[lacnog] Question about 240/4 space
Fernando Frediani
fhfrediani en gmail.com
Jue Jul 25 12:46:56 -03 2019
Hi Jordi
Yes, I am aware and certainly isn't something easy (if even possible) to
handle. Not only Windows XP and Vista but as mentioned EOL Routers still
running in many places.
The last time I was in similar discussion the only explanation given was
"It is not worth" but only that would be gospel if not questioned why,
so wanted to understand deeper the details mentioned here. In reality I
better understand this is near impossible to get fully functional, and
at best scenario would be a "poor quality IP space" as mentioned by
Carlos. But needed more content shared by some of you in order to
understand it better and also be able to explain to others as I have not
participated in these discussions in IETF myself.
Thanks to all who shared their views on this topic.
Fernando
On 25/07/2019 12:30, JORDI PALET MARTINEZ via LACNOG wrote:
>
> Hi Fernando,
>
> Let’s suppose all the CE and network equipment work with that.
>
> Let’s suppose only Windows XP and Vista has a problem with that.
>
> Do you know how many clients in government networks and enterprises
> are still using those, not to mention home users …
>
> I really think this will not be against IPv6 deployment, but at a
> minimum not helpful, and the effort required, consequently, better
> used in IPv6 deployment.
>
> Every time we “just speak” about “we may extend a bit IPv4 lifetime”
> many decision makers say, “oh well, this is going on, one more reason
> not to rush into IPv6”.
>
> Regards,
>
> Jordi
>
> @jordipalet
>
> El 24/7/19 21:30, "LACNOG en nombre de Fernando Frediani"
> <lacnog-bounces en lacnic.net <mailto:lacnog-bounces en lacnic.net> en
> nombre de fhfrediani en gmail.com <mailto:fhfrediani en gmail.com>> escribió:
>
> Hello Jordi, Carlos e Jorge.
> Thanks a lot for your input and views on this subject.
>
> Yes, I think one the main things to look at is this need of firmware
> upgrades everywhere and where it has been blocked to be forwarded as
> legitimate packet. But here it comes the first question: Is that the
> situation on all or majority of big vendors or just some of them ?
>
> On the last proposal I have read it is mentioned there by the authors:
> "/The following operating systems support the use of 240.0.0.0/4 as
> unicast, globally reachable address space: Solaris, Linux, Android,
> Apple OSX, Apple IOS, and FreeBSD. This support has existed since
> approximately 2008. There are some issues with parts of BSD network
> stack that treat Class-E addresses as "invalid". There are also cases
> of translation (NAT64) where checks reject Class-E addresses and need
> small fixes. In both cases we have the patches under review for
> FreeBSD. Four out of the top 5 open source IoT stacks already treat
> 240/4 as unicast, with a 3 line patch awaiting submission for the fifth.
> ...
> Juniper routers block traffic for 240/4 by default, but there has been
> a simple configuration switch to disable that check since 2010, at
> which point they are fully functional."/
>
> One big problem mentioned that remains is about recent versions of
> Microsoft Windows. That would certainly have to be worked out, but in
> the other hand the upgrade is much easier to reach most PCs than a
> firmware.
>
> I must agree with Carlos mention about an kind 'poor quality IP space'
> due to these various issues that would arise. If that would ever come
> to be a reality it would have to be at some point some level of forced
> retirement of many devices that no longer can receive updates. And
> certainly this type of thing must be accounted on the total cost.
>
> With regards Jordi's mention of a single vendor not willing to do the
> proper updates to support 240/8 I guess that may not be a showstopper,
> but instead just a hindering. Here it comes something interesting: as
> this would be something very apparent and almost impossible to not be
> unnoticed, it would be a lot of damage to those vendors who fail to
> adapt. I mean, it would not be something partial that could or not
> pass unnoticed in some situations like a minor IPv6 of BGP feature not
> working as expected. Obviously this must also be accounted to the
> total cost of making it happen.
>
> Again, my view is that something like this will not hit IPv6
> Deployment. I think it is happening well lately and will lucky
> continue to happen exponentially for the next years and a optimistic
> scenario. But in the other hand I still believe the dependency of IPv4
> will increase in such way that in not much time ahead it will start to
> cause serious growing conflicts that will not be restricted to
> specific companies. As you very well know they will still be need for
> translations even in a near-perferct-IPv6 environment/network, some
> Hosting scenarios and not to be forgotten, the new comers as
> Autonomous Systems that are equally important the others mentioned.
>
> To finish, one question that still keeps hitting my mind remains: Who
> had the idea in first place to put a block in a IP space tagged as
> "Future Use" by IANA ? What came to his/her mind to imagine it would
> never be used for unicast ?
>
> Best regards
> Fernando Frediani
>
> On 24/07/2019 17:40, Carlos Marcelo Martinez Cagnazzo wrote:
>
> Hi Fernando,
>
> I’ll be answering in Spanish if that is not a problem.
>
> Es una muy buena pregunta. Resumiendo, el espacio IPv4 240.0.0.0/4
> está marcado en los registros de IANA como “Uso Futuro”. Esta
> asignación surge de la Sección 4 de la RFC 1112
> (https://tools.ietf.org/html/rfc1112). La pregunta es… ¿no podemos
> re-designar estos 16 /8s como espacio unicast y asignarlos, dado
> que son tan necesarios?
>
> Es una pregunta muy válida. La RFC 1112 data de 1989, una fecha
> que parece hoy casi prehistórica. La Internet en 1989 era una red
> pequeña, limitada a organizaciones de gobierno, universidades, etc.
>
> Yo tengo mi posición personal, y no estoy convencido de que valga
> la pena. No porque “vaya a demorar el despliegue de IPv6”, sino
> por otra razón. Este espacio de direcciones, si lo comenzamos a
> asignar, va a ser un espacio de direccionamiento de calidad inferior.
>
> ¿Porque?
>
> Para poder utilizar 240/4 como espacio unicast hace falta que los
> fabricantes de equipamiento *todos* actualicen su software y en
> sus stacks permitan que paquetes en este rango de direcciones sea
> procesado como unicast. Estoy hoy no es así.
>
> Ahora bien, no alcanza solo con que los fabricantes actualicen su
> software. TODOS nosotros operadores desde microscópicos a gigantes
> tenemos que actualizer los softwares y firmwares de TODO nuestro
> equipamiento para que estos paquetes en la 240/4 sean tratados de
> igual manera que digamos, los de la 179/8. Todo equipo que hable
> IP producido en los últimos 30 años va a tener que ser actualizado.
>
> Nuestro historial como industria implementando estos cambios en
> escala es muy malo. Hasta el día de hoy hay firewalls que
> descartan paquetes UDP de DNS de mas de 512 bytes (EDNS0 data de
> 2013), stacks que implementan IPv6 mal, routers que no soportan
> ciertos elementos de BGP, etc.
>
> Lo que va a pasar es que eventualmente comencemos a asignar
> espacio de la 240/8, quienes reciban espacio van a tener un
> servicio de calidad muy muy inferior. Van a tener errores de
> conexión y timeouts muy difíciles de depurar. Van a tener
> problemas con sus clientes. Van a tener problemas en conseguir
> tránsito y peering que soporte esto.
>
> Por este motivo fundamentalmente, no estoy de acuerdo con la
> propuesta. Sin embargo, la discusión está abierta en el IETF y
> serán todos más que bienvenidos en enviar sus comentarios a las
> listas de correo relevantes.
>
> Saludos,
>
> /Carlos
>
>
>
> On Jul 24, 2019, at 4:16 PM, Fernando Frediani
> <fhfrediani en gmail.com <mailto:fhfrediani en gmail.com>> wrote:
>
> Hello folks
>
> I wanted to put a question about this topic in order to learn
> a bit deeper into this question from the community who have
> better knowledge about it, specially those who have more IETF
> involvement.
>
> The last time I asked why still the 240/4 wasn't turned into
> usable /8's to be distributed to all RIRs and therefore to
> LIRs and End-users. The explanation I was given at the time
> was that people considered it for quiet a while and came to a
> conclusion that was not worth the cost of 'changing everything
> needed to be changed' in order to make it work as expected.
> Some have mentioned that some network firmware had embedded in
> it to not even forward packets in this IP space.
> On this basis I wanted also to understand also who was the
> 'clever' idea to deny forwarding to this packets in firmware
> to something tagged as "Future Use", therefore that had the
> expectation to be used one day in the future ?
>
> I am asking this because I have been reading some 'yet again'
> proposals to make it viable and wanted to understand what are
> the the biggest technical challenges to make it viable.
> If it is true that some firmware have this limitation, and it
> goes down to a CPE level I can start understanding the amount
> of work to get every single equipment updated to be able to
> talk to these future networks. Even in a ISP/Telecom level one
> thing that comes to mind is where you have very old and EOF
> routers still in production and people refusing to take them
> our of production, no doubt even if Network vendors would
> provide an updated firmware version those routers would never
> receive it. Besides that what other big concerns are in your
> view ?
>
> With regards the points some people frequently raise about
> that any extension to IPv4 space is a killer to IPv6
> Deployments to come, I personally refuse to believe in that,
> at least not in a binary way was sometimes is preached. I see
> that regardless the improvements in IPv6 deployment (which I
> obviously support and actively practice on my day by day) I
> always had the impression that we will live with the IPv4
> internet for at least, in a very optimistic scenario for
> another 10 years or more. Recently I read a report about this
> subject that mentioned at least another 20 years.
>
> And even when it is said that no matter how much IPv4 becomes
> available it will never be enough and would be exhausted quiet
> quickly (probably true). Well, I would say that if there is
> any chance for these 'new' IPv4 to become functional they
> should never be intended to be used as they have been in the
> last decades, but instead to certain and specific usages as
> mainly facilitate IPv6 deployment and translation techniques,
> Hosting and other scenarios where no-IPv4-at-all is not an option.
>
> Appreciate any comments and contributions to make it possible
> to understand this subject better.
>
> Best regards
> Fernando Frediani
>
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net <mailto:LACNOG en lacnic.net>
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion:
> https://mail.lacnic.net/mailman/options/lacnog
>
>
>
> _______________________________________________
>
> LACNOG mailing list
>
> LACNOG en lacnic.net <mailto:LACNOG en lacnic.net>
>
> https://mail.lacnic.net/mailman/listinfo/lacnog
>
> Cancelar suscripcion:https://mail.lacnic.net/mailman/options/lacnog
>
> _______________________________________________ LACNOG mailing list
> LACNOG en lacnic.net https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged
> or confidential. The information is intended to be for the exclusive
> use of the individual(s) named above and further non-explicilty
> authorized disclosure, copying, distribution or use of the contents of
> this information, even if partially, including attached files, is
> strictly prohibited and will be considered a criminal offense. If you
> are not the intended recipient be aware that any disclosure, copying,
> distribution or use of the contents of this information, even if
> partially, including attached files, is strictly prohibited, will be
> considered a criminal offense, so you must reply to the original
> sender to inform about this communication and delete it.
>
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20190725/ef347731/attachment-0001.html>
Más información sobre la lista de distribución LACNOG