IANA reserved Address Space
I'm tasked with coming up with an IP plan for an very large lab network. I want to maximize route table manageability and router/firewall log readability. I was thinking of building this lab with the following address space: 1.0.0.0 /8 10.0.0.0 /8 100.0.0.0 /8 I need 3 distinct zones which is why I wanted to separate them out. In any case, I was wondering about the status of the 1 /8 and the 100 /8 networks. What does it mean that they are IANA reserved? Reserved for what? http://www.iana.org/assignments/ipv4-address-space Anyone else ever use IANA reserved address spacing for lab networks? Is there anything special I need to know? I'm under the impression that as long as I stay away from special use address space, I've got no worries. http://www.rfc-editor.org/rfc/rfc3330.txt Thanks, BM
networks 1 and 100 are reserved for future delegation. network 10 is delegated for private networks, such as your lab. if you use networks 1 and 100, you are hijacking these numbers. that said, as long as your lab is never going to connect to the Internet, you may want to consider using the following prefixes: 4.0.0.0/8 38.0.0.0/8 127.0.0.0/8 192.0.0.0/8
I'm tasked with coming up with an IP plan for an very large lab network. I want to maximize route table manageability and router/firewall log readability. I was thinking of building this lab with the following address space:
1.0.0.0 /8 10.0.0.0 /8 100.0.0.0 /8
I need 3 distinct zones which is why I wanted to separate them out. In any case, I was wondering about the status of the 1 /8 and the 100 /8 networks. What does it mean that they are IANA reserved? Reserved for what? http://www.iana.org/assignments/ipv4-address-space
Anyone else ever use IANA reserved address spacing for lab networks? Is there anything special I need to know? I'm under the impression that as long as I stay away from special use address space, I've got no worries. http://www.rfc-editor.org/rfc/rfc3330.txt
Thanks, BM
Brennan_Murphy@NAI.com wrote:
I'm tasked with coming up with an IP plan for an very large lab network. I want to maximize route table manageability and router/firewall log readability. I was thinking of building this lab with the following address space:
1.0.0.0 /8 10.0.0.0 /8 100.0.0.0 /8
If you are using a completely disconnected *LAB* network then why don't you use 'real' addresses and do the test like that simulating the environment just as in 'the real world' (matrix onion layer 666 ;) The only reason you should be worried about IANA is if you where connecting this network to the internet or to other nets. Greets, Jeroen
Anyone else ever use IANA reserved address spacing for lab networks? Is there anything special I need to know? I'm under the impression that as long as I stay away from special use address space, I've got no worries. http://www.rfc-editor.org/rfc/rfc3330.txt
Thanks, BM
sorry, my previous post was only partially serious. RFC 1918 clearly lays out discrete ranges for use in private networks such as the lab you describe. if you presume to use any other address space, you will likely engender confusion, esp. when there are connections from your lab to the larger connected mesh that is called the Internet. hence my puckish suggestion to use the address ranges used by Cogent and Level3/Genuity for their backbones, the first block from the traditional "C" space, and the loopback range. if you foolishly take my suggestion seriously, when your traffic leaks, it will get many peoples attention. so, in a serious vein, don't hijack space, use the ranges set aside for private networks, e.g. RFC 1918 --bill
On Fri, 30 May 2003 Brennan_Murphy@NAI.com wrote:
1.0.0.0 /8 10.0.0.0 /8 100.0.0.0 /8
I need 3 distinct zones which is why I wanted to separate them out. In any case, I was wondering about the status of the 1 /8 and the 100 /8 networks. What does it mean that they are IANA reserved? Reserved for what? http://www.iana.org/assignments/ipv4-address-space
It means (like what has happened recently with 69/8 and others) that they're not in use YET. Eventually, they will go from Reserved to RIR assigned and you will have reachability issues if your lab is ever connected to the internet.
Anyone else ever use IANA reserved address spacing for lab networks? Is there anything special I need to know?
There's an awful lot of RFC 1918 space. How about using some of it? http://69box.atlantic.net/ ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
I'm tasked with coming up with an IP plan for an very large lab network. I want to maximize route table manageability and router/firewall log readability. I was thinking of building this lab with the following address space:
1.0.0.0 /8 10.0.0.0 /8 100.0.0.0 /8
I encourage my competitors to do this. or read another way, this is fairly stupid, but as log as this stupidity doesn't affect me, I don't care. However the person tasked with cleaning tha crap up behind you may not feel the same. Doing something right, the first time saves having to do it over again and again and again and again.
1.0.0.0 /8 10.0.0.0 /8 100.0.0.0 /8
I encourage my competitors to do this.
or read another way, this is fairly stupid, but as log as this stupidity doesn't affect me, I don't care. However the person tasked with cleaning tha crap up behind you may not feel the same.
Doing something right, the first time saves having to do it over again and again and again and again.
Or they could use any addresses they want, and give themselves a way out of the nightmare by using DHCP, bootp or some other sort of similar technology to allow them to migrate thousands of physical or virtual hosts to a new numbering topology. If the lab your are connecting to already has burned up most RFC1918 space, give yourself an out if you have to renumber the whole thing before you can get it live on the Internet. Deepak Jain AiNET
On Fri, 30 May 2003 bdragon@gweep.net wrote:
I'm tasked with coming up with an IP plan for an very large lab network. I want to maximize route table manageability and router/firewall log readability. I was thinking of building this lab with the following address space:
1.0.0.0 /8 10.0.0.0 /8 100.0.0.0 /8
I encourage my competitors to do this.
or read another way, this is fairly stupid, but as log as this stupidity doesn't affect me, I don't care. However the person tasked with cleaning tha crap up behind you may not feel the same.
Doing something right, the first time saves having to do it over again and again and again and again.
If this is a test lab or a learning/practice lab where the users will be simulating real-world scenarios and/or doing NAT and other things that involve public/private addressing issues, then it would IMHO be suitable to use a mix of reserved private space and routable space as appropriate. This would also be useful if it's being used to do a dry-run configuration of networks that will eventually be connected to the Internet. This way once the bugs are worked out, you can cut-and-paste the configurations onto the production network. As long as the people running the lab have it sufficiently firewalled that lab bogosities, BGP sessions, etc. are constrained to the lab itself, it shouldn't matter. Another caveat is that the students or persons using the lab are sufficiently well trained in the differences between routable and reserved private space. No sense in teaching even more people to use public space for private networks that later need to connect to the world but don't/won't/can't renumber. Worse yet are those who want to advertise 10/8 to the rest of us. There are enough of both out there already. As far as any need for the lab to access the Internet for software downloads, general browsing, etc., a well-implemented and firewalled proxy server might be a good idea. What the "right" answer is depends to a great extent on the purpose of the lab and the clue level of its users. -- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
On Fri, 30 May 2003 bdragon@gweep.net wrote:
I'm tasked with coming up with an IP plan for an very large lab network. I want to maximize route table manageability and router/firewall log readability. I was thinking of building this lab with the following address space:
1.0.0.0 /8 10.0.0.0 /8 100.0.0.0 /8
I encourage my competitors to do this.
or read another way, this is fairly stupid, but as log as this stupidity doesn't affect me, I don't care. However the person tasked with cleaning tha crap up behind you may not feel the same.
Doing something right, the first time saves having to do it over again and again and again and again.
If this is a test lab or a learning/practice lab where the users will be simulating real-world scenarios and/or doing NAT and other things that involve public/private addressing issues, then it would IMHO be suitable to use a mix of reserved private space and routable space as appropriate.
The only difference between routed and unrouted (note the difference between that and routable) is consensus. There is nothing inherent in the bits which prevents RFC1918 from being routed globally. There is no requirement to use RFC1918 for NAT. Therefore, your argument doesn't hold water. If the entity for some stupid reason can't use RFC1918, they can and should use their _own_ address space for the balance.
On Sat, 31 May 2003 bdragon@gweep.net wrote:
The only difference between routed and unrouted (note the difference between that and routable) is consensus. There is nothing inherent in the bits which prevents RFC1918 from being routed globally. There is no requirement to use RFC1918 for NAT.
Correct, an error in terminology on my part. Substitute "routed" or "public" for the first and "RFC1918" or "private" for the second. I think we all know what was meant.
Therefore, your argument doesn't hold water.
The minor error in terminology doesn't really affect what I was trying to say. There may be valid reasons where, within a closed lab environment, it could be useful to use public, routed space not assigned to the entity that is operating the lab. I listed some.
If the entity for some stupid reason can't use RFC1918, they can and should use their _own_ address space for the balance.
And if the reason isn't stupid, and proper safeguards are in place, and they're not training people to do this anywhere BUT within a closed lab environment, then it makes no difference what addresses they use. Even if the reason is stupid, no one outside the lab will know or care. If it makes it easier to debug problems with decimal or binary addresses that are easy to parse, or to paste configurations from a production system to a lab for troubleshooting, so what? -- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
On Fri, 30 May 2003 Brennan_Murphy@NAI.com wrote:
I'm tasked with coming up with an IP plan for an very large lab network. I want to maximize route table manageability and router/firewall log readability. I was thinking of building this lab with the following address space:
1.0.0.0 /8 10.0.0.0 /8 100.0.0.0 /8
Since all of the replies have been pretty close to the same (Use RFC1918 ...etc), I'd like to rephrase it to answer a curiosity of mine. RFC1918 is a set number of IP addresses. If you are working on a private network lab that will be on the internet eventually or have parts on the internet and exceeds the total number of IPV4 addressing set aside in RFC1918, and IPV6 private addressing is not an option, what can you do? (I know it's a stretch, but I think it asks specifically what Brennan wants to know and what I'm curious about now) IPV6 would seem to be the best answer overall since it has already been determined the solution for limited addressing, but there is still equipment/software and such that does not support it. Brennan, is a mix of IPV6 and IPV4 private addressing an option for you? I do have to agree wholeheartedly that using address space not assigned to you is unprofessional, and will cause someone headaches later even if it is not you. Gerald
On Fri, 30 May 2003 Brennan_Murphy@NAI.com wrote:
RFC1918 is a set number of IP addresses. If you are working on a private network lab that will be on the internet eventually or have parts on the internet and exceeds the total number of IPV4 addressing set aside in RFC1918, and IPV6 private addressing is not an option, what can you do? (I know it's a stretch, but I think it asks specifically what Brennan wants to know and what I'm curious about now)
You request the number if IP addresses you actually need from IANA (or the relevant registry). See RFC2050, which says: In order for the Internet to scale using existing technologies, use of regional registry services should be limited to the assignment of IP addresses for organizations meeting one or more of the following conditions: a) the organization has no intention of connecting to the Internet-either now or in the future-but it still requires a globally unique IP address. The organization should consider using reserved addresses from RFC1918. If it is determined this is not possible, they can be issued unique (if not Internet routable) IP addresses. DS
On Fri, 30 May 2003, Gerald wrote:
RFC1918 is a set number of IP addresses. If you are working on a private network lab that will be on the internet eventually or have parts on the internet and exceeds the total number of IPV4 addressing set aside in RFC1918, and IPV6 private addressing is not an option, what can you do? (I know it's a stretch, but I think it asks specifically what Brennan wants to know and what I'm curious about now)
As a related question I guess I'd ask what sort of simulation requires more than 16.7 million discreet ipv4 adresses (1/256 of the whole) in order too simulate a reasonable subset of the whole ipv4 internet. -- -------------------------------------------------------------------------- Joel Jaeggli Academic User Services joelja@darkwing.uoregon.edu -- PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E -- In Dr. Johnson's famous dictionary patriotism is defined as the last resort of the scoundrel. With all due respect to an enlightened but inferior lexicographer I beg to submit that it is the first. -- Ambrose Bierce, "The Devil's Dictionary"
On Fri, 30 May 2003, Joel Jaeggli wrote:
As a related question I guess I'd ask what sort of simulation requires more than 16.7 million discreet ipv4 adresses (1/256 of the whole) in order too simulate a reasonable subset of the whole ipv4 internet.
I don't have an answer for that one. :-) I came across the numbering for this in another lookup I was doing and it seemed relevant: 10.0.0.0/8 16,777,214 unique hosts maximum 192.168.0.0/16 65,534 unique hosts maximum 172.16.0.0/12 1,048,574 unique hosts maximum Total: 17,891,322 unique addresses (before further subnetting) What "real world" scenario would use more than almost 17.9 million hosts? That doesn't count NAT'ing within private addressing if the project is large enough and primarily using outbound traffic. RFC1884 sets aside fec0::/10 for IPV6 Private addressing. That's enough to fit all of IPV4 addressing inside of the private addressing alone. (Anyone have a total number of unique hosts on that one?) Gerald
As a related question I guess I'd ask what sort of simulation requires more than 16.7 million discreet ipv4 adresses (1/256 of the whole) in order too simulate a reasonable subset of the whole ipv4 internet.
Many products perform differently (though both performance levels might be observed as line rate) when subjected to different length prefixes. Pete
<snip blah>
Since all of the replies have been pretty close to the same (Use RFC1918 ...etc), I'd like to rephrase it to answer a curiosity of mine.
The answers seemed correct, rephrasing wont change current systems or policies to suit you!
RFC1918 is a set number of IP addresses. If you are working on a private network lab
Use anything you like, its private.
that will be on the internet eventually or have parts on the internet and exceeds the total number of IPV4 addressing set aside in
Follow the current policy for public Internet Address space, get what IPs you need, implement NAT where/if possible.
RFC1918, and IPV6 private addressing is not an option, what can you do? (I
thats the way it is, take it or leave it.. Steve
know it's a stretch, but I think it asks specifically what Brennan wants to know and what I'm curious about now)
IPV6 would seem to be the best answer overall since it has already been determined the solution for limited addressing, but there is still equipment/software and such that does not support it.
Brennan, is a mix of IPV6 and IPV4 private addressing an option for you? I do have to agree wholeheartedly that using address space not assigned to you is unprofessional, and will cause someone headaches later even if it is not you.
Gerald
participants (13)
-
bdragon@gweep.net
-
bmanning@karoshi.com
-
Brennan_Murphy@NAI.com
-
David Schwartz
-
Deepak Jain
-
Gerald
-
Jay Hennigan
-
Jeroen Massar
-
jlewis@lewis.org
-
Joel Jaeggli
-
Petri Helenius
-
Stephen J. Wilcox
-
Valdis.Kletnieks@vt.edu