Looking for 240/4 addresses

By on 10 Sep 2024

Category: Tech matters

Tags: , , ,

16 Comments

Blog home

If you look through the IANA’s IPv4 address registry you will find a set of reservations that collectively are encompassed by the address prefix 240/4, and are annotated in the registry for ‘Future Use’. These entries reference RFC 1112 Section 4, which states: “Class E IP addresses, i.e., those with “1111” as their high-order four bits, are reserved for future addressing modes.”

This address prefix encompasses 268,435,455 IPv4 addresses. From time it has prompted the obvious question: ‘If we have run out of available IPv4 addresses, then why are a quarter of a billion IPv4 addresses still sitting idle in an IANA registry waiting for an undefined Future Use?’ Surely, if there was to be some ‘future addressing mode’ to be defined in IPv4, then we would’ve done it by now. Why can’t we just add this pool of IP addresses into the all-but fully depleted pool of available IPv4 unicast addresses and relieve, to some small extent, some of the pressures that we have been experiencing with IPv4 depletion over the past decade?

The major points of discussion on this topic were recorded in a couple of Internet drafts from 2008. One of these, draft-wilson-class-e, advocated the redesignation of this address block for private use, extending the set of such local addresses to “assist in the IPv6 transition of larger networks who are using IPv4 in the context of a dual-stack deployment.”

In such contexts, it was reported that the reuse of network 10/8 was not an option because of existing use and potential address clashes (1918bis). The use of 240/4 offered a more conventional method to connect Consumer Premises Equipment (CPE) Network Address Translators (NATs) to the network’s border Carrier NATs without having to use more involved solutions such as Dual-Stack Lite (RFC 6333), NAT464 or 464XLAT (RFC 6877).

Another reason why a private use context was advocated for this address prefix was that it was believed that many IP implementations had implemented this reservation of the 240/4 address block within the IP code itself within end hosts, discarding the processing of any IP packet that had an address from this prefix as either the source or destination address. The address prefix was unsuitable for general use while significant populations of host protocol stacks contained this discard code. The other draft, fuller-240space, advocated the reclassification of this address block as conventional unicast address space, noting that “given the current consumption rate, it is clear that the block should not be left unused.”

Given that by 2008, when these drafts were submitted, the prospect of IPv4 address pool depletion was estimated to occur between 2010 and 2012, the discussion in the IETF turned to what would be the most productive use of the available time before the pools of available IPv4 addresses ran out. Consumption of IPv4 addresses was rising dramatically with the transition of mobile voice networks into mobile IP networks, and these networks were slow to adopt a dual-stack mode of operation.

By 2009 the annual IPv4 address consumption rate was rising to 190M addresses per year (see Addressing 2009), so an additional pool of 268M addresses would apparently defer the inevitable IPv4 address exhaustion by only 16 months or so. There was a prevalent view that the cumulative effort to update the hundreds of millions of IP hosts to accept IP addresses drawn from the address prefix 240/4 would probably take a comparable period, if not significantly longer, and such effort would form a distraction to the overall objective to rapidly transition all hosts and networks to support IPv6 before we experienced acute IPv4 address exhaustion pressures.

The mobile industry had gathered an unprecedented level of momentum at this stage, so our collective attention then turned to dual-stack transition mechanisms (at one point around 2010 more than 30 such IPv6 dual-stack transition mechanisms were being proposed!) and the associated effort to manage the remaining pools of available IPv4 addresses responsibly took up far more attention than the plight of this little corner of address space. These proposals to revive 240/4, either as private use space or as general unicast space, quietly languished.

Languished, yes, but the topic still resurfaces from time to time.

Measuring the usability of 240/4

There have been several exercises in recent years to see to what extent this address prefix is usable. A 2022 measurement exercise was reported in the RIPE Labs blog. An analysis of the traceroute data collected by the Atlas project indicated that, at the time, Amazon AWS (AS14618 and AS6509) were using this address block internally to address customer assets.

Other instances of internal private use of this address prefix were also apparent at the time, as evidenced by the traceroute reports of router interface addresses reporting the use of this address prefix in these traceroutes. It appears that the proposal described in draft-wilson-class-e for use in private contexts had apparently not fallen on totally deaf ears!

The second part of this measurement experiment involved setting up a server using an IP address drawn from the 240/4 address and directing 7,600 Atlas probes to perform a traceroute to this destination. They reported that 34 probes were able to reach this server, and all these probes were hosted in the AS701 (Verizon Business) network.

As a follow-up, I conducted a similar, but smaller-scale experiment using Atlas in July 2024. Just 1 of the 190 tested probes reached a host server (hosted in AS29208, Quantcom, Czech Republic). This network peers with DE-CIX, and the one successful traceroute appeared to transit DE-CIX to reach the server. A larger re-run of this experiment, using 1,000 randomly selected probes from the Atlas collection did not fare any better. Of some 967 probes that responded, all of them reported failure in reaching this server.

In measurement terms, the Atlas network is of medium size with 12,500 probes, but it is extremely flexible in terms of what the probes can be programmed to measure. At APNIC Labs we use a somewhat different measurement approach, based on enrolling users to perform a simple web object retrieval. This approach is less flexible, but by using an online ad network (Google Ads) to pass these retrieval tasks to end users, we can undertake measurements at a significantly larger scale both in volume and in coverage.

The ad program is currently running with a total of 25M ad impressions per day, which is significantly larger than the Atlas probe set. With this measurement system, we can place a simple web object on a server (a 1×1 pixel image using a .PNG image format, or a ‘blot’), and direct users to attempt to retrieve this object within the ad’s script. For this measurement the server is addressed with a host address drawn from the 240/4 prefix and the server’s network service provider advertises reachability to this server with a BGP announcement to its routing peers.

Before looking at the results of this measurement it may be useful to understand the problem space in reaching a destination that has an address drawn from this 240/4 prefix. There are several potential issues in trying to use such an address, including:

  • Routers may reject packets with a destination address from 240/4.
  • The configuration of a network’s routing environment may not accept a route advertisement for this prefix, or for more specifics of this prefix.
  • CPE equipment that performs a NAT function may reject packets with source or destination addresses drawn from this prefix.
  • For mobile networks, other forms of network middleware, such as carrier-grade NATs, may reject packets with source or destination addresses drawn from this prefix.
  • End systems may reject packets with source or destination addresses drawn from this prefix.

Of the 788 total BGP peers for the Route Views and RIS systems, just three peers have propagated a route to a prefix drawn from 240/4, namely 242.242.0.0/16, originated by AS8747 and propagated via AS29208 (both networks are operated by Quantcom, in the Czech Republic). Another IPv4 network originated by the same AS, 109.235.180.0/24, is seen by a total of 702 separate peers of Route Views and RIS, so it would be reasonable to infer that there is widespread BGP filtering taking place for the 242.242.0.0/16 route.

As a quick illustration of the issues in network reachability, let’s compare two traceroutes from an Akamai Linode server located in Frankfurt, Germany. The first is to a conventional IPv4 host address:

$ traceroute 109.235.180.1
traceroute to 109.235.180.1 (109.235.180.1), 30 hops max, 60 byte packets
 1                     (10.210.2.210)              0.102 ms  0.025 ms  0.063 ms
 2                     (10.210.35.30)              0.215 ms  *         *
 3                     (10.210.32.1)               0.221 ms  0.423 ms  0.272 ms
 4  lo0-0.gw2.fra1.de.linode.com (139.162.129.102) 0.476 ms  0.326 ms  0.268 ms
 5  decix.quantcom.cz (80.81.192.217)              1.078 ms  0.995 ms  1.094 ms
 6  cz-prg-p1sit-be3.quantcom.cz (82.119.246.102)  7.832 ms  7.848 ms  7.815 ms
 7  * * *

The first three hops appear to pass through the Linode infrastructure, which uses network 10 to number its internal routers. The packets then pass out through a Linode egress router to the Frankfurt DE-CIX switching infrastructure, and are next seen at Quantcom’s ingress, and from there into a Quantcom router in Prague.

$ traceroute 242.242.100.1
traceroute to 242.242.100.1 (242.242.100.1), 30 hops max, 60 byte packets
 1                 (10.210.2.210)                   0.100 ms  0.050 ms  0.036 ms
 2                 (10.210.35.30)                   0.669 ms  0.475 ms  0.290 ms
 3                 (10.210.32.1)                    0.203 ms  0.200 ms  0.180 ms
 4  lo0-0.gw2.fra1.de.linode.com (139.162.129.102)  0.500 ms  0.398 ms  0.402 ms
 5  ae18.r02.fra03.ien.netarch.akamai.com (23.210.54.18) 0.587 ms  0.611 ms  0.477 ms
 6  * * *

The difference here is in hop 5, where the outbound packet is passed into the Akamai infrastructure rather than to DE-CIX. These initial hops are likely following the internal default route. As it appears that Linode is not accepting a route to any prefix in 240/4 from DE-CIX, then the default outbound path points to an Akamai router, which discards the packet as there is no explicit route and no further default routes to follow.


Measurement results for testing unicast reachability for 240/4

Now let’s look at the results of this experiment, shown at the economy level in Table 1.

CCTestsHitsRateCC name
RO1,313,45242,8143.2597%Romania
CZ985,47015,1621.5386%Czech Republic
SK198,4165320.2681%Slovakia
RU48,5742700.5559%Russian Federation
AE137,308920.0670%United Arab Emirates
US4,539,376340.0007%United States of America
BH32,30280.0248%Bahrain
GR61,10620.0033%Greece
Total:130,298,47758,9140.0452% 
Table 1 — 240/4 accessibility by economy.

Over a 14-day period from late August through early September we presented 130 million unique clients with tests to users drawn from across the entire Internet. The test included the direction to fetch a blot from this server addressed within the block 242.242.0.0/16.

We had low expectations because we observed that the interdomain routing space has not widely propagated the route for 242.242.0.0/16. Only three peers from RIS and RouteViews report seeing this route prefix, compared to about 702 peers for other prefixes announced by the same origin AS.

 On the other hand, this network directly peers with 913 other networks, so even if this route is not extensively propagated over transit networks so that it is seen at various route collectors, there is still a relatively rich domain of local propagation. Table 1 shows that access to endpoint addresses in the 240/4 prefix is largely limited to hosts located in Romania and the Czech Republic where the host’s network either peers directly with AS29208 or is very closely connected.

There are a small number of more anomalous entries in this table. What is going on where we see just a handful of connections from networks that are geolocated to the United States, Bahrain, and Greece? The most likely explanation is a geolocation error, where the user is actually within the area where 240/4 is visible, specifically in Eastern Europe. It is entirely possible that there is some form of infrastructure route tunnelling or web proxy activity where the route is leaking via a route tunnel, but the very small hit counts would tend to suggest some form of individually customized network or application configuration as distinct from a whole-of-network tunnelling configuration.

We can increase the level of detail to look at the extent of propagation of access of this service by access network rather than by geolocated economy of origin. The results of this accessibility measurement are shown in Table 2.

AS CC Tests Hits Rate AS name
9050 RO 40,952 34,990 85.44% RTD Bucharest
29208 CZ 6,898 5,236 75.91% QUANTCOM-AS
48161 RO 15,374 4,682 30.45% NG-AS Sos. Bucharest
28725 CZ 8,406 2,768 32.93% CETIN-AS
39668 RO 2,652 2,290 86.35% AS-INTERSAT_CT
25424 CZ 2,778 2,202 79.27% INEXT-CZ
6740 CZ 1,648 1,500 91.02% INEXT-CZ-ADA
209947 CZ 976 936 95.90% MWIFI
205619 CZ 816 790 96.81% ASVESNET
48926 CZ 1,196 616 51.51% PE3NY-AS
60895 SK 638 384 60.19% LEKOS
196952 CZ 342 328 95.91% ASBEZVANET
35725 RO 37,528 202 0.54% TELEKOM
57825 CZ 174 164 94.25% MORAVANYNET-AS
52029 CZ 320 150 46.88% ASNOVOSEDLY
34315 CZ 132 132 100.00% MAXNET-AS
20485 RU 110 108 98.18% TRANSTELECOM MOSCOW
214529 RO 106 106 100.00% DSNET
12905 SK 106 106 100.00% ACS-SK-AS,
205275 RO 298 106 35.57% ROMARG HOSTING
206382 RO 142 100 70.42% NEXTSTART
34560 RO 100 92 92.00% SOFTEX-AS
197083 CZ 86 86 100.00% K2ATMITEC
199405 CZ 98 84 85.71% OSLAVANY-NET-AS
44081 RO 148 84 56.76% YUL-PRO-INTERNET-RASNOV-AS
138915 AE 124 80 64.52% KAPOKU Cloud 
211137 CZ 74 72 97.30% ISPSERVICES
206438 CZ 182 60 32.97% MXNET-AS
60533 SK 136 40 29.41% SATELIX
49107 RU 34 34 100.00% TELKO-AS
207913 RO 32 32 100.00% CLAR-TELEVISON-SRL
205400 CZ 186 32 17.20% VIVOCONNECTION
57180 RO 32 30 93.75% STAR-NET-ALBA-AS
203574 RO 28 28 100.00% CONECTX-AS
210713 RO 26 26 100.00% CORESI-NETLINK
35512 RO 26 26 100.00% TELEMEDIA-AS
6856 RU 24 24 100.00% IC-VORONEZH-AS
61403 RU 24 24 100.00% SEVER-TELECOM-CHER
138915 US 154 20 12.99% KAOPU CLOUD
60840 RU 20 20 100.00% TELECOMSERVICEVRN
57411 RU 16 16 100.00% NOVOTEHNIKS-AS
47165 RU 14 14 100.00% OMKC-AS
62642 US 312 14 4.49% BIGLEAF
210616 RU 30 12 40.00% SIBMEDVED-AS
5384 AE 17,218 12 0.07% EMIRATES-INTERNET
51102 RO 12 10 83.33% IMPATT-AS
41087 RO 10 10 100.00% ROMPRIX-AS 
47236 RU 24 6 25.00% CITYLINK-AS
56791 RU 6 6 100.00% CT-AS
138915 BH 4 4 100.00% KAOPU
13150 CZ 6 4 66.67% CATON
5416 BH 9,642 4 0.04% Internet Service Provider
49055 RU 2 2 100.00% NEWIT-AS
38949 SK 6 2 33.33% TRESTEL
57294 CZ 204 2 0.98% INTERNET_EXPER
41719 RU 2 2 100.00% SKTVSPEKTR-AS
60042 RU 2 2 100.00% ONTELECOM-AS
13150 GR 2 2 100.00% CATON

Table 2 — 240/4 accessibility by network.

The first five networks in Table 2, AS9050, AS29208, AS48161, AS28725, and AS39668 appear to have accepted the route to 242.242.0.0/16 into their network and have both a sizeable user base and have a high proportion of host platforms that also support communications with server addresses drawn from 240/4.

However, within the networks AS48161 and AS28725 the lower hit rate of 30% of tests suggests that there is a further factor here. A possible explanation lies in variations in the CPE equipment used in the interface between the client network and the service provider, on in the gateway equipment used to connect the network to the Internet. The user may also be using a ‘clean filter’ DNS resolver service where a name will not be resolved if the name is on some exception list, or, as may be the case here, the IP address is in a reserved address block.

There is also a ‘long tail’ in this table of more remote networks where just one or two tested users were seen to perform a successful fetch of this test blot. A possible explanation of these isolated anomalies may lie in using web proxy agents in the client-side network, as the IP address used to access this server is using networks that apparently have no route to this 242.242.0.0/16 prefix.

Observations

Is the address prefix 240/4 usable in a global unicast sense in the same way as all other IPv4 global unicast addresses? With a measured reachability rate drawn from across much of the Internet at just 0.0452%, it’s clear that it is not a generally reachable prefix, which implies that it is just not a useful address.

The intent of a unique unicast IP address in the Internet model is that any other host is capable of sending packets to it and receiving packets from it. It’s clear from these measurements that this is just not happening for this test server.

In the most general terms, there are three causes of reachability failure:

  • Network routing, where the routing system does not propagate a route for a prefix drawn from 240/4
  • Host filtering, where the host performs some form of address check on outgoing and possibly incoming packets and will discard IP packets with destination and/or source addresses drawn from 240/4.
  • Middleware filtering, where various forms of network middleware, generally NATs, will not process a packet being directed to a 240/4 destination address.

The minimal propagation of the route 242.242.0.0/16 indicates that route filtering is a widespread practice. This may be due to a particular block for the 240/4 prefix or a more general route ‘bogon filter’, where routes drawn from IANA reserved address blocks are rejected.

The very high hit rates in some networks in Table 2 appear to indicate that host filtering is not a major block for using addresses from this prefix.

The lower hit rates or around 30% for some networks pose an interesting question. Is filtering of this prefix a property of some consumer premises equipment (CPE) used by clients? Is this a behaviour of some network-level Carrier-Grade NATs (CGNs) used by some networks? In the case of Germany, Austria, Hungary and Romania, all of which are ‘close’ to the Czech Republic there is a reasonable level of IPv6 adoption. Are the dual-stack transition mechanisms being used in some of these networks dropping IPv4 packets addressed to this 240/4 address?

Should we do anything about this? Or not?

The Internet is big enough that any form of a coordinated change, such as a ‘flag day’, to enable access to 240/4 in networks, middleware and hosts is just not a realistic approach. For adoption in today’s Internet, any technology must be deployable in a piecemeal fashion. However, in general, piecemeal adoption is generally motivated by the perception of early adopter rewards. These rewards motivate additional adopters and momentum gathers if all is going well.

But in the case of addresses, the extremely limited visibility of services that use this address, and the limited ability of other users to access services that are addressed from this prefix suggest that there is an early adopter penalty rather than any form of reward. That tends to make piecemeal adoption for the use of this prefix as a general-purpose unicast address a forbidding proposition.

The 2008 advice contained in the wilson-class-e draft (where I’ll own up to being a co-author), which advocated the designation of this address space as ‘Private Use’ seemed to me to be the most sensible approach then, and now, 16 years later the approach still makes some sense to me. Such use allows a network operator to use these addresses in a controlled environment where the operators can assure themselves that the addresses are fully functional in their desired limited context of use.

However, in many ways, there is little that prevents a network operator from using addresses drawn from 240/4 in their internal environment already, as has been reported in traceroute data by Amazon collected by RIPE Atlas. Such a private use will not clash with any existing unicast addresses. This form of entirely private use of this IANA-reserved address block is, pragmatically speaking, already an option today and doesn’t require any particular IANA re-designation of the address block, so the obvious question is why bother with an IANA re-designation in any case.

It appears that the status quo is entirely adequate for the 240/4 address prefix!

Rate this article

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.

16 Comments

  1. Kyle Spencer

    There’s a typo toward the end which nearly gave me a heart attack. The text “26 years later” should read “16 years later” 🙂

    Reply
  2. Dave Taht

    These addresses do work across linux, vpns and SDNs and have for years.

    https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-240/

    I have sometimes hoped we would find a limited use for them, and for that matter, 0/8.

    Reply
  3. Named Bird

    Yes, it *may* be possible to add some extra address space to IPv4,
    but it will NOT solve the problem, since the demand will only continue to rise.
    And i would expect this to break some legacy/smart devices or make them exploitable.

    I prefer to see IPv6 getting across the adoption threshold rather than this.

    If you could get every ISP in the US (and EU?) to enable v6 for their customers,
    then services would be able to go IPv6-only, which removes their need for IPv4 addresses.
    The freed v4 space can be used for the legacy or critical systems that still need IPv4.

    This would solve both the v6 availability and v4 shortage problems at the same time.

    Reply
  4. Seth Schoen

    Geoff, thank you for doing this testing and for writing up the results so clearly.

    This measurement reflects the situation following Quantcom’s experimental route announcement, but not an attempt to promote it up at layer 8. It ultimately shows what happens if you just put 240/4 addresses on the Ethernet and announce a route to them, but it doesn’t reflect a coordination effort to get these peers or others to accept or further propagate this route. We simply don’t know, but hopefully we’ll be able to find out in the near future, how much further the route would
    propagate if neighboring network administrators were asked to examine the reason why the route did not reach their network, and, if possible, unblock it. We’ve consciously avoided starting to ask for this so far, in part in order to be able to measure the difference it makes.

    Many vendors’ routers have simple ways to enable 240/4 support, even if it’s off by default. Depending on the hardware mix, we may be able to get much greater reachability with a few small requests and configuration changes.

    While operators’ reactions may differ because this is an experiment and not a production deployment, Cloudflare’s “de-bogonization” effort for 1.1.1.0/24 took more than a year back in 2017; see https://blog.cloudflare.com/fixing-reachability-to-1-1-1-1-globally/

    They found “impressive […] the willingness of operators to collaborate with us to clean up the legacy misconfiguration.”

    As you know, current IETF documentation asks vendors and operators not to support 240/4 at all. Vendors’ actual behavior is mixed, as we describe in our Internet-Draft. The reason that IETF should act on this is to improve interoperability, so that the trend is toward
    improved vendor support. That’s relevant for either public or private use in the long run (as Amazon, for example, had to be cautious about hardware support for 240/4 when making unofficial private use). If vendors
    are encouraged by IETF to support 240/4 instead of not to support it, future users, public or private, will have an easier time (even in the scenario where IANA never redesignates 240/4).

    Reply
  5. Bob Li

    I was struck by your comment: “Many vendors’ routers have simple ways to enable 240/4 support, even if it’s off by default. Depending on the hardware mix, we may be able to get much greater reachability with a few small requests and configuration changes.”

    In recent days, I have been made aware of what seems to be a perfect use case of your suggestion –
    an implementation by Avinta Communications (www.Avinta.com), described in a presentation entitled “Streamlining the Internet” by A. Y. Chen at the April 2024 TWNOG 5 meeting in Taipei. Starting with access to the 240/4 netblock, Chen presents a scheme called EzIP (phonetic for Easy IPv4) that leads, not only to an immediate, massive 256-million-fold expansion of the IPv4 address pool with no disruption to ongoing operations. Over time it also leads eventually to a greatly simplified, more secure architecture for the worldwide Internet consisting of an overlay network that functions independently of the base facility, while maintaining arm’s-length interfaces between the two for interoperability and overall service integrity.

    Reply
    1. Bing Swen Sun

      Like many NAT44 based IPv4 extensions, EzIP is not compatible to existing IPv4 Socket apps.

      We need a variable length addressing scheme that is both single stack implementable and bidirectional interworking with strict IPv4 socket address overlapping. As a case study, ref. to IPswen, https://ipswen.net/

      Reply
    1. Geoff Huston

      there are some 200 or so countries where there were tests conducted, but zero hits recorded. These countries are omitted from Table 1.

      Reply
  6. Ray

    Hopefully IPv6 continues to roll out because CGNAT isn’t the answer. I pay for my own IPv4 as it was immediately clear something was different when my ISP instituted CGNAT.

    I could see latency increase, data transfers slowed and ran across being blacklisted due to abuse or misuse or possibly too many connections due to CGNAT.

    Let’s just push to implement IPv6 , as that’s the real path forward.

    Reply
    1. Named Bird

      ISP’s are often lazy and won’t move on their own.
      Without the right environment to promote IPv6, they usually go CGNAT and leave it at that.

      You can help changing that environment though!
      There are a few things you can do:
      1. Ask the ISP’s for IPv6. (obvious)
      2. Ask governments to make IPv6 mandatory for ISP’s.
      3. Ask browsers to do proper error handling related to IPv6 connectivity issues.
      4. Ask websites to switch away from v4-only. (going to dual stack or v6-only)
      5. Deploy IPv6 in your own networks, if you haven’t already.

      Most of the people i see saying “we need IPv6 so much” actually does only 1 or at most 2 of these things.
      And of course, that way it will never happen.
      (So don’t be one of them!)

      Reply
  7. Seth Schoen

    @Bob Li,

    We’ve interacted with Abraham Chen about his EzIP proposal in the past. We and Chen agree that it’s worth trying to make productive use of the 240/4 space, but his proposal is much more specific. It’s been described as a CGNAT variant which uses additional information in the IPv4 header so that devices that are EzIP-aware on EzIP networks can achieve end-to-end connectivity to each other instead of being CGNATed.

    If I remember correctly, EzIP also aims to extend the IPv4 address space so that EzIP-aware devices can in principle exceed 2³², although there can perhaps only be a limited number within a single ISP network (in any case no more than 2²⁸; maybe there are other practical limitations).

    Using 240/4 “natively” (whether for public or private addressing) is much simpler conceptually: it often just involves removing a single line of special-case code in the network stack of an OS kernel, which has already been done in most Unix kernels. That’s why so many devices on the networks that accepted this route were already able to connect to the server. (Operationally, wide-area public use is complicated by more involved issues about routers and firewalls, including the handling of BGP announcements.)

    By changing address semantics, EzIP does match up with the old concept of using 240/4 for “future addressing modes” (as Geoff Huston quoted RFC 1112). But as it’s more complicated and requires bigger changes in more places, its deployment would be harder. We can see here and elsewhere that there’s already skepticism about the deployment story for native 240/4; presumably it would be correspondingly more challenging to add on an overlay network protocol requiring additional software support. With the longer address space feature, EzIP would also be seen as more directly competing with IPv6 by creating a third kind of IP address space.

    Reply
    1. Bing Swen Sun

      If my understanding is correct (but could be wrong), EzIP has evolved from a NAT44 extension to a IPv4 options based fixed length addressing scheme. As I pointed out above in my reply to Bob, fixed length addressing extensions to IPv4 are not able to compatible to existing v4 socket applications (in binary or source code).

      We suggested a variable length IPswen address space specifically targeted to such a conundrum. If you are interested in the details, please follow the link above.

      Reply
    2. Abraham Y. Chen

      Hi, Seth:

      Your assessment of EzIP concepts is correct. However, the scheme proposed in the initial IETF Draft turns out to be an “overkill” in the sense that we really do not need to go all the way before enjoying the primary benefits of the proposal. By “Divide and Conquer”, we are now proceeding along the line of taking a two-phase approach. The first phase is to apply 240/4 to each CG-NAT cluster for expanding its coverage and call it an SPR. The second phase is to connect SPRs to one another for forming a worldwide overlay network that provides true end-to-end connectivity for those who really want it.

      For the first phase, there is nothing more than enhancing ERs (Edge Routers) and RGs (Routing/ Residential Routers) to operate with unicast 240/0 addresses while relieving the IoTs from being disturbed. This is where I believe that our two teams’ efforts can share the synergy.

      For the second phase, IoTs will need to be able to operate with 64-bit addressing (via Option Words) as you correctly pointed out. The additional 32 bits are from standard public IPv4 address pool that a CG-NAT cluster has been using to access the Internet core. So, there is no more address scheme change to the network routers (SPRs and RGs). This phase will not be relying upon your efforts.

      This rather unorthodox strategy of parsing an implementation has been very confusing even for us. Please have a look at our latest whitepaper at the below URL. The second URL is a graphics presentation file cited by the first to depict specifically how 240/4 may be used in the first phase. I believe that this is where Bob Li made the connection between our two projects.

      https://www.avinta.com/gallery/StreamlineTheInternet.pdf

      https://www.avinta.com/gallery/RegionalAreaNetworkSimulator.pdf

      Hope my description can close the loop for us.

      Abe (2024-09-19 15:30 EDT)

      Reply
  8. Andrew Witham

    So, the answer is still transition to IPv6.

    No harm in looking at the 240/4 question though to re-check the plan prevent any further waste of time.

    Thanks for the analysis. Hopefully its saved someone somewhere from a dead end. Eeeking out IPv4 any further only extends the cost of dual running and maintaining the transition rather than completing it.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Top