1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
|
Internet Engineering Task Force (IETF) J. Weil
Request for Comments: 6598 Time Warner Cable
BCP: 153 V. Kuarsingh
Updates: 5735 Rogers Communications
Category: Best Current Practice C. Donley
ISSN: 2070-1721 CableLabs
C. Liljenstolpe
Telstra Corp.
M. Azinger
Frontier Communications
April 2012
IANA-Reserved IPv4 Prefix for Shared Address Space
Abstract
This document requests the allocation of an IPv4 /10 address block to
be used as Shared Address Space to accommodate the needs of Carrier-
Grade NAT (CGN) devices. It is anticipated that Service Providers
will use this Shared Address Space to number the interfaces that
connect CGN devices to Customer Premises Equipment (CPE).
Shared Address Space is distinct from RFC 1918 private address space
because it is intended for use on Service Provider networks.
However, it may be used in a manner similar to RFC 1918 private
address space on routing equipment that is able to do address
translation across router interfaces when the addresses are identical
on two different interfaces. Details are provided in the text of
this document.
This document details the allocation of an additional special-use
IPv4 address block and updates RFC 5735.
Status of This Memo
This memo documents an Internet Best Current Practice.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
BCPs is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6598.
Weil, et al. Best Current Practice [Page 1]
^L
RFC 6598 Shared Address Space Request April 2012
IESG Note
A number of operators have expressed a need for the special-purpose
IPv4 address allocation described by this document. During
deliberations, the IETF community demonstrated very rough consensus
in favor of the allocation.
While operational expedients, including the special-purpose address
allocation described in this document, may help solve a short-term
operational problem, the IESG and the IETF remain committed to the
deployment of IPv6.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction ....................................................3
2. Requirements Language ...........................................3
3. Alternatives to Shared Address Space ............................3
4. Use of Shared CGN Space .........................................4
5. Risk ............................................................5
5.1. Analysis ...................................................5
5.2. Empirical Data .............................................6
6. Security Considerations .........................................7
7. IANA Considerations .............................................8
8. References ......................................................8
8.1. Normative References .......................................8
8.2. Informative References .....................................9
Appendix A. Acknowledgments .......................................10
Weil, et al. Best Current Practice [Page 2]
^L
RFC 6598 Shared Address Space Request April 2012
1. Introduction
IPv4 address space is nearly exhausted. However, ISPs must continue
to support IPv4 growth until IPv6 is fully deployed. To that end,
many ISPs will deploy a Carrier-Grade NAT (CGN) device, such as that
described in [RFC6264]. Because CGNs are used on networks where
public address space is expected, and currently available private
address space causes operational issues when used in this context,
ISPs require a new IPv4 /10 address block. This address block will
be called the "Shared Address Space" and will be used to number the
interfaces that connect CGN devices to Customer Premises Equipment
(CPE).
Shared Address Space is similar to [RFC1918] private address space in
that it is not globally routable address space and can be used by
multiple pieces of equipment. However, Shared Address Space has
limitations in its use that the current [RFC1918] private address
space does not have. In particular, Shared Address Space can only be
used in Service Provider networks or on routing equipment that is
able to do address translation across router interfaces when the
addresses are identical on two different interfaces.
This document requests the allocation of an IPv4 /10 address block to
be used as Shared Address Space. In conversations with many ISPs, a
/10 is the smallest block that will allow them to deploy CGNs on a
regional basis without requiring nested CGNs. For instance, as
described in [ISP-SHARED-ADDR], a /10 is sufficient to service Points
of Presence in the Tokyo area.
This document details the allocation of an additional special-use
IPv4 address block and updates [RFC5735].
2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
3. Alternatives to Shared Address Space
The interfaces that connect CGN devices to CPE might conceivably be
numbered from any of the following address spaces:
o legitimately assigned globally unique address space
o usurped globally unique address space (i.e., squat space)
Weil, et al. Best Current Practice [Page 3]
^L
RFC 6598 Shared Address Space Request April 2012
o [RFC1918] space
o Shared Address Space
A Service Provider can number the interfaces in question from
legitimately assigned globally unique address space. While this
solution poses the fewest problems, it is impractical because
globally unique IPv4 address space is in short supply. While the
Regional Internet Registries (RIRs) have enough address space to
allocate a single /10 to be shared by all Service Providers, they do
not have enough address space to make a unique assignment to each
Service Provider.
Service Providers MUST NOT number the interfaces in question from
usurped globally unique address space (i.e., squat space). If a
Service Provider leaks advertisements for squat space into the global
Internet, the legitimate holders of that address space may be
adversely impacted, as would those wishing to communicate with them.
Even if the Service Provider did not leak advertisements for squat
space, the Service Provider and its subscribers might lose
connectivity to the legitimate holders of that address space.
A Service Provider can number the interfaces in question from
[RFC1918] space if at least one of the following conditions is true:
o The Service Provider knows that the CPE/NAT works correctly when
the same [RFC1918] address block is used on both its inside and
outside interfaces.
o The Service Provider knows that the [RFC1918] address block that
it uses to number interfaces between the CGN and CPE is not used
on the subscriber side of the CPE.
Unless at least one of the conditions above is true, the Service
Provider cannot safely use [RFC1918] address space and must resort to
Shared Address Space. This is typically the case in an unmanaged
service, where subscribers provide their own CPE and number their own
internal network.
4. Use of Shared CGN Space
Shared Address Space is IPv4 address space designated for Service
Provider use with the purpose of facilitating CGN deployment. Also,
Shared Address Space can be used as additional non-globally routable
space on routing equipment that is able to do address translation
across router interfaces when the addresses are identical on two
different interfaces.
Weil, et al. Best Current Practice [Page 4]
^L
RFC 6598 Shared Address Space Request April 2012
Devices MUST be capable of performing address translation when
identical Shared Address Space ranges are used on two different
interfaces.
Packets with Shared Address Space source or destination addresses
MUST NOT be forwarded across Service Provider boundaries. Service
Providers MUST filter such packets on ingress links. One exception
to this paragraph's proscription is in the case of business
relationships, such as hosted CGN services.
When running a single DNS infrastructure, Service Providers MUST NOT
include Shared Address Space in zone files. When running a split DNS
infrastructure, Service Providers MUST NOT include Shared Address
Space in external-facing zone files.
Reverse DNS queries for Shared Address Space addresses MUST NOT be
forwarded to the global DNS infrastructure. DNS Providers SHOULD
filter requests for Shared Address Space reverse DNS queries on
recursive nameservers. This is done to avoid having to set up
something similar to AS112.net for [RFC1918] private address space
that a host has incorrectly sent for a DNS that reverse-maps queries
on the public Internet [RFC6304].
Because CGN service requires non-overlapping address space on each
side of the home NAT and CGN, entities using Shared Address Space for
purposes other than for CGN service, as described in this document,
are likely to experience problems implementing or connecting to CGN
service at such time as they exhaust their supply of public IPv4
addresses.
5. Risk
5.1. Analysis
Some existing applications discover the outside address of their
local CPE, determine whether the address is reserved for special use,
and behave differently based on that determination. If a new IPv4
address block is reserved for special use and that block is used to
number CPE outside interfaces, some of the above-mentioned
applications may fail.
For example, assume that an application requires its peer (or some
other device) to initiate an incoming connection directly with its
CPE's outside address. That application discovers the outside
address of its CPE and determines whether that address is reserved
for special use. If the address is reserved for special use, the
application rightly concludes that the address is not reachable from
Weil, et al. Best Current Practice [Page 5]
^L
RFC 6598 Shared Address Space Request April 2012
the global Internet and behaves in one manner. If the address is not
reserved for special use, the application assumes that the address is
reachable from the global Internet and behaves in another manner.
While the assumption that a non-special-use address is reachable from
the global Internet is generally safe, it is not always true (e.g.,
when the CPE outside interface is numbered from globally unique
address space but that address is not advertised to the global
Internet as when it is behind a CGN). Such an assumption could cause
certain applications to behave incorrectly in those cases.
5.2. Empirical Data
The primary motivation for the allocation of Shared Address Space is
as address space for CGNs; the use and impact of CGNs has been
previously described in [RFC6269] and [NAT444-IMPACTS]. Some of the
services adversely impacted by CGNs are as follows:
1. Console gaming -- some games fail when two subscribers using the
same outside public IPv4 address try to connect to each other.
2. Video streaming -- performance is impacted when using one of
several popular video-streaming technologies to deliver multiple
video streams to users behind particular CPE routers.
3. Peer-to-peer -- some peer-to-peer applications cannot seed
content due to the inability to open incoming ports through the
CGN. Likewise, some SIP client implementations cannot receive
incoming calls unless they first initiate outgoing traffic or
open an incoming port through the CGN using the Port Control
Protocol (PCP) [PCP-BASE] or a similar mechanism.
4. Geo-location -- geo-location systems identify the location of the
CGN server, not the end host.
5. Simultaneous logins -- some websites (particularly banking and
social-networking websites) restrict the number of simultaneous
logins per outside public IPv4 address.
6. 6to4 -- 6to4 requires globally reachable addresses and will not
work in networks that employ addresses with limited topological
span, such as those employing CGNs.
Based on testing documented in [NAT444-IMPACTS], the CGN impacts on
items 1-5 above are comparable regardless of whether globally unique,
Shared Address Space, or [RFC1918] addresses are used. There is,
however, a difference between the three alternatives in the treatment
of 6to4.
Weil, et al. Best Current Practice [Page 6]
^L
RFC 6598 Shared Address Space Request April 2012
As described in [RFC6343], CPE routers do not attempt to initialize
6to4 tunnels when they are configured with [RFC1918] or [RFC5735] WAN
addresses. When configured with globally unique or Shared Address
Space addresses, such devices may attempt to initiate 6to4, which
would fail. Service Providers can mitigate this issue using 6to4
Provider Managed Tunnels [6to4-PMT] or blocking the route to
192.88.99.1 and generating an IPv4 'destination unreachable' message
[RFC6343]. When the address range is well-defined, as with Shared
Address Space, CPE router vendors can include Shared Address Space in
their list of special-use addresses (e.g., [RFC5735]) and treat
Shared Address Space similarly to [RFC1918] space. When the CGN-CPE
address range is not well-defined, as in the case of globally unique
space, it will be more difficult for CPE router vendors to mitigate
this issue.
Thus, when comparing the use of [RFC1918] and Shared Address Space,
Shared Address Space poses an additional impact on 6to4 connectivity,
which can be mitigated by Service Provider or CPE router vendor
action. On the other hand, the use of [RFC1918] address space poses
more of a challenge vis-a-vis Shared Address Space when the
subscriber and Service Provider use overlapping [RFC1918] space,
which will be outside the Service Provider's control in the case of
unmanaged service. Service Providers have indicated that it is more
challenging to mitigate the possibility of overlapping [RFC1918]
address space on both sides of the CPE router than it is to mitigate
the 6to4 impacts of Shared Address Space.
6. Security Considerations
Similar to other [RFC5735] special-use IPv4 addresses, Shared Address
Space does not directly raise security issues. However, the Internet
does not inherently protect against abuse of these addresses.
Attacks have been mounted that depend on the unexpected use of
similar special-use addresses. Network operators are encouraged to
review this document and determine what security policies should be
associated with this address block within their specific operating
environments. They should consider including Shared Address Space in
Ingress Filter lists [RFC3704], unless their Internet service
incorporates a CGN.
Weil, et al. Best Current Practice [Page 7]
^L
RFC 6598 Shared Address Space Request April 2012
To mitigate potential misuse of Shared Address Space, except where
required for hosted CGN service or a similar business relationship,
o routing information about Shared Address Space networks MUST NOT
be propagated across Service Provider boundaries. Service
Providers MUST filter incoming advertisements regarding Shared
Address Space.
o packets with Shared Address Space source or destination addresses
MUST NOT be forwarded across Service Provider boundaries. Service
Providers MUST filter such packets on ingress links.
o Service Providers MUST NOT include Shared Address Space in
external-facing DNS zone files.
o reverse DNS queries for Shared Address Space addresses MUST NOT be
forwarded to the global DNS infrastructure.
o DNS Providers SHOULD filter requests for Shared Address Space
reverse DNS queries on recursive nameservers.
7. IANA Considerations
IANA has recorded the allocation of an IPv4 /10 for use as Shared
Address Space.
The Shared Address Space address range is 100.64.0.0/10.
8. References
8.1. Normative References
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., de Groot, G.,
and E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, February 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC5735] Cotton, M. and L. Vegoda, "Special Use IPv4 Addresses",
BCP 153, RFC 5735, January 2010.
Weil, et al. Best Current Practice [Page 8]
^L
RFC 6598 Shared Address Space Request April 2012
8.2. Informative References
[6to4-PMT] Kuarsingh, V., Ed., Lee, Y., and O. Vautrin, "6to4
Provider Managed Tunnels", Work in Progress,
February 2012.
[ISP-SHARED-ADDR]
Yamagata, I., Miyakawa, S., Nakagawa, A., Yamaguchi, J.,
and H. Ashida, "ISP Shared Address", Work in Progress,
January 2012.
[NAT444-IMPACTS]
Donley, C., Howard, L., Kuarsingh, V., Berg, J., and J.
Doshi, "Assessing the Impact of Carrier-Grade NAT on
Network Applications", Work in Progress, November 2011.
[PCP-BASE] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and
P. Selkirk, "Port Control Protocol (PCP)", Work
in Progress, March 2012.
[RFC3704] Baker, F. and P. Savola, "Ingress Filtering for Multihomed
Networks", BCP 84, RFC 3704, March 2004.
[RFC6264] Jiang, S., Guo, D., and B. Carpenter, "An Incremental
Carrier-Grade NAT (CGN) for IPv6 Transition", RFC 6264,
June 2011.
[RFC6269] Ford, M., Ed., Boucadair, M., Durand, A., Levis, P., and
P. Roberts, "Issues with IP Address Sharing", RFC 6269,
June 2011.
[RFC6304] Abley, J. and W. Maton, "AS112 Nameserver Operations",
RFC 6304, July 2011.
[RFC6343] Carpenter, B., "Advisory Guidelines for 6to4 Deployment",
RFC 6343, August 2011.
Weil, et al. Best Current Practice [Page 9]
^L
RFC 6598 Shared Address Space Request April 2012
Appendix A. Acknowledgments
Thanks to the following people (in alphabetical order) for their
guidance and feedback:
Stan Barber
John Brzozowski
Isaiah Connell
Greg Davies
Owen DeLong
Kirk Erichsen
Wes George
Chris Grundemann
Tony Hain
Philip Matthews
John Pomeroy
Barbara Stark
Jean-Francois Tremblay
Leo Vegoda
Steven Wright
Ikuhei Yamagata
Weil, et al. Best Current Practice [Page 10]
^L
RFC 6598 Shared Address Space Request April 2012
Authors' Addresses
Jason Weil
Time Warner Cable
13820 Sunrise Valley Drive
Herndon, VA 20171
USA
EMail: jason.weil@twcable.com
Victor Kuarsingh
Rogers Communications
8200 Dixie Road
Brampton, ON L6T 0C1
Canada
EMail: victor.kuarsingh@gmail.com
Chris Donley
CableLabs
858 Coal Creek Circle
Louisville, CO 80027
USA
EMail: c.donley@cablelabs.com
Christopher Liljenstolpe
Telstra Corp.
7/242 Exhibition Street
Melbourne, VIC 316
Australia
Phone: +61 3 8647 6389
EMail: cdl@asgaard.org
Marla Azinger
Frontier Communications
Vancouver, WA
USA
Phone: +1.360.513.2293
EMail: marla.azinger@frontiercorp.com
Weil, et al. Best Current Practice [Page 11]
^L
|
