[58005] in North American Network Operators' Group
Re: Get as much IP space as you ever dreamed of, was: Re: Looking
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Tue Apr 29 05:38:20 2003
Date: Tue, 29 Apr 2003 10:37:46 +0100 (BST)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Jack Bates <jbates@brightok.net>
Cc: nanog@merit.edu
In-Reply-To: <3EADFA28.4030300@brightok.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 28 Apr 2003, Jack Bates wrote:
>
> Kai Schlichting wrote:
> > An example covering this exact case: 9.0.0.0/8 is such a space, owned by IBM.
> >
> > Some illicit use documented at www.ris.ripe.net :
> >
> > 9.184.112.0/20
> > 9.186.144.0/20 , both from AS 3786 (dacom.co.kr, bora.net) , since at
> > least 2002/12/26.
> >
> > IBM confirmed the bogosity of these announcements on 04/07, the routes
> > got withdrawn on 04/14.
>
> Actually, IBM confirmed that any announcements from 9/8 were guaranteed
> to be bogus. IBM uses 9/8 internally. They use NAT to convert 9/8
> addresses back to routed addresses. One can imagine that IBM has a large
> internal network globally with interconnects to various partners. Yet
> many companies have found that utilization of NAT when communicating
> with the public networks is a sound addition to security.
Further to my earlier post.. a large global private network requiring unique
space at many sites, they use 9/8 .. why not use 10/8 ??? (renumbering reasons
aside that is!)
Recall the counter argument from Stephen Sprunk was that it needed a per site
allocation from a registry, and yet these guys are managing just fine without
it!
Steve
>
> Private peering follows different rulesets than public. Many respectable
> organizations still don't understand that you can Peer privately without
> exporting each others advertisements in order to save expenditures to
> third parties when transiting traffic between the two networks. Security
> percautions are also treated different. What you would offer a partner
> sometimes exceeds the access you'd allow the public.
>
> While there are benefits to registering space that isn't routed on the
> public network, such space needs to be declared as such. Until that
> time, people will continue to hijack those networks and use them for
> their own ends.
>
> -Jack
>
>
