Whoa; the 3 network?

Randall Pigott nanog at pigott.net
Wed Dec 24 02:02:35 UTC 1997

At 06:11 PM 12/23/97 +0000, some abusive halfwit wrote:
>GE is heavily firewalled; i'm not suprised you didn't get any 
>stupid experiment, really.

And a stupid comment, really.  No wonder GE no longer wants his services.

Look, gang, the reason to do a public ping is that in the last analysis, GE
only needs public IP addresses for those infrastructure machines that need
public exposure and contact with the public internet.  Granted, there are
some exceptions.  However, a ping -a should bring up at least every valid
router on their network that sits in front of a firewalled virtual private
network element, plus the firewall host itself.  Most everything else sits
behind a firewall.  By definition, then, those machines can and should be
proxied for external public internet connections and can use private
network numbers.  Those that are not behind the proxy and firewall can keep
their public numbers.  Despite transit across segments of the public
internet, as Mr. Bono of GE so rightly pointed out, only the machines
exposed to the public internet need public numbers.  The goal here is only
to find publicly pingable IPs in use, not to count all hosts behind firewalls.

So much for the ex-GE contractor.  It is apparent that GE had no more use
for his comments than I do, since he is proud to still be able to at least
call himself an ex-GE contractor.

Mr. Bono, on the other hand, did state useful facts.  He is a part of GE,
and thus is limited to only pointing out facts that serve GE interests.
What he did not point out is that number of employees <> number of needed
public static IP addresses.  First, the majority of GE employees are
blue-collar clock-punchers in factories both in the US and especially
overseas.  They are not allowed time by the assembly line supervisors for
internet access even if they did have the knowledge and desire to establish
a permanent presence on the public internet.  Second, assume for the moment
that leaves maybe 300,000 or those 1.7 million workers eligible for having
a white collar AND an office AND a desk with a static address PC on it.
How many of these pee cees really have direct exposure to the public
internet and are NOT behind a firewall?  The one useful comment Mr. Ex-GE
Contractor came up with is that GE is heavily firewalled.  That means less
than 5 percent or so actually see the internet without the blockage of a
firewall.  Those 5 percent or less are predominantly small offices with
small one-segment LANs that do not need a firewall and do not justify a
full period private leased line.  Of course, back when there *was* a GEIS
doing a viable public dial-in ISP business, all that was different.  But no
more.  So let's say less than 60,000 static public IPs are needed for the
entire 1.7 million employee GE.  That is being generous, BTW.

How then can you justify needing more than a single Class-B, or at most two
or three worldwide?  Only if you admit you use it inefficiently.  You
cannot convincingly argue that a heavily-firewalled corp needs 100 percent
public IPs behind that proxy firewall.  Equally, there is no defensible
position from which to argue that those users cannot be proxied for
virtually all external access from behind that firewall.  Sure, if done all
at once this would be a time-intensive renumbering process, but other major
corps have completed renumbering plans within their normal pee cee
workstation refresh cycles and have done so at minimal additional marginal
cost over a 12 to 18 month period.  GE should not be so bloated and
ineffective that their IT staff cannot follow the lead of other corps and
do this for the public good.

I challenge GE to say that this is not so, and provide pertinent and
defensible facts and figures to back it up.  I believe that if the truth
were know, Jack Kelly and gang are guilty of definitely warehousing
hundreds of thousands and almost certainly millions of unneeded public IP
addresses because they think they can get away with it and for no other
reason.  We through ARIN and others should be reallocated this address
space for the public use of our subscribers.

OK, even though the horse ran away long ago, that's a good tilt at a
windmill anyway for ya........Happy Holidays to ALL


More information about the NANOG mailing list