Whatever Happened To the IPv4 Address Crisis? 574
alphadogg writes "In February 2011, the global Internet Assigned Numbers Authority (IANA) allocated the last blocks of IPv4 address space to the five regional Internet registries. At the time, experts warned that within months all available IPv4 addresses in the world would be distributed to ISPs. Soon after that, unless everyone upgraded to IPv6, the world would be facing a crisis that would hamper Internet connectivity for everyone. That crisis would be exacerbated by the skyrocketing demand for IP addresses due to a variety of factors: the Internet of Things (refrigerators needing their own IP address); wearables (watches and glasses demanding connectivity); BYOD (the explosion of mobile devices allowed to connect to the corporate network); and the increase in smartphone use in developing countries. So, here we are three years later and the American Registry for Internet Numbers is still doling out IPv4 addresses in the United States and Canada. Whatever happened to the IPv4 address crisis?"
Re:10 years (Score:5, Informative)
Even through all addresses have been given out
They haven't:
the American Registry for Internet Numbers is still doling out IPv4 addresses
ARIN currently has “approximately 24 million IPv4 addresses in the available pool for the region,” according to President and CEO John Curran.
Re:Probably the home router... (Score:5, Informative)
Good luck with web apps that use IP based sessions.
Are you kidding me??? That stopped being even remote practical about 20 years ago.
Bad summary (Score:5, Informative)
Unsurprisingly, address exhaustion still going on. APNIC and RIPE are down to their last /8 and are now handing out addresses as slowly as they can. ARIN and LACNIC will reach their last /8 this year. AFRINIC won't run out for years, so I suspect their new infrastructure will be built on IPv6. Here's the relevant data. [potaroo.net]
There's a finite number of addresses, guys. They're not going to magically stop running out.
ISPs taking IPs back from customers (Score:5, Informative)
I called their support, who said the lack of reply from their DHCP server was due to the network interface on my computer being defective (which was obviously a lie). When I pointed out that their conclusion was directly contradicting the symptoms I had already explained them about, they just hanged up.
Calling their support one more time, I was able to get to a supporter who knew what was going on, and didn't just invent a lie. It turns out they had run out of IPv4 addresses, and were now enforcing a maximum of two devices online per customer regardless of what limit had been in effect previously.
A few days later I called them again asking for native IPv6, which I considered only fair, given that they had taken away some of the IPv4 addresses, which I were using. They promised me native IPv6 before the end of the year. That was in 2012, they still haven't delivered.
Other ISPs are putting all new customers behind CGN unless they pay an extra fee for a static IP address. You'd think they'd give you native IPv6 along with that. But alas, according to the majority of ISPs, there is no shortage of IPv4 addresses in this country, so nobody needs IPv6. And since nobody is buying IPv6 connectivity, the ISPs will not offer it (completely ignoring the fact, that the reason nobody is buying IPv6 connectivity is that the ISPs themselves aren't offering it in the first place).
From what I am told, native IPv6 plus CGN for IPv4 is already fairly common in Germany, but that's not enough to make me want to move across the border. I have yet to hear about ISPs putting customers who previously had a public IPv4 address behind NAT, but I would not be surprised if it happened.
It is just costing us $$$ at this point (Score:2, Informative)
At work we wanted to set up some VPNs with a cloud provider but our ISP doesn't want to give us the IPs so we had to forgo the VPN and instead lease a line for $5000 a month + we'll end up with dev and production envirnments that don't match which will probably hit us as some downtime in the future (we're just using OpenVPN in dev which doesn't require an IPv4).
So in the case of my team of eight workers the IPv4 crisis is costing $5000/mo + countless meetings and endless paperwork. Not a showstopper, but enough that I'm not yelling "What Crisis?!" from the rooftops.
The US has nothing to worry about but... (Score:5, Informative)
Europe and other parts of the world is a totally different story. When the Internet was created and we started handing out the IP addresses we were quite stingy when giving them to other parts of the world. The United States is one of the biggest hoarders of IP addresses in the IPv4 world while Europe and the rest of the world got relatively few IP addresses with compared to how many the US holds. There's where we are seeing the problem.
Europe has the issue, Europe has no choice in the matter; they have to move to IPv6 or their side of the Internet is pretty much crippled. So unless we all implement 6to4 to allow United States Internet users to connect to European web site (that's fugly) or finally get on the bandwagon in converting to IPv6 in the US, there will eventually be two Internets; a US and a European Internet with IPv4 and IPv6 being the limiting factor.
Re:The real crisis is the routing table size probl (Score:5, Informative)
Re:Chicken little (Score:5, Informative)
You can't get new IPv4 addresses in Europe or Asia. End users are already on DS-lite, with IPv6 for their only public address. You can not initiate a connection to millions of Europeans and Asians if you don't use IPv6. Not soon, now.
Re:Probably the home router... (Score:5, Informative)
As it stands, your carier does NAT themselves and gives your router one IP address, typically in the 10.0.0.0/8 address space. Your home router then does another layouer of NAT, and gives internal devices their own IP address range in the 1902.168.1.0/16 address space. The advantagie is that one can support a _tremendous_ backend infrastructure without public IP addresses. This is also a tremendous security advantage: it reduces the exposed attack surface for script kiddies and casual network scanners to attack your home devices, they have to successfully gain control of the router or another device inside your network to pass along their attack.
The disadvantage, which dismays some people, is that NAT channels _publication_ of services through those NAT enabled routers or through externally hosted web space. It effectively makes the allocation of IP addresses and ports for exposed services require more thought, and allows easier throttling or monitoring of traffic at those NAT routers. I've found it to be a tremendous security and network management improvement: it makes firewall and routing design _much_ more stable and helps prevent people from running dangerous, unauthorized services from office networks, such as running public NFS servers without telling anyone aware of the security implications.
Re:Chicken little (Score:4, Informative)
Actually, ipv6 adoption seems to be higher in the US than anywhere else in the world... I run a bunch of dual stack websites, and v6 accounts for about 15% of american traffic and considerably less from other countries.
Re:NAT (Score:5, Informative)
This is far more troublesome for people who *do* run servers...
If you are getting abusive users from a mobile ISP, how do you ban those users?
Block the IP and you block every customer of that isp.
Re:Chicken little (Score:5, Informative)
It was never a crisis to begin with? This is why you don't listen to chicken littles.
I don't know where you live, but at a guess I would put you in a country such as the USA or in United Kingdom. If you look at how many IP addresses there are per 1,000 population [wikipedia.org] you will see that the USA has about 5,000, the UK 2,000 but that India has 29. So it might not be a problem for you, but for for some it is. It is not just 1st vs 3rd world, overall the EU has 19 per 1,000.
Many people use more than one IP address (think: office, home, mobile 'phone). Yes NAT can help, but it is not the complete answer.
Re:Probably the home router... (Score:5, Informative)
Re:NAT (Score:5, Informative)
Re:NAT (Score:5, Informative)
Any sort of peer-to-peer communication is problematic, if NAT is involved. Lots of the communication you want to do on phones is peer-to-peer in its nature, but actually implementations have often chosen inferior cloud based implementations, simply to work around NAT. Why else would you involve a cloud service, when what you really want to do is to move some data from one phone to another?
Additionally, even communication with cloud based services is problematic when NAT is involved.
Connecting to a cloud service in order to get a notification, once there is a new email or a new chat message is something you often want to do on a phone. But you cannot do that through a NAT, unless you a prepared to send a constant stream of packets to keep a connection tracking entry alive. Now your phone has to wake up every so often just to send another keepalive packet through the NAT. This consumes battery power, it also consumes bandwidth and if everybody does it, it consumes entries on the NAT.
If the NAT does run out of entries for connections, it will have to lower the lifetime of connections. That will lead to applications sending keepalives more frequently, and we are back in the same situation as before, only wasting more battery power and bandwidth.
NAT does not solve that problem, it actually makes it worse. You still have to keep track of the local IP you assigned to the phone if it is behind a NAT. The tracking of the IP address is not any harder just because it is a public address. But by introducing a CGN you introduce the requirement that all the traffic from the phone gets routed through that CGN even as the phone is moving. If you did not have the NAT layer, you only have the challenge of routing packets to the phone as it is moving, there is no need to get it through one particular NAT as well.
Re:NAT (Score:5, Informative)
Most ISPs assign staticish addresses. They are technically dynamic, but change very infrequently - in my case, no more than once or twice a year, baring a change of modem or network card.
Re:NAT (Score:5, Informative)
depending on the provider you don't get a new ip address when do those things either. from my limited experiments with Comcast and Time Warner they give the same IP address to the same Mac address every time.
I replaced a router on both and got new ip addresses. however when i cloned the mac address from the old routers to the new I got the old ip addresses.
Now this is really limited. 4 routers on two service providers. so take it with a grain of salt and a shot of tequila .
Re:CGN, perhaps? (Score:4, Informative)
Switches shouldn't need to do IPv6. They operate at the next level down, so it makes no difference, except for the management interface. That's the idea anyway - there are sometimes issues with programers assuming things they should not assume.
Re:Probably the home router... (Score:5, Informative)
That is not correct. A properly configured firewall does not cause nearly the same level of breakage as a NAT does.
That is true. NAT is hurting IPv6 deployment in many ways. Had NAT never been invented, we could all have been running IPv6 years ago, and the transition would have gone smoother. For example a large part of the difficulties in using IPv6 through tunnels is entirely due to the IPv4 connections being infested with NATs.
With IPv6 there are enough addresses, that this should happen very rarely.
Then use DNS and/or RFC 4193.
Re:Probably the home router... (Score:4, Informative)
As it stands, your carier does NAT themselves and gives your router one IP address, typically in the 10.0.0.0/8 address space. Your home router then does another layouer of NAT, and gives internal devices their own IP address range in the 1902.168.1.0/16 address space.
Not where I live, and that sounds quite limiting! Thank ${DEITY}, ISPs here in Finland assign their customers genuine public IPv4 addresses, usually via DHCP. Typically, you can even get several of them – the maximum on a consumer connection could be something like 5. (I’m using 2 right now.) Only something like the port 25 (SMTP) is blocked for inbound connections so you’re free to run a personal web server, SSH box, VPN to your home network, etc.
Finnish cellular carriers – as opposed to the actual fiber/copper/cable ISPs – have a different practice, though: they will usually NAT the 3G/4G customers by default, which is quite understandable, as you generally do not want inbound connections to a cellphone. Still, at least my carrier (Saunalahti) lets advanced customers choose a different APN which will give a public IPv4 address even for a 3G modem or a cellphone, which is quite nice and handy as well for some situations.
Re:Probably the home router... (Score:4, Informative)
Being horrified by NAT is all well and good, but the fact is, ISPs look at the horrible bandaids that work 80% of the time and say, "Good enough. Now I don't have to rebuild my entire infrastructure for IPv6."
And yet Comcast is rolling out IPv6. I'm on IPv6 at home today.
For anybody paying attention... (Score:5, Informative)
For anybody paying any attention over the past few years, this shouldn't come as a surprise.
The IANA ran out of IPv4 address space available for doling out to the Regional Internet Registries (of which there are six) three years ago. APNIC (Asia Pacific) and RIPE NCC (Europe) went below a single /8 three and two years ago respectively. The IPv4 address exhaustion has already begun.
ARIN (North America), however, has 82 /8s. If you consider that there are only 221 /8s in total (the IANA keeps 35 for reserved use), this means that ARIN has 37% of all usable Internet addresses assigned to it, for roughly 8% of the worlds population. More than a third of all possible addresses for less than a tenth of the worlds population.
Even still, ARIN now only has about 1.3 /8s free. Projections have them running out next year. They've always been estimated to be one of the last RIRs to run out (with AfriNIC being last, as they still have just over 3 of their nearly 13 /8s free) due in part to the huge number of /8s already in use in North America (way out of proportion to the population of the continent).
I feel really ashamed every time this topic comes up on /. at the complete and rampant ignorance of the issues surrounding IPv4 and IPv6. We will run out of IPv4 address space, but address space is hardly the only problem with IPv4. The bigger problem is ROUTABILITY -- the IPv4 routing tables have become seriously unweildly, they are getting progressively worse (in part due to InterRIR transfers of address blocks now that Europe and Asia have run out of addresses), and they continue to need more and more compute power thrown at the problem just to keep up. The number of BGP forwarding entries has doubled from roughly 250k to nearly 500k in just the last six years. The algorithms used for determining routes in IPv4 are complex. The computability is difficult, and it's slowing down the Internet today.
IPv6 solves a lot of the routing problems inherent in IPv4, making routability a lot easier to compute. IPv6 packets have a simpler header, routers don't need to provide fragmentation services, and there is no header checksum. IPv6 also avoids the routing anomalies present in IPv4 due to things such as the switch to CIDR. We know a heck of a lot more about packet routing now than we did in the 60s when IPv4 was first defined, and these improvements are available in IPv6.
This is why I cringe whenever I see a post in an IPv6 address exhaustion related /. story complaining about a lack of backwards compatibility in IPv6, or anytime anyone says that NAT is good enough for everybody. As the address space fragments even further, and historic /8s and /16s are broken up into ever smaller units which are then distributed to diverse geographies, the routing table in IPv4 is going to continue to blow up, becoming ever uglier -- it simply wasn't designed to scale in the manner in which we're using it. IPv6 brings sanity to global routing again, in a way that no backward-compatible solution could achieve.
The IANA is out of addresses. RIPE and APNIC are virtually out of addresses (with only enough reserved to aid in IPv4 - IPv6 tunnelling and translation services). ARIN is down to less than 1.5 /8s, and survives purely on the fact that it has a disproportionate number of /8s compared to the population it serves. And worst of all, IPv4 routing is an absolute mess that requires a ton of processing power and compute time to maintain. Remember these things before you post something silly about being pro-NAT, pro-some-untested-IPv4-address-extension-proposal, complaining about backward compatibility, or how people have been predicting IPv4 exhaustion for the last 25 years (just because you see the train coming towards you way off in the distance does