Re: routing routable IPs over non-routable IPs
On Sat, 02 Jun 2001 17:44:19 -0400, [EMAIL PROTECTED] (Chris Wagner) wrote: >While we're on this subject, does anyone know what IANA plans to do with the >vast number of "reserved" ip ranges. There are atleast 75 reserved class A >ranges that I don't know what they're reserved for. People are claiming >we're running out of ip addresses but as far as I can see there's more than >enough left for decades to come. They just recently started to assign 217.0.0.0/8 to RIPE which has been previously assigned. Greeings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
Re: routing routable IPs over non-routable IPs
On Sat, 02 Jun 2001 17:44:19 -0400, [EMAIL PROTECTED] (Chris Wagner) wrote: >While we're on this subject, does anyone know what IANA plans to do with the >vast number of "reserved" ip ranges. There are atleast 75 reserved class A >ranges that I don't know what they're reserved for. People are claiming >we're running out of ip addresses but as far as I can see there's more than >enough left for decades to come. They just recently started to assign 217.0.0.0/8 to RIPE which has been previously assigned. Greeings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: routing routable IPs over non-routable IPs
While we're on this subject, does anyone know what IANA plans to do with the vast number of "reserved" ip ranges. There are atleast 75 reserved class A ranges that I don't know what they're reserved for. People are claiming we're running out of ip addresses but as far as I can see there's more than enough left for decades to come. At 09:28 PM 6/1/01 +0200, Marc Haber wrote: >On Tue, 22 May 2001 08:00:01 +0200, Robert Waldner ><[EMAIL PROTECTED]> wrote: >>On Tue, 22 May 2001 01:26:56 EDT, Chris Wagner writes: >>>We should probably clarify "non-routable" by saying "non-publicly routable". >> >>Well, we could also say RFC1918, couldn´t we ;-? > >I prefer to say "site local" which is both almost accurate and terse. >This is not offical terminology, but there is an RFC that calls the >"169.254.0.0/16" "link local", so "site local" seems fine. > >Greetings >Marc > ---==--- ___/``\___ 0100
Re: routing routable IPs over non-routable IPs
While we're on this subject, does anyone know what IANA plans to do with the vast number of "reserved" ip ranges. There are atleast 75 reserved class A ranges that I don't know what they're reserved for. People are claiming we're running out of ip addresses but as far as I can see there's more than enough left for decades to come. At 09:28 PM 6/1/01 +0200, Marc Haber wrote: >On Tue, 22 May 2001 08:00:01 +0200, Robert Waldner ><[EMAIL PROTECTED]> wrote: >>On Tue, 22 May 2001 01:26:56 EDT, Chris Wagner writes: >>>We should probably clarify "non-routable" by saying "non-publicly routable". >> >>Well, we could also say RFC1918, couldn´t we ;-? > >I prefer to say "site local" which is both almost accurate and terse. >This is not offical terminology, but there is an RFC that calls the >"169.254.0.0/16" "link local", so "site local" seems fine. > >Greetings >Marc > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: routing routable IPs over non-routable IPs
On Tue, 22 May 2001 08:00:01 +0200, Robert Waldner <[EMAIL PROTECTED]> wrote: >On Tue, 22 May 2001 01:26:56 EDT, Chris Wagner writes: >>We should probably clarify "non-routable" by saying "non-publicly routable". > >Well, we could also say RFC1918, couldn´t we ;-? I prefer to say "site local" which is both almost accurate and terse. This is not offical terminology, but there is an RFC that calls the "169.254.0.0/16" "link local", so "site local" seems fine. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
Re: routing routable IPs over non-routable IPs
On Mon, 21 May 2001 07:27:44 +0200, Robert Waldner <[EMAIL PROTECTED]> wrote: >Yes, but you should specify the netmask in 255.x.x.x-notation, route on > linux sometimes tends to get classful when facing /-notation... I'd recommend the ip program from the iproute package which groks prefix notation perfectly. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
Re: routing routable IPs over non-routable IPs
On Tue, 22 May 2001 08:00:01 +0200, Robert Waldner <[EMAIL PROTECTED]> wrote: >On Tue, 22 May 2001 01:26:56 EDT, Chris Wagner writes: >>We should probably clarify "non-routable" by saying "non-publicly routable". > >Well, we could also say RFC1918, couldn´t we ;-? I prefer to say "site local" which is both almost accurate and terse. This is not offical terminology, but there is an RFC that calls the "169.254.0.0/16" "link local", so "site local" seems fine. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: routing routable IPs over non-routable IPs
On Mon, 21 May 2001 07:27:44 +0200, Robert Waldner <[EMAIL PROTECTED]> wrote: >Yes, but you should specify the netmask in 255.x.x.x-notation, route on > linux sometimes tends to get classful when facing /-notation... I'd recommend the ip program from the iproute package which groks prefix notation perfectly. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: routing routable IPs over non-routable IPs
At 08:00 AM 5/22/01 +0200, Robert Waldner wrote: > >On Tue, 22 May 2001 01:26:56 EDT, Chris Wagner writes: >>We should probably clarify "non-routable" by saying "non-publicly routable". > >Well, we could also say RFC1918, couldn´t we ;-? LOL >- DNS, you´ll have to set up split DNS for your RFC1918- and external > IPs I consider that to be good sense from a security standpoint regardless. >- in Real Life, you sometimes _will_ have to debug from the outside of > your network >- in Real Life, someone else _will_ debug from the outside (and quite > probably complain about the RFC1918-IPs or simply be fed up) Hehe, yeah I receive complaints from those people from time to time. :D But it's a moot point since the firewalls filter anything useful... ---==--- ___/``\___ 0100
Re: routing routable IPs over non-routable IPs
On Tue, 22 May 2001 01:26:56 EDT, Chris Wagner writes: >We should probably clarify "non-routable" by saying "non-publicly routable". Well, we could also say RFC1918, couldn´t we ;-? >Routers have no concept of restricted ip ranges other than what is programed >into them. As long as you are debugging from a place that "knows about" >your private ip's, there shouldn't be a problem. At GE we cross privates to >go from public to public all the time. Well, there are several issues, none of them really bad, but if you want a clean setup..: - DNS, you´ll have to set up split DNS for your RFC1918- and external IPs - in Real Life, you sometimes _will_ have to debug from the outside of your network - in Real Life, someone else _will_ debug from the outside (and quite probably complain about the RFC1918-IPs or simply be fed up) cheers, &rw -- / Ing. Robert Waldner | <[EMAIL PROTECTED]> \ \ Xsoft GmbH | T: +43 1 796 36 36 692 /
Re: routing routable IPs over non-routable IPs
At 07:27 AM 5/21/01 +0200, Robert Waldner wrote: >On Mon, 21 May 2001 13:46:14 +1000, Jeremy Lunn writes: >>I know this isn't Debian specific. But I'm just wondering if it's fine >>to route routable IP addresses over non-routable IP addresess. > >Yes, although many would consider it bad practice (I am an example), > because you´ll face trouble when you have to debug something, and have > non-routable IPs on some path. We should probably clarify "non-routable" by saying "non-publicly routable". Routers have no concept of restricted ip ranges other than what is programed into them. As long as you are debugging from a place that "knows about" your private ip's, there shouldn't be a problem. At GE we cross privates to go from public to public all the time. ---==--- ___/``\___ 0100
Re: routing routable IPs over non-routable IPs
At 08:00 AM 5/22/01 +0200, Robert Waldner wrote: > >On Tue, 22 May 2001 01:26:56 EDT, Chris Wagner writes: >>We should probably clarify "non-routable" by saying "non-publicly routable". > >Well, we could also say RFC1918, couldn´t we ;-? LOL >- DNS, you´ll have to set up split DNS for your RFC1918- and external > IPs I consider that to be good sense from a security standpoint regardless. >- in Real Life, you sometimes _will_ have to debug from the outside of > your network >- in Real Life, someone else _will_ debug from the outside (and quite > probably complain about the RFC1918-IPs or simply be fed up) Hehe, yeah I receive complaints from those people from time to time. :D But it's a moot point since the firewalls filter anything useful... ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: routing routable IPs over non-routable IPs
On Tue, 22 May 2001 01:26:56 EDT, Chris Wagner writes: >We should probably clarify "non-routable" by saying "non-publicly routable". Well, we could also say RFC1918, couldn´t we ;-? >Routers have no concept of restricted ip ranges other than what is programed >into them. As long as you are debugging from a place that "knows about" >your private ip's, there shouldn't be a problem. At GE we cross privates to >go from public to public all the time. Well, there are several issues, none of them really bad, but if you want a clean setup..: - DNS, you´ll have to set up split DNS for your RFC1918- and external IPs - in Real Life, you sometimes _will_ have to debug from the outside of your network - in Real Life, someone else _will_ debug from the outside (and quite probably complain about the RFC1918-IPs or simply be fed up) cheers, &rw -- / Ing. Robert Waldner | <[EMAIL PROTECTED]> \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: routing routable IPs over non-routable IPs
At 07:27 AM 5/21/01 +0200, Robert Waldner wrote: >On Mon, 21 May 2001 13:46:14 +1000, Jeremy Lunn writes: >>I know this isn't Debian specific. But I'm just wondering if it's fine >>to route routable IP addresses over non-routable IP addresess. > >Yes, although many would consider it bad practice (I am an example), > because you´ll face trouble when you have to debug something, and have > non-routable IPs on some path. We should probably clarify "non-routable" by saying "non-publicly routable". Routers have no concept of restricted ip ranges other than what is programed into them. As long as you are debugging from a place that "knows about" your private ip's, there shouldn't be a problem. At GE we cross privates to go from public to public all the time. ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: routing routable IPs over non-routable IPs
On Mon, 21 May 2001 13:46:14 +1000, Jeremy Lunn writes: >I know this isn't Debian specific. But I'm just wondering if it's fine >to route routable IP addresses over non-routable IP addresess. Yes, although many would consider it bad practice (I am an example), because you´ll face trouble when you have to debug something, and have non-routable IPs on some path. >So is it just a matter of setting up something like >/sbin/route -net 10.1.2.0/24 gw 172.16.5.2 >on the gateway? Yes, but you should specify the netmask in 255.x.x.x-notation, route on linux sometimes tends to get classful when facing /-notation... cheers, &rw -- / Ing. Robert Waldner | <[EMAIL PROTECTED]> \ \ Xsoft GmbH | T: +43 1 796 36 36 692 /
Re: routing routable IPs over non-routable IPs
Yes, many people do it with ciscos all the time, linux should be no different. However, there are a couple of downsides (speaking from cisco experience only) It hurts for troubleshooting... you cant trace/ping directly to an interface, only a net... On Mon, 21 May 2001, Jeremy Lunn wrote: > I know this isn't Debian specific. But I'm just wondering if it's fine > to route routable IP addresses over non-routable IP addresess. > > For example: > (in this example assume that 10.0.0.0/8 is a routable range). > > ++ > | 10.1.1.4 (internet)| > || > | gateway| > || > | 172.16.5.1 | > ++ > | > | > | > ++ > | 172.16.5.2 | > || > | DSLAM/NAS | > || > | 10.1.2.0/24 routed to a| > | client | > ++ > > So is it just a matter of setting up something like > /sbin/route -net 10.1.2.0/24 gw 172.16.5.2 > on the gateway? > > I would assume this would work but I've never tested it. I didn't use a > real routable subnet in this example because we haven't been allocated > any yet and I wopuldn't use someone else's IPs in an example :) > > -- > Jeremy Lunn > Melbourne, Australia > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- John Gonzalez / [EMAIL PROTECTED] / [EMAIL PROTECTED] Tularosa Communications, Inc. (505) 439-0200 voice / (505) 443-1228 fax http://www.tularosa.net / ASN 11711 / JG6416 [--[ sys info ]---] 10:00pm up 256 days, 3:29, 5 users, load average: 0.01, 0.08, 0.05
routing routable IPs over non-routable IPs
I know this isn't Debian specific. But I'm just wondering if it's fine to route routable IP addresses over non-routable IP addresess. For example: (in this example assume that 10.0.0.0/8 is a routable range). ++ | 10.1.1.4 (internet)| || | gateway| || | 172.16.5.1 | ++ | | | ++ | 172.16.5.2 | || | DSLAM/NAS | || | 10.1.2.0/24 routed to a| | client | ++ So is it just a matter of setting up something like /sbin/route -net 10.1.2.0/24 gw 172.16.5.2 on the gateway? I would assume this would work but I've never tested it. I didn't use a real routable subnet in this example because we haven't been allocated any yet and I wopuldn't use someone else's IPs in an example :) -- Jeremy Lunn Melbourne, Australia
Re: routing routable IPs over non-routable IPs
On Mon, 21 May 2001 13:46:14 +1000, Jeremy Lunn writes: >I know this isn't Debian specific. But I'm just wondering if it's fine >to route routable IP addresses over non-routable IP addresess. Yes, although many would consider it bad practice (I am an example), because you´ll face trouble when you have to debug something, and have non-routable IPs on some path. >So is it just a matter of setting up something like >/sbin/route -net 10.1.2.0/24 gw 172.16.5.2 >on the gateway? Yes, but you should specify the netmask in 255.x.x.x-notation, route on linux sometimes tends to get classful when facing /-notation... cheers, &rw -- / Ing. Robert Waldner | <[EMAIL PROTECTED]> \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: routing routable IPs over non-routable IPs
Yes, many people do it with ciscos all the time, linux should be no different. However, there are a couple of downsides (speaking from cisco experience only) It hurts for troubleshooting... you cant trace/ping directly to an interface, only a net... On Mon, 21 May 2001, Jeremy Lunn wrote: > I know this isn't Debian specific. But I'm just wondering if it's fine > to route routable IP addresses over non-routable IP addresess. > > For example: > (in this example assume that 10.0.0.0/8 is a routable range). > > ++ > | 10.1.1.4 (internet)| > || > | gateway| > || > | 172.16.5.1 | > ++ > | > | > | > ++ > | 172.16.5.2 | > || > | DSLAM/NAS | > || > | 10.1.2.0/24 routed to a| > | client | > ++ > > So is it just a matter of setting up something like > /sbin/route -net 10.1.2.0/24 gw 172.16.5.2 > on the gateway? > > I would assume this would work but I've never tested it. I didn't use a > real routable subnet in this example because we haven't been allocated > any yet and I wopuldn't use someone else's IPs in an example :) > > -- > Jeremy Lunn > Melbourne, Australia > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- John Gonzalez / [EMAIL PROTECTED] / [EMAIL PROTECTED] Tularosa Communications, Inc. (505) 439-0200 voice / (505) 443-1228 fax http://www.tularosa.net / ASN 11711 / JG6416 [--[ sys info ]---] 10:00pm up 256 days, 3:29, 5 users, load average: 0.01, 0.08, 0.05 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
routing routable IPs over non-routable IPs
I know this isn't Debian specific. But I'm just wondering if it's fine to route routable IP addresses over non-routable IP addresess. For example: (in this example assume that 10.0.0.0/8 is a routable range). ++ | 10.1.1.4 (internet)| || | gateway| || | 172.16.5.1 | ++ | | | ++ | 172.16.5.2 | || | DSLAM/NAS | || | 10.1.2.0/24 routed to a| | client | ++ So is it just a matter of setting up something like /sbin/route -net 10.1.2.0/24 gw 172.16.5.2 on the gateway? I would assume this would work but I've never tested it. I didn't use a real routable subnet in this example because we haven't been allocated any yet and I wopuldn't use someone else's IPs in an example :) -- Jeremy Lunn Melbourne, Australia -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]