Visibility of IPv4 and IPv6 Prefix Lengths in 2019

Ebay Products

Way back in 2011 we wrote about the common prefix lengths that we observe in routing data. Since then, we’ve pushed through 2¹⁹ routes in 2014 (i.e., a half million). It won’t be long before we’re talking about full routing tables containing one million routes. In this article, we provide an update on the structure of announced prefixes as observed by the RIPE NCC’s Routing Information Service (RIS).

As a community, we’ve been looking at emergent BGP behaviour since its most primordial days. Prefix lengths are one aspect of this; they’re bound by common convention and current best practice, not usually by strict rules on how the underlying routing machinery must or must not work. The resulting mishmash of prefixes between those bounds is a form of emergent behaviour from thousands of independent decisions made by network operators around the world; Geoff Huston’s work looks at precisely what’s going on out there.

In this article, we specifically answer the question of whether networks were using this system differently in 2011 compared to today. What’s changed in the intervening seven and a half years? We’re interested in three things:

1. IPv6 deployment
2. IPv4 usage
3. Uncommonly long prefixes in IPv4 (/25s and longer)

For the first two points, let’s compare 1 August 2011 (the date in the last post) against 31 January 2019.

One thing that has changed is widespread adoption of IPv6: the protocol is now a very real operational concern. We see IPv6 advertised by almost 17,000 networks today compared to 4,400 networks in August 2011 (roughly 3.9x growth). IPv6 has had time to develop addressing plans and advertisement patterns that are distinct from IPv4.

Of course, one of the upshots of the IPv6 address space is that it allows clean addressing plans and more opportunities to aggregate space into a larger public BGP announcement. These aspirational goals contradict somewhat with longest prefix routing and a desire to use longer prefixes to affect routing and load-balancing, so there is room for variation in the data. Further, by now we have a few years of the iterative process of network operators designing address plans, learning, and evolving their networks. In other words, people have had time to make a grand old mess of things.

The IPv6 space is wide enough that we’ve shown only prefixes in the range /12 through /64. The rationale here is that /12s are some of the largest blocks assigned to the Regional Internet Registries, and /64 is commonly considered the smallest block for a local network (though this is, like most things, not a requirement).

We’re breaking visibility down similarly to how we did in 2011, whereby for each prefix we’re counting how many full peers it is visible from. Each bar in this histogram shows what proportion of prefixes were visible via 99%+ of peers, 95-99% of peers, and so forth.

We define a full peer as any peer offering 90% of all the prefixes observed at the 95th percentile of observed table sizes. This is the same definition as used by the RISwhois service. On 31 January 2019, that mapped roughly to tables larger than 695,000 IPv4 prefixes and 60,000 IPv6 prefixes.

One thing that stands out is that folks are aligning on the nibble boundaries: /32, /36, /40, /44, /48 are all commonplace. /29 also shows up, as one of the shortest prefixes that RIRs will allocate.

That’s just the shape of the distribution though; forgetting about the absolute values and instead viewing the visibility of the prefixes in each prefix length, the v6 space looks like this:

Figure 2: Visibility of IPv6 prefixes in each prefix length

There’s a clear cliff after /48, confirming the commonly accepted maximum length. There are some special prefixes and ranges in this space that are worth looking at because they’re not obvious in the broader unicast distribution in the previous image:

• 2002::/16, the 6to4 prefix, shows up in most places, but it is advertised by very few networks (primarily Hurricane Electric)

• /19 through /28: fewer than 200 prefix advertisements are globally visible in this range! In general, blocks in this range propagate far, but they’re often larger than the registries will allocate and so they’re rare.

• Specifically on /19: two networks advertise /19s:

• 2001::/32: the TEREDO prefix is still visible via many peers

• /49 through /64: over 6,000 prefixes are visible in the range, though these propagate via a small number of paths and are definitely not globally visible. Over 3,500 are /64s.

Some prefix lengths appear to be less visible than others, which may be a side-effect of very specific traffic engineering decisions. For example, Reliance Jio advertises many /41s which are visible only on RIS route collectors rrc01 and rrc19, having traversed BGP path “328145 9498 55836“; these are covered by a much more generally available /36. Given that the total number of /41s advertised in general is small, their (lack of) global visibility becomes clear in the plot above.

In the IPv6 world, it appears that networks continue to filter prefixes longer than /48, and a /48 is the common building block of the routing world. Operators are highly inclined to advertise /29s, /32s, /36s, /40s, /44s, or (primarily) /48s. Some other prefix lengths are visible, but addressing plans seem to usually fall on nice boundaries so those become the most common.

So what’s changed on the IPv4 side? Although IPv6 adoption continues apace and some networks are primarily IPv6 internally, IPv4 is still very much with us as the dominant player in the interdomain network. Modern routers today are busy holding both worlds simultaneously.

By August 2011 IPv4 exhaustion was widely understood across the operator community. The final /8s had already been allocated to the RIRs and “last /8” policies were already being activated, so there was little ambiguity. But perhaps the aggregate behaviour has changed given these constraints.

In terms of broad growth, in August 2011 full routing tables carried around 420,000 unique prefixes from 38,500 networks; in January 2019 they carry 870,000 unique prefixes (2.1x growth) from 63,500 networks (1.65x growth).

The 2019 and 2011 distributions look like this:

Unsurprisingly, the 2019 distribution is pretty similar to the IPv4 distribution from 2011. Most of the growth has come from /22s, /23s, and (primarily) /24s. This makes sense not just for traffic management and routing control, but also because the blocks available to advertise become progressively smaller as the IPv4 exhaustion squeezes the remaining space. One main interesting aspect is that /22 growth appears to have outpaced /23 growth, and that may be an effect of the allocation policy implemented by the RIPE NCC.

As above, let’s forget about the absolute values and instead view the visibility of the prefixes in each prefix length. The IPv4 space looks like this in January 2019:

Figure 4: Visibility of IPv4 prefixes in each prefix length

Of course, in the IPv4 world, unicast prefixes shorter than a /8 don’t really make sense and should not show up in the global routing table (except for 0.0.0.0/0, which some peers share with us). So here we can see that prefixes in the range /8 through /24 are broadly visible still, as we might expect. In some cases, careful traffic engineering implies slightly weaker visibility of longer prefixes as operators nudge towards /24s.

/8 visibility is generally high (usually, 100% across all peers), but this snapshot was affected by two advertisements: 20.0.0.0/8, and 102.0.0.0/8.

• 20.0.0.0/8 is legacy space administered by ARIN, from which various smaller blocks have been allocated or assigned. This /8, according to BGPlay, was announced by AS 4761 for a few minutes on 29 January 2019. The full /8 was visible at rrc00 via one path, 64050 4766 9304 4761, until 2019-02-01T13:05:56.

• 102.0.0.0/8 is allocated to AFRINIC, and happens to be their last /8. They’ve allocated many smaller blocks from this space, but not the full /8. The /8 route only appears at rrc00, via AS path 64050 4766 9498, intermittently since 12 December 2018.

Commonalities

Of course, in both cases, the tables are growing and the common building blocks are the longest prefixes that commonly traverse the network. We must assume that if /52s or /56s were permitted in IPv6 that they’d become commonplace in the global routing table, and much the same may be true with prefixes longer than /24 in IPv4.

That brings us to the next question: what about those longer prefixes in IPv4?

Given IPv4 exhaustion, a reasonable question to ask is whether we will at some point begin accepting /25s as common routable address ranges. As part of a long-running experiment, we advertise /25s and /28s in order to observe where they are visible in BGP, and where they are reachable from using RIPE Atlas measurements. Famously, YouTube attempted to advertise /25s in the 2008 hijack. Would that approach work well today?

In 2017, we reviewed the reachability of uncharacteristically long prefixes in IPv4. Our purpose in running this particular measurement is to test the bounds of received wisdom: a /24 is obviously the longest prefix you can send and reasonably expect to propagate globally. But is that actually the case?

By way of a reminder, we advertise the following prefixes:

Let’s extend the graph we plotted in this post from 2017 to the end of January, and see if there’s been any significant change in the visibility of /25s and /28s since then.

RIPE RIS visibility

First, let’s look at how visible these prefixes are across the set of peers visible in RIS:

Figure 5: Visibility of 23.128/10 prefixes in RIS

The drop around February 2017 is mostly attributed to a drop in the number of peers at rrc20 (in Switzerland) who propagated these prefixes to our collectors. While it’s tempting to look at that drop and focus on it, to do so largely misses the point that the visibility of each of these prefixes is effectively constant over time. Based on the above, we should not expect a /25 to propagate any further today than it did in 2014.

One aspect of the above experiment is to understand what level of visibility /25s or /28s achieve with or without route objects. The data implies that more ASNs propagate longer prefixes with route objects than without. Numerically, the number of unique ASNs that appear in each set of paths is as follows:

Between this table and the plot above, it’s reasonable to say that a /28 with a route object will propagate as far as a /25 without one. That’s to say, it’ll achieve partial visibility, but it’s very far from total visibility.

RIPE Atlas reachability

In tandem with the RIS data above, we run active measurements from RIPE Atlas probes, just to derive a different view on these prefixes: are they actually reachable? The proportion of probes reaching each of the prefix ranges looks as follows:

Figure 6: Data plane reachability (AS level)

We see conditions improving, then deteriorating. These are commonly step-changes, not gradual change, which is interesting given the size of the RIPE Atlas platform. It strongly hints at the lack of path diversity having a noticeable impact on the results.

In some ways, things stay the same: the IPv4 landscape looks pretty similar today to how it did in 2011. Perhaps that’s an implicit side-effect of how little address space is actually available, but it’s interesting that /25s and longer prefixes are still atypical. The address space continues to be squeezed and is approaching the 1,000,000 mark.

But some things change: the continued deployment of IPv6 means that we have actual IPv6 characteristics that we can view. It’ll be interesting to see how things evolve in that space over the next seven years!

You can always fetch our raw RIS data.

All of the ongoing measurement data for the active /25 and /28 measurements is available from these measurements pages: