Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NANOG: users

Re: US DoD receives chunked IPv6 /13 (14x /22 but nottotally consecutive)

  

 
NANOG users RSS feed   Index | Next | Previous | View Threaded


robert at ufl

May 16, 2008, 11:15 AM

Post #1 of 2 (165 views)
Permalink
Re: US DoD receives chunked IPv6 /13 (14x /22 but nottotally consecutive)
OH, You mean like putting a sniper in a bunch of trees. They know that
tactic well. :)

Robert D. Scott Robert[at]ufl.edu
Senior Network Engineer 352-273-0113 Phone
CNS - Network Services 352-392-2061 CNS Receptionist
University of Florida 352-392-9440 FAX
Florida Lambda Rail 352-294-3571 FLR NOC
Gainesville, FL 32611


-----Original Message-----
From: Dorn Hetzel [mailto:dhetzel[at]gmail.com]
Sent: Friday, May 16, 2008 1:59 PM
To: Jeroen Massar
Cc: NANOG list
Subject: Re: [NANOG] US DoD receives chunked IPv6 /13 (14x /22 but
nottotally consecutive)


Perhaps it is an attempt to make their address space so sparsely populated
that it's close to impossible to find a host without knowing it's address in
the first place?

On Fri, May 16, 2008 at 1:09 PM, Jeroen Massar <jeroen[at]unfix.org> wrote:

> Hi folks,
>
> As everybody is a big fan of securing their networks against foreign
> attacks, be aware that the US DoD has been assigned 14 /22's, IPv6 that
> is, not IPv4, they all come from a single IPv6 /13 though, which is what
> they apparently asked for in the beginning, at least that was the rumor,
> well they got what they wanted.
>
> I've recorded it into GRH as a single /13 though, as that is what it is,
> and I am not going to bother whois'ing and entering the 14 separate
> entries there, as that is useless, especially as they will most likely
> never appear in the global routing tables anyway.
>
> Depending on your love for the US, you might want to add special rules
> in your network to be able to easily detect Cyber Attacks and other such
> things towards that address space, to be able to better serve your
> country, may that be the US or any other country for that matter.
>
> I am of course wondering why ARIN gave 1 organization 14 separate /22's,
> even though they are recorded exactly the same, just different prefixes
> and netnames and it is effectively one huge /13. They could easily have
> been recorded as that one /13, it is not like eg Canada (no other
> countries that fall under ARIN now is there) will get a couple of the
> chunks of remaining space in between there. By assigning them separate
> /22's, they effectively are stating that it is good to fragment the
> address space and by having them recorded in whois, also that announcing
> more specifics from that /13 is just fine.
>
> The other fun question is of course what a single organization has to do
> with (2^(48-13)=) 34.359.738.368, yes indeed, 34 billion /48's which
> cover 2.251.799.813.685.248 /64's which is a number that I can't even
> pronounce. According to Wikipedia the US only has a mere population of
> 304,080,000, that means that every US citizen can get a 1000+ /48's from
> their DoD, thus maybe every nuclear warhead and every bullet is getting
> their own /48 or something to be able to justify for that amount of
> address space. At least this gives the opportunity to hardcode that
> block out of hardware if you want to avoid it being ever used by the
> publicly known part of the US DoD. I wouldn't mind seeing the request
> form that can justify this amount of address space though, must be a lot
> of fun.
>
> Now back to your regular NANOG schedule....
>
> Greets,
> Jeroen
>
> (who will hide himself in a nice Swiss nuclear bunker till the flames
> are all gone ;)
>
> 1) http://en.wikipedia.org/wiki/United_States
> which points to: http://www.census.gov/population/www/popclockus.html
>
>
> _______________________________________________
> NANOG mailing list
> NANOG[at]nanog.org
> http://mailman.nanog.org/mailman/listinfo/nanog
>
_______________________________________________
NANOG mailing list
NANOG[at]nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog



_______________________________________________
NANOG mailing list
NANOG[at]nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog


warren at kumari

May 16, 2008, 11:41 AM

Post #2 of 2 (144 views)
Permalink
Re: US DoD receives chunked IPv6 /13 (14x /22 but nottotally consecutive) [In reply to]
On May 16, 2008, at 2:15 PM, Robert D. Scott wrote:

> OH, You mean like putting a sniper in a bunch of trees. They know that
> tactic well. :)

Yup -- http://www.youtube.com/watch?v=ltmMJntSfQI

W

>
>
> Robert D. Scott Robert[at]ufl.edu
> Senior Network Engineer 352-273-0113 Phone
> CNS - Network Services 352-392-2061 CNS Receptionist
> University of Florida 352-392-9440 FAX
> Florida Lambda Rail 352-294-3571 FLR NOC
> Gainesville, FL 32611
>
>
> -----Original Message-----
> From: Dorn Hetzel [mailto:dhetzel[at]gmail.com]
> Sent: Friday, May 16, 2008 1:59 PM
> To: Jeroen Massar
> Cc: NANOG list
> Subject: Re: [NANOG] US DoD receives chunked IPv6 /13 (14x /22 but
> nottotally consecutive)
>
>
> Perhaps it is an attempt to make their address space so sparsely
> populated
> that it's close to impossible to find a host without knowing it's
> address in
> the first place?
>
> On Fri, May 16, 2008 at 1:09 PM, Jeroen Massar <jeroen[at]unfix.org>
> wrote:
>
>> Hi folks,
>>
>> As everybody is a big fan of securing their networks against foreign
>> attacks, be aware that the US DoD has been assigned 14 /22's, IPv6
>> that
>> is, not IPv4, they all come from a single IPv6 /13 though, which is
>> what
>> they apparently asked for in the beginning, at least that was the
>> rumor,
>> well they got what they wanted.
>>
>> I've recorded it into GRH as a single /13 though, as that is what
>> it is,
>> and I am not going to bother whois'ing and entering the 14 separate
>> entries there, as that is useless, especially as they will most
>> likely
>> never appear in the global routing tables anyway.
>>
>> Depending on your love for the US, you might want to add special
>> rules
>> in your network to be able to easily detect Cyber Attacks and other
>> such
>> things towards that address space, to be able to better serve your
>> country, may that be the US or any other country for that matter.
>>
>> I am of course wondering why ARIN gave 1 organization 14 separate /
>> 22's,
>> even though they are recorded exactly the same, just different
>> prefixes
>> and netnames and it is effectively one huge /13. They could easily
>> have
>> been recorded as that one /13, it is not like eg Canada (no other
>> countries that fall under ARIN now is there) will get a couple of the
>> chunks of remaining space in between there. By assigning them
>> separate
>> /22's, they effectively are stating that it is good to fragment the
>> address space and by having them recorded in whois, also that
>> announcing
>> more specifics from that /13 is just fine.
>>
>> The other fun question is of course what a single organization has
>> to do
>> with (2^(48-13)=) 34.359.738.368, yes indeed, 34 billion /48's which
>> cover 2.251.799.813.685.248 /64's which is a number that I can't even
>> pronounce. According to Wikipedia the US only has a mere population
>> of
>> 304,080,000, that means that every US citizen can get a 1000+ /48's
>> from
>> their DoD, thus maybe every nuclear warhead and every bullet is
>> getting
>> their own /48 or something to be able to justify for that amount of
>> address space. At least this gives the opportunity to hardcode that
>> block out of hardware if you want to avoid it being ever used by the
>> publicly known part of the US DoD. I wouldn't mind seeing the request
>> form that can justify this amount of address space though, must be
>> a lot
>> of fun.
>>
>> Now back to your regular NANOG schedule....
>>
>> Greets,
>> Jeroen
>>
>> (who will hide himself in a nice Swiss nuclear bunker till the flames
>> are all gone ;)
>>
>> 1) http://en.wikipedia.org/wiki/United_States
>> which points to: http://www.census.gov/population/www/popclockus.html
>>
>>
>> _______________________________________________
>> NANOG mailing list
>> NANOG[at]nanog.org
>> http://mailman.nanog.org/mailman/listinfo/nanog
>>
> _______________________________________________
> NANOG mailing list
> NANOG[at]nanog.org
> http://mailman.nanog.org/mailman/listinfo/nanog
>
>
>
> _______________________________________________
> NANOG mailing list
> NANOG[at]nanog.org
> http://mailman.nanog.org/mailman/listinfo/nanog
>

--
Hope is not a strategy.
-- Ben Treynor, Google



_______________________________________________
NANOG mailing list
NANOG[at]nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

NANOG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.