[NANOG] US DoD receives chunked IPv6 /13 (14x /22 but not totally consecutive)
cdl at asgaard.org
Fri May 16 13:15:17 CDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Not to address the political issues here (which are deep, wide, and
WAY too much of a black-hole), remember, that the DoD is not a single
organization from a networking perspective. There are a number of
different organizations within that structure, all of which may, or
may not, want to announce separately, maintain their own external
links, etc. Those boundaries can be on a service level (USAF vs USN),
geographical level (Southern Command vs. Northern Command), etc.
My guess is that they don't want to be tied to only announcing a
single /13. Each of those organizations is bigger than a lot of
service providers out there...
As for why so many addresses - consider a networked ship (where
everything has an address), soldier (each soldier having one or more
addresses), battlefield sensors, etc. With stateless autoconf, that
can add up fairly quickly (depending on network topology).
Lastly, If you honestly think that any entity (government or non-
government) would launch an offensive cyber-attack from their own
address space... never mind....
On 16 May 2008, at 10.58, Dorn Hetzel wrote:
> Perhaps it is an attempt to make their address space so sparsely
> that it's close to impossible to find a host without knowing it's
> address in
> the first place?
> On Fri, May 16, 2008 at 1:09 PM, Jeroen Massar <jeroen at unfix.org>
>> Hi folks,
>> As everybody is a big fan of securing their networks against foreign
>> attacks, be aware that the US DoD has been assigned 14 /22's, IPv6
>> is, not IPv4, they all come from a single IPv6 /13 though, which is
>> they apparently asked for in the beginning, at least that was the
>> well they got what they wanted.
>> I've recorded it into GRH as a single /13 though, as that is what
>> it is,
>> and I am not going to bother whois'ing and entering the 14 separate
>> entries there, as that is useless, especially as they will most
>> never appear in the global routing tables anyway.
>> Depending on your love for the US, you might want to add special
>> in your network to be able to easily detect Cyber Attacks and other
>> things towards that address space, to be able to better serve your
>> country, may that be the US or any other country for that matter.
>> I am of course wondering why ARIN gave 1 organization 14 separate /
>> even though they are recorded exactly the same, just different
>> and netnames and it is effectively one huge /13. They could easily
>> been recorded as that one /13, it is not like eg Canada (no other
>> countries that fall under ARIN now is there) will get a couple of the
>> chunks of remaining space in between there. By assigning them
>> /22's, they effectively are stating that it is good to fragment the
>> address space and by having them recorded in whois, also that
>> more specifics from that /13 is just fine.
>> The other fun question is of course what a single organization has
>> to do
>> with (2^(48-13)=) 34.359.738.368, yes indeed, 34 billion /48's which
>> cover 2.251.799.813.685.248 /64's which is a number that I can't even
>> pronounce. According to Wikipedia the US only has a mere population
>> 304,080,000, that means that every US citizen can get a 1000+ /48's
>> their DoD, thus maybe every nuclear warhead and every bullet is
>> their own /48 or something to be able to justify for that amount of
>> address space. At least this gives the opportunity to hardcode that
>> block out of hardware if you want to avoid it being ever used by the
>> publicly known part of the US DoD. I wouldn't mind seeing the request
>> form that can justify this amount of address space though, must be
>> a lot
>> of fun.
>> Now back to your regular NANOG schedule....
>> (who will hide himself in a nice Swiss nuclear bunker till the flames
>> are all gone ;)
>> 1) http://en.wikipedia.org/wiki/United_States
>> which points to: http://www.census.gov/population/www/popclockus.html
>> NANOG mailing list
>> NANOG at nanog.org
> NANOG mailing list
> NANOG at nanog.org
Check my PGP key here:
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the NANOG