On Oct 27, 2017, at 23:35, Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote: >> At first I thought of using the blocks of RFC1918, but this IPs are well known and can cause a false impression on the end user. What is the false impression? They are NATed I take it? > Not just a false impression; if they show up in traceroutes they can be extremely misleading. I think users of traceroute are advanced enough to know rfc1918? > Has anyone considered (mis)using 100.64.0.0/10 (RFC6598) for this sort of purpose? Yes, I use it myself to hand out IP’s for IPsec VPN, as it has less chance of clashing with the user’s local preNAT IP range. Until others start abusing this range too. >>> Finally we are thinking of using the blocks that I will present below, as they are little known and not routed worldwide. >>> >>> 198.18.0.0/15 >>> 192.0.0.0/24 >>> 192.0.2.0/24 We use the example ranges for our unit testing so I have those permanently configured on our test machines and laptop 😀 > A very bad idea. They are all reserved for a reason, and some > of them are well known. Even the ones that are a safe choice become unsafe once people start using these. However, there is a lot of unused multicast and reserved space left to do assignments from. I’m not sure why we haven’t started nibbling on those yet, other then wanting to promote ipv6? Paul