CC: s to Non List Members (was Re: 202203080924.AYC Re: 202203071610.AYC Re: Making Use of 240/4 NetBlock)
dave.taht at gmail.com
Wed Mar 9 04:55:57 UTC 2022
On Tue, Mar 8, 2022 at 11:30 PM Mark Andrews <marka at isc.org> wrote:
> Given the draft lies about the status of 127/8. Words have meanings.
> When all of 127.0.0.0/8 was reserved for loopback addressing, IPv4
> addresses were not yet recognized as scarce. Today, there is no
> justification for allocating 1/256 of all IPv4 addresses for this
> purpose, when only one of these addresses is commonly used and only a
> handful are regularly used at all. Unreserving the majority of these
> addresses provides a large number of additional IPv4 host addresses
> for possible use, alleviating some of the pressure of IPv4 address
> It is not RESERVED, it is ASSIGNED.
> The class A network number 127 is assigned the "loopback"
> function, that is, a datagram sent by a higher level protocol
> to a network 127 address should loop back inside the host. No
> datagram "sent" to a network 127 address should ever appear on
> any network anywhere.
> If it was actually reserved there would be much less complaint. People
> have made use of that space based on the fact that it was ASSIGNED a
> purpose whether you like that or feel that it was a good use of resources.
> Compulsory acquisition is something that should not be done lightly. It
> also requires fair compensation to be paid.
> > On 9 Mar 2022, at 13:35, Seth David Schoen <schoen at loyalty.org> wrote:
> > John R. Levine writes:
> >> This still doesn't mean that screwing around with 240/4 or, an even worse
> >> 127/8 minus 127/24, is a good idea.
> > I hope you'll be slightly mollified to learn that it's actually 127/8
> > minus 127/16.
> > https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-127/
> > That's the most challenging one, but we've still seen something of a
> > lack of people getting in touch to point out concrete problems.
> > One person did get in touch to describe an unofficial use of, apparently,
> > all of 127/8 as private address space in a VPN product. If people let
> > us know about more, we can investigate workarounds or possible changes
> > to our proposals.
> What’s “unofficial” about it? The point of ASSIGNING 127/8 for loopback
> meant the ANYONE could use that address space OFFICIALLY so long as packets
> with those addresses didn’t leave the machine.
re: *the machine*.
This touches upon the one use case I've come up with for narrowing the
scope of the loopback 127.x,
and widening it slightly.
What is a "machine"? nowadays there are fleets of microservices
(:cough: kubernetes) being deployed.
Crossing a security barrier within one machine is one thing, crossing
it into the wire between machines,
another. Local compute, separated by vms or containers, is often
orders of magnitude faster than going
over a wire, and a cluster of those can be carried from physical
machine to physical machine.
I otherwise don't want to be drawn into the tar-baby discussion about
127, it's discussion of utilizing 240/4
sanely and 0/8 sanely I desire more.
> > We previously thought that the reference NTP implementation was using
> > all of 127/8 to identify hardware clock drivers. But it turns out it
> > doesn't actually connect to these.
> > If anyone reading this knows of something that uses a loopback address
> > outside of 127/16 for an application, or something that can't be updated
> > and would be harmed if the rest of the network stopped treating this as
> > loopback, we'd be glad to hear about it.
> What does it matter what people are using those addresses for. They are
> using them in good faith and are under no obligation to report how they
> are using them.
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
I tried to build a better future, a few times:
Dave Täht CEO, TekLibre, LLC
More information about the NANOG