On Mon, 26 Feb 2001, Leigh Anne Chisholm wrote:
> Where I'm located, it seems that "major" ISP's are being bought
> left-right-and-center. I would think that with some of the
> acquisitions that have been made, what could have been a simple
> "merging" of networks would get a little ugly, trying to remove the
> duplicate "private internet addressing" routes from all the providers,
> replacing these configurations with new addressing schemes.
>
> Or am I still missing the boat? (-:
Well, their are many evils when being an ISP, and you have to choose the
lesser of the evils. I don't use RFC1918 for PtP's in our network, but we
do use it heavily behind NAT'ed boundries.
One of the drives to use private addressing is because ISP's tend to have
alot of /30's. ARIN may give huge chunks of space to big players, with or
without the same levels and degree of justification that is required of
say a smaller regional ISP. These ISP's are trying to squeeze every bit
of efficiency out of their addressing...........where players like PSInet
can just chunk down a /24 for any customer they feel like giving one to.
Brian
>
>
> -- Leigh Anne
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Howard C. Berkowitz
> > Sent: February 26, 2001 7:44 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Private Internet Addressing
> >
> >
> > >Really? So you wouldn't recommend using RFC 1918 addressing in a transient
> > >network, say, for a customer (end user) production network, as a means of
> > >securing the routers/switches that transport the data? The servers used
> > >direct server return (http://www.foundrynet.com/genFaqDSR.html), and didn't
> > >incur the performance penalty usually associated with NAT...
> >
> > I'm not sure what you mean by a transient network.
> >
> > But if the hosts on that network connect to the Internet, they should:
> >
> > 1. Tunnel to endpoints using private address space (i.e., you are
> > building a VPN)
> > 2. Use registered address space
> > 3. Use private address space and NAT on the proivider side.
> >
> > It concerns me, however, that private address space, without being
> > discussed along with explicit filtering and other complementary
> > security mechanisms, can be thought of as adding any reliable level
> > of security. Yes, you may not be reachable in the global Internet.
> > But without other controls, you might be quite accessible from other
> > customers of the same providers.
> >
> > Private addressing does have a place, and a good one. But it
> > shouldn't EVER appear, IMNSHO, in ANY global Internet communications,
> > whether those are the sources of packets or simply traceroute
> > results. Too many operational and security implications.
> >
> > I don't think use of RFC 1918 for any form of Internet connectivity
> > can be consistent with RFC 2828 and related anti-hacking measures.
> >
> > >
> > >I've built several networks using this type addressing scheme, in
> > >conjunction with the use of OSPF and haven't had any problems... I realize
> > >that this is not the same class of network (ISP), but it was a design used
> > >for several e-commerce sites...
> > >
> > >I would just like to know other peoples' opinion on this practice,
> > >especially yours, Howard... :)
> > >
> > >Thanks
> > >Brant I. Stevens
> > >Internetwork Solutions Engineer
> > >Thrupoint, Inc.
> > >545 Fifth Avenue, 14th Floor
> > >New York, NY. 10017
> > >646-562-6540
> > >
> > >-----Original Message-----
> > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > >Howard C. Berkowitz
> > >Sent: Sunday, February 25, 2001 6:32 PM
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: Private Internet Addressing
> > >
> > >
> > >This remains a continuing thread on NANOG.
> > >
> > >My personal view is that the world has certain ISPs, such as cais.net
> > >DSL and apparently US West in your example, that exist for the same
> > >reason as do warthogs: to make roses even more beautiful.
> > >
> > >Several major ISPs have this pernicious practice, which confuses
> > >traceroute (in several ways), reverse DNS, and MTU path discovery.
> > >They are ISPs with significant allocations of address space and
> > >should be able to get more.
> > >
> > >I personally believe that anyone that uses private address space in a
> > >path where public traffic will EVER route through one of the
> > >addresses, is, at best, being irresponsible. Sort of like looking
> > >for the gas leak with a lighted match.
> > >
> > >
> > >>I did a traceroute to one of US West's customers... got some
> > >>interesting results:
> > >>
> > >>13 206 ms 179 ms 123 ms gig0-0-0.phnx-sust1.phnx.uswest.net
> > >>[206.80.192.253]
> > >>14 1016 ms 151 ms 975 ms 207.224.191.2
> > >>15 233 ms 124 ms 123 ms 192.168.8.1
> > >>16 151 ms 179 ms 123 ms 192.168.100.147
> > >>17 247 ms 192 ms 151 ms vdsl-130-13-102-120.phnx.uswest.net
> > >>[130.13.102.120]
> > >>
> > >>RFC 1918 - "Address Allocation for Private Internets" indicates
> > >>192.168.0.0 through 192.168.255.255 (192.168/16 prefix) is reserved
> > >>for private internets. Hops 15 and 16 in my traceroute show that
> > >>addresses within this range are being used publically.
> > >>
> > >>Did I miss something? Have the "for private use only" IP addresses
> > >>now been given the green light to be used within the internet?
> > >>
> > >> -- Leigh Anne
> > >>
> > >
> > >_________________________________
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
-----------------------------------------------
I'm buying / selling used CISCO gear!!
email me for a quote
Brian Feeny,CCDP,CCNP+VAS Scarlett Parria
[EMAIL PROTECTED] [EMAIL PROTECTED]
318-222-2638 x 109 318-222-2638 x 101
Netjam, LLC http://www.netjam.net
1401 Oden St.
Suite 18
Shreveport, LA 71104
Fax 318-221-6612
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
