nanog mailing list archives

RE: Using private APNIC range in US

From: Eric J Esslinger <eesslinger () fpu-tn com>
Date: Fri, 19 Mar 2010 12:12:37 -0500

-----Original Message-----
From: Charles Mills [mailto:w3yni1 () gmail com]
Sent: Friday, March 19, 2010 10:06 AM
To: Matt Shadbolt
Cc: nanog () nanog org
Subject: Re: Using private APNIC range in US

I love war stories.  I once got chewed out by a colleague <?>
from another organization because we were using "their" address space.

We were using 10.0.0.0/8.  Explanation of NAT and RFC1918 was
met with a deer in the headlights look.

On Fri, Mar 19, 2010 at 12:04 AM, Matt Shadbolt
<matt.shadbolt () gmail com> wrote:

I once had a customer who for some reason had all their printers on
public addresses they didn't own. Not advertising them outside, but
internally whenever a user browsed to a external site that

happened to

be one of the addresses used, they would just receive a HP

or Konica

login page :)

They didn't mind though. No idea if they've changed it since.

Was troubleshooting a customer's vpn trouble a few years ago at another ISP. Could connect from outside our ISP, but 
users of our service sometimes could and sometimes couldn't connect.

Turns out the Master Network Manager (that's what he called himself) had looked at the static IP assignment, and 
extrapolated back the whole /22 they were on and used it for the inside of his NAT router. When people hit that part of 
our network pool, they could make the initial connection but then the poor firewall would have a nervous breakdown and 
not pass traffic right (I don't blame it).

My solution: Renumber to a reserved private block internally. He had about 200 devices with static assigned dhcp on 
about 10 of them.
His solution: Every company user that gets access through our service had to get some form of other service in order to 
connect to his network by vpn since we 'don't know what we're doing with network configuration'. 35 people either 
switched away from us or got a second (usually dial up) connection for when they wanted to vpn in.
I believe his core mantra was that the private 1918's were 'not secure' for some reason he couldn't articulate to me.

This message may contain confidential and/or proprietary information and is intended for the person/entity to whom it 
was originally addressed. Any use by others is strictly prohibited.

Attachment: Eric J Esslinger.vcf
Description: Eric J Esslinger.vcf

Current thread:

Re: Using private APNIC range in US, (continued)
- Re: Using private APNIC range in US Larry Sheldon (Mar 18)
- Re: Using private APNIC range in US Fred Baker (Mar 18)
  - Re: Using private APNIC range in US Cian Brennan (Mar 18)
  - Re: Using private APNIC range in US Owen DeLong (Mar 18)
    - Re: Using private APNIC range in US Jared Mauch (Mar 18)
    - Re: Using private APNIC range in US William Allen Simpson (Mar 18)
    - Re: Using private APNIC range in US Larry Sheldon (Mar 18)
    - Re: Using private APNIC range in US Matt Shadbolt (Mar 18)
    - Re: Using private APNIC range in US Charles Mills (Mar 19)
    - Re: Using private APNIC range in US Craig Vuljanic (Mar 19)
    - RE: Using private APNIC range in US Eric J Esslinger (Mar 19)
    - Re: Using private APNIC range in US Graham Beneke (Mar 20)
    - Re: Using private APNIC range in US Łukasz Bromirski (Mar 20)
    - Re: Using private APNIC range in US Daniel Senie (Mar 18)
    - Re: Using private APNIC range in US gordon b slater (Mar 18)
    - Re: Using private APNIC range in US gordon b slater (Mar 18)
- Re: Using private APNIC range in US Jay Hennigan (Mar 28)