From: andrew.2.shore@xxxxxx
Date: Wed Aug 08 2001 - 04:40:15 GMT-3
CAN every one get the point of this.
The private networks ARE NOT being advertised on the internet.
They are private TRANSIT networks within a data centre.
YOU CAN NOT access them from the internet.
They are there 2 reasons why data centres uses these
1) To save public address space within data centres by using them to get
from the internet connected router to the users servers.
2) Security, if the vlans are not accessible from the internet it is more
difficult to access devices on them, devices the ISP does not want to the
public to access.
Trust me I build them.
Sorry for getting pissed off but this thread is going off at a tangent and
round in circles at the same time :)
Andrew Shore. CCNP+Security, MCSE, CCP, BSc
Network Consultant
Internetworking Solutions Limited
-----Original Message-----
From: Jeff Omick [mailto:jomick@lucent.com]
Sent: 08 August 2001 03:27
To: Andrew Lennon; ccielab@groupstudy.com
Subject: Re: Routing
Here is an excerpt from rfc 1918.
3 Private Address Space
The Internet Assigned Numbers Authority (IANA) has reserved the
following
three blocks of the
IP address space for private internets:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
Jeff Omick
Andrew Lennon wrote:
>
> Monty,
>
> 192.168.0.0 can be a /8 (not recommended though). You need to think
> CIDR. Because the address range starts at 192.0.0.0 and ends at
> 192.255.255.255, any address within that range is valid (no rfc 1918's
> though). Hence if you are a crap ISP you can aggregate incorrectly and
> advertise Martian Networks. Once this has happened, it is up to the
> upstream ISP to block these using route-maps/communities etc.
>
> Same applies to, say, 172.23.1.1/24. this should be filtered by the
> upstream ISP
>
> Using BGP aggregation with summary suppression and/or communities would
> allow you to advertise those routes that are valid within the 192/8
> block and shut out those not valid.
>
> Providing you are not connecting to an address (rfc 1918) in that range
> from a globally routable address and not passing though an intermediary
> trying to route the same range you should be fine.
>
> There are other addresses within the 192/8 block on top of those
> specified in rfc 1918 which are not routable, but I can't remember now!
>
> So far I know of the following:
>
> 10/8
> 66.0.0.0 - 126.0.0.0
> 164.0.0.0 -191.255.255.255 (some are in use now I think. 165-170 maybe)
>
> Anyone know of any others outside this, let me know!
>
> Andy
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Monty.Majszak@Level3.com
> Sent: 07 August 2001 19:31
> To: austin.alao@bt.com; andrew.2.shore@bt.com; Leonard_Ong@iname.com;
> ccielab@groupstudy.com
> Subject: RE: Routing
>
> I must be missing something here Austin?! 192.168.0.0 cannot be a /8.
> Technically the network address would be just 192.0.0.0 but the
> "private"
> address space of 192.168.0.0 falls w/in that block. Let me know if I
> missed
> something here or misunderstood you, thanks.
>
> -Monty
>
> "The point is that f you look carefully at the RFC, it specifies the
> address
> AND mask. Any bit shifting that alters the network prefix position
> towards
> the most significant direction, will render the route routable.
>
> 192.168.x.x is Internet routable when the mask is 255.0.0.0 that is the
> whole thinking behind CDR. Makes hitherto illegal addresses useable in a
> way."
>
> -----Original Message-----
> From: austin.alao@bt.com [mailto:austin.alao@bt.com]
> Sent: Tuesday, August 07, 2001 9:23 AM
> To: andrew.2.shore@bt.com; Leonard_Ong@iname.com; ccielab@groupstudy.com
> Subject: RE: Routing
>
> Thought I had answered the question 2 hours ago only to find out I
> forgot
> to click "send".
>
> Anyhow here goes again:
>
> When dealing with protocols like BGP and OSPF an address means nothing
> without its mask.
>
> With CIDR which you are seeing in action here, 172.16.3.1 is not
> routable
> when the mask is /16. Move it to anything less and it is a valid
> Internet
> address.
>
> The point is that f you look carefully at the RFC, it specifies the
> address
> AND mask. Any bit shifting that alters the network prefix position
> towards
> the most significant direction, will render the route routable.
>
> 192.168.x.x is Internet routable when the mask is 255.0.0.0 that is the
> whole thinking behind CDR. Makes hitherto illegal addresses useable in a
> way.
>
> Trace and ping are limited network routing testing tools. And are more
> suitable and yet nor perfect for reachability testing for this exact
> reason
> that you cannot specify a prefix length.
>
> Until we now what the masks are on those routers we cannot tell if the
> address space is routable or not.
>
> 172.x.x.x /8 s a valid Internet address.
>
> Believe me people the first email was more elegant than this.
>
> Cheers
>
> Austin Alao,
> 01442 431 247 / 07764 356 424
> "The significant problems we face cannot be solved at the same level of
> thinking we were at when we created them."
> -Albert Einstein.
>
> -----Original Message-----
> From: Shore,A,Andrew,IWO SHOREA2 C
> Sent: 06 August 2001 07:46
> To: Leonard_Ong@iname.com; ccielab@groupstudy.com
> Subject: RE: Routing
>
> In many data centres ISPs use privately addressed transit networks which
> are
> not publicly accessible unless you are going through it i.e.
>
> R1- 201.234.93.3 ----> R2 156.3.6.77 ----> R3 172.16.3.1 ----> R4
> 76.4.56.3
> www ISP outside int ISP internal net ISP
> public
> server network
>
> The 172 network is only used internally to the data centre.
>
> Try tracing to the 172 network and you can't ! as routes to it are only
> know
> by R2
>
> hope this makes sense.
>
> Andrew Shore. CCNP+Security, MCSE, CCP, BSc
> Network Consultant
> Internetworking Solutions Limited
>
> -----Original Message-----
> From: Leonard @ iname.com [mailto:Leonard_Ong@iname.com]
> Sent: 06 August 2001 14:20
> To: ccielab@groupstudy.com
> Subject: Routing
>
> Hello Guys,
>
> I found some traceroute that really bothers me and I don't know the
> answer. Would you kindly explain it to me ?
>
> traceroute from access.net.id to 202.156.227.140
>
> 1 202.180.0.4 (202.180.0.4) 2.502 ms 2.017 ms 1.641 ms
> 2 202.155.7.25 (202.155.7.25) 91.019 ms 28.084 ms 30.019 ms
> 3 202.155.7.85 (202.155.7.85) 55.545 ms 59.557 ms 23.195 ms
> 4 202.155.7.246 (202.155.7.246) 62.904 ms 25.812 ms 68.068 ms
> 5 500.POS1-2.IG2.SAC1.ALTER.NET (157.130.193.221) 210.419 ms
> 210.405
> ms 305.777 ms
> 6 0.so-0-0-0.XR2.SAC1.ALTER.NET (152.63.54.118) 240.747 ms 208.259
> ms 216.579 ms
> 7 0.so-0-0-0.TR2.SAC1.ALTER.NET (152.63.3.197) 247.044 ms 217.252
> ms 253.461 ms
> 8 127.ATM5-0.IR2.SAC1.ALTER.NET (152.63.11.113) 209.069 ms 226.315
> ms 208.555 ms
> 9 POS3-0.IR2.SAC2.ALTER.NET (137.39.31.209) 204.193 ms 209.688
> ms 265.266 ms
> 10 210.80.49.230 (210.80.49.230) 441.732 ms
> 335.ATM5-0-0.TR2.SIN1.ALTER.NET (210.80.51.142) 514.855 ms
> 435.ATM5-0-0.TR2.SIN1.ALTER.NET (210.80.51.134) 526.292 ms
> 11 POS1-0-0.XR2.SIN1.Alter.Net (210.80.48.62) 456.046 ms 473.853
> ms 472.113 ms
> 12 312.ATM3-0-0.GW2.SIN1.Alter.Net (210.80.2.202) 451.268 ms 458.89
> ms 434.287 ms
> 13 scv-gw-33.customer.alter.net (202.95.97.14) 544.822 ms 450.079
> ms 460.404 ms
> 14 172.20.6.11 (172.20.6.11) 466.566 ms 516.396 ms 464.313 ms
> 15 172.20.2.15 (172.20.2.15) 458.438 ms 464.12 ms 446.679 ms
> 16 172.20.15.2 (172.20.15.2) 465.278 ms 476.811 ms 570.675 ms
> 17 mcns140.docsis227.singa.pore.net (202.156.227.140) 493.695 ms
> 494.196
> ms 525.214 ms
>
> If you check the entry 14-16 it is private address which is supposedly
> not
> routeable... and it goes at entry 17 to end-host of this ISP/cable...
> which
> is routeable address... Any idea ?
>
> Thanks
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:47 GMT-3