We here at AOL have noticed that there are still some people filtering 172.0.0.0/8, which is causing AOL subscribers to get blocked from some sites. As a matter of general IP route filtering hygene I thought it worth mentioning (again) to see if we can get this tamped down (or, better still, stamped out). For reference, RFC1918 20 bit block space is 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) ARIN-assigned AOL block ranges that have 172 in the first octet are: 172.128.0.0/10 172.192.0.0/12 172.208.0.0/14 Please double check your filters to make sure you are not accidently blocking AOL in the non-RFC1918 space. It would be useful to pass this along to your downstreams as well. AOL is also working directly with the companies who have misconfigured firewalls where we notice problems with filters. /vijay
y'all might give us something pingable in that space so we can do a primitive and incomplete test in a simple fashion. randy
On Tue, 22 Mar 2005 15:13:07 -0800, Randy Bush <randy@psg.com> wrote:
y'all might give us something pingable in that space so we can do a primitive and incomplete test in a simple fashion.
Those ranges are AOL's dialup pool. Easy way to get something pingable in that space would be to get yourself a coaster^W AOL CD from the nearest 7-11 or Burger King -- Suresh Ramasubramanian (ops.lists@gmail.com)
On Wed, 23 Mar 2005, Suresh Ramasubramanian wrote:
On Tue, 22 Mar 2005 15:13:07 -0800, Randy Bush <randy@psg.com> wrote:
y'all might give us something pingable in that space so we can do a primitive and incomplete test in a simple fashion.
Those ranges are AOL's dialup pool. Easy way to get something pingable in that space would be to get yourself a coaster^W AOL CD from the nearest 7-11 or Burger King
That requires so much effort, most of us won't bother...and no I'm not being sarcastic, just realistic. Would it be that hard for someone at aol.net to take a single /32 from that vast IP range and assign it to a host as an IP alias or router loopback address? I did that (router loopback to give people something to ping) with a 69/8 IP before setting up 69box. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
vijay gill wrote:
On Tue, Mar 22, 2005 at 03:13:07PM -0800, Randy Bush wrote:
y'all might give us something pingable in that space so we can do a primitive and incomplete test in a simple fashion.
randy
try 172.128.1.1
/vijay
Wouldnt 172.15.255.254 and 172.32.0.1 do better at helping to nail down improper filter issues? Wont above miss detecting of 172.0.0.0 0.15-127.255.255 172.16.0.0 0.31-63.255.255 while it will catch only 172.0.0.0 0.255.255.255 (disregarding other possible permutations) ? Also perhaps a traceroute http web site there would be nice also. Perhaps that is all more trouble than its worth.....
participants (5)
-
Joe Maimon
-
Jon Lewis
-
Randy Bush
-
Suresh Ramasubramanian
-
vijay gill