[Cerowrt-devel] Wicked OT: 240.0.0.0/4 netblock

[Cerowrt-devel] Wicked OT: 240.0.0.0/4 netblock

[Rich Brown]

Sorry for distracting you from important things, but I have a question for people more knowledgeable about routing than I am...

There's a person on the OpenWrt forum who is asking about using the 240.0.0.0/4 netblock for some (undefined) purpose. (If you're terminally curious, or need another reason to yell at the monitor, you could look at: https://forum.openwrt.org/t/private-network-using-240-0-0-0-4-netblock/23543/5)

MY QUESTION: I have always believed that this netblock is not routable. Is this true? (A simple yes/no answer would be sufficient.)

Many thanks!

Rich

PS I've seen the IANA advice that those addresses should not be used. (See the final note on the thread.) I'm more interested in whether it would ever work in practice: don't most upstreams block that address?

PPS for all you non-Vermonters, "wicked" in this context means "extremely", often in an interesting way

Re: [Cerowrt-devel] Wicked OT: 240.0.0.0/4 netblock

[Dave Taht]

On Fri, Oct 19, 2018 at 11:36 AM Rich Brown <richb.hanover@gmail.com> wrote:
>
> Sorry for distracting you from important things, but I have a question for people more knowledgeable about routing than I am...
>
> There's a person on the OpenWrt forum who is asking about using the 240.0.0.0/4 netblock for some (undefined) purpose. (If you're terminally curious, or need another reason to yell at the monitor, you could look at: https://forum.openwrt.org/t/private-network-using-240-0-0-0-4-netblock/23543/5)
>
> MY QUESTION: I have always believed that this netblock is not routable. Is this true? (A simple yes/no answer would be sufficient.)

240 is routable if you don't use a standard martians list.
http://www.radb.net/query/?keywords=fltr-martian
blocks 224/3.

It may not be routable on older versions of windows.

It may not even be assignable on some OSes and tools, currently.

It's certainly blocked on many a bogon filter and in our bcp38 package

An attempt to make "E" useful died a decade ago:
https://tools.ietf.org/html/draft-fuller-240space-02

Still, it would be a better world with 268m more routable ips in it,
wouldn't it?




> Many thanks!
>
> Rich
>
> PS I've seen the IANA advice that those addresses should not be used. (See the final note on the thread.) I'm more interested in whether it would ever work in practice: don't most upstreams block that address?
>
> PPS for all you non-Vermonters, "wicked" in this context means "extremely", often in an interesting way
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
--

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

Re: [Cerowrt-devel] Wicked OT: 240.0.0.0/4 netblock

[Jonathan Morton]

> On 19 Oct, 2018, at 9:36 pm, Rich Brown <richb.hanover@gmail.com> wrote:
> 
> MY QUESTION: I have always believed that this netblock is not routable. Is this true? (A simple yes/no answer would be sufficient.)

According to https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml the 240/4 netblock is:

NOT valid as a source or destination address for packets between devices.

NOT forwardable.

NOT globally reachable.

IS "reserved by protocol":

o  Reserved-by-Protocol - A boolean value indicating whether the
      special-purpose address block is reserved by IP, itself.  This
      value is "TRUE" if the RFC that created the special-purpose
      address block requires all compliant IP implementations to behave
      in a special way when processing packets either to or from
      addresses contained by the address block.

I'm sure you could use those addresses in a closed, controlled laboratory network - but not in anything you plan to deploy commercially or publicly.  It would be better to use IPv6, IMHO.

 - Jonathan Morton

Re: [Cerowrt-devel] Wicked OT: 240.0.0.0/4 netblock

[Mikael Abrahamsson]

On Fri, 19 Oct 2018, Rich Brown wrote:

> MY QUESTION: I have always believed that this netblock is not routable. 
> Is this true? (A simple yes/no answer would be sufficient.)

Most host stacks do not handle 240/4 correctly. Getting this working 
outside of a very closed and controlled network is not feasible.

You would need to validate all devices to support this 240/4 block that 
most IP stacks today will not use.

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se

Re: [Cerowrt-devel] Wicked OT: 240.0.0.0/4 netblock

[valdis.kletnieks]

[-- Attachment #1: Type: text/plain, Size: 866 bytes --]

On Fri, 19 Oct 2018 11:53:21 -0700, Dave Taht said:
> An attempt to make "E" useful died a decade ago:
> https://tools.ietf.org/html/draft-fuller-240space-02
>
> Still, it would be a better world with 268m more routable ips in it,
> wouldn't it?

Not really.  That ship sailed long ago - class E space is effectively useless
until a large percentage of systems are upgraded to support it.  And if you're
going to be upgrading all the CPE and ISP hardware/software *anyhow*, you may
as well enable and use IPv6 and get a lot more than 268M routable addresses for
the effort.

And its presence in bogon lists will make it quite the whack-a-mole challenge.
Those of us who have been around for a while can remember all the fun when 8/8
and 12/8 were no longer bogons.  And the net was a lot smaller then, with a lot
fewer moles that needed whacking.


[-- Attachment #2: Type: application/pgp-signature, Size: 486 bytes --]

Re: [Cerowrt-devel] Wicked OT: 240.0.0.0/4 netblock

[Dave Taht]

On Fri, Oct 19, 2018 at 12:09 PM <valdis.kletnieks@vt.edu> wrote:
>
> On Fri, 19 Oct 2018 11:53:21 -0700, Dave Taht said:
> > An attempt to make "E" useful died a decade ago:
> > https://tools.ietf.org/html/draft-fuller-240space-02
> >
> > Still, it would be a better world with 268m more routable ips in it,
> > wouldn't it?
>
> Not really.  That ship sailed long ago - class E space is effectively useless
> until a large percentage of systems are upgraded to support it.  And if you're
> going to be upgrading all the CPE and ISP hardware/software *anyhow*, you may
> as well enable and use IPv6 and get a lot more than 268M routable addresses for
> the effort.

the thing really POing me is not getting static ipv6 addrs. ipv4 nat
is useful for internal services. Until that day I can get a ipv6/48 PI
from comcast I'm gonna be unhappy.

> And its presence in bogon lists will make it quite the whack-a-mole challenge.
> Those of us who have been around for a while can remember all the fun when 8/8
> and 12/8 were no longer bogons.  And the net was a lot smaller then, with a lot
> fewer moles that needed whacking.

what worked for 8 was to put some essential services on it, eventually. 8.8.8.8.


-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

Re: [Cerowrt-devel] Wicked OT: 240.0.0.0/4 netblock

[Mikael Abrahamsson]

On Fri, 19 Oct 2018, David Lang wrote:

> On Fri, 19 Oct 2018, Mikael Abrahamsson wrote:
>
>> Most host stacks do not handle 240/4 correctly. Getting this working 
>> outside of a very closed and controlled network is not feasible.
>> 
>> You would need to validate all devices to support this 240/4 block that 
>> most IP stacks today will not use.
>
> I think starting down this road with the idea of making it like the 10/8 
> block would still be a win. I've seen enough companies running into grief 
> with allocation issues in the 10/8 block that the idea of having an 
> additional /4 block available, even if only Linux and routers supported it 
> would be very useful. (especially with container heavy environments)

As long as you validate everything that is being connected in there and it 
never leaks outside (remember, that is hard, for example look at MS 
leaking their internal IPs in email headers), you can do whatever you 
want.

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se

Re: [Cerowrt-devel] Wicked OT: 240.0.0.0/4 netblock

[Mikael Abrahamsson]

On Sun, 21 Oct 2018, David Lang wrote:

> leaking to the outside in e-mail headers or other payload is no different 
> from the current RFC local addresses

Well, it is. For instance spam detection software might think that class-E 
in mail header means obligatory SPAM. I don't know, I'm just speculating.

> The problem would be if you allowed the address to leak in the IP headers.

There can be problems outside of just IP headers. The SIP people have IPv6 
problems even if they're not doing IPv6 (since it can pop up in the 
SIP signaling payload). There are lots of protocols that carry this kind 
of information within the protocol, and it does leak.

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se

Re: [Cerowrt-devel] Wicked OT: 240.0.0.0/4 netblock

[Stephen Hemminger]

[-- Attachment #1: Type: text/plain, Size: 1114 bytes --]

It might be useable as yet another private network reserved range. But like
others said only with a known good set of devices.

On Mon, Oct 22, 2018, 2:05 AM Mikael Abrahamsson <swmike@swm.pp.se wrote:

> On Sun, 21 Oct 2018, David Lang wrote:
>
> > leaking to the outside in e-mail headers or other payload is no
> different
> > from the current RFC local addresses
>
> Well, it is. For instance spam detection software might think that class-E
> in mail header means obligatory SPAM. I don't know, I'm just speculating.
>
> > The problem would be if you allowed the address to leak in the IP
> headers.
>
> There can be problems outside of just IP headers. The SIP people have IPv6
> problems even if they're not doing IPv6 (since it can pop up in the
> SIP signaling payload). There are lots of protocols that carry this kind
> of information within the protocol, and it does leak.
>
> --
> Mikael Abrahamsson    email: swmike@swm.pp.se
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>

[-- Attachment #2: Type: text/html, Size: 1713 bytes --]