Hacker News new | past | comments | ask | show | jobs | submit login

If you're using addresses in the 240/4 block, you're going to run into issues when/if those addresses are assigned for public use.

It's not necessarily a problem for the general public, but will pose a routing problem for those using them internally.




People have been privately squatting on public networks like 11/8 since forever. It's a problem for them, maybe, and a mild curiosity for the rest of us. I'm just saying "we saw 240 in a traceroute" could have been a tweet, not a research paper. I kept scrolling and scrolling trying to find out why it wasn't a tweet.


One of our clients used to have a sysadmin with a knack for 192.169/16. Haven't had any problems yet but its bound to happen eventually.


I personally love IP addresses in the 172.16/12 range. I have my house in that range, and I can VPN in from anywhere and never have any IP address conflicts.

EDIT: I just realized you said 192.169/16, which is definitely not available for private IPs.


I talked to someone who had to re-ip his home network because he was using a subnet of 10./8 that conflicted with his VPN/work access. It's still possible to conflict with a local network you're on, it's not that nobody ever uses a 172.16/12 block.

A company I worked for, which is basically a group of a dozen acquisitions, uses practically every RFC1918 block which makes things really annoying. 10./8 used by IT, 192.168/16 used by company X acquired in 2004, 172.17/16 used by company Y acquired in 2011. The list of routes the VPN software installed was impressive.


I think if I were VPNing from a campus or an office, things would be different. Hotels, coffee shops, and corporate guest networks all seem to either like 10/8 or 192.168/16.

By the way, I use 172.30/16 for my home net. I have personally seen use of 172.16/16 and 172.31/16 before.


I work for a place that legitimately has 192.16.64.0/21, it's caused occasional confusion when folks aren't looking really closely.


Hey... I have an address in that block... >:[


That addr rings a bell.. Is it owned by github by any chance?


VPN services[1] seem to love assigning non-compliant addresses like 5/8 or 100/8 for their internal networks.

[1] and I mean 'real' VPN that connect machines you own, not glorified proxies/exit nodes.


Amazon was definitely using 11/8 internally when I was there 7 years ago.


These are being used as link addresses, they probably aren't even routable within Amazon's network. They probably want the link addresses to be globally unique so it simplifies management or so traceroute reverse lookup is easier (e.g. to pinpoint traffic loss). They probably ran out of the other RFC3330 usual suspects or something.

I wouldn't read too much into it. If they are using it in a way that will break if 240/8 is assigned, I'm sure they will fix it quickly.


Why wouldn't they use IPv6 for that? Compatibility issues?


Yeah, I don't know how many routers support RFC 5549 and it never seemed to become a best practice.


I think the thing is that if you actually need only 24ish bits worth of addresses for something and it doesn't need to be routable, ipv6 just adds a lot of baseline complexity ipv4 doesn't have unless you go out of your way. Ipv6 isn't just an address extension, it's a whole ass architecture unto itself.


The current IETF notion seems to be that any decision on 240/4 will hinder IPv6 adoption, they are very unlikely to do anything with it. This ironically means 240/4 ends up de facto private...

* See https://news.ycombinator.com/item?id=29246420 for a discussion of a related proposal.


Tell that to China who internally are apparently using all kinds of unusable addresses due to the The Great Firewall!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: