240/4

Daniel Senie dts at senie.com
Tue Oct 16 22:01:51 UTC 2007


At 05:20 PM 10/16/2007, David Ulevitch wrote:

>Daniel Senie wrote:
>>If  all of 240/4 is given over without guidance to private address use, a
>>huge mess will follow, should we later decide it safe to use on the 
>>public network.
>
>Nobody would allow that to happen.  Once it goes RFC1918, it would 
>never go back.
>
>Adding four /8's to the IPv4 RIR assignable space (as you suggest) 
>isn't buying anyone any time before we run out.

No. It would provide a play space where this could be explored 
further, and may be of use for private interconnects between some 
companies. It would not hurt anything to allocate this space.


>The effort someone would spend figuring out if 204/4 is reachable 
>and not-pain-inducing in their infrastructure is better spent 
>figuring out how to make IPv6 work within their sphere of responsibilities.

The code changes to solid, proven IPv4 stacks to allow 240/4 to work 
are likely to expose enterprises to very little risk. Certainly we 
can expect it to be a lot less risk than IPv6 stacks which are at 
this point largely unproven. Adding additional IPv4 space from 240/4 
may well buy enterprises enough time in the IPv4 world for IPv6 to 
receive sufficient code coverage and native deployment for 
corporations to accept the risk of introducing IPv6 on a broad scale.

I know you're trying to beat the drum that everyone should get off 
their posteriors and roll out IPv6, but every time I go research 
another product that'd be needed, it's not ready. The latest was in 
reading the release notes for firewalls from one vendor. Sure the 
boxes will handle IPv6 in some fashion, but oh, sorry, you wanted to 
deploy a redundant pair of firewalls? The stateful synchronization 
isn't ready yet.

Given the relative simplicity of the code change to activate 240/4 in 
an IPv4 stack, it's likely all major vendors could have patches out 
for allowing its use in private networks with little risk and little 
expendature of time. It's quite likely such changes could be out a 
very long time before IPv6 stacks in firewalls, routers and hosts 
receive sufficient testing to be deemed safe. 




More information about the NANOG mailing list