The 69/8 Networking Problem 185
jaredmauch writes "A number of networking providers who receive address space from ARIN have been having problems with their recent IP space allocations. This is a result of outdated filters that applied a few years ago during the boom time of the net, but have not been updated to reflect the current state of the network. Here is a paper that documents some of the problems this filtering is causing providers."
just in case... (Score:3, Informative)
Re:Could someone explain this (Score:4, Informative)
Re:Roll on IPv6 (Score:5, Informative)
Yeah, I had this a while ago with 65/8 (Score:2, Informative)
Turns out that a previous admin blocked all the "reserved" nets, including the 65/8 net which the lawyers and my firm were in.
Blocking these seems like a good idea, but it tends to get neglected and only causes problems in practice.
Re:Could someone explain this (Score:4, Informative)
Re:Not surprising (Score:5, Informative)
The "problem" with using blocks like that are not technical....just like using addresses ending in
Oh...and there that nasty problem of certian addresses lying on bondaries that cause routers that don't properly understand classless routing to choke, but honestly...how many edge device could possibly be out there that are that dated to still have that problem? At least how many that are in a backbone situation where their being broken would actually effect more than 10 people?
Re:Not surprising (Score:5, Informative)
Re:Could someone explain this (Score:5, Informative)
There are several reasons why blocks are reserved by ARIN. Some of them are reserved because they fall on classful routing boundaries, some were reserved based on wanting to keep contiguous space free for various purposes including but not limited to RIPE and APNIC allocations, allowing flexibinity for large network to renumber out of non-contiguius space, etc.
Don't think I'm sticking up for ARIN. Their policies are poor, mostly undocumentated in their actual application, and their customer service sucks.
Testing 69/8 (Score:4, Informative)
http://69box.atlantic.net/ [atlantic.net]
It includes a nifty traceroute utility that you can use to test with.
As a holder of space in the 69/8 range, I'll admit the problem is annoying, but thanks to people like Jon, and this posting on Slashdot, hopefully it will go away.
Re:Not surprising (Score:5, Informative)
I was recently assigned a
Unfortunately, the
Wrong. Having configured static NAT between that IP address and a machine on the inside of the network (172.18.16.24, case in point,) the machine was reachable from Unix and Linux machines, but not from Windows boxes.
Further testing reveals that Windows still uses classful logic to determine whether an IP is 'valid' or not. On attempting to ping 202.59.108.255 from a slew of windows 2000 boxes, tcpdump showed nothing on the other end. An identical test from a unix box showed that it worked just fine.
Re:exactly (Score:4, Informative)
Exactly. Here are a few of the class A's that I don't see valid reason for the holder of them to have a block of such size:
019/8 Ford Motor Company (a car company)
040/8 Eli Lily and Company (a drug company)
048/8 Prudential Securities Inc. (an insurance company)
051/8 Deparment of Social Security of UK (a government department in a relatively small country that has a ridiculously unproportional share)
056/8 U.S. Postal Service (the opposite of email)
There are a handful more which you can see here: http://www.iana.org/assignments/ipv4-address-space [iana.org]
The fact that these companies are cyber-squatting on more than they could resonably need torques me off to the point that, if I run out of unroutables (10/8, 192.168/16, etc) for my intranetworking, I'm going to lay claim to a block or two of those class A's for my intranet and firewall them [existing squatters] off to the outside.
Re:Not surprising (Score:5, Informative)
Shouldn't that be "any address between 0.0.0.1 and 127.255.255.254?"
Re:Devalued IP Space? (Score:3, Informative)
Example: Say you've got x.x.x.0/24 out of x.x.0.0/16.
Now, if people ignore you're announcement they're going to send traffic towards the provider announcing x.x.0.0/16. Somewhere along the way a network in the path might actually be paying attention to your routes, and your traffic gets shuffled towards you.
(But then, somewhere between THERE and you might be a network which doesn't pay attention and it heads back towards the
In short - remember, routing is hop-by-hop. Just because n-1 nodes in the path are listening to the announcement, things don't have to work. Similarly things might be working even if a node in the path isn't listening.
Now, some more facts - do some googling to determine meanings behind some terms/acronyms:
* the whole internet isn't populated with
* Mass BGP filtering isn't to protect memory usage, its also to protect update times. Those CPUs can only _talk_ to neighbouring routers at speeds much below the linerates of cards (even today!
* For a fun bit of historical information do some google searching for the AS7007 incident (or the mass deaggregation/redistribution incident.) Basically someone confed up a router, deaggregated large chunks of IP space into
Phew. I drifted a bit there. I find it interesting to listen and learn about things like this so one doesn't make the mistake in other fields.
Re:Allocation (Score:3, Informative)
A routing table with entries for every
I'm not sure what you mean by "unmanageable": it's been a long time since backbone routing tables were managed by hand. There may be good reasons for small routing tables, but inherent cost and/or complexity of management are not.
Re:Allocation (Score:2, Informative)
each entry requires (at the very minimum) prefix, netmask and nexthop. this is before you remember it's bgp, and has to hold a whole host of other shit (communities, as-path, metric, localpref, weight, origin etc).
i make that:
2^24
= 16777216
16777216*96
= 1610612736 bits for prefix,mask,nexthop
1610612736/8
= 201326592 bytes for the very basics
You can safely double that (at the very least) to factor extra bgp overhead gubbins. Take a third off for route compression, and double that figure if you wanna run soft reconfiguration inbound. That comes out on the sunny side of half a gig for just your bgp table.
also, remember that your $12 stick of RAM will cost $1500 if you're buying ram direct from a router vendor (many refuse to support devices unless you use their propriatory labelled RAM). add on 50 meg for the OS itself and a random amount for your IGP and you're talking about needing a router with a gig of ram.
then think how long it'll take for you to learn this 200 meg routing table. bgp convergence is bad at the best of times, but adding 200 mbyte overhead when you start a bgp session is just ridiculous.
there's a reason why route aggregation is a good thing. and it's precisely because of the 'inherent cost and/or complexity of management'
HTH & HAND