On 2/9/11 4:35 AM, Sam Stickland wrote:
On 9 Feb 2011, at 02:43, "R. Benjamin Kessler" <Ben.Kessler@zenetra.com> wrote:
From: George Herbert [mailto:george.herbert@gmail.com]
"Let's just grab 2/8, it's not routed on the Internet..."
+1
I was consulting for a financial services firm in the late '90s that was acquired by a large east-coast bank; the bank's brilliant scheme was to renumber all new acquisitions *out* of RFC1918 space and into (at the time) bogon space.
If I recall, some of the arguments were "they were too big to fit into RFC1918 space" and by having all of their divisions in non-RFC1918 space it would make it easier for them to acquire new companies who used RFC1918 space internally.
You don't have to trawl back to the late 90's to find this, I know of at least 3 or 4 large enterprises using large chunks of public address (multiple /8's) that aren't their's /today/.
This "works" because 1) the Internet is only accessed through proxies, 2) devices that require direct Internet access are addressed out of registered address space (or NATed to registered address space), and 3) third party connections to others enterprises are usually src/dst NATTed to the enterprise's own ranges (with the added benefit that this NAT at 3rd party boundaries helps ensure symmetric traffic flow through firewalls).
sotime it works... if you are natted (from your public scoped but overlapping ipv4 address) but don't go through a proxy, or you go through a transparent proxy you may still be dead because the internal route covers you destination. Those aren't just enterprises either, some fairly common offenders are ISPs or wireless carriers and they did use just one or two additional /8s... joel
And I've only worked at 3 or 4 large enterprises so it's probably safe to assume there's more! With my SP background I was shocked and I'm not trying to defend this practice, but in the enterprise land it seems accepted.
Sam