Slashdot Mirror
The 69/8 Networking Problem
jaredmauch writes "A number of networking providers who receive address space from ARIN have been having problems with their recent IP space allocations. This is a result of outdated filters that applied a few years ago during the boom time of the net, but have not been updated to reflect the current state of the network. Here is a paper that documents some of the problems this filtering is causing providers."
I'm just looking over this, since I'm looking to purchase some IP's from my upstream provider. It seems to be that these IP's are somewhat devalued since areas of the net have blacklisted them.
:(
Sort of like a tarnished credit record I guess. This IP's won't be of the greatest value for a few years until the rest of the net catches up.
The IP's would be for home broadband use too. I'll be personally avoiding that IP range.
Karma: Chameleon (mostly due to the fact that you come and go).
While the 69/8 netblock has been long known to be reserved, and has been subsequently been "used" by script kiddies and the like for DoS attacks, then if ARIN has decided to open that netblock for sale, then it is up to them to notify and market the netblock as no longer being reserved. Pretty simple actually. This is a case where a non-technical solution is ideal to address what has been a technical problem.
If ARIN isn't doing that, then shame on them. If they are doing that, and we're just ignorant of it, them shame on us.
Rule #1 -- Politics always trumps technology.
ARIN did notify the public. ARIN, RIPE, APNIC, etc are often announcing allocations to groups like NANOG. I don't see how much louder they could be. If you're filtering based on their reserved lists, it's your responsibility to keep up with their allocation updates.
The problem is not the allocator's fault...at least, not directly. The problem is that lots of folks put in filters based on the bogon list at the time of their firewall/soho router install, and promptly forget about the fact that those filters should change (or, more likely, the consultant left).
There's nothing that ARIN, IANA or anyone else can do to enforce clue at the edge of a network. Hence the problem. If you're not prepared to keep up with groups like NANOG, don't filter unallocated space.
I sometimes wonder, given all the tech layoffs in the last two years, if half the 'net was left running on autopilot. Keeping the filters up to date with current practices would be a lot more likely if there was an adequate number of admins left to man the guns.
What new equipment does not support IPv6?
BSD, Linux, MacOS X, and Windows XP, all have support for IPv6 in their network stack. Current Cisco IOS supports IPv6.
There are some applications that go too far into the network stack to properly support IPv6, but those are applications.
The main stumbling block to IPv6 that I see right now is that very few network people in the US know how to use it. Outside of the US, both in Europe and Asia, IPv6 is being deployed fairly widely, as they do not have the IPv4 address space availabable and allocated to make use of it except in servers and routers.
As there are several gateways available, to allow IPv6 clients to access IPv4 servers, I suspect that the demand upone US providers to start supporting IPv6 devices is going to be long in comming.
With 10 devices in my house that support IP, (live at the moment, several others not currently powered up) I would exceed the available IP addresses my ISP account allows. As a result I am effectively forced to use NAT and private IP address space, even if my ISP would rather I did not. On top of that I don't want to keep a bunch of systems widely available to script kiddies. IPv6 would not solve that problem.
Then again, that's probably just all opinion on my part.
-Rusty
You never know...
Your raise a really good point. Also consider most major companies have cut IT staff to reduce costs, and most IT professionals have tolorated it because there are less jobs, meaning fewer people doing more work (and more burnout). I can easily see the lists not getting updated because "if it aint broke, dont fix it" mentality. Many ITs simply have plenty of other stuff to do, and if their company isn't hitting anything on 69/8 or vise versa, then it wont get fixed.
Good upkeep? Maybe not. Best some can do under the circumstances? Probably. I have enough hell just keeping up with the relatively small amount of shit I have to keep up with, so I can sympathise.
Tequila: It's not just for breakfast anymore!