Free IPv4 Pool Now Down To Seven /8s
460
Zocalo writes "For those of you keeping score, ICANN just allocated another four /8 IPv4 blocks; 23/8 and 100/8 to ARIN, 5/8 and 37/8 to RIPE, leaving just seven /8s unassigned. In effect however, this means that there are now just two /8s available before the entire pool will be assigned due to an arrangement whereby the five Regional Internet Registries would each automatically receive one of the final five /8s once that threshold was met. The IPv4 Address Report counter at Potaroo.net is pending an update and still saying 96 days, but it's now starting to look doubtful that we're going to even make it to January."
Last IP! (Score:2)
Last IP!!
I Have 2 that I'm not using anymore, perhaps I should put them on ebay? ;-)
Re: (Score:2)
Re:Last IP! (Score:4, Interesting)
I can announce and route down to a /32. It's up to my peers to accept that announcement. Some may and some may not. It depends upon politics, payment, router memory and BOFH whim.
A /24 is commonly the longest network accepted for re-announcement, but that is not a hard rule.
Re: (Score:3, Interesting)
Soo... (Score:3, Interesting)
So, I keep hearing all this news about them running low... What happens when we run out?
-Taylor
Re:Soo... (Score:5, Informative)
Re:Soo... (Score:4, Funny)
Re:Soo... (Score:4, Informative)
Re:Soo... (Score:5, Informative)
Regional Internet Registry.
Re: (Score:2)
Why in the end we will have to move to IPv6 ? Why not now ?
Re: (Score:3, Insightful)
Some already are, others' aren't. It's not cheap, hence it'll be delayed, as always.
Re: (Score:3, Insightful)
It ain't cheap if you're a major provider, but for the rest of us it is somewhere between dirt cheap to absolutely free.
It WOULD have been cheap or free for the major providers as well had they not spent the last 10 years with their heads buried in the sand. They could have gotten v6 capable routers as part of their normal upgrade cycle.
Re: (Score:3, Informative)
Re:Soo... (Score:4, Informative)
Re: (Score:3, Interesting)
Re: (Score:3, Interesting)
Dual stack is the natural next step here. That means only things going off the LAN/VPN need support v6.
The enterprises won't have to replace their expensive routers, they can set up 6rd servers and department based gateways (or just configure the gateways they already have. Like the providers, they could have had the full support for free with a tiny bit of foresight.
New home router, $50, not all that expensive. Of go to OpenWRT.
Your printer doesn't likely need to go to v6. I suspect you don't offer it as a
Re: (Score:3, Interesting)
Re: (Score:2)
Why in the end we will have to move to IPv6 ? Why not now ?
Because nobody wants to be on the internet all by themselves.
Re:Soo... (Score:5, Insightful)
"Why not now"? Because slack-ass websites like the one you're currently browsing still haven't bothered to flip on the IPv6 switch. I have IPv6 at home (pretty much plug-and-play; just enable it on the Apple Airport base station and all of the LAN machines pick up an address) and the only site I've found to go to is "ipv6.google.com". OK, there's also a dancing turtle GIF on kame.net, but that doesn't really count.
Interestingly there is an "ipv6.slashdot.org" DNS entry. However it has no IPv6 "AAAA" record, only an IPv4 "A". Seriously guys, WTF? If a techie "News for Nerds" site can't be bothered to make itself available to IPv6 users then there's little hope for the rest of the web.
Re: (Score:3, Interesting)
Re: (Score:3, Funny)
There's ipv6.facebook.com
phew. I was beginning to get worried!
Re: (Score:3, Interesting)
Some big ipv6 domains. (This list was posted to the nanog mailing list last week or so):
ipv6.cnn.com
ipv6.comcast.net
ipv6.google.com
www.ipv6.cisco.com
www.v6.facebook.com
m.v6.facebook.com
ipv6.t-mobile.com
ipv6.weather.yahoo.com
Re: (Score:3)
The most surprising turn of events (Score:4, Insightful)
... since the unexpected end of the century in '99.
(What is actually surprising is that the internet still hasn't widely adopted IP6, and ISPs are now turning to ludicrous measures - NAT - to keep avoiding what makes sense.)
Re: (Score:2)
... since the unexpected end of the century in '99.
Quite unexpected considering centuries start at year 1 and end in year 100.
Re: (Score:3)
There is no year zero.
Re: (Score:3, Informative)
That being the case, we as a culture have also decided that decades start a year x0, centuries start at x00, and millenniums start at x000.
No we have not. You will have a very hard time relating to historic dates if you think so. Ever wondered why we are currently in the 21st century and not the 20th? Because the first century was not the number 0 century, as you would have it. The same way, the first year was not the number 0 year, the first decade was not the number 0 decade and the first millenia was not the number 0 millenia.
Just because uneducated people have a hard time grasping this, does not make it less so. If you start calling this t
Re: (Score:3)
you forgot year zero (or are you born having 1 year already under your belt?)
He was talking about years and centuries, not about age.
We started counting centuries with the first century (year 1 to 100), then the second century (year 101 to 200) and so on. The twentieth century was from 1901 to 2000. The 21st century is 2001 to 2100, the 3rd millenium (see how we count millenia starting with 1 as well) is 2001 to 3000. The same rules are used for years, centuries, millenia. They all start with 1.
Re: (Score:2)
Re: (Score:2)
That would only work if our calendar system was 0-indexed. It isn't.
Also noteworthy: the traditional 12 hour clock ranges from 1 through 12 and 59/60 instead of 0 through 11 59/60.
You can mentally warp your mind into seeing "12" as an alternative symbol for "0". In the same way, you can say that a century ends at any year you please. But if we're counting years from the start of the Gregorian calendar, then sadly we're not done 100 years until year 101.
Re: (Score:2)
Re: (Score:2)
(What is actually surprising is that the internet still hasn't widely adopted IP6, and ISPs are now turning to ludicrous measures - NAT - to keep avoiding what makes sense.)
Dare I ask... why, pray tell, do you consider NAT to be a "ludicrous" measure? It seems like a pretty sturdy bridge to me. IPv6's slow adoption isn't really surprising to me; it has required code modifications across the board on numerous levels. It has been more of an undertaking than most people realize. On the other hand, apart from a little NAT-trickery to allow hole-punching (which, admittedly, should be have been put in a standard), the large majority of legacy apps continue to work under NAT like
Re:The most surprising turn of events (Score:5, Insightful)
Re:The most surprising turn of events (Score:5, Insightful)
A lot of the rest of us get along pretty well with putting our servers behind a router/NAT that lets us define which ports get forwarded to which systems behind the router, thus adding "firewall" as a feature.
Thing is, that's only when you have control over the NAT device. If ISPs move to multiple levels of NAT, as some people suggest, then you no longer have access to a thing on which you can forward ports. You're stuck being a content consumer.
Re:The most surprising turn of events (Score:5, Insightful)
Lets say your ISP assigns you 10.0.32.128. Now, kindly tell me how you plan to connect to your home PC from work.
Re:The most surprising turn of events (Score:5, Insightful)
Re:The most surprising turn of events (Score:4, Insightful)
ISPs will just charge extra for a "real" IP address. (Basically the same thing they do now if you want more than however many come with your base service.)
Re: (Score:3, Insightful)
Re:The most surprising turn of events (Score:5, Informative)
Configure your home router to pass the port for whatever service you want to access from work to the system that can deal with it at home. Connect to that address using that port.
This is where the trouble begins. You can do this today because it is _your_ router doing the NAT. With no more IPv4 available, you will be sharing your IPv4 with your neighbours. This means carrier NAT. How do you program your ISPs router? You don't.
Re: (Score:3, Insightful)
That only works because your home router does the Nat using a public IP address your ISP assigns.
That was not the question. I said your ISP assigns you a NATed IP (so you are now doing double NAT at least). You can configure the port forwarding on YOUR NAT device, but I'll bet your ISP won't let you configure THEIR device.
I am familiar with using ssh to tunnel as well. Not a problem for some (including me), but not everyone has an ssh account on a server with a public IP at work.
Given all that, it's MUCH ea
Re: (Score:3, Insightful)
In other words, the NAT won't cut it, yes.
Re: (Score:3, Insightful)
It has been true, but necessarily cannot remain true. That's the whole point, in a few short months we'll be all out. No more real addresses to assign.
Some people for some reason think NAT can fix that all by itself such that IPv6 need never happen.
A better answer is for ISPs to deploy 6rd along with NAT. I don't mind so much if they give me an address in 10/8 if they also offer a solid 6rd tunnel.
Next step is to offer v6 only and a translator/proxy for ::ffff:0000:0000/96 so customers can reach the holdout
Re: (Score:3, Insightful)
Under the assumption that most ISP's provide real addresses to their clients (which is, AFAIK, true), I believe I'm correct in saying that NAT has been a decent bridge.
This whole story is about running out of IPv4 addresses, and thus contrary to your assumption. Providing "real IPv6 addresses" to clients doesn't help them if they need to talk to the very many IPv4 only machines out there.
When they run out of IPv4 addresses, ISPs will stop providing "real" IPv4 addresses to clients. The "real" IPv4 addresses will be shared via NAT.
They WILL use IPv4 to IPv4 NAT so that users can talk to IPv4 only servers. Most won't use IPv6 to IPv4 NAT/proxying for that because it isn't a
Re: (Score:3, Insightful)
IPv4 will last us about one and half year. IPv4 will run out next year, the regional registries (RIR's) will run out a number of months later and if you are lucky your provider still has some new IPv4 addresses left for his new customers.
Then your provider can only get new addresses for money from other providers/organisations which want to sell them for money.
The following will happen, first for new customers and eventually for all existing customers.
When we get to a point where your access-provider does n
Re: (Score:2)
I think it is 10% of the provider networks, but it's higher when you are talking about transit providers (what some people call Tier 1 or Tier 2).
Last Post!! (Score:2)
where is ATT and comcast with IPV6? (Score:3, Insightful)
where is ATT and comcast with IPV6?
Re:where is ATT and comcast with IPV6? (Score:4, Insightful)
Busy counting their profit and laughing over all the money you think they want to spend on IPV6 upgrades.
Re: (Score:2)
Knowing how corrupt big business is, they'll probably do something stupid like give you the option between NAT and IPv6, and tack an extra monthly charge on no matter which one you pick (but of course, an even higher monthly charge if you pick neither). This will do nothing but raise awareness that there are more ISPs out there than just AT&T & Comcast.
Hey stupid, co
Re: (Score:3)
Re:where is ATT and comcast with IPV6? (Score:4, Informative)
Re: (Score:2)
Anybody who uses Comcast can actually manually setup their connection to use 6RD
6to4 is an option as well, but don't use it unless you have to (and you don't) - 6RD was created to address several of the problems of 6to4.
Re: (Score:3)
6to4 requires a public address, 6rd does not as long as the 6rd server has a route to the private addresses. Since the ISP that would do the NATing is also deploying the 6rd server, they can do that with no problem.
Seven eights?!? We have PLENTY left!!! (Score:2)
end of line
NAT! (Score:2)
NAT Time!
Granted, it is not a solution for everything, but there are just TONS of networks that could be behind NAT's and don't need anywhere near the IPV4 space they have. I have a feeling NATing will suddenly become a lot more popular.
Re:NAT! (Score:5, Insightful)
I'm frankly terrified that the "solution" to this is not to fix the underlying issue, but instead to layer work-arounds on it.
Not to mention, unless I'm much mistaken a NAT can support 65536 connections at maximum (number of valid ports for outgoing connections). A /8 network might be okay, but putting a larger network behind NAT isn't going to help, and you can't layer them (because you still need a port free for the connection). We're going to run out, NAT just delays the inevitable by layering a giant administrative headache on the top.
Re: (Score:3, Insightful)
The whole thing is a lesson in waste and inefficiency.
Every business that I have ever known, or been involved with its network, was delivered anywhere from 4-32 IP addresses on their T1 lines. Just recently I setup a new business cablemodem connection and they just gave me ,without me asking, 8 IP addresses.
What the heck do I need 8 IP addresses for at a branch office? I don't really know of any businesses that really need a static IP address, much less multiple ones to host multiple publicly addressable
Re:NAT! (Score:4, Interesting)
IP address reclamation will get us back at least 40% of the address space.
But not necessaries usable addresses on routable boundaries.
Re: (Score:3)
NAT can be implemented a huge number of ways.
On small class C networks, especially when using consumer grade equipment, it's very common to put the entire network behind a single external IP address. Each outgoing connection is assigned a port on the NAT box. Network utilization on a class C should never be so great as to exhaust the number of available ports. This is many to one NAT.
For larger corporate networks, it's common to use a pool of IP addresses on a more advanced router. Because each IP address h
Re: (Score:3)
No, there is no such limitation. You are mistaken. Connections can be matched based on both a port and a remote destination, so the same mapped port could be used for multiple connections.
What you wanted to say is that NAT is limited to 65535 unique host mappings (i.e. that many IP's hidden behind one IP). Well, if we can extend IPv4 number of hosts that many times, we should be good for a few thousand years :)
I wish we could... (Score:2)
Let it burn to the ground and start fresh. IPv256! Decentralized DNS! All the good stuff. Oh well.
Re:I wish we could... (Score:4, Funny)
If we are to do that then the address field of the packet header should be a null-terminated string, not a fixed or limited size.
Note that if you embed the length in the header you have to decide how wide the length field is, which then limits the string length. Though I'll accept arguments to the effect that an 18e18-character address should be enough for anyone.
IPv6 Compatability (Score:4, Funny)
indian giver.... (Score:2)
Re: (Score:2)
Well, yeah. The only question is will we control it or will $advertisers control it?
Well (Score:2)
ipv6 (Score:3, Insightful)
So slashdot, when are YOU getting on ipv6 (Score:3, Interesting)
Because I'm on it right now yet I see no AAAA record. Pretty much anyone on Comcast can get a 6rd address at the drop of a hat; native dual stack is coming. Other providers will have to get on the bandwagon soon I gather. Whine endless about the end of ipv4 after you've already made arrangements to join the modern age.
Cheap DSL routers (Score:2)
For years now I have had this netbsd box as my front end. The DSL modem plugs into an ethernet port on the PC which NATs in two directions: a local hard wired network and wifi. So after y'all slashdotted by server I stated looking at a rebuild around this nice fast AMD64 machine but it is light on PCI slots so I can't have the two ethernet cards plus atheros wifi plus serial that I need.
So last night I splashed out on a Netcomm wifi router and the plan I formulated later in the evening was to use it as my f
Re: (Score:2)
Most of your cheap little crap routers have 32 bit processors with no larger data types and a two-bit amount of RAM so IPv6 will choke them like a bitch if it is even feasible to support on them.
Re: (Score:2)
What the sam hell are you babbling about? Enable your IPv6 routing and leave us alone!
all because MS won't put TLS on XP... (Score:2, Interesting)
Re:all because MS won't put TLS on XP... (Score:5, Insightful)
what needs "public" IPs?
Anything that wants to participate in the peer-to-peer internet as a peer.
Re:all because MS won't put TLS on XP... (Score:5, Insightful)
Sounds like something ISPs actually wouldn't mind obstructing.
Re: (Score:3, Informative)
Not true at all. It is possible to establish a direct peer to peer connection between two hosts which are *both* behind NAT. You do need a "rendezvous" server to bounce a few packets - that's not hard to do, and can be easily accommodated as part of any other P2P infrastructure (or even outside of it).
In fact, running P2P in that manner would significantly increase privacy of its participants because to anyone outside a given network there will no longer be a visible single mapping of IP to a "person" (or h
Re: (Score:3, Informative)
Lots and lots of documentation on that. Google for "nat" and "rendezvous".
Here is a first random link I came up with: http://www.brynosaurus.com/pub/net/p2pnat/
Basically, rendezvous server (a host with "real" IP out there) punches a "hole" in each NAT for and on behalf of the respective counterparty. Once it made those "holes", parties communicate directly. Done.
Re:all because MS won't put TLS on XP... (Score:4, Informative)
Actually it does support TLS, it just doesn't support SNI. Or actually IE and Safari only, because they use the windows library. Firefox and Chrome use the library first developed at Netscape and Opera uses OpenSSL.
But as SNI is the part that adds 'Namebased virtual hosts' to TLS, the result is the same as you mentioned. Everything that wants to use a certificate still needs it's own IPv4-address (and/or IPv6 address) for now.
So what happens to Hamachi (Score:2)
Dibs!!! (Score:5, Funny)
How long before I can get the address 255.255.255.255? I wanna set up a website called 'endoftheinternet.com'!
MAC Address? (Score:3, Interesting)
Re:MAC Address? (Score:4, Informative)
Privacy
Re:MAC Address? (Score:4, Informative)
Well, first of all, it sort of is. The typical way to get an address on an IPv6 network is stateless auto-configuration [ietf.org], which basically allows your client to combine an advertised route prefix with the EUI-64 (basically a longer version of a MAC address that can be generated from a MAC address) to determine its IP. You don't need any configuration for new clients and they always get the same IP address. Note that Windows Vista/7 use a hashing function with random data and the MAC address so that you can't track a single machine based on its IPv6 address, which solves privacy concerns.
Second, you can't just use the MAC address because it's not easy to route traffic that way. Routing works today because networks are assigned contiguous blocks of addresses, so it's easy to tell where to route traffic based on the address prefix. If we just had MAC addresses (which contain no information about which devices are connected to which networks), routing would require huge tables that would frequently change. This works OK for a small to medium sized network (e.g. switched Ethernet) but it doesn't work at all for the Internet. Even medium-large organizations need to use subnets to effectively manage traffic, which aren't possible without network prefixes.
Re:Meh. Allocate 240.0.0.0/4. (Score:4, Insightful)
And have to push new TCP/IP stacks for most operating systems to get them to understand that that is now viable space. This would be effort better spent on just going IPv6.
Re: (Score:3, Insightful)
And every router. In every office. And every home.
And who knows how many routers would have those addresses hardcoded in hardware.
It's probably just as easy to go IPv6, when you consider the hassles and testing.
Re: (Score:3, Interesting)
I doubt that, there'd be no reason for anyone to write it up to not understand 240*
Re:Meh. Allocate 240.0.0.0/4. (Score:4, Informative)
Here is a good blog post on why this wouldn't work: http://packetlife.net/blog/2010/oct/14/ipv4-exhaustion-what-about-class-e-addresses/ [packetlife.net]
Re:Oh noes! (Score:5, Funny)
How will I ever be able to use my twittering armchair fart detector?
Well, you'll have to choose between a NAT twittering armchair fart detector and an IPv6 twittering armchair fart detector!
Re: (Score:2)
No that did not happen.
Their is no IPv6-regions you speak of, this was an idea which was never implemented.
Re:a gazillion IPv6's spamming? hell no (Score:4, Informative)
What is the difference for IPv6 ?
Their currently is one IPv6-DNS-blocklist, they use something like: 5 bad IP's in one /64, block the whole /64, 5 bad /64 block the whole /48. Or some system like that.
Or do you mean their isn't enough tooling yet ?
Re: (Score:3, Informative)
They did not bother, because they thought if there was a freaking decade to roll it out, that would be plenty of time.
Re:Maybe I'm being naive... (Score:4, Informative)
3ffe:1900:4545:3:200:f8ff:fe21:67cf
That would be 63.254.25.0.69.69.0.3.2.0.248.255.254.33.103.207 using your scheme which is horrible. Is also leaves out the most useful compression feature, so you can write 3ffe:1900::/32 instead of 63.254.25.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0/32. Just counting out the correct numbers of .0 is horrible.
Practical real life IPv6 addresses often use compression: ipv6.l.google.com has IPv6 address 2a00:1450:8005::63, ipv6.myip.dk has IPv6 address 2001:470:27:f9::2, ipv6.net has IPv6 address 2a00:1188:5:2::8. If you care about your address you can make it short, since the last 64 bits is yours to decide.
Re: (Score:3, Insightful)
IPv6 solves problems beyond just the raw number of bits for addressing.
In your example, 48 bits isn't enough space--in a few years we would be doing another next-gen IP, after implementing IPng as the CTOs start panicking. I don't want to deploy a new Internet every two decades, I'd rather get past the flaws in IPv4 once for my lifetime and start thinking about Y2038.
Convention is meant to be broken. But perhaps you ignore that we're speaking about bits, not decimal data. The subnet mask FFFFFF00 I see
Re:Maybe I'm being naive... (Score:4, Funny)
The colons and hex are for typing it in. It stored in 16 bytes on disk, just like ipv4 addresses are stored in 4 bytes currently. There are lots of ways of representing a v6 address, though, just like there are lots of ways of representing a v4 address (hex, being among them, iirc, and for a while firefox would let you type in the unsigned integer that the 4 bytes represent and would translate that directly.)
The rest of us will just use a lookup service to map an easily remembered string to the v6 numerical address. At the moment, though, I'm not sure I cann think of an analogous service for ipv4, but I'm sure someone's doing it.
Re: (Score:3)
Well, that was very helpful, and thank you for your enlightened and useful response!
Re:Maybe I'm being naive... (Score:5, Insightful)
A curious key thing I fail to understand about this issue is why the ip4/ip6 issue encourages people to act so rudely towards other professionals who demonstrate at least some grasp of the underlying issue.
I think you ask a reasonable question, the question in my mind similar to yours: the transition from ip4/ip6 appears to be hard and this is a factor in it's slow adoption so what prevented the design a more gentler protocol that provided a smoother/simpler transition; particularly given our heavy reliance on this network in so many facets of our civilization?
As a programmer that does alot of network type stuff close to the metal, frequently designing my own OSI 7 protocols, I understand ip4 and higher layers very well, better than most IT professionals; but certainly not as well as a carrier network engineer. I know little about IP6 other than than regular reports about it's high barrier to entry and the inherent complexity associated with the change over. Maybe I need to make time and learn more about it now; but life is busy and other things compete for my time.
But to such questions can always be counted on being treated rudely by ip6 zealots. Just like the ruby programming language, I am keen to learn more when I get the spare time, and I dabble when I can, but in some ways disinclined given how rude and obnoxious the community advocating it can be.
Re: (Score:3)
You complain that IPv6 people are rude to you, but bring this little gem to the table:
The truth is you do need to make time and learn more about it now. Really, if you've grasped IPv4 you will grasp IPv6 too. Spend a couple evenings with an Oreilly book and you will be fine.
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
Re:Whatever (Score:4, Interesting)
> I agree that the MAC address based network address is
> scary but I wonder how much of a signature they already
> have from other properties of my computer.. I wonder
> how long before the IPv6 address is used to try and
> prove that it was a specific computer that generated
> some traffic.
Here's a computer-user IQ test. Question "what is your MAC address?"
* Typical user... I don't got a Mac, I got a Winders PC.
* Competent user... checks his network config and supplies answer.
* l33t h@x0r d00d... what do you want it to be?
Re:Crazy.... (Score:4, Insightful)
It would probably on buy a few more years to reclaim these addresses and chop them up, but surely the problem is just poor usage as opposed to exhaustion.
*SLAP*
Seriously, we've already done this. Repeatedly. At no point has the actual transition started happening, even with all the 'extra time' given it.
Attempting to figure out a way to get more time will not actually solve the problem at all.
At the very least, we need IPv4 to blow up first, so the transition actually starts. After that point, if need be, we can start looking for more IPs to use during the transition.
But first, we actually have to start.
I got new ISP service in August. I got a router with it. This router does not do IPv6. In August. 2010.
The problem isn't 'lack of time', the problem is LACK OF STARTING.