[Denvercoder9]

Two things that come to mind are running out of private address space (a /8 isn't that large), or wanting address space that doesn't clash with other private networks (e.g. to ensure a VPN doesn't overlap with home networks). There's probably more reasons.

[VLM]

> running out of private address space

Classic merger "solution".

Company A uses 10/8 Company B uses 10/8, company A buys company B and orders new subsidiary B to renumber into 11/8 "All you have to do is change every first octet to 11"

[sk1ppy]

Merger after merger after merger followed by a massive adoption of public cloud (using Direct Connect/Express Route for hybrid connectivity) has led at least two very large FinServs I worked for adopting CGNAT (100.64/10) for parts of their internal networks.

In both cases RFC1918 was used throughout their global network and while not fully used, had become highly fragmented over time.

[woleium]

or, you know, use NAT to do so :)

[kenniskrag]

or upgrade to ipv6 :)

[ratsmack]

or maybe ask the question regarding why we're not all running ipv6.

[kenniskrag]

why?

[accountofme]

Its incompatible with IP v4, has a stupid addressing scheme, it requires new router hardware and software for isps to buy and nobody is using it because of all the aforementioned issues.

[mrweasel]

Because even equipment that claim IPv6 often doesn’t. We have seen both software and hardware which “supported” IPv6 for 5 - 10 year, but we’re the first to use it in production and the manufacturer haven’t tested it since the initial implementation.

[vxNsr]

Because ipv6 is hard and NAT works well enough.

[WanderPanda]

how would nat help in this case?

[xxpor]

If they're not actually using the whole /8 (highly likely), you can setup a 1:1 NAT. basically from network b, if you want to talk to network a, you find out the address in 11/8 that corresponds to the 10/8 address and vice versa. You can use split horizon dns to make it mostly transparent.

Every networking problem in the world can be solved with more NAT or more encapsulation :)

[jandrese]

You don't have to use every address in 10.0.0.0/8 to effectively fill it up. If your corporate policy is to assign a /16 to each floor of a building, and you have a LOT of buildings it's pretty easy to fill up the space even if most of the /16s are sparsely populated. It's much easier to move on to the 11. space when you build that new building that pushes you over than renumbering your entire corporate LAN.

[xxpor]

Right, but that's not relevant for 1:1 NAT (well, at least it doesn't have to be). Since the NAT would happen in software, you're no longer constrained by subnets being physically under routers. 11.2.3.0/24 could contain 10.0.1.0/24 and 10.128.128.0/24 without any issues, assuming they don't use in total more than 256 address.

[woleium]

what you call 1:1 NAT is just called NAT by cisco, the stuff most folks think NAT is is actually NAT+PAT (like what you run on your home router with a single public IP)

[Dylan16807]

Mostly, but NAT without PAT doesn't have to be 1:1. You could put 100 hosts behind 20 IP addresses without ever changing a port.

[xxpor]

exactly, that's why I specified.

[chiph]

It basically maps addresses visible on one interface to those on a different interface. So you can route many addresses on 10.x to a single 10.x address that is on a different network.

https://www.cisco.com/c/en/us/support/docs/ip/network-addres...