I have been giving consideration to the assignment of a huge number of IPv4 addresses (about 1 in every 25 that exist) to a small company in the next town over, Plantation FL.

The US Government has made it a priority to transition to IPv6. There was movement towards a sale of DoD addresses in the budget process last year (Section 1088). The addresses are perishable, with the DoD’s transition actually hastening the larger IPv6 transition that will make these older addresses worthless, while on the other hand, they could be worth $6.8 billion as they sit today.

And where do they sit today, exactly, and why?

They were historically unrouted, they didn’t appear on the public internet, and it was supposed they were being used within the secrecy of the US Department of Defense.

And that absence from the routing table, as years turned into decades, led to the further supposition that they never would appear.

And here is where it gets interesting. That belief that DoD addresses would be forever private led to the use of “squat space”, or the use of DoD addresses internally on network, which were translated into public addresses through a version of Carrier Grade Network Address Translation (NAT). I for one remember finding the IPv4 address on my ancient Sprint cell phone, only to be surprised that when I looked it up in ARIN’s Whois, it belonged to the DoD! Of course Sprint was keeping these DoD address private, used only internally, so what’s the problem?

Well two problems come to mind. First, since the DoD addresses never appeared on the Internet, no public server was ever hosted on these addresses.  But what if an address like appeared on the public internet, and it was a DNS server?   And what if your cell phone was using a 22.X address? Your phone would be unable to reach that public DNS server because it considers the 22 block to be local, and would not exit the gateway.

But having seen NATs at multiple levels through the  years, I can tell you they leak. Packets meant to exist only on the local side of the NAT router do egress the WAN side. In fact, even though rare, maybe 1% of packets or less, enough such traffic hits your ISP or their upstream ISP that they have effected filters. And what will those filters drop? Internal NAT packets of course. But how? They block the routing of RFC1918 space, and sometimes even squat space.

So now that 22 block, dark for decades, is suddenly broadcasting itself on the public internet.  Packets that leak out of NAT’ed squat space will have a valid destination, and will arrive in Plantation. And packets directed towards 22 block addresses may or may not be filtered by intermediate ISPs who may or may not have decided squat space should be filtered.

So you want to sell the 22 block! You are guaranteeing lots in spurious inbound traffic leaking from NATs worldwide to any buyer, and at the same time potentially making their new addresses unusable due to an unknown number of hard-coded filters on millions, or thousands of routers around the world.  You won’t get top dollar for that.

What to do, what to do?

I know!  Advertise them en-masse, cover that with a plausible story about using them as an enlarged Network Telescope, and allow time for things to be fixed. For squat space to change over to RFC1918 where practical, for filters to be detected and removed. For the blocks to become sellable.  This will be a multi-year project.