ARIN to Allocate from 64.0.0.0/8

Richard_Jimmerson · November 10, 1999, 3:39pm

This is a reminder of ARIN's message sent to NANOG on
10 September, 1999.

On November 22, 1999, ARIN will begin making allocations from
the 64.0.0.0/8 block. This will include allocations of /20
and shorter prefixes, according to ARIN's minimum allocation
policy.

For informational purposes, ARIN currently administers
the following blocks:

  24.0.0.0/8 (portions of)
  63.0.0.0/8
  64.0.0.0/8
  196.0.0.0/8
  198.0.0.0/8
  199.0.0.0/8
  200.0.0.0/8
  204.0.0.0/8
  205.0.0.0/8
  206.0.0.0/8
  207.0.0.0/8
  208.0.0.0/8
  209.0.0.0/8
  216.0.0.0/8

Regards,

American Registry for Internet Numbers (ARIN)

Richard_Steenbergen1 · November 10, 1999, 4:50pm

I might almost be happy, except this breaks the oh-so-nice filter of
64.0.0.0/2 at borders (effectively reduces random src spoofed attacks
by 25%, and covers 127.0.0.0/8 as well). Go ARIN. </sarcasm>

Kai_Schlichting · November 10, 1999, 5:01pm

One line becomes two in your ACL ?
ip permit 64.0.0.0/8
ip deny 64.0.0.0/2

The CPU loss for one more ACL line is probably offsetting the gains of
spoofed traffic pretty well. That will even scale for a little while,
at least for /9 and /10 in the permit line, before you seriously have
to think about how much still-unallocated space you will gratutiously allow
through your ACL.

bye,Kai

Richard_Steenbergen1 · November 10, 1999, 6:38pm

Reality is its not that simple. If you are doing any other filters that
might catch on 64.0.0.0/8, you'll need to drop those lines down to the
end. Besides the obvious goal of cutting spoofed traffic, one of the
primary uses of this kind of filter (for myself at any rate) is to save
CPU when dealing with small packet high packet/sec random src attacks.
Its not the end of the world, but its annoying and does not help
matters any. *grumble*

Steve_Rubin1 · November 10, 1999, 8:43pm

The #'s have to come from somewhere, and 64/8 is just as good as any
other chunk of address space. Maybe a charge of $1/yr should be imposed for
all swamp space that is not currently annouced (or in one of the routing
registries?). Think of all the unused address space that would be free
when all the companies that are no longer in business don't pay their address
space bill :).

Bruce_Campbell1 · November 10, 1999, 9:02pm

>
> I might almost be happy, except this breaks the oh-so-nice filter of
> 64.0.0.0/2 at borders (effectively reduces random src spoofed attacks
> by 25%, and covers 127.0.0.0/8 as well). Go ARIN. </sarcasm>

Urm, last time I checked, ARIN was not in the position to arbitarily
decide which /8 (of the reserved /8s) it would start assigning from next.
That decision is in the hands of IANA ne ICANN.

The #'s have to come from somewhere, and 64/8 is just as good as any
other chunk of address space. Maybe a charge of $1/yr should be imposed for

ISPs within the APNIC and RIPE ranges of 61/8 and 62/8 respectively have
already gone through trying to get filters redone by US ISPs over the past
few years.

Steve_Rubin1 · November 11, 1999, 1:15am

I think you missed my point. "Back in the day" SRI and NSI handed out address
space in any size chunk you could imagine asking for. How much of this
isn't used (My guess: atleast %60 is unused). How many of these companies
do not exist anymore? If you charged $1 for any allocation that wasn't
being announced (the quickest way to figure out if its being used), then
any block that wasn't paid for could easily be reassigned. Unless we want
to go IPv6, the only solution to running out of address space is to get
the space back that is assigned to non-existant companies.