Whois 172/12

Justin M. Streiner streiner at cluebyfour.org
Sun Jan 15 15:39:12 UTC 2012

On Sun, 15 Jan 2012, Ted Fischer wrote:

> Thanks for the replies so far, but not what I was looking for.
> I should have specified that I've done several ns & dig lookups just to
> make sure.
> We were supposed to have lit up the last of IPv4 last year.  I would have
> presumed that meant that there was nothing left.  Since I can't find a
> reference to 172/12 anywhere, one might be led to presume that it was
> allocated somehow, to someone (perhaps inadvertently not recorded) since
> there are - supposedly - no fresh IPv4 addresses left to allocate, and the
> only reference to this block is that 172/8 is allocated to ARIN.  It
> doesn't even appear in RFC 5735.

While IANA allocated the last of the free IPv4 address pool to the 5 
recognized RIRs on 3 Feb 2011, that doesn't mean that all of those IPv4 
addresses were immediately assigned to providers or end-users.  The RIRs 
will exhaust their supplies of assignable IPv4 address space at different 
times, depend on their 'end game' assignment strategies and their overall 
consumption rate.  APNIC exhausted most of their available address 
space by last April.

172/8 was a legacy block, from which 172.16/12 was allocated for RFC 
1918.  Looking at  http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml 
shows many of the legacy allocations being administered by ARIN, but also 
a few being administered by RIPE and APNIC.  There is a difference between 
an RIR being tasked with administering a chunk of legacy space and being 
officially allocated a chunk of space by IANA.  In the case of 172/8, it 
was allocated in the InterNIC days, so users could be scattered all over 
the world, but ARIN handles in-addr.arpa delegation for it.  Since ARIN 
was not (as far as I know) formally tasked with allocating remaining space 
from 172/8, that space it will not be assigned to SPs or users by ARIN.

> My question is about 172/12.  Where is it, what is it's supposed purpose.
> I'm almost sure it's an internal box.  I just find it better to give a
> professional answer to "why can't I use this" than just "you can't use
> this and why is this address scanning you for udp/137 anyway".

As others have pointed out, if or some subset of it doesn't 
exist in the global routing table, then the packets you saw are either 
coming from outside of your network - spoofed - or coming from somewhere 
inside your network.

> If someone can point out to me what was done with 172/12 I'd appreciate it.

I'm not aware of anything more detailed that what I've noted above or what 
other posted have contributed to this thread.


More information about the NANOG mailing list