> Personally, I regard IP addressing at a layer most people shouldn't care
> about, as DNS sits on top and handles translating those nice names that
> the marketing people like into those horrible numbers I force on the
> system administrators in institutions.
>
> As such, I pick IP addresses that fit how I want to organise things -
> which means how I set up filters in OSPF/BGP import/export lists, or
> access lists for management access.
>
>
> We did have a discussion, when reinventing things, if we should try to
> solve some of the problems we hear from people such as the University
> Library - like putting various departments in different blocks of
> addresses, so they could exclude them from journal lists. However, there
> are many ways to slice the cake and I think it's essentially futile - it's
> probably best not to try and be too accommodating because people
> misunderstand what they're getting.
If only we could persuade the sysadmins of "sensitive" systems to think
that way, to not regard IP addresses as somehow organisationally
significant. I think that here we've been too accommodating in agreeing
to snake VLANs around the place so that people don't have to change IP
addresses and therefore don't have to wrangle with sysadmins to update
host firewall rules. If we'd forced people to change addresses more
often we might have got the sysadmins to be more flexible and
responsive.
Sam
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
|