The Department of Work and Pensions, UK has an entire /8
stephen at sprunk.org
Fri Sep 21 20:21:01 UTC 2012
On 20-Sep-12 20:51, George Herbert wrote:
> On Thu, Sep 20, 2012 at 5:13 PM, Stephen Sprunk <stephen at sprunk.org>
>> Actually, they're not any different, aside from scale. Some
>> private internets have hundreds to thousands of participants, and
>> they often use obscure protocols on obscure systems that were
>> killed off by their vendors (if the vendors even exist anymore) a
>> decade or more ago, and no source code or upgrade path is
>> The "enterprise" networking world is just as ugly as, if not
>> uglier than, the consumer one.
> I haven't worked much on the commercial private internets, but I did
> work for someone who connected on the back end into numerous telco
> cellphone IP data networks.
> For all of those who argue that these applications should use 1918
> space, I give you those networks, where at one point I counted
> literally 8 different 10.200.x/16 nets I could talk to at different
> partners (scarily enough, 2 of those were "the same company"...).
> And hundreds and hundreds of other space conflicts.
That's all? I consulted for one customer that had several (six?
eight?) instances of 10/8 within their own enterprise, simply because
they needed that many addresses. That doesn't include the dozens of
legacy /16s they used in their data centers--plus the hundreds of legacy
/24s they used in double-sided NAT configurations between them and
various business partners, COINs, etc.
Yet all that was exposed to the consumer internet was a couple of /24s
for their web servers, email servers and VPN concentrators.
> Yes, you can NAT all of that, but if you get network issues where
> you need to know the phone end address and do end to end debugging
> on stuff, there are no curse words strong enough in the English
That's the truth. To get from a credit card terminal to the bank
involved _at least_ three layers of NAT on our side, and I don't know
how many layers of NAT there were in total on the bank's side, but it
was at least two.
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2312 bytes
Desc: S/MIME Cryptographic Signature
More information about the NANOG