Jump to content


Photo
- - - - -

Using Public IP Addresses on a Private Network


  • Please log in to reply
10 replies to this topic

#1 johnnymanson

johnnymanson

    SUP3R 31337

  • Members
  • 175 posts
  • Gender:Male
  • Location:Somewhere in NC, USA

Posted 15 December 2010 - 10:41 PM

I just discovered that the University where I work uses public IP addresses on their internal network. The results of ipconfig in windows and a web site like whatismyip.com produce the same results. Everywhere else I have worked used private IPs internally and then NATed them through one or two public IP to reach the internet. Does anyone have any idea why the Uni might do that? It seems wasteful to me. I also did an ARIN search and found out that we own a block of Class B addresses that would seem to correspond to all the internal IPs on campus. What gives?

#2 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 15 December 2010 - 11:16 PM

At a pinch.
they ain't "private"....
The UK has JANET
http://www.ja.net/
not sure about the US, but here at least net access doesn't go through any kind of NAT, each machine is "visible" to the WWW (as much as the uni firewalls will allow anyhow)

#3 phaedrus

phaedrus

    Gibson Hacker

  • Members
  • 90 posts
  • Gender:Male

Posted 16 December 2010 - 06:07 AM

I'd guess they were from the pre-nat days when everyone had a public ip, and as time has gone on they've closed the front door down to not so public but like everyone else, want to keep their valuable class B allocation by proving they still "need" it to arin.
We know its bullshit, but its enough to satisy some box ticking clerk at arin if they enquire...

#4 johnnymanson

johnnymanson

    SUP3R 31337

  • Members
  • 175 posts
  • Gender:Male
  • Location:Somewhere in NC, USA

Posted 16 December 2010 - 11:55 AM

What about the cost? Do you think we pay a yearly fee for the addresses? I've checked several IP blocks around ours. They are mostly small colleges and universities. Sure seems a waste with us running out of v4 addresses.

#5 phaedrus

phaedrus

    Gibson Hacker

  • Members
  • 90 posts
  • Gender:Male

Posted 17 December 2010 - 06:12 AM

Itll possibly be under a legacy pre arin agreement, in which case it costs them $100 a year.
arin legacy agreement

Commercially thats a valueable asset so $100/yr to keep it is chickenfeed...
This goes over the world over, very few people need a /24 or the like but lots have them kicking around. Its a bit of a attitude of "we'll release ours when xyz gives theirs up first"...

#6 johnnymanson

johnnymanson

    SUP3R 31337

  • Members
  • 175 posts
  • Gender:Male
  • Location:Somewhere in NC, USA

Posted 17 December 2010 - 06:33 AM

Thanks for the info guys. Guess I now understand why the world is running out of IPs.

#7 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 17 December 2010 - 08:48 PM

Itll possibly be under a legacy pre arin agreement, in which case it costs them $100 a year.
arin legacy agreement

Commercially thats a valueable asset so $100/yr to keep it is chickenfeed...
This goes over the world over, very few people need a /24 or the like but lots have them kicking around. Its a bit of a attitude of "we'll release ours when xyz gives theirs up first"...

The other thing you have to bear in mind, is universities & colleges were "the internet". Most colleges, universities and even many leading schools had interlinked campus networks a decade or two before there was any hint of widespread "public" access.
They're the ones that made all the investment and lead the internet revolution.
Personally I recon the next step is with wireless meshworking. Wireless 802.11s devices given IPv6 at manufacture that can communicate globally as long as they are in range of another 802.11s device. But there is still a lot of work todo in bandwidth management and routing (how do you manage finding a route to 3ffe:1900:4545:3:200:f8ff:fe21:67cf which is in Japan, when your address is 3ffe:1900:4545:3:200:f8ff:fe21:67ce in Moscow)
The assumption has been that they can just scale up IPv4 to IPv6, but there is no pressure for this when the backbone is happy on IPv4, and public providers are busy locking up their customers in tiny localized networks.

#8 johnnymanson

johnnymanson

    SUP3R 31337

  • Members
  • 175 posts
  • Gender:Male
  • Location:Somewhere in NC, USA

Posted 17 December 2010 - 10:47 PM


Itll possibly be under a legacy pre arin agreement, in which case it costs them $100 a year.
arin legacy agreement

Commercially thats a valueable asset so $100/yr to keep it is chickenfeed...
This goes over the world over, very few people need a /24 or the like but lots have them kicking around. Its a bit of a attitude of "we'll release ours when xyz gives theirs up first"...

The other thing you have to bear in mind, is universities & colleges were "the internet". Most colleges, universities and even many leading schools had interlinked campus networks a decade or two before there was any hint of widespread "public" access.
They're the ones that made all the investment and lead the internet revolution.
Personally I recon the next step is with wireless meshworking. Wireless 802.11s devices given IPv6 at manufacture that can communicate globally as long as they are in range of another 802.11s device. But there is still a lot of work todo in bandwidth management and routing (how do you manage finding a route to 3ffe:1900:4545:3:200:f8ff:fe21:67cf which is in Japan, when your address is 3ffe:1900:4545:3:200:f8ff:fe21:67ce in Moscow)
The assumption has been that they can just scale up IPv4 to IPv6, but there is no pressure for this when the backbone is happy on IPv4, and public providers are busy locking up their customers in tiny localized networks.


Good point about universities being "the internet." I'll have to find out how long the campus has been online. Also did the ARIN search on MIT. They are a /8. Pretty big network, or at least they have the potential to be.

#9 phaedrus

phaedrus

    Gibson Hacker

  • Members
  • 90 posts
  • Gender:Male

Posted 22 December 2010 - 05:38 AM

The assumption has been that they can just scale up IPv4 to IPv6, but there is no pressure for this when the backbone is happy on IPv4, and public providers are busy locking up their customers in tiny localized networks.

I would personally bet on the backbone staying ipv4, and encapsulating ipv6 within a ipv4 container for transit purposes and nat it at the entry and exit points for the major node for that ipv6 major subnet. Ugly fudge but it will work with little expenditure and no real downside from a commercial point of view and thats all the backbone providers care about, the $$$. The routing will be a horrible messed up nightmare as you say as ipv6 peering information will have to propogate between backbone peers along with ipv4 to work properly.
I think thats why theres no pressure and no backbone providers are panicing, theres a workround in place already that serves both isp level wanting ipv6 and the backbone guys not having a shedload of new investment in router hardware and stuff...

#10 phaedrus

phaedrus

    Gibson Hacker

  • Members
  • 90 posts
  • Gender:Male

Posted 22 December 2010 - 05:40 AM

And if your brain isnt currently idly wondering about reading up technically on how thats possible, with a view at looking how you could poison the translation somehow, you might just be on the wrong forum ;)

#11 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 22 December 2010 - 06:57 AM


The assumption has been that they can just scale up IPv4 to IPv6, but there is no pressure for this when the backbone is happy on IPv4, and public providers are busy locking up their customers in tiny localized networks.

I would personally bet on the backbone staying ipv4, and encapsulating ipv6 within a ipv4 container for transit purposes and nat it at the entry and exit points for the major node for that ipv6 major subnet. Ugly fudge but it will work with little expenditure and no real downside from a commercial point of view and thats all the backbone providers care about, the $$$. The routing will be a horrible messed up nightmare as you say as ipv6 peering information will have to propogate between backbone peers along with ipv4 to work properly.
I think thats why theres no pressure and no backbone providers are panicing, theres a workround in place already that serves both isp level wanting ipv6 and the backbone guys not having a shedload of new investment in router hardware and stuff...



And if your brain isnt currently idly wondering about reading up technically on how thats possible, with a view at looking how you could poison the translation somehow, you might just be on the wrong forum ;)

Of course, customers not really wanting to pay for horribly messed up routing with open season on translation poisoning and various other huge security and transmission holes could be considered a "commercial downside".
Especially when to all intents and purposes VirtualHosts are a much cleaner and more reliable fudge.




BinRev is hosted by the great people at Lunarpages!