Does anybody consider using or use private IP addressing for transit networks inside Autonomus System of ISP? From global routing point of view, I annonce my public IP address block via eBGP. All the customers and services consume public IPs. But inside AS I (probably) can use private networks for transit networks. These private networks are known inside AS via IGP.

What is a flaw of such design?

After all, why not... the biggest french ISP does exactly that... It's just really strange when you're doing a traceroute as a customer... for a non customer, in your case, the traceroute will show some missing routers, due (i hope, but it's sadly not always the case) to RPF...

Fred

There's also the accountability problem. With a globally scoped IP address, its typically easier to correlate any abuse notices to the actual user. If you're going to do NAT/PAT on a provider scale, you'll need to have extremely verbose logs from any AAA systems and your NAT/PAT devices.

For example, if you receive a notice that a user issued a credible death threat on a public figure from your network, how will you help locate the guilty party? You're going to need extremely detailed logging mechanisms for all NAT/PAT functions.

Then there's the fact that many knowledgeable users will view your service offering as sub-standard because they don't have a globally scoped IP address assigned to their CPE device.

Of course, neither of these are technical limitations and might not be an issue in your situation.

From a philosophical standpoint, I really dislike the concept of service provider NAT. It breaks the end-to-end model that IP was designed around. I know, we broke all those rules a long time ago (and for good reason).. doesn't mean I have to like it! Also, I'm admittedly "old school" on this topic.

Another reason not to is remote management. I had a customer recently who gets a DS1 from a local provider who uses a private /30 on the serial interface between them an the customer. The customer installed the router after they set it up, but they had forgotten to put a default route into the router, so it wasn't routing traffic back to the ISP.

You can't manage a private address from the Internet very well, so either I had to get them to log into their own router (not easy for them) or get the ISP to login from their own private network, or drive down and fix the problem myself.

If your not inside of the network the private addresses can be a real problem when you least expect it.

2brad_fleming I do not mean using NAT/PAT. The customers use public IP. Only internal infrastruture (let's say networks between routers in ISP backbone)uses private IP.

2pixitha For remote management (from outside of ISP) you certainly need public IP. You can allocate a network of routable loopbacks for that. For the last mile also public IPs are used. As I said privates are used only for internal interconnections.

"2brad_fleming I do not mean using NAT/PAT. The customers use public IP. Only internal infrastruture (let's say networks between routers in ISP backbone)uses private IP."

Oh.. sorry. I likely misread or misunderstood the original. Apologies.

I'd still shy away from using private IPs on "infrastructure" connections unless you are overlaying L3VPN (likely via MPLS) over the private portions of the network. In that case, using private ranges might make a lot of sense. Just be sure to use public space for any customer or external facing.