
US DoD starts using 11.0.0.0/8 - plantain
http://mailman.nanog.org/pipermail/nanog/2015-August/078057.html
======
jlgaddis
N.B.: DoD didn't "release" 11/8 in the same way that Interop "released" (i.e.,
gave back to ARIN) 45/8 several years ago [0].

What they did do was start advertising it into the global BGP routing table
(technically, AS23352 did, as the post mentions) -- apparently ~5d6h ago,
according to my routers.

In addition, AS23352 is sending the ("informational") community "23352:41216"
along with this prefix, which means that it was learned by a "customer"
peering session at their Chicago, Illinois, POP:

    
    
      Community: 3356:3 3356:22 3356:100 3356:123 3356:575 3356:2042 23352:41216
    

The other communities attached to this prefix indicate that:

a) ServerCentral is a Level 3 customer, and

b) Level 3 is receiving the announcement from SC in Chicago.

FWIW, I'm receiving the routes via Level 3 peering connections in both Chicago
and Cincinnati, Ohio.

[0]: [http://evilrouters.net/2010/10/20/arin-regains-458-from-
inte...](http://evilrouters.net/2010/10/20/arin-regains-458-from-interop/)

------
devicenull
Releases is not the proper word here. It should be 'US DoD starts using
11.0.0.0/8'. Nowhere in that thread does it say the subnet is being released
back into the generally available pool, just that it's started to be routed.

~~~
dang
Ok, we changed the title to that from "US DoD releases 11.0.0.0/8".

------
endymi0n
Bad news for some ISPs, VPN setups and sysadmins I know who used these
addresses as quasi private IPs (extension of 10.x.x.x), as these were all
unused before...

~~~
Thaxll
What kind of company need more than 16M IPs for private adressing?

~~~
api
It's not just about number of addresses. It's also about preventing conflicts.

Let's say my company uses 10.0.0.0/16\. Now let's say I set up a VPN. Half my
users will be on local networks that are also 10.0.x.x. Fail.

Even worse, let's say my company has two locations and both use 10.0.0.x and
now we want to link them on a common network using a VPN or virtual Ethernet
bridge. Have fun renumbering one of these two sites, or setting up
abominations like internal two-way SNAT/DNAT.

The reason IPv6's address space is so huge is to allow relatively stateless
assignment of addresses with extremely low probability of conflicts. An IPv6
address is basically a UUID. That's going to make lots of things easier and
eliminate the need for a huge number of nasty hacks.

~~~
developer1
"An IPv6 address is basically a UUID."

This is the reason why I can't believe we're not all on IPv6 yet. You would
think that the online advertising industry would have done everything in their
power to push IPv6, at any cost. 90%+ of people on IPv6 will literally have a
unique identifier FOR LIFE on every device they own. Marketers can now
pinpoint down not just to an IP address that identifies a single NAT
interface, but each individual device.

I hope that operating systems and/or routers will provide the option to rotate
each IPv6 address on a routine basis. It would also be nice if ISPs would
rotate the block that is handed out to each customer, but this is unlikely to
happen. Every phone, every tablet, every PC, every thermostat, every door
lock, every fridge... uniquely identifiable from the day it is hooked up to a
network. :(

~~~
jlgaddis
> _I hope that operating systems and /or routers will provide the option to
> rotate each IPv6 address on a routine basis._

This is an issue when using SLAAC, yes, but a workaround ("Privacy
Extensions") were developed years ago; cf. RFC4941 [0].

You can also assign static addresses or use DHCPv6 -- on your own networks, at
least; you obviously can't control how your ISP decides to issue addresses.

[0]:
[https://tools.ietf.org/html/rfc4941](https://tools.ietf.org/html/rfc4941)

------
edwhitesell
I remember working with an airline around '01-'02\. The CTO was very excited
they had migrated all of their network infrastrucutre to new private lines and
gotten off of that "terrible 10-dot network".

I asked which private network they switched to and he said "We switched to
11-dot, because no one else uses it and it'll be unique for the future growth
of our private network."

Needless to say, he was not pleased to learn it was not private, or unique and
was assigned to the DoD.

~~~
icedchai
So this "CTO" had never heard of Whois? I think I first heard of it in 1991.

~~~
edwhitesell
There are still lots of people who have "puppy farm" technical certs. This was
certainly one of them.

------
termain
I wonder if this had an impact on the AT&T backhaul that went wonky today.

~~~
jlgaddis
It's been advertised since (at least) around 1800 GMT last Thursday so I doubt
it's related.

------
api
I wish they hadn't. Anything that prolongs IPv4 use is bad.

------
shrineOfLies
yaay! more IP addresses for all!

------
workworksleep
The problem with ipv6 is that it doesn't consider that people are still
remembering and typing ip addresses everyday. IPv6 is more effort on the mind
and hand.

A shorthand version would be better.

Ideally if the router ip address is 1, Subnet would be 1.0/24, Client 1.2

Client IP: 1.1

Router: 1

Subnet: 1.0/24

Gateway: 1

I'm too lazy for ipv6. Nothing to celebrate about ipv6 except for a bigger
pool and some other minor +.

~~~
SG-
What are you talking about? Users aren't entering IPs for anything other than
maybe custom DNS servers. Unless you mean 'advanced' users that set up static
machines?

Either way if those users want routable IPs going forward and not be stuck
behind CGNAT then they'll have to use their brains and learn something new.

The truly lazy people like yourself and remain in some sort of segmented
Internet I suppose.

~~~
vog
I agree with you, except for this part:

 _> The truly lazy people like yourself and remain in some sort of segmented
Internet I suppose._

That last sentence doesn't add anything to the conversation. Your comment
wouldn't lose anything by removing that.

Also, this one:

 _> they'll have to use their brains and learn something new_

could have been simply written as follows, again without losing anything:

 _> they'll have to learn something new_

~~~
simoncion
The last sentence echoes the OP's last sentence, which was as follows:

> I'm too lazy for ipv6. Nothing to celebrate about ipv6 except for a bigger
> pool and some other minor +.

Symmetrical construction is nice. :)

Additionally, it's pretty appropriate to say:

> Either way if [advanced users who are setting up static, globally routable
> IPs for machines] want routable IPs going forward and not be stuck behind
> CGNAT then they'll have to use their brains and learn something new.

Any sysadmin who is configuring a server that requires a globally routeable IP
is _expected_ to use his brain. Moreover, he will be expected to have to use
that brain to learn new things from time to time, lest his systems become
crusty and unmaintained.

There are _many_ things that can go wrong when you configure a machine as an
Internet peer. _Some_ amount of savvy and smarts is required.

~~~
vog
_> The last sentence echoes the OP's last sentence, which was as follows_

Good point. But I found the OP's statement inappropriate, either.

 _> Any sysadmin who is configuring a server that requires a globally
routeable IP is expected to use his brain_

Everyone is expected to use their brain. Implying that somebody doesn't use
their brain is dehumanizing.

That kind of isults should have no place on HN.

~~~
simoncion
> Good point. But I found the OP's statement inappropriate, either. [sic]

OP (workworksleep) was calling _himself_ lazy. You consider it inappropriate
to call oneself lazy?

> Everyone is expected to use their brain.

If you work in a technical field, and have _not_ had the inhuman good fortune
of never working with C or D players, you will know that some sorts of people
will -not infrequently- fail to meet expectations by failing to engage their
brain. This isn't an insult, it's a statement of fact.

A Comp Sci student who requests that others write his 1xx or 2xx level
homework for him would be quite rightly accused of not using his brain.

Hell, on my worst days, I've failed to use my brain and spent 8+ hours writing
code that was -at best- hilariously roundabout and overly complex or -at
worst- didn't even solve the problem I had intended to solve. When reviewing
days like that, I openly admit to not using my brain and accept the shame and
wasted effort that came from my failure.

What would you call a network administrator who knew IPX/SPX inside and out
but refused to learn IP networking, declaring -like workworksleep did in his
OP- that he was "too lazy" to do so and that there wasn't enough benefit to
overcome his laziness?

~~~
vog
I guess my criticism went slightly over the top.

Indeed, "use your brain" is not an insult if you say that to people you know
pretty well, especially if they just did something extremely stupid that was
easily avoidable.

However, I still find it inappropriate to say that to strangers on the
internet which you don't know. Of course you can try to extract a lot of
character information out of a single sentence that somebody said, but the
error rate is quite high.

------
gnu8
Why is the US DoD permitted to own a /8? They are the greatest force against
peace and for suffering the world has ever known. Their robots kill civilians
daily and they have compromised the security of the Internet for the sole
purpose of expanding and maintaining their power. Every ISP has a duty to
block traffic to and from 11/8 until such a time as the DoD relinquishes it to
the proper authorities for distribution to legitimate users.

~~~
yincrash
Are you aware that the Internet evolved out of a connection of academic
institutions with the DoD's network as the backbone? The DoD was literally the
first implementators of TCP/IP as well as where the research was started and
funded. Vint Cerf was a DARPA manager.

