-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, Not to address the political issues here (which are deep, wide, and WAY too much of a black-hole), remember, that the DoD is not a single organization from a networking perspective. There are a number of different organizations within that structure, all of which may, or may not, want to announce separately, maintain their own external links, etc. Those boundaries can be on a service level (USAF vs USN), geographical level (Southern Command vs. Northern Command), etc. My guess is that they don't want to be tied to only announcing a single /13. Each of those organizations is bigger than a lot of service providers out there... As for why so many addresses - consider a networked ship (where everything has an address), soldier (each soldier having one or more addresses), battlefield sensors, etc. With stateless autoconf, that can add up fairly quickly (depending on network topology). Lastly, If you honestly think that any entity (government or non- government) would launch an offensive cyber-attack from their own address space... never mind.... Chris On 16 May 2008, at 10.58, Dorn Hetzel wrote:
Perhaps it is an attempt to make their address space so sparsely populated that it's close to impossible to find a host without knowing it's address in the first place?
On Fri, May 16, 2008 at 1:09 PM, Jeroen Massar <jeroen@unfix.org> wrote:
Hi folks,
As everybody is a big fan of securing their networks against foreign attacks, be aware that the US DoD has been assigned 14 /22's, IPv6 that is, not IPv4, they all come from a single IPv6 /13 though, which is what they apparently asked for in the beginning, at least that was the rumor, well they got what they wanted.
I've recorded it into GRH as a single /13 though, as that is what it is, and I am not going to bother whois'ing and entering the 14 separate entries there, as that is useless, especially as they will most likely never appear in the global routing tables anyway.
Depending on your love for the US, you might want to add special rules in your network to be able to easily detect Cyber Attacks and other such things towards that address space, to be able to better serve your country, may that be the US or any other country for that matter.
I am of course wondering why ARIN gave 1 organization 14 separate / 22's, even though they are recorded exactly the same, just different prefixes and netnames and it is effectively one huge /13. They could easily have been recorded as that one /13, it is not like eg Canada (no other countries that fall under ARIN now is there) will get a couple of the chunks of remaining space in between there. By assigning them separate /22's, they effectively are stating that it is good to fragment the address space and by having them recorded in whois, also that announcing more specifics from that /13 is just fine.
The other fun question is of course what a single organization has to do with (2^(48-13)=) 34.359.738.368, yes indeed, 34 billion /48's which cover 2.251.799.813.685.248 /64's which is a number that I can't even pronounce. According to Wikipedia the US only has a mere population of 304,080,000, that means that every US citizen can get a 1000+ /48's from their DoD, thus maybe every nuclear warhead and every bullet is getting their own /48 or something to be able to justify for that amount of address space. At least this gives the opportunity to hardcode that block out of hardware if you want to avoid it being ever used by the publicly known part of the US DoD. I wouldn't mind seeing the request form that can justify this amount of address space though, must be a lot of fun.
Now back to your regular NANOG schedule....
Greets, Jeroen
(who will hide himself in a nice Swiss nuclear bunker till the flames are all gone ;)
1) http://en.wikipedia.org/wiki/United_States which points to: http://www.census.gov/population/www/popclockus.html
_______________________________________________ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
_______________________________________________ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
- --- 李柯睿 Check my PGP key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB67593B -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJILc81AAoJEGmx2Mt/+Iw/0HEH/1HZmv1nsNRpz1sqjMJwy0kr O68VCagg7tNfRLq/ErY8lOkxcVsAp0R6urZN8kJwt59MBcd1Yat8BxqayfXcbrx4 m/y361FKjEt8HpBBcS5EiHftjojD2aWczlinJuGL97koDw390ozuZhXLvui27JsE Zh2LHdLrya2ZKMkfL2/mLc7J1C0CiuMvflDVCURG8c+aG17O+aH8csTbxHzStoH4 U0lbxH6hvOHVtQdaHa4JKtZD6zdUIn4quZnwnyPO7mop9005h/W4GRIqB4fUQMGB Jk+8bo5ArTxIlceunhLhbUhMAphF7RaABNKBxsUrgc4nqQVVCV8fOCbyvOr6rTA= =z0uG -----END PGP SIGNATURE-----