Skip to main content

IPv4 shared address space

 

In order to ensure proper working of carrier-grade NAT (CGN), and, by doing so, alleviating the demand for the last remaining IPv4 addresses, a /10 size IPv4 address block was assigned by Internet Assigned Numbers Authority (IANA) to be used as shared address space.[1]

This block of addresses is specifically meant to be used by Internet service providers (or ISPs) that implement carrier-grade NAT, to connect their customer-premises equipment (CPE) to their core routers.

Instead of using unique addresses from the rapidly depleting pool of available globally unique IPv4 addresses, ISPs use addresses in 100.64.0.0/10 for this purpose. Because the network between CPEs and the ISP's routers is private to each ISP, all ISPs may share this block of addresses.

Background

If an ISP deploys a CGN, and uses private Internet address space (networks 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)[2] to connect their customers, there is a risk that customer equipment using an internal network in the same range will stop working. The reason is that routing and NAT will not work if the same address ranges occur on both inside and outside network interfaces.

This prompted some ISPs to develop policy within American Registry for Internet Numbers (ARIN) to allocate new private address space for CGNs. ARIN, however, deferred to the Internet Engineering Task Force (IETF) before implementing the policy, indicating that the matter was not typical allocation but a reservation for technical purposes.[3]

In 2012 IETF defined a Shared Address Space[4] for use in ISP CGN deployments and NAT devices that can handle the same addresses occurring both on inbound and outbound interfaces. ARIN returned space to the IANA as needed for this allocation and[5] "The allocated address block is 100.64.0.0/10".[4][6]

Transition to IPv6

The use of shared address space is one of the various methods to allow transition from IPv4 to IPv6. Its main purpose is to postpone the depletion of IPv4 addresses, by allowing ISPs to introduce a second layer of NATting. A common practice is to give CPEs a unique IPv4 address on their Internet-facing interface and use NAT to hide all addresses on the home LAN. Since public IPv4 addresses are growing scarce rapidly, it is no longer possible for some ISPs to assign unique IPv4 addresses to CPEs, due to the fact that there are none left to them. Instead, an address in the 100.64.0.0/10 range is assigned on the CPE's Internet-facing interface, and this address is translated again to one of the public IPv4 addresses of the ISP's core routers. This scheme hides a large number of IP addresses behind a small set of public addresses, the same way the CPE does this locally, slowing down the rate IPv4 addresses are depleted. The shared address space contains 222 or 4194304 addresses, so each ISP is able to connect over 4 million subscribers this way.

Other occurrences

In BIND, empty reverse mapping zones for 100.64.0.0/16 till 100.127.0.0/16 (64 zones in total) are automatically created in the 'internal' view, if not configured otherwise.


Comments

Post a Comment

https://gengwg.blogspot.com/

Popular posts from this blog

CKA Simulator Kubernetes 1.22

  https://killer.sh Pre Setup Once you've gained access to your terminal it might be wise to spend ~1 minute to setup your environment. You could set these: alias k = kubectl                         # will already be pre-configured export do = "--dry-run=client -o yaml"     # k get pod x $do export now = "--force --grace-period 0"   # k delete pod x $now Vim To make vim use 2 spaces for a tab edit ~/.vimrc to contain: set tabstop=2 set expandtab set shiftwidth=2 More setup suggestions are in the tips section .     Question 1 | Contexts Task weight: 1%   You have access to multiple clusters from your main terminal through kubectl contexts. Write all those context names into /opt/course/1/contexts . Next write a command to display the current context into /opt/course/1/context_default_kubectl.sh , the command should use kubectl . Finally write a second command doing the same thing into ...
Post a Comment
Read more

OWASP Top 10 Threats and Mitigations Exam - Single Select

Last updated 4 Aug 11 Course Title: OWASP Top 10 Threats and Mitigation Exam Questions - Single Select 1) Which of the following consequences is most likely to occur due to an injection attack? Spoofing Cross-site request forgery Denial of service   Correct Insecure direct object references 2) Your application is created using a language that does not support a clear distinction between code and data. Which vulnerability is most likely to occur in your application? Injection   Correct Insecure direct object references Failure to restrict URL access Insufficient transport layer protection 3) Which of the following scenarios is most likely to cause an injection attack? Unvalidated input is embedded in an instruction stream.   Correct Unvalidated input can be distinguished from valid instructions. A Web application does not validate a client’s access to a resource. A Web action performs an operation on behalf of the user without checkin...
2 comments
Read more