Re: [NANOG] US DoD receives chunked IPv6 /13 (14x /22 but not totally consecutive)

[Christopher LILJENSTOLPE <cdl () asgaard org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

        Not to address the political issues here (which are deep, wide, and  
WAY too much of a black-hole), remember, that the DoD is not a single  
organization from a networking perspective.  There are a number of  
different organizations within that structure, all of which may, or  
may not, want to announce separately, maintain their own external  
links, etc.  Those boundaries can be on a service level (USAF vs USN),  
geographical level (Southern Command vs. Northern Command), etc.

        My guess is that they don't want to be tied to only announcing a  
single /13.  Each of those organizations is bigger than a lot of  
service providers out there...

        As for why so many addresses - consider a networked ship (where  
everything has an address), soldier (each soldier having one or more  
addresses), battlefield sensors, etc.  With stateless autoconf, that  
can add up fairly quickly (depending on network topology).

        Lastly, If you honestly think that any entity (government or non- 
government) would launch an offensive cyber-attack from their own  
address space... never mind....

        Chris

        
On 16 May 2008, at 10.58, Dorn Hetzel wrote:

> Perhaps it is an attempt to make their address space so sparsely  
> populated
> that it's close to impossible to find a host without knowing it's  
> address in
> the first place?
>
> On Fri, May 16, 2008 at 1:09 PM, Jeroen Massar <jeroen () unfix org>  
> wrote:
>
> > Hi folks,
> >
> > As everybody is a big fan of securing their networks against foreign
> > attacks, be aware that the US DoD has been assigned 14 /22's, IPv6  
> > that
> > is, not IPv4, they all come from a single IPv6 /13 though, which is  
> > what
> > they apparently asked for in the beginning, at least that was the  
> > rumor,
> > well they got what they wanted.
> >
> > I've recorded it into GRH as a single /13 though, as that is what  
> > it is,
> > and I am not going to bother whois'ing and entering the 14 separate
> > entries there, as that is useless, especially as they will most  
> > likely
> > never appear in the global routing tables anyway.
> >
> > Depending on your love for the US, you might want to add special  
> > rules
> > in your network to be able to easily detect Cyber Attacks and other  
> > such
> > things towards that address space, to be able to better serve your
> > country, may that be the US or any other country for that matter.
> >
> > I am of course wondering why ARIN gave 1 organization 14 separate / 
> > 22's,
> > even though they are recorded exactly the same, just different  
> > prefixes
> > and netnames and it is effectively one huge /13. They could easily  
> > have
> > been recorded as that one /13, it is not like eg Canada (no other
> > countries that fall under ARIN now is there) will get a couple of the
> > chunks of remaining space in between there. By assigning them  
> > separate
> > /22's, they effectively are stating that it is good to fragment the
> > address space and by having them recorded in whois, also that  
> > announcing
> > more specifics from that /13 is just fine.
> >
> > The other fun question is of course what a single organization has  
> > to do
> > with (2^(48-13)=) 34.359.738.368, yes indeed, 34 billion /48's which
> > cover 2.251.799.813.685.248 /64's which is a number that I can't even
> > pronounce. According to Wikipedia the US only has a mere population  
> > of
> > 304,080,000, that means that every US citizen can get a 1000+ /48's  
> > from
> > their DoD, thus maybe every nuclear warhead and every bullet is  
> > getting
> > their own /48 or something to be able to justify for that amount of
> > address space. At least this gives the opportunity to hardcode that
> > block out of hardware if you want to avoid it being ever used by the
> > publicly known part of the US DoD. I wouldn't mind seeing the request
> > form that can justify this amount of address space though, must be  
> > a lot
> > of fun.
> >
> > Now back to your regular NANOG schedule....
> >
> > Greets,
> >    Jeroen
> >
> > (who will hide himself in a nice Swiss nuclear bunker till the flames
> > are all gone ;)
> >
> > 1) http://en.wikipedia.org/wiki/United_States
> >   which points to: http://www.census.gov/population/www/popclockus.html
> >
> >
> > _______________________________________________
> > NANOG mailing list
> > NANOG () nanog org
> > http://mailman.nanog.org/mailman/listinfo/nanog
> _______________________________________________
> NANOG mailing list
> NANOG () nanog org
> http://mailman.nanog.org/mailman/listinfo/nanog

- ---
李柯睿
Check my PGP key here:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB67593B




-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJILc81AAoJEGmx2Mt/+Iw/0HEH/1HZmv1nsNRpz1sqjMJwy0kr
O68VCagg7tNfRLq/ErY8lOkxcVsAp0R6urZN8kJwt59MBcd1Yat8BxqayfXcbrx4
m/y361FKjEt8HpBBcS5EiHftjojD2aWczlinJuGL97koDw390ozuZhXLvui27JsE
Zh2LHdLrya2ZKMkfL2/mLc7J1C0CiuMvflDVCURG8c+aG17O+aH8csTbxHzStoH4
U0lbxH6hvOHVtQdaHa4JKtZD6zdUIn4quZnwnyPO7mop9005h/W4GRIqB4fUQMGB
Jk+8bo5ArTxIlceunhLhbUhMAphF7RaABNKBxsUrgc4nqQVVCV8fOCbyvOr6rTA=
=z0uG
-----END PGP SIGNATURE-----

_______________________________________________
NANOG mailing list
NANOG () nanog org
http://mailman.nanog.org/mailman/listinfo/nanog