From Faber Fedor on Thu, 07 Jan 1999
Great article. I'm in the middle of teaching a TCP/IP class and would have loved to use your article the past two days when we were going over subnetting.
May I have your permission to make copies and pass the article out to my class?
All of my columns in the Linux Gazette are covered under the LDP variant of the GPL. That does allow for free distribution and use.
You are welcome to use it however you like. Leaving my name associated with it would be appreciated. Then people know who to blame .
I'll be using a (hopefully improved) version of this article in my book.
Note: Please also look for the article on "proxyarp" --- this is a related subject that your students should also understand. Some of those concepts actually support the subnetting and routing discussion by providing a contrast and comparison. (As in: "Here's another way it can be done.")
and now, for my question: you referenced RFC1918 and "private network addresses". I know about them, I follow them, etc. but only because they are an RFC. I mentioned private network addresses to a buddy of mine and he brought up the point of "Why bother? With proxies, etc., you can have any address(es) you want, so it doesn't matter which address(es) you choose." I can't think of a reason to refute him.
So, is there a reason for choosing 192.168.x.x as opposed to using the Post Office's 56.*.*.* for my internal network that no one ever sees? (Yes, I know they're different classes; that's irrelevant .
By an odd coincidence I've done some consulting for the USPS so I am familiar with the fact that they use proxying to "hide" their 56.*.*.* network from the rest of the world. I suspect that about half of the class A addresses that have been delegated are similarly sequestered.
It would be nice if these organizations returned their IP addresses (exchanged them for smaller address blocks to accomodate their publicly accessible services, routers and proxy hosts). In the case of the USPS there are several Class C addresses that are used by the organization for their web sites et al.
However, the reason for the RFC is to prevent routing ambiguities. If the USPS decided to use some of their 56.* addresses for their websites, routers, etc --- and you needed to access those --- your router wouldn't have any way to know where to send these packets.
Of course, if everyone uses the same RFC1918 addresses and we start trying to connect to one another over VPN's then we have to do some weird "bi-directional" masquerading and NAT (network address translation) to turn your 10.*.*.* addresses into my 10.*.*.* addresses and vice versa. (This is not merely a theoretical problem --- a frient of my, has mentioned that he needs to employ these techniques now).
So, the short answer is: you can do it --- but you'll probably get bitten. There's no guarantee that the organization who's "hidden" addresses you try to use will continue to keep those addresses "hidden". It shouldn't ever concern any other hosts beyond your masquerading/NAT routers and proxy gateways --- so long as you don't "leak" packets with these bogus source addresses.
This sort of "leakage" is probably the most obvious reason to use the RFC1918 addresses. Any router on the net can be configure to drop those packets when any of use accidentally allow them to leak. This is good for the whole Internet.
Hope that helps.