I've seen many enterprise customers using RFC 1918 address space internally. This includes allocating 10/8 addresses for hosts, and 172.16/12 for isolated segments behind firewalls. Since 192.168/16 may be used by employees in their homes accessing the corpnet, often this block is avoided for use in address allocation on VPN servers.
In terms of NAT usage in enterprise, it is very common: in branches, employee homes, campuses, even in data center load balancers (reverse NAT). It is quite common to see RFC 1918 space of all types in enterprise routing tables. Given the huge influx of mobile devices (many of which do not support IPv6 fully), there will be even more pressure to deploy RFC 1918 addresses and more efficiently use routable address space. In general, enterprise addressing plans are developed and changed deliberately and with considerable planning. Where things become more tricky is in Extranet design where connections can be made to partners with their own addressing complexities. To avoid routing issues fire gaping may be required. On Dec 4, 2011, at 21:24, "Pete Resnick" <[email protected]> wrote: > On 12/4/11 8:22 AM, Hadriel Kaplan wrote: > >> So you tell me how safe picking a specific RFC 1918 address space is. There >> are ~100,000 enterprises with over 100 employees just in the US, and ~20,000 >> with over 500 employees in the US. Obviously my company is a tech company >> so it's probably not "normal", but still it seems obvious enterprises use >> random 10.x.x.x and 172.16/12. >> > > AFAICT, it *isn't* safe to use these addresses if and only if these > enterprises *also* use equipment that can't deal with 1918 addresses on their > external interface. For example, your machine taking a 10.2xx.xxx.xxx address > isn't a problem in and of itself because the NAT in front of you is > translating. The issue only arises if the Carrier Grade NAT in front of you > is on the other side of equipment that *can't* handle that portion of address > space on the outside. > > Now, I don't know if that means it *is* safe. I don't know how many > enterprises talk to CGNs and wouldn't be able to deal with a particular block > of 1918 addresses on the outside. That's the question I'd really like an > answer.... > _______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
