IETF Logo Mail Archive

Re: A Splendid Example Of A Renumbering Disaster

Paul Wouters <paul@nohats.ca> Sat, 24 November 2012 16:36 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CA0B21F8508 for <ietf@ietfa.amsl.com>; Sat, 24 Nov 2012 08:36:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H4rCtENjTvzP for <ietf@ietfa.amsl.com>; Sat, 24 Nov 2012 08:36:54 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by ietfa.amsl.com (Postfix) with ESMTP id D2A1C21F84CE for <ietf@ietf.org>; Sat, 24 Nov 2012 08:36:54 -0800 (PST)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 8C930804F3; Sat, 24 Nov 2012 11:36:07 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 813A1804EE; Sat, 24 Nov 2012 11:36:07 -0500 (EST)
Date: Sat, 24 Nov 2012 11:36:07 -0500
From: Paul Wouters <paul@nohats.ca>
To: Sabahattin Gucukoglu <listsebby@me.com>
Subject: Re: A Splendid Example Of A Renumbering Disaster
In-Reply-To: <54E43A43-A9F3-4803-BAB9-B06F4EB0CB19@me.com>
Message-ID: <alpine.LFD.2.02.1211241129320.2810@bofh.nohats.ca>
References: <54E43A43-A9F3-4803-BAB9-B06F4EB0CB19@me.com>
User-Agent: Alpine 2.02 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Mailman-Approved-At: Mon, 26 Nov 2012 08:23:54 -0800
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Nov 2012 16:36:55 -0000

On Sat, 24 Nov 2012, Sabahattin Gucukoglu wrote:

> http://b.logme.in/2012/11/07/changes-to-hamachi-on-november-19th/
>
> LogMeIn Hamachi is basically a NAT-traversing layer 2 VPN solution.  They avoided conflicts with RFC 1918 space by hijacking IPv4 space in 5/8, now actively being allocated by LIRs in Europe.  When that didn't work (see link above), they moved to 25/8, allocated to the UK MoD.  While I'm almost sure that they haven't got it quite so wrong this time, following the comments says that the idea was not only a very bad one to start with, it's cost a lot of people a lot of grief that IPv6 was clearly going to mitigate in renumbering.  Perhaps it is why they recommend it per default, if not for the number of applications that would be broken by it.

Both TMobile in the US, and Rogers/Fido in Canada use 25/8. Our IPsec
client per default only allows incoming NAT-T for ranges in RFC1918, due
to security reasons (you don't want them hijacking google's ip range). So
we actually had to add 25/8 to the white list a few years ago.

But, it would be nice to have an IPv4 range dedicated to VPN ranges, so
you can setup things like L2TP tunnels without fear of collision in the
RFC1918 space, although I guess technology has advanced enough to
implement proper segmentation and workarounds for this these days.

Paul

v2.23.0 | Report a Bug | By Email