[Frenchv6council] Remaining IPv4 /8 prefixes are dirty

Latif LADID ("The New Internet based on IPv6") latif at ladid.lu
Tue Mar 23 13:42:27 EDT 2010 

 <http://marcblanchet.blogspot.com/> Marc Blanchet's Blog


findings and hints on IP networking


Blog Archive


 


 
<http://marcblanchet.blogspot.com/2010/02/remaining-ipv4-8-prefixes-are-dirt
y.html>
http://marcblanchet.blogspot.com/2010/02/remaining-ipv4-8-prefixes-are-dirty
.html


 


SUNDAY, FEBRUARY 7, 2010


 


 
<http://marcblanchet.blogspot.com/2010/02/remaining-ipv4-8-prefixes-are-dirt
y.html> Remaining IPv4 /8 prefixes are dirty


 


As of January 2010, there is less than
<http://www.nro.net/media/less-than-10-percent-ipv4-addresses-remain-unalloc
ated.html> 10% of the IPv4 address space remaining for new networks. The
current timeline is that  <http://ipv4.potaroo.net/> no more address space
will be available by 2012. However, the remaining IPv4 address space is not
as usable and clean as one may think.
<https://www.dns-oarc.net/files/dnsops-2008/Wessels-Unused-space.pdf>
Evidence has shown that many unallocated prefixes from the
<http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml
> IANA pool are used internally by organizations or by
<http://en.wikipedia.org/wiki/Hamachi> VPN vendors. Moreover, my company
does IP networking consulting and we have seen many times our customer's
networks numbered with one of these unallocated prefixes. The
<https://www.dns-oarc.net/files/dnsops-2008/Wessels-Unused-space.pdf> top 10
identified were: 1.0.0.0/8 2.0.0.0/8, 5.0.0.0/8, 23.0.0.0/8, 27.0.0.0/8,
46.0.0.0/8, 100.0.0.0/8, 107.0.0.0/8, 176.0.0.0/8, 111.0.0.0/8. As of
writing 1.0.0.0/8 has already been allocated by IANA to APNIC.

 

I've written a script that parses the IANA IPv4 address registry to find the
unallocated prefixes and identify the ones that have been identified as
already in use. The result is astonishing. From the ~24 /8 prefixes
unallocated (at time of writing), only 2 /8 prefixes are "clean" (not
reported to be used internally by organizations) and 22 are "dirty" because
they are already in use by some organizations. The "clean" prefixes are:
14.0.0.0/8 and 106.0.0.0/8.

 

However, the level of "dirtiness" is variable. Some such as 1.0.0.0/8,
2.0.0.0/8 and 100.0.0.0/8 are much more used internally in private networks
and implementations than others. In fact, the recent allocation of 1.0.0.0/8
by IANA have spurred
<http://mailman.nanog.org/pipermail/nanog/2010-January/017402.html>
discussions and  <http://labs.ripe.net/content/pollution-18> studies on this
issue.

 

What happens if I already use one of these "dirty" to-be-allocated prefixes
in my network?

 

When the prefix you are using start being announced on the IPv4 Internet,
then the sites and networks on the Internet using that prefix will not be
reachable from your network and users. It may become a support nightmare if,
for example, one of the sites is a well known content site using
load-balancing and only some of its servers use the prefix. Therefore,
sometimes your users will be able to reach that content, sometimes not:
hours of interesting troubleshooting...

 

Is it possible that I'm using these "dirty" prefixes without knowing?

 

Even you might not know if you are using the dirty prefixes! For example,
maybe your VPN vendor is using that "dirty" prefix to avoid collisions with
RFC1918 private address space. When your computer setup the VPN connection,
the host routing table then contains a route to this prefix through the VPN
interface. Therefore, your host won't be able to reach a site on the
Internet that has the same prefix. VPN software is often "smart" which means
they setup the VPN on demand and disconnect when not in use. That means,
similar to the previous paragraph, sometimes you will be able to reach some
sites (when VPN is down) and sometimes you will not be able (when VPN is
up): hours of interesting troubleshooting...

 

What happens if I receive a chunk of these "dirty" to-be-allocated prefixes
from my provider?

 

Your network will become a magnet for packets that, before, went nowhere.
Moreover, some end-users on the Internet will not be able to reach your
network and sites since they are using the same prefix internally as yours.

 

What is the solution?

 

Well, if you are in the previous situations (already using a to-be-allocated
prefix), then you should start planning to renumber. You could try to put
more NATs but that become pretty tricky. If you are receiving one of these
"dirty" prefixes from your provider, then it will be a rocky road...

 

The best approach, that is future proof, is to start deploying IPv6.

 

Posted by marc at
<http://marcblanchet.blogspot.com/2010/02/remaining-ipv4-8-prefixes-are-dirt
y.html> 1:56 PM

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ipv6forum.com/pipermail/frenchv6council/attachments/20100323/bd73a398/attachment.html

More information about the Frenchv6council mailing list