- members-discuss - mailman.ripe.net

Regarding Elad Cohen's nomination and emails
by Cynthia Revström 27 Apr '20

27 Apr '20

Hello, I would like to request that Elad Cohen be blocked from sending to the members-discuss mailing lists after multiple offtopic threads started by Elad and the personal attacks and ignoring WG chairs telling Elad to stop. I would further like to point out that as he is a confirmed candidate for the Exec Board, one of his key responsibilities would be to have the "Ability to communicate effectively", which he has shown that he is not capable of. I would personally say that elad lacks most of the expectations listed on https://www.ripe.net/about-us/executive-board/ripe-ncc-executive-board-func… . I would like to propose that the RIPE NCC ban Elad Cohen from interacting with the RIPE Community (via Meetings or mailing lists) due to his blatant disregard for the Code of Conduct and for being hostile towards others in the community. As the RIPE NCC hosts and manages these lists I think the RIPE NCC has a responsibility to keep the lists professional and to remove those who repeatedly ignore what the WG chairs are saying. - Cynthia

20 36

Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world
by Elad Cohen 27 Apr '20

27 Apr '20

Gert, It is completely repulsive what you are doing here, me sharing an idea and the implementation of it and you wrote what you wrote. To the community: Anyone that knows me know that everything I write can be implemented, Gert didn't say that it cannot be implemented - just that modifying the networking stacks is hard - if it it is hard then better developers are needed that it will be easy for them - I'm not going to waste my time on implementing the patches to the networking stacks for Microsoft/Google/Apple/etc - they have their own engineers. I have enough experience in development to know that the reserved bit activation and ipv4 packet modification in the networking stack will not be time consuming such as creating a complete new protocol family, any operating system vendor have enough engineers that can together do it quickly. If after reading everything that I wrote you are calling it a cheap shot then you are not a professional and your background mean nothing (professional people will be able to read algorithems and methods and to know if they works or not, with implementing them in their heads, without to see it in their eyes the electrical signals flowing between machines). Keep on Gert to defame me after I explained this idea and implementation to the community, the difference between us is that I have the decency to know that I know nothing and I always strive to learn, you will not see me pat my ego like you just did, if you don't have something useful to say then go back to your two-threads working group. I didn't promise anything, as long there are hateful people like - nothing good will happen. Respectfully, Elad ________________________________ From: Gert Doering Sent: Sunday, April 26, 2020 12:09 PM To: Bruno Cordioli Cc: Elad Cohen; members-discuss(a)ripe.net Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Hi, On Sun, Apr 26, 2020 at 10:51:13AM +0200, Bruno Cordioli wrote: > I think it is appropriate to close this discussion here. > Elad will eventually submit his proposed al RIPE meeting or he'll write a > RFC. Basically, this. The Internet (and the address distribution towards IANA and the RIRs) operates based on IETF standards, and as long as there is no IETF standard for IPv4+, it cannot be implemented in an interoperable way, and can not be deployed. Elad, this is your avenue: you need to demonstrate two working and interoperating implementations for two host stacks and two router stacks. Just claming "it is easy" is not sufficient. I'm with Christian here: this can not work without significant changes to the BSD socket API, to applications using this API - basically, everything on Unix/Linux - to the Windows networking API, and to routers in the ISP networks that need to decide "which customer is this packet sent to?" based on the extra bit. And I speak with a certain background on implementing network applications, running an ISP network, and debugging TCP/IP stacks. Overall, as long as no implementations can be provided (source code on github etc) this sounds like a somewhat cheap shot to make people believe you're going to solve their IPv4 problems if they just vote you to the NCC executive board. And I hope the NCC members are smart enough to not vote based on glorious promises, but on track record, provable background, etc. Gert Doering -- RIPE member -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

7 8

Re: [members-discuss] Regarding Elad Cohen's nomination and emails
by Elad Cohen 27 Apr '20

27 Apr '20

Hello, Is it possible for anyone with hidden intentions not to post on this list ? Henrik, you could just write "I don't vote for Elad" - no need to try to spread lies to the community - can you provide a single proof to the lies that you wrote about me ? as I already wrote - the "source" in the fake media report is a person in "The Spamhaus Project" and an employee of a direct business competitor and also the owner of that criminal twitter account: https://twitter.com/underthebreach The "source" of the fake media report as you can see in his "anonymous" twitter account linked above - is a master of cyber influence operations - and this is exactly what being done here - spreading of lies and conspiracies and fake theories about me without a single proof. I didn't share any conspiracies, I only provided a link to a presentation of "The Spamhaus Project" that they wrote on themselves and they presented in a private event - According to their own words they are an illegal anonymous organization. "The Spamhaus Project" is related to the cyber-security community mainly in Western countries - so indeed Henrik is from the cyber-security community, expect more wannabe "security researchers" to write lies about me. "The Spamhaus Project" keeps attacking me because they know that if I will be elected I will make sure that they will not hurt anymore any Ripe LIR member. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces(a)ripe.net> on behalf of hlk via members-discuss <members-discuss(a)ripe.net> Sent: Monday, April 27, 2020 1:25 PM To: Filip Hruska <fhr(a)fhrnet.eu>; members-discuss(a)ripe.net <members-discuss(a)ripe.net> Subject: Re: [members-discuss] Regarding Elad Cohen's nomination and emails Hello all, and sorry for top posting mobile device. The amount of noise generated by Elad Cohen and unwillingness to listen has degraded the lists. Polite rejections of his proposals have quickly degenerated into name calling and conspiracy theories by him. I am not affiliated with RIPE NCC other than being a LIR, I do not know Elad Cohen before these threads. Quick searches on his name show dubious business practices, as seen with regards to prefix hijacking. I consider his actions on the list very close to overstepping Code of Conduct, and good intentions. I fully support both him being moderated on the list, and not being eligble for a position as RIPE chair or similar for the moment. Best regards Henrik Kramselund Jereminsen, owner of dk.zencurity -------- Original message -------- From: Filip Hruska <fhr(a)fhrnet.eu> Date: 4/27/20 01:05 (GMT+01:00) To: members-discuss(a)ripe.net Subject: Re: [members-discuss] Regarding Elad Cohen's nomination and emails Hello all, I would like to voice my support for this. The amount of unprofessional conduct in the past 2 or 3 email chains is simply ridiculous and completely unacceptable. Thank you, Filip On 4/27/20 12:44 AM, Joseph Marsden wrote: I support Cynthia's request for a formal investigation. Best Joseph On 26/04/2020 23:24, Cynthia Revström wrote: I would also like to formally request that the RIPE NCC investigate if Elad Cohen has breached A.1.2.2.B of RIPE-716. https://www.ripe.net/publications/docs/ripe-716#a122b This is with regards to statements like this: "Ripe have 30 millions euros of expenses each year that are hidden and now shown to where exactly they are paid, instead of that corruption" I believe that he does indeed make unreasonable allegations towards the RIPE NCC to damage it's reputation. - Cynthia On Mon, Apr 27, 2020 at 12:02 AM Cynthia Revström <me(a)cynthia.re<mailto:me@cynthia.re>> wrote: Hello, I would like to request that Elad Cohen be blocked from sending to the members-discuss mailing lists after multiple offtopic threads started by Elad and the personal attacks and ignoring WG chairs telling Elad to stop. I would further like to point out that as he is a confirmed candidate for the Exec Board, one of his key responsibilities would be to have the "Ability to communicate effectively", which he has shown that he is not capable of. I would personally say that elad lacks most of the expectations listed on https://www.ripe.net/about-us/executive-board/ripe-ncc-executive-board-func…. I would like to propose that the RIPE NCC ban Elad Cohen from interacting with the RIPE Community (via Meetings or mailing lists) due to his blatant disregard for the Code of Conduct and for being hostile towards others in the community. As the RIPE NCC hosts and manages these lists I think the RIPE NCC has a responsibility to keep the lists professional and to remove those who repeatedly ignore what the WG chairs are saying. - Cynthia _______________________________________________ members-discuss mailing list members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/joseph%40arctarus.co… _______________________________________________ members-discuss mailing list members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/fhr%40fhrnet.eu

1 0

Technical Solution to resolve the global "Email Spam" problem
by Elad Cohen 27 Apr '20

27 Apr '20

Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Vio… The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad

20 52

Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world
by Elad Cohen 26 Apr '20

26 Apr '20

Sander is taking part in an illegal cyber influence operation against me. Sander, instead of lying and acting like a coward with other interests, go ahead and ask me publicly any question that you would like regarding IPv4+ and you will be answered. Respectfully, Elad ________________________________ From: Sander Steffann Sent: Sunday, April 26, 2020 12:40 PM To: Elad Cohen Cc: Gert Döring; members-discuss(a)ripe.net Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Hi, > What being done here is a cyber influence operation against me, after I'm only trying to do good to the community. > > Sander, you didn't mention any flaws, can you please write them here and I will answer each and every one of them ? This is not the place Elad. Many flaws have been pointed out to you already, but you just dismiss them. Take this to the IETF, you'll feel right at home… * Cheers, Sander * for those who don't follow the IETF, there is an appeal ongoing about IETF chairs and ADs ignoring inconvenient questions and objections

6 18

Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world
by Elad Cohen 26 Apr '20

26 Apr '20

Hello Everyone, I want to share with you my technical solution to the "IPv4 Exhaustion" problem (without to upgrade each and every router that exist in the internet), using the below implementation there will be more 4,294,967,296‬ IPv4 addresses that the world needs so much: Currently in an IPv4 packet - the source address and the destination address are being represented each by four bytes, each of these four bytes are being displayed as: [0-255].[0-255].[0-255].[0-255] But it is up to us to choose how we want to display them, for example: four bytes can also be displayed as [0-65535].[0-65535] (two numbers and one dot, the two numbers are bigger because in total they also being represented as four bytes) So there can be one set of 4,294,967,296‬ IPv4 addresses (the one that we know in the display format of [0-255].[0-255].[0-255].[0-255]) and another set of 4,294,967,296 IPv4 addresses (with a new format of [0-65535].[0-65535]) We need to have a mark, a flag, in the ip packet header - in order to know if the source address is of the old formatting (IPv4) or of the new formatting (lets call it IPv4+), for that mark the 'reserved bit' in the ip header can be used, so in case the source address is of IPv4+ or in case that the destination address is of IPv4+ (or in case that both the source and destination addresses are of IPv4+) then the reserved bit in the ip header will be set to 1 , we then also need to know exactly if the source address is of IPv4+ or not (meaning of IPv4) and if the destination address is of IPv4+ or not (meaning of IPv4) - this can be done by marking the DF flag if the source address is of IPv4+ (and not marking the DF flag if the source address is of IPv4) and marking the MF flag if the destination address is of IPv4+ (and not marking the MF flag if the destination address is of IPv4), by using the DF and MF bits which are related to fragmentation (whenever the reserved bit is set to '1') we are losing the ip fragmentation functionality for any traffic with an IPv4+ address (for traffic between two IPv4 addresses, the reserved bit is not set to '1' and hence optional ip fragment functionality is unchanged) We need to know the MTU before an IPv4+ packet will be sent, because no fragmentation will be able to be done with IPv4+ , the current "Path MTU Discovery" (RFC 1191) is not good for that case because it is using the DF bit which we are using as well (and in IPv4+ traffic a DF flag set to 1 is marking that the source address is of IPv4+), and also ICMP protocol can be blocked by routers in the routing path, the solution is to send multiple udp requests (with fixed known MTU sizes) to the destination address (lets call it IPv4+ handshake) - the destination address may or may not receive them (in case a router in the routing path have multiple upstreams and wasn't upgraded to an upper version that supports IPv4+ then it will not recognize the reserved bit and the DF and MF bits related to it, it will not recognize the new IPv4+ addresses and even if the reserved bit is set to '1' and MF flag is set to '1' in the ip packet - it will route to to the destination address just like it is an IPv4 address and not IPv4+ address, meaning to a completely different destination address) - in case the destination address indeed received the IPv4+ packets - it will send back the udp requests to the source address at the exact same sizes (with the reserved bit flag set to '1' and with the DF and MF flags set accordingly) - when the source address will receive them - the source address will know that the destination address is supporting IPv4+ , that ip packets with new IPv4+ formatting will reach the destination and the source address will know what is the biggest size of the udp request that was received - and it will be the MTU for that specific connection between the source and the destination addresses (The IPv4+ handshake will be done again if there is no response from the destination after the initial udp handshake was already completed successfully). The udp handshake between a source address and a destination address (that any of them or them both is an IPv4+ address) will use a specific udp port, an availalbe unassigned port between 0 to 1023, an operating system networking stack (that was updated for IPv4+ with the operating system automatic updating system) will know exactly what this udp port is for - and will react accordingly, the upgraded operating system networking stack will also check that the destination address (in the IPv4 or in the IPv4+ format) is set locally in the operating system, before sending the udp requests back to the source address (if not then the ip packet will be dropped by the upgraded operating system networking stack). Any operating system that wasn't upgraded to support IPv4+ - will just drop that kind of udp requests. IPv4+ is fully backward compatible to IPv4 (and any router that was not upgraded yet to IPv4+ will not cause IPv4 traffic to break), it is also not adding any new fields to ip packets or using new fields, IPv4+ will not cause any performance overload for any supported router. The reason that the MF and DF bits are being use for IPv4+ and not the ToS / IP-ID / Options in ip header are being used is because we cannot be 100% sure that the ToS / IP-ID / Options in the ip header will not be changed or dropped by any rouer in the routing path that wasn't upgraded to IPv4+ (and we don't want to upgrade any router in the world because it is an impossible mission) - in the ip header ToS is being cleared by some routers - IP-ID can be changed by NAT routers - Options field is dropped by many routers, we can trust that the DF and MF flags will not be modified in the routing path by routers that weren't upgraded to IPv4+. For the above solution not all the internet devices in the world needs to be patched/upgraded to support IPv4+ which is an impossible mission, end-users operating systems need to be upgraded (but it can be done simply using their automatic updating system), BGP routers (and any router with multiple physical routing paths) will need to have its firmware upgraded to support IPv4+, any NAT router that will want to use an external IPv4+ address will need to have its firmware upgraded (any NAT router that will use an external IPv4 address will not need to have its firmware upgraded, only the internet devices in the LAN of the NAT router will need to have a single operating system update in order for them to access IPv4+ addresses in the internet), any home router (not NAT) or home modem will not need to have a firmware upgrade and IPv4+ functionality will be transparent to them. The deployment of IPv4+ can be fairly easy and very fast, a round table of one person from each one of the 5 RIRs and from each one of the operating systems vendors and from each one of the router manufacture vendors. Even if IPv4+ will be deployed over time, it will not cause the internet to break (devices that need to be upgraded to IPv4+ and didn't yet will work exactly as they are now with IPv4, they will just not yet support IPv4+). The above will resolve the "IPv4 Exhaustion" problem and will bring to each one of the 5 RIRs almost 900,000,000 new IPv4+ addresses that will be able to the provided to the LIRs worldwide, if you have any question please let me know. Respectfully, Elad

16 39

Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world
by Elad Cohen 26 Apr '20

26 Apr '20

You didn't fully read my initial post, the MTU with IPv4+ will not be a fixed MTU of 1500 or of any other fixed value, it will be set in the beginning of the connection through a process called: "IPv4+ UDP Handshake" Respectfully, Elad ________________________________ From: Tobias Lehner Sent: Sunday, April 26, 2020 10:51 AM To: Elad Cohen; 'noc'; Ed Campbell Cc: members-discuss(a)ripe.net Subject: AW: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world You cannot be sure to have MTU of 1500 everywhere… Normally routers should not do anything with df bit, but it is possible to flip the df bit on the router. It is required for some cases. Mit freundlichen Grüßen / Best Regards Tobias Lehner Hartl-EDV GmbH & Co. KG Von: Elad Cohen <elad(a)netstyle.io> Gesendet: Sonntag, 26. April 2020 09:48 An: Tobias Lehner <tl(a)hartl-edv.de>; 'noc' <noc(a)xervers.pt>; Ed Campbell <campbell(a)inca.ie> Cc: members-discuss(a)ripe.net Betreff: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Tobias, Routers will not do anything with the DF and MF flags as long that MTU is fine (and MTU is initially checked with "IPv4+ UDP Handshake") I wrote in previous reply an adjustment to the idea that is quicker to deploy and will not require the routers, but it will lack the RIRs being able to allocate and to assign IPv4+ addresses to LIRs. Each LIR will automatically receive an additional IPv4 address for each current IPv4 address that it have: -------- Here is an optional adjustment to the idea: Only end-users and servers operating systems will be updated (using the operating systems automatic updating mechanism), using the same way that I wrote with the exact same feasible IPv4 packet modification implementation (reserved bit, no fragmentation, fragmentation flags, udp handshake), no other equipment will need to be updated, no routers will need to be updated at all - but then the routing of IPv4+ addresses will always be to the same destination device that have the same four bytes of destination IPv4 address (meaning routing will be as it is now - based on IPv4 and not on IPv4+). In this way, the number of IPv4 addresses will be doubled and each ASN will double his number of IPv4 addresses, each ASN will have his exact same ip addresses but in two formats - in IPv4 format and in IPv4+ format. (if the community is lazy and don't want to upgrade the needed routers by IT professionals, and it is not the whole routers in the world, far far far less) -------- Respectfully, Elad ________________________________ From: Tobias Lehner Sent: Sunday, April 26, 2020 10:43 AM To: 'noc'; Elad Cohen; Ed Campbell Cc: members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> Subject: AW: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Hi, Furthermore, every router in the connection can/may add/remove the df bit, which breaks your idea. We should really go in the direction of IPv6. Mit freundlichen Grüßen / Best Regards Tobias Lehner Hartl-EDV GmbH & Co. KG Von: members-discuss <members-discuss-bounces(a)ripe.net<mailto:members-discuss-bounces@ripe.net>> Im Auftrag von noc Gesendet: Sonntag, 26. April 2020 09:23 An: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; Ed Campbell <campbell(a)inca.ie<mailto:campbell@inca.ie>> Cc: members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> Betreff: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Hello Elad. I've been reading all the messages you sent. I see that you try hard to push your vision. But here's some reasons to what you suggest doesn't work and will never work: - the extra 2 bits you suggest to use (fragmentation bits) are there for a reason. And that reason is not to have more ips, but to fragment packets when needed. On a perfect worldwide network, they aren't needed. But we are on a imperfect worldwide network and many systems need packet fragmentation to work (satellite systems by example). - it's not possible to upgrade millions of routers. Many reached end-of-life many years ago. If the ISP switch the router, he will deploy right away ipv6. - IPv4+ will not give more time to deploy IPv6. It will only delay it. Everyone is lazy for different reasons. So, if IPv4 works, why deploy IPv6? No. It's been since 2012 that we (RIPE) announced the exhaustion of IPv4. And very few has been done to push IPv6. - enterprises like Microsoft will earn a lot more of IPv4+ if they implement it... Why will they bother? They already have 2 /8 legacy not being used/routed. And this is the same for a lot other companies. Many already invested a lot on IPv6, will they do new investments for IPv4+ knowing that is a dead end? No. - IPv4+ is easy to implement. Wrong. It's hard. It will need to be implemented on each level till the top (IANA), and I doubt the very top will do anything to change this. Looking at the statistics everywhere, I see that IPv6 implementation his growing a lot since September. And this, yes. It's a good news. Your idea should've be pushed 15 years ago (before the running out announcement), not now. Now there is nothing it can be done. Cheers Enviado a partir do meu smartphone Samsung Galaxy. -------- Mensagem original -------- De : Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>> Data: 26/04/20 00:54 (GMT+01:00) Para: Ed Campbell <campbell(a)inca.ie<mailto:campbell@inca.ie>> Cc: members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> Assunto: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Indeed demand is rising, but I don't believe that the world will use more than 4 billion new IPv4 addresses in 5 years, it will not happen, the RIRs already have very strict policies that will continue to be used, IPv4+ will not end fast - it will provide many many years that in them migration to IPv6 will be able to be completed quietly. (without the world to be in any problem) The only reason that IPv4 exhausted recently is because companies from all over the world were told that IPv4 is about to end (and this was the brainwash) so they opened LIR accounts like crazy just to get the last /22's - this is the only reason. And people that are doing money out of it. But if each RIR will have 800+ new million ip addresses and the RIRs will use strict policies to provide them and there will not be a shortage and the public will know that there isn't a shortage of IPv4 - then you will see that companies will not open LIR accounts like crazy just to get the last IPv4 addresses. Respectfully, Elad ________________________________ From: Ed Campbell <campbell(a)inca.ie<mailto:campbell@inca.ie>> Sent: Sunday, April 26, 2020 1:39 AM To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>> Cc: Torbjörn Eklöv <torbjorn.eklov(a)interlan.se<mailto:torbjorn.eklov@interlan.se>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> <members-discuss(a)ripe.net<mailto:members-discuss@ripe.net>> Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world IPv6 isn’t slow because of the lack of trying, it is slow because of Microsoft et al’s unwillingness to adopt it. If it became the default IP stack to use on all operating systems rather than a “nice to have” “feature” attitudes would change. 3-4 times you have said now that it would take another 25 years to exhaust this “new” IPv4 space, that just doesn’t track with the current demand for addressing. You’d only be delaying and thwarting existing efforts to deploy IPv6. Sent from my iPhone On 25 Apr 2020, at 22:34, Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>> wrote: Torbjorn, IPv6 cannot communicate directly with IPv4, while IPv4+ can communicate directly with IPv4. Technicians don't have to know anything about IPv4+ (and not to know how it internally works) besides to know how to upgrade the firmware of a router and how to update a patch to an operating system, in contrary to IPv6 that Technicians need to know it completely in order to design an IPv6 network and for it also to work with IPv4. I didn't write that I'm against learning or implementing IPv6, I wrote my opinion on why deployment of IPv6 is slow and will be slow. It took us approximately 25 years to use almost 4,294,967,296 IPv4 addresses, the same number of ip addresses IPv4+ will bring us at least more 25 years. CGNAT is not good for datacenters, and datacenter needs and will need more IPv4 addresses. Respectfully, Elad ________________________________ From: Torbjörn Eklöv <torbjorn.eklov(a)interlan.se<mailto:torbjorn.eklov@interlan.se>> Sent: Sunday, April 26, 2020 12:15 AM To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>> Cc: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>>; Atif Naveed <a.naveed(a)go.com.sa<mailto:a.naveed@go.com.sa>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> <members-discuss(a)ripe.net<mailto:members-discuss@ripe.net>> Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Elad, > > Because IPv6 is a completely different network than IPv4, IPv4+ is the same network of IPv4. No, IPv4+ is also a complete new network that no OS supports and no technician can understand now. It’s more complicated and more time consuming than deploying IPv6. > (IPv6 require complete new network design, much more to learn for companies/organizations and much more expenses for companies/organizations. IPv4+ will give more time and space that is needed in the world today) Yes, it’s "new“ but you had +20 years to learn IPv6 and you have time now to learn it now while CGNAT is growing. IPv4+ just extends the time a little bit more. /Tobbe > > Respectfully, > Elad > From: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>> > Sent: Saturday, April 25, 2020 11:04 PM > To: Atif Naveed <a.naveed(a)go.com.sa<mailto:a.naveed@go.com.sa>>; Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> <members-discuss(a)ripe.net<mailto:members-discuss@ripe.net>> > Subject: RE: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Dear Atif, > > Respectfully, we have IPv6 sessions with Tier1 and peering networks and have had for some years now. > I’m not sure there is a Tier1 who doesn’t offer IPv6. > Most UK ISP’s now provide IPv6 by default to people’s homes. > > I agree the uptake has been incredibly slow, which is why I don’t think IPv4+ will be any better. We all updated kit for IPv6 providing trillions more IP addresses to each LIR but the uptake has been slow. > Why would the uptake be faster for IPv4+? > > > Best, > > Stuart Willet. > > From: Atif Naveed [mailto:a.naveed@go.com.sa] > Sent: 25 April 2020 20:30 > To: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>>; Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Subject: RE: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Dear Stuart, > > Hold your horses, till day where IPv6 stands not near to 1 to 10% of utilization across internet. So in so many years IPv6 still not able to catch the eyes of Tier1 or any ISP or simple users. > > So what Elad is offering is still very good option to move ahead at this stage before ipv6 takes off its flight in next decade or so. > > And I can understand deployment will be not that’s straight forward but once it starts flying it will make its own path . > > Regards > > > Atif Naveed > Sr. Specialist > IGW/ISP Core Network Operations > D:+966-11511-1263 > E:a.naveed@go.com.sa > www.go.com.sa<http://www.go.com.sa> > > From: members-discuss <members-discuss-bounces(a)ripe.net<mailto:members-discuss-bounces@ripe.net>> On Behalf Of Stuart Willet (primary) > Sent: Saturday, April 25, 2020 10:21 PM > To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Respectfully, I do not think you have fully considered the logistics involved in updating so much hardware and software. > > What about all the L3 switches and routers not owned by ISP’s? > What about bigger ISP’s ad Tier 1’s? Do you honestly believe NTT or Telia will update millions of network devices worldwide for a /21? > > Honestly, the update alone is unfeasible, especially when we already have fully working IPv6. > > On that note, everyone has been given an incredible amount of IPv6 space, but this has not picked up anywhere near fast enough. > I appreciate you believe IPv4+ will be more compatible, but it simply will not work unless the entire world updates all IP based switching and routing platforms as well as operating systems and bespoke hardware. > > Best, > Stuart Willet. > > From: Elad Cohen [mailto:elad@netstyle.io] > Sent: 25 April 2020 20:13 > To: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > My main issue is that it is not a replacement for IPv6, it is just an additional pool of ip addresses for IPv4, I do understand that IPv4 ip addresses don't come near to the amount of ip addresses in IPv6, but we will always have devices that are too old to be upgraded to IPv6 and the solution I wrote is doubling the amount of IPv4 (comparing to IPv6 it is meaning less but comparing to the number of ip addresses in IPv4 it is doubling the amount of IPv4), and I do believe that more IPv4 addresses will make the transition to IPv6 faster (everyone will be able to support both IPv6 and IPv4 and then transition to only-IPv6 will be smoother). > > Regarding the number of devices: > • Any routing device with more than two physical routes > • Any BGP router > • Any operating system > The operating systems updates can be fast through their automatic update systems, regarding updating the routing equipment - if each ASN will be know the he will receive a free /21 from the IPv4+ you will see that it will be fast as well (and after it each of the 5 RIRs will have more than 800,000,000 new IPv4 addresses). > > When the ip protocol was created with the saved reserved bit, the reserved bit was saved for just such case, for the case that we are in, what better use would be to the reserved bit in the IPv4 packet header if not to double the amount of IPv4 addresses (at the last stage of the transition to IPv6). > > Respectfully, > Elad > From: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>> > Sent: Saturday, April 25, 2020 10:01 PM > To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<members-discuss(a)ripe.net<mailto:members-discuss@ripe.net%3cmembers-discuss@ripe.net>> > Subject: RE: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Sorry, there are far too many Layer3 switches and routers which already support IPv6 and would need to be updated to support IPv4+. > There are also many firewalls, both hardware and software which would need updating but can already use IPv6. > > If you had proposed this before the introduction of IPv6 I am sure it would have worked, but it is inferior to IPv6 in two respects. > 1: it would require updating millions of routers, L3 switches, firewalls, operating systems and 3rd party devices. > 2: it would not offer anywhere close to the amount of IPv6 addresses which already work. > > Best, > Stuart Willet. > > From: members-discuss [mailto:members-discuss-bounces@ripe.net] On Behalf Of Elad Cohen > Sent: 25 April 2020 19:56 > To: noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > It is not a complete new protocol, the reserved bit (in IPv4 packet header) was intended to be reserved for future use, the future usage of it was planned. > > I'm not against IPv6, but IPv6 is not backward compatible with IPv4 by design and the world currently need more IPv4 addresses, the number of IPv4 addresses can be easily doubled even in one week, through operating system update of the biggest operating system vendors and simple firmware upgrades by the routing equipment manufacturers. > > switches are working on layer2, they are not related to ip. > > Respectfully, > Elad > > From: noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>> > Sent: Saturday, April 25, 2020 9:48 PM > To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> <members-discuss(a)ripe.net<mailto:members-discuss@ripe.net>> > Subject: RE: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > That won't be IPv4 but a complete new protocol, and routers/switches/whatever won't support them. > It's a better and cleaner solution to move to IPv6. > > Cheers. > > <image001.jpg> > NOC xervers | +351 300 404 316 > P Please consider the environment before printing this email > <image002.jpg> <image002.jpg> > <image002.jpg> <image003.jpg> > > > De: members-discuss <members-discuss-bounces(a)ripe.net<mailto:members-discuss-bounces@ripe.net>> Em Nome De Elad Cohen > Enviada: sábado, 25 de abril de 2020 20:21 > Para: members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Assunto: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Hello Everyone, > > I want to share with you my technical solution to the "IPv4 Exhaustion" problem (without to upgrade each and every router that exist in the internet), using the below implementation there will be more 4,294,967,296 IPv4 addresses that the world needs so much: > > Currently in an IPv4 packet - the source address and the destination address are being represented each by four bytes, each of these four bytes are being displayed as: [0-255].[0-255].[0-255].[0-255] > > But it is up to us to choose how we want to display them, for example: four bytes can also be displayed as [0-65535].[0-65535] (two numbers and one dot, the two numbers are bigger because in total they also being represented as four bytes) > > So there can be one set of 4,294,967,296 IPv4 addresses (the one that we know in the display format of [0-255].[0-255].[0-255].[0-255]) > > and another set of 4,294,967,296 IPv4 addresses (with a new format of [0-65535].[0-65535]) > > We need to have a mark, a flag, in the ip packet header - in order to know if the source address is of the old formatting (IPv4) or of the new formatting (lets call it IPv4+), for that mark the 'reserved bit' in the ip header can be used, so in case the source address is of IPv4+ or in case that the destination address is of IPv4+ (or in case that both the source and destination addresses are of IPv4+) then the reserved bit in the ip header will be set to 1 , we then also need to know exactly if the source address is of IPv4+ or not (meaning of IPv4) and if the destination address is of IPv4+ or not (meaning of IPv4) - this can be done by marking the DF flag if the source address is of IPv4+ (and not marking the DF flag if the source address is of IPv4) and marking the MF flag if the destination address is of IPv4+ (and not marking the MF flag if the destination address is of IPv4), by using the DF and MF bits which are related to fragmentation (whenever the reserved bit is set to '1') we are losing the ip fragmentation functionality for any traffic with an IPv4+ address (for traffic between two IPv4 addresses, the reserved bit is not set to '1' and hence optional ip fragment functionality is unchanged) > > We need to know the MTU before an IPv4+ packet will be sent, because no fragmentation will be able to be done with IPv4+ , the current "Path MTU Discovery" (RFC 1191) is not good for that case because it is using the DF bit which we are using as well (and in IPv4+ traffic a DF flag set to 1 is marking that the source address is of IPv4+), and also ICMP protocol can be blocked by routers in the routing path, the solution is to send multiple udp requests (with fixed known MTU sizes) to the destination address (lets call it IPv4+ handshake) - the destination address may or may not receive them (in case a router in the routing path have multiple upstreams and wasn't upgraded to an upper version that supports IPv4+ then it will not recognize the reserved bit and the DF and MF bits related to it, it will not recognize the new IPv4+ addresses and even if the reserved bit is set to '1' and MF flag is set to '1' in the ip packet - it will route to to the destination address just like it is an IPv4 address and not IPv4+ address, meaning to a completely different destination address) - in case the destination address indeed received the IPv4+ packets - it will send back the udp requests to the source address at the exact same sizes (with the reserved bit flag set to '1' and with the DF and MF flags set accordingly) - when the source address will receive them - the source address will know that the destination address is supporting IPv4+ , that ip packets with new IPv4+ formatting will reach the destination and the source address will know what is the biggest size of the udp request that was received - and it will be the MTU for that specific connection between the source and the destination addresses (The IPv4+ handshake will be done again if there is no response from the destination after the initial udp handshake was already completed successfully). > > The udp handshake between a source address and a destination address (that any of them or them both is an IPv4+ address) will use a specific udp port, an availalbe unassigned port between 0 to 1023, an operating system networking stack (that was updated for IPv4+ with the operating system automatic updating system) will know exactly what this udp port is for - and will react accordingly, the upgraded operating system networking stack will also check that the destination address (in the IPv4 or in the IPv4+ format) is set locally in the operating system, before sending the udp requests back to the source address (if not then the ip packet will be dropped by the upgraded operating system networking stack). Any operating system that wasn't upgraded to support IPv4+ - will just drop that kind of udp requests. > > IPv4+ is fully backward compatible to IPv4 (and any router that was not upgraded yet to IPv4+ will not cause IPv4 traffic to break), it is also not adding any new fields to ip packets or using new fields, IPv4+ will not cause any performance overload for any supported router. > > The reason that the MF and DF bits are being use for IPv4+ and not the ToS / IP-ID / Options in ip header are being used is because we cannot be 100% sure that the ToS / IP-ID / Options in the ip header will not be changed or dropped by any rouer in the routing path that wasn't upgraded to IPv4+ (and we don't want to upgrade any router in the world because it is an impossible mission) - in the ip header ToS is being cleared by some routers - IP-ID can be changed by NAT routers - Options field is dropped by many routers, we can trust that the DF and MF flags will not be modified in the routing path by routers that weren't upgraded to IPv4+. > > For the above solution not all the internet devices in the world needs to be patched/upgraded to support IPv4+ which is an impossible mission, end-users operating systems need to be upgraded (but it can be done simply using their automatic updating system), BGP routers (and any router with multiple physical routing paths) will need to have its firmware upgraded to support IPv4+, any NAT router that will want to use an external IPv4+ address will need to have its firmware upgraded (any NAT router that will use an external IPv4 address will not need to have its firmware upgraded, only the internet devices in the LAN of the NAT router will need to have a single operating system update in order for them to access IPv4+ addresses in the internet), any home router (not NAT) or home modem will not need to have a firmware upgrade and IPv4+ functionality will be transparent to them. > > The deployment of IPv4+ can be fairly easy and very fast, a round table of one person from each one of the 5 RIRs and from each one of the operating systems vendors and from each one of the router manufacture vendors. Even if IPv4+ will be deployed over time, it will not cause the internet to break (devices that need to be upgraded to IPv4+ and didn't yet will work exactly as they are now with IPv4, they will just not yet support IPv4+). > > The above will resolve the "IPv4 Exhaustion" problem and will bring to each one of the 5 RIRs almost 900,000,000 new IPv4+ addresses that will be able to the provided to the LIRs worldwide, if you have any question please let me know. > > Respectfully, > Elad > _______________________________________________ > members-discuss mailing list > members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > https://lists.ripe.net/mailman/listinfo/members-discuss > Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/torbjorn.eklov%40int… _______________________________________________ members-discuss mailing list members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/campbell%40inca.ie

11 22

Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world
by Elad Cohen 26 Apr '20

26 Apr '20

Did you see any implementation of a router that on its own flip the DF bit? According to all of my checks it doesn't happen - the fragmentation bits are reliable - meaning not modified by routers in the routing path. No every router in world will need to be updated, in a case that a router will flip the DF bit (there is no online record of such case to happen that routers change on their own fragmentation bits, in the whole internet) then the IPv4+ packet will not reach the destination in the initial "IPv4+ UDP Handshake" and hence the communication (after a successfull "IPv4+ UDP Handshake") will not happen. Respectfully, Elad ________________________________ From: Tobias Lehner Sent: Sunday, April 26, 2020 11:01 AM To: Elad Cohen; 'noc'; Ed Campbell Cc: members-discuss(a)ripe.net Subject: AW: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Then you need to update software of all routers. Any router in the path must not switch the df bit. Every piece of network hardware must be verified or updated, which would cause a big delay in implementing. If it is not checked some router may flip the df bit and you would not get a connectoin. I guess to setup IPv6 is more straightforward and would not cause this delay. Because we have it already. It is a nice idea of you but it will fail at the implementing or causes several delay. Mit freundlichen Grüßen / Best Regards Tobias Lehner Hartl-EDV GmbH & Co. KG Von: Elad Cohen <elad(a)netstyle.io> Gesendet: Sonntag, 26. April 2020 09:54 An: Tobias Lehner <tl(a)hartl-edv.de>; 'noc' <noc(a)xervers.pt>; Ed Campbell <campbell(a)inca.ie> Cc: members-discuss(a)ripe.net Betreff: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world You didn't fully read my initial post, the MTU with IPv4+ will not be a fixed MTU of 1500 or of any other fixed value, it will be set in the beginning of the connection through a process called: "IPv4+ UDP Handshake" Respectfully, Elad ________________________________ From: Tobias Lehner Sent: Sunday, April 26, 2020 10:51 AM To: Elad Cohen; 'noc'; Ed Campbell Cc: members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> Subject: AW: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world You cannot be sure to have MTU of 1500 everywhere… Normally routers should not do anything with df bit, but it is possible to flip the df bit on the router. It is required for some cases. Mit freundlichen Grüßen / Best Regards Tobias Lehner Hartl-EDV GmbH & Co. KG Von: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>> Gesendet: Sonntag, 26. April 2020 09:48 An: Tobias Lehner <tl(a)hartl-edv.de<mailto:tl@hartl-edv.de>>; 'noc' <noc(a)xervers.pt<mailto:noc@xervers.pt>>; Ed Campbell <campbell(a)inca.ie<mailto:campbell@inca.ie>> Cc: members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> Betreff: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Tobias, Routers will not do anything with the DF and MF flags as long that MTU is fine (and MTU is initially checked with "IPv4+ UDP Handshake") I wrote in previous reply an adjustment to the idea that is quicker to deploy and will not require the routers, but it will lack the RIRs being able to allocate and to assign IPv4+ addresses to LIRs. Each LIR will automatically receive an additional IPv4 address for each current IPv4 address that it have: -------- Here is an optional adjustment to the idea: Only end-users and servers operating systems will be updated (using the operating systems automatic updating mechanism), using the same way that I wrote with the exact same feasible IPv4 packet modification implementation (reserved bit, no fragmentation, fragmentation flags, udp handshake), no other equipment will need to be updated, no routers will need to be updated at all - but then the routing of IPv4+ addresses will always be to the same destination device that have the same four bytes of destination IPv4 address (meaning routing will be as it is now - based on IPv4 and not on IPv4+). In this way, the number of IPv4 addresses will be doubled and each ASN will double his number of IPv4 addresses, each ASN will have his exact same ip addresses but in two formats - in IPv4 format and in IPv4+ format. (if the community is lazy and don't want to upgrade the needed routers by IT professionals, and it is not the whole routers in the world, far far far less) -------- Respectfully, Elad ________________________________ From: Tobias Lehner Sent: Sunday, April 26, 2020 10:43 AM To: 'noc'; Elad Cohen; Ed Campbell Cc: members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> Subject: AW: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Hi, Furthermore, every router in the connection can/may add/remove the df bit, which breaks your idea. We should really go in the direction of IPv6. Mit freundlichen Grüßen / Best Regards Tobias Lehner Hartl-EDV GmbH & Co. KG Von: members-discuss <members-discuss-bounces(a)ripe.net<mailto:members-discuss-bounces@ripe.net>> Im Auftrag von noc Gesendet: Sonntag, 26. April 2020 09:23 An: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; Ed Campbell <campbell(a)inca.ie<mailto:campbell@inca.ie>> Cc: members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> Betreff: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Hello Elad. I've been reading all the messages you sent. I see that you try hard to push your vision. But here's some reasons to what you suggest doesn't work and will never work: - the extra 2 bits you suggest to use (fragmentation bits) are there for a reason. And that reason is not to have more ips, but to fragment packets when needed. On a perfect worldwide network, they aren't needed. But we are on a imperfect worldwide network and many systems need packet fragmentation to work (satellite systems by example). - it's not possible to upgrade millions of routers. Many reached end-of-life many years ago. If the ISP switch the router, he will deploy right away ipv6. - IPv4+ will not give more time to deploy IPv6. It will only delay it. Everyone is lazy for different reasons. So, if IPv4 works, why deploy IPv6? No. It's been since 2012 that we (RIPE) announced the exhaustion of IPv4. And very few has been done to push IPv6. - enterprises like Microsoft will earn a lot more of IPv4+ if they implement it... Why will they bother? They already have 2 /8 legacy not being used/routed. And this is the same for a lot other companies. Many already invested a lot on IPv6, will they do new investments for IPv4+ knowing that is a dead end? No. - IPv4+ is easy to implement. Wrong. It's hard. It will need to be implemented on each level till the top (IANA), and I doubt the very top will do anything to change this. Looking at the statistics everywhere, I see that IPv6 implementation his growing a lot since September. And this, yes. It's a good news. Your idea should've be pushed 15 years ago (before the running out announcement), not now. Now there is nothing it can be done. Cheers Enviado a partir do meu smartphone Samsung Galaxy. -------- Mensagem original -------- De : Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>> Data: 26/04/20 00:54 (GMT+01:00) Para: Ed Campbell <campbell(a)inca.ie<mailto:campbell@inca.ie>> Cc: members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> Assunto: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Indeed demand is rising, but I don't believe that the world will use more than 4 billion new IPv4 addresses in 5 years, it will not happen, the RIRs already have very strict policies that will continue to be used, IPv4+ will not end fast - it will provide many many years that in them migration to IPv6 will be able to be completed quietly. (without the world to be in any problem) The only reason that IPv4 exhausted recently is because companies from all over the world were told that IPv4 is about to end (and this was the brainwash) so they opened LIR accounts like crazy just to get the last /22's - this is the only reason. And people that are doing money out of it. But if each RIR will have 800+ new million ip addresses and the RIRs will use strict policies to provide them and there will not be a shortage and the public will know that there isn't a shortage of IPv4 - then you will see that companies will not open LIR accounts like crazy just to get the last IPv4 addresses. Respectfully, Elad ________________________________ From: Ed Campbell <campbell(a)inca.ie<mailto:campbell@inca.ie>> Sent: Sunday, April 26, 2020 1:39 AM To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>> Cc: Torbjörn Eklöv <torbjorn.eklov(a)interlan.se<mailto:torbjorn.eklov@interlan.se>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> <members-discuss(a)ripe.net<mailto:members-discuss@ripe.net>> Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world IPv6 isn’t slow because of the lack of trying, it is slow because of Microsoft et al’s unwillingness to adopt it. If it became the default IP stack to use on all operating systems rather than a “nice to have” “feature” attitudes would change. 3-4 times you have said now that it would take another 25 years to exhaust this “new” IPv4 space, that just doesn’t track with the current demand for addressing. You’d only be delaying and thwarting existing efforts to deploy IPv6. Sent from my iPhone On 25 Apr 2020, at 22:34, Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>> wrote: Torbjorn, IPv6 cannot communicate directly with IPv4, while IPv4+ can communicate directly with IPv4. Technicians don't have to know anything about IPv4+ (and not to know how it internally works) besides to know how to upgrade the firmware of a router and how to update a patch to an operating system, in contrary to IPv6 that Technicians need to know it completely in order to design an IPv6 network and for it also to work with IPv4. I didn't write that I'm against learning or implementing IPv6, I wrote my opinion on why deployment of IPv6 is slow and will be slow. It took us approximately 25 years to use almost 4,294,967,296 IPv4 addresses, the same number of ip addresses IPv4+ will bring us at least more 25 years. CGNAT is not good for datacenters, and datacenter needs and will need more IPv4 addresses. Respectfully, Elad ________________________________ From: Torbjörn Eklöv <torbjorn.eklov(a)interlan.se<mailto:torbjorn.eklov@interlan.se>> Sent: Sunday, April 26, 2020 12:15 AM To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>> Cc: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>>; Atif Naveed <a.naveed(a)go.com.sa<mailto:a.naveed@go.com.sa>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> <members-discuss(a)ripe.net<mailto:members-discuss@ripe.net>> Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Elad, > > Because IPv6 is a completely different network than IPv4, IPv4+ is the same network of IPv4. No, IPv4+ is also a complete new network that no OS supports and no technician can understand now. It’s more complicated and more time consuming than deploying IPv6. > (IPv6 require complete new network design, much more to learn for companies/organizations and much more expenses for companies/organizations. IPv4+ will give more time and space that is needed in the world today) Yes, it’s "new“ but you had +20 years to learn IPv6 and you have time now to learn it now while CGNAT is growing. IPv4+ just extends the time a little bit more. /Tobbe > > Respectfully, > Elad > From: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>> > Sent: Saturday, April 25, 2020 11:04 PM > To: Atif Naveed <a.naveed(a)go.com.sa<mailto:a.naveed@go.com.sa>>; Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> <members-discuss(a)ripe.net<mailto:members-discuss@ripe.net>> > Subject: RE: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Dear Atif, > > Respectfully, we have IPv6 sessions with Tier1 and peering networks and have had for some years now. > I’m not sure there is a Tier1 who doesn’t offer IPv6. > Most UK ISP’s now provide IPv6 by default to people’s homes. > > I agree the uptake has been incredibly slow, which is why I don’t think IPv4+ will be any better. We all updated kit for IPv6 providing trillions more IP addresses to each LIR but the uptake has been slow. > Why would the uptake be faster for IPv4+? > > > Best, > > Stuart Willet. > > From: Atif Naveed [mailto:a.naveed@go.com.sa] > Sent: 25 April 2020 20:30 > To: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>>; Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Subject: RE: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Dear Stuart, > > Hold your horses, till day where IPv6 stands not near to 1 to 10% of utilization across internet. So in so many years IPv6 still not able to catch the eyes of Tier1 or any ISP or simple users. > > So what Elad is offering is still very good option to move ahead at this stage before ipv6 takes off its flight in next decade or so. > > And I can understand deployment will be not that’s straight forward but once it starts flying it will make its own path . > > Regards > > > Atif Naveed > Sr. Specialist > IGW/ISP Core Network Operations > D:+966-11511-1263 > E:a.naveed@go.com.sa > www.go.com.sa<http://www.go.com.sa> > > From: members-discuss <members-discuss-bounces(a)ripe.net<mailto:members-discuss-bounces@ripe.net>> On Behalf Of Stuart Willet (primary) > Sent: Saturday, April 25, 2020 10:21 PM > To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Respectfully, I do not think you have fully considered the logistics involved in updating so much hardware and software. > > What about all the L3 switches and routers not owned by ISP’s? > What about bigger ISP’s ad Tier 1’s? Do you honestly believe NTT or Telia will update millions of network devices worldwide for a /21? > > Honestly, the update alone is unfeasible, especially when we already have fully working IPv6. > > On that note, everyone has been given an incredible amount of IPv6 space, but this has not picked up anywhere near fast enough. > I appreciate you believe IPv4+ will be more compatible, but it simply will not work unless the entire world updates all IP based switching and routing platforms as well as operating systems and bespoke hardware. > > Best, > Stuart Willet. > > From: Elad Cohen [mailto:elad@netstyle.io] > Sent: 25 April 2020 20:13 > To: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > My main issue is that it is not a replacement for IPv6, it is just an additional pool of ip addresses for IPv4, I do understand that IPv4 ip addresses don't come near to the amount of ip addresses in IPv6, but we will always have devices that are too old to be upgraded to IPv6 and the solution I wrote is doubling the amount of IPv4 (comparing to IPv6 it is meaning less but comparing to the number of ip addresses in IPv4 it is doubling the amount of IPv4), and I do believe that more IPv4 addresses will make the transition to IPv6 faster (everyone will be able to support both IPv6 and IPv4 and then transition to only-IPv6 will be smoother). > > Regarding the number of devices: > • Any routing device with more than two physical routes > • Any BGP router > • Any operating system > The operating systems updates can be fast through their automatic update systems, regarding updating the routing equipment - if each ASN will be know the he will receive a free /21 from the IPv4+ you will see that it will be fast as well (and after it each of the 5 RIRs will have more than 800,000,000 new IPv4 addresses). > > When the ip protocol was created with the saved reserved bit, the reserved bit was saved for just such case, for the case that we are in, what better use would be to the reserved bit in the IPv4 packet header if not to double the amount of IPv4 addresses (at the last stage of the transition to IPv6). > > Respectfully, > Elad > From: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>> > Sent: Saturday, April 25, 2020 10:01 PM > To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<members-discuss(a)ripe.net<mailto:members-discuss@ripe.net%3cmembers-discuss@ripe.net>> > Subject: RE: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Sorry, there are far too many Layer3 switches and routers which already support IPv6 and would need to be updated to support IPv4+. > There are also many firewalls, both hardware and software which would need updating but can already use IPv6. > > If you had proposed this before the introduction of IPv6 I am sure it would have worked, but it is inferior to IPv6 in two respects. > 1: it would require updating millions of routers, L3 switches, firewalls, operating systems and 3rd party devices. > 2: it would not offer anywhere close to the amount of IPv6 addresses which already work. > > Best, > Stuart Willet. > > From: members-discuss [mailto:members-discuss-bounces@ripe.net] On Behalf Of Elad Cohen > Sent: 25 April 2020 19:56 > To: noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > It is not a complete new protocol, the reserved bit (in IPv4 packet header) was intended to be reserved for future use, the future usage of it was planned. > > I'm not against IPv6, but IPv6 is not backward compatible with IPv4 by design and the world currently need more IPv4 addresses, the number of IPv4 addresses can be easily doubled even in one week, through operating system update of the biggest operating system vendors and simple firmware upgrades by the routing equipment manufacturers. > > switches are working on layer2, they are not related to ip. > > Respectfully, > Elad > > From: noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>> > Sent: Saturday, April 25, 2020 9:48 PM > To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> <members-discuss(a)ripe.net<mailto:members-discuss@ripe.net>> > Subject: RE: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > That won't be IPv4 but a complete new protocol, and routers/switches/whatever won't support them. > It's a better and cleaner solution to move to IPv6. > > Cheers. > > <image001.jpg> > NOC xervers | +351 300 404 316 > P Please consider the environment before printing this email > <image002.jpg> <image002.jpg> > <image002.jpg> <image003.jpg> > > > De: members-discuss <members-discuss-bounces(a)ripe.net<mailto:members-discuss-bounces@ripe.net>> Em Nome De Elad Cohen > Enviada: sábado, 25 de abril de 2020 20:21 > Para: members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Assunto: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Hello Everyone, > > I want to share with you my technical solution to the "IPv4 Exhaustion" problem (without to upgrade each and every router that exist in the internet), using the below implementation there will be more 4,294,967,296 IPv4 addresses that the world needs so much: > > Currently in an IPv4 packet - the source address and the destination address are being represented each by four bytes, each of these four bytes are being displayed as: [0-255].[0-255].[0-255].[0-255] > > But it is up to us to choose how we want to display them, for example: four bytes can also be displayed as [0-65535].[0-65535] (two numbers and one dot, the two numbers are bigger because in total they also being represented as four bytes) > > So there can be one set of 4,294,967,296 IPv4 addresses (the one that we know in the display format of [0-255].[0-255].[0-255].[0-255]) > > and another set of 4,294,967,296 IPv4 addresses (with a new format of [0-65535].[0-65535]) > > We need to have a mark, a flag, in the ip packet header - in order to know if the source address is of the old formatting (IPv4) or of the new formatting (lets call it IPv4+), for that mark the 'reserved bit' in the ip header can be used, so in case the source address is of IPv4+ or in case that the destination address is of IPv4+ (or in case that both the source and destination addresses are of IPv4+) then the reserved bit in the ip header will be set to 1 , we then also need to know exactly if the source address is of IPv4+ or not (meaning of IPv4) and if the destination address is of IPv4+ or not (meaning of IPv4) - this can be done by marking the DF flag if the source address is of IPv4+ (and not marking the DF flag if the source address is of IPv4) and marking the MF flag if the destination address is of IPv4+ (and not marking the MF flag if the destination address is of IPv4), by using the DF and MF bits which are related to fragmentation (whenever the reserved bit is set to '1') we are losing the ip fragmentation functionality for any traffic with an IPv4+ address (for traffic between two IPv4 addresses, the reserved bit is not set to '1' and hence optional ip fragment functionality is unchanged) > > We need to know the MTU before an IPv4+ packet will be sent, because no fragmentation will be able to be done with IPv4+ , the current "Path MTU Discovery" (RFC 1191) is not good for that case because it is using the DF bit which we are using as well (and in IPv4+ traffic a DF flag set to 1 is marking that the source address is of IPv4+), and also ICMP protocol can be blocked by routers in the routing path, the solution is to send multiple udp requests (with fixed known MTU sizes) to the destination address (lets call it IPv4+ handshake) - the destination address may or may not receive them (in case a router in the routing path have multiple upstreams and wasn't upgraded to an upper version that supports IPv4+ then it will not recognize the reserved bit and the DF and MF bits related to it, it will not recognize the new IPv4+ addresses and even if the reserved bit is set to '1' and MF flag is set to '1' in the ip packet - it will route to to the destination address just like it is an IPv4 address and not IPv4+ address, meaning to a completely different destination address) - in case the destination address indeed received the IPv4+ packets - it will send back the udp requests to the source address at the exact same sizes (with the reserved bit flag set to '1' and with the DF and MF flags set accordingly) - when the source address will receive them - the source address will know that the destination address is supporting IPv4+ , that ip packets with new IPv4+ formatting will reach the destination and the source address will know what is the biggest size of the udp request that was received - and it will be the MTU for that specific connection between the source and the destination addresses (The IPv4+ handshake will be done again if there is no response from the destination after the initial udp handshake was already completed successfully). > > The udp handshake between a source address and a destination address (that any of them or them both is an IPv4+ address) will use a specific udp port, an availalbe unassigned port between 0 to 1023, an operating system networking stack (that was updated for IPv4+ with the operating system automatic updating system) will know exactly what this udp port is for - and will react accordingly, the upgraded operating system networking stack will also check that the destination address (in the IPv4 or in the IPv4+ format) is set locally in the operating system, before sending the udp requests back to the source address (if not then the ip packet will be dropped by the upgraded operating system networking stack). Any operating system that wasn't upgraded to support IPv4+ - will just drop that kind of udp requests. > > IPv4+ is fully backward compatible to IPv4 (and any router that was not upgraded yet to IPv4+ will not cause IPv4 traffic to break), it is also not adding any new fields to ip packets or using new fields, IPv4+ will not cause any performance overload for any supported router. > > The reason that the MF and DF bits are being use for IPv4+ and not the ToS / IP-ID / Options in ip header are being used is because we cannot be 100% sure that the ToS / IP-ID / Options in the ip header will not be changed or dropped by any rouer in the routing path that wasn't upgraded to IPv4+ (and we don't want to upgrade any router in the world because it is an impossible mission) - in the ip header ToS is being cleared by some routers - IP-ID can be changed by NAT routers - Options field is dropped by many routers, we can trust that the DF and MF flags will not be modified in the routing path by routers that weren't upgraded to IPv4+. > > For the above solution not all the internet devices in the world needs to be patched/upgraded to support IPv4+ which is an impossible mission, end-users operating systems need to be upgraded (but it can be done simply using their automatic updating system), BGP routers (and any router with multiple physical routing paths) will need to have its firmware upgraded to support IPv4+, any NAT router that will want to use an external IPv4+ address will need to have its firmware upgraded (any NAT router that will use an external IPv4 address will not need to have its firmware upgraded, only the internet devices in the LAN of the NAT router will need to have a single operating system update in order for them to access IPv4+ addresses in the internet), any home router (not NAT) or home modem will not need to have a firmware upgrade and IPv4+ functionality will be transparent to them. > > The deployment of IPv4+ can be fairly easy and very fast, a round table of one person from each one of the 5 RIRs and from each one of the operating systems vendors and from each one of the router manufacture vendors. Even if IPv4+ will be deployed over time, it will not cause the internet to break (devices that need to be upgraded to IPv4+ and didn't yet will work exactly as they are now with IPv4, they will just not yet support IPv4+). > > The above will resolve the "IPv4 Exhaustion" problem and will bring to each one of the 5 RIRs almost 900,000,000 new IPv4+ addresses that will be able to the provided to the LIRs worldwide, if you have any question please let me know. > > Respectfully, > Elad > _______________________________________________ > members-discuss mailing list > members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > https://lists.ripe.net/mailman/listinfo/members-discuss > Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/torbjorn.eklov%40int… _______________________________________________ members-discuss mailing list members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/campbell%40inca.ie

1 0

Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world
by Elad Cohen 26 Apr '20

26 Apr '20

Tobias, Routers will not do anything with the DF and MF flags as long that MTU is fine (and MTU is initially checked with "IPv4+ UDP Handshake") I wrote in previous reply an adjustment to the idea that is quicker to deploy and will not require the routers, but it will lack the RIRs being able to allocate and to assign IPv4+ addresses to LIRs. Each LIR will automatically receive an additional IPv4 address for each current IPv4 address that it have: -------- Here is an optional adjustment to the idea: Only end-users and servers operating systems will be updated (using the operating systems automatic updating mechanism), using the same way that I wrote with the exact same feasible IPv4 packet modification implementation (reserved bit, no fragmentation, fragmentation flags, udp handshake), no other equipment will need to be updated, no routers will need to be updated at all - but then the routing of IPv4+ addresses will always be to the same destination device that have the same four bytes of destination IPv4 address (meaning routing will be as it is now - based on IPv4 and not on IPv4+). In this way, the number of IPv4 addresses will be doubled and each ASN will double his number of IPv4 addresses, each ASN will have his exact same ip addresses but in two formats - in IPv4 format and in IPv4+ format. (if the community is lazy and don't want to upgrade the needed routers by IT professionals, and it is not the whole routers in the world, far far far less) -------- Respectfully, Elad ________________________________ From: Tobias Lehner Sent: Sunday, April 26, 2020 10:43 AM To: 'noc'; Elad Cohen; Ed Campbell Cc: members-discuss(a)ripe.net Subject: AW: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Hi, Furthermore, every router in the connection can/may add/remove the df bit, which breaks your idea. We should really go in the direction of IPv6. Mit freundlichen Grüßen / Best Regards Tobias Lehner Hartl-EDV GmbH & Co. KG Von: members-discuss <members-discuss-bounces(a)ripe.net> Im Auftrag von noc Gesendet: Sonntag, 26. April 2020 09:23 An: Elad Cohen <elad(a)netstyle.io>; Ed Campbell <campbell(a)inca.ie> Cc: members-discuss(a)ripe.net Betreff: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Hello Elad. I've been reading all the messages you sent. I see that you try hard to push your vision. But here's some reasons to what you suggest doesn't work and will never work: - the extra 2 bits you suggest to use (fragmentation bits) are there for a reason. And that reason is not to have more ips, but to fragment packets when needed. On a perfect worldwide network, they aren't needed. But we are on a imperfect worldwide network and many systems need packet fragmentation to work (satellite systems by example). - it's not possible to upgrade millions of routers. Many reached end-of-life many years ago. If the ISP switch the router, he will deploy right away ipv6. - IPv4+ will not give more time to deploy IPv6. It will only delay it. Everyone is lazy for different reasons. So, if IPv4 works, why deploy IPv6? No. It's been since 2012 that we (RIPE) announced the exhaustion of IPv4. And very few has been done to push IPv6. - enterprises like Microsoft will earn a lot more of IPv4+ if they implement it... Why will they bother? They already have 2 /8 legacy not being used/routed. And this is the same for a lot other companies. Many already invested a lot on IPv6, will they do new investments for IPv4+ knowing that is a dead end? No. - IPv4+ is easy to implement. Wrong. It's hard. It will need to be implemented on each level till the top (IANA), and I doubt the very top will do anything to change this. Looking at the statistics everywhere, I see that IPv6 implementation his growing a lot since September. And this, yes. It's a good news. Your idea should've be pushed 15 years ago (before the running out announcement), not now. Now there is nothing it can be done. Cheers Enviado a partir do meu smartphone Samsung Galaxy. -------- Mensagem original -------- De : Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>> Data: 26/04/20 00:54 (GMT+01:00) Para: Ed Campbell <campbell(a)inca.ie<mailto:campbell@inca.ie>> Cc: members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> Assunto: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Indeed demand is rising, but I don't believe that the world will use more than 4 billion new IPv4 addresses in 5 years, it will not happen, the RIRs already have very strict policies that will continue to be used, IPv4+ will not end fast - it will provide many many years that in them migration to IPv6 will be able to be completed quietly. (without the world to be in any problem) The only reason that IPv4 exhausted recently is because companies from all over the world were told that IPv4 is about to end (and this was the brainwash) so they opened LIR accounts like crazy just to get the last /22's - this is the only reason. And people that are doing money out of it. But if each RIR will have 800+ new million ip addresses and the RIRs will use strict policies to provide them and there will not be a shortage and the public will know that there isn't a shortage of IPv4 - then you will see that companies will not open LIR accounts like crazy just to get the last IPv4 addresses. Respectfully, Elad ________________________________ From: Ed Campbell <campbell(a)inca.ie<mailto:campbell@inca.ie>> Sent: Sunday, April 26, 2020 1:39 AM To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>> Cc: Torbjörn Eklöv <torbjorn.eklov(a)interlan.se<mailto:torbjorn.eklov@interlan.se>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> <members-discuss(a)ripe.net<mailto:members-discuss@ripe.net>> Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world IPv6 isn’t slow because of the lack of trying, it is slow because of Microsoft et al’s unwillingness to adopt it. If it became the default IP stack to use on all operating systems rather than a “nice to have” “feature” attitudes would change. 3-4 times you have said now that it would take another 25 years to exhaust this “new” IPv4 space, that just doesn’t track with the current demand for addressing. You’d only be delaying and thwarting existing efforts to deploy IPv6. Sent from my iPhone On 25 Apr 2020, at 22:34, Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>> wrote: Torbjorn, IPv6 cannot communicate directly with IPv4, while IPv4+ can communicate directly with IPv4. Technicians don't have to know anything about IPv4+ (and not to know how it internally works) besides to know how to upgrade the firmware of a router and how to update a patch to an operating system, in contrary to IPv6 that Technicians need to know it completely in order to design an IPv6 network and for it also to work with IPv4. I didn't write that I'm against learning or implementing IPv6, I wrote my opinion on why deployment of IPv6 is slow and will be slow. It took us approximately 25 years to use almost 4,294,967,296 IPv4 addresses, the same number of ip addresses IPv4+ will bring us at least more 25 years. CGNAT is not good for datacenters, and datacenter needs and will need more IPv4 addresses. Respectfully, Elad ________________________________ From: Torbjörn Eklöv <torbjorn.eklov(a)interlan.se<mailto:torbjorn.eklov@interlan.se>> Sent: Sunday, April 26, 2020 12:15 AM To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>> Cc: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>>; Atif Naveed <a.naveed(a)go.com.sa<mailto:a.naveed@go.com.sa>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> <members-discuss(a)ripe.net<mailto:members-discuss@ripe.net>> Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Elad, > > Because IPv6 is a completely different network than IPv4, IPv4+ is the same network of IPv4. No, IPv4+ is also a complete new network that no OS supports and no technician can understand now. It’s more complicated and more time consuming than deploying IPv6. > (IPv6 require complete new network design, much more to learn for companies/organizations and much more expenses for companies/organizations. IPv4+ will give more time and space that is needed in the world today) Yes, it’s "new“ but you had +20 years to learn IPv6 and you have time now to learn it now while CGNAT is growing. IPv4+ just extends the time a little bit more. /Tobbe > > Respectfully, > Elad > From: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>> > Sent: Saturday, April 25, 2020 11:04 PM > To: Atif Naveed <a.naveed(a)go.com.sa<mailto:a.naveed@go.com.sa>>; Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> <members-discuss(a)ripe.net<mailto:members-discuss@ripe.net>> > Subject: RE: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Dear Atif, > > Respectfully, we have IPv6 sessions with Tier1 and peering networks and have had for some years now. > I’m not sure there is a Tier1 who doesn’t offer IPv6. > Most UK ISP’s now provide IPv6 by default to people’s homes. > > I agree the uptake has been incredibly slow, which is why I don’t think IPv4+ will be any better. We all updated kit for IPv6 providing trillions more IP addresses to each LIR but the uptake has been slow. > Why would the uptake be faster for IPv4+? > > > Best, > > Stuart Willet. > > From: Atif Naveed [mailto:a.naveed@go.com.sa] > Sent: 25 April 2020 20:30 > To: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>>; Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Subject: RE: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Dear Stuart, > > Hold your horses, till day where IPv6 stands not near to 1 to 10% of utilization across internet. So in so many years IPv6 still not able to catch the eyes of Tier1 or any ISP or simple users. > > So what Elad is offering is still very good option to move ahead at this stage before ipv6 takes off its flight in next decade or so. > > And I can understand deployment will be not that’s straight forward but once it starts flying it will make its own path . > > Regards > > > Atif Naveed > Sr. Specialist > IGW/ISP Core Network Operations > D:+966-11511-1263 > E:a.naveed@go.com.sa > www.go.com.sa<http://www.go.com.sa> > > From: members-discuss <members-discuss-bounces(a)ripe.net<mailto:members-discuss-bounces@ripe.net>> On Behalf Of Stuart Willet (primary) > Sent: Saturday, April 25, 2020 10:21 PM > To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Respectfully, I do not think you have fully considered the logistics involved in updating so much hardware and software. > > What about all the L3 switches and routers not owned by ISP’s? > What about bigger ISP’s ad Tier 1’s? Do you honestly believe NTT or Telia will update millions of network devices worldwide for a /21? > > Honestly, the update alone is unfeasible, especially when we already have fully working IPv6. > > On that note, everyone has been given an incredible amount of IPv6 space, but this has not picked up anywhere near fast enough. > I appreciate you believe IPv4+ will be more compatible, but it simply will not work unless the entire world updates all IP based switching and routing platforms as well as operating systems and bespoke hardware. > > Best, > Stuart Willet. > > From: Elad Cohen [mailto:elad@netstyle.io] > Sent: 25 April 2020 20:13 > To: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > My main issue is that it is not a replacement for IPv6, it is just an additional pool of ip addresses for IPv4, I do understand that IPv4 ip addresses don't come near to the amount of ip addresses in IPv6, but we will always have devices that are too old to be upgraded to IPv6 and the solution I wrote is doubling the amount of IPv4 (comparing to IPv6 it is meaning less but comparing to the number of ip addresses in IPv4 it is doubling the amount of IPv4), and I do believe that more IPv4 addresses will make the transition to IPv6 faster (everyone will be able to support both IPv6 and IPv4 and then transition to only-IPv6 will be smoother). > > Regarding the number of devices: > • Any routing device with more than two physical routes > • Any BGP router > • Any operating system > The operating systems updates can be fast through their automatic update systems, regarding updating the routing equipment - if each ASN will be know the he will receive a free /21 from the IPv4+ you will see that it will be fast as well (and after it each of the 5 RIRs will have more than 800,000,000 new IPv4 addresses). > > When the ip protocol was created with the saved reserved bit, the reserved bit was saved for just such case, for the case that we are in, what better use would be to the reserved bit in the IPv4 packet header if not to double the amount of IPv4 addresses (at the last stage of the transition to IPv6). > > Respectfully, > Elad > From: Stuart Willet (primary) <stu(a)safehosts.co.uk<mailto:stu@safehosts.co.uk>> > Sent: Saturday, April 25, 2020 10:01 PM > To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<members-discuss(a)ripe.net<mailto:members-discuss@ripe.net%3cmembers-discuss@ripe.net>> > Subject: RE: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Sorry, there are far too many Layer3 switches and routers which already support IPv6 and would need to be updated to support IPv4+. > There are also many firewalls, both hardware and software which would need updating but can already use IPv6. > > If you had proposed this before the introduction of IPv6 I am sure it would have worked, but it is inferior to IPv6 in two respects. > 1: it would require updating millions of routers, L3 switches, firewalls, operating systems and 3rd party devices. > 2: it would not offer anywhere close to the amount of IPv6 addresses which already work. > > Best, > Stuart Willet. > > From: members-discuss [mailto:members-discuss-bounces@ripe.net] On Behalf Of Elad Cohen > Sent: 25 April 2020 19:56 > To: noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Subject: Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > It is not a complete new protocol, the reserved bit (in IPv4 packet header) was intended to be reserved for future use, the future usage of it was planned. > > I'm not against IPv6, but IPv6 is not backward compatible with IPv4 by design and the world currently need more IPv4 addresses, the number of IPv4 addresses can be easily doubled even in one week, through operating system update of the biggest operating system vendors and simple firmware upgrades by the routing equipment manufacturers. > > switches are working on layer2, they are not related to ip. > > Respectfully, > Elad > > From: noc xervers <noc(a)xervers.pt<mailto:noc@xervers.pt>> > Sent: Saturday, April 25, 2020 9:48 PM > To: Elad Cohen <elad(a)netstyle.io<mailto:elad@netstyle.io>>; members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> <members-discuss(a)ripe.net<mailto:members-discuss@ripe.net>> > Subject: RE: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > That won't be IPv4 but a complete new protocol, and routers/switches/whatever won't support them. > It's a better and cleaner solution to move to IPv6. > > Cheers. > > <image001.jpg> > NOC xervers | +351 300 404 316 > P Please consider the environment before printing this email > <image002.jpg> <image002.jpg> > <image002.jpg> <image003.jpg> > > > De: members-discuss <members-discuss-bounces(a)ripe.net<mailto:members-discuss-bounces@ripe.net>> Em Nome De Elad Cohen > Enviada: sábado, 25 de abril de 2020 20:21 > Para: members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > Assunto: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world > > Hello Everyone, > > I want to share with you my technical solution to the "IPv4 Exhaustion" problem (without to upgrade each and every router that exist in the internet), using the below implementation there will be more 4,294,967,296 IPv4 addresses that the world needs so much: > > Currently in an IPv4 packet - the source address and the destination address are being represented each by four bytes, each of these four bytes are being displayed as: [0-255].[0-255].[0-255].[0-255] > > But it is up to us to choose how we want to display them, for example: four bytes can also be displayed as [0-65535].[0-65535] (two numbers and one dot, the two numbers are bigger because in total they also being represented as four bytes) > > So there can be one set of 4,294,967,296 IPv4 addresses (the one that we know in the display format of [0-255].[0-255].[0-255].[0-255]) > > and another set of 4,294,967,296 IPv4 addresses (with a new format of [0-65535].[0-65535]) > > We need to have a mark, a flag, in the ip packet header - in order to know if the source address is of the old formatting (IPv4) or of the new formatting (lets call it IPv4+), for that mark the 'reserved bit' in the ip header can be used, so in case the source address is of IPv4+ or in case that the destination address is of IPv4+ (or in case that both the source and destination addresses are of IPv4+) then the reserved bit in the ip header will be set to 1 , we then also need to know exactly if the source address is of IPv4+ or not (meaning of IPv4) and if the destination address is of IPv4+ or not (meaning of IPv4) - this can be done by marking the DF flag if the source address is of IPv4+ (and not marking the DF flag if the source address is of IPv4) and marking the MF flag if the destination address is of IPv4+ (and not marking the MF flag if the destination address is of IPv4), by using the DF and MF bits which are related to fragmentation (whenever the reserved bit is set to '1') we are losing the ip fragmentation functionality for any traffic with an IPv4+ address (for traffic between two IPv4 addresses, the reserved bit is not set to '1' and hence optional ip fragment functionality is unchanged) > > We need to know the MTU before an IPv4+ packet will be sent, because no fragmentation will be able to be done with IPv4+ , the current "Path MTU Discovery" (RFC 1191) is not good for that case because it is using the DF bit which we are using as well (and in IPv4+ traffic a DF flag set to 1 is marking that the source address is of IPv4+), and also ICMP protocol can be blocked by routers in the routing path, the solution is to send multiple udp requests (with fixed known MTU sizes) to the destination address (lets call it IPv4+ handshake) - the destination address may or may not receive them (in case a router in the routing path have multiple upstreams and wasn't upgraded to an upper version that supports IPv4+ then it will not recognize the reserved bit and the DF and MF bits related to it, it will not recognize the new IPv4+ addresses and even if the reserved bit is set to '1' and MF flag is set to '1' in the ip packet - it will route to to the destination address just like it is an IPv4 address and not IPv4+ address, meaning to a completely different destination address) - in case the destination address indeed received the IPv4+ packets - it will send back the udp requests to the source address at the exact same sizes (with the reserved bit flag set to '1' and with the DF and MF flags set accordingly) - when the source address will receive them - the source address will know that the destination address is supporting IPv4+ , that ip packets with new IPv4+ formatting will reach the destination and the source address will know what is the biggest size of the udp request that was received - and it will be the MTU for that specific connection between the source and the destination addresses (The IPv4+ handshake will be done again if there is no response from the destination after the initial udp handshake was already completed successfully). > > The udp handshake between a source address and a destination address (that any of them or them both is an IPv4+ address) will use a specific udp port, an availalbe unassigned port between 0 to 1023, an operating system networking stack (that was updated for IPv4+ with the operating system automatic updating system) will know exactly what this udp port is for - and will react accordingly, the upgraded operating system networking stack will also check that the destination address (in the IPv4 or in the IPv4+ format) is set locally in the operating system, before sending the udp requests back to the source address (if not then the ip packet will be dropped by the upgraded operating system networking stack). Any operating system that wasn't upgraded to support IPv4+ - will just drop that kind of udp requests. > > IPv4+ is fully backward compatible to IPv4 (and any router that was not upgraded yet to IPv4+ will not cause IPv4 traffic to break), it is also not adding any new fields to ip packets or using new fields, IPv4+ will not cause any performance overload for any supported router. > > The reason that the MF and DF bits are being use for IPv4+ and not the ToS / IP-ID / Options in ip header are being used is because we cannot be 100% sure that the ToS / IP-ID / Options in the ip header will not be changed or dropped by any rouer in the routing path that wasn't upgraded to IPv4+ (and we don't want to upgrade any router in the world because it is an impossible mission) - in the ip header ToS is being cleared by some routers - IP-ID can be changed by NAT routers - Options field is dropped by many routers, we can trust that the DF and MF flags will not be modified in the routing path by routers that weren't upgraded to IPv4+. > > For the above solution not all the internet devices in the world needs to be patched/upgraded to support IPv4+ which is an impossible mission, end-users operating systems need to be upgraded (but it can be done simply using their automatic updating system), BGP routers (and any router with multiple physical routing paths) will need to have its firmware upgraded to support IPv4+, any NAT router that will want to use an external IPv4+ address will need to have its firmware upgraded (any NAT router that will use an external IPv4 address will not need to have its firmware upgraded, only the internet devices in the LAN of the NAT router will need to have a single operating system update in order for them to access IPv4+ addresses in the internet), any home router (not NAT) or home modem will not need to have a firmware upgrade and IPv4+ functionality will be transparent to them. > > The deployment of IPv4+ can be fairly easy and very fast, a round table of one person from each one of the 5 RIRs and from each one of the operating systems vendors and from each one of the router manufacture vendors. Even if IPv4+ will be deployed over time, it will not cause the internet to break (devices that need to be upgraded to IPv4+ and didn't yet will work exactly as they are now with IPv4, they will just not yet support IPv4+). > > The above will resolve the "IPv4 Exhaustion" problem and will bring to each one of the 5 RIRs almost 900,000,000 new IPv4+ addresses that will be able to the provided to the LIRs worldwide, if you have any question please let me know. > > Respectfully, > Elad > _______________________________________________ > members-discuss mailing list > members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> > https://lists.ripe.net/mailman/listinfo/members-discuss > Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/torbjorn.eklov%40int… _______________________________________________ members-discuss mailing list members-discuss(a)ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/campbell%40inca.ie

2 1

Re: [members-discuss] [SPAM] Re: Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world
by Elad Cohen 26 Apr '20

26 Apr '20

I never created an RFC and not familiar with the process, but I wanted to discuss IPv4+ with Ripe members as I'm a Ripe LIR. Respectfully, Elad ________________________________ From: info(a)cowmedia.de Sent: Saturday, April 25, 2020 9:53 PM To: members-discuss(a)ripe.net Cc: 'noc xervers'; Elad Cohen Subject: AW: [SPAM] Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Hi, anyhow this is not the right list to discuss this. You need to create an RfC – but as IPv6 already exist there is no real chance of implementing this I would say. Michael Von: members-discuss <members-discuss-bounces(a)ripe.net> Im Auftrag von noc xervers Gesendet: Samstag, 25. April 2020 20:49 An: 'Elad Cohen' <elad(a)netstyle.io>; members-discuss(a)ripe.net Betreff: [SPAM] Re: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world That won't be IPv4 but a complete new protocol, and routers/switches/whatever won't support them. It's a better and cleaner solution to move to IPv6. Cheers. [Das Bild wurde vom Absender entfernt. XERVERS] NOC xervers | +351 300 404 316 P Please consider the environment before printing this email [Das Bild wurde vom Absender entfernt. Visit our website]<https://www.xervers.pt/> [Das Bild wurde vom Absender entfernt. Facebook] <https://www.facebook.com/xervers/> [Das Bild wurde vom Absender entfernt. Twitter]<https://twitter.com/xervers> [Das Bild wurde vom Absender entfernt. TrustPilot] <https://www.trustpilot.com/review/www.xervers.pt> De: members-discuss <members-discuss-bounces(a)ripe.net> Em Nome De Elad Cohen Enviada: sábado, 25 de abril de 2020 20:21 Para: members-discuss(a)ripe.net Assunto: [members-discuss] Technical solution to resolve the IPv4 Exhaustion problem and to add more 4, 294, 967, 296 IPv4 addresses that are needed in the world Hello Everyone, I want to share with you my technical solution to the "IPv4 Exhaustion" problem (without to upgrade each and every router that exist in the internet), using the below implementation there will be more 4,294,967,296 IPv4 addresses that the world needs so much: Currently in an IPv4 packet - the source address and the destination address are being represented each by four bytes, each of these four bytes are being displayed as: [0-255].[0-255].[0-255].[0-255] But it is up to us to choose how we want to display them, for example: four bytes can also be displayed as [0-65535].[0-65535] (two numbers and one dot, the two numbers are bigger because in total they also being represented as four bytes) So there can be one set of 4,294,967,296 IPv4 addresses (the one that we know in the display format of [0-255].[0-255].[0-255].[0-255]) and another set of 4,294,967,296 IPv4 addresses (with a new format of [0-65535].[0-65535]) We need to have a mark, a flag, in the ip packet header - in order to know if the source address is of the old formatting (IPv4) or of the new formatting (lets call it IPv4+), for that mark the 'reserved bit' in the ip header can be used, so in case the source address is of IPv4+ or in case that the destination address is of IPv4+ (or in case that both the source and destination addresses are of IPv4+) then the reserved bit in the ip header will be set to 1 , we then also need to know exactly if the source address is of IPv4+ or not (meaning of IPv4) and if the destination address is of IPv4+ or not (meaning of IPv4) - this can be done by marking the DF flag if the source address is of IPv4+ (and not marking the DF flag if the source address is of IPv4) and marking the MF flag if the destination address is of IPv4+ (and not marking the MF flag if the destination address is of IPv4), by using the DF and MF bits which are related to fragmentation (whenever the reserved bit is set to '1') we are losing the ip fragmentation functionality for any traffic with an IPv4+ address (for traffic between two IPv4 addresses, the reserved bit is not set to '1' and hence optional ip fragment functionality is unchanged) We need to know the MTU before an IPv4+ packet will be sent, because no fragmentation will be able to be done with IPv4+ , the current "Path MTU Discovery" (RFC 1191) is not good for that case because it is using the DF bit which we are using as well (and in IPv4+ traffic a DF flag set to 1 is marking that the source address is of IPv4+), and also ICMP protocol can be blocked by routers in the routing path, the solution is to send multiple udp requests (with fixed known MTU sizes) to the destination address (lets call it IPv4+ handshake) - the destination address may or may not receive them (in case a router in the routing path have multiple upstreams and wasn't upgraded to an upper version that supports IPv4+ then it will not recognize the reserved bit and the DF and MF bits related to it, it will not recognize the new IPv4+ addresses and even if the reserved bit is set to '1' and MF flag is set to '1' in the ip packet - it will route to to the destination address just like it is an IPv4 address and not IPv4+ address, meaning to a completely different destination address) - in case the destination address indeed received the IPv4+ packets - it will send back the udp requests to the source address at the exact same sizes (with the reserved bit flag set to '1' and with the DF and MF flags set accordingly) - when the source address will receive them - the source address will know that the destination address is supporting IPv4+ , that ip packets with new IPv4+ formatting will reach the destination and the source address will know what is the biggest size of the udp request that was received - and it will be the MTU for that specific connection between the source and the destination addresses (The IPv4+ handshake will be done again if there is no response from the destination after the initial udp handshake was already completed successfully). The udp handshake between a source address and a destination address (that any of them or them both is an IPv4+ address) will use a specific udp port, an availalbe unassigned port between 0 to 1023, an operating system networking stack (that was updated for IPv4+ with the operating system automatic updating system) will know exactly what this udp port is for - and will react accordingly, the upgraded operating system networking stack will also check that the destination address (in the IPv4 or in the IPv4+ format) is set locally in the operating system, before sending the udp requests back to the source address (if not then the ip packet will be dropped by the upgraded operating system networking stack). Any operating system that wasn't upgraded to support IPv4+ - will just drop that kind of udp requests. IPv4+ is fully backward compatible to IPv4 (and any router that was not upgraded yet to IPv4+ will not cause IPv4 traffic to break), it is also not adding any new fields to ip packets or using new fields, IPv4+ will not cause any performance overload for any supported router. The reason that the MF and DF bits are being use for IPv4+ and not the ToS / IP-ID / Options in ip header are being used is because we cannot be 100% sure that the ToS / IP-ID / Options in the ip header will not be changed or dropped by any rouer in the routing path that wasn't upgraded to IPv4+ (and we don't want to upgrade any router in the world because it is an impossible mission) - in the ip header ToS is being cleared by some routers - IP-ID can be changed by NAT routers - Options field is dropped by many routers, we can trust that the DF and MF flags will not be modified in the routing path by routers that weren't upgraded to IPv4+. For the above solution not all the internet devices in the world needs to be patched/upgraded to support IPv4+ which is an impossible mission, end-users operating systems need to be upgraded (but it can be done simply using their automatic updating system), BGP routers (and any router with multiple physical routing paths) will need to have its firmware upgraded to support IPv4+, any NAT router that will want to use an external IPv4+ address will need to have its firmware upgraded (any NAT router that will use an external IPv4 address will not need to have its firmware upgraded, only the internet devices in the LAN of the NAT router will need to have a single operating system update in order for them to access IPv4+ addresses in the internet), any home router (not NAT) or home modem will not need to have a firmware upgrade and IPv4+ functionality will be transparent to them. The deployment of IPv4+ can be fairly easy and very fast, a round table of one person from each one of the 5 RIRs and from each one of the operating systems vendors and from each one of the router manufacture vendors. Even if IPv4+ will be deployed over time, it will not cause the internet to break (devices that need to be upgraded to IPv4+ and didn't yet will work exactly as they are now with IPv4, they will just not yet support IPv4+). The above will resolve the "IPv4 Exhaustion" problem and will bring to each one of the 5 RIRs almost 900,000,000 new IPv4+ addresses that will be able to the provided to the LIRs worldwide, if you have any question please let me know. Respectfully, Elad

2 4