Slashdot Mirror
The Impending IP Crisis
Factomatic writes "With the supply of IP addresses expected to run out by 2005 due to the popularity explosion of the Internet and the expectation that everything from your phone to your washing machine will soon have its own IP address, Alex Lightman, CEO of Charmed Technology and chairman of last month's North American IPv6 Global Summit tells the New York Times "we're going to need something like 100 IP addresses for each human being." IPv6 will increase the supply of addresses from 4 billion today to a number in excess of 35 trillion that is "so big that there's not a word for the number," says Cody Christman, director of product engineering for Verio, which offers IPv6 in San Francisco, Washington and elsewhere. The article is a good layman's backgrounder on the looming IP crisis."
Googol
Yea, but NAT really does cause more problems than its worth when you consider IPv6 an alternative. Things like IPSEC and such do not work through nat without non-standard encapuslation and such.
The world would be better without NAT.
Well, you know what everyone is going to do until IPv6 becomes a reality... NAT everything to death.
That ruins the original point of the internet while giving everyone the illusion that they've found the answer. I've even heard of some ISP's that only issued 10. addresses. We need to start telling people that NATing is not the answer before we are going to get people to see the problem for what it is. And once they see, they will begin to switch over to IPv6.
That's fine but unless you're talking about incoming originating comms. With NAT, you have to rely on ports instead of ips to address specific items. This means a mod to your dns (or whatever replaces it). You can't just assume that the cell phone port is port 32768, since the household may have several different cell phones (or toasters, or tv's, or whatever). Not a huge problem, but it does require more changes than would simply assigning everything it's own unique id.
> "we're going to need something like 100 IP addresses for each human being."
We already have 65534 IP address for each human being. They are 192.168.0.0 to 192.168.255.255.
Use NAT. Problem solved.
Enjoy the IPs. You can thank me later.
- For the complete works of Shakespeare: cat
While IPv6 fixes many problems in IPv4, the developed world will not embrace IPv6 until many shortcomings in the protocol are addressed.
1. Cisco routers suck at IPv6. Many of cisco's routers use the router's CPU to process IPv6 packets instead of the fast-path. The reasons for this are explained in the next few points. While Juniper's routers are substantially better at IPv6 than cisco's, IT managers are often restrained by insane corporate policy that dictactes the use of cisco.
2. There are too many addresses. There are 16.7 million addresses per square metre of the earth's surface, including the oceans. This is overkill. The world does not need more than the 4 billion addresses available with IPv4, and I challenge you to come up with an application that requires that many. Assuming that you can actually come up with one, it could easily be solved with Network Address
Translation, or NAT as it is commonly known.
3. IPv6 addresses are too large. An IPv6 address is 128 bits in size - 64 bits of which are reserved for addressing hosts, and 64 bits of which are reserved for routing. One thing that is cool with IPv6 is address autoconfiguration. Take your 56-bit MAC address on your ethernet card, ask for 64-bits of network prefix, bang it together with EUI-64 and you are set. The problem with a 64-bit network prefix is that routing tables become massive. Just do the math and you'll see that extreme amounts of memory are required to hold routing tables.
4. The IPv6 header is too large. An IPv4 header compact at 20 bytes in length, while the IPv6 is bloated at 40 bytes. That's right people, each one of your IP packets has twice as much overhead as before.
While this may not sound much, IP networks have a requirement that the minimum MTU supported must be 576 bytes. That means that where you might have got 556 bytes of data in your IP packets, you now get 536 bytes. This means that downloading stuff will take 3.4% longer.
Sure, IPv6 allows for nice hacks, but is it really ready for prime time?
Well yes and no.
NAT works fine for most things, ie. web browsing and the likes. Running services on machines behind NAT isn't difficult either. But wow does it ever become a nightmare if you try to play games behind NAT. Let's face it, the average user does not have the desire to play around with udp port forwards and transparent proxies and dum dum dum just to get starcraft to work.
And let's not forget broadband ISPs wanting you to pay for extra machines even when you're using NAT (and threatning you, too). So if they're going to make you pay for an extra IP or two, what's the point of doing NAT?
Not too hard.
Backbones should switch over first, proxying ipv4 over ipv6, then propogate downwards.
When it hits users, they'll have an ultimatum. Upgrade within the next 180 days, or j00 are fux0red.
As for the OS and device makers, simply make dhcp check ipv6 first, then fallback to ipv4. That'll be transparent for all the chuckleheads who would ignore the "switch" thing.
-
ping -f 255.255.255.255 # if only
...simple info on IPv6: http:// www.internet2.edu/resources/infosheetIPv6.pdf
Do not read this sig.
...that IANA decided to hold onto 80 or so class A's. I doubt they could even allocate all that space by 2005.
Dont believe me? get it straight from the horses mouth
Perhaps if the organizations bemoaning the lack of IP space stopped hogging so much of it there wouldn't be such a shortage.
The number of IP addresses IP6 will allow is truely astronomical, 6.65x10^23 addresses for every square meter of the Earth's surface. More than enough for everyone to have an internet controlled Etch-A-Sketch
Free cell phone tracking
I agree, but networking devices are getting smarter and smarter. The idea of NATing only L3 (IP) information is dying -- more and more, NAT devices are becoming application aware, and they are NATing L4 ports and L7 payload (e.g. Active FTP NAT, where the port command is issued in the L7 payload itself, and needs to get NATed on L4).
I agree that this is not so much of an issue due to NAT, and as NAT gets smarter (L7), then this is even less of an issue. But its still a stop-gap... eventually IPv4 will run out of addresses regardless.
IPv6 is bad because Cisco routers suck. No, wait, "Many of Cisco's routers" suck. You can' be serious! Once IPv6 gets off the ground, IPv6 will become fast path and eventually IPv4 will be dropped to legacy mode.
... most of the internet protocols are very wasteful. On the other hand, they are easily debuggable with relatively simple tools. This is a trade-off, obviously, and IPv6's choice is not per se good or bad, it's just different. We will see whether it will have a significant overhead. I say getting rid of spam is a better way to reduce bandwidth requirements on the internet than talking about header sizes.
About your point 2: IPv6 does not actually give out all those 2^128 IPs. The first half is for the network part, the second 64 bits are for the host part. This is necessary because autoconfiguration (which is really great, by the way!) uses a 64-bit part. The IPv6 autoconfiguration is stateless, by the way, which means it will also work without a DHCP server and it won't need reboot if the routers were down when the autoconfiguration process started.
The point about having this many addresses is that you never ever want to have to come into the remote possibility to have to switch to IPv8 because IPv6 is too small. And when you rant about the IPv6 header being 20 bytes larger than the IPv4 header, consider that the overhead of the TCP header (20+ bytes), the HTTP header (300 bytes), the Email header (500 bytes?),
IPv6 is ready for prime time. People are using it (I, for example). You can buy access to IPv6-native backbones. All the major OSses support it. There is really no excuse not to be already using it.
Believe it or not, some (Japanese) toilets actually do that already. I'm not sure if more than a proof-of-concept one was built and how sophisticated the analyser is, but at some level it's been done. :O
Switch back to Slashdot's D1 system.
Which is: 340 undecillion, 282 decillion, 366 nonillion, 920 octillion, 938 septillion, 463 sextillion, 463 quintillion, 374 quadrillion, 607 trillion, 431 billion, 768 million, 211 thousand, 456.
A far cry from "35 trillion". To give you an order to this magnitude, some Australian scientists recently announced that there are 70 sextillion stars (give or take) in the known universe.
It may be pedantic, but someone who is so blinded by their work that they make hysterical claims that there's no word for the number they're pushing doesn't make me want to buy into their idea so quickly.
2^128=3.4028236692093846346337460743177e38
According to the chart, thats 340 undecillion
Everyone is born right-handed; only the greatest overcome it
Say you have 5 servers behind a NAT box, all running SSHD. How are you going to set them all up so that they can have incoming connections? Sure, if your NAT box is a good one you can manually set up port forwarding, but that's a pain.
What about strange services like FTP that require 2 different connections? They're always a pain when using NAT, so you need to find some means of dealing with them.
What about games? Say 3 people behind one NAT box want to play the same online game at the same time? What about filesharing applications that want to allow incoming connections?
NAT != firewall. If you're using it like it is, expect to get hacked anyhow. Besides, if you don't want a particular device to be exposed to the IPV6 world, you are free to put it behind a NAT box or a firewall, it just means that the machines that you want to have routable addresses can have them.
I already want more IP addresses. I have a server which hosts websites for various domains, but only uses 1 IP address. That works for HTTP because it sends the hostname as part of the request, but nearly every other protocol doesn't. That means that I can't deal with HTTPS easily, and makes configuration of things like mail much harder. If each host could have its own IP then it would make management and configuration much easier. It would also make it possible to have much more fine-grained control over services and access to various IPs.
I can just picture you when they finally start selling flying cars: "Hello? I already have transportation, it's called a car. In many ways it's better to move slowly in gridlock. At least that way if you have an accident you're only moving 4 miles per hour!"
Is that right? Lessee:
2^128 = 340,282,366,920,938,463,463,374,607,431,768,211,45 6
A number which everyone knows should be verbally expressed in English as:
Three hundred forty undecillion two hundred eighty two decillion three hundred sixty six nonillion nine hundred twenty octillion nine hundred thirty eight septillion four hundred sixty three sextillion four hundred sixty three quintillion three hundred seventy four quadrillion six hundred seven trillion four hundred thirty one billion seven hundred sixy eight million two hundred eleven thousand four hundred fifty six.
That's in the American naming system, of course. In the British system, it would be:
Three hundred forty sexillion two hundred eight two thousand three hundred sixty six quintillion nine hundred twenty thousand nine hundred thirty eight quadrillion four hundred sixty three thousand four hundred sixty three trillion three hundred seventy four thousand six hundred seven billion four hundred thirty one thousand seven hundred sixty eight million two hundred eleven thousand four hundred fifty six.
(Interesting to note that the British version is nine characters shorter, plus has the capability to scale much higher without extension).
In the interest of brevity, I shall forgo the Spanish, Italian and French versions, and I regret to say that I can't count that high in any other languages, though I'm certain it's possible.
So, I think the number is *quite* adequately named, thank you. Now there's not a single word for it, but few numbers have single-word names, simply because there are too many numbers, too few phonemes and no real need. If you want a single-word approximation, "undecillion" should do nicely, or "340 undecillion", since Mr. Christman seems to find that form acceptable. The ideal expression is, of course, "two to the hundred twenty eighth", which is short, completely accurate and gives a strong hint as to the origin of the value (a string of 128 bits).
Yes, I *am* the guy everyone avoids at parties.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
I don't think IPv4 addresses will run out by 2005, especially as more and more people/organizations implement more NAT. I work for a statewide ISP, and we've found that the new IP addresses we just got from ARIN a year ago are being returned to us in large numbers (thousands) by customers who are now persuing NAT solutions and using smaller subnets of 16 addresses or less.
Ipv6 addresses are 128 bits, so there are 2^128 ~= 3.4E+38 addresses. Log10(2^128) ~= 38.5.
So IPv6 has a bit over the cube-root of a Googol addresses.
I can't believe how many people have commented that there is no need for IPV6 because of NAT. Are you really willing to put up with the limits of NAT when you could give every computer its own routable address?
NAT does a decent job of allowing you to surf the web using a non-routable IP address. For anything more advanced it starts working less and less well.
I, personally have had many troubles with NAT:. Games which don't work properly unless they have huge ranges of ports exposed to the net. Instant messenger apps which fail in subtle ways. Brain-dead DHCP servers which don't properly pass on DNS settings, etc. Add to that the fact that the DHCP/NAT combination in most consumer boxes (like Liksys routers) is awful. You can port-forward from the router to a fixed IP address, but if you're using DHCP, you never know what machine will get that IP address! Even when it does work, there are far too many programs that don't work right when something is on a non-standard port.
In fact, I don't just want each of my machines to have its own routable IP address, I want some machines to have multiple addresses. That way I can host multiple domains on a single machine and truly administer them differently. Right now HTTP sends a host neader so that you can have multiple domains on a single IP and things just work. On the other hand, HTTPS doesn't work like this, so you need a work-around if you want to use HTTPS. The simple truth is that today if you want to have multiple domains using anything other than straight HTTP on a single machine you really do need multiple IPs.
For many people, NAT is a comfort thing. They think they don't have to worry about patching their systems because they're behind a dinky broadband router. Hint: that's security through obscurity. The devices you're buying aren't meant as firewalls, they're meant to let joe-consumer connect two computers to the Internet easily.
The main reason I want IPV6 now is so that my damn Internet provider can't get away with charging extra for extra IP addresses. At the moment they can because they're relatively scarce, but I can't see them getting away with that with IPV6.
If you're content with your buggy whip, that's great. But I personally have a use for at least 20 IPs that NAT won't solve. So don't make a blanket statement that IPV6 isn't necessary. Maybe not for you, but some of us can't wait to have it.
According to the designers of the kame implementation, IPSEC was explicitly designed to be point to point or one to many. The ability to determine the source of an ipsec packet is part of the protocol.
If you use NAT and you can't use header authentication then you do not support IPSEC completely, and actually, you make 1 of the 2 primary uses for IPSEC impossible, hence it is absolutely correct to say that NAT and IPSEC are incompatible. That one specific use happens to work doesn't change that.
This was not done because the makers had somethign against NAT but because NAT and the idea of an authenticated point to point connection are simply incompatible.
IPv6 will increase the supply of addresses from 4 billion today to a number in excess of 35 trillion that is "so big that there's not a word for the number," says Cody Christman
Well let's take a look. IPv6 looks like this:
2001:0418:000C:0003:0000:CF00:C0A8:2E2E
So the highest number is 16^32, right? Which is roughly 3.4028 x 10^38.
Which is a little over 340 undecillion. Want it exact? It's 340 undecillion, 282 decillion, 366 nonillion, 920 octillion, 938 septillion, 463 sextillion, 463 quintillion, 374 quadrillion, 607 trillion, 431 billion, 768 million, 211 thousand, 456.
Plenty for everybody!
Check out more names of big numbers.
.
Punctanym: alternate spelling of words using punctuation or numerals in place of some or all of its letters; see 'leet'
Has anyone looked at the major carriers? Most mid- to large-scale ISPs will now provide IPv6 transit to those who ask. If you ask and the answer is no, there are other ISPs out there that will say yes. The backbones are ready, and the effects are reaching into ever-smaller ISPs. Clients are just waiting for the need.
The number, 2^128, or 340,282,366,920,938,463,463,374,607,431,768,211,45 6, can be read as:
Three hundred forty undecillion,
two hundred eighty-two decillion,
three hundred sixty-six nonillion,
nine hundred twenty octillion,
nine hundred thirty-eight septillion,
four hundred sixty-three sextillion,
four hundred sixty-three quintillion,
three hundred seventy-four quadrillion,
six hundred seven trillion,
four hundred thirty-one billion,
seven hundred sixty-eight million,
two hundred eleven thousand,
four hundred fifty-six.
That's a lot of IP addresses.
You are allowed to omit parts of IPv6 addresses when connecting to hosts in the same subnet as you.