of the world in one line, and with
just a few line it will allow just the 2 remeaining 44 adress space . Yes
ip adress can be spoofed. So yen we cannot use that as the main security of
the network. But it will deal with 99% of traffic. for the rest we need to
do real identification stuff. And that is not at the adress space level
that it need to be done.