North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IANA reserved Address Space

  • From: bmanning
  • Date: Fri May 30 10:39:44 2003

> This lab *could* be filled with millions of hosts (real/simulated)
> and thousands of networks (real/simulated). This lab is

	yup. built several of those over the years. last simulated
	network had 100,000 networks, ASNs et.al.

	(built it all inside a single host!)

> 1) create manageable and quickly adaptable firewall rulesets
> 2) create an IP plan that will lend itself to quick human parsing
>    both in routing tables and router/firewall logs
> 3) consider that the lab will likely have machines that require
>    patching/updates, etc from the real internet. 

	if this is supposed to represent realworld, 
	then use realworld numbers.  design your lab so that
	patches/updates go to staging platforms and then
	pull into your lab from those - no direct network
	connections.

> Imagine you want to create an environment for experiments. 
> You want to reduce complexity as much as possible and create
> a scenario where feedback of a test is quick...doesnt require
> much memorization of what is what and that allows you to suddenly
> stop and rerun tests. Rapidly. Think of access lists,route tables,
>  firewall rulesets and logs.  If you're running tests do you want too
> see results such as 192.168.22.0, 172.16.89.22, 10.129.20.222,
> 10.12.22.2?  Wouldnt it be easier if your test results looked
> like this:  1.10.1.1, 10.10.1.1, 100.10.1.1, 1.1.1.1, 10.1.1.1,
> 100.1.1.1, etc?  


	perhaps I am unique, but I suffer from dyslexia. 
	1.1.10.0.1.1.0.0.0.0.1.1.1.11.0  looks way too much
	like binary to me.  Much easier for machine parsing.
	Humans that I have worked with tend to discriminate
	easier on differing patterns.

> 
> Thanks....I really appreciate everyone's feedback on this. 
> 
> 
> -----Original Message-----
> From: Murphy, Brennan 
> Sent: Friday, May 30, 2003 9:21 AM
> To: [email protected]
> Subject: RE: IANA reserved Address Space
> 
> 
> 
> OK, I see now that down the road using
> a 1 and 100 net address on the lab would
> create unmanageable problems if those nets
> were ever put into use on the internet...
> something NAT couldnt fix. And the
> responses saying use 1918 space point out
> the potential problems were this lab ever
> to  leak out an advertisement on to the
> internet, etc.... all advice I appreciate
> people have taken the time to offer. 
> 
> But not to be a pest but what are the odds
> the IANA would ever allocate the 1 and 100
> nets to someone? Is this an unpredictable
> matter or is there a schedule of what's
> next somewhere? Or which is more likely, the
> world adopts IP v6 or the 1 and 100 nets
> are deployed on the internet? :-) It is
> apparent that I really want to use these
> address ranges but I do need to grapple
> with the possibility that this lab will
> need internet connectivity at some point. 
> 
> -----Original Message-----
> From: Murphy, Brennan 
> Sent: Friday, May 30, 2003 8:49 AM
> To: [email protected]
> Subject: RE: IANA reserved Address Space
> 
> 
> 
> Others have pointed out that I should stick to
> RFC 1918 address space. But again, this is a
> lab network and to use the words of another,
> one of the things I want to do is make it much
> easier to "parse visually" my route tables.
> Think of it as a "metric system" type of numbering
> plan.  The 1 and 100 nets would not be advertised
> via BGP obviously...not a hijack situation at all.
> 
> If I take into account the possibility that this
> lab will have later requirements to connect to
> the internet, all I have to do is have a NAT plan
> in place...one that even takes into account that
> the 1 and 100 nets could become available some
> day, correct?
> 
> Thanks to those who have responded so far.
> 
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] 
> Sent: Friday, May 30, 2003 8:08 AM
> To: Murphy, Brennan
> Cc: [email protected]
> Subject: Re: IANA reserved Address Space
> 
> 
> 
> networks 1 and 100 are reserved for future delegation.
> network 10 is delegated for private networks, such as your
> lab.
> 
> if you use networks 1 and 100, you are hijacking these
> numbers.  
> 
> that said, as long as your lab is never going to connect
> to the Internet,  you may want to consider using the following
> prefixes:
> 
> 4.0.0.0/8
> 38.0.0.0/8
> 127.0.0.0/8
> 192.0.0.0/8
> 
> 
> 
> > 
> > 
> > I'm tasked with coming up with an IP plan for an very large lab 
> > network. I want to maximize route table manageability and 
> > router/firewall log readability. I was thinking of building this lab 
> > with the following address space:
> > 
> > 1.0.0.0 /8
> > 10.0.0.0 /8
> > 100.0.0.0 /8
> > 
> > I need 3 distinct zones which is why I wanted to separate them out. In
> 
> > any case, I was wondering about the status of the 1 /8 and the 100 /8 
> > networks. What does it mean that they are IANA reserved? Reserved for 
> > what? http://www.iana.org/assignments/ipv4-address-space
> > 
> > Anyone else ever use IANA reserved address spacing for
> > lab networks? Is there anything special I need to know?
> > I'm under the impression that as long as I stay away
> > from special use address space, I've got no worries. 
> > http://www.rfc-editor.org/rfc/rfc3330.txt
> > 
> > Thanks,
> > BM
> > 
>