Discussion:
Wicked OT: 240.0.0.0/4 netblock
(too old to reply)
Rich Brown
2018-10-19 18:36:33 UTC
Permalink
Sorry for distracting you from important things, but I have a question for people more knowledgeable about routing than I am...

There's a person on the OpenWrt forum who is asking about using the 240.0.0.0/4 netblock for some (undefined) purpose. (If you're terminally curious, or need another reason to yell at the monitor, you could look at: https://forum.openwrt.org/t/private-network-using-240-0-0-0-4-netblock/23543/5)

MY QUESTION: I have always believed that this netblock is not routable. Is this true? (A simple yes/no answer would be sufficient.)

Many thanks!

Rich

PS I've seen the IANA advice that those addresses should not be used. (See the final note on the thread.) I'm more interested in whether it would ever work in practice: don't most upstreams block that address?

PPS for all you non-Vermonters, "wicked" in this context means "extremely", often in an interesting way
Dave Taht
2018-10-19 18:53:21 UTC
Permalink
Post by Rich Brown
Sorry for distracting you from important things, but I have a question for people more knowledgeable about routing than I am...
There's a person on the OpenWrt forum who is asking about using the 240.0.0.0/4 netblock for some (undefined) purpose. (If you're terminally curious, or need another reason to yell at the monitor, you could look at: https://forum.openwrt.org/t/private-network-using-240-0-0-0-4-netblock/23543/5)
MY QUESTION: I have always believed that this netblock is not routable. Is this true? (A simple yes/no answer would be sufficient.)
240 is routable if you don't use a standard martians list.
http://www.radb.net/query/?keywords=fltr-martian
blocks 224/3.

It may not be routable on older versions of windows.

It may not even be assignable on some OSes and tools, currently.

It's certainly blocked on many a bogon filter and in our bcp38 package

An attempt to make "E" useful died a decade ago:
https://tools.ietf.org/html/draft-fuller-240space-02

Still, it would be a better world with 268m more routable ips in it,
wouldn't it?
Post by Rich Brown
Many thanks!
Rich
PS I've seen the IANA advice that those addresses should not be used. (See the final note on the thread.) I'm more interested in whether it would ever work in practice: don't most upstreams block that address?
PPS for all you non-Vermonters, "wicked" in this context means "extremely", often in an interesting way
_______________________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
--

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740
v***@vt.edu
2018-10-19 19:09:41 UTC
Permalink
Post by Dave Taht
https://tools.ietf.org/html/draft-fuller-240space-02
Still, it would be a better world with 268m more routable ips in it,
wouldn't it?
Not really. That ship sailed long ago - class E space is effectively useless
until a large percentage of systems are upgraded to support it. And if you're
going to be upgrading all the CPE and ISP hardware/software *anyhow*, you may
as well enable and use IPv6 and get a lot more than 268M routable addresses for
the effort.

And its presence in bogon lists will make it quite the whack-a-mole challenge.
Those of us who have been around for a while can remember all the fun when 8/8
and 12/8 were no longer bogons. And the net was a lot smaller then, with a lot
fewer moles that needed whacking.
Dave Taht
2018-10-19 19:13:01 UTC
Permalink
Post by v***@vt.edu
Post by Dave Taht
https://tools.ietf.org/html/draft-fuller-240space-02
Still, it would be a better world with 268m more routable ips in it,
wouldn't it?
Not really. That ship sailed long ago - class E space is effectively useless
until a large percentage of systems are upgraded to support it. And if you're
going to be upgrading all the CPE and ISP hardware/software *anyhow*, you may
as well enable and use IPv6 and get a lot more than 268M routable addresses for
the effort.
the thing really POing me is not getting static ipv6 addrs. ipv4 nat
is useful for internal services. Until that day I can get a ipv6/48 PI
from comcast I'm gonna be unhappy.
Post by v***@vt.edu
And its presence in bogon lists will make it quite the whack-a-mole challenge.
Those of us who have been around for a while can remember all the fun when 8/8
and 12/8 were no longer bogons. And the net was a lot smaller then, with a lot
fewer moles that needed whacking.
what worked for 8 was to put some essential services on it, eventually. 8.8.8.8.
--
Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740
Jonathan Morton
2018-10-19 18:54:00 UTC
Permalink
Post by Rich Brown
MY QUESTION: I have always believed that this netblock is not routable. Is this true? (A simple yes/no answer would be sufficient.)
According to https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml the 240/4 netblock is:

NOT valid as a source or destination address for packets between devices.

NOT forwardable.

NOT globally reachable.

IS "reserved by protocol":

o Reserved-by-Protocol - A boolean value indicating whether the
special-purpose address block is reserved by IP, itself. This
value is "TRUE" if the RFC that created the special-purpose
address block requires all compliant IP implementations to behave
in a special way when processing packets either to or from
addresses contained by the address block.

I'm sure you could use those addresses in a closed, controlled laboratory network - but not in anything you plan to deploy commercially or publicly. It would be better to use IPv6, IMHO.

- Jonathan Morton
Mikael Abrahamsson
2018-10-19 19:04:40 UTC
Permalink
Post by Rich Brown
MY QUESTION: I have always believed that this netblock is not routable.
Is this true? (A simple yes/no answer would be sufficient.)
Most host stacks do not handle 240/4 correctly. Getting this working
outside of a very closed and controlled network is not feasible.

You would need to validate all devices to support this 240/4 block that
most IP stacks today will not use.
--
Mikael Abrahamsson email: ***@swm.pp.se
Mikael Abrahamsson
2018-10-21 16:26:16 UTC
Permalink
Post by Mikael Abrahamsson
Most host stacks do not handle 240/4 correctly. Getting this working
outside of a very closed and controlled network is not feasible.
You would need to validate all devices to support this 240/4 block that
most IP stacks today will not use.
I think starting down this road with the idea of making it like the 10/8
block would still be a win. I've seen enough companies running into grief
with allocation issues in the 10/8 block that the idea of having an
additional /4 block available, even if only Linux and routers supported it
would be very useful. (especially with container heavy environments)
As long as you validate everything that is being connected in there and it
never leaks outside (remember, that is hard, for example look at MS
leaking their internal IPs in email headers), you can do whatever you
want.
--
Mikael Abrahamsson email: ***@swm.pp.se
Mikael Abrahamsson
2018-10-22 09:05:48 UTC
Permalink
leaking to the outside in e-mail headers or other payload is no different
from the current RFC local addresses
Well, it is. For instance spam detection software might think that class-E
in mail header means obligatory SPAM. I don't know, I'm just speculating.
The problem would be if you allowed the address to leak in the IP headers.
There can be problems outside of just IP headers. The SIP people have IPv6
problems even if they're not doing IPv6 (since it can pop up in the
SIP signaling payload). There are lots of protocols that carry this kind
of information within the protocol, and it does leak.
--
Mikael Abrahamsson email: ***@swm.pp.se
Stephen Hemminger
2018-11-15 03:28:54 UTC
Permalink
It might be useable as yet another private network reserved range. But like
others said only with a known good set of devices.
leaking to the outside in e-mail headers or other payload is no
different
from the current RFC local addresses
Well, it is. For instance spam detection software might think that class-E
in mail header means obligatory SPAM. I don't know, I'm just speculating.
The problem would be if you allowed the address to leak in the IP
headers.
There can be problems outside of just IP headers. The SIP people have IPv6
problems even if they're not doing IPv6 (since it can pop up in the
SIP signaling payload). There are lots of protocols that carry this kind
of information within the protocol, and it does leak.
--
_______________________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
Loading...