IPv4 Segment 100.64.0.0/10 – Understanding and Usage

ipip addressipv4nat;rfc

I recently got to know that IP segment 100.64.0.0/10 has been reserved by IANA for 'Shared Address Space'.

My question is: Can I use the IP Segment 100.64.0.0/10 as a private range in my network (like the way we are using 10.0.0.0/8)?

If yes, then do I need to upgrade my network appliances (like firewall or router) before using this, or can I use it as it is?

If no, then why not, and for what purposes this is segment reserved?

If possible, please share some document (or BCP) explaining (or talking about) this segment.

Best Answer

The 100.64.0.0/10 address block is not private address space; it is shared address space. This is spelled out in RFC 6598, IANA-Reserved IPv4 Prefix for Shared Address Space (I highlighted the relevant verbiage):

Introduction

IPv4 address space is nearly exhausted. However, ISPs must continue to support IPv4 growth until IPv6 is fully deployed. To that end, many ISPs will deploy a Carrier-Grade NAT (CGN) device, such as that described in [RFC6264]. Because CGNs are used on networks where public address space is expected, and currently available private address space causes operational issues when used in this context, ISPs require a new IPv4 /10 address block. This address block will be called the "Shared Address Space" and will be used to number the interfaces that connect CGN devices to Customer Premises Equipment (CPE).

Shared Address Space is similar to [RFC1918] private address space in that it is not globally routable address space and can be used by multiple pieces of equipment. However, Shared Address Space has limitations in its use that the current [RFC1918] private address space does not have. In particular, Shared Address Space can only be used in Service Provider networks or on routing equipment that is able to do address translation across router interfaces when the addresses are identical on two different interfaces.

This document requests the allocation of an IPv4 /10 address block to be used as Shared Address Space. In conversations with many ISPs, a /10 is the smallest block that will allow them to deploy CGNs on a regional basis without requiring nested CGNs. For instance, as described in [ISP-SHARED-ADDR], a /10 is sufficient to service Points of Presence in the Tokyo area.

This document details the allocation of an additional special-use IPv4 address block and updates [RFC5735].

Related Solutions

NAT vs ALG vs Firewall – Key Differences Explained

If I understand your question correctly, the NAT router translates addresses as data moves from the "inside" to the "outside." If traffic doesn't pass through the router, there is no translation.
"Control plane" and "data plane" are conceptual terms. There isn't always a correspondence to hardware or software. That said, forwarding traffic is the function of the data plane.
The terms ALG, firewall, layer3 switch, etc have no fixed definition. They get defined by the manufacturers and can mean whatever they want it to mean. But generally speaking, an ALG often performs the same functions as a firewall.
TCP/IP can't read IANA specifications, so a port is a port, no matter what number is used. They are all handled (and translated) the same way.

Netflix CIDR Blocks – Why Use 100.64.0.0/10 for Private Network IP Space

they seemed to choose to use 100.64.0.0/10 as their private network space, rather than 10.0.0.0/8 (or a subspace from it).

What's the purpose? I don't see any obvious benefit, but I may miss some key points there. Can someone give some thoughts on this?

The slide is very clear on why they are using this space. They are following the current best practice for performing CGN (carrier grade NAT or carrier grade network address translation) as defined by RFC 6598. The slide also notes this.

Why this address space and not another RFC 1918 space? Because this is the shared address space the IANA has reserved as a range expressly to be used for CGN. It is the one they should be using for CGN.

Let me turn your question on its head. Given an address space specifically dedicated to CGN and defined as a best current practice, if you are using CGN, why would you use anything besides 100.64.0.0/10, such as RFC 1918 space?

This is the relevant section from RFC 6598 that provides the need for this address space for providers rather than just using RFC 1918 space:

   A Service Provider can number the interfaces in question from
   [RFC1918] space if at least one of the following conditions is true:

   o  The Service Provider knows that the CPE/NAT works correctly when
      the same [RFC1918] address block is used on both its inside and
      outside interfaces.

   o  The Service Provider knows that the [RFC1918] address block that
      it uses to number interfaces between the CGN and CPE is not used
      on the subscriber side of the CPE.

   Unless at least one of the conditions above is true, the Service
   Provider cannot safely use [RFC1918] address space and must resort to
   Shared Address Space.  This is typically the case in an unmanaged
   service, where subscribers provide their own CPE and number their own
   internal network.

However once this shared space has been assigned for the purpose and this became a best practice, there is no reason that anyone performing CGN should not use this space for its intended purpose.

Best Answer

Related Solutions

NAT vs ALG vs Firewall – Key Differences Explained

Netflix CIDR Blocks – Why Use 100.64.0.0/10 for Private Network IP Space

Related Topic