NRO Warns They Are On Final IPv4 Address Blocks

eldavojohn writes "According to the Number Resources Organization, they will have issued their final twelve IPv4 blocks in a few months. Each block is 16 million addresses and represents 1/256th of the total addresses issued. We are now down to 12 blocks left in the global pool for issuing to Regional Internet Registries, who will then assign the last addresses that will run out sometime later in 2011. The pool of free addresses works out to be less than half of where we were in January. The new numbers from the NRO indicate estimated global pool IP address exhaustion in a few months, a year earlier than they estimated at the beginning of 2010."

Re:Someone help me out here

[lyml]

You are misstaken, notable predictions have predicted the following:

May 21, 2007: ARIN predicts sometime in 2010
June 20, 2007: LACNIC sets final date to januari 1, 2011
June 26, 2007: APNIC sets the date to sometime in 2010
April 15, 2009: ARIN says sometime before 2011


So for the last 3-4 years there has been a fairly good estimate on when they are supposed to run out.

Again?...

[goobenet]

They've been crying wolf for a decade about this. If they'd stop issuing 16 MILLION ip addresses to companies with no viable reason for offices to not use private/NAT addresses, this wouldn't be an issue. How about talking to some of those original companies that got issued /8's? HP now has 2(!!!) /8's in their control. (DEC/Compaq's and their own initial allocation) I doubt a company (even HP) can justify 32 million IPs. Or how about the US DoD? 7(!!!!!) /8's in their control. I find it hard to believe that even the government, who is all about conservation of resources you know, wouldn't be able to use a few different 10.0.0.0/8 networks globally and such. :) (c'mon 112 MILLION ip addresses just for the DoD?! LEARN2NAT ALREADY! Individual missiles do NOT need a public IP address!)

Re:2012, the year of IPv6 support?

[xororand]

Pretty much. The largest german consumer ISP recently announced its plan to enable an IPv4/IPv6 dual-stack on all DSL connections by the end of 2011. Source in German. [heise.de]
Several server hosters already implemented IPv6 during the last few months.

It's really overdue. All mobile ISPs that I've seen so far only offer NAT'ed Internet access. Horrible.

Re:And what about claiming IPs back?

[jimicus]

It has been discussed already - if the class As that were allocated to corporates back when anybody with the money could buy a class A regardless of need were reclaimed, it wouldn't provide more than a few months of extra capacity.

Re:Again?...

[gclef]

To build on this post, we've gone through 14 /8s just since January of 2010. Reclaiming a /8 would buy not even a month, and it would take more than a month to reclaim it.

Reclamation is wasted effort. Implement IPv6.

Re:2012, the year of IPv6 support?

[RotateLeftByte]

I wish my ISP was as enlightened as this German one and they are one of the biggest in the UK as well and as recently as last March they had no plans to migrate to IPv6.

One thing holding it back from the Consumers is the lack of Comsumer ADSL Modem/routers that support it. AFAIK, the Draytek Vigor series is about the only ones that do it. Sigh

Re:Humbug!

[Anonymous Coward]

If you think the "Millennium Bug" passed silently, it's a safe bet that you weren't working in the industry at the time.

Re:Someone help me out here

[Hylandr]

NAT-ing will only get us so far. In order to route to one private network to another the address must either be bridged and on the same subnet, or not bridged on a separate subnet. 10.0.0.0/8 networks will live a little longer than 192.168.0.0/16, but not by much. ISP A Natting all their customers to 10.10.1.0/24 and ISP B Natting all their customers to 10.10.1.0/24, nobody from ISP A will be able to talk to ISB B unless they create an explicit bridge between themselves. The potential for a abuse and misunderstanding of this is going to be rife.

Too much NAT and it's going to be much more than a PITA.

- Dan.

Re:2012, the year of IPv6 support?

[afidel]

Here's [wordpress.com] a decent list of SOHO routers with IPv6 support.

Re:Someone help me out here

[GreyLurk]

Actually, it's almost the reverse problem... New devices (mostly) universally support IPv6, which has plenty of unallocated IP Space (we can allocate 200 quadrillion IPv6 addresses per square inch of land on the planet) popular and actively maintained services either have already, or will soon move over to providing services on an IPv6 address. ICANN has already switched over their root DNS Servers to resolve IPv6, and most larger ISPs are following suit. So, if you've got a new device on an ISP who has updated their DNS servers to work with IPv6, and you're accessing a popular website that has been updated to IPv6, you might already be using IPv6 and never notice the difference.

There's a lot of ifs in that statement though. Plus there's a pile of legacy OSes and TCP/IP stacks that won't work with IPv6, so while you might be able to access Amazon, Google, and Facebook, it may be that your corporate payroll system is run off an old Windows NT4 system, which isn't IPv6 capable, so your whole corporate network is held up on the IPv6 migration because that NT4 system isn't IPv6 capable, and the payroll system isn't compatible with Windows Server 2008.

Plus, even some modern equipment/software from low-price vendors is lacking IPv6 support, because it hasn't been cost-effective to add it. Current versions of Windows, Linux, MacOS, Android, and iOS all support IPv6, but the custom software stack in the Avaya IP-based phone on my desk probably doesn't. Nor does the $20 ZyXEL WiFi gateway that I picked up 2 years ago off the cheap shelf at Frys

Re:Someone help me out here

[Tanktalus]

So let me get this straight.. In the beginning we had a very simple very open design. Any host can talk to any other host on any port. Then, over the years bouts of paranoia, fear, and idiocy have created default drop firewalls and nat devices that fundamentally break the open nature of the internet, protocols that rely on that nature break when presented with that stupidity, and somehow it's the fault of the protocol designer?

Well, no. You got the beginning part right. However, the reasons for NAT are off.

It's more like years of:

• Worms and trojans (one of the easiest ways to keep someone from rooting a box not necessarily under your control is to simply block the port from a firewall - not perfect, but gets many of the easy problems out of the way)
• Functionality demanded by computer-unsavvy users (think: professors outside comp-sci/engineering who want to use insecure software)
• ISPs providing few IP addresses, partly due to scarcity, partly because they like control, and sometimes due to limitations such as dial-up (a NAT router hooked up to a modem can service your entire network, my cable co only offers two IP addresses per user, and I have 4 computers plus a WDTV network device, easier to just NAT than try to get more IP addresses)

Besides all that, assuming that you can abuse ports/connections willy-nilly is overly optimistic, even on an open network. Growth will mean more users on a box (so your 20 ports being used can multiple by 200 users, and starts to add up). As well as more inter-network connections (more users from your uni dealing with users at another uni, across the state, country, continent, or even world), and thus bottlenecks. Reducing your traffic can be very important here.

It turns out that NAT devices share many problems with other aspects of our modern internet, even exacerbating some otherwise-existing issues. It's not idiocy. There is much malice here, but not on the part of NAT engineers/devs.

Personally, I'll likely continue using a NAT device even after the entire world is IPv6, though I'll obviously have to find an IPv6 NAT router, if only to provide a relatively trivial-to-set-up firewall between my TCP/IP printer and WDTV device, neither of which I can otherwise control too easily from prying hackers, and said hackers. I don't want some nimwit in Nigeria to start printing their 419 scams directly to my printer. And I don't know what vulnerabilities are in the WDTV device, I don't trust it much, so, again, keeping it away from inbound connections is probably a good thing.

I could set this all up with a real firewall instead. But NAT provides it simply enough, and UPnP is, well, universal enough to make it easy to configure.

Re:2012, the year of IPv6 support?

[ekhben]

Eh, not really. IPv4 will be gone. If you are an ISP, and you pursue Carrier Grade NAT (CGN) as your solution, you growth limit yourself. It's equivalent to fixing your available bandwidth permanently - you can't add more customers past a certain point without significantly degrading performance for all customers. In a few years, you'll need to deploy IPv6 anyway; your customers will pay a price for the capital cost of your CGN gear, then your customers will pay a further price for the capital cost of your v6 gear.

If you're only concerned about web+mail, deploy dual stack lite. Browsers and mail clients do IPv6 transparently already. CPE devices support v6 out of the box at the sub-$100 price range (Netcomm, Billion, and, uh, the one used in the big v6 trial by xs4all in the Netherlands). Going DS-Lite means that as more software supports v6, and more services appear on v6, the pressure on your public v4 addresses drops over time. You can sustain DS-Lite throughout transition. The capital cost is similar to CGN, and the ongoing expenses of v6 are generally covered by your existing v4 expenses (ie, bits you pay going over a v6 session are bits you no longer pay for over your v4, and if your upstream is charging you more for v6 it's time to go provider independent!)

Some of the services that don't work over CGN include, by the way, XBox Live, BitTorrent, many network games, and most VOIP solutions. Some services do work over CGN, but rely on a reasonable proportion of Internet users having a public address to do so, and thus aren't long term viable: Skype, some of the smarter BitTorrent clients that do hole punching. Some services rely on emerging protocols for dealing with CGNs, like FaceTime: ICE, STUN, and TURN.

You can get a taste for life under a CGN by configuring your home NAT device to ignore uPnP requests, and disabling any manual forwarding settings.

Also, the summary is full of shit regarding the changing estimation. The linked articles are pretty clear that it's still early 2011. Available metrics (http://www.potaroo.net/tools/ipv4/ is one of the best) show a pretty unchanging date; that link, in fact, includes a few graphs down the bottom showing the change in predicted date over time. If you're an ISP, you've got a reasonably reliable date to plan around, and it should see you unrestricted on your IPv4 clear through to 2012, plenty of time to get ipv6 upstream (typically free or very cheap, when taken alongside your v4) and implement dual stack in your core.

Re:Why not do multi-level branching?

[LingNoi]

So what happens to all the companies that have already spent thousands of dollars to get an IPv4 block get their addresses taken away from them?

How would you deal with all the internet sites that are now completely unroutable?

If both sides are NATd how would you communicate?

How would you get around the port restriction of NAT? You're assuming 1 ip == 1 computer.

Why would to waste time coming up with some contrived solution that takes much longer and is less supported then simply switching to IPv6 without problems?

Re:Someone help me out here

[TheRaven64]

If every person in the world had a personal network the size of the Internet, and every machine on it was routable, then IPv6 would still be doing sparse addressing - we'd have used approximately the square root of the possible IPv6 addresses.