At Current Rates, Only a Few More Years' Worth of IPv4 Addresses

An anonymous reader excerpts from an interesting article at Ars Technica, which begins "There are 3,706,650,624 usable IPv4 addresses. On January 1, 2000, approximately 1,615 million (44 percent) were in use and 2,092 million were still available. Today, ten years later, 2,985 million addresses (81 percent) are in use, and 722 million are still free. In that time, the number of addresses used per year increased from 79 million in 2000 to 203 million in 2009. So it's a near certainty that before Barack Obama vacates the White House, we'll be out of IPv4 address[es]. (Even if he doesn't get re-elected.)"

Don't say "NAT"

[Anonymous Coward]

Can we start the discussion by not immediately going to the "NAT will save us" argument? Just accept that while NAT deployments might put it off, IPv6 deployment is inevitably necessary.

::1

[sakdoctor]

I've already got MY ipv6 address.

Re:

[negRo_slim]

Which is great if users are able to connect to said address.

Re:::1

[furball]

You can't reach loopback?

Re:Don't say "NAT"

[sopssa]

No, not really. There's companies with whole fucking /8 [iana.org] that have no real purpose to own them, but they've just always had them:

003/8 General Electric Company 1994-05 LEGACY
004/8 Level 3 Communications, Inc. 1992-12 LEGACY
008/8 Level 3 Communications, Inc. 1992-12 LEGACY (two /8's ?)
009/8 IBM 1992-08 LEGACY
013/8 Xerox Corporation 1991-09 LEGACY
015/8 Hewlett-Packard Company 1994-07 LEGACY
016/8 Digital Equipment Corporation 1994-11 LEGACY
017/8 Apple Computer Inc. 1992-07 LEGACY
019/8 Ford Motor Company 1995-05 LEGACY
034/8 Halliburton Company 1993-03 LEGACY
044/8 Amateur Radio Digital Communications 1992-07 LEGACY
045/8 Interop Show Network 1995-01 LEGACY
047/8 Bell-Northern Research 1991-01 LEGACY
048/8 Prudential Securities Inc. 1995-05 LEGACY
052/8 E.I. duPont de Nemours and Co., Inc. 1991-12 LEGACY
053/8 Cap Debis CCS 1993-10 LEGACY
054/8 Merck and Co., Inc. 1992-03 LEGACY
056/8 US Postal Service 1994-06 LEGACY

Just get rid of the companies that are reserving such huge spaces without having a real reason to do so, other than that they were there to reserve them in start of 90's. Also US and UK army and defence and other ministers have several /8, but why really? Other countries do just fine without too.

Re:Don't say "NAT"

[growse]

So we go through a huge difficult, expensive process to save us, what? A couple of years? Why bother?

Re:Don't say "NAT"

[sopssa]

Seeing the state of IPv6 and how many devices still don't support it, I think thats a pretty good idea. That being said, IPv6 support should be fully done in new devices, OS and programs already, because you need to give some time for old devices too so they can still work under IPv4.

But on another thing, I really doubt we are just a few years ago from IPv4 addresses going out of stock. There's still many /8 unallocated to anyone, most ISP's still give their users 5 ip addresses on home lines and from most hosting companies you can buy new ip's for $1-3 per piece. If we will be running out of them, we will first see hosting companies upping their prices and home ISP's limiting how many IP's they give to customers. And that will come far before we're actually out of address space.

Re:

[petermgreen]

we will first see hosting companies upping their prices and home ISP's limiting how many IP's they give to customers. And that will come far before we're actually out of address space.
That depends on what the IANA and the RIRs do. with thier policies over the next few years.

Right now IMO the sane policy for an ISP is to allocate as many IPs to customers as they can get away with, that way they can "justify" getting new IPs from the RIR. When the final squeeze comes with no new IPs availible from the RIRs th

Re:

[mysidia]

the ISPs can then claw back IPs from less lucrative customers and give them to more lucrative ones.

There's a term for that, it's called: Fraud. And I hope ARIN counts on that it will happen. I'm sure policies are already being considered as we speak, to provide for auditing of ISPs to validate compliance with the Registry Services agreements the ISPs signed.

It's a violation of the ARIN agreement ISPs have to sign, to give a customer more IP addresses than they have justified need for, just because you

Re:Don't say "NAT"

[mysidia]

That's already been thought of. As an ISP, you don't get to just make up whatever rules you want to determine how many IPs you can assign, beyond a certain point, you have to apply RFC 2050, per the name resource policies:

Because it is.

In actuality, need is defined as the minimum number of IP addresses that will be required within a certain period of time in the future, according to Network Engineering plans [ietf.org] that get submitted to ISPs (LIRs and RIRs) in order to apply for IPs; efficient utilization means utilizing 80% of the IPs to address internet hosts. IPs that will be required in the near future are needed and part of the justification.

Currently 25% immediate utilization is required after 6 months, 50% required after 1 year.

All existing IP allocations must be 80% utilized.

ARIN NRPM [arin.net], 4.2.3.1. Efficient utilization ISPs are required to apply a utilization efficiency criterion in providing address space to their customers.

ARIN NRPM, 4.2.3.6 Reassignment to multihomed downstream customers: Under normal circumstances an ISP is required to determine the prefix size of their reassignment to a downstream customer according to the guidelines set forth in RFC 2050.
Specifically, a downstream customer justifies their reassignment by demonstrating they have an immediate requirement for 25% of the IP addresses being assigned, and that they have a plan to utilize 50% of their assignment within one year of its receipt.

4.2.3.3. Contiguous blocks: if a customer moves to another service provider or otherwise terminates a contract with an ISP, it is recommended that the customer return the network addresses to the ISP and renumber into the new provider's address space. The original ISP should allow sufficient time for the renumbering process to be completed before requiring the address space to be returned.

RFC 2050 [ietf.org].

Re:Don't say "NAT"

[Z00L00K]

I'm still waiting for ISP:s to offer IPv6.

As soon as the ISP:s starts to offer IPv6 it will be easier in general to use and develop for IPv6

Re:

[gmuslera]

Inertia could make your car crash even if you started to turn when saw the danger. A few meters more could be the difference between your life or death.

Re:

[tehdaemon]

According to the article (which I haven't read yet BTW) all those /8's listed total what, 18 months worth of addresses? And the legal battles to get them will take how long?

T

Re:Don't say "NAT"

[Yaztromo]

Why have a legal battle? Just let the current holders auction off sub-blocks.

You're assuming that the holders of these /8's have been using some sane way in which to assign the IPs within their blocks such that large, contiguous regions are still readily available that make the unused addresses readily routeable. Which, from my experience, they don't. And as the Internet would become nearly unroutable if millions of /31's and /32's suddenly appeared, the only way you could make this work is by having each and every one of those organizations effectively defragment their address use to make large, routable blocks that could be reassigned (e.g., /24s or /16s) -- and for organizations of the size that we're discussing, the cost of that is going to be way more than they'll be able to charge for those address blocks, and they aren't going to do it, fight or no fight.

You can't take an entity the size of (for example) IBM and have them compress their address use into a /12 to free up 240 new /24's without it being a very significant cost in terms of effort and downtime -- particularly when they have absolutely no incentive to do so. Nobody in their right mind would spend the necessary amount of money to make it worth their time and effort, when they can get millions of addresses in IPv6 for next to nothing.

Yaz.

Re:Don't say "NAT"

[swillden]

No, not really. There's companies with whole fucking /8 [iana.org] that have no real purpose to own them, but they've just always had them:

The block you listed contain a total of 301,989,888 addresses. At 2009's rate of 203 million addresses per year, returning those blocks would buy us less than 18 months. Big whoop.

Also, some of those companies actually do make significant use of the addresses they have. For example, I happen to know that IBM uses a good chunk of the 9.0.0.0 space.

Re:

[Anonymous Coward]

I happen to know that IBM uses a good chunk of the 9.0.0.0 space.

For what? Do all their PCs have public IPs?

Where I work has an entire class B and all of our PCs are public and we're talking now about NAT'ing them all, for security reasons. Once upon a time this would have been a nightmare because all of our devices have static IPs, but now we have a process to easily map in MAC addresses of authorized devices into a DHCP address so they all get their own IP.

What I'm saying is, once upon a time having

For stupid reasons

[Junta]

I also know first hand IBM uses a lot of 9.0.0.0/8 today and that the world would have to do something drastic to make them change their usage as it isn't cost-effective from their standpoint unless they can save/get a large chunk of change.

Now, you'd think that means these devices are publically accessible, but noooo. If 99% of their '9.x.x.x' equipment that does have internet access attempts a connection, it gets NATed outbound to a different address entirely! So they sit on a mountain of globally addre

Re:

[metamatic]

Now, you'd think that means these devices are publically accessible, but noooo. If 99% of their '9.x.x.x' equipment that does have internet access attempts a connection, it gets NATed outbound to a different address entirely!

Depends on the IBM site. Some use NAT and/or a proxy, but the sites I've worked at in the US don't. In fact, the NATted sites are a source of technical issues internally, exactly as you'd expect.

[Opinions mine, not IBM's.]

Re:

[Stile 65]

GE's use of their 3.0.0.0/8 is exactly the same way. All their devices have public IP addresses, and they're all NATed at the firewall anyway - even for some internal communication. The NAT doesn't cause too many problems at most of the sites I've worked with (except one, getting that firewall migrated was a bitch and a half) but it's a huge waste of IP space.

Same goes for many of the customers of my former employer with full /16 blocks, too. Absolutely no reason for most companies to have that much if you'

Re:Don't say "NAT"

[swillden]

I happen to know that IBM uses a good chunk of the 9.0.0.0 space.

For what? Do all their PCs have public IPs?

At present, yes. Also their phones. But the employees' PCs are a fraction of IBM's computers. Keep in mind that IBM runs large data centers all over the world.

Yes, were IBM to go through a very large and expensive network restructuring to move many of the internal networks to NAT, they could probably give a few million addresses back. Maybe as many as 15 million. And at the 2009 rate that would buy us 26 days.

Where I work has an entire class B and all of our PCs are public and we're talking now about NAT'ing them all, for security reasons.

That's silly.

There's no security value to NAT. NAT does provide a stateful firewall that disallows inbound connections, but you can do that just as well without NAT, and with a great deal more flexibility.

Re:Don't say "NAT"

[Jonner]

There's no security value to NAT. NAT does provide a stateful firewall that disallows inbound connections, but you can do that just as well without NAT, and with a great deal more flexibility.

Thank you for pointing that out. So many people seem to think NAT is a security tool. I think it's because just about any router capable of NAT also has a stateful firewall (since NAT requires tracking of connections) and many people don't understand the distinction.

Re:Don't say "NAT"

[rantingkitten]

There's no security value to NAT. NAT does provide a stateful firewall that disallows inbound connections, but you can do that just as well without NAT, and with a great deal more flexibility.

You can. I can. Aunt Myrtle can't. I for one am glad that most home users are behind NAT these days. It's better than nothing. Unfortunately, it does tend to cause issues with SIP, which is my industry, but I've learned to live with that.

Re:Don't say "NAT"

[demonlapin]

You can. I can. Aunt Myrtle can't.

And - let's face it - neither can most of /.'s users. I remember setting up an OpenBSD firewall back in the late 90s, and I did most of my firewall rules configuration by copying someone else's rules. I tweaked them for my specific needs, but there's no way I'd have come up with them on my own. Unless you are a real network admin, you are unlikely to be able to set this up properly.

Re:

[mini me]

An improperly configured NAT gateway may also allow outsiders access to the internal, private network. Improperly configured network devices are always a security risk. NAT does not help here.

Your JetDirect card would presumably be behind a firewall, so even with a public IP, it would not be accessible to those on the general internet.

Re:

[bill_mcgonigle]

An improperly configured NAT gateway may also allow outsiders access to the internal, private network.

I can't think of any that are this way by default.

Improperly configured network devices are always a security risk. NAT does not help here.

Sure it does, they're not reachable from the Internet. How is that not helpful?

Your JetDirect card would presumably be behind a firewall, so even with a public IP, it would not be accessible to those on the general internet.

Yes, mine would be, but most people don't prop

Re:On Which Planet?

[swillden]

Of course there is - it allows all manner of insecure and misconfigured gear to avoid being probed from the other side of the planet?

That's not an advantage of NAT. That's an advantage of a stateful firewall that disallows inbound connections. NAT is not required to get the same benefit.

All of the machines in my home have public IPv6 addresses, but I have a firewall that blocks inbound connections to all of them. Same security result. No address translation.

Re:

[TheRaven64]

IPv6 is considered a to be a broken ill-designed protocol that screws up more than it fixes.

If this were wikipedia, that would be tagged with 'weasel words' and 'citation needed'. As it's Slashdot, can you point to someone who actually argues this rationally?

Its basically unusable with mobile networks (WiMax, WiFi, etc).

Absolute nonsense. Mobile IPv6 uses the fact that IPv6 requires IPSec support to allow the routing tables to be updated dynamically by the device (once you've been assigned an IP address, you can push routing table updates for that IP when you hop to a different network) which eliminates the triangle routing that Mobile IPv4 needs.

It significantly increases the cost of routers, switches, etc--the exceptions being those hardware that treat IPv6 in the slow-path. i.e., by trapping to the control CPU.

Again, non

Re:

[Anonymous Coward]

004/8 Level 3 Communications, Inc. 1992-12 LEGACY
008/8 Level 3 Communications, Inc. 1992-12 LEGACY (two /8's ?)

That's due to the acquisition of BBN who was the contractor that did a lot of initial ARPANET work. (The original defense contractor role of BBN was later spun back out and is now part of Raytheon but the network assets stayed with Genuity and then later Level 3) They also have the AS number "1", which gives them some severe old-school bragging rights.

Those assignments really aren't that bad -- they're a major ISP and would have huge chunks of IP space regardless. At least 4/8 is largely delegated to cus

Re:

[RalphSleigh]

Google run their public DNS on 8.8.8.8 and 8.8.4.4 so they are being used, this is probably because level 3 provide google with multicast on these addresses.

Re:Don't say "NAT"

[Hatta]

It'll be easier to give everyone a block of ipv6 addresses than it will be to take away legacy ipv4 allocations.

Re:

[fermion]

Another piece of useless trivia. When HP acquired Compaq which acquired DEC, HP apparently became the only firm with two consecutive "/8".

It might have been 3, but Compaq was never awarded a block. I never understood why that was. Compaq was certainly the major player in the early 90's.

In any case the IPv6 seems to implemented in all major OS(I don't know if it has fully support in Windows 7), so I suspect we will be transitioned within a couple years.It is like telephone numbers. In the US we are up

Re:Don't say "NAT"

[mcrbids]

Let's say that you get all these companies to give up ALL their addresses. You've postponed the problem by about 18 months! Whoopee!

The thing is, technology tends to grow logarithmically, which is why we have things like Benford's Law [wikipedia.org]. The problem shouldn't be being solved now, while we're at the 90% level, the problem should have been solved long ago, back when we were at about the 10-20% level, because the actual halfway mark as a function of time is somewhere near 20-25% completion!

That IPV6 has been bungled so bad is a consequence of the Second System effect [wikipedia.org] and perhaps a bit of design by committee [wikipedia.org].

In any event, IPV6 fails to solve a couple of fundamental problems:

1) Piss poor backwards compatibility. This was even acknowledged publicly in a recent news article. [networkworld.com] It's not only not poorly backwards compatible, it just basically ISN'T backwards compatible. Want to talk to an IPV4-only resource from your IPV6-only address? You basically have to have some fancy trickery with NAT and DNS in order to do this - it isn't straightforward, and it requires coordination with the IPV4 resource. And the reverse is even worse!

2) Un-necessary complexity in implementation. Partly as a result of #1, implementing IPV6 will be costly, and will require expensive "transition tools" in order to work smoothly. But it's not just because of lack of backwards compatibility - issues such as strange hardware requirements (what... no MAC address?) and the like make the cost of implementing high. Sure, it's not that expensive per device, but multiply that by the entire Internet, and the problem becomes a bit more clear.

3) No net positive for implementing! You don't get "more" for implementing, you get "less". Some stuff that used to work won't, and other stuff that you need to work just isn't there. Sure, Yahoo and Google support IPV6, which is great for the 50 or so people who are on it. But, if anybody cares, it's on IPV4.

4) Tragedy of the Commons: The address shortages don't affect anybody who's already on the 'net. I have an IP address or two already. I don't care if *you* run out, I only care if *I* run out. So, I really don't much care about you so long as I get mine. That's called the "tragedy of the commons" - a common resource is exploited as quickly as possible by people who are motivated to get theirs before anybody else gets it, resulting in a destroyed public resource.

IPV6 sucks. The engineers had their chance, and they blew it. Now it's too late to change it because we don't have another 5 years to committee another solution, and there is already a significant amount of inertia from those poor souls who have already implemented it! (at great cost)

This is NOT going to end well.

Criticising is easy.

[anti-NAT]

Helping solve the problem is much harder.

Are you part of the problem, or part of the solution? If all you're willing to do is criticise, then I think you're part of the problem.

Re:

[Anonymous Coward]

I'm sorry, your post is off on a number of points. Let me clarify things for you.

The problem shouldn't be being solved now, while we're at the 90% level, the problem should have been solved long ago, back when we were at about the 10-20% level, because the actual halfway mark as a function of time is somewhere near 20-25% completion!

The IPv6 specs were drafted in 1994 and mostly finalized in 1998. That 95% of the world still is on IPv4 is not due to the IETF's tardiness.

1) Piss poor backwards compatibility. This was even acknowledged publicly in a recent news article. [networkworld.com]

Yes, in hindsight, more backwards compatibility would have been nice. It might have made the switchover period less painful and would have avoided the Game-theory deadlock that has withheld IPv6 adoption.

It's not only not poorly backwards compatible, it just basically ISN'T backwards compatible. Want to talk to an IPV4-only resource from your IPV6-only address? You basically have to have some fancy trickery with NAT and DNS in order to do this - it isn't straightforward, and it requires coordination with the IPV4 resource. And the reverse is even worse!

Why do you bring up IPv6-only addresses? They don't (yet) exist, and the situation you'

Re:Don't say "NAT"

[Trolan]

Repurposing the D and E spaces won't fly. The D space is used. Think of the hell entailed if 224.0.0.5 and 224.0.0.6 get routed. Bye bye OSPF. Plus you'd have to recode every OS and firmware that understands those as multicast addresses to treat them as unicast. That's not even discussing what might be coded in for the E space in random OSes and firmwares. And after all that work, it'd buy us maybe two more years. Just go v6, it's already in the OSes, and would be in the firmwares if the end-user ISPs would just push the CPE manufacturers a little bit.

Re:Don't say "NAT"

[causality]

Can we start the discussion by not immediately going to the "NAT will save us" argument? Just accept that while NAT deployments might put it off, IPv6 deployment is inevitably necessary.

It's not unreasonable to say that the increasing scarcity of a finite resource might put more pressure on all of us to utilize that resource more efficiently. Replacing the scarce resource (IPv4 with its 2^32 addresses) with one that is overabundant (IPv6 with its 2^128 addresses) is always an option, of course. But migrating to that option and more wisely using our existing resources are not mutually exclusive. So no, I don't recognize as invalid the discussion of NAT as a technique useful for mitigating this issue.

Re:

[fbjon]

There is no scarcity of the "resource" to begin with, only design flaws. Plus, more efficient use requires more complicated routing.

Re:Don't say "NAT"

[Jeremi]

There is no scarcity of the "resource" to begin with, only design flaws

The scarcity may be caused by design flaws, but that doesn't mean the scarcity doesn't exist.

Pre-emptive strike

[fbjon]

"IPv6 addresses are too long and complicated to type"

...is like saying solar panels are too hard to build when you run out of slave labor in hamster wheels.

"We don't need IPv6 since there is NAT"

...is like saying we don't need new energy solutions because beeswax candles are a tried and trusted technology.

"The Internet will be overrun by zombies when NATs no longer protect us."

...is like saying avoiding antibacterial soap will cause untold misery and disease.

"Just re-allocate some of the wasted space in Class A nets."

...is like saying overcrowding of the planet can be mitigated by decreasing the size of houses.

Re:

[Athanasius]

"...is like saying avoiding antibacterial soap will cause untold misery and disease."

Well, actually, it has some potential to be a problem, if not used correctly:

http://news.bbc.co.uk/1/hi/health/8427399.stm [bbc.co.uk]

Re:Pre-emptive strike

[fbjon]

Precisely, NAT is part of the problem.

Re:

[Midnight Thunder]

Hoarding of scarce v4's undeniably aggravates the shortage almost by definition.

And asking said entities to return unused blocks is like asking the government to return unused tax money. In other words: good luck with that.

Re:

[tagno25]

If I were ARIN, I would start making v4 addresses and v6 addresses cheap.

To an ISP it is actually FREE to get IPv6 Addresses initially, ant then there is a wavier until 2012.

Fee Schedule [arin.net]

IPv6 Initial Allocation and IPv6 Assignment
ARIN charges a fee for the initial IPv6 allocation from ARIN to an ISP. This fee is currently waived for IPv4 subscribers. For organizations that aren't IPv4 subscribers, the fee is lowered by current fee waivers [arin.net].

ARIN charges a fee for an IPv6 assignment (whether initial or additional) to an end-user. There are currently no fee waivers for IPv6 assignments.

No, that's propaganda

[Anonymous Coward]

We'll never run out of IPv4 addresses. "Peak-IPv4" is a myth created by those who hate America and want Asia's IPv6 to take over. 4 octets forever!

Re:No, that's propaganda

[Zocalo]

I know you are joking, but there is a very good reason why Asia is so keen on IPv6 adoption; they are going to feel the crunch first and they know it. IANA has in place an agreement that as soon as one of the RIRs is assigned one of the five final /8s each of the other four RIRs receives one of the remaining /8s and IANA washes their hands of the whole mess. That's without a doubt the most critical milestone along the path to IPv4 exhaustion, so let's look at that instant from the point of each of the RIRs:

• AfriNIC: Incredibly slow burn rate. They're probably still good for another decade or two at this point.
• APNIC: Includes China and India, two of the fastest developing nations on the planet with correspondingly high IPv4 assignment requests. There's no two ways about it; without wholesale IPv6 adoption, they're going to be the ones running out first.
• ARIN: Capitalists to the end, they are on record as saying IPv4 exhaustion is not their problem to solve; it's first come first served and when they are all gone that's it. Even so, there are plenty of US institutions with /8s that could mostly be handed back and reassigned if push came to shove.
• LACNIC: Not quite as low AfriNIC due to developing countries like Brazil, but are still able to sit back and let any problems with IPv6 get resolved before they make the leap.
• RIPE: Have already got the strictest IP assignment policies of the RIRs and will probably just continue to tighten the screw right up until the point of exhaustion; LIR assignment windows are typically about one quarter of what they would have been five years ago. It's a pretty fair bet that APNIC and ARIN will both beat them to the wall.

Fool!

[ravenspear]

IANA has in place an agreement that as soon as one of the RIRs is assigned one of the five final /8s

You DO NOT talk about the final five. That is against your programming.

Let me be the first to say ...

[GNUALMAFUERTE]

4 octets should be enough for everyone.

I'll believe it when I see it

[haus]

It has not yet become a big enough of a problem for the large sections of unused address by universities such as MIT and Harvard to be recalled.

Re:

[Blakey Rat]

But I love reading this story over and over again about every 2 years. It'll happen any day now!! We pinky-swear!

Re:

[JWSmythe]

    If I remember right, it's been less than a year since the last "the IP sky is falling" story here. Even then, we were numbered in months, not years. I know the deadline was in 2009. :) I have a lot of faith in it's failure though. It'll fall apart, and we're going to all die, or at least not be able to twitter quite as much. :)

Re:

[dgatwood]

I'm not positive, but I'm pretty sure we'll run out of IP addresses on December 21, 2012. :-)

Re:Every two years? Hah. More like twice a year

[Bigjeff5]

No no, after December 21, 2012 all the addresses will be available!!

Re:

[swillden]

It has not yet become a big enough of a problem for the large sections of unused address by universities such as MIT and Harvard to be recalled.

At over 200 million new addresses needed per year, returning all of those class As wouldn't buy more than 2-3 years.

Re:

[schon]

At over 200 million new addresses needed per year, returning all of those class As wouldn't buy more than 2-3 years.

That's great then - everyone knows that the world is gonna end in 2012, so it's not a problem!

Re:I'll believe it when I see it

[fm6]

Do you think the current owners are hanging onto their address spaces out of pure spite? If they rely on the Internet to do business, this crisis hurts them more than anybody.

This mess happened because of the simplistic addressing schemes that were implemented without taking into account the explosive growth of the Internet. One result is that that some early adopters ended up with Class A [tcpipguide.com] networks (16 million addresses) because they needed more than the 64 thousand addresses in a Class B network. Only one Class A space belongs to a university (MIT). (There used to be two, but Stanford gave its IP space back.) Other owners include Halliburton, Apple, IBM, and Xerox PARC. HP has two, counting the one that was originally issued to DEC. DoD has eight.

Reassigning all these addresses would be a logistical nightmare, because you're changing the basic logic of network routing. Imagine all the routers that would have to be reprogrammed or replaced, and the expensive down time that would result. Much more cost effective to just go to IPv6 already. Plus there are other features of IPv6 we really, really need.

Except that nobody's doing it. I used to work at Sun, where I kept suggesting that our embedded lights-out management system [sun.com] (all Sun servers have them) start supporting IPv6. The answer I always got was, "customers aren't asking for it." Which means that everybody is putting off this problem until the last minute. As usual.

Re:

[Jonner]

The difficulty being discussed is not related to DNS, but to IP routing, a lower level function.

Re:

[fm6]

Anything can be done, if you have enough money. The question is, where does the money come from?

I read the org post in 1998

[haus]

So there is no need to read the repost.

I will guess by your user id that you where in junior high then, or are old and senile and forgot the password to your old account. Either way the story goes that everyone needs many address they do not exist so we will all change over to IPV6 by Thursday. Hint the research is done by people who have a vested interest in selling gear or by grad students who have never worked anywhere.

When you have read the next three such articles and the country is suffering through t

Ah but...!

[Wowsers]

Ah but nobody will take away the IPv4 address I got myself, 127.0.0.1 !

Re:Ah but...!

[hedwards]

Ha ha, I'm pwning it as we spe

Re:

[sconeu]

Hey! That's MY IP address, you insensitive clod!

Re:

[Teancum]

I was more worried about my own private /8 block:

10.0.0.0

Of course I could still settle with simply

192.168.0.0

I've used both plenty of times.

I am curious.... how did you know the address to my web server?

Bono should be pleased...

[fuzzyfuzzyfungus]

Anybody not paying for a business line will being going through so many layers of NAT in the near future that getting bittorrent to work will be quite difficult...

Re:Bono should be pleased...

[klapaucjusz]

BitTorrent is already running over IPv6. Anyone running Torrent on a recent enough version of Windows automatically uses IPv6 to cross NAT boxes using a technology known as Teredo [wikipedia.org].

The Free Software world is late with IPv6 adoption. In the words of one of the Torrent developers (Greg), "platforms which are not Windows [...] need to get their collective Teredo asses in gear."

Re:

[klapaucjusz]

That should read "muTorrent", both times. The Greek letter didn't get through, for some reason.

In other news

[Cmdr-Absurd]

Commercial fusion power will be a reality in 20 years.

We've been hearing this for a while

[badger.foo]

We've been hearing this for quite a while, and for some odd reason IPv6 isn't really entering the mainstream regardless of these warnings.

We should not forget that within IPv4 space, reallocations do happen. Some organizations are AFAIK still sitting on routeable /8s for no good reason whatsoever, and possibly, maybe, some of that space will be redistributed one way or the other. Then of course those parts of the world that have actually switched to IPv6 are not likely to switch back (but you'd have to p

No real scarcity yet

[bizitch]

I just helped out a friend who lives in a remote rural section outside of Chicago. I tried for years and years to get her lit up on decent broadband service.

Finally, we got a relay from a WiMAX provider --

When I went to connect her broadband with a Cisco router - I discovered that she was assigned a FRIGGIN /27 of public numbers!! (i.e. she now personally burns 32 usefull IPV4's)

I was gonna call their support ... but why bother?

You never know if she's gonna need 30+ public ip numbers right? Just because she lives alone - she may get many friends real soon!

Re:

[Lord Byron II]

I take it she's on Clear?

How does she like it?

Bandwidth up and down? Ping times? Reliability?

I've been looking to break free from the AT&T and Comcast duopoly and Clear's Wimax sounds just about right.

Re:

[sopssa]

Yep, that just tells that all of this "we are running out of ip addresses!" is just nonsense still, especially if ISP's are able to give 32 public ip's to a single home customer.

Re:

[Jonner]

I've never gotten more than on public address from any ISP for a residential account, whether dialup, DSL or cable. Have you? I think that's a pretty rare situation.

Re:

[sopssa]

My ISP gives 5 public ip's, but I know some give even more (like in GP's case too)

Re:

[LBArrettAnderson]

And 5 usable IPs likely means that they are allocating 8 for you. 1 for a gateway, 1 for the network address, and 1 broadcast IP.

Re:

[wagnerrp]

I realize I am by far an extreme case, but in a house of four, I run one server, two mythtv frontends, one networked tuner, one networked POTS ATA, one game console, three WiFi access points, one networked printer, one networked RAID card, three desktops, four laptops, three internet capable phones, and a handful of other old machines that I occasionally bring online for various uses. That's 21 devices which could be using their own IP. Throw in half a dozen applications I'm running on the server which ea

Re:

[wagnerrp]

NAT is not a security tool, has never been a security tool, and was never intended to ever be used as a security tool. It does no more good than a basic 'block all inbound' firewall, and only serves to limit and complicate every application you wish to use.

If I want to run multiple computers accessible over SSH or VNC, I have to run them on separate ports. If I want to run multiple web servers, I again have to run on different ports, or otherwise proxy them all through a single external server. SIP and othe

Great... now do I switch?

[Anonymous Coward]

I live in one of the most tech-focused parts of the country (downtown San Francisco) and as far as I can tell there's no way for a normal consumer to order native (i.e. not tunneled) IPv6 here.

When I moved to my current apartment in 2004 I specifically went with Speakeasy because they were talking about rolling out IPv6 to customers. Over 5 years later, those plans are still stalled as far as I can tell. None of the other providers seem to be even making a peep about it. If I'm wrong, someone please correct me - I'd love to switch to an IPv6-capable provider.

I've pretty much concluded that IPv6 just isn't going to happen -- instead providers will just force all of us normal people into shared IP addresses. From a technical perspective this isn't hard to do: just move the software that's currently running in your home NAT router onto the DSLAM and only provide a NATed view. For the ISPs there's no downside to this since not only can they avoid rolling out IPv6, it means they have complete control of your network connection.

I bet in 10 years we still won't have IPv6 in our homes, and the idea of having your own IP address (even a dynamically allocated one) will just be a memory. It's a shame.

Re:

[swillden]

None of the other providers seem to be even making a peep about it.

Comcast is planning to start deploying residential IPv6 this year. They haven't said how long it will take for a full rollout to all of their customers, but if they do get there, that will be a significant chunk of the US residential market that has native IPv6.

On the other hand...

[192939495969798999]

... we won't run out, because more and more of the addresses in use will also become available, and as ipv6 uptake accelerates, ipv4 uptake will dramatically decelerate, and it will stop just shy of actually running out.

Refrigerator ....

[Mansing]

... can't get a DHCP address .... Film at 11.

Re:

[Jeremi]

... can't get a DHCP address .... Film at 11

The Film at 11 has been cancelled, because the television's NAT gateway wasn't configured properly.

Only a Few More Years' Worth of IPv4 Addresses...

[jimpop]

Only a Few More Years' Worth of IPv4 Addresses

They (vested interest groups) have been saying that for a decade now.... guess what, we haven't run out yet.

Re:

[compro01]

We managed to slow it down via massive use of NAT and the RIRs tightening the requirements to get blocks of address space.

2012?

[michaelmalak]

The Mayans were right about 2012!

Take back his Nobel Prize!!

[lucm]

> So it's a near certainty that before Barack Obama vacates the White House, we'll be out of IPv4 address

When Bush left, there was still plenty of IPv4! Shame to you, Obama.

Workaround

[SEWilco]

So it's a near certainty that before Barack Obama vacates the White House, we'll be out of IPv4 address[es]. (Even if he doesn't get re-elected.)

So if we change the Constitution to extend the President's term of office to eternity, we'll be OK? No election, no problem.

Now if IPv6 could get fixed...

[Junta]

There are so many ways IPv6 remains broken and too many of the people with influence can tend to say 'working as designed'.

I know that's controversial, so I'll enumerate my pain points:
-DHCPv6 DUID is a pain to 'pre-provision'. When any operating system or firmware instance dhcpv6 for the first time, it sends out something that you'll never know what it would be ahead of time. In 99% of cases, the DUID is a generated value at 'OS Install time' that is used only for that specific OS, and a reinstall or livecd boot will change it out completely. stateless boot, multi-boot systems and multi-stage booting (i.e. pxe -> os) cannot hold together a coherent identity because DHCPv6 is explicitly designed not to do that. Binding by MAC is considered 'evil', but it has been the strategy used for ages. I wouldn't mind so much if DUID was commonly implemented as a value retrieved from motherboard firmware tables, but no one is stepping up to drive that behavior in a spec visible to all parties.

No PXE/bootp boot. I believe they are trying to reinvent, from scratch the boot design from IPv4, and are nearing completion. I fear the extent to which the baby has been tossed out with the bathwater (i.e. 'root-path' was dropped and no one has pulled it into dhcpv6).

Some standards are missing the capability to operate in IPv6. I.e. IPMI hase some IPv4 specific portions of the standard without IPv6 capable equivalents.

Re:Now if IPv6 could get fixed...

[swillden]

Why use DHCPv6? I much prefer stateless autoconfiguration. I was amazed at how well it works. The first time I fired up the radvd daemon on my home gateway (which is using a tunnel broker service to get v6), I was amazed at how every device on the LAN instantly had v6 access, with no action whatsoever on my part.

I don't have any comment on PXE/bootp. Haven't looked into that in the v6 world. It seems like v6 should make that trivial, though. Just pick a standard reserved local suffix to hold the boot service. The booting device should wait for a router advertisement to find out what network it's on, append the standard suffix and open a connection to get boot code. Done. That's just off the top of my head, of course.

There's an incredible amount of waste in IPs

[mschuyler]

I know of one organization, for example, that was originally awarded 11 Class C's. These are permanently assigned. One Class C was used to knit together nine routers (That's all.) Another was assigned to a branch office that had five PCs, one hub, and one router. Later they added an IP-addressable copy machine and printer, so that's nine IPs hard coded out of one Class C. When their main office got a little crowded they did manage to subnet this Class C into two and swipe half of it away, but overall I thin

idea: switch to alphanumeric

[Ralph Spoilsport]

So, an address might look like:

1h2.tyj.56j.0as

I think that would solve the problem permanently.

alphanumeric means errors

[freaker_TuC]

Why recreate the wheel if they already got ipv6 for that?

By using that approach of alphanumeric [a-z] you'll also get a lot more errors in spelling, O & 0, I & 1, ..
HEX solves that entirely by only allowing [0-F].

The real answer...

[John Hasler]

...is to go back to UUCP bang addresses. Pathalias can handle routing.
--
ihnp4!stolaf!bungia!foundln!john

Re:How many more times are we going to run out?

[Burdell]

RTFS and do the math. 203 million addresses were allocated in 2009; a /8 is 16.7 million addresses; reclaiming a /8 (which would probably take a lot of time and effort, possibly in court) would put off the IPv4 depletion by about one month. It isn't worth the effort; better to put it into IPv6.

one address per two world citizens

[wwwillem]

Agreed, look at it another way: 2**32 is four billion address, which is one address per two world citizens. OK, I could share that IP with my wife, but given the number of devices in between us, that won't really work. Now I know, that places like Africa currently don't follow the pattern of "personal" computers, but how long will that last.

More realistically, given that my phone, web-server, car, camera, email, GPS unit, home security system, etc. all should have their own IP address, we need at least 20x what a 32 bit address space can provide. And then you've to add the 'wasted space' so that we can allocate blocks of addresses in a logical fashion.

So yes, IPv6 is the only way to go, if you like it or not. Couple of /8 blocks or NAT won't help us.

Re:

[Chang]

We are consuming a little more than a /8 every month and if every single /8 was reclaimed from a corporation that was assigned prior to 1995 how much extra time would that buy us?

How many years and millions would be spent getting them to renumber or forcing them to renumber through some sort of legal process?

How long is it going to take to transition to IPv6 - probably 10 years or more.

Where is the time and money better spent?

Re:

[Teancum]

How long is it going to take to transition to IPv6 - probably 10 years or more.

Where is the time and money better spent?

The transition to IPv6 should have been 10 years ago. It is that old of a concept. That it might take 10 more years is essentially saying it will never happen.

I agree that IPv6 is the way to go, and it astounds me that there are folks even willing to issue IPv4 address blocks. If the harsh reality comes down that no new IP addresses are going to be allocated, folks will be much more prone to a solution like IPv6.

I remember nearly two decades ago that a discussion came up at the university that I attended

Re:

[sopssa]

As long as they don't take away 69.69.69.69 from it's owner:

$ host 69.69.69.69
69.69.69.69.in-addr.arpa domain name pointer the-coolest-ip-on-the-net.com.

Re:

[Dunbal]

Look at it this way - the year we run out of IPv4 addresses is the same year that linux will be the desktop OS of choice - because Duke Nukem Forever will only be available on linux.

Re:

[Jonner]

You clearly don't understand the way the Internet is supposed to work, which is as a bunch of peers, all able to communicate with each other. NATs only work to the extent that they can preserve the illusion of a peer to peer network. A shortage of addresses resulting in more NATs gives the man more ways to control us, not the opposite.

"Private" IP addresses have little to do with human privacy. If you don't want a fridge giving out private information, don't buy fridge capable of doing that or don't connect

Re:Demand IPv6 and it will come

[JSBiff]

Or you could get a router which supports IPv6 *today* and use 6to4 to use a single public v4 address to address multiple IPv6 hosts on your network, and to talk to other IPv6 capable hosts. If you want a router that's ready out of the box, my understanding is that Apple's Airport routers support IPv6. If you don't mind a little bit of tinkering, you can get a router which is compatible with a third-party firmware replacement (such as OpenWRT [openwrt.org], load OpenWRT on it, and use IPv6 (I just got a Linksys WRT54GL for $70 at Microcenter - it's a bit more expensive than some of the other 802.11g routers, but still not too bad - and I'm going to flash it sometime in the next week or two, as I get time).

Re:

[tftp]

The number of applications that make this assumption is not small, but it is not unmanageable.

I would say that IPv4-only apps are majority:

#include <netinet/in.h>

struct sockaddr_in {
short sin_family; // e.g. AF_INET
unsigned short sin_port; // e.g. htons(3490)
struct in_addr sin_addr; // see struct in_addr, below
char sin_zero[8]; // zero this if you want to
};

struct in_addr {
unsigned long s_addr; // load with inet_aton()
};

You need to hack the source to use in6_addr and sockad