North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [NANOG] US DoD receives chunked IPv6 /13 (14x /22 but nottotally consecutive)

  • From: Warren Kumari
  • Date: Fri May 16 14:42:06 2008

On May 16, 2008, at 2:15 PM, Robert D. Scott wrote:

> OH, You mean like putting a sniper in a bunch of trees. They know that
> tactic well.  :)

Yup -- http://www.youtube.com/watch?v=ltmMJntSfQI

W

>
>
> Robert D. Scott                 [email protected]
> Senior Network Engineer         352-273-0113 Phone
> CNS - Network Services          352-392-2061 CNS Receptionist
> University of Florida           352-392-9440 FAX
> Florida Lambda Rail             352-294-3571 FLR NOC
> Gainesville, FL  32611
>
>
> -----Original Message-----
> From: Dorn Hetzel [mailto:[email protected]]
> Sent: Friday, May 16, 2008 1:59 PM
> To: Jeroen Massar
> Cc: NANOG list
> Subject: Re: [NANOG] US DoD receives chunked IPv6 /13 (14x /22 but
> nottotally consecutive)
>
>
> Perhaps it is an attempt to make their address space so sparsely  
> populated
> that it's close to impossible to find a host without knowing it's  
> address in
> the first place?
>
> On Fri, May 16, 2008 at 1:09 PM, Jeroen Massar <[email protected]>  
> wrote:
>
>> Hi folks,
>>
>> As everybody is a big fan of securing their networks against foreign
>> attacks, be aware that the US DoD has been assigned 14 /22's, IPv6  
>> that
>> is, not IPv4, they all come from a single IPv6 /13 though, which is  
>> what
>> they apparently asked for in the beginning, at least that was the  
>> rumor,
>> well they got what they wanted.
>>
>> I've recorded it into GRH as a single /13 though, as that is what  
>> it is,
>> and I am not going to bother whois'ing and entering the 14 separate
>> entries there, as that is useless, especially as they will most  
>> likely
>> never appear in the global routing tables anyway.
>>
>> Depending on your love for the US, you might want to add special  
>> rules
>> in your network to be able to easily detect Cyber Attacks and other  
>> such
>> things towards that address space, to be able to better serve your
>> country, may that be the US or any other country for that matter.
>>
>> I am of course wondering why ARIN gave 1 organization 14 separate / 
>> 22's,
>> even though they are recorded exactly the same, just different  
>> prefixes
>> and netnames and it is effectively one huge /13. They could easily  
>> have
>> been recorded as that one /13, it is not like eg Canada (no other
>> countries that fall under ARIN now is there) will get a couple of the
>> chunks of remaining space in between there. By assigning them  
>> separate
>> /22's, they effectively are stating that it is good to fragment the
>> address space and by having them recorded in whois, also that  
>> announcing
>> more specifics from that /13 is just fine.
>>
>> The other fun question is of course what a single organization has  
>> to do
>> with (2^(48-13)=) 34.359.738.368, yes indeed, 34 billion /48's which
>> cover 2.251.799.813.685.248 /64's which is a number that I can't even
>> pronounce. According to Wikipedia the US only has a mere population  
>> of
>> 304,080,000, that means that every US citizen can get a 1000+ /48's  
>> from
>> their DoD, thus maybe every nuclear warhead and every bullet is  
>> getting
>> their own /48 or something to be able to justify for that amount of
>> address space. At least this gives the opportunity to hardcode that
>> block out of hardware if you want to avoid it being ever used by the
>> publicly known part of the US DoD. I wouldn't mind seeing the request
>> form that can justify this amount of address space though, must be  
>> a lot
>> of fun.
>>
>> Now back to your regular NANOG schedule....
>>
>> Greets,
>>    Jeroen
>>
>> (who will hide himself in a nice Swiss nuclear bunker till the flames
>> are all gone ;)
>>
>> 1) http://en.wikipedia.org/wiki/United_States
>>   which points to: http://www.census.gov/population/www/popclockus.html
>>
>>
>> _______________________________________________
>> NANOG mailing list
>> [email protected]
>> http://mailman.nanog.org/mailman/listinfo/nanog
>>
> _______________________________________________
> NANOG mailing list
> [email protected]
> http://mailman.nanog.org/mailman/listinfo/nanog
>
>
>
> _______________________________________________
> NANOG mailing list
> [email protected]
> http://mailman.nanog.org/mailman/listinfo/nanog
>

--
Hope is not a strategy.
       --  Ben Treynor, Google



_______________________________________________
NANOG mailing list
[email protected]
http://mailman.nanog.org/mailman/listinfo/nanog