Traceroute to public ip , over private network space

c.captari · ‎04-20-2009

Hi guys,

I'm going to be given another public ip address range which for reasons i will not detail, i'd like not to have this on the edge of our network, but inside the network.

My question is, what will be the drawbacks if i route that through a private address space. Meaning the internet would see the traceroute as such

[ ...public ip from external providers...]

[my public edge ip]

[private ip]

[my new network public ip]

So basically i'm having the public network just behind some private networks which would be appearing in a traceroute.

Please note that i do not have MPLS and cannot hide the private hops. Is there any real drawback in that, or i will not encounter any issues?

andrew.prince · ‎04-21-2009

The private IP space will not show in a traceroute from the internet, it is not routable on the internet RFC1918.

The trace rotue will just show some hops with either no information - or the hops will just not appear.

HTH>

milan.kulik · ‎04-22-2009

Hi Andrew,

From http://home.pl/test

AnalizujÄ™ drogÄ™ przejÅ›cia pakietÃ³w do 202.59.80.52 :

HOST: my1.home.net.pl Loss% Snt Last Avg Best Wrst StDev

1. gate1.home.net.pl 0.0% 5 2.6 1.8 0.4 2.8 1.2

2. 217.153.235.201 0.0% 5 4.7 2.4 1.2 4.7 1.6

3. 157.25.216.65 0.0% 5 0.7 1.6 0.5 3.3 1.4

4. plwaw2-so-2-0-0-0.net.ipartn 0.0% 5 10.0 2.4 0.5 10.0 4.2

5. 195.219.188.21 0.0% 5 0.7 1.4 0.7 3.2 1.1

6. if-1-0-0-833.core1.FR1-Frank 0.0% 5 27.2 24.9 24.2 27.2 1.3

7. Vlan13.icore1.FR1-Frankfurt. 0.0% 5 25.4 28.0 24.3 34.3 4.0

8. ix-12-27.icore1.FR1-Frankfur 0.0% 5 24.4 25.5 24.4 27.3 1.4

9. so-1-0-0.XT2.PAR2.ALTER.NET 0.0% 5 36.5 35.7 34.3 36.7 1.2

10. so-6-0-0.CR1.PAR2.ALTER.NET 0.0% 5 35.6 35.3 34.4 36.7 0.9

11. POS0-0-0.GW3.PAR2.ALTER.NET 0.0% 5 34.3 35.2 34.2 36.5 1.2

12. uuk203403.uk.customer.alter. 0.0% 5 150.3 150.7 149.9 152.6 1.1

13. tw112-static214.tw1.com 0.0% 5 170.4 170.9 170.1 172.2 0.8

14. tw21-static22.tw1.com 0.0% 5 169.9 170.3 169.7 171.4 0.7

15. 10.10.80.2 20.0% 5 172.0 170.3 169.2 172.0 1.2

16. nasa.nexlinx.net.pk 20.0% 5 173.7 173.9 170.2 178.9 3.7

As you can see on line 15., it's sometimes possible to get private IPs within Internet traceroute output.

IMHO, it might be more ISP dropping private address sourced packets within the Internet then traceroute mechanism itself.

BR,

Milan

andrew.prince · ‎04-22-2009

Very interesting, for that traceroute to actually show - means that a device was able to respond using an internal, un-routable IP and route thru the internet - wow!

Jon Marshall · ‎04-22-2009

Andrew

It's because the private IP address never needs to be routed across the Internet because it is always the source IP address of the packet in the return packet.

Jon

andrew.prince · ‎04-22-2009

Yup your right.

milan.kulik · ‎04-22-2009

Hi Jon,

exactly!

I've seen those private IPs many times in traceroutes through MPLS networks - providers are saving their public IPs by using private addresses on backbone interfaces.

But in the Internet, many providers are dropping packets with public source address when entering their network.

And from your point of view the device looks like not responding (and the RTD info is lost).

BR,

Milan