RE: IANA reserved Address Space
I've got replies ranging from "great idea, totally understand what youre trying to do" to "moron just use 1918." So I guess a bit more about the scenario is in order. This lab *could* be filled with millions of hosts (real/simulated) and thousands of networks (real/simulated). This lab is a sort of add on to an existing lab built out of 1918 address space---10, 172, 192. Two zones will be created consisting of 172 & 192 space and the other would be 1 10 100. Firewalls will separate the two as well as other subzones, etc. I've been asked to investigate how to make it easy to do the following: 1) create manageable and quickly adaptable firewall rulesets 2) create an IP plan that will lend itself to quick human parsing both in routing tables and router/firewall logs 3) consider that the lab will likely have machines that require patching/updates, etc from the real internet. Imagine you want to create an environment for experiments. You want to reduce complexity as much as possible and create a scenario where feedback of a test is quick...doesnt require much memorization of what is what and that allows you to suddenly stop and rerun tests. Rapidly. Think of access lists,route tables, firewall rulesets and logs. If you're running tests do you want too see results such as 192.168.22.0, 172.16.89.22, 10.129.20.222, 10.12.22.2? Wouldnt it be easier if your test results looked like this: 1.10.1.1, 10.10.1.1, 100.10.1.1, 1.1.1.1, 10.1.1.1, 100.1.1.1, etc? Thanks....I really appreciate everyone's feedback on this. -----Original Message----- From: Murphy, Brennan Sent: Friday, May 30, 2003 9:21 AM To: nanog@merit.edu Subject: RE: IANA reserved Address Space OK, I see now that down the road using a 1 and 100 net address on the lab would create unmanageable problems if those nets were ever put into use on the internet... something NAT couldnt fix. And the responses saying use 1918 space point out the potential problems were this lab ever to leak out an advertisement on to the internet, etc.... all advice I appreciate people have taken the time to offer. But not to be a pest but what are the odds the IANA would ever allocate the 1 and 100 nets to someone? Is this an unpredictable matter or is there a schedule of what's next somewhere? Or which is more likely, the world adopts IP v6 or the 1 and 100 nets are deployed on the internet? :-) It is apparent that I really want to use these address ranges but I do need to grapple with the possibility that this lab will need internet connectivity at some point. -----Original Message----- From: Murphy, Brennan Sent: Friday, May 30, 2003 8:49 AM To: nanog@merit.edu Subject: RE: IANA reserved Address Space Others have pointed out that I should stick to RFC 1918 address space. But again, this is a lab network and to use the words of another, one of the things I want to do is make it much easier to "parse visually" my route tables. Think of it as a "metric system" type of numbering plan. The 1 and 100 nets would not be advertised via BGP obviously...not a hijack situation at all. If I take into account the possibility that this lab will have later requirements to connect to the internet, all I have to do is have a NAT plan in place...one that even takes into account that the 1 and 100 nets could become available some day, correct? Thanks to those who have responded so far. -----Original Message----- From: bmanning@karoshi.com [mailto:bmanning@karoshi.com] Sent: Friday, May 30, 2003 8:08 AM To: Murphy, Brennan Cc: nanog@merit.edu Subject: Re: IANA reserved Address Space networks 1 and 100 are reserved for future delegation. network 10 is delegated for private networks, such as your lab. if you use networks 1 and 100, you are hijacking these numbers. that said, as long as your lab is never going to connect to the Internet, you may want to consider using the following prefixes: 4.0.0.0/8 38.0.0.0/8 127.0.0.0/8 192.0.0.0/8
I'm tasked with coming up with an IP plan for an very large lab network. I want to maximize route table manageability and router/firewall log readability. I was thinking of building this lab with the following address space:
1.0.0.0 /8 10.0.0.0 /8 100.0.0.0 /8
I need 3 distinct zones which is why I wanted to separate them out. In
any case, I was wondering about the status of the 1 /8 and the 100 /8 networks. What does it mean that they are IANA reserved? Reserved for what? http://www.iana.org/assignments/ipv4-address-space
Anyone else ever use IANA reserved address spacing for lab networks? Is there anything special I need to know? I'm under the impression that as long as I stay away from special use address space, I've got no worries. http://www.rfc-editor.org/rfc/rfc3330.txt
Thanks, BM
On Fri, 30 May 2003 07:20:33 PDT, Brennan_Murphy@NAI.com said:
firewall rulesets and logs. If you're running tests do you want too see results such as 192.168.22.0, 172.16.89.22, 10.129.20.222, 10.12.22.2? Wouldnt it be easier if your test results looked like this: 1.10.1.1, 10.10.1.1, 100.10.1.1, 1.1.1.1, 10.1.1.1, 100.1.1.1, etc?
0.22.168.192.in-addr.arpa PTR test-1.variable1-1.variable2-1.testbed.com 22.89.16.172.in-addr.arpa PTR test-1.variable1-1.variable2-2.testbed.com 2.22.12.10.in-addr.arpa PTR test-1.variable1-2.variable2-1.testbed.com and so on to encode the variables and values thereof.. People have been using this to encode router/board/port info for years: 4 atm10-0.10.wtn2.networkvirginia.net (192.70.187.210) .....
This lab *could* be filled with millions of hosts (real/simulated) and thousands of networks (real/simulated). This lab is
yup. built several of those over the years. last simulated network had 100,000 networks, ASNs et.al. (built it all inside a single host!)
1) create manageable and quickly adaptable firewall rulesets 2) create an IP plan that will lend itself to quick human parsing both in routing tables and router/firewall logs 3) consider that the lab will likely have machines that require patching/updates, etc from the real internet.
if this is supposed to represent realworld, then use realworld numbers. design your lab so that patches/updates go to staging platforms and then pull into your lab from those - no direct network connections.
Imagine you want to create an environment for experiments. You want to reduce complexity as much as possible and create a scenario where feedback of a test is quick...doesnt require much memorization of what is what and that allows you to suddenly stop and rerun tests. Rapidly. Think of access lists,route tables, firewall rulesets and logs. If you're running tests do you want too see results such as 192.168.22.0, 172.16.89.22, 10.129.20.222, 10.12.22.2? Wouldnt it be easier if your test results looked like this: 1.10.1.1, 10.10.1.1, 100.10.1.1, 1.1.1.1, 10.1.1.1, 100.1.1.1, etc?
perhaps I am unique, but I suffer from dyslexia. 1.1.10.0.1.1.0.0.0.0.1.1.1.11.0 looks way too much like binary to me. Much easier for machine parsing. Humans that I have worked with tend to discriminate easier on differing patterns.
Thanks....I really appreciate everyone's feedback on this.
-----Original Message----- From: Murphy, Brennan Sent: Friday, May 30, 2003 9:21 AM To: nanog@merit.edu Subject: RE: IANA reserved Address Space
OK, I see now that down the road using a 1 and 100 net address on the lab would create unmanageable problems if those nets were ever put into use on the internet... something NAT couldnt fix. And the responses saying use 1918 space point out the potential problems were this lab ever to leak out an advertisement on to the internet, etc.... all advice I appreciate people have taken the time to offer.
But not to be a pest but what are the odds the IANA would ever allocate the 1 and 100 nets to someone? Is this an unpredictable matter or is there a schedule of what's next somewhere? Or which is more likely, the world adopts IP v6 or the 1 and 100 nets are deployed on the internet? :-) It is apparent that I really want to use these address ranges but I do need to grapple with the possibility that this lab will need internet connectivity at some point.
-----Original Message----- From: Murphy, Brennan Sent: Friday, May 30, 2003 8:49 AM To: nanog@merit.edu Subject: RE: IANA reserved Address Space
Others have pointed out that I should stick to RFC 1918 address space. But again, this is a lab network and to use the words of another, one of the things I want to do is make it much easier to "parse visually" my route tables. Think of it as a "metric system" type of numbering plan. The 1 and 100 nets would not be advertised via BGP obviously...not a hijack situation at all.
If I take into account the possibility that this lab will have later requirements to connect to the internet, all I have to do is have a NAT plan in place...one that even takes into account that the 1 and 100 nets could become available some day, correct?
Thanks to those who have responded so far.
-----Original Message----- From: bmanning@karoshi.com [mailto:bmanning@karoshi.com] Sent: Friday, May 30, 2003 8:08 AM To: Murphy, Brennan Cc: nanog@merit.edu Subject: Re: IANA reserved Address Space
networks 1 and 100 are reserved for future delegation. network 10 is delegated for private networks, such as your lab.
if you use networks 1 and 100, you are hijacking these numbers.
that said, as long as your lab is never going to connect to the Internet, you may want to consider using the following prefixes:
4.0.0.0/8 38.0.0.0/8 127.0.0.0/8 192.0.0.0/8
I'm tasked with coming up with an IP plan for an very large lab network. I want to maximize route table manageability and router/firewall log readability. I was thinking of building this lab with the following address space:
1.0.0.0 /8 10.0.0.0 /8 100.0.0.0 /8
I need 3 distinct zones which is why I wanted to separate them out. In
any case, I was wondering about the status of the 1 /8 and the 100 /8 networks. What does it mean that they are IANA reserved? Reserved for what? http://www.iana.org/assignments/ipv4-address-space
Anyone else ever use IANA reserved address spacing for lab networks? Is there anything special I need to know? I'm under the impression that as long as I stay away from special use address space, I've got no worries. http://www.rfc-editor.org/rfc/rfc3330.txt
Thanks, BM
If you're running tests do you want too see results such as 192.168.22.0, 172.16.89.22, 10.129.20.222, 10.12.22.2? Wouldnt it be easier if your test results looked like this: 1.10.1.1, 10.10.1.1, 100.10.1.1, 1.1.1.1, 10.1.1.1, 100.1.1.1, etc?
What's wrong with results that look like: 10.1.1.1 10.1.10.1 10.1.100.1 10.10.1.1 10.10.10.1 10.10.100.1 10.100.1.1 10.100.10.1 10.100.100.1 -- /ak
On Fri, 30 May 2003 Brennan_Murphy@NAI.com wrote:
10.12.22.2? Wouldnt it be easier if your test results looked like this: 1.10.1.1, 10.10.1.1, 100.10.1.1, 1.1.1.1, 10.1.1.1, 100.1.1.1, etc?
Those aren't very human parsable in my eyes - too close to one another. Why not use 10/8, 241/8 and, and 251/8 - Or is class E space out :P Jason -- Jason Slagle - CCNP - CCDP /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . X - NO HTML/RTF in e-mail . / \ - NO Word docs in e-mail .
participants (5)
-
Alex Kamantauskas -
bmanning@karoshi.com -
Brennan_Murphy@NAI.com -
Jason Slagle -
Valdis.Kletnieks@vt.edu