Internal IP Range



  • Are we a WTF?

    For reasons that are lost to us, because, thankfully, the people who made this decision no longer work for us, our internal network was implemented using the 6.0.0.0/8 IP range. This is the range, as you may know, reserved for use by the US DoD. That means that if I use Geotool on an intranet site I get this:

    Which is quite impressive as we're in the UK. We get contractors and support bods in quite often and when we give them the IP address of the box they're working on their reaction is usually

    :wtf: Why?

    And to be honest that was my response when I started working here. The plan is to shift everything over the 10. range, but that's been the plan for 5 years and it'll probably never get done now. We're just sitting tight hoping not to get invaded.



  • Shouldn't the Geotool detect your external IP?
    Or are you manually entering the IP address into it?



  • It's a firefox plugin rather than a website so it does a lookup on the client side info.



  • Ah, gotcha.


  • SockDev

    @Boner said:

    reserved for use by the US DoD

    should be interesting if you ever have a legitimate business reason to want to talk to a DoD server....



  • Extremely unlikely, but you never know...


  • SockDev

    @Boner said:

    Extremely unlikely

    we had a famous last words thread around here somwehere didn't we? where did it go? :-P



  • Companies doing things like this is why a few chunks of 1.0.0.0/8 can't be used. Iirc 1.2.3.0/24 and 1.1.1.0/24 are the main offenders. When they were writing rfc 1918 why did they choose 10 over 1, anyway?


  • area_deu

    I work at a place that uses 19‌8‌.* for internal IP addresses ...



  • @Zemm said:

    why did they choose 10 over 1, anyway?

    Good question.

    @aliceif said:

    I work at a place that uses 19‌8‌.* for internal IP addresses ...

    Is it the full 198.0.0.0/8? Because the wiki below gives a couple of obscure 198 ranges that are reserved.


  • area_deu

    198.200.0.0/16, I think?



  • @Zemm said:

    why did they choose 10 over 1, anyway?

    Here's a map of the Internet in 1982. (from here)

    ARPA owned network 10, so they could make decisions for it. BBN had network 1.



  • Well at least we're semi-sane at my work:

    • 172.16/12 (assigned by sysadmins) for intranet and other internal purposes,
    • 10/8 (assigned by me) for our company access to projects and
    • 192.168/16 (project engineer discretion) duplicated across projects for internal project use.

    I did make a minor wtf before we started using the 10/8 in general, and wasted a few /16's on an earlier project when a single /22 would have sufficed - think I've managed to convince the project to switch to a saner scheme.



  • @Jaime said:

    Here's a map of the Internet in 1982. (from here)

    That says it's a prototype.

    That says 1.0.0.0/8 was reserved in 1981 - was ARPANET that required to use their own network for the RFC?

    When I first started going to LANs we used 1.1.1.0/24 which I changed to 10.1.1.0/24 fairly quickly, even though it was years before APNIC was allocated that block.



  • @PJH said:

    KISS stands for 'keep it simple, stupid,' not 'keep it stupid, simple.'

    :laughing:



  • Well... quite. Not one of his brighter moments.



  • @PJH said:

    Well at least we're semi-sane at my work:

    172.16/12
    10/8
    192.168/16

    The entire RFC1918 range? :)

    At my work we use 192.168.1.0/24 for the office LAN but that certainly is already running out with a few dozen employees: think PC, IP phone, mobile phone, laptop/tablet that almost everyone has, plus the other office things (dev servers, printers, chromecasts, access points, etc)

    The production server cluster network uses a few /24s in 192.168/16 and 10/8 (plus there's a few /24s of public IPs floating around)

    or any of the 10/8 subnets that the mobile carriers, in various countries, use that could likewise potentially break connectivity.

    My mobile phone cellular IP address was 10.70.112.x. I reconnected and got 10.64.13.x. ADSL systems here used to use IPs in 172.16/12. The PtP IP address on my home broadband is 10.20.21.x (the IP address on my end is a proper public address). My home IP range is 192.168.0/24. I used 10.169.42/24 for a while, when I was part of a wireless mesh network. How could you possibly expect to not have clashes here?

    On the mobile phone I have seen an IP address in the 100.64/12 range but that was not my usual network. At least this is what is meant to be used for carrier NAT. I know Optus gave out public IP addresses until mid-2012.



  • @Zemm said:

    The entire RFC1918 range? :smile:

    Well, yes. For different purposes, hence the different departments being responsible for allocation. Keeps things saner than divvying up only one of them.

    There was some talk of using 240/4 for (internal-project use on) one project since they wanted a large range and for some reason 192.168/16 wasn't big enough for them (don't ask - I don't know, and don't want to,) but it was noticed that the Windows boxes on there wouldn't be happy using it, so we basically reserved 10.128/9 for them, and by-and-large I keep most other relevant stuff out of that CIDR range.

    @Zemm said:

    My mobile phone cellular IP address was 10.70.112.x. I reconnected and got 10.64.13.x. ADSL systems here used to use IPs in 172.16/12. The PtP IP address on my home broadband is 10.20.21.x (the IP address on my end is a proper public address). My home IP range is 192.168.0/24. I used 10.169.42/24 for a while. How could you possibly expect to not have clashes here?

    The only ones I've blocked out so far for allocation to projects are 10.16/16 and 10.17/17 ( :wtf: ) for m2mdata for EE - we've generally had no problems with clashes with mobile networks otherwise.



  • What, no one is going to chime in with, "Well at my company, we use 169.254.*!"?



  • Yes. Someone is. His name is Magus. He enjoys making really lame jokes, apparently, before anybody else can make the same really lame joke.



  • I genuinely want to see someone say that, because it'd be one of the most colossal :wtf:s this place has ever seen.



  • @Magus said:

    I genuinely want to see someone say that,

    You already said it. Like two posts ago.

    Am I the one speaking martian moon language now?

    @Magus said:

    because it'd be one of the most colossal s this place has ever seen.

    Yeah, I agree.



  • @Magus said:

    What, no one is going to chime in with, "Well at my company, we use 169.254.*!"?

    Since I'm obviously whooshing... (I don't pay attention to ip ranges), what is the joke?

    Considering (from ipconfig):

    Ethernet adapter VMware Network Adapter VMnet1:
    
       Connection-specific DNS Suffix  . :
       Link-local IPv6 Address . . . . . : fe80::fd77:4aa2:7aa8:95a6%34
       Autoconfiguration IPv4 Address. . : 169.254.149.166
       Subnet Mask . . . . . . . . . . . : 255.255.0.0
       Default Gateway . . . . . . . . . :
    

  • SockDev



  • Wait, what really? You don't have routers where you work? Windows is doing your DHCP?



  • That's a VMware virtual adapter, presumably that isn't the actual adapter he uses to connect to that network.



  • @dcon said:

    Since I'm obviously whooshing... (I don't pay attention to ip ranges), what is the joke?

    Simplistically, that range is used as a pseudorandom pool to select an IP address from if there isn't a dhcp server answering queries.

    A dhcp server shouldn't be handing that range out, nor should devices be hardcoded to use an address in that range.



  • @loopback0 said:

    That's a VMware virtual adapter, presumably that isn't the actual adapter he uses to connect to that network.

    Exactly (I have VMware Workstation installed). Just grabbed the one entry from the 15 ipconfig spewed.

    I'm in a 10/24 range - no idea what the entire range the company uses... Probably 10/8 since what looks like the VPN connection is in a different 10.x segment (with a subnet mask of 255.255.255.255)



  • I know that range well, because my friends and I used to host ad-hoc wireless networks at uni to play lan games on occasion (the feature I was most unhappy to see removed from 8. The similar things you can do are really weird.). If one were to see it on a company network, one's best move would be to initiate a tactical retreat with maximum haste.



  • @dcon said:

    Since I'm obviously whooshing... (I don't pay attention to ip ranges), what is the joke?

    There isn't one.


  • Discourse touched me in a no-no place

    @blakeyrat said:

    Am I the one speaking martian moon language now?

    Which moon?



  • @FrostCat said:

    Which moon?

    Doesn't matter, they all pay the same.


  • Discourse touched me in a no-no place

    @blakeyrat said:

    Doesn't matter, they all pay the same.

    But do they speak the same?



  • @FrostCat said:

    Which moon?

    That's no moon...


  • SockDev

    welp. there goes the planet.

    been nice knowin' y'all. i die happy in the knowledge that some jedi, somwhere will feel a great disturbance in the force.



  • So that's what Batman was talking about at the beginning of that trailer...


  • SockDev

    @accalia said:

    welp. there goes the planet.

    And we didn't even succeed in taking it over first… :cry:


  • Discourse touched me in a no-no place

    @accalia said:

    welp. there goes the planet.

    Mars' disappearance doesn't bother me too much, except it's probably a better long-term destination than the Moon.



  • Maybe you're a secret US DoD defence contractor and you didn't even know it.


  • Discourse touched me in a no-no place

    @Boner said:

    We're just sitting tight hoping not to get invaded.

    You'll be fine. They'll invade you by going to Tuscon…


  • mod

    We use:

    • 10.10.0/20 for internal-only systems, with subdivision by physical location. So 10.10.6/24 is our corporate office, 10.10.10/24 is our data center, and so on.
    • 172.16/16 for externally facing servers. These servers are in our datacenter on a firewalled portion of our network.


  • @PJH said:

    10.17/17

    Is that documented somewhere or have you just been lucky so far to not have any addresses with the 16th bit set?


  • area_deu

    You should first go to Phobos and Deimos, though.



  • @aliceif said:

    Phobos and Deimos

    We are Doomed!



  • @ben_lubar said:

    Is that documented somewhere or have you just been lucky so far to not have any addresses with the 16th bit set?

    Had a look - it was a forwarded email from bcr.wholesaletelemetry(at)ee.co.uk dated 18 March 2013:

    ###IP Expansion for m2mdata APNs

    Recent monitoring of the m2mdata APN has indicated a need to increase the associated IP pool in order to maintain a good service. We will be expanding the m2mdata APN range on our core network equipment (GGSN’s). The change will NOT be service impact and will enable us to expand the IP pools creating higher data session availability.

    ###How this affects you

    You will need to update your systems with all the new private IP’s listed below.

    Please note if the modifications are not made to your systems there is a risk that your service may suffer impairment or stop working as a result of being provided with one of the new IP addresses.

    Please can you update your system with the following 6 IP address’ ASAP:

    10.16.0.0/18
    10.17.0.0/18
    10.17.64.0/18
    10.16.64.0/18
    10.16.128.0/18
    10.16.192.0/18



  • @PJH said:

    the following 6 IP address’

    There are like fifty things wrong with this phrase.



  • @ben_lubar said:

    fifty things wrong

    fifty shades of wrong



  • @Luhmann said:

    @ben_lubar said:
    fifty things wrong

    fifty shadessubnets of wrong

    ­



  • I just visited those over the weekend. Now I'm visiting Mars itself.



  • @ben_lubar said:

    There are like fifty things wrong with this phrase.

    There's only a word missing.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.