[rpd] Re: Factors affecting in-region utilization - way forward?

[Guy Antony Halse]

On Mon 2014-07-21 (00:39), Mukom Akong T. wrote:
> But it's also the people handling such networks don't know any better to
> a) challenge the ISP about the amount of address space and/or b) start the
> process of getting their own space.

So how do we fix this?

My experience with organisations like this is that you can explain why NAT
is bad and why they can/should apply for address space, and you almost
inevitably get one of the following responses:

 1) it is too much work to change/we don't have the {time,staff,budget} for that;

 2) our ISP won't do that;

 3) our management will never buy into that; or

 4) our auditors will never allow that!

The first two I can work with.  However, the last two are particularly
damaging :(.  And the fact that (external) auditors can and do intimidate
organisations into using NAT "for security reasons" distresses me.  About
two years ago, I watched a fairly large university give up the equivelent of
a /19 of real world address space in favour of NAT primarily because of 4),
and its subsequent impact via an internal audit & risk committee on 3).

- Guy
-- 
Manager: Systems, I&TS Division, Rhodes University, Grahamstown, South Africa
Email: G.Halse at ru.ac.za    Web: http://mombe.org/    IRC: rm-rf at irc.atrum.org
*** ANSI Standard Disclaimer ***                                      J.A.P.H