Using RFC 1918 IP Addresses on Internal Routers?

braek asks: "Our network has expanded to the point that I have about 6 separate network links to remote networks. I would like to avoid using public IP addresses for the routers to conserve my limited global IP addresses, and I don't expect any additional IP's for a while. :( What do you guys think about assigning internal routers a private, RFC 1918 IP address, like 10.0.0.1 or something? (For security, RFC 1918 addressess would be filtered at the border routers.)"

"I am testing this right now, and routing seems to work fine, the only problem I can think of, is when someone does a traceroute, it will show up like:

10   120 ms   131 ms   120 ms  152.63.67.97
11   130 ms   130 ms   131 ms  66.141.21.1
12     *        *        *     Request timed out.
13   130 ms   130 ms   140 ms  66.141.21.185

Hop 12 is the router with the private RFC 1918 address, and I am assuming it is not responding to a traceroute because the IP is not globally routable. However, all the clients behind the router have complete, unabashed network access. What problems may one encounter if implementing this kind of addressing scheme?"

Can and Must

[fm6]

It's a mystery to me why this isn't considered mandatory. People sweat blood building firewalls and packet filters and block off port numbers that people need -- and the kiddies still find a way through. Using a private network space is the ultimate access control -- for anyone outside your network, internal machines simply don't exist.

Unnumbered IP?

[ajvtoo]

If your six separate network links are simple point-to-point links, have you considered using unnumbered IP on these links to free up some IP space?

See http://www.cisco.com/warp/public/701/20.html for some more information.

NANOG

[The+Madpostal+Worker]

This is a topic that has been flamed^H^H^H^H^H debated to death on the North American Network Operators Group(NANOG) Mailing List

Its a great list, and has a lot of very knowledgable people on it.