ARIN Letter Says Two More Years of IPv4 266
dew4au writes "A reader over at SANS Internet Storm Center pointed out a certified letter his organization received from ARIN. The letter notes that all IPv4 space will be depleted within two years and outlines new requirements for address applications. New submissions will require an attestation of accuracy from an
organizational officer. It also advises organizations to start addressing publicly accessible assets with IPv6. Is ARIN hoping to scare companies into action with the specter of scarce resources? This may be what's needed to spur adoption since there appears to be no business case for IPv6 deployment."
I want IPv6 support, but ... (Score:4, Informative)
I want IPv6 support, but there are lots of pieces still not in place. I am actually using Miredo (Teredo implementation) when I am on the move and Sixxs when I am at home. These are more stop-gap solutions and until the necessary entities start allowing to get on board properly.
My parents live in France and they are with Free.fr who offers IPv6 as a standard option. On the other hand I am living in Canada and not one of the service providers offer IPv6 in any shape or form. One questioned about it they blame their up-stream provider. Even if they are ready the only IPv6 ready router for the home is the Apple Airport Extreme, and even then there is a blocker issue for connecting to Sixxs.net (Apple's bug). Linksys, D-Link and Buffalo are still not ready with a public release and you are left trying to see if the version of DD-WRT you need for IPv6 supports your router. Chances are you will be looking at eBay for a router that has enough flash to support it.
Like the Swine Flu outbreak, I get the feeling that few entities are going to be rushing to do any work until there is media frenzied panic.
There is no killer application for IPv6, since its just infrastructure. On the other hand the lack of a NAT can make certain application solutions easier to implement, since you don't need to do any NAT busting or other fancy tricks. Of course since internal addresses are now all routable, you will certainly need to make sure that you have a real firewall on the gateway device.
Once you are on IPv6 you can start playing around with IPv6 torrent and http://ipv6.google.com/ [google.com] , if you are curious.
Re:Nothing gets fixed until it breaks (Score:5, Informative)
There are a number of corporations and organizations that own /8's
Here is a list [iana.org]
Here's a few from the list:
003/8 General Electric Company
004/8 Level 3 Communications, Inc.
008/8 Level 3 Communications, Inc.
012/8 AT&T Bell Laboratories
013/8 Xerox Corporation
015/8 Hewlett-Packard Company
016/8 Digital Equipment Corporation
017/8 Apple Computer Inc.
019/8 Ford Motor Company
034/8 Halliburton Company
Seriously... why does Ford Motor company need a /8?
The US government also owns a whole bunch of /8's
Instead of hogging these, they should just give them up. They don't need all these addresses.
Re:What about my toaster? (Score:5, Informative)
Assuming that everyone in the world owns a 1080p monitor, that's about 1x10^16 pixels.
There would be enough IP addresses for each pixel, and still have more than enough IP addresses left to give every man, woman, and child's toaster an IP and also to replace IPv4 in its entirety.
Re:Nothing gets fixed until it breaks (Score:4, Informative)
IBM used to use 9.0.0.0/8 address for their internal network. Computers that didn't have access to the internet or anything.
This was back in 1995, so I can't guarantee it is still true, but it is likely.
Re:Class A Address Space (Score:3, Informative)
Can't answer to the others, but IBM uses it's address space for all of it's equipment worldwide (desktops, labs, wireless, etc). All of the equipment is accessible via internal LAN's for each and every building IBM is in (and access can be had via VLAN if approved). The others may have similar needs.
Re:Class A Address Space (Score:5, Informative)
Re:economics as usual (Score:3, Informative)
Forcing the holders of large legacy allocations to give them up would hurt more than moving to IPv6, and it'd only get us a few more years of IPv4 growth. Opening up the class-E space would also hurt more than moving to IPv6, and still only give us a few more years.
NAT effectively adds 16 more bits to the address, but does so on a per-connection basis, not a per-node basis. It requires the network to be stateful, instead of just passing packets while the end hosts carry all the state. (This means that the end hosts can't just route around problems.) NAT is messy, but it happens to work because it can steal some bits of TCP or UDP to make up for not having enough in the IP header.
IPv6 adds way more address space than anyone can think of a use for. So it can encode a lot of information about the node's position in the network, plus keep an address unique for (practically) ever.
Re:IP itself is hierarchical, that is the problem (Score:1, Informative)
Are you sure you aren't confusing your network and application layers?
Re:What about my toaster? (Score:5, Informative)
> However, since each home network has 48 bits of address space (snip)
The last time I checked (about 6 weeks ago), ISPs are supposed to assign a 48-bit address to each "customer" (read: site, household, office, etc), who'll have 80 bits, not 48, under his direct control -- from a block whose upper 32 bits are assigned to the ISP by the local coordinator (ARIN, RIPE, etc). In English, here's a theoretical IP address represented by placeholder letters (each letter represents 1 hexadecimal digit = 4 bits):
aaaa:aaaa:bbbb:cccc:dddd:dddd:dddd:dddd
where
aaaa:aaaa is a prefix assigned by ARIN/RIPE/etc to the ISP. For now, most of the addresses we see will have "2001" as the first 4 digits.
bbbb is a 16-bit value, representing 65,536 potential customers. This is the part the ISP gets to assign to customers.
cccc is another 16-bit value. This is the part you, the customer, are officially supposed to be able to use however you please
dddd:dddd:dddd:dddd is a 64-bit value. In theory, this value is supposed to be determined by your ethernet card's MAC address. Originally, it was "mandated". Due to privacy concerns (your ethernet card would be trackable out-of-band wherever in the world you used it from and would have effectively been the "tracking cookie from hell"), it was first softened to allow some randomization, and eventually made a "recommendation". More on this in a moment...
So... what does this mean for you, Joe DslCableModelCustomer? In theory, you will someday be getting a letter from them to the effect of, "Your new IPv6 prefix is 2001:3f87:991d:/48". What does this mean? In the real world, it means you'll plug the shiny new Linksys router you bought circa mid-2012 into it, and configure its address to be 2001:3f87:991d::1 You'll then verify that the rest of your network (192.168.x.x IPv4 addresses and all) is happily doing NAT, and forget about it.
To the rest of the world, your desktop PC (192.168.0.128) will either appear to be 2001:3f87:991d::1 (if the router is acting as an IPv4 proxy), or if you're extra-clever, will transparently be rewritten to something like 2001:3f87:991d:0::192.168.0.101 or 2001:3f87:991d:0::c0a8:0065. Ditto, for the other half-dozen computers and devices in your home that are connected to the internet.
A few weeks later, you get into an IPv6 fetish, and decide to abolish the IPv4 legacy and make everything pure IPv6. At this point, your public IP addresses look even prettier:
your firewall's new IPv6 address is set to 2001:3f87:991d::100
your desktop PC's new IPv6 address is now 2001:3f87:991d::101
your TiVO's new IPv6 address is 2001:3f87:991d::102
and so on.
Put another way, nobody is going to put a gun to your head and force you to use the lower 64-80 bits if you really don't want to. If you're a typical home user who just wants to plug things in and have them work, they'll autoconfig using the munged MAC address and publicly assume some horrific, ugly value its owner will probably never type directly anyway. If you want your network to be handcrafted, with addresses you can remember, you're perfectly free to collapse the 80 bits you control down to as few as 1 bit if that's what makes you happy. Maybe even ZERO bits (I'm not 100% sure whether 2001:3f87:991d:0:0:0:0:0:0 is a legitimate address, or whether the ::0 address still refers to the (sub)net as a whole).
As for privacy, I fully expect that most ISPs will eventually have a semi-anonymizing web proxy available for their customers to use. They'll keep logs for a few days to fight spammers, botnets, and criminals, but keep things sufficiently shuffled around to keep marketers from ever getting TOO comfy and intimate with your IP address. It'll make ISPs happy, because they can make it cache traffic and squeeze more use out of their upstream bandwidth.
Note that the allocation scheme I just mentioned IS radically different from what IETF envisioned circa 2000. Sometime in the past 2 or 3 years, they put down the crack
Re:We need ipv4.5 (Score:3, Informative)
"IPv6 is a world without NAT". The hell it is. My internal routers don't get publicly routable IP addresses, even if I have to NAT back to IPv4.
Hi. You're ignorant. Let me educate you.
RFC3513 gives us Link-Local (fe80::/10) IPV6 addresses.
http://tools.ietf.org/html/rfc3513#section-2.5.6 [ietf.org]
These are addresses that *must not* be routed to the outside world.
RFC4193 gives us Site-Local (fc00::/7) IPV6 addresses.
http://tools.ietf.org/html/rfc4193#section-3 [ietf.org]
These are addresses that you *may* choose to not route to the outside world.
You don't need NAT. :)