Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Alibaba for example use DoD address ranges for their management servers running Alicloud services. They assumed since nothing in their cloud platform would connect to those addresses they can use these them to alleviate IPv4 shortage. In Alicloud, the customer have the right to use any RFC1918 addresses, so they had to be creative since they didn’t have sufficient IPv4 addresses.


but if they're not filtering BGP announcements for those ranges (however unlikely), and the GFW isn't blocking traffic out to those addresses (even more unlikely), and the internal metrics were high (super unlikely), I guess it'd slurp out all the traffic? maybe this was a weird smash-and-grab.


You'd be surprised, but GFW is a blacklist not a whitelist, as such the blocked domains and/or IPs are a very small subset of all public addresses out there.


Even with a blacklist, a large and contiguous range like 11.0.0.0/8 won't be particularly difficult to block or reroute.


I'd imagine that, with the advent of ipv6, it would have to be.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: