IPv4 Address Crunch In 2 Years, IPv6 Not Ready 539
An anonymous reader writes "We've known for ages that IPv4 was going to run out of addresses — now, it's happening. IPv6 was going to save us — it isn't. The upcoming crisis will hit, perhaps as soon as 2010, but nobody can agree on what to do. The three options are all pretty scary. This article covers the background, and links to a presentation by Randy Bush (PDF) that shows the reality of the problem in stark detail."
Dupe (Score:5, Informative)
And as I said before, the solution is to take back some of those huge class A blocks from companies like HP, Ford and GE, which are not using all the space. That would buy a few years.
Re:Dupe (Score:5, Informative)
There are other problems: how do you route IP addresses when the existing hierarchy breaks down due to address spaces moving through the network? Who's responsible for managing an increasingly incoherent network? Who foots the bill when your address space is sold from underneath you? In any case, it doesn't solve the basic problem - it merely makes it increasingly expensive to innovate.
Bad, but not fatal (Score:2, Informative)
All of that said, that just means I think we will find a way to get by until V6 is fully in place. Not that we should forgo finishing V6 migrations.
People are starting to work on solutions (Score:5, Informative)
ARIN has published a web site which collects information about how to move to IPv6 here: http://www.getipv6.info/ [getipv6.info]
It's oriented towards the things that ISPs and other service providers (hosting centers, large IT depts) need to do to get IPv6 working in production.
Soon, the stock market analysts will be asking the big ISPs and telecom companies what actions they are taking to avoid going bankrupt in two years when the crunch hits. Any company that can't get new IPv4 addresses will have to stop growing their IPv4 networks. If they have an IPv6 network to take up the slack, no problem. If not, then customers will flock to the providers that have IPv6 ready to roll.
There was a network operator meeting at NANOG recently where they showed that it is almost possible to provide full Internet access, both IPv4 and IPV6, using an IPv6 connection. Yes, I know, "almost" means there were problems, but they were not massive problems. They were the kind of things that people were working on fixing with IPv4 networks back in the early 90's. And they did that because they went ahead and built IPv4 networks and tried to make them work for everything imaginable. When things broke, they fixed the bugs and moved on, eventually becoming the global Internet that we know today.
There is a way to avoid going bust when the address crunch hits in two-to-three years and that is: Get yourself IPv6 Ready!
The IPv6 mess (Score:2, Informative)
SSL (Score:3, Informative)
Re:remove dumb domains that don't have any use... (Score:3, Informative)
Three Things for Widespread IPV6 Acceptance: (Score:5, Informative)
1. Home routers that support IPV6 off the shelf.
2. Cable/DSL modems that support IPV6 off the shelf.
3. (The biggie) ISPs that hand out IPV6 addresses.
In a vain attempt to forestall the inevitable followups:
Yes, I am aware that I could install new software in my WRT-54G, and convert my home network to IPV6. But as long as my upstream connection is IPV4, this gains me NOTHING except a bunch of aggravation and downtime getting the thing set up. No thanks. When my ISP supports IPV6, then and only then will it make sense for me to convert.
Itojun (Score:4, Informative)
But let's not forget those that went before us. Jun-ichiro Hagino [itojun.org], better known as Itojun, was one of the first researchers that was pushing for IPv6 since as long as I can remember (at least 2001 [onlamp.com]). On top of that he was developing specifications for it and working through the BSD code to make it one of the first operating systems fully capable of being IPv6 compliant--starting a trend that needs to happen in more operating systems sooner. He even started documenting draft APIs [ietf.org] to get developers thinking about how this would work inside software.
And then he died in a car accident at age 37 [icann.org]. It's funny how you don't appreciate their work until they're dead [cisco.com]. Almost like a painter or author.
Although many still carry on his work, the saddest part is that all his efforts to bring awareness to everyone about IPv6 may fall into the responsibilities of the government or, worse, capitalism.
Re:Is this REALLY a problem? (Score:5, Informative)
Re:Is this REALLY a problem? (Score:5, Informative)
Unless you have port forwarding (or how do you kids call it these days)
Re:Tell MIT and IBM (Score:4, Informative)
As big as IBM and MIT may be, do you really think they need almost 17 million IP addresses?
Re:Well duh (Score:3, Informative)
Re:Dupe (Score:3, Informative)
Re:Is this REALLY a problem? (Score:4, Informative)
Re:Tell MIT and IBM (Score:4, Informative)
Re:Well duh (Score:3, Informative)
Harry Truman.
Re:Well duh (Score:3, Informative)
Re:Class 'C' address space for sale. (Score:5, Informative)
Put it on eBay and ARIN will then send you a polite email about how they have now reclaimed the netblock since it obviously no is no longer being used for it's original declaration. They will then turn around and allocate it to the next demand in their queue. They have all the authority, you have none.
If your sale goes though on eBay, for selling something that did not belong to you, you have committed fraud. I hope you have put aside some of your windfall for legal fees.
the AC
Migration to IPv6 (it's on it's way) (Score:5, Informative)
If you want to get an IPv6 web site running there are number of solutions, including using Apache 2 with IPv6 support activated and making sure you have an OS that supports an IPv6 stack - most modern OSs do.
Migration technologies for people stuck behind IPv4 NATs include Aiccu [sixxs.net] and Teredo [microsoft.com] (Vista includes this, and for other OSs there is Miredo [remlab.net]). If you are at home, then one of the 'consumer' routers to support IPv6 out of the box is the Airport Extreme. If others support it out of the box I am not aware of this.
When you are ready see the dancing turtle [kame.net] - if you don't see it you are accessing it via IPv4.
Other stuff you can do in the meantime is checking to see if some your favourite network based applications handle IPv6 and if they don't make some noise. Its best to make the noise now, when it doesn't matter so much, than waiting until it does. On the bonus side they can advertise [wikipedia.org] the fact they are IPv6 ready.
Re:Well duh (Score:4, Informative)
Some can be adapted - my wifi router can route ipv6 but not talk it for example. No way all that hardware is going to be replaced within two years.
OTOH we've been hearing the doomsday scenarios from the ipv6 zealots for 10 years now, and I'm not seeing it - it's still easy to get a block of IP addresses (I asked for 8 and got given 16 'just in case' for example).. we're not seeing the beginnings of a shortage yet.
Re:Class 'C' address space for sale. (Score:3, Informative)
Re:Well duh (Score:3, Informative)
See:
http://www.ipv6.org/v6-www.html [ipv6.org]
Microsoft research have a v6 site too...
My site (www.ev4.org) is also available on v6, just incase anyone cares.
Re:Well duh (Score:3, Informative)
Since 2005 it's been flat. And yet prices have skyrocketed in that time. In 2000, OPEC promised to adjust production to keep prices around $22-$28/barrel. Then in 2007 they said prices would stay around $50-$60/barrel until 2030. Well it's one year later and prices are at $100. All this time OPEC hasn't increased production, and they may even reduce production at their next meeting in the spring (no solid source for that one, just what I heard on the news). So they have every reason to increase production, and have had every reason to do so for years, but they've done nothing.
That to me is very suspicious. Either there is a massive conspiracy to hike up the cost of oil (incredibly unlikely) or they just can't keep up with the production, despite their claims. The latter is pretty much the only likely solution.
Re:Is this REALLY a problem? (Score:5, Informative)
I saw a Cisco presentation years ago on their experiences from rolling out NAT internally. They started with an address overload of a
Move forward to 2007, and I made an updated presentation (for Cisco and non-Cisco NAT kit) that took into account all the new kinds of traffic we see, office workers who listen to internet radio, streaming video, youtube, multimedia conferences with H.323, peer-to-peer apps like Skype, other internet telephony apps, etc. Turns out that more than 15 to 20 active office users stuck behind a single overloaded external address would be the limit, even with a tight policy to prevent non-work traffic.
It is much worse for ISPs with home users, who are not limited by workplace rules against peer-2-peer for popular TV shows or looking at pr0n pages. If you look at the typical pr0n page (it was a tough job, but I did it in the spirit of improving my understanding of the industry
Don't get me started about how many NAT states a typical 3Mbyte facebook page can open, and leave open for quite a while.
If you think you can hide many ISP customers behind NAT, there are limits if you don't want a ton of calls to the support lines when your users can't effectively use the net. For modern home connections, that already have a NAT box with a handful of machines behind the NAT (Mom keeping 20 eBay pages open and doing Skype, Dad doing gaming, teenage son looking at pr0n and daughter with 20 different IM chats going while she P2Ps the latest TV episode and looks at 50 different bebo and facebook pages), you just can't NAT much more than that.
That post was the voice of experience, if you want the nice real-world figures in a printed report and a keynote or powerpoint presentation to your CTO, you have to give me money.
the AC
Re:Well duh (Score:3, Informative)
Didn't know that XP couldn't do DNS lookups over ipv6.. that's new. They did't mention that active directory doesn't work with ipv6 (important to companies, and a biggie, because as they say.. if one part of the infrastructure can't support it, it doesn't happen).
Re:FUD (Score:2, Informative)
Re:Tell MIT and IBM (Score:3, Informative)
Yes, the RIRs will still have addresses to allocate to end sites when that happens, but the clock will have started ticking...if they need more, they're screwed.
Re:Is this REALLY a problem? (Score:5, Informative)
You probably are if you are really behind an ISP-run NAT. We're not talking about the Linksys router that you can tell to forward port 80. We're talking about the ISP handing you a non-routable 192.168.x.x address and not forwarding anything to it. Outward-ONLY connections...
I've already solved this problem at work (Score:2, Informative)
http://www.openwrt.org/ [openwrt.org]
http://www.tinc-vpn.org/examples/ipv6-network [tinc-vpn.org]
http://www.wolfsheep.com/index.php/Bookmarks/IPv6 [wolfsheep.com]
http://en.wikipedia.org/wiki/Unique_local_address [wikipedia.org]
http://www.quagga.net/ [quagga.net]
Re:Not compatible, not happening (Score:3, Informative)
DJB has an awful problem of confusing "I don't know how it can be done" with "it can't be done". For example, he doesn't seem to realize that you can run IPv4 in parallel with IPv6. In reality, you can access my homepage linked above through either protocol, or send me email from an IPv6-only server. In fact, all of my FreeBSD mailing list traffic comes in via IPv6, right now, today.
Forgive me if I don't seem alarmed (Score:5, Informative)
By the way, the idea of reallocating parts of Class-A blocks has been technically feasible for over a decade. Say hi to CIDR [wikipedia.org]
Re:FUD (Score:4, Informative)
Here's a completely random example: slashdt.org [slashdt.org] (obviously getting typo hits from slashdot...
According to This web site [webhosting.info], that domain shares an IP with over 14,000 other domains!
Re:FUD (Score:2, Informative)
Re:Well duh (Score:5, Informative)
Re:What's wrong with this plan? (Score:3, Informative)
Unfortunately the IPv4 address space isn't embedded in the IPv6 address space in the way that you suggest. Dan Bernstein pointed out many years ago that this was a mistake [cr.yp.to].
Re:Well duh (Score:3, Informative)
Myth in the article about test equipment wrong (Score:3, Informative)
The biggest problem I see at this point in terms of equipment is that few home firewall routers support IPv6, plus it sounds like Windows XP is missing some needed functionality if it doesn't properly handle IPv6 DNS or AD. I have a small Linux network at home running dual IPv4/IPv6 and have had no issues with IPv6.
Most of the Internet backbones no longer do IP routing, instead using MPLS for making forwarding decisions. MPLS doesn't really care what protocol runs on top of it, only the routing protocols do (i.e. BGP) which do support IPv6.
Re:Well duh (Score:3, Informative)
Re:Is this REALLY a problem? (Score:4, Informative)
Really? We currently NAT well over 160 machines to a single external IP address and have had 0 problems in years. Users have unrestricted internet access (and they use it).
If 160 machines are filling up 64k of ports, something is seriously wrong with the translation algorithm. Perhaps old connections aren't being reaped properly?
Is it worse for ISPs? I used to work for an ISP that would NAT whole high rise condominium/apartments of home users with no problems other than pure bandwidth.
It is a good thing browsers limit themselves to the number of simutaneous requests, isn't it? What is it, like 6? An intelligent NAT gateway will close a translation when the client does. A pr0n page will NOT take up 200 external ports.
Bullshit.
How many? I'd really like to know how braindead your router is that it doesn't know how to close translations when the TCP connection is terminated.
Again, bandwidth was our only limitation.
You can. You're full of shit. (Or is it FUD?)
No, it was the voice of someone who just pulled a bunch of numbers out of his ass. 4 user limit behind a residential gateway? Come on, you can't possibly believe that.
-matthew
Re:Is this REALLY a problem? (Score:3, Informative)
No, it is totally unreasonable. It just doesn't happen. I just checked the translation table of our firewall with in excess of 100 users and there's only 216 translations open. This includes connections to our web server in the DMZ. You're telling me that it is reasonable for that number to increase 2 orders of magnitude?
Numbers, please.
Re:Is this REALLY a problem? (Score:3, Informative)
However, as others have pointed out if you actually got all those companies to give up all their address space it would buy you 6-12 months max. There aren't really that many of them. The problem is that address space demand is increasing exponentially.
And in some sense those companies helped get the internet started. There are always perks to being an early adopter. By the time you'd be able to take that space back in an orderly way it would be a sizzle in the pan.
NAT to ISP customers is EXACTLY what people are concerned about. ISPs would almost encourage it since it helps them to reduce the internet to email + large-scale websites, which is easier to support and extract ad revenue from. Stuff like games, bittorrent, etc is just a pain to them and the idea of customers not being herded to preferred sites paying ad revenue is just abhorrent...
Re:Please, read the PDF. (Score:3, Informative)
Actually, some of the servers ARE v6 only, and indeed, IPv4 cliants out there cannot reach them at all. No NAT is happening for those servers.
The client machines, OTOH are either running dual stacks or they are NATing v6 prefixes into v4 addresses at the edges of their v6 network.