Rogers Canada using 7.0.0.0/8 for internal address space
As of April 27th I have started to receive dhcp broadcast requests originating from the 7.0.0.0/8 network. Based on MAC addresses, it seems that this is communication between the Rogers border/node hardware (MAC assigned to Cisco) and my Motorola cable modem. Is the DoD releasing this range to Rogers? Or has Rogers squatted on this space due to exhaustion of their 10/8 use? We've seen other vendors and ISP squat on previously unused ranges (the 1/8 or 5/8s). Could they not wrap their internal cable modem to node chatter in IPv6, instead of using assigned address space? sample chatter .. MAC=00:14:f1:eb:57:de:08:00 SRC=7.8.12.1 DST=255.255.255.255 LEN=347 TOS=00 PREC=0x00 TTL=255 ID=16 PROTO=UDP SPT=67 DPT=68 LEN=327 IP (tos 0x0, ttl 255, id 15, offset 0, flags [none], proto UDP (17), length 355) 7.8.12.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 327, xid 0x4, Flags [Broadcast] (0x8000) Your-IP 7.8.x.x Server-IP 7.8.x.1 Gateway-IP 7.8.x.1 Client-Ethernet-Address 00:0e:5c:xx:xx:xx file "xxx" Vendor-rfc1048 Extensions Magic Cookie 0xXX DHCP-Message Option 53, length 1: Offer Server-ID Option 54, length 4: 64.71.246.x Lease-Time Option 51, length 4: 548020 Subnet-Mask Option 1, length 4: 255.255.252.0 RN Option 58, length 4: 40 Time-Zone Option 2, length 4: 0 Default-Gateway Option 3, length 4: 7.8.x.1 Time-Server Option 4, length 4: 64.71.x.x END Option 255, length 0 PAD Option 0, length 0, occurs 41 -- MF gbtel.ca
On May 23, 2011, at 8:28 AM, Mark Farina wrote:
Is the DoD releasing this range to Rogers?
Unlikely, although it might be an interesting case of testing ARIN's transfer policy if it was the case :-).
Or has Rogers squatted on this space due to exhaustion of their 10/8 use?
Probably. I've heard other large providers having similar issues (resulting in several attempts to designate more RFC 1918, all of which were all shot down).
We've seen other vendors and ISP squat on previously unused ranges (the 1/8 or 5/8s).
Yes, however at the time those ISPs squatted on those addresses (and others), they had not yet been allocated by IANA pretty much guaranteeing there would be collisions when the IPv4 free pool was exhausted. In this case, the block has been allocated yet doesn't appear to be in the routing system and I'm not sure it ever has been (at least authorized to be). I'm guessing Rogers is making the assumption that the chances are probably small that one of their customers will need to communicate with a non-announced US DoD network. I suspect they aren't the first to make this assumption.
Could they not wrap their internal cable modem to node chatter in IPv6, instead of using assigned address space?
This would assume their deployed systems can support IPv6. I suspect they have a few non-upgradeable systems/devices in their network and have chosen to squat on 7/8 rather than raise their rates to cover short-term upgrade costs (or deal with additional operational costs if they used multiple instances of 10/8). But I'm just guessing... Regards, -drc
Sent from my iPad On May 23, 2011, at 11:32, David Conrad <drc@virtualized.org> wrote:
On May 23, 2011, at 8:28 AM, Mark Farina wrote:
Is the DoD releasing this range to Rogers?
Unlikely, although it might be an interesting case of testing ARIN's transfer policy if it was the case :-).
Or has Rogers squatted on this space due to exhaustion of their 10/8 use?
Probably. I've heard other large providers having similar issues (resulting in several attempts to designate more RFC 1918, all of which were all shot down).
Really? All of them? Are you sure about that? I believe there is a policy proposal in the ARIN region which, I have it on good authority is still active. True, it doesn't technically designate more RFC-1918, but, it does create a /10 of space for shared use for the purpose of LSN intermediate space or other carrier-level private network usage.
We've seen other vendors and ISP squat on previously unused ranges (the 1/8 or 5/8s).
Yes, however at the time those ISPs squatted on those addresses (and others), they had not yet been allocated by IANA pretty much guaranteeing there would be collisions when the IPv4 free pool was exhausted. In this case, the block has been allocated yet doesn't appear to be in the routing system and I'm not sure it ever has been (at least authorized to be). I'm guessing Rogers is making the assumption that the chances are probably small that one of their customers will need to communicate with a non-announced US DoD network. I suspect they aren't the first to make this assumption.
More likely they are making the assumption that their private internal use of the address space won't conflict with DoD's (apparently) private internal use of the address space. Owen
On May 23, 2011, at 10:36 AM, Owen DeLong wrote:
Sent from my iPad
On May 23, 2011, at 11:32, David Conrad <drc@virtualized.org> wrote:
On May 23, 2011, at 8:28 AM, Mark Farina wrote:
Is the DoD releasing this range to Rogers?
Unlikely, although it might be an interesting case of testing ARIN's transfer policy if it was the case :-).
Or has Rogers squatted on this space due to exhaustion of their 10/8 use?
More likely they are making the assumption that their private internal use of the address space won't conflict with DoD's (apparently) private internal use of the address space.
if they're numbering cpe out of it they've also decided that breaking 6to4 is no problem either, if they aren't then hey it's just more ipv4 ugliness, and there's alot more where that came from... joel
In message <B2100B46-6D93-46A2-8746-5CFB8BE88AE9@bogus.com>, Joel Jaeggli write s:
On May 23, 2011, at 10:36 AM, Owen DeLong wrote:
On May 23, 2011, at 8:28 AM, Mark Farina wrote:
Is the DoD releasing this range to Rogers? =20 Unlikely, although it might be an interesting case of testing ARIN's =
=20
Or has Rogers squatted on this space due to exhaustion of their 10/8 = use? =20 =20 More likely they are making the assumption that their private internal = use of the address space won't conflict with DoD's (apparently) private internal use of =
=20 =20 Sent from my iPad =20 On May 23, 2011, at 11:32, David Conrad <drc@virtualized.org> wrote: =20 transfer policy if it was the case :-). the address space.
if they're numbering cpe out of it they've also decided that breaking = 6to4 is no problem either, if they aren't then hey it's just more ipv4 = ugliness, and there's alot more where that came from...
joel=
and other stuff which doesn't work in a double nat environment. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Mon, May 23, 2011 at 7:00 PM, Mark Andrews <marka@isc.org> wrote:
In message <B2100B46-6D93-46A2-8746-5CFB8BE88AE9@bogus.com>, Joel Jaeggli write s:
On May 23, 2011, at 10:36 AM, Owen DeLong wrote:
On May 23, 2011, at 8:28 AM, Mark Farina wrote:
Is the DoD releasing this range to Rogers? =20 Unlikely, although it might be an interesting case of testing ARIN's =
=20
Or has Rogers squatted on this space due to exhaustion of their 10/8 = use? =20 =20 More likely they are making the assumption that their private internal = use of the address space won't conflict with DoD's (apparently) private internal use of =
=20 =20 Sent from my iPad =20 On May 23, 2011, at 11:32, David Conrad <drc@virtualized.org> wrote: =20 transfer policy if it was the case :-). the address space.
if they're numbering cpe out of it they've also decided that breaking = 6to4 is no problem either, if they aren't then hey it's just more ipv4 = ugliness, and there's alot more where that came from...
joel=
and other stuff which doesn't work in a double nat environment.
This is the business reality of the IPv4-scarce era. Diluted IPv4 is not new to many places and will become common in many more places. Furthermore, it is a calculated business risk. IPv4 services will/have become the 2nd class (NAT444...) services as IPv6 ascends to first class status with e2e restored and more and more services supporting IPv6 (World IPv6 day in a little over 2 week!...). Don't get me wrong, IPv6 has a long way to go in terms of availability, peering, and application support. But make no mistake, the tide is turning. Rogers is doing what they have to do proactively to stay ahead of the curve of complete exhaustion. As for 6to4, the good folks at Rogers have found a way to make it work for you ... with yet another NAT :) http://tools.ietf.org/html/draft-kuarsingh-v6ops-6to4-provider-managed-tunne... Cameron --
Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
This is the business reality of the IPv4-scarce era. Diluted IPv4 is not new to many places and will become common in many more places. Furthermore, it is a calculated business risk. IPv4 services will/have become the 2nd class (NAT444...) services as IPv6 ascends to first class status with e2e restored and more and more services supporting IPv6 (World IPv6 day in a little over 2 week!...).
Diluted IPv4 is one thing. Hijacking space allocated to another entity is another. As long as they keep it contained within their network, it's pretty much up to them to break their own environment however they see fit, but, if they start leaking 7.0.0.0/8 or subset announcements on to the internet in general, I wouldn't want to be them or one of the companies that was accepting their routes.
Don't get me wrong, IPv6 has a long way to go in terms of availability, peering, and application support. But make no mistake, the tide is turning. Rogers is doing what they have to do proactively to stay ahead of the curve of complete exhaustion.
I don't think they have to hijack space from DoD. I think there are a number of other options available to them. They might cost more, but, they also come with somewhat lower risks. Owen
On Mon, May 23, 2011 at 11:34 PM, Owen DeLong <owen@delong.com> wrote:
I don't think they have to hijack space from DoD. I think there are a number of other options available to them. They might cost more, but, they also come with somewhat lower risks
the good thing is 7 exists on networks that will never see the light of day... so it's just like 10! only lower and cooler! (and lucky, if you believe the movies and all)
On May 24, 2011, at 12:02 AM, Christopher Morrow wrote:
On Mon, May 23, 2011 at 11:34 PM, Owen DeLong <owen@delong.com> wrote:
I don't think they have to hijack space from DoD. I think there are a number of other options available to them. They might cost more, but, they also come with somewhat lower risks
the good thing is 7 exists on networks that will never see the light of day... so it's just like 10! only lower and cooler! (and lucky, if you believe the movies and all)
It's not just whether those networks will ever leak 7. It's whether the DoD will ever announce anything in 7. If they do, any Rogers customer who wants to talk to it is screwed. Whether they have a 7 addy or not, Rogers' routers will not let the packet leave Rogers' borders. -- TTFN, patrick
On Mon, May 23, 2011 at 9:09 PM, Patrick W. Gilmore <patrick@ianai.net> wrote:
On May 24, 2011, at 12:02 AM, Christopher Morrow wrote:
On Mon, May 23, 2011 at 11:34 PM, Owen DeLong <owen@delong.com> wrote:
I don't think they have to hijack space from DoD. I think there are a number of other options available to them. They might cost more, but, they also come with somewhat lower risks
the good thing is 7 exists on networks that will never see the light of day... so it's just like 10! only lower and cooler! (and lucky, if you believe the movies and all)
It's not just whether those networks will ever leak 7. It's whether the DoD will ever announce anything in 7.
If they do, any Rogers customer who wants to talk to it is screwed. Whether they have a 7 addy or not, Rogers' routers will not let the packet leave Rogers' borders.
Now, the onus is on the DoD to make its content available over unique IPv6 space so that the Roger's customers can get to it using the 6to4-PMT solution. There is always a solution. Cameron
-- TTFN, patrick
On Mon, 23 May 2011 21:14:02 PDT, Cameron Byrne said:
Now, the onus is on the DoD to make its content available over unique IPv6 space so that the Roger's customers can get to it using the 6to4-PMT solution. There is always a solution.
Which they should be ready to do already, since didn't the US Govt. mandate IPv6 support sometime last century? ;)
On Mon, May 23, 2011 at 9:22 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Mon, 23 May 2011 21:14:02 PDT, Cameron Byrne said:
Now, the onus is on the DoD to make its content available over unique IPv6 space so that the Roger's customers can get to it using the 6to4-PMT solution. There is always a solution.
Which they should be ready to do already, since didn't the US Govt. mandate IPv6 support sometime last century? ;)
The US Govt does actually have a respectable showing for World IPv6 Day including treasury.gov, edu.gov, census.gov and others. CB
In message <17520.1306210956@localhost>, Valdis.Kletnieks@vt.edu writes:
On Mon, 23 May 2011 21:14:02 PDT, Cameron Byrne said:
Now, the onus is on the DoD to make its content available over unique IPv6 space so that the Roger's customers can get to it using the 6to4-PMT solution. There is always a solution.
Which they should be ready to do already, since didn't the US Govt. mandate IPv6 support sometime last century? ;)
Which isn't yet a practical solution because it takes two to play. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
From: Valdis.Kletnieks@vt.edu Date: Tue, 24 May 2011 00:22:36 -0400
On Mon, 23 May 2011 21:14:02 PDT, Cameron Byrne said:
Now, the onus is on the DoD to make its content available over unique IPv6 space so that the Roger's customers can get to it using the 6to4-PMT solution. There is always a solution.
Which they should be ready to do already, since didn't the US Govt. mandate IPv6 support sometime last century? ;)
Not really. "Backbone networks" were required tobe IPv6 capable back last decade, but no requirement for any end systems or services. (Nor was "backbone network" defined.) By October 1, 2012 all public services (web, mail, and DNS) must be IPv6 capable and reachable using native IPv6 via all carriers being used for public access. By October 1, 2014 all U.S. government services and networks must support IPv6. No tunnels. No special names for IPv6 services. It also includes any government sponsored services that are contracted out and government laboratories. Both some DOD and civilian network have been IPv6 capable for some years, there was no requirement for it. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
In message <BANLkTi=i6nSSvj-ah2nbWpiZ_jYhLc3Lsg@mail.gmail.com>, Cameron Byrne writes:
On Mon, May 23, 2011 at 9:09 PM, Patrick W. Gilmore <patrick@ianai.net> wro= te:
On May 24, 2011, at 12:02 AM, Christopher Morrow wrote:
On Mon, May 23, 2011 at 11:34 PM, Owen DeLong <owen@delong.com> wrote:
I don't think they have to hijack space from DoD. I think there are a number of other options available to them. They might cost more, but, they also come with somewhat lower risks
the good thing is 7 exists on networks that will never see the light of day... so it's just like 10! only lower and cooler! (and lucky, if you believe the movies and all)
It's not just whether those networks will ever leak 7. =A0It's whether th= e DoD will ever announce anything in 7.
If they do, any Rogers customer who wants to talk to it is screwed. =A0Wh= ether they have a 7 addy or not, Rogers' routers will not let the packet le= ave Rogers' borders.
Now, the onus is on the DoD to make its content available over unique IPv6 space so that the Roger's customers can get to it using the 6to4-PMT solution. There is always a solution.
There is also the option of having customers that need 6to4, etc. just register on the web site like customers that need port 25/TCP open register with many ISPs. Those customers then get addresses from different pools for which 6to4 works.
Cameron
-- TTFN, patrick
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Mon, May 23, 2011 at 11:09 PM, Patrick W. Gilmore <patrick@ianai.net> wrote:
If they do, any Rogers customer who wants to talk to it is screwed. Whether they have a 7 addy or not, Rogers' routers will not let the packet leave Rogers' borders.
That could depend on whether Rogers' border routers are adequately configured to block/filter the announcement, and whether whatever the DoD chose to announce was a longer prefix than what Rogers' equipment had routes/controls for. In theory; there exists a possibility that the DoD could announce a /24 of something Rogers' was internally routing as a /16, then if unfiltered the DoD announce could win, causing internal (self-inflicted) issues for Rogers. The DoD could also eventually use the 7 range for something, resulting in complaints to Rogers from users who seem unable to reach (some web site placed in 7/8). Unofficial use of other organization's IP address space is playing with fire. It may mark the symbolic start of a new IPv4, where eventually many /8s will have tons of unofficial claimaints, and whoever threatens more, pays the major providers more, or has more lawyers (take your pick), gets their announcement more widely propagated. Sometimes if enough players start playing with fire, a really bad, uncontrollable inferno eventually gets ignited.
TTFN, patrick -- -JH
On May 24, 2011, at 12:36 AM, Jimmy Hess wrote:
On Mon, May 23, 2011 at 11:09 PM, Patrick W. Gilmore <patrick@ianai.net> wrote:
If they do, any Rogers customer who wants to talk to it is screwed. Whether they have a 7 addy or not, Rogers' routers will not let the packet leave Rogers' borders.
That could depend on whether Rogers' border routers are adequately configured to block/filter the announcement, and whether whatever the DoD chose to announce was a longer prefix than what Rogers' equipment had routes/controls for.
In theory; there exists a possibility that the DoD could announce a /24 of something Rogers' was internally routing as a /16, then if unfiltered the DoD announce could win, causing internal (self-inflicted) issues for Rogers.
We're all just guessing here, until some Rogers engineer speaks up. However, many networks take active steps to assure that external parties cannot disrupt their internal network. Anyone on this list with internal prefixes shorter than /24 likely have filters or other mechanisms in place to ensure they do not hear a /24 of their own space from peers & transit providers. If they do not, then they are at risk, whether they use highjacked space or not. As a result, while it is possible the DoD could announce a /24 that Rogers routes internally as a /16 and cause Rogers problems; I suspect Rogers ensured the DoD - or anyone else - cannot cause them problems. Other than putting a web server in 7/8 that Rogers customers want to visit. :) -- TTFN, patrick
The DoD could also eventually use the 7 range for something, resulting in complaints to Rogers from users who seem unable to reach (some web site placed in 7/8).
Unofficial use of other organization's IP address space is playing with fire.
It may mark the symbolic start of a new IPv4, where eventually many /8s will have tons of unofficial claimaints, and whoever threatens more, pays the major providers more, or has more lawyers (take your pick), gets their announcement more widely propagated.
Sometimes if enough players start playing with fire, a really bad, uncontrollable inferno eventually gets ignited.
TTFN, patrick -- -JH
On Mon, May 23, 2011 at 11:42 PM, Patrick W. Gilmore <patrick@ianai.net> wrote:
However, many networks take active steps to assure that external parties cannot disrupt their internal network. Anyone on this list with
And many networks have implemented BCP38 and appropriate prefix filters + as path filters with their peers, including upstreams. Some networks take active steps. I think as a group you give them a little too much credit. I don't mean to speculate about what exactly Rogers is doing. Only that: if they just spontaneously decided to start using "7/8" on their internal network as unofficial space, they could be putting themselves at risk in unanticipated ways. Even with active protection against that particular risk, it is still possible the unofficial use will be harmful to the DoD some day, in some way, resulting in repercussions against the unofficial user.... If you want to use some other organization's IP addresses without their permission, for any purpose (internal or not); It seems like the DoD, military commands of other large countries, along with local law enforcement organizations should be at the very _bottom_ of the list; they have more extreme retaliation/investigative powers than any private company does.
internal prefixes shorter than /24 likely have filters or other mechanisms in place to ensure they do not hear a /24 of their own space from peers & transit providers. If they do not, then they are at risk, whether they use highjacked space or not.
-- -JH
On May 23, 2011 9:37 PM, "Jimmy Hess" <mysidia@gmail.com> wrote:
On Mon, May 23, 2011 at 11:09 PM, Patrick W. Gilmore <patrick@ianai.net>
wrote:
If they do, any Rogers customer who wants to talk to it is screwed. Whether they have a 7 addy or not, Rogers' routers will not let the packet leave Rogers' borders.
That could depend on whether Rogers' border routers are adequately configured to block/filter the announcement, and whether whatever the DoD chose to announce was a longer prefix than what Rogers' equipment had routes/controls for.
In theory; there exists a possibility that the DoD could announce a /24 of something Rogers' was internally routing as a /16, then if unfiltered the DoD announce could win, causing internal (self-inflicted) issues for Rogers.
The DoD could also eventually use the 7 range for something, resulting in complaints to Rogers from users who seem unable to reach (some web site placed in 7/8).
Unofficial use of other organization's IP address space is playing with fire.
It may mark the symbolic start of a new IPv4, where eventually many /8s will have tons of unofficial claimaints, and whoever threatens more, pays the major providers more, or has more lawyers (take your pick), gets their announcement more widely propagated.
Sometimes if enough players start playing with fire, a really bad, uncontrollable inferno eventually gets ignited.
Or, ipv6 gets deployed and supported since it will be the effective network of networks Cb
TTFN, patrick -- -JH
On May 23, 2011, at 9:09 PM, David Conrad wrote:
Owen,
On May 23, 2011, at 8:34 PM, Owen DeLong wrote:
I think there are a number of other options available to them.
Out of curiosity, what would these options be?
As previously mentioned: 1. Obtain RIR space 2. Use multiple partitioned copies of RFC-1918 3. Free addresses among existing customers through LSN implementation. There may be others. Yes, each of these comes with its own tradeoffs and costs. Obviously, option 1 is of a limited duration. Owen
On 5/23/2011 10:34 PM, Owen DeLong wrote:
Diluted IPv4 is one thing. Hijacking space allocated to another entity is another. As long as they keep it contained within their network, it's pretty much up to them to break their own environment however they see fit, but, if they start leaking 7.0.0.0/8 or subset announcements on to the internet in general, I wouldn't want to be them or one of the companies that was accepting their routes.
I ran into this issue with a service provider that wanted to set up point of sale terminals on our campus. They were using DoD address space in their inside network, and they ordered ISDN connectivity from our site back to their network. The point of sale terminals were connected on our campus network. They wanted me to set a static route on my network backbone that pointed all of the hijacked DoD address space to this ISDN line. Of course, I told them no. The university I was working for at the time had some DoD contracts, and I was afraid that it might break legitimate traffic. Plus, I thought this was a really bad network design. The service provider was not very happy. It is interesting that I'm not the only one that has come across this problem. -- Byron L. Hicks Google Voice: 972-746-2549 aim/skype: byronhicks
-----Original Message----- From: Byron L. Hicks [mailto:byron@byronhicks.com]
I ran into this issue with a service provider that wanted to set up point of sale terminals on our campus. They were using DoD address space in their inside network, and they ordered ISDN connectivity from our site back to their network. The point of sale terminals were connected on our campus network. They wanted me to set a static route on my network backbone that pointed all of the hijacked DoD address space to this ISDN line. Of course, I told them no. The university I was working for at the time had some DoD contracts, and I was afraid that it might break legitimate traffic. Plus, I thought this was a really bad network design. The service provider was not very happy.
I see why they may do this. They have likely had issues with overlapping 1918 space in previous networks, so they thought "Oh, we'll nick this space, it's DoD and nobody will ever use it..." and it's all fine, until somebody uses it. It's just a really lazy way of getting things done that is likely to come and bite you sooner or later. So you said NO, and what did they do about it ? -- Leigh Porter ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
On 5/24/2011 9:13 AM, Leigh Porter wrote:
So you said NO, and what did they do about it ?
It forced them to put in their own ISDN router, and they put static routes on the point of sale terminals that pointed the "borrowed" IP space to the ISDN router. There was no way I was going to put this in the routing tables of my campus routers. -- Byron L. Hicks Google Voice: 972-746-2549 aim/skype: byronhicks
On 5/24/2011 4:17 AM, Byron L. Hicks wrote:
On 5/24/2011 9:13 AM, Leigh Porter wrote:
So you said NO, and what did they do about it ? It forced them to put in their own ISDN router, and they put static routes on the point of sale terminals that pointed the "borrowed" IP space to the ISDN router. There was no way I was going to put this in the routing tables of my campus routers.
So rather than fix the real problem, they added an additional bodge? Why am I not surprised? Paul
On Tue, May 24, 2011 at 8:54 AM, Paul Graydon <paul@paulgraydon.co.uk> wrote:
On 5/24/2011 4:17 AM, Byron L. Hicks wrote:
On 5/24/2011 9:13 AM, Leigh Porter wrote:
So you said NO, and what did they do about it ?
It forced them to put in their own ISDN router, and they put static routes on the point of sale terminals that pointed the "borrowed" IP space to the ISDN router. There was no way I was going to put this in the routing tables of my campus routers.
So rather than fix the real problem, they added an additional bodge? Why am I not surprised?
There is no fixing the lack of IPv4, just more band-aids. IPv4 has been scarce for the last 10 years that i have been in this industry. I remember one of my first jobs was assigning IP addresses to customers at an ISP .... and people on the other end of the phone throwing chairs in anger because they can't launch their web site until i received their detailed justification for more ipv4 addresses. That was 10 years ago. Yes, the issue before was people being lazy and not wanting to do the paper work or working the system (because IPv4 was scarce then too). Now, there is legitimately not enough space for folks to deploy IPv4 in fast growing edges of the network like M2M (this includes point of sale), mobile, cloud, and many other places.... and there is no time to get in thumb wrestling wars with ARIN over what is used where (boss wants it done yesterday) It will get worse before it gets better. Cameron
On 5/24/11 10:07 AM, Cameron Byrne wrote:
There is no fixing the lack of IPv4, just more band-aids. IPv4 has been scarce for the last 10 years that i have been in this industry. I remember one of my first jobs was assigning IP addresses to customers at an ISP .... and people on the other end of the phone throwing chairs in anger because they can't launch their web site until i received their detailed justification for more ipv4 addresses. That was 10 years ago.
Yes, the issue before was people being lazy and not wanting to do the paper work or working the system (because IPv4 was scarce then too). Now, there is legitimately not enough space for folks to deploy IPv4 in fast growing edges of the network like M2M (this includes point of sale), mobile, cloud, and many other places.... and there is no time to get in thumb wrestling wars with ARIN over what is used where (boss wants it done yesterday)
It will get worse before it gets better.
I think the appropriate phrase here is, "Your lack of planning does not constitute an emergency on my part." -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
On Mon, May 23, 2011 at 12:28 PM, Mark Farina <markfarina76@gmail.com> wrote:
As of April 27th I have started to receive dhcp broadcast requests originating from the 7.0.0.0/8 network. Based on MAC addresses, it seems that this is communication between the Rogers border/node hardware (MAC assigned to Cisco) and my Motorola cable modem.
Is the DoD releasing this range to Rogers? Or has Rogers squatted on this space due to exhaustion of their 10/8 use? We've seen other vendors and ISP squat on previously unused ranges (the 1/8 or 5/8s). Could they not wrap their internal cable modem to node chatter in IPv6, instead of using assigned address space?
Squatting resources from an organization that can deploy F/A-18 Hornets, F/A-22 Raptors, Predator drones or Navy SEALs is probably bad to your health. Rubens
On May 24, 2011, at 7:56 AM, Rubens Kuhl wrote:
On Mon, May 23, 2011 at 12:28 PM, Mark Farina <markfarina76@gmail.com> wrote:
As of April 27th I have started to receive dhcp broadcast requests originating from the 7.0.0.0/8 network. Based on MAC addresses, it seems that this is communication between the Rogers border/node hardware (MAC assigned to Cisco) and my Motorola cable modem.
Is the DoD releasing this range to Rogers? Or has Rogers squatted on this space due to exhaustion of their 10/8 use? We've seen other vendors and ISP squat on previously unused ranges (the 1/8 or 5/8s). Could they not wrap their internal cable modem to node chatter in IPv6, instead of using assigned address space?
Squatting resources from an organization that can deploy F/A-18 Hornets, F/A-22 Raptors, Predator drones or Navy SEALs is probably bad to your health.
It's been a while since we fought a war with canada. http://en.wikipedia.org/wiki/Pig_War
Rubens
On Tue, 24 May 2011 08:42:45 -0700 Joel Jaeggli <joelja@bogus.com> wrote:
It's been a while since we fought a war with canada.
Should we start locking up our pigs? Then there was the War of 1812 where both side claimed to have won thus starting the age of spin doctoring. -- D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
Is the DoD releasing this range to Rogers? Or has Rogers squatted on this space due to exhaustion of their 10/8 use? We've seen other
Squatting resources from an organization that can deploy F/A-18 Hornets, F/A-22 Raptors, Predator drones or Navy SEALs is probably bad to your health.
It's been a while since we fought a war with canada. http://en.wikipedia.org/wiki/Pig_War
I haven't read any formal declaration of war from the US regarding Pakistan, and that haven't helped an infamous citizen of being killed there by DoD assets... on the other hand, it's safer for an american company to squatt DoD number resources than a canadian one, due to Posse Comitatus. Rubens
On May 24, 2011, at 10:38 AM, Rubens Kuhl wrote:
Is the DoD releasing this range to Rogers? Or has Rogers squatted on this space due to exhaustion of their 10/8 use? We've seen other
Squatting resources from an organization that can deploy F/A-18 Hornets, F/A-22 Raptors, Predator drones or Navy SEALs is probably bad to your health.
It's been a while since we fought a war with canada. http://en.wikipedia.org/wiki/Pig_War
I haven't read any formal declaration of war from the US regarding Pakistan, and that haven't helped an infamous citizen of being killed there by DoD assets... on the other hand, it's safer for an american company to squatt DoD number resources than a canadian one, due to Posse Comitatus.
Rubens
I tend to doubt it. I'm pretty sure the DoD has the phone number to the FBI. Owen
On Tue, 24 May 2011 10:59:18 PDT, Owen DeLong said:
Squatting resources from an organization that can deploy F/A-18 Hornets, F/A-22 Raptors, Predator drones or Navy SEALs is probably bad to your health.
I tend to doubt it. I'm pretty sure the DoD has the phone number to the FBI.
Yes, but the FBI just shows up with several agents in dark sunglasses and suits and surgically removed senses of humor. Bad news, but it still doesn't ruin your day like a Predator drone suddenly appearing outside your window...
In reference to recent messages:
I tend to doubt it. I'm pretty sure the DoD has the phone number to the FBI.
Yes, but the FBI just shows up with several agents in dark sunglasses and suits and surgically removed senses of humor. Bad news, but it still doesn't ruin your day like a Predator drone suddenly appearing outside your window...
http://en.wikipedia.org/wiki/Godwin%27s_Law -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Now, don't say I'm always complaining. Wait, that's a complaint, isn't it?
I think those within the organization that deploy those vehicles or are Navy SEALs might sit at different lunch tables than the guys worried about IP address collisions. ;-) -Vinny -----Original Message----- From: Rubens Kuhl [mailto:rubensk@gmail.com] Sent: Tuesday, May 24, 2011 10:57 AM To: Nanog Subject: Re: Rogers Canada using 7.0.0.0/8 for internal address space On Mon, May 23, 2011 at 12:28 PM, Mark Farina <markfarina76@gmail.com> wrote:
As of April 27th I have started to receive dhcp broadcast requests originating from the 7.0.0.0/8 network. Based on MAC addresses, it seems that this is communication between the Rogers border/node hardware (MAC assigned to Cisco) and my Motorola cable modem.
Is the DoD releasing this range to Rogers? Or has Rogers squatted on this space due to exhaustion of their 10/8 use? We've seen other vendors and ISP squat on previously unused ranges (the 1/8 or 5/8s). Could they not wrap their internal cable modem to node chatter in IPv6, instead of using assigned address space?
Squatting resources from an organization that can deploy F/A-18 Hornets, F/A-22 Raptors, Predator drones or Navy SEALs is probably bad to your health. Rubens
On Tue, May 24, 2011 at 4:34 PM, <Vinny_Abello@dell.com> wrote:
I think those within the organization that deploy those vehicles or are Navy SEALs might sit at different lunch tables than the guys worried about IP address collisions. ;-)
The F/A-18 Hornets, F/A-22 Raptors are well, and good, but that's old technology. The folks in charge of the MQ-1 predator drones might sit closer to the guys worried about the IP addresses. And automated drone strikes can always be blamed on a malfunction caused by the hijacking I would speculate they are probably capable of targetting routers improperly using their subnet, if the right folks feel it's necessary, and the routers are located in the right country. I suspect they're more likely to attempt the more civilized professional things any other government org would though, such as calling the hijacker's NOC, calling upstreams to de-peer the hijacker, sending out field agents to have a little 'chat'....
-Vinny -- -JH
----- Original Message -----
From: "Jimmy Hess" <mysidia@gmail.com>
On Tue, May 24, 2011 at 4:34 PM, <Vinny_Abello@dell.com> wrote:
I think those within the organization that deploy those vehicles or are Navy SEALs might sit at different lunch tables than the guys worried about IP address collisions. ;-)
The F/A-18 Hornets, F/A-22 Raptors are well, and good, but that's old technology The folks in charge of the MQ-1 predator drones might sit closer to the guys worried about the IP addresses.
And automated drone strikes can always be blamed on a malfunction caused by the hijacking
If packets that control armed drones cross any router that has access even to SIPRnet, much less the Internet, someone's getting relieved. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On May 24, 2011, at 9:29 06PM, Jay Ashworth wrote:
----- Original Message -----
From: "Jimmy Hess" <mysidia@gmail.com>
On Tue, May 24, 2011 at 4:34 PM, <Vinny_Abello@dell.com> wrote:
I think those within the organization that deploy those vehicles or are Navy SEALs might sit at different lunch tables than the guys worried about IP address collisions. ;-)
The F/A-18 Hornets, F/A-22 Raptors are well, and good, but that's old technology The folks in charge of the MQ-1 predator drones might sit closer to the guys worried about the IP addresses.
And automated drone strikes can always be blamed on a malfunction caused by the hijacking
If packets that control armed drones cross any router that has access even to SIPRnet, much less the Internet, someone's getting relieved.
http://www.eweek.com/c/a/Security/Militants-Hack-Unencrypted-Drone-Feeds-477... --Steve Bellovin, https://www.cs.columbia.edu/~smb
Please excuse my ignorance on this and note that I am not condoning the hijacking of IP address space. As long as necessary precautions are taken (route filters, tunnels, VRF's) shouldn't this be technically feasible without any negative ramifications? These 7-NET address seem to be assigned to the modem itself, but surely they aren't what the customer sees at thier WAN IP address right? So as long as the modem is configured to send ALL traffic, regardless of destination address (could be a 7NET dst) over a GRE tunnel to some aggregation point via its acquired 7-net address and all routers were to keep the 7net on a separate VRF, shouldn't they be able to avoid any IP collisions? Couldn't you theoretically use anyone's IP space, advertised or not, for this internal transit? I'm not saying it's a good idea, it's certainly more complex which leads to its own issues, but shouldn't it be possible? -Jeremy On Tue, May 24, 2011 at 9:50 PM, Steven Bellovin <smb@cs.columbia.edu>wrote:
On May 24, 2011, at 9:29 06PM, Jay Ashworth wrote:
----- Original Message -----
From: "Jimmy Hess" <mysidia@gmail.com>
On Tue, May 24, 2011 at 4:34 PM, <Vinny_Abello@dell.com> wrote:
I think those within the organization that deploy those vehicles or are Navy SEALs might sit at different lunch tables than the guys worried about IP address collisions. ;-)
The F/A-18 Hornets, F/A-22 Raptors are well, and good, but that's old technology The folks in charge of the MQ-1 predator drones might sit closer to the guys worried about the IP addresses.
And automated drone strikes can always be blamed on a malfunction caused by the hijacking
If packets that control armed drones cross any router that has access even to SIPRnet, much less the Internet, someone's getting relieved.
http://www.eweek.com/c/a/Security/Militants-Hack-Unencrypted-Drone-Feeds-477...
--Steve Bellovin, https://www.cs.columbia.edu/~smb
On Tue, 24 May 2011 22:22:20 CDT, Jeremy said:
As long as necessary precautions are taken (route filters, tunnels, VRF's) shouldn't this be technically feasible without any negative ramifications?
The types of network designers who are able to cover *every single* little detail needed to make this sort of thing work are rarely the types of network designers that would snarf up somebody else's prefix to use for this sort of thing, and vice versa.
On Tue, May 24, 2011 at 8:45 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Tue, 24 May 2011 22:22:20 CDT, Jeremy said:
As long as necessary precautions are taken (route filters, tunnels, VRF's) shouldn't this be technically feasible without any negative ramifications?
The types of network designers who are able to cover *every single* little detail needed to make this sort of thing work are rarely the types of network designers that would snarf up somebody else's prefix to use for this sort of thing, and vice versa.
I think you underestimate how truly common this practice is in private corners of large networks. I did not say good, but i did say common. And, it will become increasingly common. Look down on it as much as you want, but it is the reality. Squatting on (currently) unrouted space is the new NAT. CB CB
On 25 May 2011 04:22, Jeremy <jbaino@gmail.com> wrote:
Please excuse my ignorance on this and note that I am not condoning the hijacking of IP address space.
As long as necessary precautions are taken (route filters, tunnels, VRF's) shouldn't this be technically feasible without any negative ramifications?
And that is why the US military is unlikely to contact anyone at Rogers. Lots of other companies have hijacked space like this. As I recall, Reuters global networks began using 7/8 (along with a whole bunch of other low numbered /8's), back in the mid 90's and nobody has complained about that. This kind of thing is becoming more common as more companies exhaust the RFC 1918 space, and the DOD addresses are the prime target for this "borrowing" activity because most folks feel that the DOD isn't likely to run into any technical networking problems with this "borrowing". So we should CONDONE such borrowing and recommend a couple of /8s to use in North America. Perhaps one could be DOD for those operators that do not carry any DOD traffic and one could be that /8 from Softbank Japan, 126/8 if I recall it correctly. People who carry DOD traffic could borrow the APNIC block. This actually reduces the pressure on the IPv4 address supply without expensive carrier grade NAT services and makes the transition to IPv6 less turbulent. --Michael Dillon
On Wed, May 25, 2011 at 1:25 AM, Michael Dillon <wavetossed@googlemail.com> wrote:
So we should CONDONE such borrowing and recommend a couple of /8s to use in North America. Perhaps one could be DOD for those operators that do not carry any DOD traffic and one could be that /8 from Softbank Japan, 126/8 if I recall it correctly. People who carry DOD traffic could borrow the APNIC block.
I recommend 44/8. Does it make sense that ham radio operators have routable IP address space any longer? (Seems to be still advertised, though.) -cjp (n2mcs)
From nanog-bounces+bonomi=mail.r-bonomi.com@nanog.org Wed May 25 13:44:21 2011 Date: Wed, 25 May 2011 14:43:24 -0400 Subject: Re: Rogers Canada using 7.0.0.0/8 for internal address space From: Christopher Pilkington <cjp@0x1.net> To: Michael Dillon <wavetossed@googlemail.com> Cc: NANOG <nanog@nanog.org>
On Wed, May 25, 2011 at 1:25 AM, Michael Dillon <wavetossed@googlemail.com> wrote:
So we should CONDONE such borrowing and recommend a couple of /8s to use in North America. Perhaps one could be DOD for those operators that do not carry any DOD traffic and one could be that /8 from Softbank Japan, 126/8 if I recall it correctly. People who carry DOD traffic could borrow the APNIC block.
I recommend 44/8. Does it make sense that ham radio operators have routable IP address space any longer? (Seems to be still advertised, though.)
Still advertised, still in (light, limited) use.
On Wed, May 25, 2011 at 02:43:24PM -0400, Christopher Pilkington wrote:
On Wed, May 25, 2011 at 1:25 AM, Michael Dillon <wavetossed@googlemail.com> wrote:
So we should CONDONE such borrowing and recommend a couple of /8s to use in North America. Perhaps one could be DOD for those operators that do not carry any DOD traffic and one could be that /8 from Softbank Japan, 126/8 if I recall it correctly. People who carry DOD traffic could borrow the APNIC block.
I recommend 44/8. Does it make sense that ham radio operators have routable IP address space any longer? (Seems to be still advertised, though.)
I'll ask Brian what he thinks. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin
On Wed, May 25, 2011 at 02:43:24PM -0400, Christopher Pilkington wrote:
On Wed, May 25, 2011 at 1:25 AM, Michael Dillon <wavetossed@googlemail.com> wrote:
So we should CONDONE such borrowing and recommend a couple of /8s to use in North America. Perhaps one could be DOD for those operators that do not carry any DOD traffic and one could be that /8 from Softbank Japan, 126/8 if I recall it correctly. People who carry DOD traffic could borrow the APNIC block.
I recommend 44/8. Does it make sense that ham radio operators have routable IP address space any longer? (Seems to be still advertised, though.)
-cjp (n2mcs)
I recommend (if we are going down the path of being pirates...) 77.0.0.0/8 - only 0x1.net is in that space as far as I can tell and its easy enough to put them behind a NAT... NOTE WELL - Just because -you- (for values of you) see no value in space assigned, does NOT give you the right to hijack said space for your own purposes. Nor does it look well for you to advocate hijacking someone elses space.... YMMV of course. /bill
On Wed, May 25, 2011 at 4:24 PM, <bmanning@vacation.karoshi.com> wrote:
NOTE WELL - Just because -you- (for values of you) see no value in space assigned, does NOT give you the right to hijack said space for your own purposes. Nor does it look well for you to advocate hijacking someone elses space....
Indeed, arbitrary is arbitrary, be it ham radio operators or the DoD. I was trolling hams on the list there, my apologies. FWIW, my box 44.68.16.20 hasn't been up in well over a decade. Would have been nice if that packet radio masses kept up with (or ahead of) the technology of the times. Our network went to 9600 baud user ports, then vanished. -cjp (n2mcs)
On Wed, May 25, 2011 at 2:23 PM, Christopher Pilkington <cjp@0x1.net> wrote:
Indeed, arbitrary is arbitrary, be it ham radio operators or the DoD. I was trolling hams on the list there, my apologies. FWIW, my box 44.68.16.20 hasn't been up in well over a decade. Would have been nice if that packet radio masses kept up with (or ahead of) the technology of the times. Our network went to 9600 baud user ports, then vanished.
DStar systems are using 44/8 now for interconnect. Mine (K7TUL/B) will be up as soon as I make a hill trip and fix the antenna. 73 -- Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474
On May 25, 2011, at 2:23 PM, Christopher Pilkington wrote:
On Wed, May 25, 2011 at 4:24 PM, <bmanning@vacation.karoshi.com> wrote:
NOTE WELL - Just because -you- (for values of you) see no value in space assigned, does NOT give you the right to hijack said space for your own purposes. Nor does it look well for you to advocate hijacking someone elses space....
Indeed, arbitrary is arbitrary, be it ham radio operators or the DoD. I was trolling hams on the list there, my apologies. FWIW, my box 44.68.16.20 hasn't been up in well over a decade. Would have been nice if that packet radio masses kept up with (or ahead of) the technology of the times. Our network went to 9600 baud user ports, then vanished.
-cjp (n2mcs)
Unfortunately, the FCC hasn't really allowed us to since it would be very hard to produce useful bandwidth by today's standards within the bounds of the spectrum we are allowed to use and the channel separations we are allowed to use. Owen
On May 26, 2011, at 7:35 AM, Owen DeLong wrote:
Unfortunately, the FCC hasn't really allowed us to since it would be very hard to produce useful bandwidth by today's standards within the bounds of the spectrum we are allowed to use and the channel separations we are allowed to use.
You just need to move up in frequency a bit. My slowest ham-band link runs at 12 Mbps and my fastest at over 100 Mbps. Good reminder that I should renumber the IPv4 portion of that network to somewhere in 44.0.0.0/8 however. Matthew Kaufman
On May 25, 2011, at 11:12 PM, Matthew Kaufman wrote:
On May 26, 2011, at 7:35 AM, Owen DeLong wrote:
Unfortunately, the FCC hasn't really allowed us to since it would be very hard to produce useful bandwidth by today's standards within the bounds of the spectrum we are allowed to use and the channel separations we are allowed to use.
You just need to move up in frequency a bit. My slowest ham-band link runs at 12 Mbps and my fastest at over 100 Mbps.
Re: 100Mbps... Yeah, for a modern household LAN, you're at about 1/3rd my minimum bandwidth and 1/10th my current maximum. For wide area purposes, you're at about 1/100th of the smallest circuits we're running in the modern backbone.
Good reminder that I should renumber the IPv4 portion of that network to somewhere in 44.0.0.0/8 however.
Yeah, not a bad idea. Wonder if we can get a /32 for AMPR from IETF since it would be prohibitively expensive to get it from an RIR. Owen
On May 25, 2011, at 11:43 AM, Christopher Pilkington wrote:
On Wed, May 25, 2011 at 1:25 AM, Michael Dillon <wavetossed@googlemail.com> wrote:
So we should CONDONE such borrowing and recommend a couple of /8s to use in North America. Perhaps one could be DOD for those operators that do not carry any DOD traffic and one could be that /8 from Softbank Japan, 126/8 if I recall it correctly. People who carry DOD traffic could borrow the APNIC block.
I recommend 44/8. Does it make sense that ham radio operators have routable IP address space any longer? (Seems to be still advertised, though.)
-cjp (n2mcs)
Why shouldn't they? Owen DeLong KB6MER
On May 24, 2011, at 8:22 PM, Jeremy wrote:
As long as necessary precautions are taken (route filters, tunnels, VRF's) shouldn't this be technically feasible without any negative ramifications?
Any? Debatable. Doing stuff like this has costs, but I suspect the folks at Rogers aren't idiots and actually did a cost/benefit analysis.
Couldn't you theoretically use anyone's IP space, advertised or not, for this internal transit?
Yes.
I'm not saying it's a good idea, it's certainly more complex which leads to its own issues, but shouldn't it be possible?
Of course. Not even sure it is more complex. Regards, -drc
participants (31)
-
bmanning@vacation.karoshi.com -
Brielle Bruns -
Byron L. Hicks -
Cameron Byrne -
Christopher Morrow -
Christopher Pilkington -
D'Arcy J.M. Cain -
David Conrad -
Edward Lewis -
Jay Ashworth -
Jeremy -
Jimmy Hess -
Joe Hamelin -
Joel Jaeggli -
John Levine -
Kevin Oberman -
Leigh Porter -
Lyndon Nerenberg -
Mark Andrews -
Mark Farina -
Matthew Kaufman -
Michael Dillon -
mikea -
Owen DeLong -
Patrick W. Gilmore -
Paul Graydon -
Robert Bonomi -
Rubens Kuhl -
Steven Bellovin -
Valdis.Kletnieks@vt.edu -
Vinny_Abello@Dell.com