IPv4 Address Crunch In 2 Years, IPv6 Not Ready

An anonymous reader writes "We've known for ages that IPv4 was going to run out of addresses — now, it's happening. IPv6 was going to save us — it isn't. The upcoming crisis will hit, perhaps as soon as 2010, but nobody can agree on what to do. The three options are all pretty scary. This article covers the background, and links to a presentation by Randy Bush (PDF) that shows the reality of the problem in stark detail."

Well duh

[n3tcat (664243)]

It's not hard to figure out why we haven't solved this problem. It costs MORE to fix it now than it does to wait.

So just wait until it costs more to live with IPv4 than to migrate to new systems. Then EVERYONE will be working on a solution.

Re:Well duh

[John3 (85454)]

It's not hard to figure out why we haven't solved this problem. It costs MORE to fix it now than it does to wait.

So just wait until it costs more to live with IPv4 than to migrate to new systems. Then EVERYONE will be working on a solution.

This is true of technology in general. Government and industry debate global warming and peak oil but do very little to actually address the issue since it costs so much to implement solutions. The IPv4 issue is daunting to be sure, so it's no surprise that IPv6 progressed so slowly. I did a quick search back to 2000 on Google News and industry and tech journals were shouting warnings even back then. So eight years later there is no solution.

The problem will be fixed when the p0rn sites can't get new IP addresses. The adult entertainment industry has driven many of the Internet and web innovations in the past (streaming video, credit card processing) and they'll likely lead us into a bright new future of unlimited Internet addresses. :)

Re:Well duh

[orzetto (545509)]

This is true of technology in general. Government and industry debate global warming and peak oil but do very little to actually address the issue since it costs so much to implement solutions.

Society is not an amorphous blob with a clear will and an appreciation of its own good. Society is made up by people, and what the decision makers think is "good" is not necessarily good for society; both because the decision makers might be wrong, and because their own interests may be different from those of society (you don't get to be president because you're Joe Average from Missouri).

In the case of Ipv4, as in the one of energy, the interest of society is to fix the problem. The interest of the decision makers, however, is not to fix it, because they are now sitting on a critical asset that is always in demand and that is getting increasingly scarce, and therefore more expensive. The near-disaster scenario is in their interest, because that way they will maximise their returns. It's like the owner of an oasis in the Sahara: rain and rivers would be bad for business, drought is more people depending on you.

I would expect China or India to come up with a solution first: they don't have many IP addresses to begin with, they have growing economies that will sooner or later require more IP addresses, and they have the means to kickstart a major project.

Re:Well duh

[A beautiful mind (821714)]

While I appreciate the point you're trying to make, but there are quantitative differences between the thinking of a country like Japan and for example the USA. In Japan, they did have the foresight to make their systems IPv6 ready, so maybe just our expectations are too low? I'd rather tell people what to do than to make excuses in the technology/politics field referring to Joe Sixpack who allegedly wouldn't understand or care.

Re:Well duh

[Tracy Reed (3563)]

China, Korea, Japan etc. use lots of ipv6. I've been there, seen it, helped set some up. There is a whole Internet out there full of asian language websites out there that we don't even know about because our english only Internet doesn't link to it. Go to a cyber cafe in Hong Kong, Beijing, Seoul, and you'll see what I mean.

Re:Well duh

[Bazman (4849)]

Yeah it's the pr0n sites' fault. Now, google search for the article by Randy Bush.....

Re:Well duh

[Tony Hoyle (11698)]

Certainly on the home side... go into the average store, and it's easy to count how many home routers are ipv6 enabled. none at all.

Some can be adapted - my wifi router can route ipv6 but not talk it for example. No way all that hardware is going to be replaced within two years.

OTOH we've been hearing the doomsday scenarios from the ipv6 zealots for 10 years now, and I'm not seeing it - it's still easy to get a block of IP addresses (I asked for 8 and got given 16 'just in case' for example).. we're not seeing the beginnings of a shortage yet.

Re:Well duh

[anticypher (48312)]

There are no 10 year old backbone routers still in service on any backbone. Anywhere.

Growth of the IPv4 routing table has left all them obsolete. Big routers from 10 years ago have all been migrated towards the edge, where they no longer fulfill a backbone role. Or they've been scrapped for being too costly, slow, power hungry and un-upgradable to modern interfaces.

For all that old kit that tosses IPv6 traffic to the CPU to be routed, it will still be usable for the next few years until IPv6 traffic starts to become more prevalent. By then, the current IPv6 backbone kit will have been migrated out from the core towards the edges. There is no problem with old kit, at least at the routing and switching level.

All the major backbone router manufacturers have included IPv6 natively for at least the last 3 to 6 years. Any internet company that has done a major upgrade to deal with ever increasing traffic levels and customer demands now have IPv6 capable hardware in service in the backbone. Some manufacturers may still charge more to turn the capability on. The ones that don't are seeing increasing sales because all their major clients don't like have a tiered system of features, where the only set with all the needed features is the most expensive one.

the AC

Re:Well duh

[PrescriptionWarning (932687)]

That sounds like an "if it ain't broke, don't fix it" argument to me. Which in fine and good for simpler technologies, but can be disastrous for more modern technologies. Just think what would happen if you didn't change your car's oil until the car simply refused to run. What would happen if we all decided not to curb our oil consumption habits until we either ran completely out of oil reserves. You see its the shortsightedness that in the long run costs you WAY MORE than if you simply keep the options in mind and work towards a solution.

So in two years when they can't add any more addresses, the only ones to blame will be those who stuck they feet in the mud and wouldn't budge. Besides, they can always just start taking away all those spam sites that offer no real content and just distribute those to other who actually need them, I'm sure there's at least another 2 years worth of those.

Re:Well duh

[KiloByte (825081)]

Besides, they can always just start taking away all those spam sites that offer no real content and just distribute those to other

Actually, the spammers/phishers are already doing their utmost to stop eating new IPv4 addresses, and conserve them by using existing IPs of random Windows boxes. See, who's the bad guys now?

Re:Well duh

[SnarfQuest (469614)]

What would happen if we all decided not to curb our oil consumption habits until we either ran completely out of oil reserves.

I remember when I was younger, we were down to 10 years of oil underground. This was some twenty years ago. We did a few minor changes, slight improvement in gas mileage, but not much. We also greatly increased the number of cars on the road. Too bad for you youngsters, you now have only 10 years of oil left underground.

Re:Well duh

[samkass (174571)]

I remember when I was younger, we were down to 10 years of oil underground.

It all comes down to yours sources. 20 years ago, they were still finding more oil each year than was being consumed, so the "10 years left" folks weren't the responsible people. The opposite is true now. 20 years ago it wasn't economically feasible to pump the sludge out of Canada's shale, but now it is. It wasn't economically feasible to put a platform in the middle of the Gulf of Mexico and drill a mile down, but now it is. But all those sources are limited, as well. We have a much more accurate picture of how big the problem is now than we did 20 years ago.

Re:Well duh

[CRCulver (715279)]

It's not hard to figure out why we haven't solved this problem. It costs MORE to fix it now than it does to wait. So just wait until it costs more to live with IPv4 than to migrate to new systems. Then EVERYONE will be working on a solution.

On the other hand, some people will wait until the last minute and then spend time and energy towards solutions that might have spent towards other things had a more gradual migration takes place.

In fact, the looming IPv4 address crunch reminds me a little bit of the Y2K issue. Maybe some journalists will start presenting it to the public as a countdown to doomsday? We could have manuals like Hyatt's old The Y2K Personal Survival Guide [amazon.com] telling us how to stock up on food and generator fuel for when civilization ends due to the sudden lack of new IP addresses. There would be religious figures and conspiracy theorists claiming that the Antichrist/UN/black helicopters/NWO will take advance of the chaos surrounding the IPv4 address crunch to institute their reign of fear. It'll be like 1999 all over again.

Re:Well duh

[eln (21727)]

The problem is that Y2K was handled so well, and as a result the consequences of it were so ridiculously minor, that most people in the general public feel that it was all overblown hype. Yes, there was a lot of hype, but the fact is a lot of programmers worked a long time to make sure things that needed to be fixed got fixed.

However, since most people feel that Y2K was overblown and the money spent on it was wasted, they're unlikely to take seriously any new "crisis" in IT, and will simply refuse to spend any money on it.

Re:Well duh

[argiedot (1035754)]

Absolutely, reminds me of an old joke:

• Visitor: If there's quicksand in this part near the town why don't you put up a sign?!
• Man: We did, but nobody was falling in so we thought it was useless.

Ha ha.

Re:Well duh

[somersault (912633)]

It's time for a new breed of man. One who isn't afraid to get his hands dirty, but can also wash them when it's time to meet the management. Someone who can make time to shower and shave every morning. Someone who's novelty geek mug will be understood by even those who think that having spyware makes them a secret agent. Ladies and - oh wait, scratch that. *ahem* Gentlemen! Today I introduce a new template class - the Geexecutive! Get implementing!

Dupe

[suso (153703)]

Here is the story from a few weeks ago [slashdot.org]

And as I said before, the solution is to take back some of those huge class A blocks from companies like HP, Ford and GE, which are not using all the space. That would buy a few years.

Re:Dupe

[Silver Sloth (770927)]

RTFA - which says

... there are ideas for managing the address space more efficiently by introducing auction and other pricing mechanisms to encourage better use (people who don't need their allocation will flog them off rather than hoarding them, while new uses will be parsimonious in their approach), but the developing world sees this as unfair in the extreme. You can see their point.

There are other problems: how do you route IP addresses when the existing hierarchy breaks down due to address spaces moving through the network? Who's responsible for managing an increasingly incoherent network? Who foots the bill when your address space is sold from underneath you? In any case, it doesn't solve the basic problem - it merely makes it increasingly expensive to innovate.

so it's not quite that easy...

Re:Dupe

[by Anonymous Coward]

Not dupe! That story is titled "One Step Closer to IPv6"... This one is "798 steps to go"

Re:Dupe

[IBBoard (1128019)]

And we need to retrieve some from the Vatican as well!

Looking at the information here [modernlife...bish.co.uk] then the Vatican has far too many IPs per capita. Ditto for the other tiny nations of Gibralta and Monaco. I'm sure it'll buy us at least a week!

And for anyone geeky enough to care (who isn't geeky enough to have it bookmarked already) here [iana.org] is the assignment list. Each of the companies mentioned owns an entire top level block (e.g. Ford own 19.xxx.xxx.xxx) and some like the Defense Information Systems Agency (whoever they are) own multiple blocks! That's an awful lot of addresses.

Re:Dupe

[Spad (470073)]

This [xkcd.com] is a much prettier depiction

And?

[SmallFurryCreature (593017)]

That is one way to do it, keep patching it up and hope it becomes somebodies elses problem.

The problem is simple, the way we want to use the internet means we are getting more and more devices which desire their own internet adress. Some people suggest solutions like NAT but these only have so many uses especially when mobile phones become internet capable. If you want your internet node to be independent then you need an ip adress.

Don't believe me? Fine, give up your internet connection with its own IP and use the NAT solution of your ISP. Good luck running a torrent.

We could easily solve the entire problem if we just used NAT for every major ISP. It would free up countless adresses and keep IP4 usuable for decades rather then years.

So who is first? Who is going to give up their IP for their home for the greater good?

Thought as much, absolutly nobody.

It is the problem with humans, we don't want new power installations, we don't want to use less power and we refuse to switch to more economical appliances. Something has to give, but goverment or business is NOT going to do it. Sooner or later it just breaks down (see the LA brownouts) and finally a decission will have to be made.

Same with a solution to IP4 limited adress space. We will keep coming up with patches and ignore the problem until finally it can no longer be ignored and then we will have to really bite down to implement it at great cost and inconvenience when we could have solved it easily right now.

Because lets be honest, it ain't all that much of a problem. In the EU we switched currencies. A hell of a job but because it became accepted that it had to be done, it just happened.

We could easily do a switch to IP6 but only when the majority just accepts that it has to be done, and bites the bullet.

Analog mobile phones no longer work in the US, holland no longer airs analog tv signals, switches happen all the time. It is nothing special, but in each case somebody just had to say "we are switching and if you are not ready, though".

So what if countless devices will no longer work, at a given point you just have to be able to say "upgrade or be left behind" or you will be forced to increasinly bend over backwards to accomadate out of date tech.

simple: ip cohabitation

[circletimessquare (444983)]

i'm sharing my blog ip address with a porn site dedicated to a fetish for women with moustaches, some guy's home security system in hong kong, a government bureaucrat's cell phone in helsinki, and an email server for a truck dispatching company waco texas

i think it's also a pretty good premise for a reality show or situation comedy

Just buy a cheap SOHO router

[blake1 (1148613)]

And put China behind it. IPv4 addresses, plenty. Botnet problem, solved.

Time for the Government(s)?

[grumbel (592662)]

One thing is rather clear to me: We won't run out of IPv4 addresses anytime soon, instead the price will increase more and more and thus people will end up behind ISP enforced NATs, because IPs are to expensive for the average consumer. This is after all already the case, at least in part, static IPs are a premium service, not something you get for free from most ISPs.

So how to fix this? How about some good old government regulation? If you want to provide a "Internet service", you have to provide IPv6 or you can't call it "Internet". With a little force it shouldn't take all that long till the switch to IPv6 is done. But unless that happens the rarity of IPv4 addresses will simply be seen as a nice way to make money, instead of a problem that needs to be fixed.

Re:Time for the Government(s)?

[zsau (266209)]

Or just ban porn sites from using IPv4. Everyone's happy then: Think of the Children types will have porn apparently banned, techies will see IPv6 adopted widely, and civil liberties types will have porn available if they want it.

Itojun

[eldavojohn (898314)]

Yeah, we always fall back on the government to help us out when us nerds aren't satisfied with how capitalism is driving the technological trends that need to happen.

But let's not forget those that went before us. Jun-ichiro Hagino [itojun.org], better known as Itojun, was one of the first researchers that was pushing for IPv6 since as long as I can remember (at least 2001 [onlamp.com]). On top of that he was developing specifications for it and working through the BSD code to make it one of the first operating systems fully capable of being IPv6 compliant--starting a trend that needs to happen in more operating systems sooner. He even started documenting draft APIs [ietf.org] to get developers thinking about how this would work inside software.

And then he died in a car accident at age 37 [icann.org]. It's funny how you don't appreciate their work until they're dead [cisco.com]. Almost like a painter or author.

Although many still carry on his work, the saddest part is that all his efforts to bring awareness to everyone about IPv6 may fall into the responsibilities of the government or, worse, capitalism.

America Will reign supreme!

[140Mandak262Jamuna (970587)]

America will then become the Saudi Arabia of ip addresses. Price of oil will drop to something 200,000,000 barrels for one address. Woot!

People are starting to work on solutions

[by Anonymous Coward]

The basic solution to this problem is to deploy IPv6 as soon as you can, figure out what problems remain to be solved before you can use IPv6 100% and then put pressure on your ISPs, vendors, etc. to solve these problems. That's how the Internet grew like topsy in the first place, and its not too late to get this going. Two to three years is enough time.

ARIN has published a web site which collects information about how to move to IPv6 here: http://www.getipv6.info/ [getipv6.info]
It's oriented towards the things that ISPs and other service providers (hosting centers, large IT depts) need to do to get IPv6 working in production.

Soon, the stock market analysts will be asking the big ISPs and telecom companies what actions they are taking to avoid going bankrupt in two years when the crunch hits. Any company that can't get new IPv4 addresses will have to stop growing their IPv4 networks. If they have an IPv6 network to take up the slack, no problem. If not, then customers will flock to the providers that have IPv6 ready to roll.

There was a network operator meeting at NANOG recently where they showed that it is almost possible to provide full Internet access, both IPv4 and IPV6, using an IPv6 connection. Yes, I know, "almost" means there were problems, but they were not massive problems. They were the kind of things that people were working on fixing with IPv4 networks back in the early 90's. And they did that because they went ahead and built IPv4 networks and tried to make them work for everything imaginable. When things broke, they fixed the bugs and moved on, eventually becoming the global Internet that we know today.

There is a way to avoid going bust when the address crunch hits in two-to-three years and that is: Get yourself IPv6 Ready!

Not compatible, not happening

[fuzzy12345 (745891)]

DJB said it best at http://cr.yp.to/djbdns/ipv6mess.html [cr.yp.to] Why switch from an Internet with a billion people on it to one that has nobody on it that can't be reached by IPv4?

Re:Not compatible, not happening

[powerlord (28156)]

Actually, that makes it sound lots more appealing. :)

Three Things for Widespread IPV6 Acceptance:

[JoeD (12073)]

1. Home routers that support IPV6 off the shelf.

2. Cable/DSL modems that support IPV6 off the shelf.

3. (The biggie) ISPs that hand out IPV6 addresses.

In a vain attempt to forestall the inevitable followups:

Yes, I am aware that I could install new software in my WRT-54G, and convert my home network to IPV6. But as long as my upstream connection is IPV4, this gains me NOTHING except a bunch of aggravation and downtime getting the thing set up. No thanks. When my ISP supports IPV6, then and only then will it make sense for me to convert.

Migration to IPv6 (it's on it's way)

[Midnight Thunder (17205)]

There is a lot of feet dragging going on, partly because too many business plans rely on short term spending. The irony is that some of the companies which you expect to be leading the way in IPv6 migration don't even have web sites that are IPv6 enabled. This includes IBM, Apple, Microsoft, RedHat and Cisco. I make the point because they should be picking up the torch now that research sites have already done their part, and showing that it is an achievable goal, and not some sort of pipe-dream. /. readers at the same time, should probably get to know and understand the technology, since it is not a question of whether it will happen, but when. When it happens if the IT crowd doesn't understand IPv6, then we really have issues.

If you want to get an IPv6 web site running there are number of solutions, including using Apache 2 with IPv6 support activated and making sure you have an OS that supports an IPv6 stack - most modern OSs do.

Migration technologies for people stuck behind IPv4 NATs include Aiccu [sixxs.net] and Teredo [microsoft.com] (Vista includes this, and for other OSs there is Miredo [remlab.net]). If you are at home, then one of the 'consumer' routers to support IPv6 out of the box is the Airport Extreme. If others support it out of the box I am not aware of this.

When you are ready see the dancing turtle [kame.net] - if you don't see it you are accessing it via IPv4.

Other stuff you can do in the meantime is checking to see if some your favourite network based applications handle IPv6 and if they don't make some noise. Its best to make the noise now, when it doesn't matter so much, than waiting until it does. On the bonus side they can advertise [wikipedia.org] the fact they are IPv6 ready.

Forgive me if I don't seem alarmed

[merreborn (853723)]

The IPv4 crunch has been 2 years away for at least 10 years.

By the way, the idea of reallocating parts of Class-A blocks has been technically feasible for over a decade. Say hi to CIDR [wikipedia.org]

Is this REALLY a problem?

[wild_quinine (998562)]

Is this really a problem for most people? NAT really.

Re:Is this REALLY a problem?

[johannesg (664142)]

NAT is a really, really bad solution. It creates two classes of internet user: those that may run servers, and those that may not; a second-rank type of internet citizen, so to speak.

Do you really want to live in world where you can only connect to the servers of your corporate overlords? Wasn't the internet supposed to be offering equal opportunity for everyone?

Re:Is this REALLY a problem?

[Rich0 (548339)]

I must then be imagining the public web server that I run over my NAT'd DSL connection.

You probably are if you are really behind an ISP-run NAT. We're not talking about the Linksys router that you can tell to forward port 80. We're talking about the ISP handing you a non-routable 192.168.x.x address and not forwarding anything to it. Outward-ONLY connections...

Re:Is this REALLY a problem?

[ModMeFlamebait (781879)]

Except you can't NAT a NATted connection.

Sure you can.

Re:Is this REALLY a problem?

[Tranzistors (1180307)]

Last I heard, two NATted clients can't talk to each other.

Unless you have port forwarding (or how do you kids call it these days)

Re:Is this REALLY a problem?

[$pace6host (865145)]

Really, I bet there are huge tracts of IP real estate that would function just as well on NATted private networks. I work at a place that owns lots of IP networks, and 1) we're not allowed to run our own web servers, or any other kind of servers for that matter, and 2) all our outbound traffic is through corporate control points and filtered anyway. Still, the PC on my desk at the office has a public IP address. Do I NEED a public IP address? No. Not really. Most of my traffic is to internal company data anyway (share drives, internal sharepoint intraet collaboration site, outlook servers, inward facing development servers, etc.) The rest is already going through proxy servers. You couldn't get any packets direct to me, either, the routers on the edge of our network filter practically all inbound traffic out. I, and most of my collegues, are wasting our public addresses. I'd bet it's the same in a lot of places. Corporate security policies essentially ensure that the majority of cubicle workers can't possibly make use of any of the "benefits" a publicly routable IP address would actually have, but every PC (and telephone and printer) has one.

I'm not saying NAT is the best solution, or even the right long term solution, just that I think it could be used (fairly successfully) in many more places while we get our collective asses in gear and go IPv6.

Re:Is this REALLY a problem?

[gnuman99 (746007)]

NAT is *the* *wrong* solution.

Public IP addresses make it simple to have *proper* routing tables.

There is also the ability to track users easily. Imagine you have one of your computers compromised. The computer is then used to control another box that controls another one that drives some botnet. If you have a NAT, the 3rd party that discovered their box compromised will trace it back to ... your NAT! And the NAT is not tracked 99% of the time. So, the compromised box on your site cannot be easily discovered without packet sniffing.

Or an employee is involved in something illegal. The 3rd party produces their logs that list your NAT as the source of the problem. Which computer was used in that activity? You are stuck with tracing the stuff though screen loggers and other invasive BS just because NAT has to exist.

NAT is the wrong solution because of liability. NAT is wrong solution from routing point of view. NAT is wrong solution from technical point of view. IPv4 would have been replaced years ago if it wasn't or stupid NAT gateways everyone has now. Yeah, these will be obsolete with IPv6.

When I left school I thought NAT was the greatest thing in the world aside from sliced bread. Then real world experience forces you to realize that maybe the university usage of public IP on its internal network wasn't such a stupid thing after all. Public IP should be assigned to ALL devices, and then you can use a statefull firewall to protect these assets. Private IP networks should NEVER be connected to public IP networks - let's hope that dies with IPv4. The sooner the better.

Re:Is this REALLY a problem?

[suggsjc (726146)]

Except you can't NAT a NATted connection.

Sure you can. All NAT does is take one IP address, monitor connections and spread/translate the unique connections across different ports. The device doing the NAT doesn't care "where" it gets its source IP from, it just knows that it has an IP and it splits the connections to that IP. The only potential issue is that if the first NAT runs out of available ports. However, at that point its routing table would be huge and it would probably begin to degrade in performance (depending on the hardware).

Re:Is this REALLY a problem?

[anticypher (48312)]

I'm so glad someone else is aware of this problem, NAT can't be infinite, or even large.

I saw a Cisco presentation years ago on their experiences from rolling out NAT internally. They started with an address overload of a /24 (251 usable addresses) into a single external IP address. For an office with about 120 active machines, the NAT box (biggest, beefiest box they made at the time) completely fell over. With only light internet use, the NAT tables filled to take over all of the outgoing 65k ports in short time. That was in 1998, when most internet use was web pages, some email and simple IM. At the time, they recommended no more than a /26 (59 usable addresses) per external address.

Move forward to 2007, and I made an updated presentation (for Cisco and non-Cisco NAT kit) that took into account all the new kinds of traffic we see, office workers who listen to internet radio, streaming video, youtube, multimedia conferences with H.323, peer-to-peer apps like Skype, other internet telephony apps, etc. Turns out that more than 15 to 20 active office users stuck behind a single overloaded external address would be the limit, even with a tight policy to prevent non-work traffic.

It is much worse for ISPs with home users, who are not limited by workplace rules against peer-2-peer for popular TV shows or looking at pr0n pages. If you look at the typical pr0n page (it was a tough job, but I did it in the spirit of improving my understanding of the industry ;-), there will be between 200 and 300 embedded elements or links to affiliate sites and advertising partners. So every pr0n page view going through NAT takes 200 new external ports, with associated timeouts and state tables. A typical pr0n user (I'm guessing here, you the /. reader can supply your own values), can open a dozen or more pages in tabs in a relatively short period of time, leading to 10s of thousands of entries in the NAT state table. Remember, you have 65,533 maximum entries in the state table for a single external IP, or for a typical saturday night in basement-dweller-land, about 4 machines.

Don't get me started about how many NAT states a typical 3Mbyte facebook page can open, and leave open for quite a while.

If you think you can hide many ISP customers behind NAT, there are limits if you don't want a ton of calls to the support lines when your users can't effectively use the net. For modern home connections, that already have a NAT box with a handful of machines behind the NAT (Mom keeping 20 eBay pages open and doing Skype, Dad doing gaming, teenage son looking at pr0n and daughter with 20 different IM chats going while she P2Ps the latest TV episode and looks at 50 different bebo and facebook pages), you just can't NAT much more than that.

That post was the voice of experience, if you want the nice real-world figures in a printed report and a keynote or powerpoint presentation to your CTO, you have to give me money.

the AC

Re:Is this REALLY a problem?

[totally bogus dude (1040246)]

Sure, but that's because you control the NAT and can forward ports, so you can still accept incoming connections. If your public IP address (i.e. what other torrent clients will try to connect to) is controlled by your ISP, you're going to have a hard time getting them to forward the ports you need to you. In fact, they would have a hard time providing this service in a usable and cost-effective manner, even if they wanted to.

Also, there's a good chance OpenBSD + PF is more accommodating of various protocols than an ISP's oversubscribed NAT gateway is likely to be. Even if they do their best, it can still get in the way. For example most gateways can handle FTP by watching for "PORT" or "PASV" messages and dynamically opening/forwarding the requested port (or rewriting it to use the port it wants), but this doesn't work if your FTP session is encrypted.

Finally, a lot of the ISPs seem to be actively discouraging P2P, and will simply use "no more IP addresses" as an excuse to slap in NAT gateways that restrict people to web and email. If you want "raw internet", then you'll have to pay.

With any luck there'll still be enough competition in the ISP space in 2010 to push the rollout of IPv6 onwards. A lot of the big ISPs will probably resist it, as a) it would cost a lot to upgrade and re-engineer their infrastructure to support it and b) they can make lots of money by charging a massive premium for routeable IPs. Not to mention that the media cartels will probably have convinced most people and politicians that the only reason one would want "raw internet access" is for piracy, child porn, and terrorism.

Re:FUD

[Brian Gordon (987471)]

NAT will solve the problems, but why live with that when we can actually come up with a viable solution- IPv6? It will be expensive to implement because, like always, past engineers haven't planned for their 1970s technologies to ever go out of date, and whiny slashdotters will finally have to upgrade their windows boxes to Vista because XP has 1990s networking support (read that pdf if you don't believe me). But we'll end up with a significantly better Internet than if we just keep expanding NATs around more and more IP addresses to free up address space.. the way we're going, eventually (and keep in mind that "eventually" in computing usually turns out to be in less than a decade) you're going to have to be a multibillion-dollar conglomorate representing thousands of web hosting companies just to bid for a single 5-address block of address space... though the way inflation's going, little billy and his friends might be able to pool their allowance and come up with that kind of money :) But can you imagine how horrifying the architecture of the internet will be if the solution is NAT, NAT, NAT? Development in router design is already unable to keep up with traffic growth. How are you going to pay for a $100 million server farm just to manage the American Eastern Seaboard NAT, and can you imagine what the latency would be to go through a 10 terabyte NAT table? Might as well upgrade to IPv6, save yourself the trouble of trying to stay v4.

Re:FUD

[tyler_larson (558763)]

That'll free up a bunch.

First of all, break up the "LEGACY" Class-A allocations. http://www.iana.org/assignments/ipv4-address-space [iana.org]. That'll free up a bunch.

All of the following companies have a full 16.7 Million addresses assigned to them. Level 3 might use theirs, (they actually have 2 blocks), but Halliburton? DEC? Amateur Radio Digital Communications? Do they all really need more than 16 million IP addresses?

This short list accounts for 654 million IP addresses -- over 15% of the address space.

003/8 General Electric Company
004/8 Level 3 Communications, Inc.
006/8 Army Information Systems Center
008/8 Level 3 Communications, Inc.
009/8 IBM
011/8 DoD Intel Information Systems
012/8 AT&T Bell Laboratories
013/8 Xerox Corporation
015/8 Hewlett-Packard Company
016/8 Digital Equipment Corporation
017/8 Apple Computer Inc.
018/8 MIT
019/8 Ford Motor Company
020/8 Computer Sciences Corporation
021/8 DDN-RVN
022/8 Defense Information Systems Agency
025/8 UK Ministry of Defence
026/8 Defense Information Systems Agency
028/8 DSI-North
029/8 Defense Information Systems Agency
030/8 Defense Information Systems Agency
032/8 AT&T Global Network Services
033/8 DLA Systems Automation Center
034/8 Halliburton Company
035/8 MERIT Computer Network
038/8 Performance Systems International
040/8 Eli Lily & Company
043/8 Japan Inet
044/8 Amateur Radio Digital Communications
045/8 Interop Show Network
047/8 Bell-Northern Research
048/8 Prudential Securities Inc.
051/8 Deparment of Social Security of UK
052/8 E.I. duPont de Nemours and Co., Inc.
053/8 Cap Debis CCS
054/8 Merck and Co., Inc.
055/8 DoD Network Information Center
056/8 US Postal Service
057/8 SITA

Re:Tell MIT and IBM

[gclef (96311)]

God damn, I'm tired of fighting this meme. Look, as I mentioned in another response, we allocate 10-12 /8's [potaroo.net] every year, and that rate is increasing. Reclaiming MIT & IBM's /8's would buy us at approximately 2 months at our present allocation rate. The negotiation to make that allocation possible would take far longer. Reclaiming space is not a useful activity at this time.

Re:Tell MIT and IBM

[beuges (613130)]

As a commenter above posted, each of those companies with top-level blocks actually owns 16,777,216 IP addresses. These companies include IBM, MIT, Ford, DEC, AT&T, Apple and Xerox.

As big as IBM and MIT may be, do you really think they need almost 17 million IP addresses?

Re:Why should most people (including 'nerds') care

[anticypher (48312)]

Why? Your money is why.

If you want to continue to use an IPv4 address from your upstream ISP, you currently pay about US$10 per month for that address, more if you want a nice static address to run services on.

After 2012, or if one of the hair-brained free-market schemes to buy & sell netblocks comes into effect, the price your ISP has to pay for an IP address goes from ZERO to $10 or $20 per month per address. Currently, with a freely available pool of IP addresses, there was minimal cost associated with obtaining a netblock, just some administrative overhead to ask, and some technical cost to program the routers. ISPs discovered that they could charge US$30/month to a user, of which $10/month covers bandwidth, $10/month for the connection, and the remaining $10/month is the pure profit from renting you an individually addressable IP address.

When the crunch hits, IPv4 addresses will be accounted differently, no longer will they be seen as a free resource that earns $10/month, they'll be seen as a cost center that needs to have a margin associated with it. So if the company has to start paying even $1/month per address, they'll pass that cost on to the end users as a higher monthly fee.

In the end, those who don't have an IPv6 service with a migration strategy will see their internet connectivity increase in price. Maybe only a little in 2010, more in 2012, and if there isn't a mass migration to v6, significant costs after that. You, and every consumer, better hope that ISPs and hosting centers get a migration strategy in place soon, or your costs are going to skyrocket.

That was costs from the consumer PoV.

From the techie PoV, imagine what will happen to your router FIBs if some of those nicely aggregated /8s and /16s de-aggregate into 100s of thousands of individual prefixes. Is there any Cisco router right now that can handle a BGP IPv4 routing table of 2 million entries? Are you willing to scrap your entire Border Router investment in 2010 when the routing table grows from 300,000 routes to 750,000 routes? Do you know what the cost of a Cisco CRS-1 is, even if you can find one used?

the AC

Re:Class 'C' address space for sale.

[anticypher (48312)]

But you don't "own" that netblock, you were allocated it from ARIN for a single use.

Put it on eBay and ARIN will then send you a polite email about how they have now reclaimed the netblock since it obviously no is no longer being used for it's original declaration. They will then turn around and allocate it to the next demand in their queue. They have all the authority, you have none.

If your sale goes though on eBay, for selling something that did not belong to you, you have committed fraud. I hope you have put aside some of your windfall for legal fees.

the AC