Home / Blogs

IPv6: Beware of Dirty, Muddy IPv4 Addresses as the Pool Dries Up

Yves Poppe

Mid March a special plenary session of the Canadian standard committee isacc was convened in Ottawa to review the final report [PDF] of the Canadian IPv6 Task Group. It was unanimously approved and the essence of its 66 pages are seven recommendations for Government, Industry, Service and Content providers, and the regulator, CRTC to proceed with diligence, even some sense of urgency.

One paragraph provides an interesting new twist to the exhaustion debate: Is the Internet already becoming less reliable as a consequence? paragraph 3.1 of the report says:

'Evidence has shown that most of the remaining IPv4 address space is already in use by organizations. Within the few remaining IPv4 address blocks available as of January 2010, 90% of that address space contains prefixes which have been identified as already in use by some organizations, resulting in decreased reliability. Therefore, the recipients of these prefixes, when allocated, will see unwanted traffic to their networks and many organizations will not be able to reach these recipients' networks. In other words, the remaining address space will be less reliable to use than the IPv4 address space already in use. As the remaining address space approaches zero, it is likely that people will experience unreachability of sites and networks as well as more instability in IPv4 routing.'

Could we be using dirty prefixes without knowing it? What are the possible consequences? How to make sure we get clean addresses from our ISP? Marc Blanchet's blog on the topic might provide some beginnings of an answer.

If you consider that the IPv4 address pool has only 24 prefixes (/8's) left and that 22 of them are dirty, means only two really clean ones are left! The dirtiest neighbourhoods are 1.0.0.0/8, 2.0.0.0/8 and 100.0.0.0/8 , they're apparently harbouring nests of address squatters.

An IPv4 dirtyness index might be a useful addition to the expiry counters. A healthier alternative however might be to start dipping in the IPv6 reservoir.

By Yves Poppe, Director, Business Development IP Strategy at Tata Communications – (Any opinions, findings, conclusions or recommendations expressed in these articles are solely those of the author and are not in any way attributable to nor reflect any existing or planned official policy or position of his employer in respect thereto.) Visit Page
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

This isn't news Leo Vegoda  –  Mar 28, 2010 4:03 PM PDT

While it's important to be aware of this problem, it's not news that it exists. As I pointed out last week ICANN has been writing and presenting on this problem for a few years now and commission earlier research into it. But perhaps more importantly, as George Michaelson and Geoff Huston reported from their research into the pre-existing, unauthorized usage of 1.0.0.0/8:

The traffic in 1.0.0.0/8 is not evenly distributed. The majority of the traffic is directed at the single address 1.1.1.1, and the covering /24

We should not assume that just because there is some unauthorized usage in unallocated address space in parts of a /8 that the whole block is unusable. There will undoubtedly be some problems with these prefixes. There always are problems when new address space is brought into official use but those problems get fixed and people move on.

The dirtiness I'm much more concerned about is CIDRs that earlier belonged to a spammer / botmaster Suresh Ramasubramanian  –  Mar 28, 2010 6:19 PM PDT

Some of them have got surprisingly large sized allocations - a significant number of new allocations (including /15 and /16 netblocks) as well as hijacking and repurposing of legacy netblocks that belonged to a defunct organization).

With v4 being in such short supply that needs to be addressed far more aggressively than it currently is.

In any case, even if that IP space is reclaimed, getting it out of various blocklists, nullroutes etc will be an exercise that I wouldn't wish on my worst enemy

To post comments, please login or create an account.

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byAfilias