Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
mindslight 7 days ago

The real official answer is to register/allocate a new subnet, with no intention of putting it into the global routing tables. IPv6 only comes into play because doing that with IPv4 is mostly impractical these days.

The author lost me when they got into raw iproute commands. Not because I'm not acquainted (I run my own custom complex router using a standard Linux distro). But rather if someone knows enough to configure things at this level, then they would just come to this solution on their own. Most people trying to solve this problem will not - eg think that mobile video rack belonging to a touring musician.

Readily-accessible solutions I can come up with off the top of my head:

1. Two off the shelf routers and double NAT. The middle network can be changed if it conflicts with the outer network

2. One router/NAT, but two IP networks on the inner network - one statically assigned for devices to communicate with each other, and one assigned via DHCP for accessing the horizon through NAT. That second network can then easily be changed.

3. Play battleship more strategically using class E address space, DOD/BigCo address space, and/or smaller subnets in the middle of the customary size for a range (eg 192.168.1.160/27).

MartijnBraam 7 days ago | parent | next [-]

Allocating a subnet is way further away from reality for most people than configuring one router feature on the router they're using.

There's also a lot of people that configure these devices (or linux routers) themselves but have never heard of VRFs, you got to learn about them somewhere so I just hope this helps some people :)

mindslight 6 days ago | parent [-]

I see your point if someone is at the level of tinkering enough to learn Mikrotik gear. I was loosely equating VRF with general Linux policy routing, where you end up owning a bit more of an overarching config with fwmarks etc. And then I reasoned that Mikrotik was more complex than that, because I personally avoid doing config on my Mikrotik devices in favor of the Linux router (which is the opposite if you're coming at it unopinionated). But if someone wants to understand just enough networking to copy and paste Mikrotik examples, I do think your post is good general suggestion for that.

master_crab 4 days ago | parent | prev | next [-]

If I can avoid Double NATing, I do because it tends to degrade network performance and can have interesting characteristics on some inbound traffic (although that depends on the use case).

But the third option honestly isn’t recommended enough. DoD space is rarely routable, and if you are on a private network already, even moreso. It’s also less common than RFC1918.

However, there is one caveat. Some large corporates do use it for just the same reason. Even though it is rarer than 10 or 172 space, you’d be surprised how many large orgs do run DoD internally.

(Disclaimer: I use DoD space for my travel router at hotels)

stirfish 7 days ago | parent | prev | next [-]

I've been using a router as 4.20.69.1. It's good to hear other solutions, as I've just been figuring it all out as I go along

JSR_FDED 6 days ago | parent [-]

I’ve never had any issues using a .666 subnet

1oooqooq 4 days ago | parent | prev [-]

can't they just put each port on it's own vlan and call it a day?