IETF Logo Mail Archive

Re: A Splendid Example Of A Renumbering Disaster

Benson Schliesser <bensons@queuefull.net> Mon, 26 November 2012 17:12 UTC

Return-Path: <bensons@queuefull.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4E9821F84E1 for <ietf@ietfa.amsl.com>; Mon, 26 Nov 2012 09:12:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rUmPLcZFXdqt for <ietf@ietfa.amsl.com>; Mon, 26 Nov 2012 09:12:45 -0800 (PST)
Received: from mail-qa0-f44.google.com (mail-qa0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id 7AAFC21F870B for <ietf@ietf.org>; Mon, 26 Nov 2012 09:12:45 -0800 (PST)
Received: by mail-qa0-f44.google.com with SMTP id c4so3033062qae.10 for <ietf@ietf.org>; Mon, 26 Nov 2012 09:12:44 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:x-gm-message-state; bh=/TqGzWbnNm0TzrM7OZ7HOtArcODgYXIP65eqDG5cVIQ=; b=pWrtOk2KXVCtCdvZyzKUTfSLQyE+VMjG877w12Cp/X0C7FRkVO+tfO8iCqFG7RPtNj 1Gk/xB7U0F8GqltVwCWeI+F5w3FQ0aMxzaV77GYsNn+26BWxCQmma8c1h+ukuBlENMpJ +UkPD5DzJW8Mq6V9jR3X34BhCxKGHmNX86/zuYbnRadSYNjggsS7gt1ChRxTa/E7qXnj B00kZhLZYQzIVmxNrjXMYrcvVqpQEsTKgZnl3KEAhnRT1vzk/EUP1gNSN4k713h0Ifop 06v4XSMrDnh8X3tDYoN24saBp3z6HpsgOjQHv4UjmSa591BLpAMbJScaag8zUhu/ymFX 5GCA==
Received: by 10.49.13.202 with SMTP id j10mr14380360qec.27.1353949964511; Mon, 26 Nov 2012 09:12:44 -0800 (PST)
Received: from wasteland.local (westford-nat.juniper.net. [66.129.232.2]) by mx.google.com with ESMTPS id gg3sm7856105qeb.5.2012.11.26.09.12.43 (version=SSLv3 cipher=OTHER); Mon, 26 Nov 2012 09:12:44 -0800 (PST)
Message-ID: <50B3A30A.3000201@queuefull.net>
Date: Mon, 26 Nov 2012 12:12:42 -0500
From: Benson Schliesser <bensons@queuefull.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: "Andrew G. Malis" <agmalis@gmail.com>
Subject: Re: A Splendid Example Of A Renumbering Disaster
References: <54E43A43-A9F3-4803-BAB9-B06F4EB0CB19@me.com> <alpine.LFD.2.02.1211241129320.2810@bofh.nohats.ca> <CAA=duU3cuFPhii9d4Gab74N_cxzPALZP0K1ENVsyfrj7P+2AdA@mail.gmail.com>
In-Reply-To: <CAA=duU3cuFPhii9d4Gab74N_cxzPALZP0K1ENVsyfrj7P+2AdA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------060708000009070509060200"
X-Gm-Message-State: ALoCoQmRKiDvkYuquF6PCIwv6wM2V+R/1gowYNBwPthFmC+XTjkY32aLfyxoG1dBKzQfqIAXluPF
Cc: Paul Wouters <paul@nohats.ca>, IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2012 17:12:46 -0000

I expect to be flamed for suggesting it, but why not use the Shared 
Address Space for this purpose? (http://tools.ietf.org/html/rfc6598)

Cheers,
-Benson


On 11/26/12 11:52 AM, Andrew G. Malis wrote:
> As LogMein says, even with the TMobile and Rogers use, it's extremely 
> unlikely that their customers will need to communicate with any hosts 
> in 25/8. That said, I absolutely agree that an IPv4 range devoted to 
> VPNs would be great. I run a personal VPN to my home LAN, and I 
> specifically use different ranges of RFC 1918 space for the addresses 
> in my home and my VPN.
>
> Cheers,
> Andy
>
>
>
> On Sat, Nov 24, 2012 at 11:36 AM, Paul Wouters <paul@nohats.ca 
> <mailto:paul@nohats.ca>> wrote:
>
>     On Sat, 24 Nov 2012, Sabahattin Gucukoglu wrote:
>
>         http://b.logme.in/2012/11/07/changes-to-hamachi-on-november-19th/
>
>         LogMeIn Hamachi is basically a NAT-traversing layer 2 VPN
>         solution.  They avoided conflicts with RFC 1918 space by
>         hijacking IPv4 space in 5/8, now actively being allocated by
>         LIRs in Europe.  When that didn't work (see link above), they
>         moved to 25/8, allocated to the UK MoD.  While I'm almost sure
>         that they haven't got it quite so wrong this time, following
>         the comments says that the idea was not only a very bad one to
>         start with, it's cost a lot of people a lot of grief that IPv6
>         was clearly going to mitigate in renumbering.  Perhaps it is
>         why they recommend it per default, if not for the number of
>         applications that would be broken by it.
>
>
>     Both TMobile in the US, and Rogers/Fido in Canada use 25/8. Our IPsec
>     client per default only allows incoming NAT-T for ranges in
>     RFC1918, due
>     to security reasons (you don't want them hijacking google's ip
>     range). So
>     we actually had to add 25/8 to the white list a few years ago.
>
>     But, it would be nice to have an IPv4 range dedicated to VPN
>     ranges, so
>     you can setup things like L2TP tunnels without fear of collision
>     in the
>     RFC1918 space, although I guess technology has advanced enough to
>     implement proper segmentation and workarounds for this these days.
>
>     Paul
>
>

v2.23.0 | Report a Bug | By Email