I just discovered that the University where I work uses public IP addresses on their internal network. The results of ipconfig in windows and a web site like whatismyip.com produce the same results. Everywhere else I have worked used private IPs internally and then NATed them through one or two public IP to reach the internet. Does anyone have any idea why the Uni might do that? It seems wasteful to me. I also did an ARIN search and found out that we own a block of Class B addresses that would seem to correspond to all the internal IPs on campus. What gives?
Using Public IP Addresses on a Private Network
Started by
johnnymanson
, Dec 15 2010 10:41 PM
10 replies to this topic
#1
johnnymanson
-
- Members
-
- 175 posts
SUP3R 31337
- Gender:Male
- Location:Somewhere in NC, USA
Posted 15 December 2010 - 10:41 PM
#2
mSparks
-
- Members
-
- 100 posts
elite
- Gender:Male
Posted 15 December 2010 - 11:16 PM
At a pinch.
they ain't "private"....
The UK has JANET
http://www.ja.net/
not sure about the US, but here at least net access doesn't go through any kind of NAT, each machine is "visible" to the WWW (as much as the uni firewalls will allow anyhow)
they ain't "private"....
The UK has JANET
http://www.ja.net/
not sure about the US, but here at least net access doesn't go through any kind of NAT, each machine is "visible" to the WWW (as much as the uni firewalls will allow anyhow)
#3
phaedrus
-
- Members
-
- 90 posts
Gibson Hacker
- Gender:Male
Posted 16 December 2010 - 06:07 AM
I'd guess they were from the pre-nat days when everyone had a public ip, and as time has gone on they've closed the front door down to not so public but like everyone else, want to keep their valuable class B allocation by proving they still "need" it to arin.
We know its bullshit, but its enough to satisy some box ticking clerk at arin if they enquire...
We know its bullshit, but its enough to satisy some box ticking clerk at arin if they enquire...
#4
johnnymanson
-
- Members
-
- 175 posts
SUP3R 31337
- Gender:Male
- Location:Somewhere in NC, USA
Posted 16 December 2010 - 11:55 AM
What about the cost? Do you think we pay a yearly fee for the addresses? I've checked several IP blocks around ours. They are mostly small colleges and universities. Sure seems a waste with us running out of v4 addresses.
#5
phaedrus
-
- Members
-
- 90 posts
Gibson Hacker
- Gender:Male
Posted 17 December 2010 - 06:12 AM
Itll possibly be under a legacy pre arin agreement, in which case it costs them $100 a year.
arin legacy agreement
Commercially thats a valueable asset so $100/yr to keep it is chickenfeed...
This goes over the world over, very few people need a /24 or the like but lots have them kicking around. Its a bit of a attitude of "we'll release ours when xyz gives theirs up first"...
arin legacy agreement
Commercially thats a valueable asset so $100/yr to keep it is chickenfeed...
This goes over the world over, very few people need a /24 or the like but lots have them kicking around. Its a bit of a attitude of "we'll release ours when xyz gives theirs up first"...
#6
johnnymanson
-
- Members
-
- 175 posts
SUP3R 31337
- Gender:Male
- Location:Somewhere in NC, USA
Posted 17 December 2010 - 06:33 AM
Thanks for the info guys. Guess I now understand why the world is running out of IPs.
#7
mSparks
-
- Members
-
- 100 posts
elite
- Gender:Male
Posted 17 December 2010 - 08:48 PM
The other thing you have to bear in mind, is universities & colleges were "the internet". Most colleges, universities and even many leading schools had interlinked campus networks a decade or two before there was any hint of widespread "public" access.Itll possibly be under a legacy pre arin agreement, in which case it costs them $100 a year.
arin legacy agreement
Commercially thats a valueable asset so $100/yr to keep it is chickenfeed...
This goes over the world over, very few people need a /24 or the like but lots have them kicking around. Its a bit of a attitude of "we'll release ours when xyz gives theirs up first"...
They're the ones that made all the investment and lead the internet revolution.
Personally I recon the next step is with wireless meshworking. Wireless 802.11s devices given IPv6 at manufacture that can communicate globally as long as they are in range of another 802.11s device. But there is still a lot of work todo in bandwidth management and routing (how do you manage finding a route to 3ffe:1900:4545:3:200:f8ff:fe21:67cf which is in Japan, when your address is 3ffe:1900:4545:3:200:f8ff:fe21:67ce in Moscow)
The assumption has been that they can just scale up IPv4 to IPv6, but there is no pressure for this when the backbone is happy on IPv4, and public providers are busy locking up their customers in tiny localized networks.
#8
johnnymanson
-
- Members
-
- 175 posts
SUP3R 31337
- Gender:Male
- Location:Somewhere in NC, USA
Posted 17 December 2010 - 10:47 PM
The other thing you have to bear in mind, is universities & colleges were "the internet". Most colleges, universities and even many leading schools had interlinked campus networks a decade or two before there was any hint of widespread "public" access.
Itll possibly be under a legacy pre arin agreement, in which case it costs them $100 a year.
arin legacy agreement
Commercially thats a valueable asset so $100/yr to keep it is chickenfeed...
This goes over the world over, very few people need a /24 or the like but lots have them kicking around. Its a bit of a attitude of "we'll release ours when xyz gives theirs up first"...
They're the ones that made all the investment and lead the internet revolution.
Personally I recon the next step is with wireless meshworking. Wireless 802.11s devices given IPv6 at manufacture that can communicate globally as long as they are in range of another 802.11s device. But there is still a lot of work todo in bandwidth management and routing (how do you manage finding a route to 3ffe:1900:4545:3:200:f8ff:fe21:67cf which is in Japan, when your address is 3ffe:1900:4545:3:200:f8ff:fe21:67ce in Moscow)
The assumption has been that they can just scale up IPv4 to IPv6, but there is no pressure for this when the backbone is happy on IPv4, and public providers are busy locking up their customers in tiny localized networks.
Good point about universities being "the internet." I'll have to find out how long the campus has been online. Also did the ARIN search on MIT. They are a /8. Pretty big network, or at least they have the potential to be.
#9
phaedrus
-
- Members
-
- 90 posts
Gibson Hacker
- Gender:Male
Posted 22 December 2010 - 05:38 AM
I would personally bet on the backbone staying ipv4, and encapsulating ipv6 within a ipv4 container for transit purposes and nat it at the entry and exit points for the major node for that ipv6 major subnet. Ugly fudge but it will work with little expenditure and no real downside from a commercial point of view and thats all the backbone providers care about, the $$$. The routing will be a horrible messed up nightmare as you say as ipv6 peering information will have to propogate between backbone peers along with ipv4 to work properly.The assumption has been that they can just scale up IPv4 to IPv6, but there is no pressure for this when the backbone is happy on IPv4, and public providers are busy locking up their customers in tiny localized networks.
I think thats why theres no pressure and no backbone providers are panicing, theres a workround in place already that serves both isp level wanting ipv6 and the backbone guys not having a shedload of new investment in router hardware and stuff...
#10
phaedrus
-
- Members
-
- 90 posts
Gibson Hacker
- Gender:Male
Posted 22 December 2010 - 05:40 AM
And if your brain isnt currently idly wondering about reading up technically on how thats possible, with a view at looking how you could poison the translation somehow, you might just be on the wrong forum .gif)
#11
mSparks
-
- Members
-
- 100 posts
elite
- Gender:Male
Posted 22 December 2010 - 06:57 AM
I would personally bet on the backbone staying ipv4, and encapsulating ipv6 within a ipv4 container for transit purposes and nat it at the entry and exit points for the major node for that ipv6 major subnet. Ugly fudge but it will work with little expenditure and no real downside from a commercial point of view and thats all the backbone providers care about, the $$$. The routing will be a horrible messed up nightmare as you say as ipv6 peering information will have to propogate between backbone peers along with ipv4 to work properly.
The assumption has been that they can just scale up IPv4 to IPv6, but there is no pressure for this when the backbone is happy on IPv4, and public providers are busy locking up their customers in tiny localized networks.
I think thats why theres no pressure and no backbone providers are panicing, theres a workround in place already that serves both isp level wanting ipv6 and the backbone guys not having a shedload of new investment in router hardware and stuff...
Of course, customers not really wanting to pay for horribly messed up routing with open season on translation poisoning and various other huge security and transmission holes could be considered a "commercial downside".And if your brain isnt currently idly wondering about reading up technically on how thats possible, with a view at looking how you could poison the translation somehow, you might just be on the wrong forum
Especially when to all intents and purposes VirtualHosts are a much cleaner and more reliable fudge.
BinRev is hosted by the great people at Lunarpages!
