Re: Using private APNIC range in US

[Daniel Senie <dts () senie com>]

On Mar 18, 2010, at 2:25 PM, Owen DeLong wrote:

> On Mar 18, 2010, at 9:34 AM, Fred Baker wrote:
>
> > Are they using them only within their domain(s), and ARIN addresses outside, or are they advertising them to their 
> > upstream(s) to be readvertised into the backbone?
> >
> > If they are using them internally and NAT'ing to the outside, they're not hurting themselves or anyone else. I would 
> > personally let them alone.
> Except you're missing a keyword on the "not hurting themselves" part of that... It's "YET".
>
> Once 1.0.0.0/8 starts getting used in the wild for legitimate sites, it means that this
> customer won't be able to reach the legitimate 1.0.0.0/8 sites from within their
> environment and it won't be immediately intuitive to debug the failures.

While the analysis above is correct, the original poster talked about the 1/8 addressing being used on web server farms 
with translation of incoming connections. Sounds like load balancers using 1/8 for the addresses behind them and on the 
servers that are providing the service.

As such, prospective users of the web site(s) provided by the outfit will not function for broadband users and such who 
get allocated addresses from 1/8.

Reality of course is that both are true, but in terms of "who gets hurt" the issue here may well be a large server farm 
that is inaccessible from consumer networks in places in Asia.

As you note, debugging this type of thing is often not intuitive, as everything appears to work from almost everywhere.

> > If they are advertising them outside, it adds a small prefix in the ARIN domain that doesn't get aggregated by the 
> > upstream. Among 300K such prefixes it is probably noise, but gently suggesting that they use something aggregatable 
> > into their upstream's allocation would help a little bit in that regard. What they are most likely hurting is 
> > themselves, really; a datagram sent to the address from an ISP outside themselves probably travels via Australia or 
> > an Australian ISP.
> The route announcement notwithstanding, they're using space that does not
> belong to them and will belong to someone else in the near future. If you
> think that is OK, please let me know what your addresses are so that I can
> start re-using them.

A scenario repeated many times over the years. In the 1990s, it was common to see leakage of the address blocks of 
vendors that were used in documentation for routers, workstations, etc., as people would look at examples in the 
manual, and use the exact IP addresses shown, not understanding the "go get your own addresses first" part of the 
process.

> Owen
>
> > On Mar 18, 2010, at 8:52 AM, Jaren Angerbauer wrote:
> >
> > > Hi all,
> > >
> > > I have a client here in the US, that I just discovered is using a host
> > > of private IPs that (as I understand) belong to APNIC (i.e.
> > > 1.7.154.70, 1.7.154.00-99, etc.) for their web servers.  I'm assuming
> > > that the addresses probably nat to a [US] public IP.  I'm not familiar
> > > enough with the use of private address space outside of ARIN (i.e.
> > > 192.0.0.0, 10.0.0.0, etc) but I figure if their sites are up and
> > > accessible it must be working for them.  I'm just wondering if there
> > > is any recommendation or practice around this -- using private IP
> > > ranges from another country.  Thanks.
> > >
> > > --Jaren
> >
> > http://www.ipinc.net/IPv4.GIF