77 points
16 days ago 35 comments reply
16 days ago 0 comments reply

Cloudflare has even seen ERSPAN traffic coming in on due to documentation listing that IP as a default: https://www.youtube.com/watch?v=vR4GbRMAWj8

TL;DW: if you need to use example IPs in your documentation, use the ones listed in RFC3849 and RFC5737!

16 days ago 3 comments reply


16 days ago 2 comments reply

Which partially explains how they managed to have a 10 Mbit port at an internet exchange. Although that seems weird even for 2010? I assume this would be a 100 Mbps or Gbit port artificially throttled to 10 Mbps?

That said, 50 Mbps of traffic sounds like a non-issue for someone like Cloudflare, so I'm not surprised they took the prefix.

Edit: A post by Cloudflare (linked in another subthread here) mentioned 10 Gbps of traffic at the time Cloudflare started using it. Which, as it would be spread over multiple locations, is probably a relatively minor annoyance.

16 days ago 1 comments reply

It seems like it's MB to Mb, but still it feels like a small number even in 2010 standards

16 days ago 0 comments reply

Has to be a virtual network right? The throttle was for safety not cheapness.

16 days ago 11 comments reply

How was this eventually solved? Since this article was published, Cloudflare took ownership of

16 days ago 1 comments reply

Cloudflare is helping to research issues with this space, which is part of why they got the allocation.


16 days ago 0 comments reply

TL;DR: 10 Gbps of bad traffic at the time they took it over, but the main issue seems to have been that many networks were unable to reach the IP due to misconfigured equipment on the route.

16 days ago 0 comments reply

If the misdirected traffic was 50 Mbps, I would expect Cloudflare to be able to simply ignore it. (Edit: it was 10 Gbps in 2018 when Cloudflare took over, which I expect to be an annoyance but not a problem if spread over multiple internet exchanges).

16 days ago 4 comments reply

They didn't "take ownership" the range is vested with APNIC labs (check the whois record) they route it with permission and share data.

16 days ago 3 comments reply

Given the number of people now relying on Clouflare to "get Internet" (ie using as recursive name server), I can't imagine APNIC deciding to stop Clouflare using this range.

It seems "too late" to revert this decision. Otherwise people will experience "Internet stopped working", blaming their ISP.

APNIC may decide to keep a working DNS server on, but ethically, routing traffic to someone else than Cloudflare is not great.

16 days ago 0 comments reply

If just temporary assigned to Cloudflare, APNIC shouldn't care if it sees a better use for the range. Supporting unintended uses only encourages various types of abuse. And changing DNS settings is easy enough.

That said, if a lot of people rely on as DNS, it's worth considering whether reassignment qualifies as 'better' use of this resource. Not to mention the hassle caused by making changes to popular [anything].

16 days ago 0 comments reply

Fixed IP addresses change and are deprecated all the time. It's of zero concern to APNIC that customers of Cloudflare or various ISPs can no longer access the internet because they relied on a temporary IP assignment, after the service was gracefully terminated and deprecated, with ample lead time.

That being said, the use by Cloudflare is an excellent way to reclaim this part of the IP space, I don't see why they would terminate this collaboration.

15 days ago 0 comments reply

Maybe Cloudflare can return some other ranges for exchange? It would be a good deal.

16 days ago 2 comments reply

There are still people who can't reach

16 days ago 1 comments reply

Oh no! People from the future are using IPv6-only stack!

Jokes aside, where and why does this happen? Is it a genuine issue for some operators to route it?

16 days ago 0 comments reply

I have seen some CPEs that are configured to use as part of some internal static route.

16 days ago 2 comments reply

Insert joke about they needed Cloudflare to thwart that DDOS attack.

15 days ago 1 comments reply

"Hey Cloudflare, why did you develop all this anti-DDOS software?"

Cloudflare: distant stare with vietnam flashbacks

15 days ago 0 comments reply

> vietnam

Only recently, in 2008, 1/8 was moved from "the IANA reserved" to the "IANA unallocated" pool of addresses. In January 2010 it was finally allocated to APNIC in order to be distributed to Local Internet Registries in the

Asia-Pacific region.


15 days ago 3 comments reply

How do creators/maintainers of these non-renewable resources such as IPv4 addresses, computer ports, wireless spectrum, etc. keep making the same mistake of allocating such a high percentage of the space to specific players, leaving the scraps for the most numerous users? Is it just greed, or not good forward thinking?

We engineers have accepted the available private address space <https://en.wikipedia.org/wiki/Private_network

but just think about how intuitive it is to an outsider? We make millions of people memorize 192.168.X.X to setup their home routers instead of the common sense letting the millions use the 1/8 privately? Just my opinion, but perhaps holding us back from IPv6 deployment is UI people don't see how an ordinary user would be able to remember a full "fd00::" address for day-to-day home networking or typing into their iPhone.

I don't have as much knowledge in computer ports background story, but last I checked <https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbe...

it's full of defunct, barely-used single players hogging up the coveted lower numbers, again leaving the millions to deal with possibly stepping on others' toes by using them "unofficially" and causing "pollution".

Last example is thinking about how many billions of wifi and cellular devices are forced into the tiniest slivers of the spectrum <https://upload.wikimedia.org/wikipedia/commons/c/c7/United_S...

. The engineers working so hard to cram even more signals into the 2.4GHz and 5GHz slivers need someone who is going to look up and realize it's time to expand the walls of the box they are trapped in. The only firm allocations should be for physics constraints, such as weather radar, but also means Wifi 6 should be a non-start due to not penetrating concrete, one of the most common materials of home construction.

Given these examples, the argument I'm trying to make is I find it insulting to consider the fact that people used the 1/8 block "pollution". It's the natural human guess at usable example numbers and the like, and much in the same way that repeated "human-error" in accidents is being re-argued as "engineering-error", I find the misallocation of the 1/8 block to be directly the fault of the RFC creators for not giving it to the people.

15 days ago 1 comments reply

Long term, IPv4 allocation won't matter and it's too late to fix that problem

Port numbers are kinda obsolete on the internet since everyone uses port 443 to bypass middleboxes that block all the other ports in the name of "security". Hardcoding a number for each protocol instead of including IP+port in DNS responses was a stupid mistake

All consumer devices being forced to share ISM bands is BS, but let's be real even if more spectrum was opened up back in the 2000s, a lot of devices would still use the same range of frequencies because they wanna use the same cheap ICs and antennas

Good wifi performance requires an AP in every room. The lack of 6ghz penetration is great for high-end setups because it eliminates the hidden node problem

15 days ago 0 comments reply

"SRV" records include the port in DNS responses. They've been available for almost 30 years. Unfortunately, outside of a few protocols (SIP, XMPP, etc.) they never caught on.

15 days ago 0 comments reply

Your argument is that someone should have tried to predict what random numbers people who didn’t read the spec would choose, and reserve those? That seems…quixotic. Would you reserve other numbers in this scheme, like all possible birthdays, just in case?

I would argue that if anyone had considered the possibility of people randomly choosing 1/8 addresses, the error was in reserving 1/8 in the first place. This only happened because there were no consequences to making up addresses.

BTW, 10/8 is private, and pretty easy to type.

15 days ago 9 comments reply

Can we FINALLY somehow make IPv6 real? Like, don't license the "Internet" providers that don't provide it?

15 days ago 8 comments reply

There is no licensing for internet providers and that's a good thing. Most ISPs in the US already provide IPv6. 45% of users access Google over IPv6 and this has been increasing linearly for the last decade: https://www.google.com/intl/en/ipv6/statistics.html

The final barrier is crappy consumer routers with terrible default settings. Not much we can do but wait for these devices to die because the average user won't buy a new one until that happens

15 days ago 4 comments reply

Most ISPs in the US already provide IPv6. 45% of users...

Is that distorted by cellular providers?

I know my wired ISP does not provide IPv6, even when I explicitly asked for it. They do CGNAT for most customers and assign a static IPv4 to anyone who complains (and then try to start charging for it a year later).

The ISP at my previous home was also IPv4 only (although, thankfully, no CGNAT).

15 days ago 2 comments reply

Probably a bit, though I have noticed an upward trend in v6 support with ISPs.

When I was using Spectrum, was pleased to find they had (barely-passable) support, SLAAC wasn't a thing IIRC. Google Fiber has done well and so did AT&T's offering

15 days ago 0 comments reply

Ok, fair enough. If Spectrum and AT&T both support v6 now (edit: Comcast/Xfinity too!), then that probably does cover a good portion of the wired ISP market.

15 days ago 0 comments reply

SLAAC doesn't delegate address space. That's why ISPs use DHCPv6. You can get a /60 from Comcast and a /48 from many other ISPs.

15 days ago 0 comments reply

Comcast / Xfinity has had IPv6 for years (probably 5-10).

15 days ago 0 comments reply

Last I checked, most of that IPv6 traffic was mobile, and most residential ISPs don't offer IPv6, or if they do in areas, they don't always provide IPv6-ready equipment. We're in a similar situation up here in Canada - adoption is slowly trickling in through mobile networks, but many large ISPs still aren't offering it.

15 days ago 1 comments reply

Thank you for this.

There is a very strong pattern of variability[1] associated with day-of-week. Namely, there is a 5.1% increase of IPv6 traffic on weekends.

This pattern isn't reflected in Cloudflare's version of this chart[2]. Naturally, a curious mind asks, "Why would this be so?"

1. Seasonality - https://en.wikipedia.org/wiki/Seasonality

2. https://radar.cloudflare.com/reports/ipv6

15 days ago 0 comments reply

Probably because ancient corporate networks are more likely to lack IPv6 and people are spending more time on mobile data on weekends

Your own API keys

While we work on scaling free distillation to more content and while we are figuring out payment options, you can use your own API keys.

Your API keys are stored in your browser, and never on our servers.

Join the waitlist

We will let you know when this and other new features are generally available.

Unknown error occured.