RIPE NIC: 'In Five Weeks We'll Run Out of IPv4 Internet Addresses' (ispreview.co.uk) 283
An anonymous reader quotes ISP Review:
The RIPE Network Coordination Centre (RIPE NCC), which manages regional distribution of internet addresses for the UK, Europe, Middle East and parts of Central Asia, has confirmed that their final reserve pool of Internet Protocol v4 (IPv4) addresses will completely run out in November 2019. Strictly speaking the Regional Internet Registry (RIR) started running out of address space in 2012 and began rationing the little they had left. Fast forward a few years and at the start of October 2019 it was confirmed that they only had 1 million IPv4 addresses left in their available pool (out of 4 billion addresses total), "which we expect to run out in November 2019...."
Thankfully many ISPs, devices and services have now introduced "newer" IPv6 addresses, although some still have a lot of work to do (e.g. TalkTalk)... A Spokesperson for RIPE NCC told ISPreview.co.uk "... IPv4 'run-out' has long been anticipated and planned for by the technical community and no one needs to worry about the Internet suddenly breaking. But it does mean that the pressure will continue to build for many networks, necessitating the use of complex and expensive workarounds.
"Our advice to network operators is to take stock of their IP resources and to make sure their IPv6 plans are making progress."
Thankfully many ISPs, devices and services have now introduced "newer" IPv6 addresses, although some still have a lot of work to do (e.g. TalkTalk)... A Spokesperson for RIPE NCC told ISPreview.co.uk "... IPv4 'run-out' has long been anticipated and planned for by the technical community and no one needs to worry about the Internet suddenly breaking. But it does mean that the pressure will continue to build for many networks, necessitating the use of complex and expensive workarounds.
"Our advice to network operators is to take stock of their IP resources and to make sure their IPv6 plans are making progress."
Again? (Score:5, Interesting)
This bell has been ringing for 10 years.
Is this, finally, the real end?
The last time I heard this they pulled a bunch of camped ip blocks back and started using those.
Re:Again? (Score:5, Funny)
No. This is really it. None left.
Oh wait, we found some behind the couch. Never mind.
Re: (Score:2)
You can click the left button on this page [newyorker.com] to see it (it's 12/12 in the series).
Re: (Score:2)
Back in the 90s, when I went to MIT, it had everything from 18.0.0.0 to 18.30.255.255 (or so I remember) I also remember that the vast majority of them were unused by design. Almost everything on campus was 18.18.
I have trouble believing that they have given any of that away. After, it's such nerd cred to have each building with its own IP block. Which of course would not have to change if they sold 90% of what they have.
I probably should check before I hit submit, but I won't: I wonder how are they doi
Re: (Score:2)
...Almost everything on campus was 18.18.
I have trouble believing that they have given any of that away. After, it's such nerd cred to have each building with its own IP block...
Nerd cred? That's about the most pointless shit I've ever heard of. In fact, it's seen as more greedy and wasteful today to be sitting on massive chunks of IPv4 space and pissing it away with an IP-block-per-building mentality when one could easily call it a "campus" and put one large private 10.x.x.x space to good use.
I guess it's far too much to assume those at a college would be educated enough to think of this...
Re: Again? (Score:4, Insightful)
âoePointless shitâ? Your username most definitely does *not* check out. Taking pride in oneâ(TM)s publicly addressable IP was always a big thing amongst those who setup or ran their own systems in any way. I sure as hell would have been jealous of anyone with a 18.18/16 address...!
Yes, I would have been impressed or even jealous of a 18.18/16 block. Twenty-five years ago.
Today, a network admin pointlessly wasting a publicly addressable 18.18/16 block for a college campus? Incompetence. Arrogance. Greed. I can think of a lot of ways to identify that "cred" today.
Re: (Score:2)
Incompetence, arrogance and greed is not migrating to IPv6 for more than a decade, instead forcing NAT, CG-NAT etc, so you need datacentres or exorbitant payment just to be publicly reachable. Death to P2P, SIP, self-hosting, custom protocols..
Everyone, please waste and hoard as much IPv4 as you can, so we can finally migrate to a scheme with enough addresses.
Re: (Score:3)
MIT sold a lot of those IPv4 to Amazon (believe it or not) a couple of years ago.
It's a heirarchy. But yes, the (soft) end (Score:3)
I believe all five RiRs have now exhausted their allocations. One *might* have a few left that are reserved for ipv6 over ipv4 use.
The five assign IP ranges to ISPs and companies in their part of the world. Of course some ISPs have a few addresses that aren't currently assigned to a customer today - they will be able to sign up a new customer tomorrow. So the global and regional IP supplies are exhausted, your ISP may have a few unassigned.
You mentioned how long the end has been drawn out. That's mostly b
Re: (Score:3, Insightful)
The one disadvantage of switching to IPv6 is that NAT, as a side-effect, gave you a crappy firewall. Which then required crappy workarounds to punch holes in this accidental firewall, since it wasn't designed as a firewall. When switching to IPv6, you'll want to turn on a real firewall, code or hardware designed to be a firewall. You know longer get a poor firewall by accident as a result of using NAT.
Better a crappy firewall than no firewall. NAT works just fine and this side-effect is more than welcome. Anything more complex is prone to misconfiguration, bugs, absence, non-updated firmware and other issues.
And as consumer, i'd rather watch how my neighbor successfully implements an IPv6-only network before doing so myself. I'm quite happy with my IPv4 simply because i understand it, can configure it and can verify it works as intended. With IPv6 not so. Starting with automagically enabled tunnels, addr
Re:It's a heirarchy. But yes, the (soft) end (Score:5, Insightful)
NAT works just fine and this side-effect is more than welcome.
Not a network engineer, are we?
Anything more complex is prone to misconfiguration, bugs, absence, non-updated firmware and other issues.
Like NAT?
Re: It's a heirarchy. But yes, the (soft) end (Score:3)
Oh come on, you smug asshole.
NAT is the perfect solution for providing security and l3 address isolation in millions of households around the world.
Whatâ(TM)s your better idea?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Yep. It's called carrier-grade NAT. Usually, the carrier hands out something in the 10/8 range, and then the customers' routers use some 192 address internally. It can wreak havoc with some applications, but for basic web browsing it works fine.
IIRC, DOCSIS 3.x requires that carrier networks be IPv6 capable but does not require its actual use.
Re: (Score:3)
Sadly, I have to agree. I enabled IPv6 on my router and didn’t really realize some of the firewall complexities; the firewall ended up not being properly applied and I was exposed. Nothing bad happened (that I am aware of), but it isn’t right.
As for understanding the finer details... good luck with that. Only about 10% of the population roughly understands IPv4 addressing, and it is likely under 1% that actually understand the public vs private ranges. IPv6 seems to be much worse, and that i
Re: (Score:2)
Re: (Score:2)
IPv6 NAT exists, but it's not well supported because no one wants to use it.
I'm not one of those that says that NAT provides no security, but it's thin. Client systems with IPv6 rotate their addresses every hour or two (old addresses are held in use until the last session times out) instead of using EUI-64. On top of that, you're likely to get assigned either a /64 or a /56, so the ability to scan you is minimized. An attacker could trick you into connecting to a malicious server and then use that input to
So UPnP, IGDP and STUN? (Score:4, Insightful)
> starting with automagically enabled tunnels
Such as IPnP, IGDP, and STUN?
Guess you weren't aware that your software and IoT devices have been punching huge holes in your NAT non-firewall all this time. IPv6 doesn't have any of this crap happening behind your back.
> address ranges big enough to address half the universe
More than large enough to address the entire universe. And scanning for live IPs takes far longer than the universe has existed, thereby making step 1 of most hacks impossible.
Re: (Score:2)
IPv6 doesn't make you more secure "by default".
UPnP isn't enabled on anything I run.
IGDP requires UPnP.
STUN basically lets you do the equivalent of typing "ipaddress" into Google, terrifying.
Step 1 of most hacks is getting the target to connect to you, scanning is for skiddies.
You should really be more worried about Teredo and unconfigured IPv6 enabled hosts in your network.
Re: (Score:2)
Microsoft shut down its Teredo servers four years ago, Windows 10 has it disabled by default, and I'm not sure what if anything else tried to use Teredo automatically. There are Teredo servers out there, but they have to be manually configured. Other than that, if you don't let your router hand out IPv6 addresses, you don't have much to worry about.
Incidentally, I'd be really surprised if nothing at all on your network uses UPnP unless you explicitly disabled it on your router, since every console, phone, a
Re: (Score:3)
NAT works just fine and this side-effect is more than welcome. Anything more complex is prone to misconfiguration, bugs, absence, non-updated firmware and other issues.
A stateful IPv6 firewall on a consumer router should look virtually identical to an IPv4 NAT configuration. All ports are closed by default. You still have to punch holes through the firewall with port forwarding rules that specify the port and the host IP. Th only difference is that you can have the same port open on multiple IPs.
There is nothing magically more secure about an IPv4 NAT, and people who have never touched IPv6 in their lives seem to think that consumer gear just opens all ports by default
No reason not to use IPv6. (Score:5, Interesting)
When switching to IPv6, you'll want to turn on a real firewall, code or hardware designed to be a firewall. You know longer get a poor firewall by accident as a result of using NAT.
I have an array of servers at a co-host and they gave me a block of 16 IPv4 addresses. At first I thought I would have to buy more addresses for my operations ($1/month/address) but then I learned how to use IPv6 and now no more problem.
At home I have Comcast residential which happens to have great IPv6 service. Many of my development servers have no IPv4 address anymore. No tunnels and no configuration hassle. Just connections on demand.
However I noticed a side effect. On all my IPv4 addresses at the co-host they get constant probing attacks from the minute they are active. Mostly SSH dictionary attacks but not just that. Each IPv4 address exposed to the internet will get perhaps 30,000 probes per day.
The IPv6 addresses: dead silent. There is no way for the attackers to add their addresses to their lists. You can't scan sub-domains in IPv6. You can't scan DNS so you can't find them from their DNS addresses unless you publish them somewhere and even then they are ignored.
I don't use a firewall. All my servers are carefully locked down with regard to what ports they have open. They are also monitored for anomalous activity. Two years and I have only had two breaches and those were at an application level that a firewall would not have prevented.
There is no excuse for the stalled adoption of IPv6. It works and it is better than IPv4 and all operating systems of any consequence now support it.
":No reason not to use IPv6".... yes there is... (Score:2, Troll)
"There is no excuse for the stalled adoption of IPv6. It works and it is better than IPv4 and all operating systems of any consequence now support it."
In what manner is it "better"? It's more difficult to learn, it's needlessly unwieldy, and the fact is, 90 percent of common users will never miss it if not adapted because there are plenty of IPV4 numbers at ISP's, and the vast majority of people use NAT in some form or fashion anyway. I'm tired of this constant drumbeat of EVERYONE HAS TO GET RID OF NATTED
Re:":No reason not to use IPv6".... yes there is.. (Score:4, Insightful)
If you have a hoard of unused IPV4 addresses, suck it the fuck up, your capital hoard is doomed, yesterdays technology with less and less value in todays market and not that far off ZERO value, the only thing keeping it going is ISP with hoards of IPV4 addresses, nothing lasts for ever and I doubt IPV4 will make it past 2030.
Re: (Score:2)
I suspect IPv4 will remain in use in local networks for the sake of simplicity and legacy support, but on the big web it'll go silent.
Re: (Score:3)
> That's a far greater security risk than ANY aspect of using IPV4.
No it's not.
Giving a v6 address to a device doesn't mean that the device is reachable from anywhere. Reachability is a policy decision that you get to make, and even if you decide to make a device reachable, v6 is so flipping huge that it's unlikely to be found by a random scan of the internet.
Compare that to v4. In v4, you can usually make something reachable (although v4 exhaustion means that CGNAT is becoming common, at which point you
Re: (Score:2)
No, it's just different. In several ways, it's simpler. IPv4 has 12 mandatory header sections compared to eight for IPv6. Optional headers provide flexibility of use without using network space or processing that's not necessary. Below that header, everything else is the same.
Re: (Score:2)
If you've ever dealt with people in Asia, you know that non-IPv4 networks already exist, luckily mostly consumer-level low-cost mobile networks in rural Asia but it's coming.
Re: Again? (Score:2)
Re: (Score:3)
If you log into your cell phone and run ifconfig, you'll see that IP v6 is a thing here too. (Might have to jailbreak your iPhone, or better yet, throw it away and get a real phone that lets you log into it).
You can probably see your current IP address under Settings. On my Kyocera HydroVibe, running Android KitKat, it's under "Settings->About Phone->4G Settings" and, yes, it's using an IPv6 address.
Re: (Score:2, Informative)
Re: (Score:2)
Re: (Score:3)
That's deliberate. If it had an AAAA record, people with broken IPv6 would have trouble loading the site. Since it's relatively likely that people with broken IPv6 might want to test their IPv6, the site has no AAAA record on the main domain.
You can use https://ipv6.test-ipv6.com/ [test-ipv6.com], or NAT64.
Re: (Score:2)
Your ISP probably runs a 6-to-4 service somewhere. I was talking about cheap networks without. It seems KPN in the Netherlands has floated the same idea about having the 6-to-4 service a "premium" service that isn't included in the low cost tier.
Re: (Score:2)
Re:Again? (Score:5, Informative)
The end isn't signalled by RIPE running out of IPv4 addresses, as you can buy them from lots of places. One vendor running out of stock does not a crisis make.
The end in a market like this is signalled by the price. IPv4 addresses were never free to start with, so it's not having a price but rather whether the price is staying the same, or increasing. The price of an IPv4 address is currently around $24, and is going up quadratically [retevia.net].
So we aren't at the end merely because RIPE has run out of addresses, but we can see the light in the tunnel and we know it is the train.
When it happens, it will happen very quickly. The price of IPv4 addresses will increase faster and faster, right up until the point they are too expensive and everybody will give up and swap to IPv6. At that point the price of an IPv4 address with plummet very, very quickly. When you see that happen, then you can say you've seen the end.
Re: (Score:3)
The price of an IPv4 address is currently around $24, and is going up quadratically.
IPv4 is the new Bitcoin! HODL!
Re: (Score:2, Informative)
Yes, this is the end: https://ipv4.potaroo.net/plote... [potaroo.net]
From the same website, the remaining IPv4 addresses in the RIR pools (in units of /8s, i.e. times 16.7 million):
APNIC 0.1852 (3.1 million)
RIPE NCC: 0.0380 (0.6 million)
LACNIC: 0.0159 (0.3 million)
ARIN: 0.0002 (0.0 million)
AFRINIC: 0.2348 (3.9 million)
The regional internet registries (RIRs) are where the ISPs and hosters get their addresses. The RIRs got their addresses from ICANN, which ran out in 2011. There was a ceremony: https://www.youtube.com [youtube.com]
Re: (Score:2)
Is this, finally, the real end?
Not until Netcraft confirms it...
Re: (Score:2)
the first big time this happened was in the late 90s. At the time 0 and 255 was reserved for network and broadcast.... which mean that something like 8.0.0.1 was not possible because those other octets also had zeros and 255s in their range. So by simply allowing zero based subnetting we practically doubled our range of IPs.
reserving 127.0.0.0/8 for loopback was damn stupid. We could release everything outside of 127.0.0.0/24 and get a big chunk of numbers back. Another place to free up space is the 10.0.0.
Re: (Score:2)
Give HP a Kick (Score:2)
They''ve been sitting on two class-A allocations since the dawn of the internet, seems a bit greedy given they are a fraction of the size now than they were back in the day.
Re: (Score:2)
HP had one block of their own. The other was originally owned by Digital Equipment Corporation; HP got it when they acquired Compaq.
HP has already given up both of its class-A allocations.
Sigh... (Score:3)
I wish my university would quit putting so much time and effort into prolonging its IPv4 infrastructure (such as moving more and more things to 10.x.x.x address space) and would start working to getting IPv6 at least functional. It just seems so backwards for a school that likes to tout itself as a premier research institution.
Re: (Score:2)
I went to DeVry too!
Re: (Score:2)
I wish my university would quit putting so much time and effort into prolonging its IPv4 infrastructure (such as moving more and more things to 10.x.x.x address space) and would start working to getting IPv6 at least functional. It just seems so backwards for a school that likes to tout itself as a premier research institution.
Well, the CS department is probably on top of these things. But the people who operate the IT infrastructure are usually trying to minimize immediate cost and purchase whatever solution the industry sells them.
Re: (Score:2)
Re: (Score:2)
That does not make sense. In a public university, decisions like that don't get made by the IT staff. They are made at the Vice-Chancellor-for-IT level. Naturally the Vice Chancellor only takes the final decision which is made based on recommendation of an external contractor because VC level positions are more often political than technical. Usually whatever solution the contractor says is the cheapest is the one that happens, or occasionally the one that aligns with the policy agenda of the VC when it is
Re: (Score:3)
Internally, it makes no difference whatsoever. Their 10.x work isn't ever going to hurt you.
They just need to make sure they have IPv6 transit from the gateway and local-equivalent IPv6 addresses.
The biggest obstacle to IPv6 transition is people believing shit they've been told about IPv6 - ranging from having to renumber their internal network, letting every device have a world-addressable IP, abandoning NAT entirely or - like you - that you have to have IPv6 internally at all.
Re: (Score:2)
If you don't have v6 internally then how is anybody on the network ever going to talk v6 to anybody off of the network?
I guess proxy servers would work, but does anybody really want to run a network that only gets internet access via proxies these days? People's fetish for NAT suggests that they want routing, not proxies.
Re: (Score:2)
"People's fetish for NAT suggests that they want routing, not proxies."
A NAT basically is a packet-proxy, so I don't know what you're getting at there - people generally don't want routing, which is why NAT works... they want out, but not necessarily in. Universities may have a greater demand, but that's a single niche usage and they have the expertise to implement it if it's required - 99.9% of most online businesses, customers, etc. do not need or want it.
Even if you run a local instance, you only need p
Re: (Score:2)
NAT's not a packet proxy. The only thing NAT does is rewrite the apparent source address of outbound connections. Without routing, those outbound connections will never make it off your network. The only reason you run it is because you want routing, but can't get the address space to do it without NAT. That shouldn't be an issue in v6, so nobody should need to NAT in v6.
NAT doesn't even block connections, so it's not useful for security. If you want to stop inbound connections, what you're looking for is a
Re: (Score:2)
Re: (Score:2)
Stop me if you've heard this one before... (Score:2)
Slash 30 Allocations (Score:2)
While I can understand why they do it, it still seems incredibly wasteful that people who ask for a static IP through their ISP are usually allocated a slash 30 block. This means that one consumer IP address ties up four IP v4 addresses. The first is the network address and can not be used, the second is usually assigned to the ISPs router, the third is assigned to the customer and the fourth is the broadcast address, which also can not be used.
Whilst it may be seen as providing a small amount of additional
Re: Slash 30 Allocations (Score:2)
Re: (Score:2)
Not to mention that 252/253, aka 99.6047% of the network traffic being sent down your connection would not be destined to you, leaving you with 0.00406% of the bandwidth your line is capable of.
Nowadays people use switches instead of hubs. A switch only sends non-broadcast traffic to the device that answers the ARP request. I have two different ISPs that each use a /25 CIDR and it works well.
Your logic would apply to individual computers (Score:2)
Your logic would dictate that every computer needs to have a /30. That's not true when a computer is connected to a network, and it's not true when a router is connected to a network.
Where IPs are plentiful (10.0/8), it's common to use a /30 on a link; it's by no means required.
Using a /32 (assigning an individual IP) just means that the ISP has to set the routes properly on their side.
Henny Penny (Score:2)
is it you?
Re: (Score:2)
British Henny Penny seems better prepared:
hennypenny.com has address 74.4.31.118
hennypenny.org has address 74.4.31.21
hennypenny.co.uk has address 52.58.78.16
hennypenny.co.uk has IPv6 address 2a05:d014:9da:8c10:306e:3e07:a16f:a552
Linux Mint is still IPv4 only (Score:3, Insightful)
The web site and the main package repository are not available through IPv6.
Slashdot is IPv4 only. The web site with the article reporting the IPv4 address exhaustion is IPv4 only.
More than any IPv4 exhaustion statistic, looking at how much content isn't accessible from an IPv6-only host tells you that the IPv4 internet is far from obsolete: https://ipv6.watch/ [ipv6.watch]
Amazon, DuckDuckGo, Ebay, Github, PayPal, Reddit, Slack, Ubuntu and Wordpress are all not reachable vie IPv6. Everyone will be behind 10 layers of NAT. The switch to IPv6 will never happen.
Re: (Score:3)
About 27% of users get to Google over IPV6. This is up from about 22% a year ago. It's slow, but it's plodding along.
Re: (Score:2)
About 27% of users get to Google over IPV6. This is up from about 22% a year ago. It's slow, but it's plodding along.
That number would be much higher if the consumer router manufacturers would start enabling v6 by default. The last three that I've set up all had to have v6 enabled manually.
Re: (Score:2)
Two years ago, I spent a few days setting up IPv6 once Uverse made it available.
I ended up disabling it about a few months later, because I got tired of having 80% of the websites I tried to load just hang for 10-20 seconds due to the stupid way IPv6 DNS lookups are handled (and fail, after several seconds of delay waiting for a timeout, if the host doesn't HAVE an IPv6 record).
Re: (Score:2)
That's not how v6 DNS lookups are handled:
$ time host slashdot.org 8.8.8.8
slashdot.org has address 216.105.38.15
slashdot.org mail is handled by 10 mx.sourceforge.net.
real 0m0.134s
user 0m0.004s
sys 0m0.000s
See? That's the exact same response time I get for any domain that has v6. There's no seconds of delay.
Don't blame IPv6 for your broken DNS.
Re: Linux Mint is still IPv4 only (Score:2)
I was using Google DNS (8.8.8.8).
Re: (Score:2)
So was I above. My guess is that something was dropping your AAAA queries to 8.8.8.8.
Re: (Score:2)
And yet I write this message to you from a v6-only machine, so I'm not sure what you're on about.
v4-only websites don't stop you from deploying v6. They don't stop you from benefiting from v6. They don't even stop you from removing v4. Of course it'd be better for those sites to have v6 (if only for the improvements to page load time), but it's not a prerequisite.
Re: (Score:2)
My ISP is IPv4 only right now - I could get a tunnel, but what's the point? Everything works fine on IPv4-only.
If my ISP supported IPv6, I'd start to use it (but only because I'm a geek). Right now, though there's no use-case that IPv6 solves that IPv4 can't do. That will change as the price and scarcity of IPv4 addresses rises the eventual need to buy from third parties (rather than RIPE etc), then we may see some things appearing that are IPv6 only. Until then, there's no "demand" from the hoards of norma
IPv6: bad choises have deterred rollout (Score:4, Interesting)
There would be many more devices using IPv6 if Android would support DHCPv6. But thanks to Lorenzo Colitti's refusal to implement a DHCPv6 client, most Android devices don't support DHCPv6. His argument that if DHCPv6 were implemented, devices would only get one address is nonsensical. I want to know the device name so I can trouble-shoot if there's a problem. If you're on one of my networks, do DHCP or you don't get any address. Plus, I don't want you to tether devices behind your phone on the network I'm responsible for.</rant>
Another problem along this line: As far as I know, only Windows sends hostname in a DHCP request. I need to know the hostname so I can update DNS. This is a good starting point when trouble-shooting a misbehaving device.
With IPv4 and NAT, I can decide on the server whether to forward traffic to ISP#A or ISP#B. Now with, IPv6 the device decides which public address to use, ISP#A or ISP#B. Linux has enough tools to NAT the ISP#A public address to a ISP#B address for out-going traffic, but now we have NAT again.
Re: (Score:2)
You can use prefix translation, so the first half of your ipv6 address depends on the isp provided prefix, but the second half remains the same irrespective of which isp the traffic is routed through.
Or you peer with BGP so that the same address space is announced via multiple providers.
IPv6 addresses should be static, and based on the mac address of the physical device - at least you will always have the static address plus any additional addresses if using ipv6 privacy. With DHCP it's first come first ser
Re: (Score:3)
There would be many more devices using IPv6 if Android would support DHCPv6. But thanks to Lorenzo Colitti's refusal to implement a DHCPv6 client, most Android devices don't support DHCPv6.
For those who may not have understand these issues, it should be pointed out that this isn't laziness or incompetence on the part of the Android network team, it's a principled stand that DHCP is the wrong way to allocate IPv6 addresses. See RFC 7934.
His argument that if DHCPv6 were implemented, devices would only get one address is nonsensical.
Is it? Your other arguments as for why you want to provide specific addresses are so that you can map and control traffic based on the addresses you assign... which means that you actively don't want them to have more than one address.
There are very good rea
Re: (Score:3)
it's a principled stand that DHCP is the wrong way to allocate IPv6 addresses
Oh, really? So how do you pass out the other 78 pieces of information that a device might need?
There are very good reasons for IPv6 devices to have multiple addresses, and for them to be able to generate addresses the network operator doesn't know about, for privacy.
Note, I didn't say there weren't good reasons. There is a way to request multiple IP addresses built right into the DHCP request protocol. There's also IPv6 prefix delegation where you can request a block of IP addresses.
If you don't trust me with your privacy, you shouldn't be on my network.
that's what 802.11x authentication is for
There you go making assumptions about my network. 802.11x doesn't work for wired connections.
CGNAT (Score:2)
Re: (Score:3)
It breaks other things too...
P2p apps don't work as effectively - you can only make outbound connections, which means you cannot peer with other users who are also restricted to only outbound connections.
Some online games make direct p2p connections between clients for improved latency, because you can no longer do this all your traffic must now go via central servers making your gameplay slower.
Because you now share an address with many other users, you are beholden to their actions - if any other customer
Run out off free ips? (Score:2)
Backwards ISPs (Score:2)
In the meantime there are still ISP like Bell Canada where getting an IPv6 address is pretty much impossible, especially in the home. Last time I tried for business they asked me to bring my own IPv6 block, and that’s only because I had access to the right people.
When will some ISPs wake up and realise the we are getting to a point where not providing ISP is a dumb move. Maybe if everyone started contacting their ISPs for this they may wake up?
ISPs: Whats IPV6? Oh, you dont need that anyway. (Score:3)
Most ISPs refuse to implement ipv6. Call them, and they don't even know what it is. Ask for it, and they act like its some weird request, and that you dont need it, and there couldn't possibly be any reason why you would need it. Its astonishing these people run networks.
RIPE failure (Score:4, Insightful)
RIPE has been providing ipv6 for years, but they do nothing to make their members actually implement it - consequently many of them don't.
They should have instituted a policy of only providing ipv4 alongside ipv6 for use in a dual stack implementation, and require that any services provided are dual stack or ipv6-only.
Re: (Score:2)
Virgin Media, TalkTalk, Vodafone and Plusnet. (Score:2)
Re: (Score:3)
Re: PLS let IPv4 die (Score:3)
Re: PLS let IPv4 die (Score:2)
Re: PLS let IPv4 die (Score:2)
Re: (Score:3)
give up on a finite resource that will only get more valuable as time goes by?
Will they get more or less valuable? That's an interesting question, given that migrating to IPv6 has a cost, but allows you to sell at least some of your IPv4 addresses. Is paying for a block of IPv4 space a wise investment in a diminishing resource, or paying money to kick the can down the road?
If IPv4 is wildly "successful" and the cost of addresses goes sharply up, then that makes IPv6 look good in economic terms. So that may be something that caps the value of IPv4 addresses and encourages migration aw
Re: (Score:2)
One of the more intriguing ones I saw was proposed by a guy (in France, I believe) about 10 years ago. Basically, his idea was a compromise between pure carrier-grade NAT and the status quo. The general idea was to share each public IPv4 address among multiple users, but do it in a way that deterministically allocated specific ranges of ports to them. For example, if each address were shared by 4 users...
User 1 might get ports 1..255 and 1024..1279
User 2 might get ports 256..511 and 1280..1535
and so on. Por
Re: (Score:2)
IPv6 has been around for years, pretty much all hardware made in the last 10+ years already supports it. In fact there is a lot of hardware and software that is now end of life which fully supports ipv6.
Cisco 1700 series routers supported ipv6, windows xp supported ipv6, both of these are long out of support and have been replaced with newer versions - which still support ipv6. If you're running something which doesn't support ipv6 it's already way beyond its supported life and should have been replaced yea
Re: (Score:2)
It's hard to make the switch when so many places are set up for ipv6. From work, I can't reach an ipv6 address.
Re: (Score:2)
v6 is backwards compatible. I'm posting this message from a v6-only desktop, to Slashdot which is a v4-only site. If v6 wasn't backwards compatible then that wouldn't be possible.
The problem is that v4 isn't forwards compatible with bigger address spaces. That includes v6, but it also includes any other possible way of expanding the address length beyond 32 bits. There are several places in v4 where you could feasibly store extra address bits, but even if you use them, all existing v4 deployments will still
Re: And business still can't use IPv6 alone (Score:4, Interesting)
Why? because Ipv6 doesnÃ(TM)t have checksum in header. So a single bit flip and an internal non encrypted packet can be randomly routed to anywhere on earth, for anyone to read.
IIRC the reason IPv6 left checksums out of their headers is because checksumming is always done at the Layer-2 level (e.g. by the Ethernet or WiFi hardware), so if a bit actually had been flipped, the network driver will drop it and the IPv6 layer would never see the corrupted packet anyway. Given that, why requires every IPv6-capable piece of hardware in existence to waste CPU cycles re-verifying the integrity of data that was already verified immediately before the networking stack received it?
Re: And business still can't use IPv6 alone (Score:3, Informative)
Re: (Score:2)
Your firewall should be dropping rouge internal packets
How about mauve packets, are they being dropped as well?
Re:And business still can't use IPv6 alone (Score:4, Informative)
That's... basically what v6 did, although they added an extra 96 bits rather than an extra 32 because deploying a new L3 protocol is hard and we don't want to have to do it again.
Re: (Score:2)
Because changing the existing stack in incompatible ways would still require a migration and updating of devices, but would also break existing systems in fairly catastrophic ways.
The IPv6 approach was actually more sensible - run a dual stack environment and once everyone is on dual stack you can start turning off the legacy stack. The problem is that people are lazy and don't bother with the dual stack, so those of us that have still can't turn off the legacy stacks.
Apple and Microsoft support IPv6 perfec
Re: (Score:2)
Between dual stack, Teredo, 6to4, 6rd, 6over4, ISATAP, 6in4/4in6, NAT64/DNS64, 464xlat, DS-lite, MAP-T, MAP-E, 4rd and LW4over6, v6 is already pretty maximally backwards compatible. What more do you want from it (that is actually possible to achieve given the design of v4)?
Re: (Score:3)
There are other possible definitions of backwards compatible.
v6 meets your definition of backwards compatible, because a v6 host will talk v4, with identical bits transmitted over the wire, under legacy conditions. (Note that it's possible to turn that backwards compatibility off, but you obviously wouldn't if you wanted to use the backwards compatibility.)
Re: (Score:3)
Nope, not again.
This is the first time that RIPE has ever had more applications for v4 space than v4 ranges to satisfy those applications with (even with the strict limits on how much people can request).