nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The Department of Work and Pensions, UK has an entire /8

From: Stephen Sprunk <stephen () sprunk org>
Date: Fri, 21 Sep 2012 15:21:01 -0500
On 20-Sep-12 20:51, George Herbert wrote:

On Thu, Sep 20, 2012 at 5:13 PM, Stephen Sprunk <stephen () sprunk org>
wrote:

Actually, they're not any different, aside from scale. Some
private internets have hundreds to thousands of participants, and
they often use obscure protocols on obscure systems that were
killed off by their vendors (if the vendors even exist anymore) a
decade or more ago, and no source code or upgrade path is
available.

The "enterprise" networking world is just as ugly as, if not
uglier than, the consumer one.


I haven't worked much on the commercial private internets, but I did
work for someone who connected on the back end into numerous telco
cellphone IP data networks.

For all of those who argue that these applications should use 1918
space, I give you those networks, where at one point I counted
literally 8 different 10.200.x/16 nets I could talk to at different
partners (scarily enough, 2 of those were "the same company"...).
And hundreds and hundreds of other space conflicts.


That's all?  I consulted for one customer that had several (six? 
eight?) instances of 10/8 within their own enterprise, simply because
they needed that many addresses.  That doesn't include the dozens of
legacy /16s they used in their data centers--plus the hundreds of legacy
/24s they used in double-sided NAT configurations between them and
various business partners, COINs, etc.

Yet all that was exposed to the consumer internet was a couple of /24s
for their web servers, email servers and VPN concentrators.


Yes, you can NAT all of that, but if you get network issues where
you need to know the phone end address and do end to end debugging
on stuff, there are no curse words strong enough in the English
language.


That's the truth.  To get from a credit card terminal to the bank
involved _at least_ three layers of NAT on our side, and I don't know
how many layers of NAT there were in total on the bank's side, but it
was at least two.

S

-- 
Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Previous By Date Next
Previous By Thread Next

Current thread: