--On Sunday, December 04, 2011 20:40 -0600 Pete Resnick <presnick@xxxxxxxxxxxx> wrote: >... > Nope, but your close. The assumption in my question is that if > the legacy (broken?) gear in question all uses 10/8 *and* we > publish a document that declares a particular (presently > unused by said gear) block of 1918 address space is henceforth > off limits to use in equipment that can't translate when > addresses are identical on the outside and the inside, then > the use of that 1918 address space might be "safe" for CGNs to > use. I do not presume that it *is* safe; only that the > question has not been answered. Then the document we should be discussing and approving should say "even if you were dumb enough to but and deploy in the past, devices that don't have a clear and well-documented way to perform address translation while using the same addresses on the inside and outside have no future, especially in IPv4. They should not be expected to work in reasonable ISP configurations". Whether we can or should also provide advice about address ranges for older devices that cannot be upgraded is another issue. But it is not a very interesting one because: If you advise using some piece of the 1918 space, you can only say "We aren't aware of anyone using this space under so-and-so circumstances" and not "We can prove that no one is using that space". If you advise using a newly-dedicated block, you can only say "We have allocated this block for this purpose. and no one can legitimately use it for anything else". You cannot say, "It is safe to use that new block without careful design and good implementations because we are sure that no one has squatted one it, no one has anticipated the allocation, no one is trying to use it in layers, and no one is going to accept a routing announcement for it". I also don't know quite how to parse your conditions above because the only legacy one-many IPv4 NAT gear I've used that doesn't permit using the same addresses "inside" and "outside" use parts of the 192.168/16 space, not 10/8. The devices I've encountered that use 10/8 instead are able to handle those duplicate addresses although the mechanism for configuring it may not be very well explained in documentation. That information is, however, worthless to you because it is completely anecdotal and doesn't say a thing about the particular devices you are looking for. john _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf