"Bogus" IP Addresses
Bob Simon
dozen companies, each of which has many remote offices. We are planning to
implement IP routing soon and have decided to go with fixed subnet masking
of 255.255.255.0 for now.
I am concerned that poor planning on our part will cause us to use up all
our subnets in the near future, and that implementing frame relay will
accelerate this process. Our router vendor does not yet support OSPF and
variable-length subnets. However, one of this vendor's IP experts stated
that most of the users in our networks do not need Internet access and
therefore can be allocated "bogus" or "made-up" IP addresses. For the
purpose of this thread, lets assume that the assertion that many users do
not require Internet access is correct.
Please tell me about this "bogus" IP address assignment. How does it work?
What kind of subnet mask is used to route between the real class B subnets
and the bogus subnets?
Bob Niedergerke
>variable-length subnets. However, one of this vendor's IP experts stated
>that most of the users in our networks do not need Internet access and
>therefore can be allocated "bogus" or "made-up" IP addresses. For the
>purpose of this thread, lets assume that the assertion that many users do
>not require Internet access is correct.
>
>Please tell me about this "bogus" IP address assignment. How does it work?
>What kind of subnet mask is used to route between the real class B subnets
>and the bogus subnets?
There is nothing magical about IP addresses. If you were not connected to
the Internet in any way, then you could number your subnets at whim. There
is an RFC that describes several address ranges that are never given out by
those who administer the Internet IP address space. Thus, these addresses
should never appear on the Internet (some Internet routers are probably set
up to ignore them completely).
I don't remember the RFC number offhand, sorry. But one of the nets is
10.0.0.0 - 10.255.255.255, so you could take that one and subnet it to death.
You will need to have some smarts in your hosts (or more likely your routers,
then have your hosts run routed -q) so they know that anything in the 10.*
network needs to be routed a certain way. The set up of the 10.* network is
completely up to you, but your router hierarchy will dictate what sort of
subnetting you need to do there.
Hope this helps. Cheers,
bobn
--
----------------------------------------------------------------------------
Bob Niedergerke "For we brought nothing into this world,
bo...@cybernetics.net and it is certain we can carry nothing out"
Tony Rall
RFC1597, "Address Allocation for Private Internets", describes how certain
network addresses will not be routed through the Internet. You can use
these addresses in your own net as long as these machines don't need to
be addressed from the Internet.
This is feasible if:
1. The network will not be connected to the Internet.
2. The network will be connected via a gateway that masks the real IP
addresses of the machines on your side of it.
IBM, for example, basically uses the second option. Only a small
number of systems (the gateways) are directly addressable on the
Internet (and thus need regular IP addresses - for a smaller company,
a single class C will take care of this). The bulk of the systems, if
they can get to the Internet at all, go through a socks gateway. Only
the Internet addresses of the various socks machines appear on the
Internet.
What this means is that instead of IBM getting assigned a class A
network, numerous class B networks, and many class C networks (all of
which it has), it could have used private addresses for almost all
machines and a small number of class C nets for the few machines that
are really on the Internet. Unfortunately the use of real addresses
within the company is so well established, it would be extremely
painful to use this address-conserving concept.
(I will make another post, with a different subject, about using
variable length subnet masks with RIP - it is possible).
--
Tony Rall tr...@almaden.ibm.com
Bob Simon
>This is feasible if:
>
>1. The network will not be connected to the Internet.
indirectly connected to everything else, including the Internet gateway. Does
this rule out the use of bogus addresses?
>2. The network will be connected via a gateway that masks the real IP
> addresses of the machines on your side of it.
>(I will make another post, with a different subject, about using
>variable length subnet masks with RIP - it is possible).
subnet masks must be the same. If I could do variable-length subnet masking,
then all our problems related to running out of addresses would go away.
Tony Rall
>dozen companies, each of which has many remote offices. We are planning to
>implement IP routing soon and have decided to go with fixed subnet masking
>of 255.255.255.0 for now.
>
>I am concerned that poor planning on our part will cause us to use up all
>our subnets in the near future, and that implementing frame relay will
>accelerate this process. Our router vendor does not yet support OSPF and
>variable-length subnets.
I think it is a common misconception that you cannot use variable
length subnet masks with RIP.
While it's true that RIP packets do not include mask information,
situations where some number of more highly subnetted nets are
connected via routers to some number of less subnetted nets will work
just fine. Ambiguity should arise only if the 2 groups are not fully
partitioned.
However, a complete description of what works and what won't will have
to come from someone that has a better understanding of set and
topology theory (and also, how routers construct their RIP packets).
I do know that our local net has at least 3 different subnet masks,
has a dozen or so routers using RIP, and no problems caused by this.
Even when a router fails, the setup works, and the backup path (if
there is one) is used.
We support both frame relay and ppp/slip without burning up too
many addresses by taking advantage of VLSM.
--
Tony Rall tr...@almaden.ibm.com
Carl Jolley
was refering to RFC 1597 addresses. The straight forward way to
allow "bogus" IP addresses to interconnect to "real" IP addresses is
to use a proxy-based firewall or an IP translator address. The main
trick is that the bogus addresses are never routed over the internet.
Instead a piece of software and/or hardware extablishes a connection
point between the "bogus" addresses on the "inside" and maps them
to real IP addresses on the Internet. While an "bogus" address would,
in theory work in this manner. If the internal addresses were actually
someone else's real registered addresses, it might cause some difficulty
in handling messages between hosts using the real IP address and those
on your internal address also using the same addresses. The benefit of
the RFC 1597 addresses (a Class A, a group of Class B's and also a
group of Class C's) is that they are not supposed to be used by anyone
for real IP addresses. Router manufacturers who support RFC 1597 will
not allow packets out on to the Internet if they are any of the RFC 1597
addresses.
Bob Simon (bsi...@delphi.com) wrote:
: My corporation has a class B address. The corporation is made up of a
--
**** cjo...@iac.net <Carl Jolley>
**** All opinions are my own and not necessarily those of my employer ****
Doug Hughes
While it's certainly possible, I strongly recommend AGAINST this..
We had a sparc 10 on our class B (subnet 255.255.255) which had
2 quad 10-T cards routing to 8 lans of PCS running PCNFS.. the
10 was running routed and advertising the routes to these PCs.
Stay with me, this gets tricky.
All of the PCS are on what looks like 1 of the subnets to the
rest of our class B (131.204.124.0), but they are netmasked
with FF.FF.FF.E0 subnet mask on each of the quad ports.
The upshot is that routed went a little nutzo. It advertised everything
it received from the cisco, plus those 8 networks every 30 seconds
or more. There were also poison reverses from the cisco to counteract
the advertising of everything else. It was a bit of a routing mess,
though packets eventually got through okay.
Gated won't work either, it explicitly disallowed variable subnet
masks. At best case, it was performing like routed, broadcasting
what it was hearing. At worst case (trying to broadcast static
addresses to the smaller subnets) it was not working at all, and
the outside world eventually lost its route to these 8 nets.
I ended up writing a daemon that sounds out a RIP advertisement
every 30 seconds that has the route to these 8 subnets as if it
were one of the regularly masked subnets (advertising a single
route to 131.204.124.0). It works fine.
routed doesn't like variable subnet masks using rip. gated doesn't
like them either. I don't think the cisco was very fond of them
either.
Just say no..
PS, we'll be attempting an OSPF migration after some planning, fact-finding,
scheming, and decision making.
--
____________________________________________________________________________
Doug Hughes Engineering Network Services
System/Net Admin Auburn University
do...@eng.auburn.edu
"Real programmers use cat > file.as"
Alistair Bell
> routed doesn't like variable subnet masks using rip. gated doesn't
> like them either. I don't think the cisco was very fond of them
> either.
>
> Just say no..
>
> PS, we'll be attempting an OSPF migration after some planning, fact-finding,
> scheming, and decision making.
This is a genuine question...
Given that people don't much like RIP-1, is there a good reason that they
usually seem to move to OSPF rather than RIP-2? Is there something horrible
about RIP-2 that I've missed?
--
Alistair Bell, Brown's Operating System Services, London. Disclaimers as usual.
alis...@browns.co.uk (home: alis...@ichthya.demon.co.uk)
#include <random.quote>
Tom Fitzgerald
> Given that people don't much like RIP-1, is there a good reason that they
> usually seem to move to OSPF rather than RIP-2? Is there something horrible
> about RIP-2 that I've missed?
Nobody supports it.... The only router-type things I know of that have
RIP-2 support are gated 3.5a9 and the Xylogics terminal server. Cisco
folks, in particular, dislike RIP-2, and it's hard to run any routing
protocol that Cisco doesn't support.
Actually, OSPF's main competitor seems to be IS-IS.
(If anyone knows of any other RIP-2 capable products, I'd be grateful for
the info, I'm trying to put together a list of routing protocols and the
products that support them.)
--
Tom Fitzgerald 1-508-967-5278 Wang Labs, Lowell MA, USA fi...@wang.com
pkva...@vnet.ibm.com
(If anyone knows of any other RIP-2 capable products, I'd be grateful for
>the info, I'm trying to put together a list of routing protocols and the
>products that support them.)
>
>--
>Tom Fitzgerald 1-508-967-5278 Wang Labs, Lowell MA, USA fi...@wang.com
IBM supports RIP-2 in the 6611 Multiprotocol Router. There is still a limitation when
export subnets to RIP-2. This due to gated.
Doug Hughes
It's a support issue. Currently there are more router vendors supporting
OSPF than RIP-2. Our Cisco's have older microcode (not the latest version).
This is all IMHO.
There was a great table in a recent comm week that described which router
vendors support which protocol. OSPF was pretty much omnipresent after RIP.
I don't remember which issue.. but it was in the last 5.