Internal IP Range
-
There's only a word missing.
And a superfluous apostrophe.
And the use of the phrase IP address instead of CIDR ranges.
-
And a superfluous apostrophe.
I'd missed that.And the use of the phrase IP address instead of CIDR ranges.
Is CIDR IP Address not an acceptable term?
It's not the term I'd use but plenty of the network guys here do so I've always assumed it's valid.
-
-
Noted.
-
Good news everyone! I'll be migrating our entire network out of the 6 range and into the 10 range!
Bad news everyone! I've got to migrate our entire network out of the 6 range and into the 10 range!This was prompted by us installing meraki into a new site and the thing refusing to route anything to 6. because its own management network is... 6.0.0.0/8.
So the next 12 months will be fun but, and keep it under your hats, hopefully I won't be here then.
-
@Boner said in Internal IP Range:
Good news everyone! I'll be migrating our entire network out of the 6 range and into the 10 range!
Bad news everyone! I've got to migrate our entire network out of the 6 range and into the 10 range!This was prompted by us installing meraki into a new site and the thing refusing to route anything to 6. because its own management network is... 6.0.0.0/8.
So the next 12 months will be fun but, and keep it under your hats, hopefully I won't be here then.
So a collision of WTFs, then?
That said, I work for a firewall vendor, and we often have customer configs in, and I've found people using 1.1.1.1 as an IP address on the link between the two machines in a redundant cluster. (Actually assigned to a service provider in Australia.)
Or 192.1.1.1, which belongs to Bolt, Beranek, and Newman.
-
@Steve_The_Cynic
Most uses of 1.1.1.1 can be blamed on Cisco and their tendency to use non-RFC1918 addresses in their documentation. And it's not like it's strictly legacy documentation either; they still do it with new documentation from time to time.
-
@izzion Yes, we've Cisco kit on 1.1.1.1 and 2.2.2.2
@Steve_The_Cynic said in Internal IP Range:
192.1.1.1
-
@Boner said in Internal IP Range:
@izzion Yes, we've Cisco kit on 1.1.1.1 and 2.2.2.2
@Steve_The_Cynic said in Internal IP Range:
192.1.1.1
Yeah, I'll give them that. It's still ... suboptimal ..., although I doubt that BBN actually has a machine on that address.
-
@Boner nice, you avoid conflicts with all that routers and vpns that use standars IPs
Did it got you any negative consequence, despite not being able to connect with the DOD?
-
@wharrgarbl Not really. A few raised eyebrows whenever we worked with external suppliers. There's this thing with Meraki that's an issue but that's more of a nuisance that a showstopper at the moment.
-
@Boner are you certain you're not just a facade for som
-
@Boner said in Internal IP Range:
The plan is to shift everything over the 10. range, but that's been the plan for 5 years
I'm in that state right now, is it as easy as reassignment the dhcp pool and fixing up the static addresses?
-
@Tsaukpaetra said in Internal IP Range:
fixing up the static addresses?
Yeah, if only that were easy. I'd guess that there're a bunch of pages and apps that use hardcoded static IP addresses instead of URIs that need to be adjusted.
-
@Tsaukpaetra
In general the big ugly winds up being printers. Especially because people don't use the print server (and/or the print server is completely dorked up) so you wind up having to update hundreds of desktops to be able to print again.If DNS (or, God help you, WINS) isn't working right, you can also get some fun where you lose computer-to-computer name resolution because the updated IPs don't get auto-registered... and/or people have HOSTS file entries that you didn't know about ahead of time that naturally don't get updated and make your troubleshooting about 10000000% more difficult than it needs to be.
-
@djls45 said in Internal IP Range:
@Tsaukpaetra said in Internal IP Range:
fixing up the static addresses?
Yeah, if only that were easy. I'd guess that there're a bunch of pages and apps that use hardcoded static IP addresses instead of URIs that need to be adjusted.
We're small enough (now) that that isn't a problem. Yet.
Only four computers (that aren't technically servers in their own right) are being addressed by IP, one of which can't be renamed on the domain because it can't talk the the domain server it's hosting on itself (in a VM).
-
@izzion said in Internal IP Range:
@Tsaukpaetra
In general the big ugly winds up being printers. Especially because people don't use the print server (and/or the print server is completely dorked up) so you wind up having to update hundreds of desktops to be able to print again.If DNS (or, God help you, WINS) isn't working right, you can also get some fun where you lose computer-to-computer name resolution because the updated IPs don't get auto-registered... and/or people have HOSTS file entries that you didn't know about ahead of time that naturally don't get updated and make your troubleshooting about 10000000% more difficult than it needs to be.
Luckily we have only one printer. But the DNS registration could definitely be an issue.
-
@Tsaukpaetra We've 8 sites, 500 pcs, 200 servers etc etc.
Dchp and re-ip'ing static devices is the easy bit. I'm dreading the routing though, especially as we're looking to beef up security with vlans / ACLs (ie actually having some). The worst bit is the unknown unknowns, hard coded addresses particularly in the legacy stuff.
-
@Boner said in Internal IP Range:
beef up security with vlans / ACLs (ie actually having some).
Yeah, that's in two years if this all goes well...
-
@Boner said in Internal IP Range:
Are we a WTF?
For reasons that are lost to us, because, thankfully, the people who made this decision no longer work for us, our internal network was implemented using the 6.0.0.0/8 IP range.
Yes.