Where I'm located, it seems that "major" ISP's are being bought left-right-and-center.
I would think that with some of the
acquisitions that have been made, what could have been a simple "merging" of networks
would get a little ugly, trying to remove the
duplicate "private internet addressing" routes from all the providers, replacing these
configurations with new addressing schemes.
Or am I still missing the boat? (-:
-- Leigh Anne
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Howard C. Berkowitz
> Sent: February 26, 2001 7:44 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Private Internet Addressing
>
>
> >Really? So you wouldn't recommend using RFC 1918 addressing in a transient
> >network, say, for a customer (end user) production network, as a means of
> >securing the routers/switches that transport the data? The servers used
> >direct server return (http://www.foundrynet.com/genFaqDSR.html), and didn't
> >incur the performance penalty usually associated with NAT...
>
> I'm not sure what you mean by a transient network.
>
> But if the hosts on that network connect to the Internet, they should:
>
> 1. Tunnel to endpoints using private address space (i.e., you are
> building a VPN)
> 2. Use registered address space
> 3. Use private address space and NAT on the proivider side.
>
> It concerns me, however, that private address space, without being
> discussed along with explicit filtering and other complementary
> security mechanisms, can be thought of as adding any reliable level
> of security. Yes, you may not be reachable in the global Internet.
> But without other controls, you might be quite accessible from other
> customers of the same providers.
>
> Private addressing does have a place, and a good one. But it
> shouldn't EVER appear, IMNSHO, in ANY global Internet communications,
> whether those are the sources of packets or simply traceroute
> results. Too many operational and security implications.
>
> I don't think use of RFC 1918 for any form of Internet connectivity
> can be consistent with RFC 2828 and related anti-hacking measures.
>
> >
> >I've built several networks using this type addressing scheme, in
> >conjunction with the use of OSPF and haven't had any problems... I realize
> >that this is not the same class of network (ISP), but it was a design used
> >for several e-commerce sites...
> >
> >I would just like to know other peoples' opinion on this practice,
> >especially yours, Howard... :)
> >
> >Thanks
> >Brant I. Stevens
> >Internetwork Solutions Engineer
> >Thrupoint, Inc.
> >545 Fifth Avenue, 14th Floor
> >New York, NY. 10017
> >646-562-6540
> >
> >-----Original Message-----
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> >Howard C. Berkowitz
> >Sent: Sunday, February 25, 2001 6:32 PM
> >To: [EMAIL PROTECTED]
> >Subject: Re: Private Internet Addressing
> >
> >
> >This remains a continuing thread on NANOG.
> >
> >My personal view is that the world has certain ISPs, such as cais.net
> >DSL and apparently US West in your example, that exist for the same
> >reason as do warthogs: to make roses even more beautiful.
> >
> >Several major ISPs have this pernicious practice, which confuses
> >traceroute (in several ways), reverse DNS, and MTU path discovery.
> >They are ISPs with significant allocations of address space and
> >should be able to get more.
> >
> >I personally believe that anyone that uses private address space in a
> >path where public traffic will EVER route through one of the
> >addresses, is, at best, being irresponsible. Sort of like looking
> >for the gas leak with a lighted match.
> >
> >
> >>I did a traceroute to one of US West's customers... got some
> >>interesting results:
> >>
> >>13 206 ms 179 ms 123 ms gig0-0-0.phnx-sust1.phnx.uswest.net
> >>[206.80.192.253]
> >>14 1016 ms 151 ms 975 ms 207.224.191.2
> >>15 233 ms 124 ms 123 ms 192.168.8.1
> >>16 151 ms 179 ms 123 ms 192.168.100.147
> >>17 247 ms 192 ms 151 ms vdsl-130-13-102-120.phnx.uswest.net
> >>[130.13.102.120]
> >>
> >>RFC 1918 - "Address Allocation for Private Internets" indicates
> >>192.168.0.0 through 192.168.255.255 (192.168/16 prefix) is reserved
> >>for private internets. Hops 15 and 16 in my traceroute show that
> >>addresses within this range are being used publically.
> >>
> >>Did I miss something? Have the "for private use only" IP addresses
> >>now been given the green light to be used within the internet?
> >>
> >> -- Leigh Anne
> >>
> >
> >_________________________________
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
