Are You RFC1918-Compliant? Why Not?

By eweek  |  Posted 2001-06-18

Before the proliferation of the internet, most network administrators grabbed a block of addresses for TCP/IP networks out of the air, maybe assigning an entire class C to each division, even if the department had only 10 PCs. Then the Internet explosion changed everything—or at least it should have.

The Internet Engineering Task Force got together and invented "Request for Comment," which in many cases became the best practicing standard for running a complex network. One of the most important RFCs Ive found is RFC1918, which states that all private networks should use only three specific address blocks inside their firewalls.

Early on, the IETF realized that there were not nearly enough IP addresses available to accommodate every computer, so it recommended that everyone use these addresses inside their networks. Once compliant, users can communicate with computers on the Internet by using Network Address Translation, which associates your inside compliant addresses with a small block of valid external addresses that have been assigned to your organization.

Three years ago, our countys network engineer instructed everyone inside our network to change every computer to (what is today) an RFC1918-compliant IP address. Once compliant, requests to resolve non-RFC1918 addresses were sent to the Internet to be resolved. Before RFC1918, it was a networking nightmare, requiring entering hundreds of static routes and instructing our routers what addresses were to be resolved internally and externally.

These days, many compliant organizations refuse to make an internal connection to a noncompliant network because they know the problems it will cause. Heres an example: Lets say I want to connect to a computer on the non-RFC1918- compliant network that is directly connected to our internal network. Since it looks like a valid Internet address, our routers will automatically send it to the Internet to be resolved, rather than send it to the noncompliant network. Again, the only way to resolve the problem is by entering a static route.

Network gurus look at noncompliant organizations in one of two ways: Either they dont know what theyre doing, or theyre so large there is no single entity powerful enough to correct the problem.

Rocket Fuel