Skip to main content

IPv4 squatting: awareness raising and research

As has been noted again in recent days, some ISPs, vendors and end users have been using previously unallocated IPv4  blocks to address their own networks and devices. When these address blocks become officially allocated or assigned, the prior use can lead to routing problems both for the new holder of the addresses and the person who used them without authorization. This is an unfortunate problem that we have been trying to raise awareness of over the last few years.

In September 2007 I wrote an article about the issue for Cisco’s IP Journal. Over the next few months we conducted some preliminary research into the extent of this usage and presented the preliminary findings at a few network operator meetings.

Once we had a workable method for researching the problem we commissioned Duane Wessels to do a thorough analysis using the DITL data collected by DNS OARC. His research was then presented at the Brooklyn DNS OARC meeting in mid 2008. Obviously, we also shared this research with you on this blog.

At the start of this year, APNIC received 1.0.0.0/8, a block which many network operators have improperly been using for years. Often this use predates the creation of ICANN and is very entrenched. Rather than rushing this address space into use, APNIC staff has been working with other RIRs and network operators to look at the scale of traffic sent to various parts of this /8 and where else it is used on the Internet.

People who have numbered networks using this address block and others that are yet to be allocated will find that they experience connectivity problems and hard to resolve helpdesk calls as a result of this use. Similar problems occur for the legitimate users of the address space. This is the whole point of a single, authoritative allocation registry for IP addresses and other unique identifiers. When resources are simply taken, not assigned, uniqueness is challenged and any protocol that relies on uniqueness can fail.

Of course, the story doesn’t end there. These problems just make it even more clear why it is important for us all to provide services and connect to them over IPv6. IPv6 is so big that there is no justification for using address space that has not been allocated or that has been allocated to someone else. And if you want unique, private addresses then they are available too.

Comments

    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."