Comment by dmd

When I separated my scientific instruments from IT, I went to fixed IP and set each device to 192.A.B.x where x is different for each instrument or PC. And A & B are for my lab only, but definitely not the same as the "generic" address range IT is using.

One day somebody working days or nights "helpfully" plugged one of IT's loose office-machine-network cables into one of my little lab ethernet switches which had a vacant spot :\

With separate IP subnets it really kept the traffic from crossing, no damage was done, and nobody ever knew until a PC configured for DHCP was plugged into the lab network, and their router wanted to autoassign an IP address to it.

So, uh.

I kinda don't want to share this because:

A) it's a bad idea

B) it means it will be less unique

and

C) I got teased for it a long time ago by my other nerd friends.

But the US DOD has huge blocks of prefixes that it doesn't do anything with, presumably they use it for internal routing so every device they have could publicly route without NAT..

One of those prefixes is 7.0.0.0/8.

My home network uses that. I have never had an issue with S2S VPNs.

However, there have been a few bits of software (pfsense for example) which have RFC1918 hardcoded in some areas and treat it like a public network and overwriting it means doing the entire network setup manually without the helping hand of the system to build-out a working boilerplate.