RE: Get as much IP space as you ever dreamed of, was: Re: Looking to buy IPv4 addresses from class C swamp
And something else a lot of people tend to forget - just because space isn't in the tables doesn't mean it's not in use. There are companies that connect to thousands of other companies (see the financial markets) that require unique addressing between companies with non-colliding address ranges. 10.x.x.x doesn't quite cut it. -DT -----Original Message----- From: Stephen Sprunk [mailto:stephen@sprunk.org] Sent: Monday, April 28, 2003 6:01 PM To: Daniel Golding; Kai Schlichting Cc: North American Noise and Off-topic Gripes Subject: Re: Get as much IP space as you ever dreamed of, was: Re: Looking to buy IPv4 addresses from class C swamp Thus spake "Daniel Golding" <dgold@FDFNet.Net>
ARIN needs to repo any space that has [not] been advertised for a reasonable length of time, and reissue it.
So you're claiming that ARIN should revoke any allocations, including those made before it came into existence, simply because the addresses aren't in the global tables? If that's the position of the community, that's a drastic change from assertions made in the IETF WGs and may affect address allocation guidelines and even some protocol work. S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking IMPORTANT:The information contained in this email and/or its attachments is confidential. If you are not the intended recipient, please notify the sender immediately by reply and immediately delete this message and all its attachments. Any review, use, reproduction, disclosure or dissemination of this message or any attachment by an unintended recipient is strictly prohibited. Neither this message nor any attachment is intended as or should be construed as an offer, solicitation or recommendation to buy or sell any security or other financial instrument. Neither the sender, his or her employer nor any of their respective affiliates makes any warranties as to the completeness or accuracy of any of the information contained herein or that this message or any of its attachments is free of viruses.
Temkin, David wrote:
And something else a lot of people tend to forget - just because space isn't in the tables doesn't mean it's not in use.
True.
There are companies that connect to thousands of other companies (see the financial markets) that require unique addressing between companies with non-colliding address ranges. 10.x.x.x doesn't quite cut it.
This is not an acceptable excuse to burn PI space. There are plenty of other Iana-L available... try using an obscure one.
-DT
-----Original Message----- From: Stephen Sprunk [mailto:stephen@sprunk.org] Sent: Monday, April 28, 2003 6:01 PM To: Daniel Golding; Kai Schlichting Cc: North American Noise and Off-topic Gripes Subject: Re: Get as much IP space as you ever dreamed of, was: Re: Looking to buy IPv4 addresses from class C swamp
Thus spake "Daniel Golding" <dgold@FDFNet.Net>
ARIN needs to repo any space that has [not] been advertised for a reasonable length of time, and reissue it.
So you're claiming that ARIN should revoke any allocations, including those made before it came into existence, simply because the addresses aren't in the global tables?
If that's the position of the community, that's a drastic change from assertions made in the IETF WGs and may affect address allocation guidelines and even some protocol work.
S
Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
IMPORTANT:The information contained in this email and/or its attachments is confidential. If you are not the intended recipient, please notify the sender immediately by reply and immediately delete this message and all its attachments. Any review, use, reproduction, disclosure or dissemination of this message or any attachment by an unintended recipient is strictly prohibited. Neither this message nor any attachment is intended as or should be construed as an offer, solicitation or recommendation to buy or sell any security or other financial instrument. Neither the sender, his or her employer nor any of their respective affiliates makes any warranties as to the completeness or accuracy of any of the information contained herein or that this message or any of its attachments is free of viruses.
Thus spake "Richard Irving" <rirving@onecall.net>
There are companies that connect to thousands of other companies (see the financial markets) that require unique addressing between companies with non-colliding address ranges. 10.x.x.x doesn't quite cut it.
This is not an acceptable excuse to burn PI space.
There are plenty of other Iana-L available... try using an obscure one.
If RIRs want to claim their allocations aren't guaranteed to be routable, that must mean they are willing to make allocations for non-routed use. Furthermore, there is nothing in the ARIN allocation policies requiring a member to actually announce all of his allocations on the public Internet. You're welcome to propose new RIR policies, but the reality today is that globally unique addresses can be and are allocated for private use. S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
No, I am not proposing a new Arin addressing scheme... This was a standard I am quoting from memory, way back... I too had asked for Unique space that was wasn't going to be routed, and recieved a "Sorry, Arin only allocates addresses that are going to be used on the -=Internet=-." response.... I didn't invent the perspective, just "parroted" it. Stephen Sprunk wrote:
Thus spake "Richard Irving" <rirving@onecall.net>
There are companies that connect to thousands of other companies (see the financial markets) that require unique addressing between companies with non-colliding address ranges. 10.x.x.x doesn't quite cut it.
This is not an acceptable excuse to burn PI space.
There are plenty of other Iana-L available... try using an obscure one.
If RIRs want to claim their allocations aren't guaranteed to be routable, that must mean they are willing to make allocations for non-routed use. Furthermore, there is nothing in the ARIN allocation policies requiring a member to actually announce all of his allocations on the public Internet.
You're welcome to propose new RIR policies, but the reality today is that globally unique addresses can be and are allocated for private use.
S
Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
On Tue, 29 Apr 2003, Stephen Sprunk wrote:
Thus spake "Richard Irving" <rirving@onecall.net>
There are companies that connect to thousands of other companies (see the financial markets) that require unique addressing between companies with non-colliding address ranges. 10.x.x.x doesn't quite cut it.
This is not an acceptable excuse to burn PI space.
There are plenty of other Iana-L available... try using an obscure one.
If RIRs want to claim their allocations aren't guaranteed to be routable, that must mean they are willing to make allocations for non-routed use.
Hmm, I dont believe the inverse is true, not guaranteed to be routable refers to them making no guarantees on the policies of ISPs with regards to prefix length filtering etc and not guaranteeing that to possess IPs means you can connect to the Internet without doing everything else an ISP should do. Making allocations for non-routed use is not the same and a separate question. Steve
Furthermore, there is nothing in the ARIN allocation policies requiring a member to actually announce all of his allocations on the public Internet.
You're welcome to propose new RIR policies, but the reality today is that globally unique addresses can be and are allocated for private use.
S
Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
Ah, no. RIRs say that their blocks are not guaranteed to be routable because they have no control over the filter policies of ISPs. They could issue a block that someone (say, someone transit-free) decides to filter. This assertion that they make is a wise protection. In practice, the vast majority of ISPs use RIR allocation guidelines as starting point for filter policies, so that they don't break the internet too badly. You are correct that there is no direct link between announcement and issuance. However, I can only hope that ARIN would look very closely at issueing space to an enterprise or SP that had no intention of routing it. I suspect that justifying further space would be difficult. Perhaps you can provide an example of a recent allocation for this purpose, along with some proof that ARIN or RIPE realized that the provider had no intention of routing the block? If this is the case, many folks on this list would be very interested in changing this policy, I'm guessing. - Dan On Tue, 29 Apr 2003, Stephen Sprunk wrote:
If RIRs want to claim their allocations aren't guaranteed to be routable, that must mean they are willing to make allocations for non-routed use. Furthermore, there is nothing in the ARIN allocation policies requiring a member to actually announce all of his allocations on the public Internet.
You're welcome to propose new RIR policies, but the reality today is that globally unique addresses can be and are allocated for private use.
S
Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
On Tue, Apr 29, 2003 at 10:59:41PM -0500, Daniel Golding wrote:
You are correct that there is no direct link between announcement and issuance. However, I can only hope that ARIN would look very closely at issueing space to an enterprise or SP that had no intention of routing it. I suspect that justifying further space would be difficult.
Routing across the internet or directly between multiple enterprises both would require space (and should be able obtainable from ARIN if justified under current policy). But, enterprise use within an enterprise is strictly candidate for RFC1918. -ron
[Should non-routed addresses be revoked?] No, but they should be watched to see if they remain unrouted and then try to contact the owner.. On Mon, 28 Apr 2003, Temkin, David wrote:
And something else a lot of people tend to forget - just because space isn't in the tables doesn't mean it's not in use.
Something of a waste?
There are companies that connect to thousands of other companies (see the financial markets) that require unique addressing between companies with non-colliding address ranges. 10.x.x.x doesn't quite cut it.
Why not? 16 million addresses arent enough? (and thats only 10/8) RFC1918 does suggest non-public intra-company networks use private space. Steve
-DT
-----Original Message----- From: Stephen Sprunk [mailto:stephen@sprunk.org] Sent: Monday, April 28, 2003 6:01 PM To: Daniel Golding; Kai Schlichting Cc: North American Noise and Off-topic Gripes Subject: Re: Get as much IP space as you ever dreamed of, was: Re: Looking to buy IPv4 addresses from class C swamp
Thus spake "Daniel Golding" <dgold@FDFNet.Net>
ARIN needs to repo any space that has [not] been advertised for a reasonable length of time, and reissue it.
So you're claiming that ARIN should revoke any allocations, including those made before it came into existence, simply because the addresses aren't in the global tables?
If that's the position of the community, that's a drastic change from assertions made in the IETF WGs and may affect address allocation guidelines and even some protocol work.
S
Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
IMPORTANT:The information contained in this email and/or its attachments is confidential. If you are not the intended recipient, please notify the sender immediately by reply and immediately delete this message and all its attachments. Any review, use, reproduction, disclosure or dissemination of this message or any attachment by an unintended recipient is strictly prohibited. Neither this message nor any attachment is intended as or should be construed as an offer, solicitation or recommendation to buy or sell any security or other financial instrument. Neither the sender, his or her employer nor any of their respective affiliates makes any warranties as to the completeness or accuracy of any of the information contained herein or that this message or any of its attachments is free of viruses.
Thus spake "Stephen J. Wilcox" <steve@telecomplete.co.uk>
[Should non-routed addresses be revoked?]
No, but they should be watched to see if they remain unrouted and then try to contact the owner..
There's already a project underway to reclaim unrouted allocations.
There are companies that connect to thousands of other companies (see the financial markets) that require unique addressing between companies with non-colliding address ranges. 10.x.x.x doesn't quite cut it.
Why not? 16 million addresses arent enough? (and thats only 10/8)
RFC1918 does suggest non-public intra-company networks use private space.
N companies can have up to N(N-1) interconnections, which requires either: a) double NAT, with a single address range for all interconnects b) no NAT, with a unique address range for each interconnect c) very careful management of the RFC1918 space such that no two companies talking have a collision d) globally unique addresses for each participant using RIRs (c) simply doesn't work in reality, (b) is no better than (d), and (a) is beyond ugly not to mention incompatible with many apps. Furthermore, ARIN emphatically claims they make no guarantees their allocations are routable, nor do any of their policies or RFC2050 require allocations be announced. Finally, ARIN has no policy authorizing revocation of an allocation other than for nonpayment of fees; even failure to meet efficiency requirements doesn't justify that. You're talking major policy changes. S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
On Mon, 28 Apr 2003, Stephen Sprunk wrote:
Thus spake "Stephen J. Wilcox" <steve@telecomplete.co.uk>
[Should non-routed addresses be revoked?]
No, but they should be watched to see if they remain unrouted and then try to contact the owner..
There's already a project underway to reclaim unrouted allocations.
There are companies that connect to thousands of other companies (see the financial markets) that require unique addressing between companies with non-colliding address ranges. 10.x.x.x doesn't quite cut it.
Why not? 16 million addresses arent enough? (and thats only 10/8)
RFC1918 does suggest non-public intra-company networks use private space.
N companies can have up to N(N-1) interconnections, which requires either: a) double NAT, with a single address range for all interconnects b) no NAT, with a unique address range for each interconnect c) very careful management of the RFC1918 space such that no two companies talking have a collision d) globally unique addresses for each participant using RIRs
(c) simply doesn't work in reality, (b) is no better than (d), and (a) is beyond ugly not to mention incompatible with many apps.
Only because everyone seems to use 10.0.0.x ... of course if you only followed the guidelines, rtfm! "If two (or more) organizations follow the address allocation specified in this document and then later wish to establish IP connectivity with each other, then there is a risk that address uniqueness would be violated. To minimize the risk it is strongly recommended that an organization using private IP addresses choose randomly from the reserved pool of private addresses, when allocating sub-blocks for its internal allocation."
Furthermore, ARIN emphatically claims they make no guarantees their allocations are routable, nor do any of their policies or RFC2050 require allocations be announced. Finally, ARIN has no policy authorizing revocation of an allocation other than for nonpayment of fees; even failure to meet efficiency requirements doesn't justify that. You're talking major policy changes.
I dont know the policies very well but are you sure they cant revoke dead allocations? For RIR assigned space I thought this was covered, so your issue was with the legacy pre-RIR swamp? And it cant be that big a deal to make legacy blocks fall into the new rules... Steve
Thus spake "Stephen J. Wilcox" <steve@telecomplete.co.uk>
N companies can have up to N(N-1) interconnections, which requires either: a) double NAT, with a single address range for all interconnects b) no NAT, with a unique address range for each interconnect c) very careful management of the RFC1918 space such that no two companies talking have a collision d) globally unique addresses for each participant using RIRs
(c) simply doesn't work in reality, (b) is no better than (d), and (a) is beyond ugly not to mention incompatible with many apps.
Only because everyone seems to use 10.0.0.x ... of course if you only followed the guidelines, rtfm!
If I need several thousand subnets, and my business partners need several thousand subnets each, then odds are we're going to collide if there's no entity coordinating things -- and that doesn't consider all of my business partners' partners. Gosh, what you need is an Internet Assigned Numbers Authority to make sure no two organizations used the same part of the address space. I bet you could devise a system where organizations applied for the amount of space they need, which would be verified by an impartial authority, and the results would be published in a whois server. Of course, this sounds like a lot of work, so you'd probably establish regional registries to do this... Either you use globally unique addresses, or you use NAT. It's that simple. No other solution scales.
I dont know the policies very well but are you sure they cant revoke dead allocations? For RIR assigned space I thought this was covered, so your issue was with the legacy pre-RIR swamp?
Under current reclamation programs, an unannounced legacy allocation is only reclaimed if the tenant organization fails to respond. There is no process for revoking a legacy allocation that is in use, whether announced or not, whether efficiently used or not. Likewise, I am not aware of ARIN revoking any non-legacy allocations for any reason other than failure to pay rent^Wfees.
And it cant be that big a deal to make legacy blocks fall into the new rules...
You might as well revoke all pre-RIR allocations, it'd be a lot simpler than doing the research to find 99% of them don't meet RFC2050 requirements. Now, you can debate the ethics of requiring new organizations to meet a different standard, but that's another thread. S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
* stephen@sprunk.org (Stephen Sprunk) [Tue 29 Apr 2003, 00:50 CEST]:
N companies can have up to N(N-1) interconnections, which requires either: a) double NAT, with a single address range for all interconnects b) no NAT, with a unique address range for each interconnect c) very careful management of the RFC1918 space such that no two companies talking have a collision d) globally unique addresses for each participant using RIRs
(c) simply doesn't work in reality, (b) is no better than (d), and (a) is beyond ugly not to mention incompatible with many apps.
d) is basically having the Internet community pay - both in real money for staffing at RIRs and in scarce IP address space - for no benefit in return at all for a function that those N companies should have an institution perform for them via c). Regards, -- Niels.
Niels Bakker wrote:
d) is basically having the Internet community pay - both in real money for staffing at RIRs and in scarce IP address space - for no benefit in return at all for a function that those N companies should have an institution perform for them via c).
Actually, the company pays just the same as everyone else concerning staffing at RIRs. As for scarce IP address space, the last report I heard was that surge slowed down in time to keep it from being a serious problem at this time. If a company has a habit of making interconnections with other companies and said company has several /16's worth of network, I can understand their desire not to use 10/8, as a conflict on a new interconnect could require massive renumbering. However, I do think there should be methods in place to recognize that those routes should not be routed by others. For example, 9/8 shouldn't ever be routed by anyone unless IBM changes their mind and decides to route it. -Jack
Stephen And in the event the owner can't be contacted? And if contact is successful, and the owner says "I'm just holding on to it because I like have 10 /24s" or, worse, he gets the clue and just starts advertising the space, without using it? Then we have both address space waste and routing table bloat... - dan On Mon, 28 Apr 2003, Stephen J. Wilcox wrote:
[Should non-routed addresses be revoked?]
No, but they should be watched to see if they remain unrouted and then try to contact the owner..
On Mon, 28 Apr 2003, Temkin, David wrote:
And something else a lot of people tend to forget - just because space isn't in the tables doesn't mean it's not in use.
Something of a waste?
There are companies that connect to thousands of other companies (see the financial markets) that require unique addressing between companies with non-colliding address ranges. 10.x.x.x doesn't quite cut it.
Why not? 16 million addresses arent enough? (and thats only 10/8)
RFC1918 does suggest non-public intra-company networks use private space.
Steve
-DT
-----Original Message----- From: Stephen Sprunk [mailto:stephen@sprunk.org] Sent: Monday, April 28, 2003 6:01 PM To: Daniel Golding; Kai Schlichting Cc: North American Noise and Off-topic Gripes Subject: Re: Get as much IP space as you ever dreamed of, was: Re: Looking to buy IPv4 addresses from class C swamp
Thus spake "Daniel Golding" <dgold@FDFNet.Net>
ARIN needs to repo any space that has [not] been advertised for a reasonable length of time, and reissue it.
So you're claiming that ARIN should revoke any allocations, including those made before it came into existence, simply because the addresses aren't in the global tables?
If that's the position of the community, that's a drastic change from assertions made in the IETF WGs and may affect address allocation guidelines and even some protocol work.
S
Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
IMPORTANT:The information contained in this email and/or its attachments is confidential. If you are not the intended recipient, please notify the sender immediately by reply and immediately delete this message and all its attachments. Any review, use, reproduction, disclosure or dissemination of this message or any attachment by an unintended recipient is strictly prohibited. Neither this message nor any attachment is intended as or should be construed as an offer, solicitation or recommendation to buy or sell any security or other financial instrument. Neither the sender, his or her employer nor any of their respective affiliates makes any warranties as to the completeness or accuracy of any of the information contained herein or that this message or any of its attachments is free of viruses.
On Tue, 29 Apr 2003, Daniel Golding wrote:
And in the event the owner can't be contacted? And if contact is
Figure out a plan B..
successful, and the owner says "I'm just holding on to it because I like
Request they conform to the new administration
have 10 /24s" or, worse, he gets the clue and just starts advertising the space, without using it? Then we have both address space waste and routing
Again, work out a plan and request they conform.. These are actions you can develop plans for, and whatever happens you increase your knowledge and remove a little more of the unknown swamp.. Steve
table bloat...
- dan
On Mon, 28 Apr 2003, Stephen J. Wilcox wrote:
[Should non-routed addresses be revoked?]
No, but they should be watched to see if they remain unrouted and then try to contact the owner..
On Mon, 28 Apr 2003, Temkin, David wrote:
And something else a lot of people tend to forget - just because space isn't in the tables doesn't mean it's not in use.
Something of a waste?
There are companies that connect to thousands of other companies (see the financial markets) that require unique addressing between companies with non-colliding address ranges. 10.x.x.x doesn't quite cut it.
Why not? 16 million addresses arent enough? (and thats only 10/8)
RFC1918 does suggest non-public intra-company networks use private space.
Steve
-DT
-----Original Message----- From: Stephen Sprunk [mailto:stephen@sprunk.org] Sent: Monday, April 28, 2003 6:01 PM To: Daniel Golding; Kai Schlichting Cc: North American Noise and Off-topic Gripes Subject: Re: Get as much IP space as you ever dreamed of, was: Re: Looking to buy IPv4 addresses from class C swamp
Thus spake "Daniel Golding" <dgold@FDFNet.Net>
ARIN needs to repo any space that has [not] been advertised for a reasonable length of time, and reissue it.
So you're claiming that ARIN should revoke any allocations, including those made before it came into existence, simply because the addresses aren't in the global tables?
If that's the position of the community, that's a drastic change from assertions made in the IETF WGs and may affect address allocation guidelines and even some protocol work.
S
Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
IMPORTANT:The information contained in this email and/or its attachments is confidential. If you are not the intended recipient, please notify the sender immediately by reply and immediately delete this message and all its attachments. Any review, use, reproduction, disclosure or dissemination of this message or any attachment by an unintended recipient is strictly prohibited. Neither this message nor any attachment is intended as or should be construed as an offer, solicitation or recommendation to buy or sell any security or other financial instrument. Neither the sender, his or her employer nor any of their respective affiliates makes any warranties as to the completeness or accuracy of any of the information contained herein or that this message or any of its attachments is free of viruses.
Thus spake "Daniel Golding" <dgold@FDFNet.Net>
And in the event the owner can't be contacted? And if contact is successful, and the owner says "I'm just holding on to it because I like have 10 /24s" or, worse, he gets the clue and just starts advertising the space, without using it? Then we have both address space waste and routing table bloat...
While that is certainly problematic, it's just not worth dealing with until all of the truly unused space is reclaimed or voluntarily returned AND we have run out of new space to assign. Most people will Do The Right Thing when given the chance. Case in point: about 6 years ago, I emailed the contacts for every unrouted block within a particular swamp /16. The overwhelming majority offerred to give (not sell) the block to me, a few didn't respond, and a couple dozen indicated they were using or planning to use the block in the near future. I dropped the project, having more important things to do, but I figure I could have snatched up a sizeable portion of the swamp just by asking. Too bad ISI got into the game before I thought of it again ;) S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
On 4/28/2003 at 6:08 PM, temkin@sig.com wrote:
And something else a lot of people tend to forget - just because space isn't in the tables doesn't mean it's not in use.
There are companies that connect to thousands of other companies (see the financial markets) that require unique addressing between companies with non-colliding address ranges. 10.x.x.x doesn't quite cut it.
-DT
An example covering this exact case: 9.0.0.0/8 is such a space, owned by IBM. Some illicit use documented at www.ris.ripe.net : 9.184.112.0/20 9.186.144.0/20 , both from AS 3786 (dacom.co.kr, bora.net) , since at least 2002/12/26. IBM confirmed the bogosity of these announcements on 04/07, the routes got withdrawn on 04/14.
Kai Schlichting wrote:
An example covering this exact case: 9.0.0.0/8 is such a space, owned by IBM.
Some illicit use documented at www.ris.ripe.net :
9.184.112.0/20 9.186.144.0/20 , both from AS 3786 (dacom.co.kr, bora.net) , since at least 2002/12/26.
IBM confirmed the bogosity of these announcements on 04/07, the routes got withdrawn on 04/14.
Actually, IBM confirmed that any announcements from 9/8 were guaranteed to be bogus. IBM uses 9/8 internally. They use NAT to convert 9/8 addresses back to routed addresses. One can imagine that IBM has a large internal network globally with interconnects to various partners. Yet many companies have found that utilization of NAT when communicating with the public networks is a sound addition to security. Private peering follows different rulesets than public. Many respectable organizations still don't understand that you can Peer privately without exporting each others advertisements in order to save expenditures to third parties when transiting traffic between the two networks. Security percautions are also treated different. What you would offer a partner sometimes exceeds the access you'd allow the public. While there are benefits to registering space that isn't routed on the public network, such space needs to be declared as such. Until that time, people will continue to hijack those networks and use them for their own ends. -Jack
On Mon, 28 Apr 2003, Jack Bates wrote:
Kai Schlichting wrote:
An example covering this exact case: 9.0.0.0/8 is such a space, owned by IBM.
Some illicit use documented at www.ris.ripe.net :
9.184.112.0/20 9.186.144.0/20 , both from AS 3786 (dacom.co.kr, bora.net) , since at least 2002/12/26.
IBM confirmed the bogosity of these announcements on 04/07, the routes got withdrawn on 04/14.
Actually, IBM confirmed that any announcements from 9/8 were guaranteed to be bogus. IBM uses 9/8 internally. They use NAT to convert 9/8 addresses back to routed addresses. One can imagine that IBM has a large internal network globally with interconnects to various partners. Yet many companies have found that utilization of NAT when communicating with the public networks is a sound addition to security.
Further to my earlier post.. a large global private network requiring unique space at many sites, they use 9/8 .. why not use 10/8 ??? (renumbering reasons aside that is!) Recall the counter argument from Stephen Sprunk was that it needed a per site allocation from a registry, and yet these guys are managing just fine without it! Steve
Private peering follows different rulesets than public. Many respectable organizations still don't understand that you can Peer privately without exporting each others advertisements in order to save expenditures to third parties when transiting traffic between the two networks. Security percautions are also treated different. What you would offer a partner sometimes exceeds the access you'd allow the public.
While there are benefits to registering space that isn't routed on the public network, such space needs to be declared as such. Until that time, people will continue to hijack those networks and use them for their own ends.
-Jack
Stephen J. Wilcox wrote:
Further to my earlier post.. a large global private network requiring unique space at many sites, they use 9/8 .. why not use 10/8 ??? (renumbering reasons aside that is!)
Recall the counter argument from Stephen Sprunk was that it needed a per site allocation from a registry, and yet these guys are managing just fine without it!
IBM uses the registry. They are alloted a 9/8, even if it is legacy. I do not know what addressing peers to the IBM networks use. I presume that some of them are not 9/8 addressing. -Jack
--On Tuesday, April 29, 2003 10:37 AM +0100 "Stephen J. Wilcox" <steve@telecomplete.co.uk> wrote:
Further to my earlier post.. a large global private network requiring unique space at many sites, they use 9/8 .. why not use 10/8 ??? (renumbering reasons aside that is!)
One reason apart from renumbering, before VPNs were a popular phrase, IBM had a large multinational secure private IP network that many IBM customers used to connect their various sites, and interconnect to vendors and such. Unsurprisingly, IBM also used this network to connect sites together (before they built a separate Intranet network) - and so globally uniqueness was needed.
Recall the counter argument from Stephen Sprunk was that it needed a per site allocation from a registry, and yet these guys are managing just fine without it!
There is a per-site allocation from a registry, just an IBM internal one. There is a vast difference between managing uniqueness within an organisation (however large and unwieldly), and managing uniqueness between organisations. (Yes, NAT, ipsec tunnels, ipv6 blah blah blah would be better, but why isn't everyone here completely switched over to ipv6?)
Thus spake "Stephen J. Wilcox" <steve@telecomplete.co.uk>
On Mon, 28 Apr 2003, Jack Bates wrote:
Actually, IBM confirmed that any announcements from 9/8 were guaranteed to be bogus. IBM uses 9/8 internally. They use NAT to convert 9/8 addresses back to routed addresses. One can imagine that IBM has a large internal network globally with interconnects to various partners. Yet many companies have found that utilization of NAT when communicating with the public networks is a sound addition to security.
Further to my earlier post.. a large global private network requiring uniquespace at many sites, they use 9/8 .. why not use 10/8 ??? (renumbering reasons aside that is!)
Because they expose subnets of 9/8 to customers of their data-processing services and assign 9/8 addresses to customers as well if needed. Those customers are likely to be using 10/8 themselves, so a different block is the only scalable solution not involving double NAT.
Recall the counter argument from Stephen Sprunk was that it needed a per site allocation from a registry, and yet these guys are managing just fine without it!
Read my post again; IBM is a perfect example of using public addresses for private purposes, which I found to be the preferred option (vs NAT). S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
participants (10)
-
Daniel Golding
-
Jack Bates
-
John Payne
-
Kai Schlichting
-
Niels Bakker
-
Richard Irving
-
Ron da Silva
-
Stephen J. Wilcox
-
Stephen Sprunk
-
Temkin, David