Fwd: 41/8 announcement
Joseph S D Yao
jsdy at center.osis.gov
Fri May 26 17:29:37 UTC 2006
On Fri, May 26, 2006 at 07:44:04AM -0700, william(at)elan.net wrote:
>
>
> On Fri, 26 May 2006, Bill Woodcock wrote:
>
> > On Fri, 26 May 2006, Mikisa Richard wrote:
> > > Can't be sure what they did, but I received an e-mail asking me to
> > check
> > > on my connectivity to them and well, it worked.
> >
> >Presumably they're double-natting. I had to do that once for Y2K
> >compliance for three large governmental networks that were all statically
> >addressed in net-10 and wouldn't/couldn't renumber in time. In fact,
> >there were _specific hosts_ which had the same IP address, and _had to
> >talk to each other_. Gross. But it can be done.
>
> Please explain how. I simply can't imagine my computer communicating
> with another one with exactly same ip address - the packet would never
> leave it. The only way I see to achieve this is to have dns resolver
> on the fly convert remote addresses from same network into some other
> network and then NAT from those other addresses.
Here's how with dual proxies. Presumably dual NATs use multiple IPs
from different parts of the intermediary network.
proxy1----------------+ +-----------------proxy2
|.1 |.1 |.2 |.1
======= 10.0.0.0/24 ======= x.y.z.0/24 ======= 10.0.0.0/24
|.15 |.15
host server
If you are using a good mail reader, the above ASCII art will come
through unscathed. If it does not come through unscathed, you are not
using a good mail reader. ;-)
net1: 10.0.0.0/24
host = 10.0.0.15
proxy1 = 10.0.0.1
net2: x.y.z.0/24 (NOT 10.0.0.0)
proxy1 = x.y.z.1
proxy2 = x.y.z.2
net3: 10.0.0.0/24 [it used to belong to the guy down the block but i
bought it at a garage sale and had to merge the two
networks]
proxy2 = 10.0.0.1
server = 10.0.0.15
Host has proxy set to 10.0.0.1. Rather than resolving "server", it
sends a Web query for "http://server" to 10.0.0.1. Proxy1 gets it. It
has been told that "server" is on the other side of proxy2. Rather than
resolving "server", it forwards the Web query for "http://server" to
proxy2, at x.y.z.2. Proxy2 breaks this query down, resolves "server"
using _local_ DNS to 10.0.0.15. Sends the query to server, receives the
response. Passes the response back to proxy1, which passes it back to
host.
Capisci?
--
Joe Yao
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
More information about the NANOG
mailing list