[wellylug] Routing the unroutable, aka 10.0.0.0/8

Cliffp enkidu at cliffp.com
Fri Sep 26 14:08:45 NZST 2014


On 26/09/14 10:38, Ewen McNeill wrote:
> On 25/09/14 18:04, Christian Gagneraud wrote:
>> I was having network problems on our local network, while
>> troubleshooting I realise that from here I can access lot of address
>> belonging to the (theoretically not routed) private network 10.0.0.0/8
>> [10.0.0.0/8 linknet in the middle of traceroutes]
>
> The problem is with the "theoretically" not routed.  Back in the old
> days when there were lots more IPv4 addresses than people who wanted
> them, everything was numbered with globally unique IP addresses.  Which
> worked well, when there were abundant IP addresses just for the asking
> (literally when I first started using the Internet you could get a /24
> just by saying "hi, I'd like some IP addresses please" -- and more with
> some indication of how you'd use them).
>
> Starting 10-15 years ago this stopped being true.  So increasingly
> people started numbering "internal" things with "site-local" addresses.
>   For ISPs, the linknets between their routers are -- sort of --
> internal: they don't really need to talk to the outside world directly.
>   So at least 10+ years ago some ISPs started using RFC1918 address
> space for their router linknets, to conserve IPs (IIRC I first saw Xtra
> doing this around 2000).
>
> The trouble is that ISPs have customers.  And router linknets can appear
> in traceroutes, like the one you're doing.  So RFC1918 addresses
> randomly in the middle of traceroutes causes either (a) confusion, or
> (b) gaps (if your border firewall blocks RFC1918 addresses from the
> Internet).
>
> Unfortunately demand for IPv4 addresses is even higher now, and there
> are no more IPv4 addresses to be able to give everyone the ample volume
> they want.  So it doesn't surprise me that more and more ISPs end up
> using RFC1918 addresses in ways that are visible in some situations. For
> a while longer the ones taking extra care can probably carefully hide
> that use from outside visibility (eg, reply with loopback address, which
> may still be one-public-IP-per-router).  But I expect private addresses
> will leak out more and more over the next couple of years, anywhere that
> doesn't require bidirectional end-to-end communication.
>
> TL;DR: nothing to see here, move along.
>
> Ewen
>
> PS:
>
>> Now if i scan the same subnet several time in a row, i don't get the
>> same result, weird!
>
> There are probably multiple, equal cost, paths the traffic can take at
> that point.
>
What about the possibility that a major part of the backbones services 
and possibly ISP services go IPV6?

Cheers,

Cliff



More information about the wellylug mailing list