IPv4 Free Pool Drops Below 10%, 1.0.0.0/8 Allocated 467
mysidia writes "A total of 16,777,216 IP address numbers were just allocated to the Asian Pacific Network Information Centre IP address registry for assignment to users. Some venerable IP addresses such as 1.1.1.1 and 1.2.3.4 have been officially assigned to the registry itself temporarily, for testing as part of the DEBOGON project. The major address blocks 1.0.0.0/8 and 27.0.0.0/8, are chosen accordance with a decision by ICANN to assign the least-desirable remaining IP address ranges to the largest regional registries first, reserving most more desirable blocks of addresses for the African and Latin American internet users, instead of North America, Europe, or Asia. In other words: of the 256 major networks in IPv4, only 24 network blocks remain unallocated in the global free pool, and many of the remaining networks have been tainted or made less desirable by unofficial users who attempted an end-run around the registration process, and treated 'RESERVED' IP addresses as 'freely available' for their own internal use. This allocation is right on target with projected IPv4 consumption and was predicted by the IPv4 report, which has continuously and reliably estimated global pool IP address exhaustion for late 2011 and regional registry exhaustion by late 2012. So, does your enterprise intranet use any unofficial address ranges for private networks?" Reader dude_nl sends in a summary of the issues with allocating from 1.0.0.0/8 from the BGPmon.net blog. "As Alain Durand mentioned on Nanog: 'Who said the water at the bottom of the barrel of IPv4 addresses will be very pure? We ARE running out and the global pain is increasing.'"
AnoNet (Score:5, Informative)
AnoNet [wikipedia.org] is one of those who use 1.0.0.0/8 for private VPN because everyone thought it wouldn't be in use. I am pretty sure there are A LOT of organizations and other services who do too.
anoNet is a decentralized friend-to-friend network built using VPNs and software BGP routers. anoNet works by making it difficult to learn the identities of others on the network allowing them to anonymously host content and IPv4 services. Assuming that a router administrator on such a metanet knows only information about the adjacent routers, standard routing protocols can take care of finding the proper path for a packet to take to reach its destination. All destinations further than one hop can for most people's threat models be considered anonymous. This is because only your immediate peers know your IP. Anyone not directly connected to you only knows you by an IP in the 1.0.0.0/8 range, and that IP is not necessarily tied to any identifiable information.
To avoid addressing conflict with the internet itself, the range 1.0.0.0/8 is used. This is to avoid conflicting with internal networks such as 10/8, 172.16/12 and 192.168/16, as well as assigned Internet ranges. As of January 2010 IANA has allocated 1/8 to APNIC.[1] If the service does not switch to another address range then Internet hosts using 1.0.0.0/8 will be inaccessible to AnoNet users.
Re:AnoNet (Score:5, Informative)
Uhhhh...no?
10.0.0.0/8 is, and always will be, an RFC-1918 private IP address used for internal networks and NAT.
The company in question was using 1.0.0.0/8, just because it was routable and unused.
Re: (Score:2)
Hi Charles. I should have put a smiley on that post ;)
Re: (Score:3, Funny)
I thought you just misread the original post.
Don't I at least get a "whoosh"? :-)
Re: (Score:2, Informative)
Another one still unallocated is 5.0.0.0/8 which Hamachi uses to create a virtual lan on the internet. I'm sure it wont be too long until that one will get assigned too though.
Also some Cisco hardware use 1.1.1.1 internally. Painful times ahead.
Re: (Score:2)
traceroute -In 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
1 192.168.1.254 69.794 ms 69.256 ms 68.732 ms
2 212.74.102.13 24.112 ms * *
3 * * *
4 * * *
5 * * *
6 * 10.72.11.74 31.213 ms 27.606 ms
7 1.1.1.1 27.320 ms 27.172 ms 27.544 ms
That's not meant to happen, is it?
traceroute -n 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
1 192.168.1.254 33.818 ms 33.315 ms 32.731 ms
2 212.
Re: (Score:3, Funny)
IANA network expert
Mod parent funny for the double-entendre.
Re:AnoNet (Score:5, Funny)
Not a problem, we can just NAT the NATed NAT NAT and everything will be fine forever, tra-la!
Re:AnoNet (Score:4, Informative)
Well that would be their own fault for not using an address like 10.0.0.0/8 which was designed and documented for that purpose.
You know, it really wouldn't hurt to read a post before you reply to it...
To avoid addressing conflict with the internet itself, the range 1.0.0.0/8 is used. This is to avoid conflicting with internal networks such as 10/8, 172.16/12 and 192.168/16, as well as assigned Internet ranges. As of January 2010 IANA has allocated 1/8 to APNIC.[1] If the service does not switch to another address range then Internet hosts using 1.0.0.0/8 will be inaccessible to AnoNet users.
Re:AnoNet (Score:4, Funny)
Ill bet this will happen (Score:5, Insightful)
We will wait until the IPv4 addresses run out and then force businesses to start using IPv6 if they want to get on the internet.
There will be a temporary boon for networking manufacturers as companies will have to change their equipment
As a side curiosity, I wonder how many public IPv4 IPs are actually in use.
Re:Ill bet this will happen (Score:5, Insightful)
What will happen will be the standard that us humans have followed throughout the ages. We will wait until the IPv4 addresses run out and then force businesses to start using IPv6 if they want to get on the internet. There will be a temporary boon for networking manufacturers as companies will have to change their equipment As a side curiosity, I wonder how many public IPv4 IPs are actually in use.
Unfortunately I think you're right. We are a very reactive culture, generally. We don't seem to believe in using foresight to ease predictable and inevitable suffering of any kind. I suspect that's because there is a great deal of political power and quick money to be had in crises when people are desperate and afraid, but not so much in preparedness and prevention.
Re: (Score:2, Interesting)
We are a very reactive culture, generally. We don't seem to believe in using foresight to ease predictable and inevitable suffering of any kind.
Because it's usually more expensive and difficult than dealing with problems when they actually become problems.
Re:Ill bet this will happen (Score:5, Insightful)
Amen to that.
The fact is, we've been preparing for the IPv6 switch for years now. The IPv6 spec reserves space for the entire IPv4 network, making translation between the two a snap. Any modern OS less than 5 years old has IPv6 built in, including conversion between v4 and v6. Almost all commercial networking hardware sold in the last 5-10 years is IPv6 capable, and as I already said using IPv4 within IPv6 is a piece of cake.
The only issue here is going to be the fighting between registrars over address blocks, and that's nothing new. Private addressing with NAT doesn't even need to change if you don't want to bother with it, just change your gateway IP's from v4 to v6 and there you go, bandaid applied until you actually truly need to upgrade everything.
The whole uproar over this issue is silly. It has already been taken care of. Hell it was half taken care of in the IPv6 spec itself, and the rest by the router and switch vendors that have been putting the option in their equipment over the last decade. At worst there will be some minor pains to actually enable and configure the IPv6 capable equipment, and those using really old equipment will have to upgrade their gateways. Those like AnoNet who improperly used IPv4 addresses in the first place are going to have to come up with something else until the switch is finally thrown on IPv6, and that's entirely their own fault. By definition they were not supposed to use those addresses, and they've been bitten for it. Sucks to be them.
The IPv4 problem isn't 1/10th the problem people seem to think it is. The only reason it hasn't been done yet is because it is quite a bit cheaper to spend no money at all than it is to spend a little money for no immediate gain. Companies will spend the money to switch when they need to, and not a moment before; as long as we still have 10% of the addresses unassigned or reserved, there is no need to spend the money yet.
Re: (Score:3, Informative)
Not just any modern OS, the BSDs, *nixes, and Windows all have IPv6 support going back a decade. I'm not sure about the classic Mac OS, though.
Re:Ill bet this will happen (Score:5, Insightful)
Well, you can put a little asterisk next to Windows as XP cannot do DNS lookups over IPv6, which is kind of a big problem if you want to browse the internet using just IPv6 in XP. I kind of doubt Microsoft is ever going to fix this, as this will end up forcing a bunch of people off of XP if the switch ever happens.
Re: IPv4 IPv6 interoperability (Score:4, Insightful)
The IPv6 spec reserves space for the entire IPv4 network, making translation between the two a snap
That reservation is more or less a joke. It is great (in principle) if you want to send a packet from an IPv6 host to an IPv4 host. But how does the IPv4 host send a reply back? The short answer is, it can't. It can't because there (obviously) is no static mapping of IPv6 addresses to IPv4 address. There is no way to cleanly fold 128 bits into 32.
That means that there are only three basic ways for IPv4 hosts and IPv6 hosts to interoperate: v4v6 network address transation (NAT), application layer gateways (ALGs), and dual stacks. Presumably, the main point of IPv6 is to avoid NAT, so v4v6 NAT is a relatively undesirable solution. Application layer gateways for every external communication protocol are even more problematic. That leaves dual stacking, which is a way of solving the IPv4 IPv6 interoperability problem by conceding the plain truth - that IPv4 and IPv6 are not interoperable and never will be.
The only way to avoid NAT or ALGs is for every last Internet connected device on the planet to be dual stacked. That is going to take at least a decade. There will probably be lots of strange NAT and ALG solutions in between.
The more interesting question is if there were a market for IPv4 addresses, such that organizations had a significant economic incentive to renumber and minimize the number of IPv4 addresses they used (and the size of the routing tables necessary to reach them) how long could we survive on the current system? I would guess a half century at least.
Given the likelihood of this sort of economically motivated renumbering effort once centrally allocated blocks of IPv4 addresses run out, at what point does the overhead of the necessary network address translation outweigh the cost of administering a parallel IPv6 network that reaches nearly every device on the planet, in addition to the IPv4 network that is already there and which must remain there indefinitely (down to the level of each individual PC) in the absence of all the alternative v4v6 NAT and ALG devices we are trying to avoid in the first place?
Essentially IPv4 has a defective design, and IPv6 has exactly the same defect, with a slightly larger address space. Slightly because hierarchical allocation will use up those initial 64 network addressing bits in a big hurry. IPv6 is no more than a stop gap for a some sort of variable length address (VLA) scheme, the only alternative that that isn't essentially an exercise in planned obsolescence.
Re:Ill bet this will happen (Score:4, Interesting)
Is there any physical reason why a router couldn't do the following to transparently enable ipv6-oblivious software to effectively "inverse-NAT the rest of the world"?
1) Connect, and note the /48 assigned to the site by the ISP (for this example, let's say (37a1:de19:7f9b/48).
2) To the inside network, the router looks just like any other ipv4 router. For the sake of argument, let's pretend it's allocating ip addresses 192.168.100.100 to 192.168.100.199 via DHCP
3) A desktop PC on the local network asks the router for an IP address. It gets 192.168.100.101.
4) That desktop PC later sends a request to fetch http://www.slashdot.org./ [www.slashdot.org] The router intercepts the DNS request.
5) The router does the dns lookup, and discovers that Slashdot's IPv6 address is 2005:1234:5678:1::1.
6) The router makes up a fake ipv4 address. To do so, the router declares 10.0.0.0/8 to be off-limits for use on the local network as a local address so they can be hijacked for this purpose, instead. It picks one -- 10.5.17.88 -- then makes a note to itself that it expires in an hour, and answers the DNS query from the local PC: Slashdot's IP address is 10.5.17.88, with TTL=60 minutes.
7. The local PC's browser sends a http request to http://10.5.17.88./ [5.17.88]
8. The router sees the outbound datagram with a 10.0.0.0/8 address. It does a quick lookup from its own local table, and sees that the real ipv6 address is 2005:1234:5678:1::1. It proceeds to send a fake ipv6 request to 2005:1234:5678:1::1 that appears to be from 37a1:de19:7f9b:1:6969:0192:0168:0100:0101. Yeah, the lower 64 bits completely stomp on the intent of every ipv6-related RFC, not to mention inefficiently maps decimal octets to 16-bit values for the sake of human-readability. Deal with it. It works anyway, and makes life a little easier during the transition. ;-)
9) Slashdot's server receives the request from 37a1:de19:7f9b:6969:192:168:100:101, and sends the response.
10) The router gets the datagram. It sees the 6969 (a value dictated by the router that might very well be randomly pulled out of a hat), which confirms to it that the lower 64 bits contain the local ipv4 address encoded in human-readable form. It rewrites the datagram, and passes it along to the local network.
11) The local PC gets its response from 10.5.17.88, and never knows the difference.
The router would need a big chunk of ram to keep track of the kludged dns lookup table, and would have to do more than routers do now to keep up the facade of an ipv4 universe for blissfully-oblivious clients on the inside... but it seems like it would nicely solve the problem of ipv6-unaware software by giving end users another decade or two to sidestep the problem. Their "real" ip address (site network) would be ipv6, but everything that's ipv6-unaware would be able to think it was really sitting behind a public ipv4 address.
For an added level of security (making it harder for random traffic from the outside to directly reach inside hosts), instead of picking a value like '6969' for the fourth 16-bit chunk, it could pick a new random value every hour, use it to XOR the lower 64 bits, and use THAT value for the fourth chunk. When incoming requests came in, it would xor the lower 4 16-bit chunks against its current random value, and compare it to the value presented as the fourth chunk. If it didn't match, it would try again with its previous random value. If it found a match, it would pass it along as per step 10. Otherwise, it might variously refuse the connection, return random junk, silently ignore it, and/or blackhole that IP's source network for some period of time to protect itself.
For hosts intended to have direct accessibility from the outside, the fourth chunk might have a different interpretation. For example, using 0xf as the high 4 bits to flag it, and the lower 12 bits of chunk #4 to indicate the port. So if the local PC whose ip a
Re: (Score:3, Insightful)
The OS might support IPv6, but the apps have to support it too, or the OS itself is going to end up doing something like I described above. IPv4 apps aren't going away anytime soon, and any attempt to force the issue by intentionally breaking them will just incite user rebellion. Yes, it's a complicated router-based solution... but routers are cheap. By making the "outside world" look more or less exactly like it does now via a more sophisticated router doing inverse NAT, you're enabling everything on the i
Re: (Score:3, Insightful)
Why? He's right. When a problem is right on top of you, it's very easy to quantify.
Yes I know the saying, "ounce of prevention is worth a pound of cure". But it doesn't work that way. It's hard to quantify a problem that's years in the future, so preventions tend to be financially wasteful.
Re:Ill bet this will happen (Score:4, Insightful)
Why? He's right. When a problem is right on top of you, it's very easy to quantify.
Yes I know the saying, "ounce of prevention is worth a pound of cure". But it doesn't work that way. It's hard to quantify a problem that's years in the future, so preventions tend to be financially wasteful.
Note that I specifically (and plainly) said problems which are predictable and inevitable. By definition, these are not difficult to quantify. This is why attention to detail, good reading comprehension, or whatever you prefer to call it is important. Sorry but I see this mistake all the time and it's a careless one.
At any rate, Aesop had it right. The ant had a much easier time than did the grasshopper.
Lao Tzu had it right as well. To paraphrase, every large and difficult-to-solve problem was once a small problem that could have been easily solved. Once realized, the only limit to the application of this principle is whether you have the fine perception necessary to notice a problem while it is in its early stages and nip it in the bud before it blossoms. What I was saying before is that government does not grok this principle because it doesn't want to; it has no such incentive. That is, it's unreasonable to expect an amoral organization to willingly take any action that would result in less money and power for that organization. Government is unfortunately no exception.
It's hard to institute a Federal Reserve system if there is no Great Depression. It's hard to pass a law like the Patriot Act if there is no September 11th attack. It's hard to justify warrantless wiretapping if there is no bogeyman around every corner. The term for the technique is the Hegelian Dialectic, aka "Thesis, Antithesis, Synthesis," aka "Problem, Reaction, Solution."
Re:Ill bet this will happen (Score:5, Insightful)
"every large and difficult-to-solve problem was once a small problem that could have been easily solved."
Or alternatively, it was a small problem that could not be easily solved, because all attempted solutions caused other problems.
Just because a problem exists doesn't mean a solution does.
Re: (Score:3, Informative)
I'd probably say china's 1 child/family policy was a proactive policy to prevent an overpopulation problem in china. Can you imagine such a policy in the west? I'm not saying it is good or bad, just a difference. Generally I'd say democratic societies have a very hard time making difficult choices until there is no other possible option. Centralized govt on the other hand can cram a decision down the people with no fear of not being re-elected. Uprising maybe, but thats what good armies are for.
Re:Ill bet this will happen (Score:5, Insightful)
Re: (Score:3, Interesting)
The reason that there will likely be no freak out is that this problem will only affect providers and anyone who wants to get a new routable IP after the IPv4 addresses run out. That is a much smaller group than everyone in IPv4 space and it is a group that is more likely to have an understanding of what needs to be done internally. They aren't going to need to hire COBOL experts to fix their banking code to prevent it from breaking by a certain hard and fast date.
For the people who continue to use IPv4,
Re:Ill bet this will happen (Score:5, Interesting)
I actually called my ISP last week and asked if I could get an IPv6 address. They told me Cisco said they won't have to worry about it for at least a couple of years, so they (my ISP) haven't even started thinking about it, yet. I guess they're going to wait until the last IPv4 addresses run out and have a mad rush to assign IPv6 addresses. That'll be fun...
Re: (Score:3, Funny)
How is that 'offtopic'?
It wasn't. It's like an AC said in a different discussion; the mod disagreed with him but did not have the intellectual capacity to construct a counter-argument.
If the more trigger-happy mods have an axe to grind and want to waste points, mod me down. Right now. I dare you. I have more karma than I need and would rather you mod me down than use your points where it would actually matter. Maybe I should have omitted that last sentence since it might make you reconsider doing it.
I don't know (Score:5, Interesting)
There has been an increasing amount of IPv6 support out there. Part of the problem in terms of going IPv6 right away is that many of the high end routers out there accelerate IPv4 but don't accelerate IPv6. Basically when you deal with large amounts of data, it is infeasible to do everything in software. So you have ASICs to help speed everything up. Works great, but said ASICs have limits to what they can do and being hardware, can't simply be reprogrammed. This means you have to buy new hardware to support IPv6, which is of course expensive.
We had that situation on the campus I work on a few years ago. Some people were wanting IPv6 but we didn't support it. Technically, it could be enabled and run on the routers' CPUs but that would only work if a few people used it. If usage got higher, the routers would crash under the load. We needed new routers (or more properly new supervisor modules for them) to support it. However, it was really expensive, a few million for all of campus. That money was not going to be spent just so people could play with IPv6.
However, we've had to upgrade the routers anyhow to support more traffic and such, so now they have IPv6 hardware and IPv6 is routed on campus.
Thus I think you'll see this continue to happen. New hardware supports IPv6, companies will get it, and will then be able to support IPv6 no problem. It just won't be an immediate process. They aren't going to go and buy IPv6 hardware just to get IPv6 support if they don't need it. However, when they need new hardware anyhow, the stuff they get will have IPv6 support.
I think we are more likely to see a gradual change. More and more networks will start supporting IPv6, and people will start using it because it'll be cheap. An ISP will say something like "Well sure, you can buy IPv4 addresses for $10/month each, however your account includes more IPv6 addresses than you can ever use for free anyhow." So people will start using it.
Re: Saving IPv4 addresses by switching to IPv6 (Score:4, Insightful)
It doesn't matter how many IPv6 addresses you have as long as there remain IPv4 only clients that cannot access them. The only way the transition is going to be gradual is with a whole host of v4v6 and v6v4 NAT and application layer gateway devices.
The main people that need to run such devices are the end user ISPs. Until they do, no IPv4 only client will ever be able to reach a IPv6 only server. SNI aside, every publicly addressable IPv6 server will require the same number of IPv4 addresses as it does now. Dual stacking will not save an iota of IPv4 address space until IPv4 clients are practically required to use some sort of v4v6 NAT or ALG to access the rest of the (IPv6) Internet. To say nothing of the v4v4 or v6v4 NAT required so that every last ISP client doesn't require a routable IPv4 address as well.
I have have seen the future, and it is NAT until the cows come home (unfortunately). All this dual stacking is a worthless exercise without the v4v6 and v6v4 NAT (or ALGs) necessary so that the number of IPv4 addresses required actually goes down. I sure hope somebody is reserving the address space so that v4v6 NAT is actually practical, because we are going to need it for a long time, and the IPv4->IPv6 transition won't happen without it.
Re: (Score:3)
Something else will also happen, business with lots of IPv4 addresses, available for hire, will do everything they can to fend of IPv6, corporate lobbyists, marketing lies etc. Why, obviously as new addresses become unavailable they can significantly via artificiality induced scarcity ramp up the price and profit margins.
On the other side, the shear number of IPv6 addresses means that every network connected device can have it's own unique IP address hard coded at the factory, specific for the region whe
Re: (Score:3, Insightful)
> The rest could be handled through NAT with 1:100 mappings or so.
Sure, but would you want to be the one managing the transition? They might as well go directly to IPv6 internally.
DEBOGON (Score:2)
I seriously read that as Dagobah
No (Score:5, Funny)
They'll never take my 127.0.0.1 away from me, dammit!
Re: (Score:3, Funny)
You don't probably have anything to worry about, but the owner of 69.69.69.69 is probably sweating about his leetness.
$ host 69.69.69.69
69.69.69.69.in-addr.arpa domain name pointer the-coolest-ip-on-the-net.com.
Re: (Score:3, Funny)
My favourite address is 70.85.67.75
I've tried for ages but I've never been able to get it.
Re: (Score:3, Informative)
Re:No (Score:4, Interesting)
And as long as 4.2.2.2 remains ping-able so I can quickly whether just DNS or the net in general is down I'm okay with any reallocation.
It actually might not be for long, Level 3 is closing public access to it and only allowing its use for their own customers.
Re: (Score:3, Informative)
You can start using 8.8.8.8 and 8.8.4.4 for public dns (and ping too if you wish), they are Google's and they are not going to lock those down anytime soon.
1.2.3.4! (Score:5, Funny)
Thats the IP address of my luggage.
Re:1.2.3.4! (Score:4, Funny)
If you leave your bag unattended its time to live might expire.
When the luggage system backs up, it sends a source quench.
What do you mean "no route to host"?
My luggage was fragmented!
Can't your luggage route around the storm?
and many more...
It was one of the most enjoyable bus rides I've ever had.
they should start selling IPadresses like phone (Score:3, Interesting)
numbers and car plates.
I'd love to have 1.1.1.1, or 29.09.19.69 (my bday)
Re:they should start selling IPadresses like phone (Score:5, Funny)
or 29.09.19.69 (my bday)
So if you had your Social Security number as an IP address, what would it be?
Re: (Score:3, Interesting)
Only issue with that is how the routing system works. Routers are incapable of keeping track of where every single individual IP is located on the internet. Instead they just get announcements for very large networks, and then as the packet gets closer to its destination it can be tracked with greater and greater granularity.
Dynamic DNS is a much better approach - it separates the implementation of the naming and the routing functions.
I have no idea how the phone system manages to handle number portabilit
Desirable? (Score:2)
Why are some IP addresses more desirable than others? They are just numbers after all.
Re: (Score:2)
Why are some IP addresses more desirable than others? They are just numbers after all.
Same thing with domain names. They're just letters, after all.
Re:Desirable? (Score:5, Informative)
A good example of an undesirable IP address is one that's on a bunch of spam blacklists.
Some IP addresses are more likely to have connectivity issues than others.
One major issue improper or poorly maintained filters, that effects most address blocks that were previously not being assigned from equally, hence the DEBOGON projects and testing.
There are more insidious issues that only effect some blocks, however.
For example the guerilla usage of "1.0.0.0/8" by AnoNet, and "5.0.0.0/8" by Hamachi, plus private use of those, and other ranges instead of proper RFC1918 addresses by some enterprises.
Makes hosts that use those IP addresses more likely to have communication problems with other hosts on the internet, just because their IP address is in that block.
Re: (Score:2)
Uh, what does? 13.0.0.0/8 is owned by Xerox. Which doesn't really make sense, but they were there to pick it up in 1991.
Re: (Score:3, Funny)
I will be happy to wear the consequences of owning 13.0.0.0 and following recent events I suggest China be allocated 4.0.0.0
What about getting back some... (Score:5, Insightful)
Too much effort for too little benefit (Score:3, Insightful)
Even if you could recoup some of these addresses, this would only afford a few months of use, so it's not going to be worth the effort.
Re:What about getting back some... (Score:5, Informative)
And for each of those /8s, you buy maybe 1.5-2 months more time until v4 exhaustion. Most of those /8s were also allocated prior to any policies permitting reclamation. Any recovery of them would involve legal wrangling, which would be expensive and time consuming. Prolonging the end result isn't a viable solution to the problem, when the solution is available now.
Re: (Score:2)
And after all the kicking, screaming, hair-pulling, knock-down drag-out legal battles to reclaim those blocks, you buy a grand total of about 18 months.
It's not worth it.
Re: (Score:2)
You can have my 127/8 when you pry it from my cold dead fingers, you insensitive clod!
How do these ignorant comments get modded up? (Score:4, Insightful)
This has been addressed time and time (and time) again. a) Those organizations would have to defrag their IP space before large blocks could get released, a process that's slow, intensive, and expensive. But more importantly, b) even if they did that, and then release those blocks for reallocation, at the current rate of consumption, it'd buy us, what? 18 months? Two years at the outside? Meanwhile, global routing tables would get even *larger*, and they're already gigantic.
No, reallocating unused IPs is a total fucking waste of time. That time would be *far* better spent getting IPv6 deployed so we could all move on from this mess.
audits... (Score:2)
I guess it's ICANN or ARIN that forces audits and demands accountability of usage of address space. Who are some of the big targets for recovery? Apple should be target numero uno with the entire 17.x.x.x class A. I know my college used a lot of 143.88.x.x as live ip's for every work station and wifi-connected laptop that happened to come along. No, that's not a lot, but just an example of the waste that goes on.
(Now i'm going to be flamed by the "NAT is just a crappy hack/workaround" crowd.) Oh well.
Re: (Score:2)
It is a crappy hack/workaround, but it works right now. At some point I know I'm going to have to switch, but for now, well, I'll happily use NAT with port forwarding to make my services available.
Re: (Score:2)
The problem with that is the the issuing of IP space back when a lot of those were handed out have no provisions for auditing, use accountability, or reclamation. That means you're looking at a long ugly legal battle, and even if you do win, you buy a little less than one month per /8 reclaimed.
Install your own 6to4 tunnel today (Score:5, Interesting)
Run this script to get your own IPv6 address today:
CUR_IP=(`ip -4 addr show ${CUR_DV} | awk '/inet / { print $2 }' | sed -e 's/^\(\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*$/\1/'`)
IPV6_ADDR=$(printf "2002:%02x%02x:%02x%02x:%04x::%04x" $(echo "${CUR_IP} ${SLA_INTF} ${INTF_ID}" | tr '.' ' '))
ip tunnel add tun6to4 mode sit remote any local ${CUR_IP} ::/0 via ::192.88.99.1 dev tun6to4 metric 1
ip link set dev tun6to4 up
ip -6 addr add ${IPV6_ADDR}/64 dev tun6to4
ip -6 route add 2002::/16 dev tun6to4
ip -6 route add
Install radvd if you want to share your new IPv6 subnet with other people on your local network.
This is all it takes. You do not need to wait for your ISP to get a clue.
Only problem is this does not work with NAT.
Re:Install your own 6to4 tunnel today (Score:5, Interesting)
http://www.sixxs.net/main/ [sixxs.net] (www is required, the site isn't perfect but it works)
I currently have two tunnels (one to an out of house server & one to my house), a subnet for my house (I've tested it, I can ssh from an external server directly to my in-house computers without any port forwarding). It adds a little latency (since you have to go through some other router before reaching the ipv6 part of the internet), but not too bad.
Hurricane Electric is also a great option. (Score:4, Interesting)
I run an HE tunnel at home to provide IPv6 connectivity to my personal network, and it's been working great, and has the advantage over SIXXS of more geographically distributed tunnel endpoints (SIXXS' seem to be clustered on the east coast, while, HE has endpoints in California, among other places). Though you do need to rig up a script to update the tunnel should your IP address change.
Throw in a free v6-capable DNS hosting service like freedns.afraid.org and you're laughing.
Re:Install your own 6to4 tunnel today (Score:5, Interesting)
I use SIXXS, it's been working great.
Be careful...Jeroen runs SixXS with an iron fist, and actually monitors the content you host. This, to me, is unacceptable. And don't get on Jeroen's bad side: You'll be shut down in a heartbeat if you dare question (publicly or privately) any part of the SixXS infrastructure in a critical way.
My suggestion: Run from SixXS as fast as you can. HE is great to work with, and they have no interest in what you host via their IPv6 service.
Re:Install your own 6to4 tunnel today (Score:5, Informative)
Or do a Google search for "jeroen sixxs". You'll hit the motherlode, including these gems (among many):
http://en.linuxreviews.org/SixXS [linuxreviews.org]
http://www.koopman.me/2008/04/stay-away-from-sixxs-run-by-a-couple-kids/ [koopman.me]
https://rejo.zenger.nl/misc/1221048210.php [zenger.nl]
Re:Install your own 6to4 tunnel today (Score:4, Informative)
Only problem is this does not work with NAT.
To be clear, 6to4 needs to be run on the device with your public IP address, or alternately that device needs to pass protocol 41 traffic to the machine doing 6to4. The rest of your network then gets access by native IPv6 routing.
The presence of NAT is not fatal to 6to4.
Why should we care about idiots? (Score:3, Insightful)
So, what? Some idiots have abused reserved or otherwise unused netblocks for their internal networks. I honestly couldn't care less. I have seen this before, even with other blocks which were already in use. It is a very bad practice. Unfortunately there is only one way people might stop doing this: Allocate the blocks now. If users won't be able to reach certain sites, the admin might change the internal addresses. Or they might not. Who cares? No, really: Who cares?
How's NAT64 coming along? (Score:5, Insightful)
From the beginning of IPv6, something was missing: the possibility for IPv4 only hosts to reach IPv6 only hosts. The solution is a form of nat, called NAT64, but a few months ago it was just a vague proposal AFAIK. As long as this is not solved, the transition to IPv6 *cannot* work. There is a simple reason: the planned transition involves ALL hosts talking both IPv4 and IPv6. When you speak both, inevitably the least used IPv6 is not supported well, and people end up using only IPv4.
It's so obvious, I find it shocking it's not taken into account more seriously.
Re: (Score:2)
NAT64 so obvious, I find it shocking it's not taken into account more seriously.
It was actually a part of the initial design for IPv6 -- see Section 5 of RFC 1710, or all the stuff about "translation from IPv6 to IPv4" in RFC 1883. It just somehow fell out of the specifications during the standardisation process.
Re: (Score:2)
NAT64 actually does not solve that, it concerns only the IPv6->IPv4 part, not vice versa. A more general mechanism NAT-PT has been proposed at the dawn of IPv6, but its status has been changed to historic by RFC4966 as it turns out that this is not really easy to get right.
Re:How's NAT64 coming along? (Score:5, Informative)
NAT between v4 and v6 has been deprecated.
The solution is dual stack. Each machine will have both a v4 and a v6 address. The v4 address will be subject to NAT. The v6 will be used because you need it for peer to peer traffic such as voice over IP.
People without dual stack will be in for a hard awakening the day servers start appearing with only v6 because they couldn't afford a v4.
Dual stack is NOT the solution. (Score:5, Insightful)
I have dual stack at home, natively. For all intents and purposes, IPv6 is useless to me. As a result, support is worse. If it goes down, I don't really notice it, and my ISP doesn't give much of a fuck ("err, use IPv4").
Furthermore, as long as not everybody has dual stack, everybody suffers from IPv4 address exhaustion. In other words, the dual stack "solution" means that we have to use IPv4 until every single host (or at least every host we need to talk to) has implemented IPv6. In reality, it's clear that 20 years in the future there will still be idiots still running IPv4, because they can't be fucked to migrate. When I see how networking is broken in many enterprises, I don't see how they'll ever migrate to IPv6. I could tell you about all the brokenness I've witnessed, even in companies that are supposed to be somewhat technically oriented, and it's fucking scary.
Forget dual stack. And don't call it a "solution," it's not just ridiculous, it's delusional.
Re: (Score:3, Interesting)
Our present situation is due in large part to the incompetence of the IPv6 designers and their total and complete failure to plan, or even recognise the need, for a transition.
The IPv4 address space could have been embedded in the IPv6 space. If the existing standard couldn't handle it, then that standard needed to be changed so it could have. IPv6 machines needed native capability to talk to IPv4 devices. Their lack of it is a d
Re: (Score:3, Interesting)
Squid is v4 and v6 aware, which means if you have an IPv6 host using squid, it can talk to an IPv4 host. If you have an IPv4 host, it can now talk to an IPv6 host as well. The only downside here is that it requires configuration of the proxy in the browser directly, you can't (easily, without DNS spoofing) transparently proxy all requests.
Not using any bogons over here (Score:2)
But I did notice the other day that Time Warner is using 10.0.0.0 for user devices, and not just between the device and its gateway. Such IPs are exposed to the public, and fully routable within their network. Well, the cross-section of the public limited to TW customers, I suppose. I discovered this quite by accident. I thought my WiFi router was at 10.something and was very puzzled by the web page I received, which said "Scientific-Atlanta WebStar Cable Modem". Turns out my router is at 10.somethinge
Re: (Score:2)
Not at all uncommon with big ISPs, alas. British Telecom are doing something similar - which to my mind suggests there may well be more than one layer of NAT going on for quite a few customers....
Re: (Score:2)
Yeah, I had to switch to 192.168. once my ISP started to use 10.x.x.x a few years ago. Sucked.
Oh well... (Score:2)
I've been using 1.1.1.1/8 at home for years. It's by far the quickest to type and remember.
I'll probably keep using it for a while, until I need to reach any of those officially allocated addresses in 1/8. Hearing they got allocated in Africa and Latina America is really good news, since I rarely go to African and Latin American websites.
Re: (Score:2)
I used to use 10.x.x.x for my internal network, until it started to get routed. Appears some ISPs use it for things.
131.0.0.0 (Score:2)
No, I don't know why it is that and not something else. We only have a couple hundred assigned IP addresses.
Multicast/Class E (Score:2)
How about the Class E (reserved for future use) range? That's another 15 "Class A" blocks excluding RFC0919.
How many people use anything but 224/8 for Multicast applications? IANA [iana.org] seems to have most of that space reserved or experimental.
Re:Multicast/Class E (Score:4, Informative)
The problem with "Class E" is these addresses have a "not a valid IP address" status; the classification of the addresses are "Experimental", not UNICAST. As a result, many OSes or devices from many vendors will not allow you to assign a Class E address, or communicate with a Class E address.
Windows XP falls into that category, Vista falls into that category, I cannot confirm whether Windows 7 falls into the category or not; unless there has been a recent patch, Class E IPs are unusable. Even Linux wouldn't allow you to communicate with a Class E address or assign it to an interface, until a kernel patch that was first introduced in January 2008
Many routers and firewalls are in a similar situation. There is a lot of old software running at internet sites that is unlikely to be updated.
If "Class E" address space is ever opened, it's likely that IETF would not direct IANA to assign Class E to the RIRs for public allocation, instead it might be made available for private purposes, much like the RFC1918 address space.
The possibility of allocating 240/4 for use has been discussed on various network engineering mailing lists.
Their findings were that many software programs and hardware devices recognize "Class E" addresses and indicates an error.
So the thought that "Class E" is just more IP addresses to pick up for free, is a nice idea, but unfortunately no panacea. It would be very hard to resurrect that range to 'usefulness' at this point in the Internet's evolution (with such a large installed base).
Enter the IP truthers (Score:4, Funny)
who claim that IP exhaustion is a conspiracy thought up by Al Gore to generate more money for the British Royal Family, and that if we ignore the liberal computer scientists and their biased journals, everything will be fine.
Allocation strategy (Score:2)
I'm really ticked about how the allocation of addresses has been handled over the years, and I can't seem to get a reasonable answer as to why the allocation strategy can't be fixed. How come we can't (pardon the expression) claw back a bunch of allocated but unused addresses from the organizations that are squatting on them? How come we can't allocate addresses in smaller blocks?
Re: (Score:2)
1. Because those addresses were handed out back when there were not any provisions for reclaiming them.
2. They are allocated in smaller blocks. This is IANA assigning address blocks to the Regional Internet Registries, which then assign smaller blocks out to whoever.
IPv6? (Score:2)
So still no need to start getting infrastructure ready for IPv6?
Re: (Score:3, Insightful)
Want me to adopt IPv6? Make IPv6 Lite.
In my humble opinion, the problem with IPv6 is that it's too radical a methodology change for most IT folks to be interested in. I wouldn't be surprised at all if a huge number of us are silently, subconsciously "waiting it out", for someone to propose and ratify a less intimidating address-extension protocol.
It's not that I can't handle Hex... it's not that I can't handle colons. It's not that I can't handle learning about tunnels, or brokers, or 6to4 or any of the
Re: (Score:3, Insightful)
::ffff:1.2.3.4. Not that it helps, since v6 and v4 stacks are different.
IPv6 is still network portion, host portion. You could still specify things in mask notation, if you wanted to, but it's kind of silly. Just use network prefix length notation, it's nicer for both v4 and v6. Gateways are still usually on ::1.
Ah yes, the "use more v4
Re:IPv6? (Score:5, Insightful)
IPv6 works like this. Every ISP and backbone peer has looked at the massive investment necessary to make their entire installed plant IPv6 ready, the large amount of work required, the fact that they will probably break everything about five times in the process because they did something wrong, and has decided that they will migrate when someone holds a gun to their heads and absolutely forces them. Not before.
Marketing + Consumer Idiocy = Profit! (Score:2, Insightful)
Oh geez, I'm gonna have to explain things to my Mom after she gets the following notice in the mail:
"Great news! Our engineers have invented an amazing new technology called IPv6 that NONE OF OUR COMPETITORS HAVE: More addresses! Greater speed! Less lag! New HD content never before available! OMG this new technology called VOIP works over it! Perform online backups! And enjoy the $20 increase to your monthly bill!
That or Obama launches a "Rebates for Routers" program - 6 months AFTER I purchase an I
Re: (Score:3, Insightful)
Well the investors have to get their 15% return every quarter for all of eternity somehow. This is whats expected in this day and age.
Hewlett-Packard (Score:2)
Re: (Score:2)
Why does Hewlett-Packard have not one but TWO /8 IPv4 address ranges [iana.org]?
Where do you see that? As far as I know, they have a single /8 and a bunch of /16s.
The answer, of course, is that they were assigned before subnetting (CIDR) was deployed.
What? (Score:2)
How is 1.1.1.1 one of the "least desirable" ip addresses? I'd love to have it!
Unfortunately, applications still behind the curve (Score:5, Interesting)
When I discovered m0n0wall 1.3 hit the pavement, with support for IPv6, I made the move to transition my home network to v6, for no other reason than it seemed like an interesting thing to do (what can I say, I like to tinker). In the process, I looked to moving all my services to v6... obviously I can't completely abandon v4 internally, but I figured, why not move all my internal stuff over? Problem is, among the software I use, the following don't support v6 at all:
Linux NFS client and server
MySQL
MythTV
rtorrent
m0n0wall's VPN implementations (both IPSec (ironically) and PPTP)
And those are just the first four that popped up (though at least I was able to patch rtorrent). God knows what other software out there doesn't support v6. Of course, many of these things can live in private v4 networks for the time being, but until application vendors catch up with the times, it seems v4 and v6 will be living side-by-side for a long time to come.
Re:Unfortunately, applications still behind the cu (Score:5, Informative)
among the software I use, the following don't support v6 at all
Please file bugs. Most Free Software projects take IPv6 very seriously indeed.
Re:Unfortunately, applications still behind the cu (Score:5, Informative)
In the case of NFS and MySQL, both know about it, and both are looking to fix it, but we won't see the changes any time soon (MySQL expects to see v6 support in version 6.0, and I have no idea when NFSv6 support will land). rtorrent has a patch, but it isn't in stable yet, and I inquired on the m0n0wall mailing list, but alas, received only radio silence. As for MythTV, there's absolutely no mention of v6 anywhere, aside from a stub page on their wiki, so I'm not sure it's even on their radar (though you're right, I should inquire).
Re:Unfortunately, applications still behind the cu (Score:5, Informative)
Uh, no, not at all. To resolve v6 hostnames, you have to retrieve AAAA DNS records instead of A records. That's an application-level activity. Once a v6 address is chosen, the application must be written to create a v6 socket from that address.
Now, it's true that higher-level APIs can hide these details (I believe Java applications are automatically v6 aware thanks to the higher-level APIs exposed by the JDK), but applications written against POSIX must be explicitly written to support v6.
Re:Unfortunately, applications still behind the cu (Score:4, Interesting)
POSIX support is easy if you use the new generic getaddrinfo and getnameinfo. Code needs to be ported from the old way which hardcoded IPv4 addresses (AF_INET). A properly written program will support both IPv4 and IPv6 and will use the right one based on network interfaces and DNS.
Speculators and domain squaters (Score:2)
I wonder if speculators and investors are buying up all the IP4 addresses just to resell them at 10x the price. The same speculators that made billions doing this to housing until a bubble formed.
Or am I just paranoid? I would be tempted myself if I were an evil billionaire.
reclaim dead ip space first (Score:2, Interesting)
ARIN is totally incompetent; Not only does the Prudential have a /8, but back in 1992 when I worked at the Prudential Bank in Atlanta, that totally separate division applied for and got a class-B (158.221) and still holds it to this day. The ridiculous thing is that they will never use it, never did and when I tried to get ARIN to look into getting it back in the late 1990s, that fell on deaf ears. In fact, the Prudential Bank doesn't even exist anymore at the address in the registry entry for 158.221; I do
The end is near (Score:3, Informative)
We are going to run out of IPv4 addresses in March next year (422 days from today) /JB
http://ipv4depletion.com/?page_id=4 [ipv4depletion.com]
Re: (Score:2)
huh?
If you are talking about gateway routers, they have at least 2 interfaces. One interface must be in the subnet it gateways, the interface linking to the next router usually uses a private non-routable like 10...., 176.16...., or 192.168.... I see no way to claim back any routable IP's from the routers themselves. And even if you could, you are only getting back one address per subnet.
deprecating broadcast and making the last address on the subnet a valid host address would be about as feasible. which is