Slashdot Mirror
The Impending IP Crisis
Factomatic writes "With the supply of IP addresses expected to run out by 2005 due to the popularity explosion of the Internet and the expectation that everything from your phone to your washing machine will soon have its own IP address, Alex Lightman, CEO of Charmed Technology and chairman of last month's North American IPv6 Global Summit tells the New York Times "we're going to need something like 100 IP addresses for each human being." IPv6 will increase the supply of addresses from 4 billion today to a number in excess of 35 trillion that is "so big that there's not a word for the number," says Cody Christman, director of product engineering for Verio, which offers IPv6 in San Francisco, Washington and elsewhere. The article is a good layman's backgrounder on the looming IP crisis."
Yeah, but those 100 IP addresses can be behind a household NAT and share a single IP address. With the way people use the internet today, I'm not sure the crisis is so serious...
As with everything like this, the powers-that-be (i.e., the telcos and ISPs) will drag their heels until they are either forced to change, or they are convinced it will increase profits. Expect the changeover to go extremely slowly. Expect providers to try every trick in the book to milk their existing network for every last day they can possibly profit from it. The fact that the economy is in the toilet doesn't help either.
Like woodworking? Build your own picture frames.
I'm sure I saw this exact same post on /. in 1998. Except then it said we'd run out of addresses by 2000.
Hello? There's this thing called NAT, you see, and in many ways it's preferable to not have every one of your 100 IP-enabled devices sitting there on the real internet just waiting to get hacked.
Cheers
-b
unless a new prognostication that 'the end is nigh, in 2005' passes as news. everyone knows it's gonna happen. just as we all know that with NAT and proxies, most of it can be safely delayed by tech companies until they have an outside fiscal force to upgrade.
and i doubt my fridge will have an IP address anytime -before- ipv6 starts to be rolled out en masse.
as with all pure tech - it needs that killer app. something needs to come out that is so fantastically great that everyone has to have it - and it needs to require ipv6. until then - at best we'll be going dual-mode.
good luck finding that app, and educating users what it is, and what it does.
// "Can't clowns and pirates just -try- to get along?"
Isn't this a little overdramatic? Crisis? Having to switch to an updated protocol is a crisis?
Or perhaps there should be just one IP address assigned to every person and then you can have a device ID for everything they own. Why does each device need a globally recognizable unique ID? It would seem to make much more sense to go the device ID route, since then if you know a person's individual IP, you can say that I want to send a message to "so and so's pager" or "so and so's home computer".
Making an allocation of 35 trillion addresses is all great and good, but the underlying question is... why?
KappaStone
Why does every human need 100 IP addresses? Home routers seem to solve a lot of the problems. A simple IP Masq fix...
As for the days of every appliance in our homes having an IP... I think that dream of the late 90s has been shelved for a while. It'll probably be decades, if ever, before our fridges are calling up to get food delivered...
The average home generally has a couple PCs / laptops...maybe an XBox or PS2 connected to net.
IPv6 will increase the supply of addresses from 4 billion today to a number in excess of 35 trillion that is "so big that there's not a word for the number,"
how about "thirty six trillion" ?
I know. The whole statement is pointless. He may as well have said that IPv6 will increase the supply of addresses from 4 billion to a number in excess of 10 (...yada yada.) There are LOTS of numbers between 35 trillion and numbers that have no name.
My journal has hot
Why on earth would you need 100 addresses per human being? I can for see needing two at most, one for your home and one for your "mobile communication device". Your home would have a router and use private addresses for all your home devices. Your "mobile communication device" would have a router and use private address for all your other devices via bluetooth or whatever comes next. Does this not make sense, or I am being short sighted?
Later,
Phil
The problem is an IPv4-based internet. If it had been designed to allow for future expansion of addresses, there would be no problem, but since every backbone and every router built prior to IPv6 standards being implimented has 4-byte addresses, then the entire world has to be transitioned before IPv6 addresses can go into commercial use.
Does it need to be done? Eventually, yes. Is it an emergency? Not at all. Not every single device out there has its own global IP address and they never will, people. There's no reason for them to work that way, and doing so would only clutter the already messy network we call the internet.
KappaStone
Thinking about it a bit, that could actually be a problem.
Imagine the impact all the toilets in a couple square blocks of New York City flushing simultaneusly would have on the water supply.
--
Phil
I want to see IP as more of a general resource like electricity or water. You just plug anything into your wires/pipes, and it gets full access to the resource. Want more things getting water such as a washing machine? Then just run another pipe to it and it's got access. The current hacks of NAT are equivalent to only being allowed to install one tap in your house, and "proxying" the rest with buckets. Why cant it be like a water or electricity supply?
Those saying 'we have plenty of space left' obviously dont realise that the reason for this is that the current allocation policies for IPv4 make it impossible to get space for arbitrary devices. Yes, if you only allocate one IP address per gateway, of course you wont run out for a while. But that then mandates the use of ugly hacks such as NAT. A single tap per house/organisation.
To make full use of the potential of the net, one must be able to freely allocate IP addresses to any devices that want them, no matter how trivial it may seem today. Back when IP was invented, it was never in anyones wildest dreams that there would be an address shortage. There were barely a hundred hosts yet 32 bits of space. Look at what's happened in 20-odd years!
Lets not make the same mistake today.
Sparks:Gadget:Beer Maker
These articles remind me of FOX news... total sensationalism to drive advertising & page views.
Whether you "approve" of NAT or not, the truth is that it is a very effective band-aid that has hindered the progress of IPv6 because it works so well. We'll be on IPv4 for at least another ten years.
One of the major contributing factors to problems such as spammers and crackers is that it's so darn easy to scan subnets in IPv4 for open hosts. It can take under a minute to scan a complete /24 for hosts with open ports.
Now with IPv6 this situation is different. Each subnet has 64 bits of address space. That is, 18446744073709551616 IP addresses per subnet. Now, if someone could portscan at the rate of 100 addresses per second (pretty impressive), then each subnet would take 5.8 billion years[0] to scan for hosts. For one subnet! And to put this in a wider context, each site in ipv6 has 65,000 subnets. Effectively making network scans a thing of the past, and massively increasing security of the 'net.
Of course, one can still scan known hosts (eg from web server logs), but doing that is a heck of a lot harder - you'd need to get them in the first place.
[0] Said with appropriate finger quotes.
Sparks:Gadget:Beer Maker
As a networking engineer, I am very concerned about the impending doom of IPv4 addresses running out.
But I am even more-so concerened about the sun burning out, because that would mean catastrophe for the human race! (not to mention it would mess up our nift wi-fi stuff!)
Seriously- with stop-gaps like NAT and ISP's recycling IPs from a pool for all users, its not gonna kill us.
Let cell phones work out this ipv6 thing, then tunnel, then upgrade piece by piece.
In the future, I would want to not be isolated from my friends in the Space Station.
That'll be the average home out of the thin slice of humanity that can afford two PCs. I suspect, although have absolutely no evidence to support it, that the average is nearer 0.05 PCs per home.
Sorry, I didn't mean to be so annoyingly righteous :) You're right about the IP stuff.
NAT for your car?
NAT for your PAN?
NAT on a plane?
How many protocols have been kludged up because of having to get around NAT?
Easier VPN's and Voice/Video are two things I can think of.
On a slightly different note, anyone who says NAT's good for security...wow.
I see a lot of individuals saying, oh we can just NAT. Well thats not the point here. For many environments NAT is not a functioning option. Not to mention, until the ISP and providers are running IPv6, we are still forced to route at the gateway. It's not NAT, but it's also not truly IPv6 either (read: 6to4 host). This is all great planning for the future but right now IPv6 is simply something to play with and get used to for the future. I'm running it at home, have been for some time (using 6to4 unfortunately) and I've not really seen any great benefits. There will be great benefits in the future, but we are not really able to enjoy them yet. At least until the infrastructure that delivers my connectivity is upgraded I won't. Until then I'll have to enjoy the dancing turtles (kame) and hope it catches on soon.;p
"Reality is a crutch for people who can't handle drugs" - George Bernard Shaw (1856 - 1950)
No, we should withdraw all the A-class networks that are unnecessarily allocated to US companies.
OTH - I'd rather move to IPv6.
it's in my head
Backbones are already upgrading to IPv6 enabled software and hardware. My employer has plans to run dual-stack IPv4 IPv6 later this year which means that any existing IPv4 customer can give us a call saying "enable v6" and we can do it that day. (assuming they have their hardware/software in place). No tunneling, no 6to4 gateways, it'll just work. I see no long-term viability of the 6to4 gateways, in the same way that we didn't see caches go mainstream for every internet user. (yeah yeah, some of you will claim bittorrent is a large distributed cache, and while that might be the case, i'm talking about for most of the general public, the AOL/IE users that don't know how to spell IP).
If you also see one of my previous comments on IPv6 here about who is supporting it (note, what you might define as a backbone isn't what the rest of the network might..) and has existing routes in the tables, you'll get an idea of who is at least prepared for the new future of impossible to read ip addresses.
If everyone runs dual-stack v4v6, you'll see the ability to access your existing services while continuing to be able to gain access to the IPv6 content. Personally, I've seen that in cases like where a RedHat release comes out, I can get faster transfer rates going to the IPv6 mirror than the IPv4 mirror. Everyone is hammering the v4, which makes the v6 available for me :). I'm just waiting for Linksys (now cisco) and the other consumer product people to realize that they need to upgrade their devices so they can do IPv6 nat for those cablemodem routers, etc..
Here's where I think that the local loop (dsl, cable) providers can go and start to seriously make money and make IPv6 viable: IPv6 enable your network, then offer VoIP services over SIP enabled devices. This way you don't run out of numbering space (ip and pstn). (Trivia: how many ips would it take to convert the existing PSTN network to VoIP, if each phone number required an IP address).
The shortage of IP addresses has been a "crisis" for over a decade now. CIDR and NAT have pretty much kept it under control, and could continue to do so for a while yet. As people have been pointing out, we only need a unique address for each personal accessory if we need end-to-end connectivity from my left shoe's inflation co-processor to every networked nipple ring in Norway.
Nonetheless, IPv6 is moving forward, and for a much simpler reason: money. The US military recently placed a deadline on IPv6 deployment, and they will no longer buy anything unless it's ready for IPv6 or its vendor promises it will be soon. Many of the key companies in the networking market need to sell to one part or another of the US DoD.
This requirement is putting IPv6 support on the development schedules of many companies that had been perpetually putting it off. Expect the US military and government to push ISPs for stronger IPv6 support so they can interoperate with their suppliers in their preferred fashion.
In other words, if you don't have a killer ap, get a killer user.
The killer app that you're looking for are 3G cell phones,
Every 3G cell phone has to have a IP address, and thats quite alot if you're talking about IPv4 addresses.. So a solution must be found, which people will find in IPv6.
I expect IPv6's rise to be concurrent with 3G's adoption.
IPv6 will increase the supply of addresses from 4 billion today to a number in excess of 35 trillion that is "so big that there's not a word for the number," says Cody Christman, director of product engineering for Verio, which offers IPv6 in San Francisco, Washington and elsewhere.
How about 1.1 mole
Cody Christman's high school science teacher must be very disappointed. :=)
Agreed. In the last 5 companies I was an administrator, only one had public IPs on their machines. The company had bought a couple of class-Cs a few years back...then put them behind a natting firewall (no wonder they needed a new admin). There are very few reasons any company would need more than one or two public IPs. Okay, much larger companies will need more to cover a large range of campuses, but since the vast majority of companies are small/medium size (under 1000 employees), they're rare. As for phones needing a public IP, why? Hell, there's really no reason an ISP needs to give out public IPs, either. Well, maybe one: customers who have need of a VPN w/ their company. No problem, a lot of broadband ISPs already charge extra for the "right" to use this type of technology, force the issue by paying a little extra for an IP. It would also cut down on viruses and worms a little, as those machines can only really be hacked by people behind the same firewall now.
Okay, that was a bit of a ramblin' rant, but this really pisses me off. I'm tired of hearing how we're running out of addresses when the simple solution is to stop friggin' using them!
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
"There are too many addresses. There are 16.7 million addresses per square metre of the earth's surface, including the oceans. This is overkill. The world does not need more than the 4 billion addresses available with IPv4, and I challenge you to come up with an application that requires that many."
How about the PC? Since there are around 6,306,837,471 people on the planet right now, so already there aren't enough addresses even theoretically possible for everyone to connect to the internet, forgeting all the servers and network routers. But the most limiting factor to giving out IP addresses is the fact that you can't just get an IP address from some guy in Egypt, because part of the address indicates what network you are on, so to imply that there are 4 billion globally available addresses is just dumb math and disregards the nature of IP routing. The only potential way for the wired Internet to remain as it was intended, an end-to-end international communication network, is for IPv6 to be deployed globally so that to say that you are connected to the real internet means an IPv6 internet.
I disagree. Using unique IP addresses whenever possible is the way the internet is supposed to work. This NAT stuff is just an awful, awful hideous hack. The correct solution is IPv6, not NAT ourselves forwards and backwards.
Of course we'll run out of IPv6 addresses.
... but surely something will be invented that calls for more addresses.
Not right away
For example, teleportation might require separate addressing for all possible energy states of all elementary particles in the teleported object.
Don't say it can't happen. Remember when 64k was all the memory anyone would ever need? and a megabyte hard drive was out of your price range?
-kgj
IMHO, NAT would almost be completely unnecessary if the IP space was better used. All registries have such statistics, just check for yourselves in the APNIC, ARIN, RIPE, and others...
Nevertheless, there is so much you can (NOT!) do with NAT, especially peer-to-peer and applications that use UDP.
In a way, we're not talking about the Internet here. We're talking about a company's, or even an ISP's, private network which also has access to the Internet. Giving those machines puplic IPs is not only a waste of address space, but a security risk. Those that need to access the Internet don't need public IPs. Those that need the Internet to access them, do. Forcing the world into a MAJOR move to IP6 just because you consider NAT a "hack" is unreasonable. NAT works, and works well. There's nothing I can't do behind NAT that I can't do with a public IP (including VPN, that's just easier with a public). The correct solution is to not give Nancy-in-accounting's printer a public IP, or worse, have to force accounting to upgrade that printer because its hardware doesn't support IP6.
Shame on you for suggesting otherwise.
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
I agree that there are a number of protocols that these places use that simply cannot be NATed, but IMO they need to quit catering to these broken-ass apps, NAT the system and tell the users to get software that plays nice.
You're right, let's get rid of all games.
Hell, there's really no reason an ISP needs to give out public IPs, either.
Because no one plays games online, right?
What? "broken"?? My god, referring to the correct, as-designed intended use of the protocol as BROKEN!
I know, let's just forget about Host Requirements, and about a richly-interconnected fully-reachable peer-to-peer network. That old Internet stuff is just "broken". Let's build us a hierarchical circuit-switched network, and then appoint a monopoly to manage it!
Actually it doesn't.
Even with IPv4 there is clearly a deficiency in the naming system, or at least in the way it has been implemented and managed.
It was supposed to be multi-level, and it has been abused until it had only one-and-a-half level.
The result is that all the usable names are taken, and there are by far not enough names to assign a name to every IPv6 address.
Sounds to me like one of many Mozilla standards zealot arguments.
A: Why doesn't Mozilla popup image ALT text as a tooltip?
B: Because it's not meant to do that, the standard says so.
A: But nearly every other browser does it!
B: But the standard doesn't say you should.
A: But many websites use this functionality anyway!
B: But the standard doesn't say you should.
A: These sites are *already using* this functionality! Why are you building a browser that doesn't work properly with a large number of websites, and when implementing this functionality wouldn't hurt anyone, and may even help accessibility??
B: Because the standard doesn't say you should.
ad infinitum...
== Jez ==
Do you miss Firefox? Try Pale Moon.
There are *huge* swaths of IPv4 space allocated to defunct organizations, wasted in various unallocated space, etc. Take the /8s, for example... I doubt *any* company with a /8 utilizes more than a tiny fraction of that space. There are *dozens* of /16s that aren't even routed. IPv4 could be stretched out for quite some time if ARIN were to actually do something besides collect checks.
I agree that there are a number of protocols that these places use that simply cannot be NATed, but IMO they need to quit catering to these broken-ass apps, NAT the system and tell the users to get software that plays nice.
Um, you have it backwards. There is nothing broken about those apps. They are using the internet the correct way. NAT is breaking them. These places need to quit crippling their users to cater to broken-ass networks.
NAT works okay when I'm controlling the box doing it. I can hack in special stuff to handle esoteric protocols which expect a public IP.
If my ISP runs the box doing NAT, there's suddenly a bunch of things I won't be able to do anymore, and I'll promptly switch ISPs to one which will let me use the Internet as it's intended.
I like the idea of lots of IPv6 addresses, enough to provide for ISPs to provide each subscriber with a static IP address.
Open relay? Source of spam?
Guess what? When re-connect you get that exact same address that is going to be at the receiving end of irate spam recipients!
No more evading consequences through the magic of DHCP.
And, for one-time lusers that change ISPs after each offense, the responsible ISP that has clear identifying information (I had to show a driver's license to get my account) about said spammer can post `em to a blacklist. Irresponsible ISPs can simply have themselves blacklisted wholescale.
"Provided by the management for your protection."
The Mozilla argument (B) is correct. Your argument should not be "everybody does it" (everybody does lots of shit that sucks too), but "the standard should be UPDATED to require this feature because it enhances usability".
It's 10 PM. Do you know if you're un-American?
How much does it cost me to get an IP address for a year? About $150 including server space.
Where I used to work (on-site gov't contractor) each machine had a "real IP". That's nothing 192.168.1.* can't fix. The issue is with the way people purchase huge blocks of IPs at once. If we'd stop selling 134.*.*.* to one entity, we'd be fine for a while longer.
From one of the linked articles:
In one solution, a single IP address is assigned to an entire network, which then gives out its own addresses to the devices attached to it.
But such approaches are not long-term solutions, said Alex Lightman, chairman of a conference... to discuss the next generation of IP addressing, known as Internet Protocol version 6, or IPv6.
I think Mr. Lightman is being a bit alarmist. There's no reason any ISP needs more than one IP.
At any rate, as long as any schmoe can go and purchase an IP at an ISP/web host for nuttin', I can't imagine we're even close to out and that there aren't millions of IPs that we can consolidate before we get so alarmist.
It's all 0s and 1s. Or it's not.
When people are connected to the Internet, they usually obtain one public IP, usually not static. If the fridge, the DVD player, the printer, gets its own IP, it will be a private one, NAT-ed, and somewhat protected from the outside.
The IPv6 world won't know NAT, as its goal is somewhat to destroy it. Someone from Australia could connect to my fridge if everything in house becomes connected. It all becomes wireless, you'll even forget that your camera is on the net. Even with a much greater address space, we'll all need to firewall our connections.
I suppose that easy-to-use firewalls will be in every home in a few years. Still, any failure in programming them, any exploit in a well-known brand, could lead to a disaster for people much greater than having its computer hacked: fridge at 20C, heating at 40C, camera becoming a public webcam, TV and DVD giving back what you've seen yesterday, palm giving your agenda to the world...
Christophe (Don't hesitate to point out my spelling and grammar mistakes, I want to learn - Thanks).
it's not as simple as you're indicating, not by a long way.
No, but all it takes is one "genius" to figure out he can acces the whole Internet without the restrictions his company's IT department places on him by just setting up a modem and dialing his ISP.
thats irrelevant to the discussion. the loon can do that whether the co uses public or private ip's. the network isn't suddenly more vulnerable because it's on public addresses.
I change the address ranges in my DHCP servers
definately not as easy as that. dhcp is great for workstations but you'll also have servers on static's that need to be accessed by all and sundry, routed networks that may clash, vpn's from site to site that need reconfiguring, internal DNS/WINS all needs to be redone. it's a major hassle for a medium size company and up and if you're not careful it'll become a routing nightmare. oh yeah, don't forget the fun that ensues when you have internal firewall's that need reconfiguring too
re double NAT: Hardly an issue
nowadays it's not a huge issue... usually. some older nat implementations do things slightly differently and you can get issues with double nat.
lots of protocol's work fine over NAT, web browsing, dns, irc (but not dcc) etc, but there are other protocols that are more complex, and not due to design flaws, but because they have to be. audio/video conferencing is a case in point. it's not silly at all, at my last company we had one organisation with multiple high bandwidth (ie, 4meg, 30meg, even 155's and 622 meg lines) lines connecting two dozen sites for both data and, of massive important to them, video conferencing. internet telephony is a complex protocol due to needing to coordinate mulitple callers etc, and it needs lots of seperate data streams. and it's something that is seriously growing in useage around the world.
nat makes it bloody difficult and requires you to start forking out for expensive firewall's with application level packet inspection to eke out the data it needs to nat it all properly, it's also expensive in processing time on the fw. if it were all ip6 publically address packets then alot (thought, not all) of that work would go away.
NAT is a dreadful hack and while it's working now, the direction we're moving things in is making it more and more annoying. ip6 has some good ideas in it and the massive store of addresses is very useful.
I can see a time fairly close to now when every mobile phone will have it's own ip6 address, and no, I don't think it's excessive at all. ppl will have icq (or somesuch) running on their mobiles, they'll be sync'ing their address books over bluetooth 8 (UWB edition) and their phoens will be working out who in the room is an ideal love match, and why shouldn;t they?
I seriously expect that mobile providers will start assigning ip's to phones and I reckon it'll start with ipv6 addresses (as I also expect it'll start in europe, and ripe will never allocate that many ip4 addresses).
thoughts?
dave