[Top] [All Lists]

Re: Do you know the TCP stack? (127.x.x.x routing)

To: hadi@xxxxxxxxxx
Subject: Re: Do you know the TCP stack? (127.x.x.x routing)
From: Zdenek Radouch <zdenek@xxxxxxx>
Date: Wed, 09 Mar 2005 00:33:56 -0500
Cc: Eran Mann <emann@xxxxxxx>, Thomas Graf <tgraf@xxxxxxx>, Andi Kleen <ak@xxxxxx>, Martin Mares <mj@xxxxxx>, netdev@xxxxxxxxxxx, linux-net@xxxxxxxxxxxxxxx
In-reply-to: <1110288879.1050.167.camel@xxxxxxxxxxxxxxxx>
References: <3sp35g$7rsc1@xxxxxxxxxxxxxxxxxxxxxxx> <422C0B50.20500@xxxxxxx> <m1y8d0mss2.fsf@xxxxxx> <E1D7zBN-0004hX-00@xxxxxxxxxxxxxxxxxxxxxxx> <E1D7lQN-0002gz-00@xxxxxxxxxxxxxxxxxxxxxxx> <E1D7lQN-0002gz-00@xxxxxxxxxxxxxxxxxxxxxxx> <E1D7zBN-0004hX-00@xxxxxxxxxxxxxxxxxxxxxxx> <20050306173145.GQ31837@xxxxxxxxxxxxxx> <E1D81mg-0002rz-00@xxxxxxxxxxxxxxxxxxxxxxx> <m1y8d0mss2.fsf@xxxxxx> <3sp35g$7hpm0@xxxxxxxxxxxxxxxxxxxxxxx> <422C0B50.20500@xxxxxxx> <3sp35g$7rsc1@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
At 08:34 AM 3/8/05 -0500, jamal wrote:
>PS:- anyone not copying me in the responses while addressing me - i
>didnt see your response.
>On Mon, 2005-03-07 at 22:15, Zdenek Radouch wrote:
>> RFC 1918 trivializes the IP addressing by boxing
>> all hosts into either a "private" or "public" category,
>> based on their need to access the Internet.
>sure. And the semantics are: dont route "private" addresses 
>if they stray on the "public network". In other words, it is left to the
>network setup to resolve this.
>> The major thing the RFC misses is the fact that internal
>> to one of these "public" or "private" hosts, you may have
>> another, "even more private" network, for example one
>> that connects the cards within the chassis.  
>But why is this more "even more private"?

Because the hosting device may be sitting on a "private" net,
with which you don't want to interfere.

>Surely you can use 10.x addresses just fine within a chasis.

Not if the admin's SNMP/CLI client machine  lives on a 10.x net.

>Nothing makes 127.x addresses not usable in NATs or not be routable
>once you start attching them to non-hostlocal interfaces. 

That's true (if I got the multiple negatives right ;-))
But what's the point you're trying to make?

>> Such network
>> must be (for obvious reasons) completely hidden
>> from the outside, and thus cannot come from the
>> "outside" address space.  This "outside" space is a union
>> of the "public" and "private" IP addresses.
>> Guess what's left?  How 'bout
>Lets see, your requirements are:
>a) packets within a chasis subnet shall stay within a chasis subnet
>b) the outside (of the chasis) world shall never discover whats inside 
>the chasis (example ARPs will fail to resolve etc)
>Did i miss anything else?

Yes, a fundamental point.  The "outside" of the chassis is your
customer's network. The only thing you know about that
network is that it is *not* 127.x.  Consequently, if you don't
want to interfere with the outside you must use 127.x.

>Seems to me you are relying on obscurity of 127.x

As I said previously and shown above, 127 is the only one left,
it has not been randomly selected.

> to achieve goals which
>you could achieve just as easily with a 10.x address or even a public
>address. Is this correct?

> In otherwords it doesnt matter what addresses
>you use for internal chassis. What matters is how you set the route
>tables etc.
>I respect your desire to use whatever address range, but show me one
>think i couldnt do with a 10.x in the chasis that you can now achieve
>with a 127.x .. I think this will bring some clarity for me.

You couldn't walk in the NOC and tell them: "You can't use the 10.x
net to manage your equipment - my box is already using that net".

As a few people already pointed out, subnetting the 127 net
is a common practice if you are making multi-card communication
equipment, especially routers.  

Often, these systems must be able to communicate with the
external world, either as "public" hosts, or as "private", i.e.,
NAT'd hosts.  Because of this, the internal networks may not
ever have either public or RFC 1918 addresses.
For the same reason, the internal network cannot ever be
"configurable", since the configured address/net would
become inaccessible on the outside (it would be routed
to the internal network). Note that this has nothing to
do with the fact that the 127 address "never leaves the box".

Hope this clarifies the issue.


<Prev in Thread] Current Thread [Next in Thread>