DoD gives away 11.0.0.0/8

dlots · August 03, 2015, 08:59:10 AM

Apparently the DoD gave away their 11.0.0.0/8, more info below.

https://www.reddit.com/r/networking/comments/3fdia9/did_the_dod_really_transfer_a_8/

deanwebb · August 03, 2015, 10:16:22 PM

Wow... that's a big ol' network there...

srg · August 04, 2015, 07:17:52 AM

Good to get a reminder of why I never read Reddit. http://mailman.nanog.org/pipermail/nanog/2015-August/078065.html

Nerm · August 04, 2015, 07:24:31 AM

They probably just figured since there are so many IPv4 addresses out there that there was no need to keep a /8. It isn't like anyone is ever going to run out of IPv4 addresses.

routerdork · August 04, 2015, 08:30:49 AM

I'm wondering if these are because DoD has some new deal with Server Central or if they actually now own this block. Reminds me of several years back when Nortel and Borders' IP's were up on the market and the whole deal about ownership and assets came up. My personal opinion is that these types of things should go back into the regional pool. Would be good on Server Central if they do own this /8 to give up all their other blocks after they convert over.

LynK · August 04, 2015, 10:55:27 AM

I love the "we are running out of IPs".... I go to ARIN and I can purchase a /24 for a couple hundreds of dollars....

Otanx · August 04, 2015, 12:33:01 PM

Quote from: LynK on August 04, 2015, 10:55:27 AM
I love the "we are running out of IPs".... I go to ARIN and I can purchase a /24 for a couple hundreds of dollars....

You do realize it isn't quite that easy? There is a bunch of usage requirements you have to meet as well as just giving them money. There are only 233 /24s left so pretty soon you won't have that option at all. If you want a /8 like the DoD block being discussed you can't go to ARIN (or any RIR). They don't have that much. You can either wait for someone to give up space, or buy the space from someone. Even if you buy the space from someone else you still have to meet some ARIN requirements for them to transfer the addresses.

-Otanx

LynK · August 04, 2015, 12:50:57 PM

Quote from: Otanx on August 04, 2015, 12:33:01 PM
Quote from: LynK on August 04, 2015, 10:55:27 AM
I love the "we are running out of IPs".... I go to ARIN and I can purchase a /24 for a couple hundreds of dollars....

You do realize it isn't quite that easy? There is a bunch of usage requirements you have to meet as well as just giving them money. There are only 233 /24s left so pretty soon you won't have that option at all. If you want a /8 like the DoD block being discussed you can't go to ARIN (or any RIR). They don't have that much. You can either wait for someone to give up space, or buy the space from someone. Even if you buy the space from someone else you still have to meet some ARIN requirements for them to transfer the addresses.

-Otanx

While that is true, there are many large organizations which have almost entirely adopted IPv6. I realistically only see a need of government organizations need to fully integrate IPv6 on a global scale.

We will be ipv6 migrated... but i doubt it will be during our lifetimes.

https://www.google.com/intl/en/ipv6/statistics.html

https://www.usenix.org/legacy/events/lisa11/tech/full_papers/Babiker.pdf

deanwebb · August 04, 2015, 10:51:36 PM

We just assign everyone 192.168.0.2, default gateway 192.168.0.1, and then NAT like hell.

LynK · August 05, 2015, 02:07:13 PM

Quote from: deanwebb on August 04, 2015, 10:51:36 PM
We just assign everyone 192.168.0.2, default gateway 192.168.0.1, and then NAT like hell.

what about VPNs? You cant double nat a VPN. Right?

Reggle · August 05, 2015, 03:56:13 PM

Quote from: LynK on August 05, 2015, 02:07:13 PM
Quote from: deanwebb on August 04, 2015, 10:51:36 PM
We just assign everyone 192.168.0.2, default gateway 192.168.0.1, and then NAT like hell.

what about VPNs? You cant double nat a VPN. Right?

You totally can. But many other things will eventually break of course.

LynK · August 06, 2015, 07:52:39 AM

Quote from: Reggle on August 05, 2015, 03:56:13 PM
Quote from: LynK on August 05, 2015, 02:07:13 PM
Quote from: deanwebb on August 04, 2015, 10:51:36 PM
We just assign everyone 192.168.0.2, default gateway 192.168.0.1, and then NAT like hell.

what about VPNs? You cant double nat a VPN. Right?
You totally can. But many other things will eventually break of course.

Hm... i could have sworn I read somewhere's about when you have multiple NATs that the return packets cannot find their way back to the original host or something along those lines. (referring to PATs explicitly here... static nat does not apply to this convo as it is 1 to 1.)

deanwebb · August 06, 2015, 11:32:32 AM

Quote from: LynK on August 05, 2015, 02:07:13 PM
Quote from: deanwebb on August 04, 2015, 10:51:36 PM
We just assign everyone 192.168.0.2, default gateway 192.168.0.1, and then NAT like hell.

what about VPNs? You cant double nat a VPN. Right?

In my fantasy scenario described above, we don't use VPNs. We just have a Navajo code talker assigned to every remote worker.

Dieselboy · August 11, 2015, 02:22:13 AM

Quote from: LynK on August 04, 2015, 10:55:27 AM
I love the "we are running out of IPs".... I go to ARIN and I can purchase a /24 for a couple hundreds of dollars....

Try and do that in the UK and you'll likely be turned away though. Even if you have valid reasons, they're quite strict.

Nerm · August 11, 2015, 08:31:16 AM

Quote from: LynK on August 05, 2015, 02:07:13 PM
Quote from: deanwebb on August 04, 2015, 10:51:36 PM
We just assign everyone 192.168.0.2, default gateway 192.168.0.1, and then NAT like hell.

what about VPNs? You cant double nat a VPN. Right?

I once had to deal with a small town wireless ISP that by the time the "Internet" reached their customer networks it was double NAT'ed including the NAT on the customer edge. Not only did everything work fine the VPN we were setting up for them worked fine as well. Had to help the wireless ISP's "engineers" get the 1:1 internal NAT setup that we needed. That was also the day I backed off hating on NAT so much. My thought was it can't be that evil if this crap is working lol.