[157451] in North American Network Operators' Group
Re: Issues encountered with assigning .0 and .255 as usable addresses?
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Mon Oct 22 20:24:10 2012
In-Reply-To: <73A9A2579638014A8254BF9FE31DDB244FAF4FA6@mbx2.jiveland.com>
Date: Mon, 22 Oct 2012 19:23:54 -0500
From: Jimmy Hess <mysidia@gmail.com>
To: Paul Zugnoni <paul.zugnoni@jivesoftware.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 10/22/12, Paul Zugnoni <paul.zugnoni@jivesoftware.com> wrote:
[snip]
> Any experience or recommendations? Besides replace the ISA proxy=85. Sinc=
e
> it's not mine to replace. Also curious whether there's an RFC recommendin=
g
> against the use of .0 or .255 addresses for this reason.
ISA is old, and might not be supported anymore, unless you have an
extended support contract. If it's not supported anymore, then don't
be surprised if it has breakage you will not be able to repair. I
don't recommend upgrading to TMG, either: although still supported,
that was just discontinued.
If ISA is refusing traffic to/from IPs ending in .0, then ISA is
either broken, or misconfigured.
Get a support case with the vendor, raise it as a critical issue --
unable to pass traffic to critical infrastructure that ends with a
.255 or .0 IP address, demand that the vendor provide a resolution,
And explain that changing the IP address of the remote server is not an opt=
ion.
If the vendor can't or won't provide a resolution, then not only is
the proxy server broken,
but malfunctioning in a way that has an impact on network connectivity.
I would consider its removal compulsory, as you never know, when a
network resource, web site, e-mail server, etc. your org has a
business critical need to access, or be accessed from; may be
placed on .255 or .0
--
-JH
