My (very large) corporate network uses 172.16 and 10. heavily, which has lead me to set my docker/daemon.json default-address-pools to 84.54.64.0/18, as it's very unlikely we need to communicate with any IPs in Uzbekistan.

▲

dijit 2 hours ago | parent [-]

So, uh.

I kinda don't want to share this because:

A) it's a bad idea

B) it means it will be less unique

and

C) I got teased for it a long time ago by my other nerd friends.

But the US DOD has huge blocks of prefixes that it doesn't do anything with, presumably they use it for internal routing so every device they have could publicly route without NAT..

One of those prefixes is 7.0.0.0/8.

My home network uses that. I have never had an issue with S2S VPNs.

However, there have been a few bits of software (pfsense for example) which have RFC1918 hardcoded in some areas and treat it like a public network and overwriting it means doing the entire network setup manually without the helping hand of the system to build-out a working boilerplate.

	▲	x0 2 hours ago \| parent \| next [-]
		In this vein there's also 3 TEST-NETs, all /24 but still useful. I've been known to use TEST-NET 1 for Wireguard: 192.0.2.0/24. The other two are 198.51.100.0/24 and 203.0.113.0/24. There's also 198.18.0.0/15, Wikipedia says it's "Used for benchmark testing of inter-network communications between two separate subnets"[1]. Use this if you really want to thumb your nose at the RFC police. [1] https://en.wikipedia.org/wiki/List_of_reserved_IP_addresses
	▲	pcarroll 2 hours ago \| parent \| prev [-]
		I actually looked at using those before the CGNAT range, but many of those blocks have been returned to the public Internet.