I've written a script that parses the IANA IPv4 address registry to find the unallocated prefixes and identify the ones that have been identified as already in use. The result is astonishing. From the ~24 /8 prefixes unallocated (at time of writing), only 2 /8 prefixes are "clean" (not reported to be used internally by organizations) and 22 are "dirty" because they are already in use by some organizations. The "clean" prefixes are: 14.0.0.0/8 and 106.0.0.0/8.
However, the level of "dirtiness" is variable. Some such as 1.0.0.0/8, 2.0.0.0/8 and 100.0.0.0/8 are much more used internally in private networks and implementations than others. In fact, the recent allocation of 1.0.0.0/8 by IANA have spurred discussions and studies on this issue.
What happens if I already use one of these "dirty" to-be-allocated prefixes in my network?
When the prefix you are using start being announced on the IPv4 Internet, then the sites and networks on the Internet using that prefix will not be reachable from your network and users. It may become a support nightmare if, for example, one of the sites is a well known content site using load-balancing and only some of its servers use the prefix. Therefore, sometimes your users will be able to reach that content, sometimes not: hours of interesting troubleshooting...
Is it possible that I'm using these "dirty" prefixes without knowing?
Even you might not know if you are using the dirty prefixes! For example, maybe your VPN vendor is using that "dirty" prefix to avoid collisions with RFC1918 private address space. When your computer setup the VPN connection, the host routing table then contains a route to this prefix through the VPN interface. Therefore, your host won't be able to reach a site on the Internet that has the same prefix. VPN software is often "smart" which means they setup the VPN on demand and disconnect when not in use. That means, similar to the previous paragraph, sometimes you will be able to reach some sites (when VPN is down) and sometimes you will not be able (when VPN is up): hours of interesting troubleshooting...
What happens if I receive a chunk of these "dirty" to-be-allocated prefixes from my provider?
Your network will become a magnet for packets that, before, went nowhere. Moreover, some end-users on the Internet will not be able to reach your network and sites since they are using the same prefix internally as yours.
What is the solution?
Well, if you are in the previous situations (already using a to-be-allocated prefix), then you should start planning to renumber. You could try to put more NATs but that become pretty tricky. If you are receiving one of these "dirty" prefixes from your provider, then it will be a rocky road...
The best approach, that is future proof, is to start deploying IPv6.
8 comments:
This is an interesting set of results. It would be great if you could share your methodology and results with us and the RIRs so that we can review them in the context of the existing work in this field. I've posted a short article about that on the ICANN blog.
Leo,
methodology is super simple: At the time of the posting, I took all the non-allocated prefixes from IANA. Then I took all prefixes reported by others (referred in the blog entry) as being used internally. Then I compared the two sets. Only 2 /8 were in IANA unallocated pool and not in the reported prefixes used internally. this is it. Marc.
Thanks for this post. I've run into this issue on two sites using 107.0.0.0/8 on what appear to be Amazon cloud servers: http://community.articulate.com and http://cloud.scorm.com
So I appreciate the explanation for why I am unable to reach these at work.
This helps user refine the search term instantly, because the search results change as users type.
Setup, Configure and Troubleshoot Wireless Network (Wi-Fi)
Home network support
operating system support
I'm hoping that they completely remove storage limits. Do it for April Fools Day. Then buy Dropbox and do the same thing.
operating system support
Setup, Configure and Troubleshoot Wireless Network (Wi-Fi)
computer repair
Nice and good article. It is very useful for me to learn and understand easily. Thanks for sharing your valuable information and time. Please keep updating Hadoop Admin Online Training
Competition for getting IPv4 addresses is still going on even though there are unverified reports suggesting the shortage for IPv4 address blocks. A reliable IP address brokerage service like IPv4Mall provide you with the best solutions by connecting you with our widespread and growing network of buyers and sellers.
Nice Post.
Ipv4.deals is the IPv4 Broker Service Provider which helps you to deal in IPs and provides you the platform to sell/ buy/ rent/ lease IPv4 and trade on it.
Post a Comment