RE: Using Public addresses as Internally [7:4835]
I have actually just left the study group, but my parting advice is to confirm Priscillas advice. The private ranges are designed for your purpose, and if you need a class A then please use the 10.0.0.0 range. It will avoid a lot of potential problems. By the way Priscillas book Top Down Network Design, is very good. I wish you all luck and success in your career and certification pursuits. Regards John Spencer, CCNP. > -Original Message- > From: Priscilla Oppenheimer [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, May 17, 2001 9:13 PM > To: [EMAIL PROTECTED] > Subject: Re: Using Public addresses as Internally [7:4835] > > Why not use something from the private ranges? > > 10.0.0.0 - 10.255.255.255 > 172.16.0.0 - 172.31.255.255 > 192.168.0.0 - 192.168.255.255 > > Also, Class A would let you address 16 million of these devices. Do you > really have that many? > > Also, quite a few large companies, universities, and service providers > have > hung onto their Class A address. What would happen if the users from the > Internet that you mentioned below happened to be on the same Class A as > you > are using? IP spoofing protection (if you are using it) might not let > these > users in. Even if they got in, the responses to their packets might get > routed internally not back to them. You could avoid these problems, of > course, but why even risk having them? > > I'm sure you have your reasons and you're just trolling for a sanity > check. > Without more details, we have to give you the sort of canned response that > > it's a bad idea. ;-) > > Priscilla > > At 10:01 AM 5/17/01, Bruce Williams wrote: > >My company wants to use public addresses from the Class A range > internally. > >I realize the danger if these routes got advertised on the Internet, but > is > >this something that is considered acceptable if it is carefully done to > >prevent the risk of these routes being propagated out on the Public > >Internet? These networks will be used to address equipment in a multitude > of > >cellular radio base stations around the country and they will only be > >connected to our network. There will central locations where users from > the > >internet could access a database which will query these systems, but > there > >will not be a direct internet connection. I would appreciate any advice > on > >this. > > > >Thanks, > > > > > >Bruce Williams > >[EMAIL PROTECTED] > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > Priscilla Oppenheimer > http://www.priscilla.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4954&t=4835 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using Public addresses as Internally [7:4835]
Routers that did not filtered outgoing private IPs will still forward the packets out based on default router. - Original Message - From: Allen May To: Sent: Thursday, May 17, 2001 11:57 PM Subject: Re: Using Public addresses as Internally [7:4835] > If you're using someone elses IP range, you'll never be able to access their > network if you need to. Your router would keep it internal & would never > pass it outside. > > - Original Message - > From: "Bruce Williams" > To: > Sent: Thursday, May 17, 2001 9:01 AM > Subject: Using Public addresses as Internally [7:4835] > > > > My company wants to use public addresses from the Class A range > internally. > > I realize the danger if these routes got advertised on the Internet, but > is > > this something that is considered acceptable if it is carefully done to > > prevent the risk of these routes being propagated out on the Public > > Internet? These networks will be used to address equipment in a multitude > of > > cellular radio base stations around the country and they will only be > > connected to our network. There will central locations where users from > the > > internet could access a database which will query these systems, but there > > will not be a direct internet connection. I would appreciate any advice on > > this. > > > > Thanks, > > > > > > Bruce Williams > > [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4907&t=4835 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using Public addresses as Internally [7:4835]
Why not use something from the private ranges? 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 Also, Class A would let you address 16 million of these devices. Do you really have that many? Also, quite a few large companies, universities, and service providers have hung onto their Class A address. What would happen if the users from the Internet that you mentioned below happened to be on the same Class A as you are using? IP spoofing protection (if you are using it) might not let these users in. Even if they got in, the responses to their packets might get routed internally not back to them. You could avoid these problems, of course, but why even risk having them? I'm sure you have your reasons and you're just trolling for a sanity check. Without more details, we have to give you the sort of canned response that it's a bad idea. ;-) Priscilla At 10:01 AM 5/17/01, Bruce Williams wrote: >My company wants to use public addresses from the Class A range internally. >I realize the danger if these routes got advertised on the Internet, but is >this something that is considered acceptable if it is carefully done to >prevent the risk of these routes being propagated out on the Public >Internet? These networks will be used to address equipment in a multitude of >cellular radio base stations around the country and they will only be >connected to our network. There will central locations where users from the >internet could access a database which will query these systems, but there >will not be a direct internet connection. I would appreciate any advice on >this. > >Thanks, > > >Bruce Williams >[EMAIL PROTECTED] >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4894&t=4835 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using Public addresses as Internally [7:4835]
No what I'm saying is that if your network is using something with 216.115.105.2 (www.yahoo.com ping), and that IP exists on your network, how are you going to access www.yahoo.com if it's a local IP? He said using a publically routable IP and didn't say it was his own - Original Message - From: "andylow" To: "Allen May" ; Sent: Thursday, May 17, 2001 1:12 PM Subject: Re: Using Public addresses as Internally [7:4835] > Routers that did not filtered outgoing private IPs will still forward the > packets out based on default router. > > - Original Message - > From: Allen May > To: > Sent: Thursday, May 17, 2001 11:57 PM > Subject: Re: Using Public addresses as Internally [7:4835] > > > > If you're using someone elses IP range, you'll never be able to access > their > > network if you need to. Your router would keep it internal & would never > > pass it outside. > > > > - Original Message - > > From: "Bruce Williams" > > To: > > Sent: Thursday, May 17, 2001 9:01 AM > > Subject: Using Public addresses as Internally [7:4835] > > > > > > > My company wants to use public addresses from the Class A range > > internally. > > > I realize the danger if these routes got advertised on the Internet, but > > is > > > this something that is considered acceptable if it is carefully done to > > > prevent the risk of these routes being propagated out on the Public > > > Internet? These networks will be used to address equipment in a > multitude > > of > > > cellular radio base stations around the country and they will only be > > > connected to our network. There will central locations where users from > > the > > > internet could access a database which will query these systems, but > there > > > will not be a direct internet connection. I would appreciate any advice > on > > > this. > > > > > > Thanks, > > > > > > > > > Bruce Williams > > > [EMAIL PROTECTED] > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4891&t=4835 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using Public addresses as Internally [7:4835]
If you're using someone elses IP range, you'll never be able to access their network if you need to. Your router would keep it internal & would never pass it outside. - Original Message - From: "Bruce Williams" To: Sent: Thursday, May 17, 2001 9:01 AM Subject: Using Public addresses as Internally [7:4835] > My company wants to use public addresses from the Class A range internally. > I realize the danger if these routes got advertised on the Internet, but is > this something that is considered acceptable if it is carefully done to > prevent the risk of these routes being propagated out on the Public > Internet? These networks will be used to address equipment in a multitude of > cellular radio base stations around the country and they will only be > connected to our network. There will central locations where users from the > internet could access a database which will query these systems, but there > will not be a direct internet connection. I would appreciate any advice on > this. > > Thanks, > > > Bruce Williams > [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4853&t=4835 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using Public addresses as Internally [7:4835]
Bruce, Do you really need that much address space??? If so, you will also need to be concerned about your choice of routing protocols. Also, you definately don't want any of those routes leaking out into the Internet (which sounds like you know). Debbie --- Bruce Williams wrote: > I think you misunderstood my question. I am aware of > the reserved private > addresses, but we need more address space than that. > I want to use the regular Class A public address > space 1.0.0.0 to 126.0.0.0. > That is risky because those addresses are already > assigned on the public > internet. It would work as long as those routes dont > get our of our internal > network. > > Bruce > > - Original Message - > From: "Debbie Westall" > To: "Bruce Williams" > Sent: Thursday, May 17, 2001 10:16 AM > Subject: Re: Using Public addresses as Internally > [7:4835] > > > > This is acceptable. Refer to RFC 1918 and 1597 for > > further info. > > > > You may use the following: > > Class Private Address Range > > A10.0.0.0 . 10.255.255.255 > > B172.16.0.0 . 172.16.255.255 > > C192.168.0.0 . 192.168.255.255 > > > > Just be careful when setting up your filters > (ACLs) > > > > Good Luck > > > > Debbie > > > > --- Bruce Williams > > wrote: > > > My company wants to use public addresses from > the > > > Class A range internally. > > > I realize the danger if these routes got > advertised > > > on the Internet, but is > > > this something that is considered acceptable if > it > > > is carefully done to > > > prevent the risk of these routes being > propagated > > > out on the Public > > > Internet? These networks will be used to address > > > equipment in a multitude of > > > cellular radio base stations around the country > and > > > they will only be > > > connected to our network. There will central > > > locations where users from the > > > internet could access a database which will > query > > > these systems, but there > > > will not be a direct internet connection. I > would > > > appreciate any advice on > > > this. > > > > > > Thanks, > > > > > > > > > Bruce Williams > > > [EMAIL PROTECTED] > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations > to > > [EMAIL PROTECTED] > > > > > > __ > > Do You Yahoo!? > > Yahoo! Auctions - buy the things you want at great > prices > > http://auctions.yahoo.com/ > __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4845&t=4835 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using Public addresses as Internally [7:4835]
SOwhy not just use 10.x.x.x ? NO... it's not acceptable, it's bad practice. Why do it? What's the advantage? ""Bruce Williams"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > My company wants to use public addresses from the Class A range internally. > I realize the danger if these routes got advertised on the Internet, but is > this something that is considered acceptable if it is carefully done to > prevent the risk of these routes being propagated out on the Public > Internet? These networks will be used to address equipment in a multitude of > cellular radio base stations around the country and they will only be > connected to our network. There will central locations where users from the > internet could access a database which will query these systems, but there > will not be a direct internet connection. I would appreciate any advice on > this. > > Thanks, > > > Bruce Williams > [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4843&t=4835 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]