Help: HOWTO buy IP address blocks from ARIN?

John Abreau jabr at blu.org
Tue Jan 13 13:45:33 EST 2015 

If I were doing it, I'd consider setting up several redundant vpn servers.

RFC1918 defines three private address blocks:

    10.x.x.x/8
    172.16.x.x/12
    192.168.x.x/16

I'd start with 3 vpn servers, each using one of these blocks. Odds are one
of them would work at a given customer site. Maybe throw in a fourth one
with a small pool of public addresses for the hypothetical pathological
cases where the customer is using all three private address blocks.

If I needed more than 3 (or 4) vpn servers, I could subdivide the 10.x and
172.16 blocks.


On Tue, Jan 13, 2015 at 1:29 PM, Joshua Judson Rosen <rozzin at hackerposse.com
> wrote:

> On January 9, 2015 5:56:43 PM EST, John Abreau wrote:
> >
> >What are your project's needs that explicitly require 4K distinct
> >public
> >addresses and that cannot function using private addresses and NAT
> >instead?
>
> 'Project' is a geographically-distributed tech company with a bunch of
> frequently-mobile sub-networks where at least one end of any given
> 'internal' connection actually needs to be going out from behind someone
> else's network.
>
> There's certainly a chance that, say, our VPN or LAN addresses won't
> conflict with any of the arbitrarily-addressed host networks where the VPN
> endpoints reside, but we'd really rather have a routing scheme that 'will
> work' as opposed to something that 'might work'.
>
> 1k addresses go to a main-office LAN; the rest of them basically go to
> site offices. All of these things have the aforementioned routing
> constraints.
>
> "Just buy a block of IP addresses that are actually guaranteed routable"
> is the solution that I've seen in place at all of my former companies,
> though I've never been the one to make it happen before.
>
> How would you do it?
>
>
> >On Fri, Jan 9, 2015 at 4:29 PM, Lloyd Kvam <python at venix.com> wrote:
> >
> >> On Thu, 2015-01-08 at 17:26 -0500, Joshua Judson Rosen wrote:
> >> > Anyone here ever been through the process of procuring an IP block
> >> > from ARIN?
> >>
> >> Actually from my upstream ISP (UUNET) many years ago. I was
> >requesting
> >> a /21. The requirements were essentially the same back then.
> >>
> >> You're requesting 4K addresses. They want to know that 1K will be
> >used
> >> right now and that at least 2K will be in use within a year. If the
> >> only way you can use up that number of addresses is by allocating one
> >> thousand /30's they will turn you down. They are basically looking
> >for
> >> individual addresses, but you can count the lost addresses from your
> >> subnet scheme.
> >>
> >> > I'm trying to interpret the requirements they give for an
> >> > "end-user initial assignment", which are:
> >> >
> >> > * provide data demonstrating at least a 25% utilization rate of
> >the
> >> > requested block immediately upon assignment
> >> >
> >> > * provide data demonstrating at least a 50% utilization rate of
> >the
> >> > requested block within one year
> >> >
> >> > .. and maybe I'm just being dense, but it's not entirely obvious to
> >me
> >> > what "utilization rate" actually means here: do they mean
> >"sub-blocks
> >> > allocated to specific subnets with some-definition-of-minimal
> >waste",
> >> > or do they mean "individual addresses actually, specifically
> >assigned"?
> >> >
> >> >
> >> > I'm trying to rationalise a /20 block, because I can't seem to
> >> > partition the space such that I end up with < 50% allocated
> >immediately
> >> > or < 75% allocated over the next year; but if I count up the actual
> >> > nodes that I expect to exist on all of my subnets, those counts are
> >> > definitely short of both the `25% utilization immediately' and
> >> > `50% utilization within one year' figures.
> >> >
> >> > If I'm really supposed to be counting individual addresses
> >> > and not summing subnet sizes, what am I likely to be doing wrong
> >here?
>
>


-- 
John Abreau / Executive Director, Boston Linux & Unix
Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20150113/422f3baf/attachment.html

More information about the gnhlug-discuss mailing list