RE: Non-ISP companies multi-homing?
At 02:12 PM 7/25/97 -0400, root@gannett.com wrote:
On Fri, 25 Jul 1997, Eric Germann wrote:
negates the whole purpose of multihoming from their perspective. Does Gannett or Pointcast have >= 8K hosts exposed on their DMZ networks?
No, but we have around 8K devices using our legal address space. Just because I don't currently expose my hosts doesn't mean I don't want the option to be able to. When we registered, firewalls weren't the up-and-coming thing, but then I've also got a /23 being routed via my AS.
I completely subscribe to your option theory, however, I've been told and seen ping sweeps to see if the space is in use. And the other response is if you don't want them seen now, give them 10.x or 192.168, and use a proxy. So it doesn't fall under the NIC's and presumably ARIN's allocations policies. If the next PointCast says we can do it all in a /23 and we want PI space and we want you to route it, do any ISP's or NSP's prostitute their allocation/filtering beliefs for the almighty dollar? Why? I have a municipality building out a comm infrastructure. They want PI space. A mini @Home, if you will. Reponsible use says we only take what we need. In the initial phase (infrastructure buildout), they need probably a /23 at most. Using reponsible and aggressive management of allocation policies, they will grow up within a year or two to a /19 or larger. But their early customers are SOL for anything on the far side of Sprint, unless of course, we pay Sprint. And every other NSP who has a /19 filter in place. So we can't multihome, buy transit from a couple of good NSP's and let the economics drive our decision.
Most of that comes from the fact that my addresses are pre-CIDR customer registered ones. Once again, it's back to the whole aggragation of routes vs. disaggragation of traffic.
So getting in early is a good thing I suppose. Day late and a dollar short for the rest of 'em. ============================================================================ ==== Eric Germann Computer and Communications Technologies ekgermann@cctec.com Van Wert, OH 45891 Phone: 419 968 2640 http://www.cctec.com Fax: 419 968 2641 Network Design, Connectivity & System Integration Services A Microsoft Solution Provider
On Fri, 25 Jul 1997, Eric Germann wrote:
I completely subscribe to your option theory, however, I've been told and seen ping sweeps to see if the space is in use. And the other response is
If you ping my my class B, or indeed my /23 you'll get back a host unreachable with a type 13 (administrativel prohibited), even for host addresses which are legitimately routable, so that's not really a valid test. If you're overly agressive, you'll probably also get a phone call.
if you don't want them seen now, give them 10.x or 192.168, and use a proxy. So it doesn't fall under the NIC's and presumably ARIN's allocations policies.
When we registered the addresses, we didn't have a firewall. We were pretty much without clue, and the "plan" as it were, from the group which handled it at that time was to be able to selectively address machines as the need arised. If tomorrow, I decided to start hosting Web services for all of my business units, I'd give a *lot* of established server farms a heck of a run, and I'd need more than a /23 to do it. There are also things that proxies don't scale to.
probably a /23 at most. Using reponsible and aggressive management of allocation policies, they will grow up within a year or two to a /19 or larger. But their early customers are SOL for anything on the far side of Sprint, unless of course, we pay Sprint. And every other NSP who has a /19 filter in place. So we can't multihome, buy transit from a couple of good NSP's and let the economics drive our decision.
I'm really curious if anyone has thought this through with all the VPN, "plug in anywhere", and addressable atoms we're promised in IPv6? This also depends on the NSPs, BBN and UUNet both didn't have a problem routing my /23s, and I'd initially come to the table thinking that I'd be stuck with only my class B, of which only one subnet sits outside. I'm not sure how they'd have handled it if the /23 had come from their address space though.
So getting in early is a good thing I suppose. Day late and a dollar short for the rest of 'em.
Yeah, unfortunately IPv6 (if and when) will mean a stampede. Does anyone have any experience with routing tables under v6 yet? If you want to, drop me a private note, as this is probably getting out of NANOG. Paul ------------------------------------------------------------------------- Paul D. Robertson gatekeeper@gannett.com
participants (2)
-
Eric Germann -
root@gannett.com