Fwd: 41/8 announcement

Joseph S D Yao jsdy at center.osis.gov
Fri May 26 17:29:37 UTC 2006


On Fri, May 26, 2006 at 07:44:04AM -0700, william(at)elan.net wrote:
> 
> 
> On Fri, 26 May 2006, Bill Woodcock wrote:
> 
> >     On Fri, 26 May 2006, Mikisa Richard wrote:
> >   > Can't be sure what they did, but I received an e-mail asking me to 
> >   check
> >   > on my connectivity to them and well, it worked.
> >
> >Presumably they're double-natting.  I had to do that once for Y2K
> >compliance for three large governmental networks that were all statically
> >addressed in net-10 and wouldn't/couldn't renumber in time.  In fact,
> >there were _specific hosts_ which had the same IP address, and _had to
> >talk to each other_.  Gross.  But it can be done.
> 
> Please explain how. I simply can't imagine my computer communicating
> with another one with exactly same ip address - the packet would never
> leave it. The only way I see to achieve this is to have dns resolver
> on the fly convert remote addresses from same network into some other
> network and then NAT from those other addresses.

Here's how with dual proxies.  Presumably dual NATs use multiple IPs
from different parts of the intermediary network.

 proxy1----------------+   +-----------------proxy2
   |.1                 |.1 |.2                 |.1
======= 10.0.0.0/24    ======= x.y.z.0/24   ======= 10.0.0.0/24
   |.15                                        |.15
  host                                       server

If you are using a good mail reader, the above ASCII art will come
through unscathed.  If it does not come through unscathed, you are not
using a good mail reader.  ;-)

net1: 10.0.0.0/24
	host = 10.0.0.15
	proxy1 = 10.0.0.1

net2: x.y.z.0/24 (NOT 10.0.0.0)
	proxy1 = x.y.z.1
	proxy2 = x.y.z.2

net3: 10.0.0.0/24 [it used to belong to the guy down the block but i
		   bought it at a garage sale and had to merge the two
		   networks]
	proxy2 = 10.0.0.1
	server = 10.0.0.15

Host has proxy set to 10.0.0.1.  Rather than resolving "server", it
sends a Web query for "http://server" to 10.0.0.1.  Proxy1 gets it.  It
has been told that "server" is on the other side of proxy2.  Rather than
resolving "server", it forwards the Web query for "http://server" to
proxy2, at x.y.z.2.  Proxy2 breaks this query down, resolves "server"
using _local_ DNS to 10.0.0.15.  Sends the query to server, receives the
response.  Passes the response back to proxy1, which passes it back to
host.

Capisci?

-- 
Joe Yao
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.



More information about the NANOG mailing list