Suggestion: Use reserved documentation ranges for anonymized IP addresses

[hslabbert]

netconan seems to currently output valid public IPs when anonymizing. Looking at the ip_anonymization.py, this might take a good chunk of work to restrict things, but it seems like using reserved documentation ranges for IPv4 and IPv6 would be appropriate here, rather than random public IPs.

[sfraint]

Thanks for the suggestion. It looks like those reserved networks are /24 for IPv4, but there is no guarantee that the important network structure of the network being anonymized would fit into those. To handle the general case, we need to be able to handle networks that might span the entire IP space.

With that said, I can see this being a useful addition. We'd be happy to review a PR adding this feature for users who know they're in a network where this would work.

[hslabbert]

Thanks.

It looks like those reserved networks are /24 for IPv4, but there is no guarantee that the important network structure of the network being anonymized would fit into those.

A fair point, yea.

The IPv6 options should hopefully fit most cases as that's a /32, unless things get into e.g. peering prefix lists and such that would cover large networks.

I'll see if I can stretch my legs a bit with delving into this.