On Mar 18, 2010, at 2:25 PM, Owen DeLong wrote:
On Mar 18, 2010, at 9:34 AM, Fred Baker wrote:
Are they using them only within their domain(s), and ARIN addresses outside, or are they advertising them to their upstream(s) to be readvertised into the backbone?
If they are using them internally and NAT'ing to the outside, they're not hurting themselves or anyone else. I would personally let them alone.
Except you're missing a keyword on the "not hurting themselves" part of that... It's "YET".
Once 1.0.0.0/8 starts getting used in the wild for legitimate sites, it means that this customer won't be able to reach the legitimate 1.0.0.0/8 sites from within their environment and it won't be immediately intuitive to debug the failures.
While the analysis above is correct, the original poster talked about the 1/8 addressing being used on web server farms with translation of incoming connections. Sounds like load balancers using 1/8 for the addresses behind them and on the servers that are providing the service. As such, prospective users of the web site(s) provided by the outfit will not function for broadband users and such who get allocated addresses from 1/8. Reality of course is that both are true, but in terms of "who gets hurt" the issue here may well be a large server farm that is inaccessible from consumer networks in places in Asia. As you note, debugging this type of thing is often not intuitive, as everything appears to work from almost everywhere.
If they are advertising them outside, it adds a small prefix in the ARIN domain that doesn't get aggregated by the upstream. Among 300K such prefixes it is probably noise, but gently suggesting that they use something aggregatable into their upstream's allocation would help a little bit in that regard. What they are most likely hurting is themselves, really; a datagram sent to the address from an ISP outside themselves probably travels via Australia or an Australian ISP.
The route announcement notwithstanding, they're using space that does not belong to them and will belong to someone else in the near future. If you think that is OK, please let me know what your addresses are so that I can start re-using them.
A scenario repeated many times over the years. In the 1990s, it was common to see leakage of the address blocks of vendors that were used in documentation for routers, workstations, etc., as people would look at examples in the manual, and use the exact IP addresses shown, not understanding the "go get your own addresses first" part of the process.
Owen
On Mar 18, 2010, at 8:52 AM, Jaren Angerbauer wrote:
Hi all,
I have a client here in the US, that I just discovered is using a host of private IPs that (as I understand) belong to APNIC (i.e. 1.7.154.70, 1.7.154.00-99, etc.) for their web servers. I'm assuming that the addresses probably nat to a [US] public IP. I'm not familiar enough with the use of private address space outside of ARIN (i.e. 192.0.0.0, 10.0.0.0, etc) but I figure if their sites are up and accessible it must be working for them. I'm just wondering if there is any recommendation or practice around this -- using private IP ranges from another country. Thanks.
--Jaren