-2

I've been wondering about this for a long time but never really got around to asking it.

I know that a lot of companies were initially assigned IP addresses within the /8 (Class A) range and a lot still have these addresses assigned to them (e.g. the USPS).

Now, I know that ICANN issues these addresses and I also know that you can't really use an IP you're not assigned because DHCP on the ISP's side simply wouldn't give you one. However, I don't understand the hierarchy: how are the ISPs prohibited from not assigning random IPs to others and how is the USPS barred from using an IP address which doesn't belong to it?

What if an ISP screwed up and tried to assign an IP address which was not in its allocated range? What would happen?

Reynolds
  • 19
  • 2
  • 2
    They would notice real fast because the addresses wouldn't properly work as the routing system would direct traffic to the real owners of the network addresses (and most likely drop the traffic altogether, as it comes from an invalid location). However, this is [off-topic](http://serverfault.com/help/on-topic) here as it about explaining fundamental networking concepts and not about an actual technical problem you face. – Sven Jan 08 '15 at 15:13
  • 13
    Oh, and please forget everything you have ever learned about network classes. [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) is in place for 22 years now. – Sven Jan 08 '15 at 15:15
  • I am aware that CIDR is used nowadays, I took Class A networks as an example because they used to be big companies with large IP ranges and it is unimaginable to me that no ISP or company ever messes up its IP allocation. – Reynolds Jan 08 '15 at 15:42
  • The answer to your question basically is related to the proper setup of [BGP](http://en.wikipedia.org/wiki/Border_Gateway_Protocol) on all the core routers. Anyone announce address space they don't properly own would probably disabled their immediate peers. – Zoredache Jan 08 '15 at 17:46
  • 1
    I'm reopening this, but am somewhat uncertain about whether it "should" be opened or closed, so I'll leave its fate up to the community. – HopelessN00b Jan 08 '15 at 18:29
  • 2
    “All nonsense questions are unanswerable. How many hours are in a mile? Is yellow square or round?” - C.S. Lewis – TheCleaner Jan 08 '15 at 18:50
  • BTW, if anyone "messed up IP allocation" it was InterNIC to begin with, handing out giant ranges/subnets to ISPs that could simply hold on to them without using them. IIRC over 40% of the entire allocation pool was given out by 1991. – TheCleaner Jan 08 '15 at 19:16
  • Simply put, this individual doesn't clearly understand how some of the core technologies behind the internet work. He's coming here because he has looked for the information and doesn't know where to start. And Sven is right, you need to start learning from the beginning all over. You have gained some knowledge somewhere that has misled your thought process altogether. – IceMage Jan 08 '15 at 20:23

5 Answers5

7

DHCP is of very little relevance to this question. With DHCP the ISP can tell the customer, what the address of the customer is. But between ISPs it works differently. Between ISPs communication about who has which IP addresses is done using BGP.

In this context the networks are known as autonomous systems, to get an initial understanding it is a good enough approximation to imagine that an AS and an ISP is the same.

BGP is fundamentally different from DHCP in that you don't tell somebody what their IP address is. You tell somebody what your own IP addresses are.

Obviously you can be telling other AS incorrect information about which IP addresses are on your network. If two AS claim to have the same IP addresses, neither will be able to use those IP addresses to communicate with all of the internet.

Initially BGP was based on mutual trust. Then semi-automatic filters got introduced to eliminate obviously incorrect IP prefixes being announced through BGP.

Still that wasn't sufficient to prevent breakage. One famous example was when a Pakistani provider claimed to own the IP addresses of YouTube. For a large number of users YouTube was offline. At that point complaining about the situation through the proper channels get a normal situation restored.

What is happening now is that cryptographic methods to validate BGP announcements are slowly being adopted. This happens through information known as Route Origin Authorizations (ROAs).

kasperd
  • 30,455
  • 17
  • 76
  • 124
  • "Between ISPs communication about who has which IP addresses is done using BGP." This makes this the technically correct answer IMHO. – IceMage Jan 08 '15 at 22:16
3

If ISP A assigned one of their users an IP address in ISP B's network not much would happen aside from that user's internet not working. Within the ISP's network there's not liekly to be any routing information for that network, so even if someone within ISP A's network wanted to talk to this rogue address it'll get passed up through the gateways to a core router and tossed off into the internet according to its BGP routes. Even if there were routing information in ISP A's network for the bad netblock communication with the internet would be basically impossible.

Now, if you really want to screw up the internet you start advertising bad BGP prefixes.

Long story short, BGP is based on implicit trust, and any route advertised is generally accepted as correct by its peers in the BGP network. One notable example of this going horrifyingly wrong is when Pakistan decided it wanted to block Google some years back. Routes that were intended to be a BGP blackhole internal to the country were mistakenly advertised publicly, causing much of the world's Google traffic to be directed at Pakistan, taking the Google, and the PK ISP, offline.

Now, if you want to get scary...

With a suitable amount of network and computing horsepower someone could ostensibly poison BGP routes on a global scale, intercept and store traffic, and forward that traffic back out to its intended destination transparently. Something something NSA.

Note on the comments on the question: What @Sven means is that you shouldn't even use the phrase "Class A/B/C" as it refers to rigid, long-obsolete practices. If you want to be taken seriously by networking nerds you need to use CIDR notation, ie: '/8' instead of 'Class A'

Sammitch
  • 2,111
  • 1
  • 21
  • 35
2

IP addresses are a lot like the Post Office.

You cannot just declare that your ZIP code is 60605-3234 because you like the number. That number is assigned to a specific block of houses somewhere in Chicago, IL. If you put that ZIP code on your mail as your return address, you will never get any mail.

IP addresses are much the same. Just because I like the IP address 8.0.6.3 , and just because nobody else happens to be using it right now, doesn't mean that packets addresses to 8.0.6.3 will get to me.

hymie
  • 424
  • 2
  • 11
1

The worst bug that can happen is a DHCP reservation that got lost and another customer in your range got your IP that way. The helpdesk can easily kill the remote modem and free it up for you.

For having a IP in the wrong class, that would mean a general failure on all the data layer from your house to the ISP and a failure in the main DHCP's server. I would add, usually the data team for the outside are not the same as the one managing the DHCP.

That will make the same as if you set yourselft a static IP that does not exist on your WAN, with no real gateway to the outside world you will only be isolated there.

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
  • @TheCleaner - hehe, yeah. I work for an ISP, and you are right, but ICANN on the other side watch really closely all range, I can assure you that :) so Bob would have to create another pool, as you can't assign in a pool you don't have configured. It's more a sabotage at this point :P – yagmoth555 Jan 08 '15 at 19:00
  • 1
    Exactly, and even if an additional pool was created the network would have to be configured to send DHCPreqs to that pool. Even assigning a static IP manually at the customer edge wouldn't do anything without someone sabotaging the ISP's network itself. And even then it would likely be an issue only within that ISP's network. – TheCleaner Jan 08 '15 at 19:05
1

The biggest reason using IP addresses you aren't actually assigned (or have access to) doesn't work is because it simply will not route.

Your ISP has a network that is assigned to it, from either ICANN, or whomever. The equipment that attaches to that will know how to route information within one of those addresses, and forward it to the equipment that should be responding. Generally, when a network tries to claim IPs it doesn't have access to, they are not routable to the rest of the internet, even if they would be public IP addresses. Generally the only time you can take an IP address you are not assigned is when you use an IP address similar but different to one you are assigned. EG, if 10.1.20.1/32 was your publicly assigned address, you reside on a 24 bit subnet, and you used 10.1.20.4, you would likely be able to route information to and from your connection. This is dependent on your ISP, and most are getting much better are detecting such activity.

To put it simply, if your router is at 10.10.10.1/24, and you assign yourself the IP address 10.24.10.8/24, you will not be able to talk to each other without some additional configuration. Also, there are some ways to get around this general restriction, but more or less, the information will not be able to traverse the internet if you try to use an IP you don't own.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
IceMage
  • 1,336
  • 7
  • 12