[wellylug] Routing the unroutable, aka 10.0.0.0/8
Ewen McNeill
wellylug at ewen.mcneill.gen.nz
Fri Sep 26 10:38:05 NZST 2014
On 25/09/14 18:04, Christian Gagneraud wrote:
> I was having network problems on our local network, while
> troubleshooting I realise that from here I can access lot of address
> belonging to the (theoretically not routed) private network 10.0.0.0/8
> [10.0.0.0/8 linknet in the middle of traceroutes]
The problem is with the "theoretically" not routed. Back in the old
days when there were lots more IPv4 addresses than people who wanted
them, everything was numbered with globally unique IP addresses. Which
worked well, when there were abundant IP addresses just for the asking
(literally when I first started using the Internet you could get a /24
just by saying "hi, I'd like some IP addresses please" -- and more with
some indication of how you'd use them).
Starting 10-15 years ago this stopped being true. So increasingly
people started numbering "internal" things with "site-local" addresses.
For ISPs, the linknets between their routers are -- sort of --
internal: they don't really need to talk to the outside world directly.
So at least 10+ years ago some ISPs started using RFC1918 address
space for their router linknets, to conserve IPs (IIRC I first saw Xtra
doing this around 2000).
The trouble is that ISPs have customers. And router linknets can appear
in traceroutes, like the one you're doing. So RFC1918 addresses
randomly in the middle of traceroutes causes either (a) confusion, or
(b) gaps (if your border firewall blocks RFC1918 addresses from the
Internet).
Unfortunately demand for IPv4 addresses is even higher now, and there
are no more IPv4 addresses to be able to give everyone the ample volume
they want. So it doesn't surprise me that more and more ISPs end up
using RFC1918 addresses in ways that are visible in some situations.
For a while longer the ones taking extra care can probably carefully
hide that use from outside visibility (eg, reply with loopback address,
which may still be one-public-IP-per-router). But I expect private
addresses will leak out more and more over the next couple of years,
anywhere that doesn't require bidirectional end-to-end communication.
TL;DR: nothing to see here, move along.
Ewen
PS:
> Now if i scan the same subnet several time in a row, i don't get the
> same result, weird!
There are probably multiple, equal cost, paths the traffic can take at
that point.
More information about the wellylug
mailing list