
Support Diary: The LAN of 16M Hosts - todsacerdoti
http://prgmr.com/blog/2020/07/17/classful-networking.html
======
jlgaddis
I had a $cow-orker who once did the exact same thing -- configured an
interface to use a /8 subnet mask -- except it was on the new Cisco ASA
firewall we were deploying for one of our customers (a government water
utility) and it wasn't a stupid default; he explicitly configured the wrong
subnet mask and told the ASA that there were ~16.7 million other devices
directly connected to that particular interface!

Not surprisingly, they experienced various problems over the next few weeks
due to "the firewall" \-- including breaking the application they used to
provide their vendor remote access for monitoring and maintenance! That had
the biggest impact but there were also various web sites they couldn't access,
they lost the ability to send and receive e-mails from some other
organizations they worked closely with, and so on. Oh, and either Pandora or
Spotify (I don't remember which) also stopped working -- she could deal with
some of the other stuff but the manager of the organization was _NOT_ happy
about that one!

Eventually, a few weeks after the firewall replacement, I was asked to go
investigate the issues they had been experiencing since the new firewall had
been installed, quickly noticed the incorrect configuration on the interface,
and became the hero to everyone (well, except for my $boss, who had to
reimburse them for ~27 hours (IIRC) of on-site time, but that's another
story).

Subnet masks matter!

------
Lammy
Totally unrelated to the actual post and apologies for what is arguably spam,
but I would love to give a shout-out to prgmr for being the best VPS hosting
company I've ever used. I've been with them since early 2011 and run all my
most critical personal services (email, static web, etc) on prgmr machines. I
particularly enjoy how VPS management (including OOB!) is done through SSH
with a pubkey you supply on the billing site:
[https://i.imgur.com/ckRJzDW.png](https://i.imgur.com/ckRJzDW.png)

I don't record any reliability stats, but I can't remember a time one of my
VPSes was down without being announced first. Reboots and downtime do happen
because they are extremely on top of Xen security patches, hardware
maintenance, and everything else. My favorite prgmr email was last year when a
scheduled maintenance got postponed by two days only six hours before it was
planned and they sent me an email _apologizing that my machine wasn 't down_
just in case I had already planned around it:
[https://i.imgur.com/yusTBPG.png](https://i.imgur.com/yusTBPG.png)

Full disclosure: one (only one!) of my prgmr VPSes is billed to me at $0/month
because I helped get FreeBSD Xen/PV running at prgmr way back in the FreeBSD
9.0 days when FreeBSD Xen/HVM was rather unusable. These days PV isn't even an
option (afaict) for prgmr's VPS and the newest HVM-mode FreeBSD is available
straight from them in the management console as a first-class OS alongside
CentOS and friends. If that arrangement ever ends I will immediately switch to
paying for the same machine and wouldn't even consider shopping around first
:)

~~~
jjjbokma
Seconded :-) I have been hosting a forum for a small group of friends since
2004 with them, and more recently (on the same VPS) a tumblelog [0]. Would
certainly recommend them.

[0] [https://plurrrr.com/](https://plurrrr.com/)

------
darren0
I find it a bit surprising that classful networks is not common knowledge. I
guess it's just a sign that times have changed. This was a basic thing I learn
when I first learned about subnets.

~~~
detaro
I find it a bit surprising in how many teaching materials you find it still,
despite being outdated knowledge for a long time now :D

~~~
Lammy
> outdated knowledge

Personally I never totally 'got' CIDR until I went back and learned what it
replaced and why it was needed.

------
sn
TL;DR - we'd like someone to add warnings to ifconfig etc. if no netmask is
supplied. I could do it but don't have the time.

~~~
Lammy
That's not a very good summary at all. Most of the article is on the
history/evolution of Internet addressing.

~~~
iso1631
Either way it's not a story of someone actually building a single broadcast
domain with millions of hosts on

~~~
sn
It's not a summary by number of words, but it if someone doesn't want to read
the article, it's what I want them to be aware of.

It's frustrating the number of silly things you can do at the command line
that persist for backwards compatibility reasons. But we can at least add
warnings for them. It would have been much better for the user to have been
told at the time they failed to add a netmask that they made a mistake. It
would have removed the need for the support ticket entirely (at least, one
hopes so.)

mkswap is another example of this. Karel Zak had thoughtfully added warnings
in swapon already if you enabled swap with insecure permissions
[https://git.kernel.org/pub/scm/utils/util-linux/util-
linux.g...](https://git.kernel.org/pub/scm/utils/util-linux/util-
linux.git/commit/sys-
utils/swapon.c?id=cd04b26bf86d9987554aae02620d8f8172c66e16) but nobody had
bothered to warn at the time the swap file was actually created. So I had
someone add that: [https://git.kernel.org/pub/scm/utils/util-linux/util-
linux.g...](https://git.kernel.org/pub/scm/utils/util-linux/util-
linux.git/commit/disk-
utils/mkswap.c?id=cc706d9f0978c03f730aec627c5b656ee4eec58f)

