Request comment: list of IPs to block outbound

[gtaylor at tnetconsulting.net (Grant Taylor)]

On 10/22/19 10:54 PM, MÃ¥ns Nilsson wrote:
> I have a hard time finding text that prohibits me from running machines 
> on 100.64/10 addresses inside my network.

I think you are free to use RFC 6598 â?? Shared Address Space â?? in your 
network.  Though you should be aware of caveats of doing so.

> It is just more RFC1918 space, a /10 unwisely spent on stalling 
> IPv6 deployment.

My understanding is that RFC 6598 â?? Shared Address Space â?? is 
*EXPLICITLY* /not/ a part of RFC 1918 â?? Private Internet (Space).  And I 
do mean /explicitly/.

The explicit nature of RFC 6598 is on purpose so that there is no chance 
that it will conflict with RFC 1918.  This is important because it means 
that RFC 6598 can /safely/ be used for Carrier Grade NAT by ISPs without 
any fear of conflicting with any potential RFC 1918 IP space that 
clients may be using.

RFC 6598 â?? RFC 1918 and RFC 1918 â?? RFC 6598
RFC 6598 and RFC 1918 are mutually exclusive of each other.

Yes, you can run RFC 6598 in your home network.  But you have nobody to 
complain to if (when) your ISP starts using RFC 6598 Shared Address 
Space to support Carrier Grade NAT and you end up with an IP conflict.

Aside from that caveat, sure, use RFC 6598.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191022/3f46f4a9/attachment.bin>