Re: Interesting Ali Express web server behavior...

[Sabri Berisha <sabri () cluecentral net>]

----- On Dec 10, 2023, at 12:08 AM, Christopher Hawker chris () thesysadmin au wrote:

Hi,

> Starting to digress here for a minute...
> How big would a network need to get, in order to come close to exhausing RFC1918
> address space? There are a total of 17,891,328 IP addresses between the 10/8
> prefix, 172.16/12 space and 192.168/16 space. If one was to allocate 10
> addresses to each host, that means it would require 1,789,132 hosts to exhaust
> the space.

Imagine a 20 year old platform originally built in the late 90s/early 2000s,
gradually evolving to what it is today. You'll have several version of design,
several versions of applications, several versions of networking, firewalls, and
other infrastructure. It is so old, when it was first built, each HTTPS address
required its own IP.

What you end up with is your typical pod design with 40-some TORs where you
allocate a /24 per IRB, not knowing how many hosts are going to end up on the
hypervisor. And due to PCI-DSS restrictions, you may need multiple IRBs per TOR.

And all of this in an environment where datacenters and pods are scaled based on
the amount of power available, not the amount of space.

Now factor in "legacy" pods and datacenters that were never properly migrated out
of, an address-guzzling corporate network administered by a separate team that
for some reason also needs to talk to prod and thus demands unique RFC1918 space
out of the same pool, and all of a sudden that DOD space looks awfully appealing.

This is how you end up with projects named "Save The Bacon".

Even after very rigorous reclaiming we still ended up using close to 60% of
RFC1918 space.

Thanks,

Sabri