idnits 2.17.1 draft-chen-ati-adaptive-ipv4-address-space-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document is more than 15 pages and seems to lack a Table of Contents. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. (A line matching the expected section header was found, but with an unexpected indentation: ' 6. Security Considerations' ) ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) (A line matching the expected section header was found, but with an unexpected indentation: ' 7. IANA Considerations' ) ** There are 9 instances of too long lines in the document, the longest one being 18 characters in excess of 72. ** The abstract seems to contain references ([15], [2], [16], [RFC791], [3], [17], [RFC862], [RFC2123], [4], [18], [RFC793], [5], [19], [6], [RFC6598], [RFC2928], [7], [8], [9], [RFC1918], [10], [11], [12], [RFC1385], [13], [14], [1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 16 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 1 instance of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 4, 2020) is 1239 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: 'RFC6598' on line 1183 -- Looks like a reference, but probably isn't: 'RFC791' on line 968 -- Looks like a reference, but probably isn't: 'RFC1918' on line 403 -- Looks like a reference, but probably isn't: 'RFC793' on line 439 -- Looks like a reference, but probably isn't: 'RFC2123' on line 442 -- Looks like a reference, but probably isn't: 'RFC1385' on line 522 -- Looks like a reference, but probably isn't: 'RFC862' on line 760 -- Looks like a reference, but probably isn't: 'RFC2928' on line 767 -- Obsolete informational reference (is this intentional?): RFC 793 (ref. '9') (Obsoleted by RFC 9293) -- Obsolete informational reference (is this intentional?): RFC 1385 (ref. '12') (Obsoleted by RFC 6814) Summary: 5 errors (**), 0 flaws (~~), 3 warnings (==), 11 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 A. Y. Chen 2 Internet Draft R. R. Ati 3 Intended status: Experimental Avinta Communications, Inc. 4 Expires: June 2021 A. Karandikar 5 India Institute of Technology 6 D. R. Crowe 7 Wireless Telcom Consultant 8 December 4, 2020 10 Adaptive IPv4 Address Space 11 draft-chen-ati-adaptive-ipv4-address-space-08.txt 13 Status of this Memo 15 This Internet-Draft is submitted in full conformance with the 16 provisions of BCP 78 and BCP 79. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as Internet- 21 Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference 26 material or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html 34 This Internet-Draft will expire on June 4, 2019. 36 Copyright Notice 38 Copyright (c) 2020 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Abstract 53 This document describes a solution to the Internet address depletion 54 issue through the use of an existing Option mechanism that is part of 55 the original IPv4 protocol. This proposal, named EzIP (phonetic for 56 Easy IPv4), outlines the IPv4 public address pool expansion and the 57 Internet system architecture enhancement considerations. EzIP may 58 expand an IPv4 address by a factor of 256M without affecting the 59 existing IPv4 based Internet, or the current private networks. It is 60 in full conformance with the IPv4 protocol, and supports not only 61 both direct and private network connectivity, but also their 62 interoperability. EzIP deployments may coexist with existing Internet 63 traffic and IoTs (Internet of Things) operations without perturbing 64 their setups, while offering end-users the freedom to indepdently 65 choose which service. EzIP may be implemented as a software or 66 firmware enhancement to Internet edge routers or private network 67 routing gateways, wherever needed, or simply installed as an inline 68 adjunct hardware module between the two, enabling a seamless 69 introduction. The 256M case detailed here establishes a complete 70 spherical layer of routers for interfacing between the Internet fabic 71 (core plus edge routers) and the end user premises. Incorporating 72 caching proxy technology in the gateway, a fairly large geographical 73 region may enjoy address expansion based on as little as one ordinary 74 IPv4 public address utilizing IP packets with degenerated EzIP 75 header. If IPv4 public pool allocations were reorganized, the 76 assignable pool could be multiplied 512M fold or even more. Enabling 77 hierarchical address architecture which facilitates both hierarchical 78 and mesh routing, EzIP can provide nearly the same order of magnitude 79 of address pool resources as IPv6 while streamlining the 80 administrative aspects of it. The basic EzIP will immediately resolve 81 local IPv4 address shortage, while being transparent to the rest of 82 the Internet. Under the Dual-Stack environment, these proposed 83 interim facilities will relieve the IPv4 address shortage issue, 84 while affording IPv6 more time to reach maturity for providing the 85 availability levels required for delivering a long-term general 86 service. 88 Table of Contents 90 1. Introduction...................................................4 91 1.1. Contents of this Draft....................................6 93 2. EzIP Overview..................................................6 94 2.1. EzIP Numbering Plan.......................................6 95 2.2. Analogy with NAT..........................................8 96 2.3. EzIP System Architecture..................................9 97 2.4. IP Header with Option Word...............................11 98 2.5. Examples of Option Mechanism.............................12 99 2.6. EzIP Header..............................................13 100 2.7. EzIP Operation...........................................14 101 3. EzIP Deployment Strategy......................................14 102 4. Updating Servers to Support EzIP..............................17 103 5. EzIP Enhancement and Application..............................18 104 6. Security Considerations.......................................22 105 7. IANA Considerations...........................................22 106 8. Conclusions...................................................22 107 9. References....................................................23 108 9.1. Normative References.....................................23 109 9.2. Informative References...................................23 110 10. Acknowledgments..............................................24 111 Appendix A EzIP Operation.......................................25 112 A.1. Connection between EzIP-unaware IoTs.....................25 113 A.1.1. T1a Initiates a Session Request towards T4a.........25 114 A.1.2. RG1 Forwards the Packet to SPR1.....................26 115 A.1.3. SPR1 Sends the Packet to SPR4 through the Internet..27 116 A.1.4. SPR4 Sends the Packet to T4a........................28 117 A.1.5. T4a Replies to SPR4.................................29 118 A.1.6. SPR4 Sends the Packet to SPR1 through the Internet..30 119 A.1.7. SPR1 Sends the Packet to RG1........................31 120 A.1.8. RG1 Forwards the Packet to T1a......................32 121 A.1.9. T1a Sends a Follow-up Packet to RG1.................32 122 A.2. Connection Between EzIP-capable IoTs.....................33 123 A.2.1. T1z Initiates a Session Request towards T4z.........33 124 A.2.2. RG1 Forwards the Packet to SPR1.....................34 125 A.2.3. SPR1 Sends the Packet to SPR4 through the Internet..35 126 A.2.4. SPR4 Sends the Packet to T4z........................36 127 A.2.5. T4z Replies to SPR4.................................37 128 A.2.6. SPR4 Sends the Packet to SPR1 through the Internet..38 129 A.2.7. SPR1 Sends the Packet to RG1........................39 130 A.2.8. RG1 Forwards the Packet to T1z......................40 131 A.2.9. T1z Sends a Follow-up Packet to RG1.................41 132 A.3. Connection Between EzIP-unaware and EzIP-capable IoTs....42 133 A.3.1. T1a Initiates a Request to T4z......................42 134 A.3.2. T1z Initiates a Request to T4a......................42 135 Appendix B Internet Transition Considerations...................43 136 B.1. EzIP Implementation......................................43 137 B.2. SPR Operation Logic......................................44 138 B.3. RG Enhancement...........................................45 139 Appendix C EzIP Realizability...................................47 140 C.1. 240/4 Netblock Capable IoTs..............................47 141 C.2. 240/4 Netblock Capable Routers...........................47 142 C.3. Enhancing an RG..........................................48 143 C.4. SPR Reference Design.....................................49 144 C.5. RAN Deployment Model.....................................49 145 Appendix D Enhancement of a Commercial RG.......................51 146 D.1. Candidate Code for Modification..........................51 147 D.2. Proposed Modification....................................51 148 D.3. Performance Verification.................................52 149 Appendix E Utilizing Open Source Router Code....................53 150 E.1. EzIP Realizability Test Bed..............................53 151 E.2. RAN Architecture Demonstration...........................53 152 E.3. EzIP Compatible Routers..................................54 153 E.4. Sub-Internet Operation...................................54 155 1. Introduction 157 For various reasons, there is a large demand for IP addresses. It 158 would be useful to have a unique address for each Internet device, 159 such that, if desired, any device may call upon any other directly. 160 IP addresses are needed while client devices, such as mobile phones, 161 are attached to the internet, which is a rapidly increasing demand. 162 The Internet of Things (IoT) would also be able to make use of more 163 routable addresses if they were available. Currently, these are not 164 possible with the existing IPv4 configuration. 166 By Year 2020, the world population and number of IoTs are expected to 167 reach 7.6B (Billion) and 50B respectively, according to a 2011 Cisco 168 online white paper [3]. 170 The IPv4 dot-decimal address format, consisting of four octets each 171 made of 8 binary bits, provides just over 4 billion unique addresses 172 (256 x 256 x 256 x 256 equals 4,294,967,296 - decimal exact). Using 173 the binary / shorthand notation of 64K representing 256 x 256 174 (decimal 65,536), the full IPv4 address pool of 64K x 64K may be 175 expressed as 4,096M (Million), or 4.096B (or, further rounded down to 176 4B for quick estimate calculations). Clearly, the predicted demand is 177 more than 12 times over the inherent capacity available from the 178 supply. 180 IPv6, with its 128-bit hexadecimal address format, is four times as 181 long as the IPv4, has 256BBBB (4B x 4B x 4B x 4B) unique addresses. 182 It offers a promising solution to the address shortage. However, its 183 global adoption appears to be facing significant challenges [4], [5]. 185 Interim relief to the IPv4 address shortage has been provided by 186 Network Address and Port Translation (NAPT - commonly known simply as 187 NAT) on private networks together with Carrier Grade NAT (CG-NAT or 188 abbreviated further to CGN) [RFC6598] [6] over the public Internet. 189 However, NAT modules slow down routers due to the state-table look-up 190 process. As well, they only allow an Internet session be initiated by 191 their own clients, impeding the end-to-end setup requests initiated 192 from remote devices that a fully functional communication system 193 should be capable of. Since port numbers are used to effectively 194 increase the size of the address pool, they introduce complex and 195 suboptimal port management requirements. For example, being dynamic, 196 the state-table used by CG-NAT increases CyberSecurity vulnerability 197 by imposing extra efforts to forensic tracing of perpetrators. On the 198 other hand, private network NAT as part of a Routing / Residential 199 Gateway (RG) does provide a rudimentary defense against intrusion. To 200 minimize the confusion, we will explicitly label this latter 201 (although implemented first) NAT as RG-NAT in this document to 202 distinguish from the CG-NAT. 204 If IPv4 capacity could be expanded without the size and efficiency 205 limitations of CG-NAT, the urgency due to address shortage will be 206 relaxed long enough for the IPv6 to mature on its own pace. 208 There have been several proposals to increase the effective Internet 209 public address pool in the past. They all introduced new techniques 210 or protocols that ran into certain handicaps or compatibility issues, 211 preventing a smooth transition. 213 EzIP utilizes a long-reserved network address block (netblock) 240/4 214 [7] that all of the existing Internet Core (/ backbone) Router (CR), 215 Edge Router (ER) and private network Routing (/ Residential) Gateway 216 (RG) as well as terminal hosts such as IoTs are not allowed to 217 utilize. The Option mechanism defined in [RFC791] [1] is used for 218 transporting such information as the IP header payload so that an IP 219 packet is transparent to all of these routers, except a newly defined 220 category named Semi-Public Router (SPR). By inserting an SPR between 221 an ER and a private premises that it serves, each publicly assignable 222 address can be expanded 256M fold. 224 EzIP introduces minimal perturbation by being compatible to the 225 current Internet system architecture. Its deployment will start with 226 an SPR providing public CG-NAT functions to unload the burden from 227 the current CG-NAT. With basic routing as an integral part of the 228 SPR, directly connected individual IoTs and private networks will be 229 encouraged to migrate toward the full EzIP service which provides 230 end-to-end connectivity between and among them. 232 1.1. Contents of this Draft 234 This draft outlines the EzIP numbering plan. An enhanced IP header, 235 called EzIP header, is introduced to carry the EzIP address as 236 payload using the Option word. How the Internet architecture will 237 change as the result of being extended by the EzIP scheme is 238 explained. How the EzIP header flows through various routers, and 239 Internet update considerations are described, with details presented 240 in Appendices A and B, respectively. Utilizing the EzIP approach, 241 several ways to expand the publicly assignable IPv4 address pool, as 242 well as enhance Internet operations are then discussed. Appendix C 243 outlines the experimental effort to demonstrate the feasibility of 244 EzIP by configuring a regional area network model based on current 245 networking equipment upon finite enhancements. Appendix D is a Work- 246 In-Progress report about the enhancement of a specific commercial RG. 247 Appendix E is an EzIP scheme feasibility demonstration by utilizing 248 publicly available hardware and software. 250 2. EzIP Overview 252 2.1. EzIP Numbering Plan 254 EzIP uses the reserved private network address pools in very much the 255 same way that Private Automatic Branch eXchange (PABX) switching 256 machines utilize locally assigned "extension numbers" to expand the 257 Public Switched Telephone Network (PSTN) capacity, by replicating a 258 public telephone line to multitudes of reusable private telephone 259 numbers, each to identify a local instrument. 261 At the first sight, this correlation may seem odd, because the PABX 262 extension numbers belong to a reusable private set separate from that 263 of the public telephone numbers and both are independently 264 expandable, while private network IP address is a specific subset 265 reserved from the overall IPv4 pool that is otherwise all public and 266 finite. However, the fact that neither of the latter two is allowed 267 to operate in the other's domain, the same as in the telephony 268 practice, suggests that the proposed EzIP numbering plan indeed may 269 mirror the PABX. For example, extension 123 or 1234 may exist in 270 thousands of different PABX switches without ambiguity. Similarly, 271 the IPv4 private network address blocks (10/8, 172.16/12 and 272 192.168/16) may also be re-used in many networks without ambiguity. 274 The key EzIP concept is the partitioning of a finite public address 275 pool to put aside a block of special (called "Semi-Public" in the 276 presentation below) addresses that extends each remaining public 277 address to multitudes of sub-addresses, resulting in an effectively 278 much larger assignable public address resource. 280 In fact, the initial EzIP analysis identified the untold two-stage 281 subnetting process of 192.168/16 that has been practiced routinely 282 for a long time. End-users are commonly accustomed to an RG choosing 283 one out of 256 values from the fourth octet of the 192.168.K/24 284 address block for identifying an IoT on a private premises. They 285 mostly are, however, unaware of the preceeding stage of selecting the 286 value "K" from the third octet of the 192.168/16 block, as the 287 factory default RG identification assigned by a manufacturer, is 288 implicitly capable of expanding it by 256 fold for supporting a 289 corresponding number of private premises. A key EzIP concept is to 290 use the elusive IPv4 240/4 netblock (240/8 - 255/8), that has been 291 "RESERVED" for "Future use" since 1981-09, as the result of the 292 historical address assignment evolution. It was proposed to be 293 redesignated to "Private Use" over a decade ago [2]. However, as 294 pointed out by its own authors in Section 2, Caveats of Use, "Many 295 implementations of the TCP/IP protocol stack have the 240.0.0.0/4 296 address block marked as experimental, and prevent the host from 297 forwarding IP packets with addresses drawn from this address block." 298 That proposal did not get advanced. Consequently, to this date, the 299 240/4 netblock remains practically unused. 301 Substituting the function of the third octet of 192.168.K/24 with 302 addresses from the 240/4 netblock in the first stage RG and 303 redefining it as a new category of router, called SPR, the EzIP 304 scheme circumvents the earlier hurdles to achieve the address 305 multiplication factor of 256M without involving any existing router. 306 This is because the 240/4 addresses are only used by the SPR and 307 within the Option word header extension. They are not recognized as 308 IPv4 addresses anywhere within the current Internet, while the Option 309 word mechanism can carry them through the network as oart of the IP 310 header payload. 312 Since the 240/4 netblock cannot be used by existing routers, the size 313 of the maximum assignable IPv4 pool has actually been only 3.84B 314 (4.096B - 256M). So, the overall assignable pool resulted from the 315 EzIP approach is about 983MB (3.84B x 256M), which is over 19M times 316 of the expected Year 2020 IoTs. This size certainly has the potential 317 to support the short- to mid-term public IP address needs. 319 2.2. Analogy with NAT 321 NAT generally works by temporarily assigning a port number to 322 outgoing communications originated from a local / private address, by 323 converting it into a public IPv4 address shared with other local IoTs 324 for external transmission. When responses are received, the port 325 number is converted back into the local / private IPv4 address. 327 EzIP possesses similarities to CG-NAT, but also has some important 328 differences. 330 There are a number of limitations of NAT that are not present with 331 EzIP. (1) There are only 65,536 port numbers but 256M 240/4 EzIP 332 addresses; (2) Due to the limited number of ports, assignments are 333 only temporary and will be reclaimed after a period of inactivity, 334 but there are so many EzIP addresses that assignments will be made 335 permanent; (3) Port numbers are used for other purposes than NAT, 336 further reducing the pool, but EzIP uses 240/4 addresses solely for 337 one purpose; (4) Due to the limited time during which a port number 338 is assigned, the NAT port numbers cannot be used for incoming 339 communications, but the EzIP address assignments will be long term 340 and can be used for direct communications between EzIP-aware devices. 341 (5) Intriguingly, while RG-NAT provides rudimental defense agaist 342 intrusion, the dynamic nature of CG-NAT opens up the Internet 343 vulnerability to cyber attacks, due to its inherent lack of forensic 344 traceability. SPR will eventually replace CG-NAT for a more efficient 345 and robust path. 347 2.3. EzIP System Architecture 349 +------+ 350 Web Server | WS0z | 351 +--+---+ 352 |69.41.190.145 353 | 354 | +-----+ 355 +--+ ER0 | 356 +--+--+ 357 | 358 +------+-------+ 359 +-------+ Core Routers +--------+ 360 | | (CR/Internet)| | 361 +--+--+ +--------------+ +--+--+ 362 +-----+ ER1 | +-----+ ER4 | 363 | +-----+ | +-----+ 364 | | 365 |69.41.190.110 |69.41.190.148 366 240.0.0.0 +--+--+ +--+--+ 367 +-----------+ +-------+ +---------+ +------+ 368 | +-----+ SPR1| | | +-----+ SPR4+--+ | 369 | | +-----+ | |...| +-----+ |...| 370 | 240.0.0.1 ... 255.255.255.255 | | +---------+ | 371 +-----+ | | | | 372 Public | 240.0.0.0 | | 255.255.255.255 373 Demarc. ----+-------------------------------+----+------------------- 374 Private |Premises 1 +----------+ | 375 +--+--+ | Premises 4 | 376 +---+ RG1 +--+ | | 377 | +-----+ | | | 378 | | | | 379 |192.168.1.3 |192.168.1.9 |240.0.0.10 |246.1.6.40 380 +--+--+ +--+--+ +--+--+ +--+--+ 381 | T1a | .... | T1z | | T4a | ....... | T4z | 382 +-----+ +-----+ +-----+ +-----+ 384 Figure 1 EzIP System Architecture 386 The new category of router, SPR is to be positoned inline between an 387 ER and the customer premises that it serves. After the original path 388 is re-established, the remaining addresses in the 240/4 netblock will 389 be used by the SPR to serve additional premises. Figure 1 shows a 390 general view of the enhanced Internet system architecture with two 391 SPRs, SPR1 and SPR4, deployed. Note that the "69.41.190.x" are static 392 addresses. In particular, the "69.41.190.145" is the permanent public 393 Internet address assigned to Avinta.com. 395 2.3.1. Referring to the lefthand portion labeled "Premises 1" of 396 Figure 1, instead of assigning each premises a public IPv4 address as 397 in the current practice, an SPR like SPR1, is inserted between an ER 398 (ER1) and its connections to private network Routing Gateways like 399 RG1, for utilizing 240.0.0.0 through 255.255.255.255 of the 240/4 400 netblock to identify respective premises. The RG1, serving either a 401 business LAN (Local Area Network) or a residential HAN (Home Area 402 Network), uses addresses from one of the three private network 403 [RFC1918] [8] blocks, 10/8, 172.16/12 and 192.168/16, such as 404 192.168.1.3 and 192.168.1.9 to identify the IoTs, T1a and T1z, 405 respectively. 407 2.3.2. Part of the righthand portion of Figure 1 is labeled 408 "Premises 4". Here SPR4 directly assigns addresses 240.0.0.10 and 409 246.1.6.40 from the 240/4 netblock to T4a and T4z, respectively. 410 Consequently, these IoTs are accessible through SPR4 from any other 411 IoT in the Internet. 413 2.3.3. Since the existing physical connections to subscriber's 414 premises terminate at the ER, it would be natural to have SPRs 415 collocated with their ER for streamlining the interconnections. It 416 follows that the simple routing function provided by the new SPR 417 modules may be absorbed into the ER through a straightforward 418 operational firmware enhancement. Consequently, the public / private 419 demarcation (Demarc.) line will remain at the RG where currently all 420 utility services enter a subscriber's premises. 422 2.3.4. To fully tag each of these devices, we may use a 423 concatenated three-part address notation: "Public - Semi-Public: TCP 424 Port". The following is how each of the IoTs in Figure 1 may be 425 uniquely identified in the Internet. 427 RG1: 69.41.190.110-240.0.0.0 429 T1a: 69.41.190.110-240.0.0.0:3 431 T1z: 69.41.190.110-240.0.0.0:9 433 T4a: 69.41.190.148-240.0.0.10 435 T4z: 69.41.190.148-246.1.6.40 437 Note that to simplify the presentation, it is assumed at this 438 juncture that the conventional TCP (Transmission Control Protocol) 439 [RFC793] [9] Port Number, normally assigned to T1a and T1z by RG1's 440 RG-NAT module upon initiating a session, equals to the fourth octet 441 of that IoT's private IP address that is assigned by the RG1's DHCP 442 (Dynamic Host Configuration Protocol) [RFC2123] [10] subsystem as 443 ":3" and ":9", respectively. Such numbers are unique within each 444 respective /24 private network such as the 192.168.1/24 here. They 445 are adequate for the discussion purpose in this document. However, 446 considering security, as well as allowing each IoT to have multiple 447 simultaneous sessions, etc., this direct and singular correlation 448 shall be avoided in actual practice by following the RG-NAT operation 449 conventions as depicted by the examples in Appendix A. 451 Figure 2 groups IoTs, routers and servers into two separate columns, 452 EzIP-unaware or EzIP-capable, to facilitate discussions that are to 453 follow. 455 +--------------------------+-----------------+----------------+ 456 | | EzIP-unaware | EzIP-capable | 457 +--------------------------+-----------------+----------------+ 458 | Internet Core Router (CR)| CR | ------------ | 459 +--------------------------+-----------------+----------------+ 460 | Internet Edge Router (ER)| ER0, ER1, ER4 | ------------ | 461 +--------------------------+-----------------+----------------+ 462 | Internet of Things (IoT) | T1a, T4a | T1z, T4z | 463 +--------------------------+-----------------+----------------+ 464 | Routing Gateway (RG) | RG1 | ------------ | 465 +--------------------------+-----------------+----------------+ 466 | Semi-Public Router (SPR) | ------------- | SPR1, SPR4 | 467 +--------------------------+-----------------+----------------+ 468 | Web Server (WS) | ------------- | WS0z | 469 +--------------------------+-----------------+----------------+ 471 Figure 2 EzIP System Components 473 2.4. IP Header with Option Word 475 To transport the EzIP Extension Addresses through existing devices 476 without being recognized as such and consequently acted upon, the IP 477 Header Option mechanism defined by Figure 9 in Appendix A of [RFC791] 478 is utilized to carry it as the payload. One specific aspect of its 479 format deserves some attention. The meanings of the leading eight 480 bits of each Option word, called "Opt. Code" or "Option-type octet", 481 are summarized on Page 15 of [RFC791]. They are somewhat confusing 482 because the multiple names used in the literature, and how the octet 483 is parsed into functional bit groups. For example, a two digit 484 hexadecimal number, "0x9A", is conventionaly written in the binary 485 bit string form as "1001 1010". As Opt. Code, however, the eight bits 486 here are parsed into three groups of 1, 2 and 5 bits as "1 00 11010" 487 with meanings described in Figure 3. 489 +--------------------------------------------------------------+ 490 | Meaning of EzIP ID = 0x9A (Example) | 491 +--------------+------------------+----------------------------+ 492 | Copy Bit | Class | Option Value / Number | 493 +--------------+------------------+----------------------------+ 494 | 1 (Set) | 00 (Control) | 11010 (26 - base 10) | 495 +--------------+------------------+----------------------------+ 497 Figure 3 Option Type Octet 499 A value of "1" for the first bit instructs all routers that this 500 Option word is to be copied upon packet fragmentation. This preserves 501 the Option word through such a process, if it is performed. 503 The value of "00" for the next two bits indicates that this Option 504 word is for "Control" purpose. 506 The decimal "Option Value" of the last five bits, equaling to "26" is 507 defined as the "Option Number" that is listed in the "Number" column 508 of the Internet Protocol Version 4 (IPv4) Parameters list [11]. As 509 can be seen there, "26" has not been assigned. Thus, it is 510 temporarily used in this document to facilitate the EzIP 511 presentation. The next unassigned Option Code, "0x9B" or Number "27" 512 will also be tentatively utilized in this document. 514 2.5. Examples of Option Mechanism 516 The Option mechanism has been used for various cases. Since they were 517 mostly for utility or experimental purposes, however, their formats 518 may be remote from the incident topic. There were two cases 519 specifically dealt with the address pool issues. They are referenced 520 here to assist the appreciation of the Option mechanism. 522 A. EIP (Extended Internet Protocol) - Figure 1 of [RFC1385] [12] 523 (Assigned but now deprecated Option Number = 17) by Z. Wang: This 524 approach proposed to add a new network layer on top of the existing 525 Internet for increasing the addressable space. Although equipment 526 near the end-user would stay unchanged, those among the CRs 527 apparently had to go through rather extensive upgrading procedures, 528 perhaps due to the flexible length of the extended address (could be 529 much longer than that of the IPv6). 531 B. EnIP (Enhanced IPv4) - Figure 1 of Internet Draft [13] 532 (temporarily utilizing Option Number = 26) by W. Chimiak: This work 533 made use of the three existing private network blocks to extend the 534 public pool by trading the private network operation for end-to-end 535 connectivity. The fully deployed EnIP will eliminate the current 536 private networks which may be against the intuitive preference of 537 end-users who have found the private network configuration quite 538 desirable. For example, the RG-NAT serves as a rudimentary deterrent 539 against intrusion. In addition, the coexistence of private RG-NAT and 540 public EnIP router functions in the same EnIP devices (N1 & N2), 541 could lead to certain logistic inconsistency concerns. 543 2.6. EzIP Header 545 0 1 2 3 546 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 547 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 548 1 |Version|IHL (8)|Type of Service| Total Length (32) | 549 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 550 2 | Identification |Flags| Fragment Offset | 551 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 552 3 | Time to Live | Protocol | Header Checksum | 553 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 554 4 | Source Host Number | 555 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 556 5 | Destination Host Number | 557 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 558 | EzIP ID | EzIP | Extended | Extended | 559 6 | (Source) | Option Length | Source | Source | 560 | (0X9A) | (6) | No.-1 | No.-2 | 561 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 562 | Extended | Extended | EzIP ID | EzIP | 563 7 | Source | Source | (Destination) | Option Length | 564 | No.-3 | No.-4 | (0X9B) | (6) | 565 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 566 | Extended | Extended | Extended | Extended | 567 8 | Destination | Destination | Destination | Destination | 568 | No.-1 | No.-2 | No.-3 | No.-4 | 569 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 571 Figure 4 Full EzIP Header 573 The proposed EzIP header format shown in Figure 4 can transport the 574 full 4 octet (32 bit) extension addresses of both ends of an Internet 575 link. The extension address in the 240/4 netblock utilized in the 576 EzIP scheme described herein has 28 significant bits. It is possible 577 for EzIP to use addresses having other lengths of significant bits 578 for different multiplication factors. To prepare for such variations, 579 two separate EzIP ID codes, "0x9A" and "0x9B" are proposed to 580 distinguish between Source and Destination Option words, 581 respectively, as basic examples. 583 2.7. EzIP Operation 585 To convey the general scheme, Appendix A presents examples of IP 586 header transitions through routers, between IoTs with or without EzIP 587 capability. 589 To introduce the EzIP approach into an environment where EzIP-unaware 590 IoTs like T1a and T4a will be numerous for a long time to come, an 591 SPR must be able to follow certain decision branches to determine how 592 to provide the appropriate routing service for a smooth transition to 593 the long term operation. Appendix B outlines such logic and related 594 considerations. 596 3. EzIP Deployment Strategy 598 Although the eventual goal of the SPR is to support both web server 599 access by IoTs from behind private networks and direct end-to-end 600 connectivity between IoTs, the former should be dealt with first to 601 immediately mitigate the address shortage induced daily issues. In 602 the process, the latter would be built up naturally. 604 A. Architecturally 606 Since the design philosophy of the SPR is an inline module between an 607 ER and the private premises (RG or directly connected IoTs) that it 608 serves, SPR introduction process can be flexible. 610 A.1. An SPR may be deployed as an inline module right after an ER 611 to begin providing the CG-NAT equivalent function. This could be done 612 immediately without affecting any of the existing Internet 613 components, CR, ER and RG. EzIP-capable IoTs will then take advantage 614 of the faster bi-directional routing service through the SPRs by 615 initiating communication sessions utilizing EzIP headers to contact 616 other EzIP-capable IoTs. 618 A.2. Alternatively, an SPR may be deployed as an adjunct module 619 just before an existing RG or a directly connected IoT to realize the 620 same EzIP functions on the private premises, even if the serving 621 Internet Access Provider (IAP) has not enhanced its ERs with the EzIP 622 capability. 624 This approach will empower individual communities to enjoy the new 625 EzIP capability on their own by upgrading all Internet subscribers 626 within a good sized region to have publicly accessible EzIP addresses 627 for intra-community peer-to-peer communication, starting from just 628 using one existing public IPv4 address to identify the entire region 629 through a gateway to the rest of the world. See sub-section C. below 630 for more specific considerations. 632 B. Functionally 634 B.1. First, an IAP should install SPRs in front of business web 635 servers so that new routing branches may be added to support the 636 additional web servers for expanding business activities. 637 Alternatively, this may be achieved if businesses on their own deploy 638 new web servers with the SPR capability built-in. 640 B.2. On the subscriber side, SPRs should be deployed to 641 disseminate static addresses to the public, and to facilitate the 642 access to new web servers. 644 C. Regional Area Network 646 C.1. Since the size of the 240/4 netblock is significant, a 647 region mentioned in sub-section A.2. above could actually be fairly 648 large. Based on the assumption that each person, on the average, may 649 have 6.6 IoTs by Year 2020 [3], a 240/4 netblock is capable of 650 serving nearly 39M (256M / 6.6) individual devices, even before using 651 any private network. This exceeds the population of the largest city 652 on earth (38M - Tokyo Metro.) and 75% of the countries around the 653 world (most of the 233 countries other than the top 35). Therefore, 654 any finite sized region can immediately begin to enjoy EzIP 655 addressing by deploying a Regional Area Network (RAN) utilizing SPRs 656 operating with one 240/4 netblock of addresses from one IPv4 public 657 address. With the gateway for a region configured in such a way that 658 the entire region appears to be one ordinary IPv4 IoT to the rest of 659 the Internet, a self-contained RAN may be deployed anywhere there is 660 the need or desire, with no perturbation to the current Internet 661 operations whatsoever. 663 C.2. This gateway may be constructed with a matured networking 664 technology called Caching Proxy [14], popularized by data-intensive 665 web services such as Google, Amazon, Yahoo, etc. Developed for 666 speeding up response to repetitive queries from a region on the same 667 topic, while consolidating Internet traffic for data exchanges with 668 the central data bank, caching proxies are placed at strategic 669 locations close to potential inquirers, essentially cloning the 670 central data bank into distributed copies (not necessarily a full 671 set, but containing all relevant subsets pertaining to the local 672 community). This architecture meshs with the EzIP-based RAN very 673 well, because the address translation between the IPv4 in the 674 Internet and the EzIP in the RAN can be accomplished transparently 675 through the two ports of a caching proxy (For such matter, even could 676 be between the IPv6 and the EzIP if desired!). Consequently, existing 677 Internet routers, such as CR and ER may not see any IP packet with 678 EzIP header at all, during the initial phase of the RAN deployment 679 which will primarily consist of basic intra-regional messaging and 680 web service access in a primarily local operation mode. 682 C.3. This configuration actually mimicks the PABX environment 683 almost exactly. Since the entire region is only accessible through 684 the gateway that performs the address translation, degenerated EzIP 685 header (conventional IP header with words 4 and 5 using 240/4 686 netblock addresses) will be suffice for the intra RAN traffic. This 687 mirrors the dialing procedure of using only extension numbers among 688 stations served by the same PABX, circumventing the unnecessary and 689 wasteful overhead of including the dialing of the common public 690 telephone number prefix whose only purpose is to identify the PABX to 691 the PSTN which is not involved in such intra-PABX communications. 693 C.4. The full EzIP header format will only be used when an EzIP- 694 capable IoT intends to directly interact with an EzIP-capable IoT in 695 another RAN. The last part is equivalent to the DID (Direct Inward 696 Dialing) conventions when a call is made through the PSTN to a 697 station in a remote PABX. 699 C.5. The RAN would streamline the CIR (Country-based Internet 700 Registry) model proposed by ITU-T [18] as well. Instead of allocating 701 a block of public IPv6 addresses to an ITU-T authorized entity 702 (essentially the sixth RIR - Regional Internet Registry) to 703 administrate on behalf of individual countries, the EzIP RAN 704 configuration enables each member state to start her own CIR with up 705 to 256M IoTs, based on just one of the IPv4 public address already 706 allocated to that country from the responsible RIR. Consequently, 707 each CIR is coordinated by its parent RIR, yet its operation can 708 conform to local preferences. This configuration will establish a 709 second Internet service parallel to the existing one for 710 demonstrating their respective merits independently, offering 711 subscribers true options to choose from. 713 D. Permanently 714 In the long run, it would be best if SPRs are integrated into their 715 host ER by upgrading the latter's firmware to minimize the hardware 716 and to streamline the equipment interconnections. 718 Appendix B details the considerations in implementing these outlines. 720 4. Updating Servers to Support EzIP 722 Although the IP header Option mechanism utilized by EzIP was defined 723 a long time ago as part of the original IPv4 protocol [RFC791] [1], 724 it has not been used much in daily traffic. Compatibility with 725 current Internet facilities and conventions may need be reviewed. 726 Since the EzIP data is transported as part of the IP header payload, 727 it is not expected to affect higher layer protocols. However, certain 728 facilities may have been optimized without considering the Option 729 mechanism. They need be adjusted to provide the same performance to 730 EzIP packets. There are also utility type of servers that need be 731 updated to support the longer EzIP address. For example; 733 A. Fast Path 735 Internet Core Routers (CRs) are currently optimized to only provide 736 the "fast-path" (through hardware line card) routing service to 737 packets without Option word in the IP header [15]. This puts EzIP 738 packets at a disadvantage, because EzIP packets will have to go 739 through the "slow path" (processed by CPU's software before giving to 740 the correct hardware line card to forward), resulting in a slower 741 throughput. Since the immediate goal of the EzIP is to ease the 742 address pool exhaustion affecting web server access, subscribers not 743 demanding high throughput performance may be migrated to the EzIP 744 supported facility first. This gives CRs the time to update so that 745 EzIP packets with authorized Option numbers will eventually be 746 recognized for receiving the "fast-path" service. On the other hand, 747 an alternative logic may be applied for the CR. That is, it should by 748 default ignore any Option word in an IP header so that all IP packets 749 will be processed through the "fast-path", unless a recognizable 750 Option word requiring action is detected. This approach would 751 mitigate the security issues caused by the "source routing" attack, 752 as well. 754 B. Connectivity Verification 756 One frequently used probing utility for verifying baseline 757 connectivity, commonly referred to as the "ping" function in PC 758 terminology, needs be able to transport the full EzIP address that is 759 64 bits long instead of the current 32 bit IPv4 address. There is an 760 example of an upgraded TCP echo server in [RFC862] [16]. 762 C. Domain Name Server (DNS) 764 Similarly, the DNS needs to expand its data format to transport the 765 longer IP address created by the EzIP. This already can be done under 766 IPv6. Utilizing the experimental IPv6 prefix 2001:0101 defined by 767 [RFC2928] [17], EzIP addresses may be transported as standardized 768 AAAA records. 770 These topics are discussed in more detail under an IETF Draft RFC, 771 Enhanced IPv4 - V.03 [13]. 773 5. EzIP Enhancement and Application 775 To avoid disturbing any assigned address, deployed equipment and 776 current operation, etc., the EzIP scheme is derived under the 777 constraint of utilizing only the reserved 240/4 address block. If 778 such restriction were removed by allowing the entire IPv4 address 779 pool be flexibly re-allocatable, the assignable public address pool 780 could be expanded significantly more, as outlined below. 782 A. If the 240/4 netblock were doubled to 224/3, each existing IPv4 783 public address would be expanded by 512M fold. Since this block of 784 512M addresses have to be first reserved from the basic public pool, 785 the resultant total addresses will be (4.096B - 512M) x 512M, or 786 1,835MB. This is over 36M times of the predicted number of IoTs (50B) 787 by Year 2020. This calculation leads to additional possibilities. 789 B. The EzIP header in Figure 4, capable of transporting the full 32 790 bit IPv4 address, allows the extension number to be as long as 791 practical. That is, we can go to the extreme of reserving only one 792 bit for the network number, and using all the rest of bits for the 793 extension address. With this criterion, the basic IPv4 pool may be 794 divided into two halves, reserving one half of it (about 2B 795 addresses) as a semi-public network with the network number prefix 796 equal to "1". Each of the remaining 2B public addresses (with prefix 797 equal to "0") of the basic IPv4 pool may then be extended 2B fold 798 through the EzIP process, resulting in a 4BB address pool. This is 799 roughly 80M times of the Year 2020 IoT needs. 801 C. If the EzIP technique were applied through several layers of SPRs 802 in succession, the address expansion could be even more. For example, 803 let's divide the IPv4 pool equally into four blocks, each with about 804 1B addresses. Apply the first 1B address block to the public routers. 805 Set up three layers of SPRs, each makes use of one of the remaining 806 three 1B addresses. The resultant assignable pool will have 1BBBB 807 addresses. Under this configuration, the full length of an IoT's 808 identification code will be the concatenation of four segments of 32 809 bit IPv4 address, totalling 128 bits, the same as that of the IPv6. 810 The first two bits of each segment, however, being used to 811 distinguish from the other three address blocks, are not significant 812 bits. This 8-bits difference makes the IPv6 pool 256 times larger. 813 This ratio is immaterial, because even the 1BBBB address pool is 814 alreaby 20MBB times of the foreseeable need. It is the hierarchical 815 addressing characteristics, made possible by the EzIP scheme, that 816 will enhance the Internet, such as truncating out the common address 817 prefix for communicating within a local community, and associating an 818 address with the geographical position, thus mitigating the 819 GeoLocation related issues. 821 D. Along this line of reasoning, we could combine two 1B address 822 blocks togther to be the basic public address. The overall assignable 823 pool becomes 2BBB which is still 40MB times of the expected IoT 824 need(50B). With this pool, we can divide the entire globe into 2B 825 regions, each served by one public router. Each region can then be 826 divided into 1B sections, identified by the first group of SPRs. 827 Next, each section will have the second group of SPRs to manage upto 828 1B RGs and IoTs. Since the basic 2B public addresses are already more 829 than half of the current total assignable IPv4 public addresses 830 (3.84B), their potential GeoLocation resolution capabilities are 831 comparable. With additional two layers of SPR routing, 1B for each, 832 the address grid granuality will be so refined that locating the 833 source of an IP packet becomes a finite task, leaving perpetrators 834 little room to hide. 836 E. The following outlines a possible procedure for optimizing the use 837 of the EzIP address resource by transforming the current Internet to 838 be a GeoLocation-capable address system while maintaining the 839 existing IPv4 addressing and operation conventions: 841 a. Quantitative Reference: IETF [RFC6598] [6] reserved the 842 100.64/10 block with 4M addresses for supporting IAP's CG-NAT 843 service. Applying all of these to the entire IPv4 pool of 4B 844 addresses, the maximum effective CG-NAT supported IPv4 address pool 845 could be 16MB. This is 0.32M times of the expected number (50B) of 846 IoTs by Year 2020. 848 b. Employing the 240/4 netblock with 256M addresses in the EzIP 849 extension scheme, a /6 block with 64M addresses from the IPv4 basic 850 public pool is sufficient to replicate the above 16MB capacity. This 851 frees up the majority of the IPv4 public pool. 853 c. Since this will be a temporary holding pool to release the 854 current addresses for new assignments, it should occupy as few public 855 addresses as possible to leave the maximum number of addresses for 856 facilitating the long term planning. To just support the expected 50B 857 IoTs need, only 200 IPv4 public addresses are required (200 x 256M = 858 50B). Thus, a /24 block with 256 addresses is more than enough to 859 accommodate this entire migration process. This frees up even more 860 IPv4 public addresses. 862 d. Although a single /24 public address block is sufficient for 863 migrating all currently perceived IPv4 address needs into one compact 864 temporary EzIP pool, world-wide coordination of new address 865 assignments and routing table updates will be required. It will be 866 more expeditious to carry out this preparatory phase on an individual 867 country or geographical region basis utilizing public IPv4 addresses 868 already assigned to that area and actively served by existing CR 869 routing tables. Since 200 public addresses are enough to port the 870 entire IoT addresses, most of the 233 countries other than the top 35 871 (about 75%) countries should be able to port all of their respective 872 predicted IoTs to be under one 240/4 netblock, each represented by 873 one gateway to the Internet. If this is managed according to 874 geographical disciplines, each participating region will begin to 875 enjoy the benefits of the EzIP approach, such as plentiful assignable 876 public addresses, robust security due to inherent GeoLocation ability 877 to spot hackers from within, so that efforts may be focused only on 878 screening suspicious packets originated from outside. 880 e. As IoTs are getting migrated to the temporary pool, the IPv4 881 addresses they originally occupy shall be released to re-populate the 882 public address pool for establishing full scale EzIP operation. 884 f. Upon the completion of the EzIP based world-wide public address 885 allocation map, each country can simply give up the few temporary 886 public addresses in exchange for the permanent assignments. Since the 887 latter is likely more than the former, addresses in one 240/4 888 netblock will be served by two (or more) 240/4 netblocks. Then, each 889 of such 240/4 netblock will have more than half of its capacity 890 available to serve the growth of additional IoTs. 892 g. This last step is very much the same as the traditional PSTN 893 "Area Code Split" practice, whereby telephone numbers of a service 894 area are split into two (or more) blocks, upon introducing one (or 895 more) new area code(s) into the area. All subscribers will continue 896 to use their original local telephone numbers for calling among 897 neighbors daily, except some may be assigned with a new area code 898 prefix. Upon the split, each area code will have more than half of 899 its assignable telephone numbers availabe to support the future 900 subscriber growth within its service area. Mimicking the PSTN, the 901 EzIP based Internet will have similar GeoLocation capability as the 902 former's caller identification based services, such as the 911 903 emergency caller location system in US, mitigating the root cause to 904 the cybersecurity vulnerability. 906 F. With the IPv4 address shortage issue resolved, potential system 907 configurations utilizing the EzIP enhanced address pool may be 908 explored. 910 a. Although the entire predicted number (50B) of IoTs by Year 2020 911 may be served by just one /24 IPv4 public address block utilizing the 912 EzIP scheme with a 240/4 netblock, let's replace it with a /8 block 913 (16M addresses), resulting in about 4MB (16M x 256M) assignable 914 addresses. This is 80K times of the expected 50B IoTs. Or, each and 915 every person (of predicted 2020 population) would have to own over 916 500K IoTs to use up this address pool. It is apparent that the spares 917 in this allocation should be sufficient to support the growth of the 918 IoTs for some years to come. 920 b. Next, the IPv4 pool originally has 256 blocks of /8 addresses. 921 After the above allocation, there are still 239 blocks of /8 922 addresses available to support additional digital communication 923 systems, each having the same size of address pool as the allocation 924 above. Consequently, many world-wide communication networks may 925 coexist under the same IPv4 protocol framework in the form of groups 926 of RANs as described earlier, with arm's-length links among them. 928 c. For example, a satellite based Internet that is being proposed 929 [19], such as StarLink can start fresh as one EzIP RAN served by one 930 SPR having the capacity of 256M IoTs, under one ER capable of 931 managing one /8 block of IPv4 public address. Utilizing a caching 932 proxy as the gateway to handle the data exchange with other RAN, this 933 satellite based Internet with 256M hosts can operate pretty much as 934 an isolated system by using 240/4 addresses in the basic IP headers 935 for intra-RAN communications, most of the time. Only when direct 936 communication with another RAN (such as the one for the existing 937 Internet) is needed, will the full EzIP header be required. As users 938 grow, additional RANs (each with 256M IoTs capacity), may be 939 incrementally added to support the expansion. 941 G. In summary, utilizing the 240/4 netblock, the EzIP scheme may 942 expand the IPv4 based Internet to be a collection of up to 240 groups 943 of 16M RANs each managed by one SPR with 256M IoTs capacity that are 944 inter-operable digital communication systems, normally operate at 945 arm's-lenghth to one another. Each of these groups has the address 946 capacity of at least 80K times of the number of predicted (50B) IoTs 947 by Year 2020. 949 6. Security Considerations 951 The EzIP solution is based on an inline module called SPR that is 952 intended to be as transparent to Internet traffic as possible. The 953 proposed address assignment rule is deterministic and systematic. 954 Thus, no overall system security degradation is expected. 956 7. IANA Considerations 958 This draft does not create a new registry nor does it register any 959 values in existing registries; no IANA action is required. 961 8. Conclusions 963 To resolve the IPv4 public address pool exhaustion issue, a technique 964 called EzIP (phonetic for Easy IPv4) making use of a long reserved 965 address block 240/4, is proposed. 967 This draft RFC describes an enhancement to IPv4 operation utilizing 968 the IP header Option mechanism defined in [RFC791]. Since the design 969 criterion is to enhance IPv4 by extending instead of altering it, the 970 impact on already in-place routers and security mechanisms is 971 minimized. 973 The basic EzIP philosophy includes maintaining the existing public 974 and private network structure. Upon reclassifying the "RESERVED for 975 Future use" 240/4 netblock to be the Semi-Public address pool, it 976 will only be usable by the new SPR (Semi-Public Router) as the EzIP 977 extension address. This pool can multiply each current IPv4 public 978 address by 256M fold, while all existing public network and 979 subscriber premises setups (private networks as well as directly 980 connected IoTs) may remain unchanged. A subscriber is encouraged to 981 upgrade his IoT(s) to be EzIP-capable so as to enjoy the enhanced 982 router service by EzIP. This particular manifestation of the EzIP 983 scheme appears to be the optimal solution to our needs. 985 The 240/4 netblock based EzIP scheme will not only relieve the IPv4 986 address shortage, but also improve the defense against cybersecurity 987 intrusion by virtue of systematic and deterministic address 988 management. The EzIP RAN (Regional Area Network) configuration will 989 also support the desire to establish CIR (Country-based Internet 990 Registry) operation expressed by ITU-T, as a parallel local facility 991 providing services equivalent to the current global Internet. 993 Furthermore, EzIP will help the IPv4 based Internet to become the 994 common backbone for multiple world-wide digital communication systems 995 such as satellite based systems like StarLink that normally would 996 operate in arm's-length from one another. 998 These last two possible applications turn out to be a generic 999 architectural feature that is also suitable for establishing test 1000 beds at arm's-length to one another for developing new protocols and 1001 products. This last manifestation of the EzIP empowers end-users to 1002 participate in the evaluation, and the smooth transition to the 1003 eventual use, of new services in a realistic, not simulated, 1004 environment. 1006 9. References 1008 9.1. Normative References 1010 [1] https://tools.ietf.org/html/rfc791 1012 [2] https://tools.ietf.org/html/draft-wilson-class-e-02 1014 9.2. Informative References 1016 [3] https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBS 1017 G_0411FINAL.pdf 1019 [4] http://stats.labs.apnic.net/ipv6 1021 [5] https://stats.ams-ix.net/sflow/ether_type.html 1023 [6] https://tools.ietf.org/html/rfc6598 1025 [7] http://www.iana.org/assignments/ipv4-address-space/ipv4- 1026 address-space.xhtml 1028 [8] https://tools.ietf.org/html/rfc1918 1030 [9] https://tools.ietf.org/html/rfc793 1032 [10] https://www.ietf.org/rfc/rfc2131.txt 1034 [11] http://www.iana.org/assignments/ip-parameters/ip- 1035 parameters.xhtml 1037 [12] https://tools.ietf.org/html/rfc1385 1039 [13] https://tools.ietf.org/html/draft-chimiak-enhanced-ipv4-03 1041 [14] https://en.wikipedia.org/wiki/Proxy_server#Improving_performanc 1042 e 1044 [15] http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.477.19 1045 42&rep=rep1&type=pdf 1047 [16] https://tools.ietf.org/html/rfc862 1049 [17] https://tools.ietf.org/html/rfc2928 1051 [18] https://www.nro.net/wp-content/uploads/nro-response-to-ls-5.pdf 1053 [19] https://www.commerce.senate.gov/public/index.cfm/2017/10/the- 1054 commercial-satellite-industry-what-s-up-and-what-s-on-the- 1055 horizon 1057 10. Acknowledgments 1059 The authors would express their deep appreciation to Dr. W. Chimiak 1060 for the enlightening discussions about his team's efforts and 1061 experiences through their EnIP development. 1063 This document was prepared using 2-Word-v2.0.template.dot. 1065 Appendix A EzIP Operation 1067 To demonstrate how EzIP could support and enhance the Internet 1068 operations, the following are three sets of examples that involve 1069 SPRs as shown in Figure 1. These present a general perspective of how 1070 IP header transitions through the routers may look like. 1072 1. The first example is between EzIP-unaware IoTs, T1a and T4a. This 1073 operation is very much the same as the conventional TCP/IP packet 1074 transmission except with SPRs acting as an extra pair of routers 1075 providing the CG-NAT service. 1077 2. The second one is between EzIP-capable IoTs, T1z and T4z. Here, 1078 the SPRs process the extended semi-public IP addresses in router 1079 mode, avoiding the drawbacks due to the CG-NAT type of table look-up 1080 operations above. 1082 3. The last one is between EzIP-unaware and EzIP-capable IoTs. By 1083 initiating and responding with a conventional IP header, EzIP-capable 1084 IoTs behave like EzIP-unaware IoTs. Thus, all packet exchanges use 1085 the conventional IP headers, just like case 1. above. 1087 A.1. Connection between EzIP-unaware IoTs 1089 A.1.1. T1a Initiates a Session Request towards T4a 1091 T1a sends a session request to SPR4 that serves T4a by a plain IP 1092 packet with header as in Figure 5, to RG1. There is no TCP port 1093 number in this IP header yet. 1095 0 1 2 3 1096 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1097 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1098 1 |Version|IHL (5)|Type of Service| Total Length (20) | 1099 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1100 2 | Identification |Flags| Fragment Offset | 1101 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1102 3 | Time to Live | Protocol | Header Checksum | 1103 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1104 4 | Source Host Number (192.168.1.3) | 1105 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1106 5 | Destination Host Number (69.41.190.148) | 1107 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1109 Figure 5 IP Header: From T1a to RG1 1111 A.1.2. RG1 Forwards the Packet to SPR1 1113 RG1, allowing be masqueraded by T1a, relays the packet toward SPR1 1114 by assigning the TCP Source port number, 3N, to T1a, with a header as 1115 in Figure 6,. Note that the suffix "N" denotes the actual TCP port 1116 number assigned by the RG1's RG-NAT. This could assume multiple 1117 values, each represents a separate communications session that T1a is 1118 engaged in. A corresponding entry is created in the RG1 state table 1119 for handling the reply packet from the Destination site. Since T4a's 1120 TCP port number is not known yet, it is filled with all 1's. 1122 0 1 2 3 1123 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1124 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1125 1 |Version|IHL (6)|Type of Service| Total Length (24) | 1126 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1127 2 | Identification |Flags| Fragment Offset | 1128 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1129 3 | Time to Live | Protocol | Header Checksum | 1130 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1131 4 | Source Host Number (240.0.0.0) | 1132 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1133 5 | Destination Host Number (69.41.190.148) | 1134 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1135 6 | Source Port (3N) | Destination Port (All 1's) | 1136 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1138 Figure 6 TCP/IP Header: From RG1 to SPR1 1140 A.1.3. SPR1 Sends the Packet to SPR4 through the Internet 1142 SPR1, detecting no EzIP Option word, acts like a CG-NAT. It allows 1143 being masqueraded by RG1 (with the Source Host Number changed to be 1144 SPR1's own and the TCP port number changed to 0C, where "0" is the 1145 last octet of RG1's IP address, and "C" stands for CG-NAT) and sends 1146 the packet as in Figure 7 out through the Internet towards SPR4. The 1147 packet traverses through the Internet (ER1, CR and ER4) utilizing 1148 only the Destination Host Number (word 5) in the header. 1150 0 1 2 3 1151 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1152 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1153 1 |Version|IHL (6)|Type of Service| Total Length (24) | 1154 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1155 2 | Identification |Flags| Fragment Offset | 1156 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1157 3 | Time to Live | Protocol | Header Checksum | 1158 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1159 4 | Source Host Number (69.41.190.110) | 1160 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1161 5 | Destination Host Number (69.41.190.148) | 1162 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1163 6 | Source Port (0C) | Destination Port (All 1's) | 1164 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1166 Figure 7 TCP/IP Header: From SPR1 to SPR4 1168 Note that although schematically shown in Figure 1 as one public IPv4 1169 address serving one SPR capable of a full 240/4 address block, the 1170 PCP port number has a theoretical limit of 64K (256 x 256) because it 1171 consists of 16 bits. This is much smaller than a full 240/4 pool. 1172 Even with dynamic assignments, it will take quite a few public 1173 address to serve the CG-NAT need if many IoTs are EzIP-unaware. So, 1174 IoTs are encouraged to become EzIP-capable as soon as possible to 1175 avoid straining the SPR's CG-NAT capability. This should not be an 1176 issue for emerging regions currently having very little facility and 1177 IoTs. As new ones are deployed, they should be enabled as EzIP- 1178 capable by factory default. For the rural area of developed countries 1179 with existing EzIP-unaware IoTs, the need for CG-NAT service will be 1180 greater. Multiple IPv4 public addresses would be needed initially to 1181 support smaller sub- 240/4 netblocks. This is probably workable 1182 because the latter does have more public IPv4 addresses. The CG-NAT 1183 techniques developed under [RFC6598] [6] may be incorporated here to 1184 facilitate the transition. 1186 A.1.4. SPR4 Sends the Packet to T4a 1188 Since the packet has a conventional TCP/IP header without Destination 1189 TCP port number, SPR4 would ordinarily drop it due to the CG-NAT 1190 function. However, for this example, let's assume that there exists a 1191 state-table that was set up by a DMZ (De-Militaried Zone) process for 1192 redirecting this packet to T4a with a CG-NAT TCP port number 10C 1193 (Here, "10" is the fourth octet of T4a's Extension address, and "C" 1194 stands for CG-NAT.). After constructing the Destination Host Number 1195 accordingly, SPR4 sends the packet to T4a with a header as in Figure 1196 8. 1198 0 1 2 3 1199 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1200 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1201 1 |Version|IHL (6)|Type of Service| Total Length (24) | 1202 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1203 2 | Identification |Flags| Fragment Offset | 1204 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1205 3 | Time to Live | Protocol | Header Checksum | 1206 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1207 4 | Source Host Number (69.41.190.110) | 1208 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1209 5 | Destination Host Number (240.0.0.10) | 1210 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1211 6 | Source Port (0C) | Destination Port (10C) | 1212 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1214 Figure 8 TCP/IP Header: From SPR4 to T4a 1216 A.1.5. T4a Replies to SPR4 1218 T4a interchanges the Source and Destination identifications in the 1219 incoming TCP/IP packet to create a header as in Figure 9, for the 1220 reply packet to SPR4. 1222 0 1 2 3 1223 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1224 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1225 1 |Version|IHL (6)|Type of Service| Total Length (24) | 1226 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1227 2 | Identification |Flags| Fragment Offset | 1228 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1229 3 | Time to Live | Protocol | Header Checksum | 1230 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1231 4 | Source Host Number (240.0.0.10) | 1232 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1233 5 | Destination Host Number (69.41.190.110) | 1234 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1235 6 | Source Port (10C) | Destination Port (0C) | 1236 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1238 Figure 9 TCP/IP Header: From T4a to SPR4 1240 A.1.6. SPR4 Sends the Packet to SPR1 through the Internet 1242 SPR4, allowing being masqueraded by T4a, sends the packet toward SPR1 1243 with the header in Figure 10, through the Internet (ER4, CR and ER1) 1244 who will simply relay the packet according to the information in word 1245 5 (Destination Host Number): 1247 0 1 2 3 1248 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1249 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1250 1 |Version|IHL (6)|Type of Service| Total Length (24) | 1251 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1252 2 | Identification |Flags| Fragment Offset | 1253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1254 3 | Time to Live | Protocol | Header Checksum | 1255 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1256 4 | Source Host Number (69.41.190.148) | 1257 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1258 5 | Destination Host Number (69.41.190.110) | 1259 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1260 6 | Source Port (10C) | Destination Port (0C) | 1261 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1263 Figure 10 TCP/IP Header: From SPR4 to SPR1 1265 A.1.7. SPR1 Sends the Packet to RG1 1267 Using the stored data in the CG-NAT state-table, SPR1 reconstructes a 1268 header as in Figure 11, for sending the packet to RG1. 1270 0 1 2 3 1271 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1272 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1273 1 |Version|IHL (6)|Type of Service| Total Length (24) | 1274 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1275 2 | Identification |Flags| Fragment Offset | 1276 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1277 3 | Time to Live | Protocol | Header Checksum | 1278 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1279 4 | Source Host Number (69.41.190.148) | 1280 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1281 5 | Destination Host Number (240.0.0.0) | 1282 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1283 6 | Source Port (10C) | Destination Port (3N) | 1284 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1286 Figure 11 TCP/IP Header: From SPR1 to RG1 1288 A.1.8. RG1 Forwards the Packet to T1a 1290 From the state-table in RG1's RG-NAT, T1a address is reconstructed 1291 based on Destination Port (3N), as in Figure 12. 1293 0 1 2 3 1294 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1295 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1296 1 |Version|IHL (6)|Type of Service| Total Length (24) | 1297 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1298 2 | Identification |Flags| Fragment Offset | 1299 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1300 3 | Time to Live | Protocol | Header Checksum | 1301 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1302 4 | Source Host Number (69.41.190.148) | 1303 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1304 5 | Destination Host Number (192.168.1.3) | 1305 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1306 6 | Source Port (10C) | Destination Port (3N) | 1307 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1309 Figure 12 TCP/IP Header: From RG1 to T1a 1311 A.1.9. T1a Sends a Follow-up Packet to RG1 1313 To carry on the communication, T1a constructs a full TCP/IP header as 1314 in Figure 13 for sending the follow-up packet to RG1. 1316 0 1 2 3 1317 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1318 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1319 1 |Version|IHL (6)|Type of Service| Total Length (24) | 1320 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1321 2 | Identification |Flags| Fragment Offset | 1322 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1323 3 | Time to Live | Protocol | Header Checksum | 1324 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1325 4 | Source Host Number (192.168.1.3) | 1326 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1327 5 | Destination Host Number (69.41.190.148) | 1328 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1329 6 | Source Port (3N) | Destination Port (10C) | 1330 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1332 Figure 13 TCP/IP Header: Follow-up Packets From T1a to RG1 1334 A.2. Connection Between EzIP-capable IoTs 1336 The following is an example of EzIP operation between T1z and T4z 1337 shown in Figure 1, with full "Public - EzIP : Private" network 1338 addresses, "69.41.190.110-240.0.0.0:9" and "69.41.190.148- 1339 246.1.6.40", respectively. Note that T4z, without the private portion 1340 (TCP port number) in the concatenated address, is directly 1341 addressable from the Internet. For T1z to initiate a session, it 1342 needs to know the full address of T4z, but only it's own private 1343 address. 1345 A.2.1. T1z Initiates a Session Request towards T4z 1347 T1z sends an EzIP packet, as in Figure 14, to RG1. There is no TCP 1348 port number word, because T4z does not have such while that for T1z 1349 is waiting for assignment from the RG1's RG-NAT. Also, the Extended 1350 Source No. is filled with all "1's", waiting for being specified by 1351 SPR1. 1353 0 1 2 3 1354 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1355 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1356 1 |Version|IHL (8)|Type of Service| Total Length (32) | 1357 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1358 2 | Identification |Flags| Fragment Offset | 1359 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1360 3 | Time to Live | Protocol | Header Checksum | 1361 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1362 4 | Source Host Number (192.168.1.9) | 1363 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1364 5 | Destination Host Number (69.41.190.148) | 1365 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1366 | EzIP ID | EzIP | Extended | Extended | 1367 6 | (Source) | Option Length | Source | Source | 1368 | (0X9A) | (6) | No.-1 (255) | No.-2 (255) | 1369 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1370 | Extended | Extended | EzIP ID | EzIP | 1371 7 | Source | Source | (Destination) | Option Length | 1372 | No.-3 (255) | No.-4 (255) | (0X9B) | (6) | 1373 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1374 | Extended | Extended | Extended | Extended | 1375 8 | Destination | Destination | Destination | Destination | 1376 | No.-1 (246) | No.-2 (1) | No.-3 (6) | No.-4 (40) | 1377 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1379 Figure 14 EzIP Header: From T1z to RG1 1381 A.2.2. RG1 Forwards the Packet to SPR1 1383 RG1, allowing to be masqueraded by T1z, relays a packet as in 1384 Figure 15, toward SPR1 by assigning the TCP Source port number, 9N, 1385 to T1z. Not knowing whether T4z is behind an RG, "All 1's" is used to 1386 fill the Destination Port part of the TCP word. 1388 0 1 2 3 1389 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1390 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1391 1 |Version|IHL (9)|Type of Service| Total Length (36) | 1392 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1393 2 | Identification |Flags| Fragment Offset | 1394 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1395 3 | Time to Live | Protocol | Header Checksum | 1396 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1397 4 | Source Host Number (240.0.0.0) | 1398 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1399 5 | Destination Host Number (69.41.190.148) | 1400 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1401 | EzIP ID | EzIP | Extended | Extended | 1402 6 | (Source) | Option Length | Source | Source | 1403 | (0X9A) | (6) | No.-1 (255) | No.-2 (255) | 1404 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1405 | Extended | Extended | EzIP ID | EzIP | 1406 7 | Source | Source | (Destination) | Option Length | 1407 | No.-3 (255) | No.-4 (255) | (0X9B) | (6) | 1408 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1409 | Extended | Extended | Extended | Extended | 1410 8 | Destination | Destination | Destination | Destination | 1411 | No.-1 (246) | No.-2 (1) | No.-3 (6) | No.-4 (40) | 1412 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1413 9 | Source Port (9N) | Destination Port (All 1's) | 1414 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1416 Figure 15 TCP/EzIP Header: From RG1 to SPR1 1418 A.2.3. SPR1 Sends the Packet to SPR4 through the Internet 1420 SPR1 replaces the Source Host Number with its own as well as fills in 1421 the Extended Source No. information, and then sends the packet, with 1422 a header as in Figure 166, out into the Internet towards SPR4. The 1423 packet traverses through ER1, CR and ER4, utilizing only the 1424 Destination Host Number (Word 5) in the IP Header. 1426 0 1 2 3 1427 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1428 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1429 1 |Version|IHL (9)|Type of Service| Total Length (36) | 1430 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1431 2 | Identification |Flags| Fragment Offset | 1432 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1433 3 | Time to Live | Protocol | Header Checksum | 1434 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1435 4 | Source Host Number (69.41.190.110) | 1436 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1437 5 | Destination Host Number (69.41.190.148) | 1438 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1439 | EzIP ID | EzIP | Extended | Extended | 1440 6 | (Source) | Option Length | Source | Source | 1441 | (0X9A) | (6) | No.-1 (240) | No.-2 (0) | 1442 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1443 | Extended | Extended | EzIP ID | EzIP | 1444 7 | Source | Source | (Destination) | Option Length | 1445 | No.-3 (0) | No.-4 (0) | (0X9B) | (6) | 1446 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1447 | Extended | Extended | Extended | Extended | 1448 8 | Destination | Destination | Destination | Destination | 1449 | No.-1 (246) | No.-2 (1) | No.-3 (6) | No.-4 (40) | 1450 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1451 9 | Source Port (9N) | Destination Port (All 1's) | 1452 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1454 Figure 16 TCP/EzIP Header: From SPR1 to SPR4 1456 A.2.4. SPR4 Sends the Packet to T4z 1458 SPR4 reconstructs T4z address from the Option number 0X9B and the 1459 Extended Destination No. then sends the packet, with the header as in 1460 Figure 17, to T4z. 1462 0 1 2 3 1463 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1464 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1465 1 |Version|IHL (9)|Type of Service| Total Length (36) | 1466 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1467 2 | Identification |Flags| Fragment Offset | 1468 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1469 3 | Time to Live | Protocol | Header Checksum | 1470 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1471 4 | Source Host Number (69.41.190.110) | 1472 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1473 5 | Destination Host Number (246.1.6.40) | 1474 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1475 | EzIP ID | EzIP | Extended | Extended | 1476 6 | (Source) | Option Length | Source | Source | 1477 | (0X9A) | (6) | No.-1 (240) | No.-2 (0) | 1478 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1479 | Extended | Extended | EzIP ID | EzIP | 1480 7 | Source | Source | (Destination) | Option Length | 1481 | No.-3 (0) | No.-4 (0) | (0X9B) | (6) | 1482 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1483 | Extended | Extended | Extended | Extended | 1484 8 | Destination | Destination | Destination | Destination | 1485 | No.-1 (246) | No.-2 (1) | No.-3 (6) | No.-4 (40) | 1486 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1487 9 | Source Port (9N) | Destination Port (All 1's) | 1488 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1490 Figure 17 TCP/EzIP Header: From SPR4 to T4z 1492 A.2.5. T4z Replies to SPR4 1494 Making use of the information in the incoming TCP/EzIP header, T4z 1495 replies to SPR4 with a full header, as in Figure 18. 1497 0 1 2 3 1498 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1499 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1500 1 |Version|IHL (9)|Type of Service| Total Length (36) | 1501 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1502 2 | Identification |Flags| Fragment Offset | 1503 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1504 3 | Time to Live | Protocol | Header Checksum | 1505 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1506 4 | Source Host Number (246.1.6.40) | 1507 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1508 5 | Destination Host Number (69.41.190.110) | 1509 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1510 | EzIP ID | EzIP | Extended | Extended | 1511 6 | (Source) | Option Length | Source | Source | 1512 | (0X9A) | (6) | No.-1 (246) | No.-2 (1) | 1513 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1514 | Extended | Extended | EzIP ID | EzIP | 1515 7 | Source | Source | (Destination) | Option Length | 1516 | No.-3 (6) | No.-4 (40) | (0X9B) | (6) | 1517 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1518 | Extended | Extended | Extended | Extended | 1519 8 | Destination | Destination | Destination | Destination | 1520 | No.-1 (240) | No.-2 (0) | No.-3 (0) | No.-4 (0) | 1521 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1522 9 | Source Port (All 1's) | Destination Port (9N) | 1523 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1525 Figure 18 TCP/EzIP Header: From T4z to SPR4 1527 A.2.6. SPR4 Sends the Packet to SPR1 through the Internet 1529 SPR4 replaces the Source Host Number with its own, and sends the 1530 packet with the header, as in Figure 19, towards SPR1. The Internet 1531 (ER4, CR, and ER1) simply relays the packet according to the TCP/EzIP 1532 header word 5 (Destination Host Number): 1534 0 1 2 3 1535 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1536 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1537 1 |Version|IHL (9)|Type of Service| Total Length (36) | 1538 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1539 2 | Identification |Flags| Fragment Offset | 1540 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1541 3 | Time to Live | Protocol | Header Checksum | 1542 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1543 4 | Source Host Number (69.41.190.148) | 1544 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1545 5 | Destination Host Number (69.41.190.110) | 1546 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1547 | EzIP ID | EzIP | Extended | Extended | 1548 6 | (Source) | Option Length | Source | Source | 1549 | (0X9A) | (6) | No.-1 (246) | No.-2 (1) | 1550 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1551 | Extended | Extended | EzIP ID | EzIP | 1552 7 | Source | Source | (Destination) | Option Length | 1553 | No.-3 (6) | No.-4 (40) | (0X9B) | (6) | 1554 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1555 | Extended | Extended | Extended | Extended | 1556 8 | Destination | Destination | Destination | Destination | 1557 | No.-1 (240) | No.-2 (0) | No.-3 (0) | No.-4 (0) | 1558 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1559 9 | Source Port (All 1's) | Destination Port (9N) | 1560 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1562 Figure 19 TCP/EzIP Header: From SPR4 to SPR1 1564 A.2.7. SPR1 Sends the Packet to RG1 1566 SPR1 reconstructs RG1 address from the Option number 0X9B and the 1567 Extended Destination No. Then, sends packet with a header as in 1568 Figure 20 toward RG1. 1570 0 1 2 3 1571 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1572 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1573 1 |Version|IHL (9)|Type of Service| Total Length (36) | 1574 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1575 2 | Identification |Flags| Fragment Offset | 1576 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1577 3 | Time to Live | Protocol | Header Checksum | 1578 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1579 4 | Source Host Number (69.41.190.148) | 1580 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1581 5 | Destination Host Number (240.0.0.0) | 1582 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1583 | EzIP ID | EzIP | Extended | Extended | 1584 6 | (Source) | Option Length | Source | Source | 1585 | (0X9A) | (6) | No.-1 (246) | No.-2 (1) | 1586 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1587 | Extended | Extended | EzIP ID | EzIP | 1588 7 | Source | Source | (Destination) | Option Length | 1589 | No.-3 (6) | No.-4 (40) | (0X9B) | (6) | 1590 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1591 | Extended | Extended | Extended | Extended | 1592 8 | Destination | Destination | Destination | Destination | 1593 | No.-1 (240) | No.-2 (0) | No.-3 (0) | No.-4 (0) | 1594 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1595 9 | Source Port (All 1's) | Destination Port (9N) | 1596 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1598 Figure 20 TCP/EzIP Header: From SPR1 to RG1 1600 A.2.8. RG1 Forwards the Packet to T1z 1602 RG1 reconstructs T1z address from RG1's RG-NAT state-table based on 1603 Destination Port (9N), then sends the packet to T1z with a header as 1604 in Figure 21. 1606 0 1 2 3 1607 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1608 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1609 1 |Version|IHL (9)|Type of Service| Total Length (36) | 1610 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1611 2 | Identification |Flags| Fragment Offset | 1612 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1613 3 | Time to Live | Protocol | Header Checksum | 1614 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1615 4 | Source Host Number (69.41.190.148) | 1616 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1617 5 | Destination Host Number (192.168.1.9) | 1618 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1619 | EzIP ID | EzIP | Extended | Extended | 1620 6 | (Source) | Option Length | Source | Source | 1621 | (0X9A) | (6) | No.-1 (246) | No.-2 (1) | 1622 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1623 | Extended | Extended | EzIP ID | EzIP | 1624 7 | Source | Source | (Destination) | Option Length | 1625 | No.-3 (6) | No.-4 (40) | (0X9B) | (6) | 1626 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1627 | Extended | Extended | Extended | Extended | 1628 8 | Destination | Destination | Destination | Destination | 1629 | No.-1 (240) | No.-2 (0) | No.-3 (0) | No.-4 (0) | 1630 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1631 9 | Source Port (All 1's) | Destination Port (9N) | 1632 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1634 Figure 21 TCP/EzIP Header: From RG1 to T1z 1636 A.2.9. T1z Sends a Follow-up Packet to RG1 1638 With all fields filled with needed information from the incoming 1639 TCP/EzIP header, T1z sends a follow-up packet to RG1 as in Figure 22. 1641 0 1 2 3 1642 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1643 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1644 1 |Version|IHL (9)|Type of Service| Total Length (36) | 1645 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1646 2 | Identification |Flags| Fragment Offset | 1647 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1648 3 | Time to Live | Protocol | Header Checksum | 1649 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1650 4 | Source Host Number (192.168.1.9) | 1651 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1652 5 | Destination Host Number (69.41.190.148) | 1653 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1654 | EzIP ID | EzIP | Extended | Extended | 1655 6 | (Source) | Option Length | Source | Source | 1656 | (0X9A) | (6) | No.-1 (240) | No.-2 (0) | 1657 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1658 | Extended | Extended | EzIP ID | EzIP | 1659 7 | Source | Source | (Destination) | Option Length | 1660 | No.-3 (0) | No.-4 (0) | (0X9B) | (6) | 1661 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1662 | Extended | Extended | Extended | Extended | 1663 8 | Destination | Destination | Destination | Destination | 1664 | No.-1 (246) | No.-2 (1) | No.-3 (6) | No.-4 (40) | 1665 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1666 9 | Source Port (9N) | Destination Port (All 1's) | 1667 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1669 Figure 22 TCP/EzIP Header: Follow-up Packets from T1z to RG1 1671 A.3. Connection Between EzIP-unaware and EzIP-capable IoTs 1673 A.3.1. T1a Initiates a Request to T4z 1675 Since T1a can create only conventional format IP header, the SPRs 1676 will provide CG-NAT type of services to the TCP/IP packets. And, 1677 assuming SPR4 has a state-table set up by DMZ for forwarding the 1678 request to T4z, the packet will be delivered to T4z. Seeing the 1679 incoming packet with conventional TCP/IP header, T4z should respond 1680 with the same so that the session will be conducted with conventional 1681 TCP/IP headers. The interaction will follow the same behavior as in 1682 Appedix A.1. 1684 A.3.2. T1z Initiates a Request to T4a 1686 Knowing T4a is not capable of EzIP header, T1z purposely initiates 1687 the request packet using conventional IP header. It will be treated 1688 by SPRs in the same manner as the T1a initiated case as in Appedix 1689 A.1. so that the packet will be recognizable by T4a. 1691 Note that to maximize the combination in the EzIP System Architecture 1692 diagram (Figure 1) for demonstrating the possible variations, there is 1693 no RG on Premises 4. IoTs, such as T4a and T4z, are thus directly 1694 connected to a SPR, like SPR4 and there is no corresponding TCP port 1695 number in word 9 of the above TCP/EzIP headers. This spare facility in 1696 the header suggests that an RG may be installed if desired, to establish 1697 the similar private network environment as that on Premises 1. 1699 In brief, the steps outlined above are very much the same as the 1700 conventional TCP/IP header transitions through the Internet with the SPR 1701 providing the CG-NAT service. Except, when a TCP/EzIP header is 1702 detected, the SPR switches to the router mode for forwarding the packet 1703 to improve the performance. 1705 In essence, with the EzIP system architecture very much the same as 1706 today's Internet, the SPR starts with assuming the current CG-NAT duty, 1707 while ready to perform the new EzIP routing function for EzIP-aware 1708 IoTs. This strategy offers a simple transition path for the Internet to 1709 evolve toward the future. 1711 It is important to note that both SPR and CG-NAT are inline devices with 1712 respect to ER. However, since CG-NAT provides soft / ephemeral TCP 1713 ports, it is positioned between a CR and ERs, while SPR is located 1714 between an ER and RGs to assign hard / static physical addresses. 1716 Appendix B Internet Transition Considerations 1718 To enhance a large communication system like the Internet, it is 1719 important to minimize the disturbance to the existing equipments and 1720 processes due to any required modification. The basic EzIP plan is to 1721 confine all actionable enhancements within the new SPR module. The 1722 following outlines the considerations for supporting the transition 1723 from the current Internet to the one enhanced by the EzIP technique. 1725 B.1. EzIP Implementation 1727 B.1.1. Introductory Phase: 1729 A. Insert an SPR in front of a web-server that desires to have 1730 additional subnet addresses for offering diversified activities. For 1731 the long term, a new web server may be designed with these two 1732 functional modules combined. 1734 . The first address of a private network address pool, e.g., 1735 242.0.0.0, used by the SPR should be reserved as a DMZ channel 1736 directing the initial incoming service requesting packets to the 1737 existing web server. This will maintain the same current operation 1738 behavior projected to the general public. 1740 . The additional addresses, up to 255.255.255.255 may be used for 1741 EzIP address extension purposes. Each may be assigned to an 1742 additional web server representing one of the business's new 1743 activities. Each of these new servers will then respond with EzIP 1744 header to messages forwarded from the main server, or be directly 1745 accessible through its own EzIP address. 1747 B. Insert an SPR in front of a group of subscribers who are to be 1748 served with the EzIP capability. The basic service provided by this 1749 SPR will be the CG-NAT equivalent function. This will maintain the 1750 same current baseline user experience in accessing the Internet. 1752 C. Session initiating packets with basic IPv4 header will be routed 1753 by SPRs to a business's existing server at the currently published 1754 IPv4 public address (discoverable through existing DNS). The server 1755 should respond with the basic IPv4 format as well. Essentially, this 1756 maintains the existing user experience between a customer and a web 1757 server within an EzIP-unaware environment. 1759 So far, neither the web-server nor any subscriber's IoTs needs to 1760 be enhanced, because the operations remain pretty much the same as 1761 today's common practice utilizing CG-NAT assisted connectivity. See 1762 Appendix A.1. for an example. 1764 D. Upon connection to the main web server, if a customer 1765 intentionally selects one of the new services, the main web server 1766 should ask the customer to confirm the selection. 1768 . If confirmed, implying that the customer is aware of the fact 1769 that his IoT is being served by an SPR, the web server forwards the 1770 request to a branch server for carrying on the session via an EzIP 1771 address. 1773 . The SPR on the customer side, recognizing the EzIP header from 1774 the branch web-server, replaces the CG-NAT service with the EzIP 1775 routing. 1777 . For all subsequent packets exchanged, the EzIP headers will be 1778 used in both directions. This will speed up the transmission 1779 throughput performance for the rest of the session. See Appendix A.2. 1780 for an example. 1782 B.1.2. New IoT Operation Modes: 1784 A. EzIP-capable IoT will create EzIP header in initiating a session, 1785 to directly reach a specific EzIP-capable web-server, instead of the 1786 manual interaction steps of going through the DMZ port then making 1787 the selection from the main web server. This will speed up the 1788 initial handshake process. See Appendix A.2. for an example. 1790 B. To communicate with an EzIP-unaware IoT, an EzIP-capable IoT 1791 should purposely initiate a session with conventional IP header. This 1792 will signal the SPRs to provide just the CG-NAT type of connection 1793 service. See Appendix A.1. for an example. 1795 B.1.3. End-to-End Operation: 1797 Once EzIP-capable IoTs become wide spread among the general public, 1798 direct communication between any pair of such IoTs will be 1799 achievable. An EzIP-capable IoT, knowing the other IoT's full EzIP 1800 address, may initiate a session by creating an EzIP header that 1801 directs SPRs to provide EzIP service, bypassing the CG-NAT process. 1802 See Appendix A.2. for an example. 1804 B.2. SPR Operation Logic 1806 To support the above scenarios, the SPR should be designed with the 1807 following decision process: 1809 B.2.1. Sending an IP packet out for an IoT or a RG 1810 If the IP header contains EzIP Option word, SPR will route it forward 1811 by using the EzIP mechanism (replacing Source Host Number by SPR's 1812 own and filling in Extended Source No. if not already there). 1813 Otherwise, the SPR provides the CG-NAT service (assigning TCP Source 1814 Port number and allowing the packet to masquerade with the SPR's own 1815 IP address, plus creating an entry to the state (port-forward / look- 1816 up / hash) table in anticipation of the reply packet). 1818 B.2.2. Receiving an IP packet from the ER 1820 If a received IP packet includes a valid EzIP Option word, SPR will 1821 provide the EzIP routing service (utilizing the Extended Destination 1822 No. as the Destination Host Number). If only Destination Port number 1823 is present, CG-NAT service will be provided. For a packet with plain 1824 IP header (with neither EzIP nor CG-NAT information), it will be 1825 dropped. 1827 B.3. RG Enhancement 1829 With IPv4 address pool expanded by the EzIP schemes, there will be 1830 sufficient publicly assignable addresses for IoTs wishing to be 1831 directly accessible from the Internet. On the other hand, the 1832 existing private networks may continue their current behavior of 1833 blocking session-request packets from the Internet. In-between, 1834 another connection mode is possible. The following describes such an 1835 option in the context of the existing RG operation conventions. 1837 B.3.1. Initiating Session request for an IoT 1839 Without regard to whether the IP header is a conventional type or an 1840 EzIP one, a RG allows a packet to masquerade with the RG's own IP 1841 address by assigning a TCP port number to the packet and creating an 1842 entry to the state (port-forward / look-up / hash) table. This is the 1843 same as the current RG-NAT practice. 1845 B.3.2. Receiving a packet from the SPR 1847 The "Destination Port" value in the packet is examined: 1849 A. If it matches with an entry in the RG-NAT's state-table, the 1850 packet is forwarded to the corresponding address. This is the same as 1851 the normal RG-NAT processes in a conventional RG. 1853 B. If it matches with the IP address of an active IoT on the 1854 private network, the packet is assigned with a TCP port number and 1855 then forwarded to that IoT. 1857 Note that there is certain amount of increased security risk with 1858 this added last step, because a match between a guessed destination 1859 identity and either of the above two lists could happen by chance. To 1860 address this issue, the following proactive mechanism should be 1861 incorporated in parallel: 1863 C. If the "Destination Port" number is null or matches with 1864 neither of the above two lists, the packet is dropped and an alarm 1865 state is activated to monitor for possible ill-intended follow-up 1866 attempts. A defensive mechanism should be triggered when the number 1867 of failed attempts has exceeded the preset threshold within a 1868 predetermined finite time interval. 1870 In brief, if the IP header of a session requesting packet indicates 1871 that the sender knows the identity of the desired destination IoT on 1872 a private network, the common RG screening process will be bypassed. 1873 This facilitates the direct end-to-end connection, even in the 1874 presence of the RG-NAT. Note that this process is very much the same 1875 as the AA (Automated Attendant) capability in a PABX telephone 1876 switching system that automatically makes the connection for a caller 1877 who indicates (via proper secondary dialing or an equivalent means) 1878 knowing the extension number of the destination party. Such process 1879 effectively screens out most of the unwanted callers while serving 1880 the acquaintance expeditiously. 1882 Appendix C EzIP Realizability 1884 The EzIP scheme proposes a new type of network router, called SPR, 1885 capable of utilizing 240/4 address transported via the Option word 1886 mechanism in the EzIP Header. In particular, EzIP may optimally be 1887 first deployed in the form of a Regional Area Network (RAN) wherever 1888 desired. Each RAN starts from one IPv4 public address to serve up to 1889 256M IoTs. For such a configuration, an SPR will operate with the 1890 degenerated EzIP Header which is identical to the basic IPv4 Header, 1891 except the addresses are from the 240/4 netblock. Since this can be 1892 accomplished by simply expanding the scope of the accessible address 1893 pool within the IPv4 protocol, there is hardly any need to modify the 1894 design of existing routers. 1896 Having been "Reserved for Future Use" for so long (since 1981-09), 1897 however, it is a challenge to identify current equipments that may be 1898 conducive to the use of the 240/4 netblock. Un-documented behaviors, 1899 observed through extensive research and testing of products in-use 1900 and on-the-market as well as public domain firmware, confirm that 1901 certain pairs of router and IoT / PC OS are already partially 1902 supporting this mode of operation. This unexpected discovery sets the 1903 baseline for the following interim report. 1905 C.1. 240/4 Netblock Capable IoTs 1907 A. Open source Xubuntu OS (V.18.04.1) enables a PC to assume both 1908 dynamic and static IP addresses, through the same physical Ethernet 1909 port, simultaneously. The former operates in the default DHCP client 1910 mode with conventional three private netblocks, while the latter 1911 accepts manually set static addresses including those from the 240/4 1912 netblock. Making use of this "dual personality", connectivity between 1913 two similarly equipped PCs can be established first through a 1914 compatible router (described in the next subsection) by "ping"ing 1915 each other with the dynamic address. Using the static 240/4 1916 addresses, the additional networking channel through the same router 1917 can then be confirmed. 1919 B. Several other PC OSs, such as Chrome (V.74.0.3729.125), LinuxMint 1920 V.19 tara (Ubuntu V.4.15.0), Mojave (OSX 10.14.1) and Ubuntu 19.04 1921 (Ubuntu 5.0.0), have been found to behave similarly, although 1922 partially and not as conveniently. 1924 C.2. 240/4 Netblock Capable Routers 1926 A. Open source router firmware OpenWrt (V18.06.1) currently does not 1927 utilize the 240/4 netblock in its DHCP operation, while it would not 1928 reject the process of specifying such but would not function properly 1929 afterwards. Yet, it transports, in its native configuration, 240/4 1930 addressed "ping" packets between two 240/4 capable PCs anyway. 1932 B. Also, a common RG, TP-Link Archer C20 AC750 (F/W V4_170222 / 1933 0.9.13.16 v0348.0) rejects setting its DHCP pool to use the 240/4 1934 netblock, but transports 240/4 addressed "ping" packets, nonetheless. 1936 C. Similarly, Verizon FiOS-G1100 RG (H/W: 1.03, F/W: 02.02.00.14 UI 1937 Ver: v1.0.388) will not allow its DHCP server to utilize the 240/4 1938 netblock, but transports the 240/4 addressed "ping" packets, just 1939 fine. 1941 D. Other routers, such as LinkSys E3000 (DD-WRT v24-sp2 (05/27/13) 1942 mini (SVN Rev. 21676), have been found to exhibit similar behavior. 1944 E. Furthermore, test data suggest that 240/4 addressed "ping" and 1945 "traceroute" packets from some of the above setups could have 1946 propagated through an IAP's ER (108.30.229.xxx, Verizon's Edge 1947 Router) into the Internet. The addresses (130.81.171.xxx) that they 1948 arrrived at appear to be Verizon's internal routers. If these are not 1949 CRs (Core Routers), at least they are ARs (Aggregate Routers). 1951 C.3. Enhancing an RG 1953 The above observations suggest that Xubuntu OS based PCs are likely 1954 ready to network as 240/4 addressed DHCP clients. To complement this 1955 capability, we need a router that can function as a 240/4 DHCP 1956 server. Although the OpenWrt firmware appears to be closer to this 1957 desired functionality than the TP-Link Router, the source code of the 1958 latter being hardware specific would better facilitate the firmware 1959 enhancement efforts. Accordingly, the following outlines the steps 1960 being planned to bring TP-Link Router and Xubuntu OS based PCs up to 1961 a state for performing the essential SPR functions: 1963 C.3.1. Enhance the TP-Link Router firmware to include the 240/4 1964 netblock in its DHCP pool. 1966 C.3.2. Verify that Xubuntu OS based PCs will accept 240/4 based 1967 DHCP assignment from the enhanced Router above. With this, deactivate 1968 the static address settings in the PCs. 1970 C.3.3. Send 240/4 destined traffic between two Xubuntu PCs to be 1971 sure that it is transported through the Router. Three tests will be 1972 conducted; sending "ping" and "traceroute" packets to confirm the 1973 basic connectivity as well as file transfer to verify TCP/IP 1974 capability. 1976 C.3.4. A separate second TP-Link Router will then be plugged into 1977 this first Router as a client IoT to verify that it would accept a 1978 240/4 address as its WAN port designation. Based on this, the second 1979 Router will serve as an RG providing the conventional private network 1980 environment (10/8, 172.16/12 and 192.168/16 netblocks) to common 1981 IoTs, allowing them to continue their current operations without 1982 modification, at all. 1984 C.4. SPR Reference Design 1986 The above pair of enhanced Routers can be used as the SPR model for 1987 enahancing industrial grade routers that are capable of the daily 1988 traffic level expected by a RAN. 1990 Note that including 240/4 netblock in the DHCP pool for the LAN of 1991 the first Router and accepting the 240/4 address assignment on the 1992 WAN port of the second Router are two orthogonal capabilities. They 1993 can be implemented in the same physical Router, consolidating both 1994 modifications into one single SPR module. 1996 C.5. RAN Deployment Model 1998 The above SPR reference design is essentially an existing common IPv4 1999 RG with two simple enhancements: 2001 I. Upstream (WAN) port capable of being a DHCP client accepting 240/4 2002 address assignment, in addition to the ordinary IPv4 public address. 2004 II. Downstream (LAN) port providing DHCP service to client IoTs 2005 using the 240/4 netblock, in addition to the three conventional 2006 private netblocks. 2008 By selectively activating these capabilities, three versions of SPRs 2009 can be derived for completing a functional RAN model: 2011 C.5.1. Root / Gateway SPR: This is the first SPR for starting a 2012 RAN from an IPv4 public address. As such, the upstream port of this 2013 SPR should accept a public IPv4 address. And, its downstream port 2014 will use the 240/4 netblock in its DHCP pool. 2016 Note that this particular type of SPR is only needed for a RAN 2017 demonstration setup. In an actual RAN deployment, a proxy gateway 2018 that caches the Internet traffic for improving the operation 2019 efficiency will naturally perform the same function of this Root SPR, 2020 by virtue of being a more capable two-port device. 2022 C.5.2. Intermediate SPRs: To optimize the performance 2023 requirements on the routing processor, a practical SPR is not 2024 expected to handle all 256M IoTs in a single module. A RAN should 2025 have several layers of SPRs in a tree structure, each handles a 2026 subset of the 240/4 netblock. This architecture enables processing 2027 local traffic locally. Only communications with distance parties need 2028 be consoliated by going through the higher layers of SPRs for 2029 delivery. For this type of SPRs, both their upstream DHCP client port 2030 and downstream DHCP Server pool will operate on sub-240/4 netblocks, 2031 segregated according to the numbering plan in the RAN system design. 2033 C.5.3. RG SPR: To serve existing IoTs on customer premises, this 2034 SPR will be configured to accept a 240/4 address on its upstream 2035 port, while the downstream port assigns addresses from the three 2036 conventional private netblocks to its DHCP client IoTs. 2038 Appendix D Enhancement of a Commercial RG 2040 Since the 240/4 netblock is just one part of the full IPv4 address 2041 pool, there is nothing special about it. In principle, all we need to 2042 do to utilize it is to include it within the usable ranges of a 2043 router's addresses. However, perhaps because it has been reserved for 2044 so long, hardly anyone has been paying attention to how the 240/4 2045 netblock has been treated in current router programs. An intuitive 2046 assumption is that there may be a database that lists all acceptable 2047 address ranges or netblocks. If so, the EzIP enhancement would entail 2048 adding the 240/4 netblock to the list. On the other hand, the current 2049 approach maybe is based on singling out specific unusable IP 2050 addresses. Then, eliminationg such process is sufficient. It turns 2051 out that a commercial RG product appears to be operating with the 2052 latter approach. From such, the task would become simply commenting 2053 out the program statements that are rejecting the 240/4 netblock. 2055 D.1. Candidate Code for Modification 2057 The following short JavaScript function named "ifip" in the TP-Link 2058 Archer C20 V4 source code has been shown to selectively reject 2059 specific ranges of IP addresses. In particular, Line 1047 uses a "2's 2060 Complement" technique to identify the 240/4 netblock as "PRESERVED", 2061 thus rejecting it. A quick scan of the firmware code in the router 2062 indicates that this function is a popular utility because there are 2063 numerous processes calling for it. So, this should be the best 2064 candidate to start testing our concept. 2066 lib.js:1040:ifip: function(ip, unalert) { 2067 lib.js-1041-if ((ip = $.ip2num(ip)) === false) return $.alert(ERR_IP_FORMAT, unalert); 2068 lib.js-1042-if (ip == -1) return $.alert(ERR_IP_BROADCAST, unalert); 2069 lib.js-1043-var net = ip >> 24; 2070 lib.js-1044-if (net == 0) return $.alert(ERR_IP_SUBNETA_NET_0, unalert); 2071 lib.js-1045-if (net == 127) return $.alert(ERR_IP_LOOPBACK, unalert); 2072 lib.js-1046-if (net >= -32 && net < -16) return $.alert(ERR_IP_MULTICAST, unalert); 2073 lib.js-1047-if (net >= -16 && net < 0) return $.alert(ERR_IP_PRESERVED, unalert); 2074 lib.js-1048-return 0; 2075 lib.js-1049-}, 2077 D.2. Proposed Modification 2079 To stop rejecting the 240/4 netblock addressed packets, below is a 2080 modification that comments out Line 1047, a modification that has 2081 been shown to eliminate javascript pre-validation of 240/4 IP 2082 addresses, allowing them to be sent within the router, where a second 2083 layer of validation rejects them in a different way. 2085 lib.js:1040: ifip: function(ip, unalert) { 2086 lib.js-1041- if ((ip = $.ip2num(ip)) === false) return $.alert(ERR_IP_FORMAT, unalert); 2087 lib.js-1042- if (ip == -1) return $.alert(ERR_IP_BROADCAST, unalert); 2088 lib.js-1043- var net = ip >> 24; 2089 lib.js-1044- if (net == 0) return $.alert(ERR_IP_SUBNETA_NET_0, unalert); 2090 lib.js-1045- if (net == 127) return $.alert(ERR_IP_LOOPBACK, unalert); 2091 lib.js-1046- if (net >= -32 && net < -16) return $.alert(ERR_IP_MULTICAST, unalert); 2092 lib.js-1047- //if (net >= -16 && net < 0) return $.alert(ERR_IP_PRESERVED, unalert); 2093 lib.js-1048- return 0; 2094 lib.js-1049-}, 2096 D.3. Performance Verification 2098 Initially, the TP-Link Archer C20 router's GPL source code package 2099 from the manufacturer would not go through compilation process. A 2100 revised version allowed us to build a firmware file. Yet, it failed 2101 in loading into the hardware. Interactions continue with the 2102 manufacturer hoping to resolve this basic issue soon. Unfortunately, 2103 this issue remains pending to this day. 2105 Appendix E Utilizing Open Source Router Code 2107 An alternative to the above is to make use of open source router 2108 codes for the EzIP implementation. The advantage of this approach is 2109 that once it is verified in one commercial router, interested parties 2110 may then load the same vintage of open source codes to their own 2111 preferred routers for replicating the operation. The challenge to 2112 this approach, however, is that open source codes are "generic" for 2113 supporting a wide range of brands and models. Customization must be 2114 made to adapt it for a specific router model to generate an 2115 executable binary file for the target device as its firmware. As 2116 well, this configuration information will be needed each time the 2117 source code is modified for a new application, such as the EzIP. 2118 Interestingly, such knowledge appeared to be not in an "open" 2119 document. In the process of studying such, we discovered that OpenWrt 2120 was planning to enhance its Linux core which included the removal of 2121 the current restriction on using 240/4. Although their intention was 2122 to be able to use the 240/4 pool as the fourth private netblock, such 2123 capability suited our EzIP scheme just fine. So, we waited for the 2124 release of the OpenWrt 19.07 and further for its more stable OpenWrt 2125 19.07.2 version, before attempting the EzIP application. Below is a 2126 WIP report of our test results based on OpenWrt 19.07.3. 2128 E.1. EzIP Realizability Test Bed 2130 The first step is to create a LAN environment served by a router 2131 utilizing the 240/4 netblock. Upon loaded OpenWrt 19.07.3 into a 2132 commercial TP-Link Archer C20 V4 Router, it operated with 240/4 2133 address pool as if it was the fourth private netblock. IoTs capable 2134 of utilizing 240/4 netblock operated fine under this environment. 2135 Specifics of this effort is reported on Page 2 of the following 2136 whitepaper: 2138 https://www.avinta.com/phoenix- 2139 1/home/RegionalAreaNetworkArchitecture.pdf 2141 E.2. RAN Architecture Demonstration 2143 The goal of a RAN Demo is to transport a conventional IPv4 (public) 2144 netblock addressed IP packet though a 240/4 environment and then back 2145 to an IPv4 private network utilizing one of the three conventional 2146 netblocks (10/8, 172.16/12 or 192.168/16). This process will increase 2147 the assignable addresses, while allowing all IoTs to retain their 2148 existing operation characteristics. To simuate such a RAN, we need a 2149 RG that can operate as a client in the 240/4 environment established 2150 by Apppendix E.1. above, while maintaining its DHCP LAN service to a 2151 conventional private network. It has been identified that besides 2152 OpenWrt 19.07.3 supported routers, at least one RG provided by 2153 Spectrum cable service delivers this function. Page 4 of the above 2154 whiitepaper details the configuration and operation of such a RAN. In 2155 addition, during past experiments, RG for Verizon's FiOS service was 2156 found to be already transporting 240/4 addressed packets, as well. 2157 Combined, this means that most of existing private networks may 2158 continue normal operations under the inserted RAN environment while 2159 the latter provides assignable 240/4 addresses to additional premises 2160 for expanding the system capacity. 2162 E.3. EzIP Compatible Routers 2164 At the last count, there were 994 branded router models supported by 2165 OpenWrt 19.07.4. It turns out that for an existing IPv4 router to 2166 become an SPR for supporting the EzIP operation, all needs be done is 2167 "disabling the existing program code that has been disabling the 2168 240/4 netblock". Such effort is expected to be rather minimal. 2169 Consequently, most existing IPv4 routers should be able to support 2170 EzIP through finite enhancement processes, even if they are currently 2171 not supported by OpenWrt 19.07.3 (or newer). 2173 E.4. Sub-Internet Operation 2175 The next step is to verify the general operation of a Sub-Internet 2176 configuration consisting of two subsystems, Caching Proxy and RAN. 2177 This pair forms a self-contained module. Based on only one IPv4 2178 address, a sub-Internet module may be installed at any desired 2179 location to begin Internet services for a region with up to 256M 2180 permanently identifiable premises, while appearing as a single IoT to 2181 the rest of the Internet. 2183 Authors' Addresses 2185 Abraham Y. Chen 2186 Avinta Communications, Inc. 2187 142 N. Milpitas Blvd., #148, Milpitas, CA 95035-4401 US 2189 Phone: _+1(408)942-1485 2190 Email: AYChen@Avinta.com 2192 Abhay Karandikar 2193 Director, India Institute of Technology Kanpur 2194 Kanpur - 208 016, U.P., India 2196 Phone: _(+91)512 256 7220 2197 Email: Director@IITK.ac.in 2199 Ramamurthy R. Ati 2200 Avinta Communications, Inc. 2201 142 N. Milpitas Blvd., #148, Milpitas, CA 95035-4401 US 2203 Phone: _+1(408)458-7109 2204 Email: rama_ati@outlook.com 2206 David R. Crowe 2207 Wireless Telecom Consultant and Forensic Expert Witness 2208 102 Point Drive NW, Calgary, Alberta, T3B 5B3, Canada 2210 Phone: _+1(403)289-6609__ 2211 Email: David.Crowe@CNP-wireless.com