The Department of Work and Pensions, UK has an entire /8

Stephen Sprunk stephen at
Fri Sep 21 20:21:01 UTC 2012

On 20-Sep-12 20:51, George Herbert wrote:
> On Thu, Sep 20, 2012 at 5:13 PM, Stephen Sprunk <stephen at>
> wrote:
>> Actually, they're not any different, aside from scale. Some
>> private internets have hundreds to thousands of participants, and
>> they often use obscure protocols on obscure systems that were
>> killed off by their vendors (if the vendors even exist anymore) a
>> decade or more ago, and no source code or upgrade path is
>> available.
>> The "enterprise" networking world is just as ugly as, if not
>> uglier than, the consumer one.
> I haven't worked much on the commercial private internets, but I did
> work for someone who connected on the back end into numerous telco
> cellphone IP data networks.
> For all of those who argue that these applications should use 1918
> space, I give you those networks, where at one point I counted
> literally 8 different 10.200.x/16 nets I could talk to at different
> partners (scarily enough, 2 of those were "the same company"...).
> And hundreds and hundreds of other space conflicts.

That's all?  I consulted for one customer that had several (six? 
eight?) instances of 10/8 within their own enterprise, simply because
they needed that many addresses.  That doesn't include the dozens of
legacy /16s they used in their data centers--plus the hundreds of legacy
/24s they used in double-sided NAT configurations between them and
various business partners, COINs, etc.

Yet all that was exposed to the consumer internet was a couple of /24s
for their web servers, email servers and VPN concentrators.

> Yes, you can NAT all of that, but if you get network issues where
> you need to know the phone end address and do end to end debugging
> on stuff, there are no curse words strong enough in the English
> language.

That's the truth.  To get from a credit card terminal to the bank
involved _at least_ three layers of NAT on our side, and I don't know
how many layers of NAT there were in total on the bank's side, but it
was at least two.


Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2312 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the NANOG mailing list