IP Routing Question

Gerald Combs gerald at zing.org
Tue Jan 2 22:02:18 CST 2001 

On Tue, 2 Jan 2001, Monty J. Harder wrote:

> 
> On Tue, 2 Jan 2001 08:28:12 -0600 mike neuliep <mike at illiana.net> writes:
> 
> 
> > It is Cisco's accepted practice to take a network and subnet it 
> > using a 30 bit
> > mask.  This will leave you lots of networks with two usable host 
> 
> 
>   I figured that part out, once I read that typical router software had
> been upgraded to support "uneven" subnetting.  But that's still 4 IP
> addresses used for every such link in every network in the world.  If I'm
> right about this, there are a lot of "nominal subnets" out there that
> don't need to be using up the address space at =all=.

I've been wracking my brain to remember when "typical router hardware"
_didn't_ support subnetting.  I can't.  For the most part, the only time
you have to worry about whether subnetting will work is when you're using
RIP version 1.  RIPv1 messages don't contain netmasks - only addresses.  
Therefore, the RIP algorithm all but forces you to use classfull
subnetting.  The whole issue with RIP is moot anyway, since hardly
anyone[1] uses it.

Yes, it's unneccessary to plop the two usable addresses in a /30 block on
each end of a point-to-point link.  Most router manufacturers will let you
configure "unnumbered" connections to facilitate this.  Not many dedicated
links use this functionality, however.  Every dedicated circuit I've[2]
ordered came with an address assigned out of a 4-block.  This was the same
with UUNet, MCI, Sprint, SAVVIS, Verio, and SBIS.  Heck, most providers
will usually give you extra 4-blocks (e.g. for DMZs or branch office
links) with no questions asked.

> > Your second question is a subnetting question.  Yes you can 
> > advertise a route
> > to a whole network to the rest of the world while behind the router 
> > the network
> > is subnetted.  This is actually preferred and most routers will 
> > consolidate
> > routing tables to keep routing table sizes down.  
> 
> 
>   I understood that, too. It's half the reason for CIDR, after all.  (The
> other half being conservation of address space by allowing more
> granularity in forming net masks.)
> 
>   What -=NOBODY=- has answered yet, including you, is whether it's OK to
> use "private" IP addresses for those subnets that link the routers
> together, while keeping public IP behind them.  See all of those 10.x.y.x
> and 10.x.y.y thingies in there?  =That= seems to be the $64K question. 
> The instructor didn't have any specific reason why it wouldn't work, but
> seemed to have a vague feeling that it must break some rule somewhere
> because That's Not The Way It's Done.
> 
>   But TNTWID isn't good enough for Geeks Like Us, now is it?  Hell, no. 
> We'd all be exclusively using MS and happy about it.  I always ask "If I
> do this, what does it break?  Can we fix that protocol to make this
> work?"  It seems to me like it =should= work, but I don't know enough yet
> to know why it wouldn't.

Technically, there's no reason you can't use private addresses for your
router-to-router links.  End users aren't going to care, as long as their
traffic is routed where it needs to go.  For a real-world example, check
out this traceroute excerpt from my machine at home:

bam:/home/gerald> traceroute -n www.brunching.com
traceroute to www.brunching.com (208.37.137.201), 30 hops max, 38 byte
packets
 1  192.168.0.1  0.691 ms  0.534 ms  0.527 ms
 2  10.24.72.1  8.292 ms  9.283 ms  11.745 ms
 3  24.94.161.65  8.912 ms  9.213 ms  14.562 ms

    [ ... ]

192.168.0.1 is the inside address of my firewall.  10.24.72.1 is the
address of Time Warner's equipment, which is on the public Internet[3].

Off the top of my head, there are a couple of caveats with this approach:
  
- In some circumstances, not-so-private addressing can be dangerous unless
  you're very careful.  Suppose you and your ISP both use addresses in the
  10/8 block for public links.  Now suppose you're using a  dynamic
  routing protocol on your border links, and one of you doesn't filter
  your route advertisements correctly.

- Troubleshooting can be more difficult and/or painful.  What happens when
  someone tries to traceroute across your network?  What happens when
  _you_ try to traceroute across your network?

To summarize, you can conserve address space by using private addresses
for your inter-router links.  Most organizations don't do this because it
adds complexity and a bit of risk to their network, and it's usually very
easy to get the extra address space from their provider.

[1] Anyone with a reliable network, that is.

[2] OK, I didn't order them.  The organizations I worked for did.  But
    still.

[3] Interestingly enough, the address when traced from the outside in is
    24.94.161.69.  The reason for this is outside the scope of this
    discussion.

> > The biggest thing that scares me here is the quality of your 
> > instructor! :-)
> > But your employers have decided to subscribe to the Microsoft Money 
> 
> 
>   Actually, the State of Kansas is paying for this, in the hopes that the
> next job I get is one that pays so much better they'll get lotsa taxes
> off me or something.  I have to come up with something quick, though.
>
> ________________________________________________________________
> GET INTERNET ACCESS FROM JUNO!
> Juno offers FREE or PREMIUM Internet access for less!
> Join Juno today!  For your FREE software, visit:
> http://dl.www.juno.com/get/tagj.
> 
> 
>

More information about the Kclug mailing list