Re: Static Routing 172.16.0.0/32
1. A single known ip address that redirects to the closest internal repo server. 172.16.0.0/32 redirects to a usable subnet ip in 172.16.xx.xx by static route. 2. Internal private network that is reachable by clients. -------- Original message -------- From: William Herrin <bill@herrin.us> Date: 12/8/17 1:34 PM (GMT-08:00) To: Ryan Hamel <Ryan.Hamel@quadranet.com> Cc: nanog@nanog.org Subject: Re: Static Routing 172.16.0.0/32 On Thu, Dec 7, 2017 at 10:13 PM, Ryan Hamel <Ryan.Hamel@quadranet.com<mailto:Ryan.Hamel@quadranet.com>> wrote: A colleague of mine has static routed 172.16.0.0/32<http://172.16.0.0/32> to a usable IP address, to have a single known IP address be static routed to a regions closest server. While I understand the IP address does work (pings and what not), I don't feel this should be the proper IP address used, but something more feasible like a usable IP in a dedicated range (172.31.0.0/24<http://172.31.0.0/24> for example). Hi Ryan, Some clarifications: 1. You say, "static routed to a regions closest server." What do you mean by that? A static-routed anycast address? 2. In what reachability context? Is this a private network? An ISP network where the reachability should be the ISP and its customers? Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com<mailto:herrin@dirtside.com> bill@herrin.us<mailto:bill@herrin.us> Dirtside Systems ......... Web: <http://www.dirtside.com/>
On Fri, Dec 8, 2017 at 4:37 PM, Ryan Hamel <Ryan.Hamel@quadranet.com> wrote:
1. A single known ip address that redirects to the closest internal repo server. 172.16.0.0/32 redirects to a usable subnet ip in 172.16.xx.xx by static route.
Hi Ryan, Maybe if would help if you write the extended version because that's about as clear as mud. First you asked about routing. Now you imply HTTP. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>
I'm not implying HTTP, I'm implying a static route at each sites private layer 3 router (it'll move to BGP in the future). The repository server listens on the IP as well. My original question was the fact of using 172.16.0.0/32 as a usable IP address (not even caring about anycast). -------- Original message -------- From: William Herrin <bill@herrin.us> Date: 12/8/17 1:45 PM (GMT-08:00) To: Ryan Hamel <Ryan.Hamel@quadranet.com> Cc: nanog@nanog.org Subject: Re: Static Routing 172.16.0.0/32 On Fri, Dec 8, 2017 at 4:37 PM, Ryan Hamel <Ryan.Hamel@quadranet.com<mailto:Ryan.Hamel@quadranet.com>> wrote:
1. A single known ip address that redirects to the closest internal repo server. 172.16.0.0/32<http://172.16.0.0/32> redirects to a usable subnet ip in 172.16.xx.xx by static route.
Hi Ryan, Maybe if would help if you write the extended version because that's about as clear as mud. First you asked about routing. Now you imply HTTP. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com<mailto:herrin@dirtside.com> bill@herrin.us<mailto:bill@herrin.us> Dirtside Systems ......... Web: <http://www.dirtside.com/>
On Fri, Dec 8, 2017 at 4:50 PM, Ryan Hamel <Ryan.Hamel@quadranet.com> wrote:
I'm not implying HTTP, I'm implying a static route at each sites private
layer 3 router (it'll move to BGP in the future). The repository server listens on the IP as well.
My original question was the fact of using 172.16.0.0/32 as a usable IP
address (not even caring about anycast).
Internal private network that is reachable by clients.
Hi Ryan, Clients meaning employee computers or clients meaning other networks who subscribe to your service and connect with a VPN? The the former, save yourself grief and use a different /32. For the latter, it's semi-clever. It neatly avoids the problem of customers using the same RFC1918 addresses as you. Even if they're using a subnet like 172.16.0.0/24, a /32 route can usually override that one address without ill effect. It's only semi-clever because the .0 address is a corner case in the code and corner cases are where bugs are most likely to happen. And if you're sending clients from that address to another host with a regular 172.16 address anyway... Regards, Bill Herrin
-------- Original message -------- From: William Herrin <bill@herrin.us> Date: 12/8/17 1:45 PM (GMT-08:00) To: Ryan Hamel <Ryan.Hamel@quadranet.com> Cc: nanog@nanog.org Subject: Re: Static Routing 172.16.0.0/32
On Fri, Dec 8, 2017 at 4:37 PM, Ryan Hamel <Ryan.Hamel@quadranet.com> wrote:
1. A single known ip address that redirects to the closest internal repo server. 172.16.0.0/32 redirects to a usable subnet ip in 172.16.xx.xx by static route.
Hi Ryan,
Maybe if would help if you write the extended version because that's about as clear as mud. First you asked about routing. Now you imply HTTP.
Regards, Bill Herrin
-- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>
-- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>
why not use 192.0.2.0/24 addrs? lots of other ranges you could probably use safely. https://en.wikipedia.org/wiki/Reserved_IP_addresses Using .0 you're asking to exercise bugs and undefined implimentation choices of various tcp stacks and resolvers out there on myriad devices. Clever collision avoidance, but relies on a prayer. (IIRC try setting an NS record to resolve to 127.0.0.255 on windows 95 - it used to lock the OS up.... fun times. Someone had pointed some popular domain at us by accident, and having no entry and no negative caching of the day meant we were being hammerred on our 10mbps uplink, had to set something to get cached, so we did... several hours later a microsoft engineer called us and pleaded with us to use a different IP. :) /kc On Fri, Dec 08, 2017 at 05:25:58PM -0500, William Herrin said:
On Fri, Dec 8, 2017 at 4:50 PM, Ryan Hamel <Ryan.Hamel@quadranet.com> wrote:
I'm not implying HTTP, I'm implying a static route at each sites private
layer 3 router (it'll move to BGP in the future). The repository server listens on the IP as well.
My original question was the fact of using 172.16.0.0/32 as a usable IP
address (not even caring about anycast).
Internal private network that is reachable by clients.
Hi Ryan,
Clients meaning employee computers or clients meaning other networks who subscribe to your service and connect with a VPN?
The the former, save yourself grief and use a different /32.
For the latter, it's semi-clever. It neatly avoids the problem of customers using the same RFC1918 addresses as you. Even if they're using a subnet like 172.16.0.0/24, a /32 route can usually override that one address without ill effect.
It's only semi-clever because the .0 address is a corner case in the code and corner cases are where bugs are most likely to happen. And if you're sending clients from that address to another host with a regular 172.16 address anyway...
Regards, Bill Herrin
-------- Original message -------- From: William Herrin <bill@herrin.us> Date: 12/8/17 1:45 PM (GMT-08:00) To: Ryan Hamel <Ryan.Hamel@quadranet.com> Cc: nanog@nanog.org Subject: Re: Static Routing 172.16.0.0/32
On Fri, Dec 8, 2017 at 4:37 PM, Ryan Hamel <Ryan.Hamel@quadranet.com> wrote:
1. A single known ip address that redirects to the closest internal repo server. 172.16.0.0/32 redirects to a usable subnet ip in 172.16.xx.xx by static route.
Hi Ryan,
Maybe if would help if you write the extended version because that's about as clear as mud. First you asked about routing. Now you imply HTTP.
Regards, Bill Herrin
-- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>
-- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>
-- Ken Chase - math@sizone.org Guelph Canada
On Fri, Dec 8, 2017 at 10:44 PM, Ken Chase <math@sizone.org> wrote:
why not use 192.0.2.0/24 addrs?
lots of other ranges you could probably use safely.
https://en.wikipedia.org/wiki/Reserved_IP_addresses
Using .0 you're asking to exercise bugs and undefined implimentation choices of various tcp stacks and resolvers out there on myriad devices. Clever collision avoidance, but relies on a prayer.
Please stop spreading Fear, Uncertainty and Doubt about valid CIDR addresses. :-)
(IIRC try setting an NS record to resolve to 127.0.0.255 on windows 95 - it used to lock the OS up.... fun times. Someone had pointed some popular domain at us by accident, and having no entry and no negative caching of the day meant we were being hammerred on our 10mbps uplink, had to set something to get cached, so we did... several hours later a microsoft engineer called us and pleaded with us to use a different IP. :)
Microsoft ended support for Windows 95 on December 31th 2001.... Kind regards, Job
Right - usage of network and broadcast addresses will suddenly make all the ToiletPaperLink devices upgrade themselves to a new firmware that the devs released posthaste to handle them properly... I like your upgrade-by-force ideas! (no, I do. Screw bad implimentations, let them be binned!) (Tell me about your v6 adoption plans now.) The Win95 thing was just a personal example of how these things can express themselves... was a good laugh at the time. The incidence and hilarity of similar events has not materially changed in the intervening decades, we'll all note. Have fun with your .0's people! Let us know how your support dept likes em. /kc On Fri, Dec 08, 2017 at 10:47:09PM +0000, Job Snijders said:
On Fri, Dec 8, 2017 at 10:44 PM, Ken Chase <math@sizone.org> wrote:
why not use 192.0.2.0/24 addrs?
lots of other ranges you could probably use safely.
https://en.wikipedia.org/wiki/Reserved_IP_addresses
Using .0 you're asking to exercise bugs and undefined implimentation choices of various tcp stacks and resolvers out there on myriad devices. Clever collision avoidance, but relies on a prayer.
Please stop spreading Fear, Uncertainty and Doubt about valid CIDR addresses. :-)
(IIRC try setting an NS record to resolve to 127.0.0.255 on windows 95 - it used to lock the OS up.... fun times. Someone had pointed some popular domain at us by accident, and having no entry and no negative caching of the day meant we were being hammerred on our 10mbps uplink, had to set something to get cached, so we did... several hours later a microsoft engineer called us and pleaded with us to use a different IP. :)
Microsoft ended support for Windows 95 on December 31th 2001....
Kind regards,
Job
-- Ken Chase - Guelph Canada
In this example only semi-new devices with current OSes are accessing 172.16.0.0, concerns over old devices or a BSD4.2 machine hitting it is highly unlikely. To clarify Ryan's statement, the device in question is our software repository where we store OS software updates, for only recent versions of software, so it should not be an issue. Since we have multiple locations, and multiple software stores, we use 172.16.0.0 as the AnyCast address. I am glad that we have been able to stir up such a discussion, Ryan and I had the same conversation here so I am glad that he brought it to the group. -- Kate Gerry Network & Facilities Director +1 (888) 578-2372 x206 / kate@quadranet.com QuadraNet, Inc. / Dedicated Servers, Colocation, Cloud, QuadraNet Vest DDoS Protection Datacenters in Los Angeles, Dallas, Miami, Atlanta, Chicago & New Jersey -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Ken Chase Sent: Friday, December 8, 2017 3:03 PM To: Job Snijders <job@instituut.net> Cc: nanog@nanog.org Subject: Re: Static Routing 172.16.0.0/32 Right - usage of network and broadcast addresses will suddenly make all the ToiletPaperLink devices upgrade themselves to a new firmware that the devs released posthaste to handle them properly... I like your upgrade-by-force ideas! (no, I do. Screw bad implimentations, let them be binned!) (Tell me about your v6 adoption plans now.) The Win95 thing was just a personal example of how these things can express themselves... was a good laugh at the time. The incidence and hilarity of similar events has not materially changed in the intervening decades, we'll all note. Have fun with your .0's people! Let us know how your support dept likes em. /kc On Fri, Dec 08, 2017 at 10:47:09PM +0000, Job Snijders said:
On Fri, Dec 8, 2017 at 10:44 PM, Ken Chase <math@sizone.org> wrote:
why not use 192.0.2.0/24 addrs?
lots of other ranges you could probably use safely.
https://en.wikipedia.org/wiki/Reserved_IP_addresses
Using .0 you're asking to exercise bugs and undefined implimentation choices of various tcp stacks and resolvers out there on myriad devices. Clever collision avoidance, but relies on a prayer.
Please stop spreading Fear, Uncertainty and Doubt about valid CIDR addresses. :-)
(IIRC try setting an NS record to resolve to 127.0.0.255 on windows 95 - it used to lock the OS up.... fun times. Someone had pointed some popular domain at us by accident, and having no entry and no negative caching of the day meant we were being hammerred on our 10mbps uplink, had to set something to get cached, so we did... several hours later a microsoft engineer called us and pleaded with us to use a different IP. :)
Microsoft ended support for Windows 95 on December 31th 2001....
Kind regards,
Job
-- Ken Chase - Guelph Canada
And thank god for that. Since Microsoft stopped diddle-farting with Windows 98 is was never infested with the UDP "Execute Payload with NT AUTHORITY\SYSTEM" flag that appeared in all later versions of Windows TCP/IP stack. As Windows 98 worked on the day after Microsoft stopped diddling with it, so it will work on that day + N, for every value of N. The most wonderful thing that can happen to a Microsoft product is that they stop diddling with it for at that point it stops being a moving target that works differently from one minute to the next. Additionally, features cannot be removed from the product as usually happens with each downgrade (I think Microsoft calls them upgrades) of the products. --- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Job Snijders Sent: Friday, 8 December, 2017 15:47 To: Ken Chase Cc: nanog@nanog.org Subject: Re: Static Routing 172.16.0.0/32
On Fri, Dec 8, 2017 at 10:44 PM, Ken Chase <math@sizone.org> wrote:
why not use 192.0.2.0/24 addrs?
lots of other ranges you could probably use safely.
https://en.wikipedia.org/wiki/Reserved_IP_addresses
Using .0 you're asking to exercise bugs and undefined implimentation choices of various tcp stacks and resolvers out there on myriad devices. Clever collision avoidance, but relies on a prayer.
Please stop spreading Fear, Uncertainty and Doubt about valid CIDR addresses. :-)
(IIRC try setting an NS record to resolve to 127.0.0.255 on windows 95 - it used to lock the OS up.... fun times. Someone had pointed some popular domain at us by accident, and having no entry and no negative caching of the day meant we were being hammerred on our 10mbps uplink, had to set something to get cached, so we did... several hours later a microsoft engineer called us and pleaded with us to use a different IP. :)
Microsoft ended support for Windows 95 on December 31th 2001....
Kind regards,
Job
participants (6)
-
Job Snijders -
Kate Gerry -
Keith Medcalf -
Ken Chase -
Ryan Hamel -
William Herrin