Re: customers and web servers and level one naps
From: Avi Freedman <freedman@netaxs.com> ...
I'd like to know the answer to this (re: PAIX. No other exchange that I know of gives IPs for use by non-routers that aren't RA machines). ...
But that doesn't stop people from attaching hosts into the NAP infrastructure. I pointed this out on the mae-west list a few weeks ago. There are quite a few providers at mae-west who plug the NetEdge at their end into a FDDI ring which has multiple IP subnets on it, one of them the NAP addresses, and another for their local boxes. Since the NetEdge is a filtering bridge, it seems like it would isolate the traffic, but it DOESN'T STOP BROADCAST TRAFFIC. So you get lots of CDP packets, rwhod packets, RIP packets, internal ARP requests, and who knows what else floating around the entire exchange point. All you need to do is send a single ping to 255.255.255.255 via your NAP interface to see just how widespread this has become. Discussion on the mae-west list basically came down to "no, this shouldn't be how people build their networks" but I don't see any changes: (note that some stuff might be missed because not every ping reply gets back) Stuff in other address spaces: Reply to request 0 from scl-ca-gw3.netcom.net (163.179.51.16), 44 ms Reply to request 0 from scl-ca-gw13.netcom.net (163.179.51.14), 304 ms Reply to request 0 from nntp.mainstreet.net (205.137.63.53), 56 ms Reply to request 0 from sc01-gw1.mainstreet.net (207.5.0.2), 52 ms Reply to request 0 from scl-ca-gw7.netcom.net (163.179.51.7), 48 ms Reply to request 0 from scl-ca-gw2.netcom.net (163.179.51.3), 48 ms Reply to request 0 from scl-ca-gw6.netcom.net (163.179.51.6), 48 ms Reply to request 0 from scl-ca-gw4.netcom.net (163.179.51.4), 48 ms Reply to request 0 from scl-ca-gw12.netcom.net (163.179.51.13), 48 ms Reply to request 0 from sc01-gw2.mainstreet.net (207.5.0.4), 48 ms Reply to request 0 from scl-ca-gw10.netcom.net (163.179.51.10), 48 ms Reply to request 0 from news8.agis.net (205.137.63.52), 48 ms Reply to request 0 from scl-ca-gw9.netcom.net (163.179.51.9), 44 ms Reply to request 0 from scl-ca-gw8.netcom.net (163.179.51.8), 44 ms Reply to request 0 from scl-ca-gw5.netcom.net (163.179.51.5), 44 ms Reply to request 0 from scl-ca-gw1.netcom.net (163.179.51.15), 44 ms Reply to request 0 from news4.agis.net (205.137.63.51), 44 ms Equipment that can't reply properly to broadcasts: Reply to request 0 from 255.255.255.255, 4 ms Reply to request 0 from 255.255.255.255, 1 ms Reply to request 0 from 255.255.255.255, 72 ms Reply to request 0 from 255.255.255.255, 4 ms -matthew kaufman matthew@scruz.net
From: Avi Freedman <freedman@netaxs.com> ...
I'd like to know the answer to this (re: PAIX. No other exchange that I know of gives IPs for use by non-routers that aren't RA machines). ...
But that doesn't stop people from attaching hosts into the NAP infrastructure. I pointed this out on the mae-west list a few weeks ago. There are quite a few providers at mae-west who plug the NetEdge at their end into a FDDI ring which has multiple IP subnets on it, one of them the NAP addresses, and another for their local boxes. Since the NetEdge is a filtering bridge, it seems like it would isolate the traffic, but it DOESN'T STOP BROADCAST TRAFFIC. So you get lots of CDP packets, rwhod packets, RIP packets, internal ARP requests, and who knows what else floating around the entire exchange point.
Yes, and this *IS* a problem. But none of those had a 198.32.136.x address... The bigger problem (the one I was thinking about) would be someone putting a host on 192.41.177.x or 192.157.69.x or 198.32.136.x or ... Most providers carry the 192.41.177/24 (MAE-East) etc... routes and "know" how to get to them, so any machine hooked up with the IP out of the network of a major XP has the potential to get "free" full or partial Internet connectivity. *That*'s the big problem you have to make sure to avoid if you want people to play with you (if you're an XP operator). Avi
participants (2)
-
Avi Freedman
-
matthew@scruz.net