[124007] in North American Network Operators' Group
RE: Using private APNIC range in US
daemon@ATHENA.MIT.EDU (Eric J Esslinger)
Fri Mar 19 13:13:15 2010
From: Eric J Esslinger <eesslinger@fpu-tn.com>
To: "'nanog@nanog.org'" <nanog@nanog.org>
Date: Fri, 19 Mar 2010 12:12:37 -0500
In-Reply-To: <607f1e0a1003190806r66487175i35977d74ea152abb@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--_002_D2D37F15EBBD524693E9F3CB32D0208004496D88C2exchangecorpf_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
> -----Original Message-----
> From: Charles Mills [mailto:w3yni1@gmail.com]
> Sent: Friday, March 19, 2010 10:06 AM
> To: Matt Shadbolt
> Cc: nanog@nanog.org
> Subject: Re: Using private APNIC range in US
>
>
> I love war stories. I once got chewed out by a colleague <?>
> from another organization because we were using "their" address space.
>
> We were using 10.0.0.0/8. Explanation of NAT and RFC1918 was
> met with a deer in the headlights look.
>
> On Fri, Mar 19, 2010 at 12:04 AM, Matt Shadbolt
> <matt.shadbolt@gmail.com> wrote:
> > I once had a customer who for some reason had all their printers on
> > public addresses they didn't own. Not advertising them outside, but
> > internally whenever a user browsed to a external site that
> happened to
> > be one of the addresses used, they would just receive a HP
> or Konica
> > login page :)
> >
> > They didn't mind though. No idea if they've changed it since.
> >
> >
Was troubleshooting a customer's vpn trouble a few years ago at another ISP=
. Could connect from outside our ISP, but users of our service sometimes co=
uld and sometimes couldn't connect.
Turns out the Master Network Manager (that's what he called himself) had lo=
oked at the static IP assignment, and extrapolated back the whole /22 they =
were on and used it for the inside of his NAT router. When people hit that =
part of our network pool, they could make the initial connection but then t=
he poor firewall would have a nervous breakdown and not pass traffic right =
(I don't blame it).
My solution: Renumber to a reserved private block internally. He had about =
200 devices with static assigned dhcp on about 10 of them.
His solution: Every company user that gets access through our service had t=
o get some form of other service in order to connect to his network by vpn =
since we 'don't know what we're doing with network configuration'. 35 peopl=
e either switched away from us or got a second (usually dial up) connection=
for when they wanted to vpn in.
I believe his core mantra was that the private 1918's were 'not secure' for=
some reason he couldn't articulate to me.
This message may contain confidential and/or proprietary information and is=
intended for the person/entity to whom it was originally addressed. Any us=
e by others is strictly prohibited.
--_002_D2D37F15EBBD524693E9F3CB32D0208004496D88C2exchangecorpf_
Content-Type: text/x-vcard; name="Eric J Esslinger.vcf"
Content-Description: Eric J Esslinger.vcf
Content-Disposition: attachment; filename="Eric J Esslinger.vcf"; size=498;
creation-date="Tue, 22 Sep 2009 09:31:13 GMT";
modification-date="Tue, 22 Sep 2009 09:33:05 GMT"
Content-Transfer-Encoding: base64
QkVHSU46VkNBUkQNClZFUlNJT046Mi4xDQpOOkVzc2xpbmdlcjtFcmljDQpGTjpFcmljIEogRXNz
bGluZ2VyDQpPUkc6RmF5ZXR0ZXZpbGxlIFB1YmxpYyBVdGlsaXRpZXM7SW5mb3JtYXRpb24gVGVj
aG5vbG9neQ0KVElUTEU6SW5mb3JtYXRpb24gU2VydmljZXMgTWFuYWdlcg0KVEVMO1dPUks7Vk9J
Q0U6OTMxLTQzMy0xNTIyIGV4dCAxNjUNCkFEUjtXT1JLOjtIZWFkZW5kIC0gTWFpbiBCdWlsZGlu
Zzs0MDggQ29sbGVnZSBTdC4gVy47RmF5ZXR0ZXZpbGxlO1ROOzM3MzM0O1VuaXRlZCBTdGF0ZXMN
CkxBQkVMO1dPUks7RU5DT0RJTkc9UVVPVEVELVBSSU5UQUJMRTpIZWFkZW5kIC0gTWFpbiBCdWls
ZGluZz0wRD0wQTQwOCBDb2xsZWdlIFN0LiBXLj0wRD0wQUZheWV0dGV2aWxsZSwgVE4gMzczMzQ9
DQo9MEQ9MEFVbml0ZWQgU3RhdGVzDQpFTUFJTDtQUkVGO0lOVEVSTkVUOmVlc3NsaW5nZXJAZnB1
LXRuLmNvbQ0KUkVWOjIwMDkwOTIyVDE0MzMwNVoNCkVORDpWQ0FSRA0K
--_002_D2D37F15EBBD524693E9F3CB32D0208004496D88C2exchangecorpf_--
