Re: Stealthy Overlay Network Re: 202401100645.AYC Re: IPv4 address block

["Abraham Y. Chen" <aychen () avinta com>]

Hi, Mike:

1)   "... only private use. ...":

    The EzIP deployment plan is to use 240/4 netblock as "Semi-Public" 
addresses for the existing CG-NAT facility. With many RG-NATs (Routing / 
Residential Gateway -NATs) already capable of being 240/4 clients thru 
the upgrade to OpenWrt, no IoT on any private premises will sense any 
change.

Regards,


Abe (2024-01-14 23:04)


On 2024-01-12 15:16, Mike Hammett wrote:
> I'm not talking about global, public use, only private use.
>
>
>
> -----
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> ------------------------------------------------------------------------
> *From: *"Tom Beecher" <beecher () beecher cc>
> *To: *"Mike Hammett" <nanog () ics-il net>
> *Cc: *"Ryan Hamel" <ryan () rkhtech org>, "Abraham Y. Chen" 
> <AYChen () alum mit edu>, nanog () nanog org
> *Sent: *Friday, January 12, 2024 2:06:32 PM
> *Subject: *Re: Stealthy Overlay Network Re: 202401100645.AYC Re: IPv4 
> address block
>
>     You don't need everything in the world to support it, just the
>     things "you" use.
>
>
> You run an ISP, let me posit something.
>
> Stipulate your entire network infra, services, and applications 
> support 240/4, and that it's approved for global , public use 
> tomorrow. Some company gets a block in there, stands up some website. 
> Here are some absolutely plausible scenarios that you might have to 
> deal with.
>
> - Some of your customers are running operating systems / network gear 
> that doesn't support 240/4.
> - Some of your customers may be using 3rd party DNS resolvers that 
> don't support 240/4.
> - Some network in between you and the dest missed a few bogon ACLs , 
> dropping your customer's traffic.
>
> All of this becomes support issues you have to deal with.
>
> On Fri, Jan 12, 2024 at 2:21 PM Mike Hammett <nanog () ics-il net> wrote:
>
>     I wouldn't say it's unknowable, just that no one with a sufficient
>     enough interest in the cause has been loud enough with the
>     research they've done, assuming some research has been done..
>
>     You don't need everything in the world to support it, just the
>     things "you" use.
>
>
>
>     -----
>     Mike Hammett
>     Intelligent Computing Solutions <http://www.ics-il.com/>
>     
> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
>     Midwest Internet Exchange <http://www.midwest-ix.com/>
>     
> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
>     The Brothers WISP <http://www.thebrotherswisp.com/>
>     <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>     ------------------------------------------------------------------------
>     *From: *"Tom Beecher" <beecher () beecher cc>
>     *To: *"Mike Hammett" <nanog () ics-il net>
>     *Cc: *"Ryan Hamel" <ryan () rkhtech org>, "Abraham Y. Chen"
>     <AYChen () alum mit edu>, nanog () nanog org
>     *Sent: *Friday, January 12, 2024 1:16:53 PM
>     *Subject: *Re: Stealthy Overlay Network Re: 202401100645.AYC Re:
>     IPv4 address block
>
>         How far are we from that, in reality? I don't have any
>         intention on using the space, but I would like to put some
>         definition to this boogey man.
>
>
>     It's unknowable really.
>
>     Lots of network software works just fine today with it. Some
>     don't. To my knowledge some NOS vendors have outright refused to
>     support 240/4 unless it's reclassified. Beyond network equipment,
>     there is an unknowable number of software packages , drivers, etc
>     out in the world which 240/4 is still hardcoded not to work. It's
>     been unfortunate to see this fact handwaved away in many
>     discussions on the subject.
>
>     The Mirai worm surfaced in 2016. The software vulnerabilities used
>     in its attack vectors are still unpatched and present in massive
>     numbers across the internet; there are countless variants that
>     still use the same methods, 8 years later. Other
>     vulnerabilities still exist after multiple decades. But we somehow
>     think devices will be patched to support 240/4 quickly?
>
>     It's just unrealistic.
>
>     On Fri, Jan 12, 2024 at 1:03 PM Mike Hammett <nanog () ics-il net> wrote:
>
>         " every networking vendor, hardware vendor, and OS vendor"
>
>         How far are we from that, in reality? I don't have any
>         intention on using the space, but I would like to put some
>         definition to this boogey man.
>
>
>
>         -----
>         Mike Hammett
>         Intelligent Computing Solutions <http://www.ics-il.com/>
>         
> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
>         Midwest Internet Exchange <http://www.midwest-ix.com/>
>         
> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
>         The Brothers WISP <http://www.thebrotherswisp.com/>
>         <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>         ------------------------------------------------------------------------
>         *From: *"Ryan Hamel" <ryan () rkhtech org>
>         *To: *"Abraham Y. Chen" <aychen () avinta com>, "Vasilenko
>         Eduard" <vasilenko.eduard () huawei com>
>         *Cc: *"Abraham Y. Chen" <AYChen () alum MIT edu>, nanog () nanog org
>         *Sent: *Thursday, January 11, 2024 11:04:31 PM
>         *Subject: *Re: Stealthy Overlay Network Re: 202401100645.AYC
>         Re: IPv4 address block
>
>         Abraham,
>
>         You may not need permission from the IETF, but you effectively
>         need it from every networking vendor, hardware vendor, and OS
>         vendor. If you do not have buy in from key stakeholders, it's
>         dead-on arrival.
>
>         Ryan
>         ------------------------------------------------------------------------
>         *From:* NANOG <nanog-bounces+ryan=rkhtech.org () nanog org> on
>         behalf of Abraham Y. Chen <aychen () avinta com>
>         *Sent:* Thursday, January 11, 2024 6:38:52 PM
>         *To:* Vasilenko Eduard <vasilenko.eduard () huawei com>
>         *Cc:* Chen, Abraham Y. <AYChen () alum MIT edu>; nanog () nanog org
>         <nanog () nanog org>
>         *Subject:* Stealthy Overlay Network Re: 202401100645.AYC Re:
>         IPv4 address block
>
>                 
>         Caution: This is an external email and may be malicious.
>         Please take care when clicking links or opening attachments.
>
>
>         Hi, Vasilenko:
>
>         1)    ... These “multi-national conglo” has enough influence
>         on the IETF to not permit it.":
>
>             As classified by Vint Cerf, 240/4 enabled EzIP is an
>         overlay network that may be deployed stealthily (just like the
>         events reported by the RIPE-LAB). So, EzIP deployment does not
>         need permission from the IETF.
>
>         Regards,
>
>
>         Abe (2024-01-11 21:38 EST)
>
>
>
>
>         On 2024-01-11 01:17, Vasilenko Eduard wrote:
>
>             > It has been known that multi-national conglomerates have
>             been using it without announcement.
>
>             This is an assurance that 240/4 would never be permitted
>             for Public Internet. These “multi-national conglo” has
>             enough influence on the IETF to not permit it.
>
>             Ed/
>
>             *From:* NANOG
>             [mailto:nanog-bounces+vasilenko.eduard=huawei.com () nanog org
>             <mailto:nanog-bounces+vasilenko.eduard=huawei.com () nanog org>]
>             *On Behalf Of *Abraham Y. Chen
>             *Sent:* Wednesday, January 10, 2024 3:35 PM
>             *To:* KARIM MEKKAOUI <amekkaoui () mektel ca>
>             <mailto:amekkaoui () mektel ca>
>             *Cc:* nanog () nanog org; Chen, Abraham Y.
>             <AYChen () alum MIT edu> <mailto:AYChen () alum MIT edu>
>             *Subject:* 202401100645.AYC Re: IPv4 address block
>             *Importance:* High
>
>             Hi, Karim:
>
>             1)    If you have control of your own equipment (I presume
>             that your business includes IAP - Internet Access
>             Provider, since you are asking to buy IPv4 blocks.), you
>             can get a large block of reserved IPv4 address */_for
>             free_/* by */_disabling_/* the program codes in your
>             current facility that has been */_disabling_/* the use of
>             240/4 netblock. Please have a look at the below
>             whitepaper. Utilized according to the outlined
>             disciplines, this is a practically unlimited resources. It
>             has been known that multi-national conglomerates have been
>             using it without announcement. So, you can do so
>             stealthily according to the proposed mechanism which
>             establishes uniform practices, just as well.
>
>             https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf
>
>             2)    Being an unorthodox solution, if not controversial,
>             please follow up with me offline. Unless, other NANOGers
>             express their interests.
>
>             Regards,
>
>             Abe (2024-01-10 07:34 EST)
>
>             On 2024-01-07 22:46, KARIM MEKKAOUI wrote:
>
>                 Hi Nanog Community
>
>                 Any idea please on the best way to buy IPv4 blocs and
>                 what is the price?
>
>                 Thank you
>
>                 KARIM
>
>             
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>
>                 
>
>             Virus-free.www.avast.com
>             
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>


--
This email has been checked for viruses by Avast antivirus software.
www.avast.com