IP connectivity between AARNet and the MILnet
Geoff Huston
in the near future (11 March). If there are specific requirements for
IP connectivity from Australian net numbers to the MILnet please email
me with the details and I will try to get connectivity restored for the
network in question.
Geoff Huston
AARNet
------------------
MILnet message follows:
Date: 6 Mar 92 08:57:00 EST
From: "morris, dennis" <MOR...@imo-uvax6.dca.mil>
Subject: MILNET Filtered Routes
To: FEPG <FE...@NRI.Reston.VA.US>
D E F E N S E I N F O R M A T I O N S Y S T E M S A G E N C Y
Date: 06-Mar-1992 08:56 EST
From: Dennis Morris
MORRISD
Dept: DNSO/DRFE
Tel No: (703) 487-3329
Subject: Restriction of Foreign Networks
FROM: Ted A. Tatchio
DATE: 6 Mar 1992
SUBJECT: Restriction of Foreign Networks from MILNET Core Gateways
Preparer: Ted A. Tatchio, Maj, USAF, 2-7580
1. Due to rapid addition of MILNET and NSFNET networks, MILNET is again
approaching the limit of the number of networks the Butterfly mailbridges can
advertise (3750). To manage this situation, DISA will restrict the advertising
of selected foreign commercial and foreign educational networks. This includes
the following networks:
128.134
128.184
128.250
129.78, 129.94, 129.96, 129.127, 129.180, 129.249, 129.254, 130.34, 130.54,
130.56, 130.69, 130.87, 130.95, 130.102, 130.116, 130.123, 130.130,
130.153, 130.155, 130.158, 130.194, 130.195, 130.216, 130.217, 130.220,
131.112, 131.113, 131.161, 131.170, 131.172, 131.181, 131.203, 131.206,
131.217, 131.236, 131.242, 131.244, 131.245,
132.181, 132,182, 132.186, 132.234,
133.1 thru 133.7, 133.9, 133.11, 133.12, 133.14, 133.15, 133.17-133.20, 133.24,
133.27, 133.30, 133.39, 133.40, 133.41, 133.45, 133.47-133.51, 133.56, 133.58,
133.61, 133.74, 133.75, 133.125, 133.137-133.139, 133.141, 133.143, 133.147,
133.152, 133.155, 133.156, 133.166, 133.181, 133.194, 133.196, 133.210, 133.229,
133.233, 133.235
134.7, 134.18, 134.75, 134.115, 134.148, 134.159, 134.160, 134.178,
136.153, 136.154, 136.169, 136.186, 136.187,
137.68, 137.76, 137.92, 137.109, 137.111, 137.147, 137.154, 137.157, 137.166,
137.219,
138.7, 138.19, 138.24, 138.25, 138.44, 138.71, 138.75, 138.77, 138.80, 138.194,
138.211,
139.59, 139.80, 139. 86, 139.130, 139.132, 139.230,
140.79, 140.143, 140.159, 140.200, 140.253,
141.120, 141.132, 141.223,
143.92, 143.96, 143.174, 143.188, 143.189, 143.216, 143.238, 143.248,
144.6, 144.53, 144.66, 144.97, 144.110, 144.205, 144.218,
146.116, 146.118, 146.144, 146.178, 146.196,
147.6
149.171,
150.101, 150.151, 150.203,
192.5.90,
192.6.149,
192.12.76,
192.16.180,
192.26.91, 192.26.232,
192.31.118, 192.31.197,
192.35.59, 192.35.248,
192.41.146, 192.41.192, 192.41.197, 192.41.203,
192.42.60, 192.42.161, 192.42.62, 192.42.151,
192.43.185, 192.43.186, 192.43.198, 192.43.207 thru 192.43.209, 192.43.226 thru
192.43.229, 192.43.239,
192.48.109, 192.48.110,
192.50.12, 192.50.17, 192.50.63, 192.50.188,
192.51.37, 192.51.48, 192.51.51,
192.52.185,
192.54.105, 192.54.106, 192.54.109, 192.54.130,
192.55.98, 192.55.99, 192.55.112, 192.55.190, 192.55.219,
192.67.12, 192.67.217,
192.68.132,
192.70.135, 192.70.174, 192.70.216,
192.73.12,
192.76.122,
192.77.17,
192.82.140, 192.82.161,
192.83.231, 192.83.238,
192.84.237, 192.84.238, 192.84.253,
192.86.12
These networks were selected from a master list provided by NSFNet. The only
criteria for selection was that they were foreign commercial or foreign
educational networks advertised by AS 372. These networks WILL NOT be
accessible from MILNET. If there are requirements to access these networks,
please contact the MILNET MC trouble desk, they will open a problem report and
coordinate this request with the MILNET Mgr. In these cases, DISA will need a
brief explanation of the requirement to approve the inclusion of individual
networks.
3. Additional networks may be eliminated if needed.
4. This message will be distributed as a procedural NCD as well as a DDN
Management bulletin within the next week. This process will begin on 11 Mar.
4. DISA POC is Maj Ted A. Tatchio, DNS 22-7580, com'l (703)692-7580.
e-mail: miln...@ddn-conus.ddn.mil.
TED A. TATCHIO, MAJ, USAF
MILNET Mgr
.
------- End of Forwarded Message
--
Geoff Huston, e-mail: G.Hu...@aarnet.edu.au
Manager, phone: +61 6 249 3542
Australian Academic Research Network fax: +61 6 249 1369
Nick Capon
> IP connectivity from AARNet to the MILnet will be effectively
> curtailed in the near future (11 March).
Does that in any way impact the availability of nic.ddn.mil? If so,
wails of anguish...
Nick Capon - ica...@registry.adelaide.edu.au
Fax (Australia) - 08 223 6437
Jonathan Dwyer
|> Nick Capon - ica...@registry.adelaide.edu.au
|> Fax (Australia) - 08 223 6437 writes:
|> In article <1992Mar9.0...@newshost.anu.edu.au>
|> gih...@cruskit.aarnet.edu.au (Geoff Huston) writes:
|> > IP connectivity from AARNet to the MILnet will be effectively
|> > curtailed in the near future (11 March).
|>
|> Does that in any way impact the availability of nic.ddn.mil? If so,
|> wails of anguish...
Ditto!! After using nic.ddn.mil to effectively and quickly
find email addresses I can only express a wish that this
service will continue to be accessible from AARNet.
_____AND____ it has enabled one person that I know of to
find _my_ email address, via "whois -h nic.ddn.mil jonathan"
and then "whois -h nic.ddn.mil !JD54"
______________________________________________________________
Jonathan Dwyer jona...@psych.psy.uq.oz.au FAX +617 365 4466
Peter Elford
|> In article <64...@sirius.ucs.adelaide.edu.au>
|> |> Nick Capon - ica...@registry.adelaide.edu.au
|> |> Fax (Australia) - 08 223 6437 writes:
|>
|> |> In article <1992Mar9.0...@newshost.anu.edu.au>
|> |> gih...@cruskit.aarnet.edu.au (Geoff Huston) writes:
|> |> > IP connectivity from AARNet to the MILnet will be effectively
|> |> > curtailed in the near future (11 March).
|> |>
|> |> Does that in any way impact the availability of nic.ddn.mil? If so,
|> |> wails of anguish...
|>
|> Ditto!! After using nic.ddn.mil to effectively and quickly
|> find email addresses I can only express a wish that this
|> service will continue to be accessible from AARNet.
|>
|> _____AND____ it has enabled one person that I know of to
|> find _my_ email address, via "whois -h nic.ddn.mil jonathan"
|> and then "whois -h nic.ddn.mil !JD54"
The short answer is "we don't know". The loing answer is that we are
making inquiries and when we know more we'll posting an item to this
group.
--
Peter Elford, e-mail: P.El...@aarnet.edu.au
Network Co-ordinator, phone: +61 6 249 3542
Australian Academic Research Network, fax: +61 6 247 3425
c/o, Computer Services Centre, pager: +61 6 245 3035
Australian National University post: PO Box 4
Canberra, AUSTRALIA Canberra 2601
Robert Elz
>|> In article <64...@sirius.ucs.adelaide.edu.au>
>|> |> Nick Capon - ica...@registry.adelaide.edu.au
>|>
>|> |> Does that in any way impact the availability of nic.ddn.mil? If so,
>|> |> wails of anguish...
>The short answer is "we don't know".
Really.... No, nic.ddn.mil won't be affected, the name ".mil" is unrelated
to the impact of this (stupid knee-jerk) decision, what is affected is hosts
connected to milnet (ie: routed through network 26). If you do a traceroute
to your favourite destination, and theroute passes through net 26 anywhere,
that's what will be affected. You'd probably know about it anyway, as routing
through milnet means horribly slow transit times - its close to unusable anyway.
After the NIC moved last Sept it was connected only to milnet, this decision
then would have cut it off, that was when it was close to impossible to connect
to them anyway - the fix for that was to connect nic.ddn.mil to nsfnet directly,
and that's the route packets now use - that can't possibly be altered by
filtering applied to routes at the gateways to milnet.
On the other hand, hosts not in the .mil domain might be affected, at least
once TWG.COM was on milnet, if they haven't moved to barrnet or something
else more sane, it migt be impossible to reach them. The same applies to
various other hosts.
Note: its not limited to net 26 addresses - but to anything that has to pass
through net 26 to reach its destination.
kre
Ian Hoyle
>The short answer is "we don't know". The loing answer is that we are
>making inquiries and when we know more we'll posting an item to this
>group.
I just received this from Milo Medin (NASA) who sheds some light on the
situation:
>Unless you talk to MILNET only connected sites, you shouldn't notice it.
>
>The NIC, root nameservers, etc... are all connected via non-Milnet paths.
>If you do talk to non-R&D defense people, you will lose connectivity. The
>biggest issue will probably be mailing lists at MILNET only sites, but
>they should be minimal.
>
>The hassle depends on who you talk to...
Clear now??? :-)
ian
--
: Ian Hoyle, Senior Research Scientist
: Image Analysis Group
/\/\ : BHP Research - Melbourne Laboratories
/ / /\ : 245 Wellington Rd, Mulgrave, 3170, AUSTRALIA
/ / / \ : Phone +61-3-560-7066
/ / / /\ \ : E-mail ia...@resmel.bhp.com.au
\ \/ / / / :
\ / / / : "Now I've got the bead on you with MY disintegrating gun.
\/\/\/ : And when it disintegrates, it disintegrates. (pulls trigger)
: Well, what you do know, it disintegrated."
: -- Duck Dodgers in the 24th and a half century
gih...@sao.aarnet.edu.au
It appears that we (AARNet) cannot request that a net be routed through the
MILnet. Only a MILnet person can issue that request.
This means that if you are directly affected by the MILnet's net filtering, by
all means contact us (aar...@aarnet.edu.au) in the first instance, and we will
see if there is a way around it, but if not, you will have to raise the issue
with your other party within the MILnet domain and request _them_ to request the
DDN NOC to route your net number within the MILnet.
clear now??? :-)
Geoff Huston
AARNet
Gregory N. Bond
Geoff> IP connectivity from AARNet to the MILnet will be effectively curtailed
Geoff> in the near future (11 March)
[...]
Geoff> 192.43.185, 192.43.186,
These are our network numbers, but we don't have any IP connectivity.
Is there some status that says "Has IP numbers assigned, but isn't yet
connected (and may never be)"? Would putting our numbers on this list
reduce the size of the various routing tables and thus do the whole
world a favour?
Greg, IP-poor.
--
Gregory Bond <g...@bby.oz.au> Burdett Buckeridge & Young Ltd Melbourne Australia
A man in search of historical babes.
gih...@sao.aarnet.edu.au
>>>>>> On 9 Mar 92 01:35:44 GMT, gih...@cruskit.aarnet.edu.au (Geoff Huston) said:
>
> Geoff> IP connectivity from AARNet to the MILnet will be effectively curtailed
> Geoff> in the near future (11 March)
> [...]
> Geoff> 192.43.185, 192.43.186,
>
> These are our network numbers, but we don't have any IP connectivity.
> Is there some status that says "Has IP numbers assigned, but isn't yet
> connected (and may never be)"? Would putting our numbers on this list
> reduce the size of the various routing tables and thus do the whole
> world a favour?
Its a reasonable bet that the DDN folks took the Internet assigned number
list and pulled out all net numbers assigned to non-US organisations,
and the edited the list for nets which were relevant to them. The
remainder, "connected status" or no "connected status" (whatever that
actually means these days is anyone's guess!), are as listed by the
DDN.
It would be the simplest way to get where they have got to.
Geoff
Peter Elford
The network numbers in the DDN list are those Australian Network numbers
that have "connected status". Connected status is required for a
network to allow it to be routed over the NSFnet and other US federal agency
networks. To get connected status you have to approach AARNet (which will
in turn approach someone else).
It only make sense to have connected status if you want to become
connected as an AARNet network affiliate (or throw an international
link to some other part of the Internet, in which case your someone
else's problem regarding connected status and I wish you the very best
of luck, because you will probably need it). Why these BBY numbers
have connected status is not clear. ARNet applies for connected status
for networks it considers likely network affliate members because the
process of getting connected status can take many weeks. I suspect
that is what happened here.
A complete list of known Australian IP network numbers which includes
status, connection point and type (AARNet member, CSIRO or affiliate)
can be found in the file netinfo/status on munnari.oz.au (or on
aarnet.edu.au in pub/netinfo/status).
Peter Elford, e-mail: P.El...@aarnet.edu.au
Network Co-ordinator, phone: +61 6 249 3542
Australian Academic Research Network, fax: +61 6 249 1369
j...@dstos3.dsto.oz.au
>> curtailed in the near future (11 March).
>
> Does that in any way impact the availability of nic.ddn.mil? If so,
> wails of anguish...
According to an item I saw from Peter Elford, the NIC is accessible from (ie
directly connected to) another network so it won't be cut off.
Regards,
John Bennett, E-mail : j...@dstos3.dsto.oz.au
Head, Networks Group Phone : +61 8 259 5292
Information Systems Branch FAX : +61 8 259 5537
DEFENCE SCIENCE AND TECHNOLOGY ORGANISATION Postal : Bld 73 Labs Area
AUSTRALIA PO Box 1600 Salisbury
"Lord Warden of the Sync Ports" South Australia 5108
(DSTO Network Manager) AUSTRALIA
j...@dstos3.dsto.oz.au
>
> Really.... No, nic.ddn.mil won't be affected, the name ".mil" is unrelated
> to the impact of this (stupid knee-jerk) decision, what is affected is hosts
> kre
I can't help wondering if its a coincidence, and would there be any
improvement to Milnet security by this move ? The areas cut off are perceived
as the source of hackerdom.
Darren Reed
>IP connectivity from AARNet to the MILnet will be effectively curtailed
>in the near future (11 March). If there are specific requirements for
>IP connectivity from Australian net numbers to the MILnet please email
>me with the details and I will try to get connectivity restored for the
>network in question.
[...]
Is there a prefered place to send mail through to get to MILnet or will
any site that is still connected be sufficient ?
After trying some sample mail, it seems that there arent any MX records
intercepting mail destined for hosts in MILnet.
eg:
% dig mx stl-03sima.army.mil.
; <<>> DiG 2.0 <<>> mx stl-03sima.army.mil.
;; ->>HEADER<<- opcode: QUERY , status: NXDOMAIN, id: 7
;; flags: qr aa rd ra ; Ques: 1, Ans: 0, Auth: 1, Addit: 0
;; QUESTIONS:
;; stl-03sima.army.mil, type = MX, class = IN
;; AUTHORITY RECORDS:
army.mil. 512172 SOA ns1.army.mil. postmaster.westpoint-emh2.army.mil. (
920311 ;serial
3600 ;refresh
300 ;retry
3600000 ;expire
518400 ) ;minim
;; Sent 8 pkts, answer found in time: 14532 msec sent 6 too many pkts
;; FROM: coombs to SERVER: default -- 130.56.4.1
;; WHEN: Tue Mar 17 01:38:27 1992
;; MSG SIZE sent: 37 rcvd: 111
Robert Elz
>% dig mx stl-03sima.army.mil.
>;; ->>HEADER<<- opcode: QUERY , status: NXDOMAIN, id: 7
If you get NXDOMAIN it really means it - this is completely unrelated
to routing, or milnet problems, or anything else - the name simply
doesn't exist.
kre
cho...@cc.curtin.edu.au
> gih...@cruskit.aarnet.edu.au (Geoff Huston) writes:
>
>>IP connectivity from AARNet to the MILnet will be effectively curtailed
>>in the near future (11 March). If there are specific requirements for
>>IP connectivity from Australian net numbers to the MILnet please email
>>me with the details and I will try to get connectivity restored for the
>>network in question.
> [...]
>
> Is there a prefered place to send mail through to get to MILnet or will
> any site that is still connected be sufficient ?
I have the same question - obviously people are writing to MILnet addresses
judging from the mail that has queued up here. Do we route it via some
other host in the US? Any suggestions?
Todd