Additional Private IPv4 Space Issues
Frontier Communications Corporation
Vancouver
United States of America
marla.azinger@frontiercorp.com
http://www.frontiercorp.com/
Internet Corporation for Assigned Names and Numbers
4676 Admiralty Way, Suite 330
90292
Marina del Rey
United States of America
+310-823-9358
leo.vegoda@icann.org
http://www.iana.org/
private addresses
IPv4
When a private network or internetwork grows very large it is sometimes
not possible to address it using private IPv4 address space. This document
describes the problems faced by those networks, the available options and
the issues involved in assigning a new block of private IPv4 address
space.
sets aside three blocks of IPv4 address space for
use in private networks: 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8. These
blocks can be used simultaneously in multiple, separately managed networks without
registration or coordination with IANA or any Internet registry. Very large
networks can find that they need to connect more interfaces than the
number of addresses available in these three ranges.
It has occasionally been suggested that additional private IPv4 address space
should be reserved for use by these networks. Although such an action might address
some of the needs for these very large network operators it is not without
consequences, particularly as we near the date when the IANA free pool
will be fully allocated.
The main categories of very large networks using private address space are:
cable operators, wireless (cell phone) operators, private internets and VPN
service providers. In the case of the first two categories, the complete
address space reserved in tends to be used by a single
organization. In the case of private internets and VPN service providers there
are multiple independently managed and operated networks and the difficulty is
in avoiding address clashes.
The address space set aside in is a finite resource which
can be used to provide limited Internet access via Network Address
Translation (NAT). A discussion of the advantages and disadvantages
of NATs is outside the scope of this document. Nonetheless, it must
be acknowledged that NAT is adequate in some situations and not in
others. For instance, it is often technically feasible to use NAT
or even multiple layers of NAT within the networks operated by
residential users or corporations where peer to peer communication
is not needed. Where peer to peer communication is needed or where
services or applications do not work properly behind NAT, globally
unique address space is required.
In many cases it is possible to use multiple layers of NAT to re-use
parts of the address space defined in . In
particular, the tendency for low-cost CPEs to use 192.168.0.0/16 as
the default address range for the LAN allows providers to make
full use of 172.16.0.0/12 and 10.0.0.0/8.
When a network operator has exhausted the private address space set aside in
but needs to continue operating a single routing domain a number of options are available.
These include:
Using unique, globally scoped IPv6 unicast addresses is the preferred option
as it removes any concerns about address scarcity. In some cases implementing
a new network protocol on a very large network takes more time than is available,
based on network growth and the proportion of private space that has
already been used. In these cases, there is a call for additional
private address space that can be shared by all network operators.
Using the unique, locally scoped IPv6 unicast addresses defined in
is another approach and does not require coordination with an Internet
registry. Although the addresses defined in are probabilistically
unique, network operators on private internets and those providing VPN
services might not want to use them because there is a very low
probability of non-unique locally assigned global IDs being generated
by the algorithm. Also, in the case of private internets, it can be
very challenging to coordinate the introduction of a new network
protocol to support the internet's continued growth.
The Regional Internet Registries (RIRs) have recently been developing
policies to allow organizations with available address space to transfer
such designated space to other organizations. In other cases,
leases might be arranged. This approach is only viable for operators
of very large networks if enough address space is made available for
transfer or lease and if the very large networks are able to pay the costs of
these transfers. It is not possible to know how much address space
will become available in this way, when it will be available and how
much it will cost. For these reasons, address transfers will not be
an attractive proposition to many large network operators. Leases
might not be attractive to some organizations if both parties
cannot agree a suitable length of time. Also, the leasor might worry
about its own unanticipated needs for additional IPv4 address space.
Some network operators have considered using IP address space
which is allocated to another organizatiobn but is not publicly
visible in BGP routing tables. This option is very strongly
discouraged as the fact that an address block is not visible from
one view does not mean that it is not visible from another. It
is also possible that the registrant of the address block might
want to increase its visibility to other networks in the future,
causing problems for anyone using it unofficially. In some cases
there might also be legal risks involved in using address space
officially allocated to another organization.
The policy framework shared by the RIRs does not discriminate based
on what an address is used to do, just on how efficiently the assigned
addresses are used. Unique IPv4 addresses registered by an RIR are
potentially available to organizations whose networks have used all
the addresses set aside in . Nonetheless,
network operators are naturally disinclined to request unique IPv4
addresses for a purpose that could be met with private addresses were
it not for the size of the network. Addresses assigned in this way are
not available for anyone else to use and so their registration denies
them to new entrants, including potential customers.
It would be possible to re-designate a portion of the current global
unicast IPv4 address space as private unicast address space. Doing
this could benefit a number of operators of large network for the
short period before they complete their IPv6 roll-out. However, this
benefit incurs a cost by reducing the pool of global unicast
addresses available to end users.
When considering re-designating a portion of the current global
unicast IPv4 address space as private unicast address space it is
important to consider how much space would be used and for how
long it would be sufficient. Not all of the large networks making
full of of the space defined in would have their needs
met with a single /8. In 2005, suggested
reserving three /8s for this purpose.
A further consideration is which of the currently unallocated
IPv4 unicast /8 blocks should be used for this purpose. Using
address space which is known to be used unofficially is tempting.
For instance, 1.0.0.0/8, which was proposed in
is known to be used by a number of different users. These include
networks making use of HIP LSIs , ,
and others. There is anecdotal and
research evidence to suggest that several
other IPv4 /8s are used in this fashion.
Although new IPv4 /8s are allocated approximately once a month, they are not easy
to bring into use because network operators are slow to change their filter
configurations. This is despite long-running awareness campaigns ,
and active work to notify people whose filters are not
changed in a timely fashion. Updating code that recognises private address space
in deployed software and infrastructure systems is likely to be far more difficult
as many systems have these ranges hard-coded and cannot be quickly changed with a
new configuration file.
Where a group of networks find themselves in a position where they each
need a large amount of IPv4 address space from an RIR in addition to that
defined in they might cooperatively agree
to all use the same address space to number their networks. The
clear benefit to this approach is that it significantly reduces the
potential demand on the pool of unallocated IPv4 address space.
This approach has the potential to create an unofficial new private
address range without proper scrutiny.
If additional private address space is not defined and the large network operators
affected by this problem are not able to solve their problems with IPv6 address
space or by segmenting their networks into multiple routing domains, those networks
will need unique IPv4 addresses. It is possible and even likely that a single
network could consume a whole IPv4 /8 in a year. At the time of writing there are
just 28 unallocated IPv4 /8s, so it would not take many such requests to make a major
dent in the available IPv4 address space.
There have also been proposals to re-designate the former Class E space (240.0.0.0/4) as
unicast address space. suggests that it should be
privately scoped while does not propose a scope.
Both proposals note that existing deployed equipment may not be able to use addresses
from 240.0.0.0/4. Potential users would need to be sure of the status of the equipment
on their network and the networks with which they intend to communicate.
It is not immediately clear how useful 240.0.0.0/4 could be in practice. While
documents the status of several popular
desktop and server operating systems, the status of the most widely deployed
routers and switches is less clear and it is possible that 240.0.0.0/4 might
only be useful in very large, new greenfield deployments where full control
of all deployed systems is available. However, in such cases it might well
be easier to deploy an IPv6 network.
This document has no security implications.
This document makes no request of IANA.
The Wireless Internet Assigned Numbers Authority
WIANA
anoNet: Cooperative Chaos
anoNet
Awkward /8 Assignments
ICANN
Searching for Evidence of Unallocated Address Space Usage in DITL 2008 Data
The Measurement Factory/CAIDA
The Bogon Reference
Team Cymru, Inc.
This system has been setup for testing purposes for 69/8 address space
Atlantic.Net
De-Bogonising New Address Blocks
RIPE NCC
The authors would also like to thank Ron Bonica, Michelle Cotton,
Lee Howard and Barbara Roseman for their assistance in early
discussions of this document.