The research branch of the European address allocation authority RIPE has determined that a large chunk of reserved IPv4 are being used secretly.

Qasim Lone, an employee of RIPE Labs, shows in an analysis that has so far been largely unnoticed by the public that an IPv4 address range that has actually been reserved for decades is being used secretly by one or more companies for their own purposes.

That sounds explosive because it lacks solidarity: IPv4 addresses have been a scarce commodity for many years and there have long been considerations about releasing reserved areas for public use. But if they are already secretly in use in private networks, they cannot simply be reassigned to public IPv4 addresses because the routing to and from such IPv4 addresses would not be unique.

Specifically, it is about the range from 240.0.0.0 to 255.255.255.255, 240/4 for short (formerly called Class E). The Internet Engineering Task Force reserved this block, which includes around 268 million addresses (exactly 268,435,456 addresses), in 1986 “for future purposes”, so that it may neither be used nor routed. In his contribution, Lone lists two initiatives that have advocated using this block after all. Both mention concrete proposals for rededication, but were not definitively specified.

268 million addresses = a drop in the bucket

Because there are also experts who turn against it. The demand for IPv4 addresses is so high that even hundreds of millions of new addresses are likely to be used up quickly. It is therefore better if the institutions and companies suffering from a shortage of IPv4 concentrate on the introduction of IPv6 technology, especially since this does not have a whole bunch of typical IPv4 shortcomings in the first place.

Critics also argue that it is not enough to announce from the pulpit that 240/4 can be used. In addition, all operating systems and routers worldwide would have to be adapted if possible, because they have normally excluded this area so far. Some estimate the effort required for this to be so high that it is not worth it. On the other hand, employees of the Unicast-Extensions project (The IPv4 Cleanup Project), which is managed on GitHub, state that they have long since created working patches for various operating systems, including Linux, FreeBSD and macOS.

So the decision on how to use this address block is up in the air. However, because it is known among experts that not all Internet participants always adhere to the guidelines of the IETF, and some excluded address ranges have already been used unofficially in the past, the RIPE Lab investigated whether this is also the case with 240/4. It turned out that the block is actually in use in private networks, but without any necessary coordination with the global Internet community.

How to find 240/4 addresses

Such use can be detected in various ways, even outside of the networks in which they are tacitly used. For example, they can appear in traceroute measurements as an unexpected part of a path between two public addresses, in DNS communication that reaches the public Internet, or in complete or partial connections between public and private networks due to insufficient filters of some routers. However, with its Atlas probes, the RIPE has additional measurement methods within many networks.

In his post, Qasim Lone details how he used the probes and which networks the unofficial use originates from according to his measurements. Some points to Adobe, Amazon and Verizon Business.

Definitive evidence is lacking. But it is quite possible that “extremely large cloud providers” used up the stock of addresses that can be used for this purpose a while ago (Address Allocation for Private Internets, RFC 1918, around 18 million private IPv4 addresses). It is therefore assumed that the largest cloud providers have rented more servers and VMs to customers than they can address internally via regular private IPv4 addresses, so that they secretly make do with the 240/4 address space.

This lines up well with the picture that Amazon purchased many unicast IPv4 address blocks years ago and is constantly buying more on the open market. By 2020, AWS had collected just over 100 million IPv4 addresses (100,750,168).

