[156666] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: The Department of Work and Pensions, UK has an entire /8

daemon@ATHENA.MIT.EDU (Stephen Sprunk)
Fri Sep 21 16:22:23 2012

Date: Fri, 21 Sep 2012 15:21:01 -0500
From: Stephen Sprunk <stephen@sprunk.org>
To: George Herbert <george.herbert@gmail.com>
In-Reply-To: <CAK__KztSZhQ1rK9PzR+4+TADFmw-ibSmU_+1BAQOir9vTBYesA@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

This is a cryptographically signed message in MIME format.

--------------ms080901080902090808020904
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 20-Sep-12 20:51, George Herbert wrote:
> On Thu, Sep 20, 2012 at 5:13 PM, Stephen Sprunk <stephen@sprunk.org>
> wrote:
>> Actually, they're not any different, aside from scale. Some
>> private internets have hundreds to thousands of participants, and
>> they often use obscure protocols on obscure systems that were
>> killed off by their vendors (if the vendors even exist anymore) a
>> decade or more ago, and no source code or upgrade path is
>> available.
>>
>> The "enterprise" networking world is just as ugly as, if not
>> uglier than, the consumer one.
>
> I haven't worked much on the commercial private internets, but I did
> work for someone who connected on the back end into numerous telco
> cellphone IP data networks.
>
> For all of those who argue that these applications should use 1918
> space, I give you those networks, where at one point I counted
> literally 8 different 10.200.x/16 nets I could talk to at different
> partners (scarily enough, 2 of those were "the same company"...).
> And hundreds and hundreds of other space conflicts.

That's all?  I consulted for one customer that had several (six?=20
eight?) instances of 10/8 within their own enterprise, simply because
they needed that many addresses.  That doesn't include the dozens of
legacy /16s they used in their data centers--plus the hundreds of legacy
/24s they used in double-sided NAT configurations between them and
various business partners, COINs, etc.

Yet all that was exposed to the consumer internet was a couple of /24s
for their web servers, email servers and VPN concentrators.

> Yes, you can NAT all of that, but if you get network issues where
> you need to know the phone end address and do end to end debugging
> on stuff, there are no curse words strong enough in the English
> language.

That's the truth.  To get from a credit card terminal to the bank
involved _at least_ three layers of NAT on our side, and I don't know
how many layers of NAT there were in total on the bank's side, but it
was at least two.

S

--=20
Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking


--------------ms080901080902090808020904
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFNjCC
BTIwggMaoAMCAQICAwuIVDANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4w
HAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmlu
ZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMjAz
MjcxOTQ4NTdaFw0xMjA5MjMxOTQ4NTdaMD0xGDAWBgNVBAMTD0NBY2VydCBXb1QgVXNlcjEh
MB8GCSqGSIb3DQEJARYSc3RlcGhlbkBzcHJ1bmsub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1qAUmWE5Nv/9HFl7f52VrEoGqhbYG1rPE7go13pSxgUBi02iDNKyDTJH
b/CswpO/FE9p34QbUlnOXY3LRrLh+/NaS496breDA8mRKCceNHIPaiK3Mwpl0q787WQalrp9
mBV2jKHobOMOWbtNiuYSq6k4qfqIvFJvGOsgizcqeMjjLyR8GimjGCQYuH2o970PhlNidpAj
mVMCBehc3RhjmevEn4ydIL7j0bmFj9YuLxaoISq6icdh7VFxqAzdEbHhQHKp1N8aNq5yhcWD
M//Bq8MpMd1+zNse/pVc7/42G5iArYkImUbu/P48PgR8ZX9D59hJxP7kRyKVT9dbTNkh4wID
AQABo4H+MIH7MAwGA1UdEwEB/wQCMAAwVgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93
biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBoZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQu
b3JnMEAGA1UdJQQ5MDcGCCsGAQUFBwMEBggrBgEFBQcDAgYKKwYBBAGCNwoDBAYKKwYBBAGC
NwoDAwYJYIZIAYb4QgQBMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29j
c3AuY2FjZXJ0Lm9yZzAdBgNVHREEFjAUgRJzdGVwaGVuQHNwcnVuay5vcmcwDQYJKoZIhvcN
AQEFBQADggIBAD8tqTvu2ZrBGK01AFSzf0BYcYNXMRwK8XqWQpeJwo2+s+GSsrukNEEn2mNn
RLIF879e/7dmLoCVKkWXqhn/L9BdWTquRHuAQqokyddekrKFP7yNabXUOVD4dxkzgGc/pD70
7uj5pfIAqx7/JYUPdCgWtX91gtxN3CVmUUAKcewA/xXJy1VPZVR3q6aP9K/4x4Qir06xVtZm
BApKc4s5zaD8b8CLxFhKDw/NUymby1OKjSS7h5JhPsdOOqm6JeGHKRhL3tGFv5ObUTK4ABz8
LF2rtpx/h+eRMP0CxQaI50fz8H0fDMBo4ztsdEAmp9lh0F9CyCYAkt3qLhXFDvX2lOGqmB4f
4Q4/atUCqZnUA/4hZGC0PKgwTOSztFvPlAGtb/S7NeAhv3x6HTMsIP+yanB8/HBJtZXariH3
D2fpUibEFCPubaVSciPKEpI/Lv+BtQ7FmsbQqTV+iHovbQYZ/UcFtfjIcBCnQJjGmk3V5nsE
0p+Aw/IiHUoYwZD+TjaaBBGNJnFaQosQtwy44jwURIb+Lb1/ditqIlXobV9ShzAApuHc3g9R
CPjrmVlEDaLaG/82L92QqE84CrUfUWNqMqtDskQtizkD1ju8sfH9NJHLYolpbUlPJrWCW/8z
Cl25O3uLZMn8gc6egClBfIm+jGZuSQ9sohcX4hw1jg7wK1guMYIDlDCCA5ACAQEwgYAweTEQ
MA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYD
VQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0
QGNhY2VydC5vcmcCAwuIVDAJBgUrDgMCGgUAoIIB6DAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0xMjA5MjEyMDIxMDFaMCMGCSqGSIb3DQEJBDEWBBStSWKy
3DIdzB99y4qGS99P801ouzBfBgkqhkiG9w0BCQ8xUjBQMAsGCWCGSAFlAwQBAjAKBggqhkiG
9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcN
AwICASgwgZEGCSsGAQQBgjcQBDGBgzCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL
ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRo
b3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDC4hUMIGTBgsqhkiG
9w0BCRACCzGBg6CBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3
LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkq
hkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDC4hUMA0GCSqGSIb3DQEBAQUABIIBAC9G
Bg1yLvCcfyurheYu/A47JKEBpuAd7stPD2ID3JeWK/K/nAIITJxAQ6rgX/Cf9NdlLfddHiJR
avut4aGUi3WQ4kOsHshCg4Ytg2ULmt1MiyzHQbAlQqm9O9x95dAdRcqIKzn04rGTXG2Qh9wj
bnN67qHpZbg5cWRiU8Ebl54YB6A42rNEMCz98Nm1RpYFbaA6+4/Wk/9A581PFv7JF4Z5Pw7E
AzTcdrF97vaI6Ahv8lt0k1AnfNN/RNlUdlYikczFTt4h4z/ZGX2WfilEfetBK1vvkourM5CT
H6T7yxN0l8LUdDtsz02ck9vaeL7WxBOsLFH2FfRnDXinzB3/ZqcAAAAAAAA=
--------------ms080901080902090808020904--
home help back first fref pref prev next nref lref last post