[arin-ppml] re-org question

Ronald F. Guilmette rfg at tristatelogic.com
Sun Nov 6 15:22:56 EST 2016


In message <F04ED1585899D842B482E7ADCA581B84593F39F1 at newserver.arneill-py.local>Michel Py <michel at arneill-py.sacramento.ca.us> wrote:

>>> Michel Py wrote :
>>> Re-numbering is NOT an option regardless of the incentive.
>
>> Ronald F. Guilmette wrote :
>> I don't want to distract from the point you were making, but I wonder if
>you might be so kind as to elaborate on the above assertion, e.g.
>> for the benefit of those few poor ignorant sods on this list, such as mys=
>elf, who might be largely or entirely ignorant of the issues and related di=
>fficulties.
>
>I run the network for a foundry. Most of it is configured with static IPs,
>no DNS, and the hosts they talk to hard-coded in proprietary software. On
>top of it, half is inside a ISO class I cleanroom and runs 24/7/365.
>It's a common situation with large infrastructures that are 20 or 30 years
>old. In the same room, I have 30 different gases and 30 different operating
> systems. Even if I wanted, I could not renumber.

Thanks you for providing this answer.  It is indeed enlightening.

Obviously, I am not at all familiar with any other particulars of your
situation.  Nor, I should say, am I by any stretch of the imagination
a serious or deep networking guy.  Nontheless, your elaboration of the
problem does cause me to wonder if there isn't any solution to the
problem, as you have described it, which would allow all of the equipment
within your foundary to continue to use the existing range IP addresses,
but to do so behind some sort of a firewall and/or address translation
device/mechanism which would hide and isolate all such ``internal'' IPv4
addresses from direct exposure to the public Internet.

On my own admittedly tiny network... and also, I suspect, on millions of
others like it elsewhere... I route RFC1918 addresses around, you know,
internally.  But given that none of these internal IPv4 addresses ever
interact directly with the public Internet, my internal-only use of
these addresses quite obviously causes no problems for anyone, least
of all me.  In fact I sleep better at night knowing that, as a practical
matter, regardless of the numbers or kinds of software bugs in my internal
devices, random outsiders cannot directly access or exploit these devices.
(And since some of my devices are running older and unmaintained software
this seems to be a rather big plus as far as I am concerned.)


Regards,
rfg



More information about the ARIN-PPML mailing list