The 69/8 Networking Problem

← Back to Stories (view on slashdot.org)

Posted by ryuzaki0 on Monday April 14, 2003 @01:26PM from the modular-arithmetic dept.

jaredmauch writes "A number of networking providers who receive address space from ARIN have been having problems with their recent IP space allocations. This is a result of outdated filters that applied a few years ago during the boom time of the net, but have not been updated to reflect the current state of the network. Here is a paper that documents some of the problems this filtering is causing providers."

11 of 182 comments (clear)

Min score:

Reason:

Sort:

Devalued IP Space? by numbski · 2003-04-14 13:28 · Score: 4, Insightful

I'm just looking over this, since I'm looking to purchase some IP's from my upstream provider. It seems to be that these IP's are somewhat devalued since areas of the net have blacklisted them.

Sort of like a tarnished credit record I guess. This IP's won't be of the greatest value for a few years until the rest of the net catches up.

The IP's would be for home broadband use too. I'll be personally avoiding that IP range. :(

--
Karma: Chameleon (mostly due to the fact that you come and go).
1. Re:Devalued IP Space? by Binestar · 2003-04-14 14:24 · Score: 2, Insightful
  
  You can get your own IPs directly from ARIN. But I guess others know that too because you were modded to 5 when I started writing this post, and when I posted it you were back to 4. There really needs to be a "-1 incorrect information" moderation.
  
  --
  Do you Gentoo!?
Could someone explain this by Billly+Gates · 2003-04-14 13:41 · Score: 1, Insightful

Why were they filtered out in the first place? It doesn't make sense and I believe the press was talking about running out of IP addresses on the internet back in the late 1990's. If anything more addresses are now available as .coms fade away.

--
http://saveie6.com/
1. Re:Could someone explain this by Pharmboy · 2003-04-14 14:12 · Score: 4, Insightful
  
  Your raise a really good point. Also consider most major companies have cut IT staff to reduce costs, and most IT professionals have tolorated it because there are less jobs, meaning fewer people doing more work (and more burnout). I can easily see the lists not getting updated because "if it aint broke, dont fix it" mentality. Many ITs simply have plenty of other stuff to do, and if their company isn't hitting anything on 69/8 or vise versa, then it wont get fixed.
  
  Good upkeep? Maybe not. Best some can do under the circumstances? Probably. I have enough hell just keeping up with the relatively small amount of shit I have to keep up with, so I can sympathise.
  
  --
  Tequila: It's not just for breakfast anymore!
This is a marketing issue by southpolesammy · 2003-04-14 13:45 · Score: 4, Insightful

While the 69/8 netblock has been long known to be reserved, and has been subsequently been "used" by script kiddies and the like for DoS attacks, then if ARIN has decided to open that netblock for sale, then it is up to them to notify and market the netblock as no longer being reserved. Pretty simple actually. This is a case where a non-technical solution is ideal to address what has been a technical problem.

If ARIN isn't doing that, then shame on them. If they are doing that, and we're just ignorant of it, them shame on us.

--
Rule #1 -- Politics always trumps technology.
1. Re:This is a marketing issue by marvinglenn · 2003-04-14 17:25 · Score: 2, Insightful
  
  While the 69/8 netblock has been long known to be reserved, and has been subsequently been "used" by script kiddies and the like for DoS attacks...
  
  Part of the blame belongs to the ISPs which let IP packets source from their network that should have been obvious (to the ISP) were forged. Specifically, letting packets out to the upstream with an address forged into the source IP that is obviously not on their network.
  
  Because of the sloppiness, apathy, or ignorance of such ISPs, it's only natural that other ISPs would protect their incoming links to packets that were certainly forged (at the time).
  
  --
  The whores get mad when the sluts give it away for free.
Re:Not surprising by gclef · 2003-04-14 13:45 · Score: 4, Insightful

ARIN did notify the public. ARIN, RIPE, APNIC, etc are often announcing allocations to groups like NANOG. I don't see how much louder they could be. If you're filtering based on their reserved lists, it's your responsibility to keep up with their allocation updates.

The problem is not the allocator's fault...at least, not directly. The problem is that lots of folks put in filters based on the bogon list at the time of their firewall/soho router install, and promptly forget about the fact that those filters should change (or, more likely, the consultant left).

There's nothing that ARIN, IANA or anyone else can do to enforce clue at the edge of a network. Hence the problem. If you're not prepared to keep up with groups like NANOG, don't filter unallocated space.
Love those dusty old filters... by PZona · 2003-04-14 13:45 · Score: 5, Insightful

I sometimes wonder, given all the tech layoffs in the last two years, if half the 'net was left running on autopilot. Keeping the filters up to date with current practices would be a lot more likely if there was an adequate number of admins left to man the guns.
Re:Roll on IPv6 by rusty0101 · 2003-04-14 14:10 · Score: 5, Insightful

What new equipment does not support IPv6?

BSD, Linux, MacOS X, and Windows XP, all have support for IPv6 in their network stack. Current Cisco IOS supports IPv6.

There are some applications that go too far into the network stack to properly support IPv6, but those are applications.

The main stumbling block to IPv6 that I see right now is that very few network people in the US know how to use it. Outside of the US, both in Europe and Asia, IPv6 is being deployed fairly widely, as they do not have the IPv4 address space availabable and allocated to make use of it except in servers and routers.

As there are several gateways available, to allow IPv6 clients to access IPv4 servers, I suspect that the demand upone US providers to start supporting IPv6 devices is going to be long in comming.

With 10 devices in my house that support IP, (live at the moment, several others not currently powered up) I would exceed the available IP addresses my ISP account allows. As a result I am effectively forced to use NAT and private IP address space, even if my ISP would rather I did not. On top of that I don't want to keep a bunch of systems widely available to script kiddies. IPv6 would not solve that problem.

Then again, that's probably just all opinion on my part.

-Rusty

--
You never know...
Re:Roll on IPv6 by Cato · 2003-04-14 21:40 · Score: 2, Insightful

Even my phone supports IPv6 - it's a Symbian 7.0 smartphone, the SonyEricsson P800, and is widely available in Europe and Asia. See http://www.sonyericsson.com/ for details.

However, Cisco routers deployed in networks today typically run IOS versions that are pre-IPv6 and the IPv6 IOSes are somewhat less stable than the preferred 'S' train (the 12.2T train is the place for IPv6 at present) and upgrading a whole network is a fairly large undertaking even though it can be done step by step.

Upgrades will happen incrementally - once European/Asian companies start requiring IPv6, they'll request this of their US ISPs. However, probably the biggest driver is wireless (3G in UMTS R5 in a few years) followed by broadband and home networking, so this may be something that consumer goods manufacturers will get together to drive adoption.
Re:Roll on IPv6 by silas_moeckel · 2003-04-15 00:22 · Score: 2, Insightful

This is true but not supporting multicast means you cant call it IPv6. I say this because if you did sign people up for this new IPv6 option or whatever and dont support multicast to all your IPv6 peers then your could be sued as all your supporting is IPv6 numbering and that would be deceptive advertising.

--
No sir I dont like it.