IP Routing Question
Gerald Combs
gerald at zing.org
Tue Jan 2 22:02:18 CST 2001
On Tue, 2 Jan 2001, Monty J. Harder wrote:
>
> On Tue, 2 Jan 2001 08:28:12 -0600 mike neuliep <mike at illiana.net> writes:
>
>
> > It is Cisco's accepted practice to take a network and subnet it
> > using a 30 bit
> > mask. This will leave you lots of networks with two usable host
>
>
> I figured that part out, once I read that typical router software had
> been upgraded to support "uneven" subnetting. But that's still 4 IP
> addresses used for every such link in every network in the world. If I'm
> right about this, there are a lot of "nominal subnets" out there that
> don't need to be using up the address space at =all=.
I've been wracking my brain to remember when "typical router hardware"
_didn't_ support subnetting. I can't. For the most part, the only time
you have to worry about whether subnetting will work is when you're using
RIP version 1. RIPv1 messages don't contain netmasks - only addresses.
Therefore, the RIP algorithm all but forces you to use classfull
subnetting. The whole issue with RIP is moot anyway, since hardly
anyone[1] uses it.
Yes, it's unneccessary to plop the two usable addresses in a /30 block on
each end of a point-to-point link. Most router manufacturers will let you
configure "unnumbered" connections to facilitate this. Not many dedicated
links use this functionality, however. Every dedicated circuit I've[2]
ordered came with an address assigned out of a 4-block. This was the same
with UUNet, MCI, Sprint, SAVVIS, Verio, and SBIS. Heck, most providers
will usually give you extra 4-blocks (e.g. for DMZs or branch office
links) with no questions asked.
> > Your second question is a subnetting question. Yes you can
> > advertise a route
> > to a whole network to the rest of the world while behind the router
> > the network
> > is subnetted. This is actually preferred and most routers will
> > consolidate
> > routing tables to keep routing table sizes down.
>
>
> I understood that, too. It's half the reason for CIDR, after all. (The
> other half being conservation of address space by allowing more
> granularity in forming net masks.)
>
> What -=NOBODY=- has answered yet, including you, is whether it's OK to
> use "private" IP addresses for those subnets that link the routers
> together, while keeping public IP behind them. See all of those 10.x.y.x
> and 10.x.y.y thingies in there? =That= seems to be the $64K question.
> The instructor didn't have any specific reason why it wouldn't work, but
> seemed to have a vague feeling that it must break some rule somewhere
> because That's Not The Way It's Done.
>
> But TNTWID isn't good enough for Geeks Like Us, now is it? Hell, no.
> We'd all be exclusively using MS and happy about it. I always ask "If I
> do this, what does it break? Can we fix that protocol to make this
> work?" It seems to me like it =should= work, but I don't know enough yet
> to know why it wouldn't.
Technically, there's no reason you can't use private addresses for your
router-to-router links. End users aren't going to care, as long as their
traffic is routed where it needs to go. For a real-world example, check
out this traceroute excerpt from my machine at home:
bam:/home/gerald> traceroute -n www.brunching.com
traceroute to www.brunching.com (208.37.137.201), 30 hops max, 38 byte
packets
1 192.168.0.1 0.691 ms 0.534 ms 0.527 ms
2 10.24.72.1 8.292 ms 9.283 ms 11.745 ms
3 24.94.161.65 8.912 ms 9.213 ms 14.562 ms
[ ... ]
192.168.0.1 is the inside address of my firewall. 10.24.72.1 is the
address of Time Warner's equipment, which is on the public Internet[3].
Off the top of my head, there are a couple of caveats with this approach:
- In some circumstances, not-so-private addressing can be dangerous unless
you're very careful. Suppose you and your ISP both use addresses in the
10/8 block for public links. Now suppose you're using a dynamic
routing protocol on your border links, and one of you doesn't filter
your route advertisements correctly.
- Troubleshooting can be more difficult and/or painful. What happens when
someone tries to traceroute across your network? What happens when
_you_ try to traceroute across your network?
To summarize, you can conserve address space by using private addresses
for your inter-router links. Most organizations don't do this because it
adds complexity and a bit of risk to their network, and it's usually very
easy to get the extra address space from their provider.
[1] Anyone with a reliable network, that is.
[2] OK, I didn't order them. The organizations I worked for did. But
still.
[3] Interestingly enough, the address when traced from the outside in is
24.94.161.69. The reason for this is outside the scope of this
discussion.
> > The biggest thing that scares me here is the quality of your
> > instructor! :-)
> > But your employers have decided to subscribe to the Microsoft Money
>
>
> Actually, the State of Kansas is paying for this, in the hopes that the
> next job I get is one that pays so much better they'll get lotsa taxes
> off me or something. I have to come up with something quick, though.
>
> ________________________________________________________________
> GET INTERNET ACCESS FROM JUNO!
> Juno offers FREE or PREMIUM Internet access for less!
> Join Juno today! For your FREE software, visit:
> http://dl.www.juno.com/get/tagj.
>
>
>
More information about the Kclug
mailing list