The Impending IP Crisis

Factomatic writes "With the supply of IP addresses expected to run out by 2005 due to the popularity explosion of the Internet and the expectation that everything from your phone to your washing machine will soon have its own IP address, Alex Lightman, CEO of Charmed Technology and chairman of last month's North American IPv6 Global Summit tells the New York Times "we're going to need something like 100 IP addresses for each human being." IPv6 will increase the supply of addresses from 4 billion today to a number in excess of 35 trillion that is "so big that there's not a word for the number," says Cody Christman, director of product engineering for Verio, which offers IPv6 in San Francisco, Washington and elsewhere. The article is a good layman's backgrounder on the looming IP crisis."

Imminent death of IPv4 predicted!!

[krog]

Great, another "we're running out of IPs, really, for real this time guys we mean it" story. I mean, sure, IPv6 will eradicate this problem (while introducing a slew of new ones) but IPv4 is fine for a while. We should just revoke the IPs for China and other firewalled nations who dont' play nice with DARPAnet.

Re:Imminent death of IPv4 predicted!!

[VPN3000]

I don't see this as being much of a crisis. I've worked for several companies that employ ~10,000 people, most of which have systems connected to the network.

I remember in 1995, every Windows box had it's own public facing IP. Then over the years, everyone who could use NAT was moved over to private IP space.

The 'crisis' is really another example of media fear-inducing hype. Worst case senario, your ISP will begin issuing private IPs for for customers with basic accounts.

Yes, some things will break. But there's not much out there that doesn't function in a NAT enviroment from a client standpoint.

It'd also save ISPs a lot of headache with customers running unauthorized services.

I can already see the call to tech support..

customer "My web server/P2P/Warez FTP/etc doesn't work now that you changed my account to use a private IP."

ISP "Well, sir. You can upgrade to a business class account and get a static, public IP address."

customer "DOH."

I don't know about restricting the usage of IPs in countries that the US has a political agenda against. That would seem to defeat the whole idea behind the Internet. At least, that idea that was lost when Ebay and Amazon started suing everyone under the sun. It would keeps us going for a while longer, but I can see the NAT thing happen before that.

Personally, I would like to see one of the educational networks grow to a decent size and allow commoners onto their network with the restriction of no commercial activity. How I miss visiting Usenet and content outnumbering SPAM.

Also, doesn't Mercedes and a bunch of other companies that don't need an excessive number of IPs still have their own Class A? I know when I worked at an ISP that gobbled up a bunch of other companies in the late 90's, they were forced to hand over tons and tons of IP addresses because they could not prove they were actually being used for anything useful. That's what I was told, mind you I could see something underhanded going on since public IPs are quite a commodity these days.

Re:Imminent death of IPv4 predicted!!

[Tackhead]

> The 'crisis' is really another example of media fear-inducing hype. Worst case senario, your ISP will begin issuing private IPs for for customers with basic accounts.
> Yes, some things will break. But there's not much out there that doesn't function in a NAT enviroment from a client standpoint.
> It'd also save ISPs a lot of headache with customers running unauthorized services.

*applause*

Port 25 filtering would finally make sense - no more luzers with open exploitable proxies spewing bilge from attbi.com, rr.com, pacbell.net, comcast.net, and so on.

Add to that the possibility of doing ingress filtering, and you've got something that wouldn't just be less expensive for tech support, but a little safer for Joe Luser, whose unpatched box would be on a private subnet.

If the skript kiddie can't talk to port 135, 137, 138, 139, 445, or 1900 of Joe's box, he's gonna have a harder time 0wning him.

Re:Imminent death of IPv4 predicted!!

[Cheeko]

You mean like HP which now has two Class A's (HP and DEC) and a couple of class C's from the combine companies.

Re:Imminent death of IPv4 predicted!!

[Suidae]

we should withdraw all the A-class networks that are unnecessarily allocated to US companies.

And EDU's too. There are many universities with many tens of thousands of IP addresses, most of which are unused. One I know of has at least one class A, a couple B's and several C's, and they have a grand total of about 6800 addresses in use.

I agree that there are a number of protocols that these places use that simply cannot be NATed, but IMO they need to quit catering to these broken-ass apps, NAT the system and tell the users to get software that plays nice.

We would have plenty of IP addresses for then next decade or so huge chunks weren't being wasted like this.

Re:Imminent death of IPv4 predicted!!

[AndroSyn]

Well see, private networks should still have public addresses. Just because the address space is public doesn't mean that you still don't use firewalls. NAT != firewall nor does it equal security. As for Nancy's printer, it can keep using its IPv4 address, as IPv6 machines can talk to anyways.

Now consider this, say if your internal networks are using 10.0.0.0/8 for its addresses. What happens when your company merges with another and the networks get integrated and suddenly you realize that the other company you are merging with also uses the same address space. Now suddenly you are faced with the task of renumbering lots and lots of devices, reconfiguring routers, firewalls, servers, printers, etc, etc.

I'll agree that NAT can be useful given the current situation, but its a hack to put off the fact that we are running out of IP addresses. With IPv4 you can't even assign one address per person in the world.

Also I noticed in your parent post of having ISPs give their customers private addresses. Consider if internally they number one way themselves, and then customers NAT themselves. You end up going through how many layers of NAT? And what does this solve, other than breaking whole design philosophy of IP in the first place.

Ever here of fixing the cause rather than the effect?

Shame on you for wanting to break the Internet.

What's wrong with IPv6

[wayward_son]

Sounds like a solution to me.

It's just going to be a pain in the ass to get every one switched over, though.

Re:What's wrong with IPv6

[garymm]

would this mean new firmware for every router/DSL modem on the earth? honest question

Re:What's wrong with IPv6

[riflemann]

Backbones should switch over first, proxying ipv4 over ipv6, then propogate downwards.

Please do a bit of research on the interoperability of Ipv6 and Ipv4. A large proportion of the Ipv6 effort has been on efforts to ensure amooth migration and interoperability. You dont need an ultimatum, just let both work then gradually turn off Ipv4-only services. No one will notice if its done correctly.

As for the OS and device makers, simply make dhcp check ipv6 first, then fallback to ipv4. That'll be transparent for all the chuckleheads who would ignore the "switch" thing.

Fyi...

All dual stack implementations today first attempt to use IPv6 versions of protocols, and only if that fails do they resort to Ipv4. All of my boxen for example will do the following:

1. Do DNS lookup

2. Get IPv6 address and IPv4 address for hostname.

3. Attempt to connect to IPv6 address first.

4. Otherwise try Ipv4 address

Any correctly written application will automatically use IPv4 and IPv6 without special intervention. The IPv6 bind() call binds to both v4 and v6, for example.

So, your concerns have already been addressed. :)

valuable IPv4 numbers?

[MacBrave]

I wonder if once the world goes to IPv6 the old IPv4 numbers would become more valuable, sort of like a low numbered /. account.......

Are We or Aren't We?

[davemac30]

Could it be that people who have a vested interest in the adoption of ipv6 are more likely to try and alarm us about the impending IP crisis?

Here's an alternative view from Paul Wilson, director general of APNIC, which suggests that we have 20 years left at the current growth rate.

Re-claim unused address space

[packethead]

It's probably been mentioned, but what about companies that have a single or multiple CLass "A"s that could just NAT? I was at a Ford dealership recently and noticed that they had a printer on a public address. Now it was probably NAT'd behind a router, but 5h1t! NAT an RFC 1918 address, not a public one!

Re:Not so much a crisis...

Because we have to do so eventually anyway?

Upgrade the internet: it gets faster and ends up with more addresses.

Don't upgrade: the internet runs out of addresses and suddenly everyone has to be a NAT/Firewall expert.

Having one point of entry can be a *real* drag. Lets say someone makes up a cool protocol to communicate securely with IP enabled items in your house. Suddenly, you can cancel the sprinkler system when you see it getting stormy outside, or you can tell the oven to pre-heat to 450F just as you are leaving to head home (etc etc). Now, lets say everything has an IP. Wonderful, you connect to the IP, you get authenticated, you are cookin with gas.

Now, you have one IP. Suddenly, you have to set up a forward for EVERY damn item in the house. You can't assume ports for different services because you may have more than one of those services running. And now, lets put interoperability in and contemplate trying to connect to someone else's home-grown NAT setup.

Thanks, but I'll go with more IP's over more NAT's. NAT's are nice for giving a lot of computers access to the internet, but not good for putting a lot of services on the 'net itself.

Re:100 addresses per human being?

[Telex4]

I think when they say we need 100 addresses per human being, they may be referring to the total number (so about 650bn?), not the number that each human uses. Not all IPs are tied to individuals... Slashdot, Google, games servers, FTP servers, DNS servers, all kinds of services require IPs, and so I suppose they're saying that if we dished all of these out to individuals, we'd each get 100. Sounds a little excessive to me, but what do I know? :-)

Re:Is it just me or...

[MImeKillEr]

Is it just me or is 2001:0700:0700:0003:0290:27ff:fea2:477b much harder to remember than 209.174.99.125?

Yup. Much easier to remember the current scheme than it is to remember what basically looks like a friggin' MAC address.

Heck, I can't remember my MAC address 2 minutes after looking it up.

Two questions:

1) Why are they going this route? I mean, they're only using alpha characters A through F, right? Wouldn't they get more addresses by simply adding another four octets? It seems like it'd be easier to remember 198.163.192.99.147.80.112.6 than that listed in the article..

2) What would be come of 127.0.0.1?

Someone with good math, pipe in and give the formula for the proposed IPv6 vs. the current scheme with four additional octets?

My company has a ton of IPs...

[smkndrkn]

...that they do not use. This is because they were one of the first companies on the scene when the Internet started. But we have TONS and TONS of IPs that are not in use. I bet that if companies like mine gave all the un-needed IP space back we'd be better off for a while.

Re:Imagine the uses

[dasmegabyte]

Alright, so I'll have 100 devices that require an IP. I could see that, although I fully intend to become a luddite sometime after OS 10.5 comes out. My question is this: does each device that has internet connectivity NEED its own IP?

And of course, the NAT community says NYET.

The end user's desire for privacy and security combined with the world's ISPs' need to cut down on the number of machines running active web/ftp/samba/gopher/finger servers over their lines (and essentially bypassing their commercial services, which is where the real money is), will eventually mean that all consumers will be given a single IP, or less, from their provider. And you'll have to make do or pay a huge fee.

(What, you think just because IP banks are massive with IPv6 that your ISP is just going to give you a shitload of them? No dice, kid. They'll make you pay just like everything else, and try to tell you it's a deal.)

But this is not necessarily a bad thing. Most connection sharing devices -- routers, gateways, access points, etc -- also act as a pretty good form of security. They close devices off from the rest of the internet, unless you explicitly allow internet users in. I'm pretty much unworried about the threat of hackers getting into my printer; all i have to worry about is hackers getting into the router. And a single path of entry makes it easier to cut them off as well.

Sure, you can get a personal router with IPv6. But you don't HAVE to, and a lot of people won't. So the current scheme is forcing people to use slightly better security. And while roughly 4 billion addresses isn't enough for every widget on the planet, it's far more than the number of conceptual groups on the planet. One IP per organization or per household...should be enough for a LONNNNNG while.

Re:IPv6: A Protocol of Failure

[Brandon+Hume]

I'm not sure you know what you're talking about.

1. Cisco routers suck at IPv6 because Cisco has been dragging its ass getting a production release of IOS which supports v6 out. That will be fixed this summer, I'm told. And considering the problems Cisco has been displaying in IOS, are you sure it handles IPv4 that much better?

Your points 2, 3, and 4 are just the same thing repeated: "IPv6 addresses are big".

2. IPv6 has ROOM TO GROW. It takes the /64 link-local address, and pastes on a 64 bit length for routing, and gives you an IP. You get your autoconfiguration, and your routing, and it's nice and neat. 64 bits is a perfectly reasonable size of data to expect to deal with at any particular time; we're already moving into a 64-bit computing world.

If you want an application that requires loads of addresses: cellphones. Pagers. PDAs. You can NOT use NAT for millions of remote communications devices trying to talk to *other* remote communication devices. NAT *breaks* things. Anyone who has tried to connect a machine behind a NAT to a remote machine which is also behind a NAT knows what this is about. (And if you have to manually configure a port forwarding, or designate a DMZ, then something is broken!)

I'm getting tired of the "IP-enabled fridge" remarks. Someone suggested something like that a long time ago as a "you possibly could", and people who don't understand the technology and don't want to understand the technology jumped on it as an example of pointless waste, as if such things were the driving force behind v6. It isn't.

3. You don't understand how IPv6 routing works. IPv6 does NOT take the IPv4 world of "a.b.0.0/16 is reachable via c.d.e.0/24 which is reachable via z.y.0.0/16 AND x.w.u.0/24 and..." IPv6 routing is a strict tree to explicitly combat that problem. How do you get to abcd::/32? You go through abc::/24.

*Reducing* the size of the core routing tables is an EXPLICIT DESIGN GOAL of IPv6.

4. Again, you haven't done any research. IPv4 networks have a minimum MTU of 576 octets. The minimum MTU for IPv6 is *1280* octets. Yes, the header is larger. But the payload capacity has risen to match it. Your transport efficiency has not decreased.

I think you need to do some more reading on this protocol. And try, if you can, to not fixate yourself on the size of the address. If that was all that mattered, we'd all be using Appletalk.

A new form of the 'remote control' syndrome

[stuuf]

A similar revolution to what you are describing has already happenned in the audio/video/home theater industry. Remember when your VCR had that little door on the front that covered that huge array of tiny buttons for things like tracking, timers, tuning? Remember when you used a vcr? Now they have power, eject, channel, and transport controls. Everything else is on the remote that your universal unit can't emulate. Eventually the control panel on the washing machine will disappear in evolution, and you will have to run over to your pc, log into your washer, ener a password, start the cycle, etc. Or grab your cellphone and dial into your network's internet gateway (maybe dozens of routers away in timbuktu), connect to your home computer...

Some devices weren't meant to be remote-controlled. And by some, I mean most. And even if they need to be, they don't need separate global IP's. People seem to forget that each of these 4 billion ipv4's have 65535 TCP ports.

Re:Bullshit!

[Florian+Weimer]

IPv6 is bad because Cisco routers suck. No, wait, "Many of Cisco's routers" suck. You can' be serious! Once IPv6 gets off the ground, IPv6 will become fast path and eventually IPv4 will be dropped to legacy mode.

On most Cisco high-end routers, upgrading to larger IP addresses requires soldering (or replacement of fundamental router components, which amounts to the same thing). At the moment, only one or two linecards for the GSR series support IPv6 routing at wire speed (and the multi-purpose CPUs on the others are far too slow to route anything of importance). The 65xx/76xx series requires hardware upgrades which are not yet available AFAIK (several TCAMs have a word width which is too small for IPv6).

IPv6 is ready for prime time.

Not at a global level. The current approach to global routing is so discouraging that many people plan to continue using NAT (and IPv4) to gain the routing flexibility they need.

All the major OSses support it.

Only with a very reduced feature set, and most currently deployed embedded systems don't support IPv6 at all. For example, IPsec for IPv4 is much more widely available than for IPv6.

Aren't IPv6 addresses a bit long?

[sabNetwork]

I'm not an expert on IPv6 (nor IPv4 for that matter), but there is some practicality in question here.

Can you memorize 204.172.4.36? Maybe not at first glance, but after you type it in a few times, you probably will.

Can you memorize FEDC:BA98:7654:3210:FEDC:BA98:7654:3210? Definitely not at first glance, and very unlikely unless it is something which you must type every day.

Some people's jobs depend on entering IP addresses, and IPv6 addresses are just so unnecessarily long that typing them is a total drag.

---

Here's my RFC. 40-bit addresses. That gives you roughly a trillion addresses (a bit more actually), which is more than we should ever need. And you can write them in dotted-decimal format.
Can you memorize 430.168.957.249? Probably.

Re:Is no one using NAT?

[ivanmarsh]

We're going to switch the entire world to an unproven, currently widely unsupported IP stack based on the idea that gamers are too stupid to forward a udp packet?

If you've got your machine running with a public address and your not behind a firewall you're an idiot and your input into the future of the internet shouldn't hold much weight.

If you are running a firewall it's one more minor step to forward a packet. ...or go spend $70 on an internet gateway router that you can fill in two boxes on (IP Address and port) to do port forwarding.

I run a home private network and a corporate network with 600+ nodes on it and I'm using 5 IP addresses.

Most ISP's that charge per machine are actually charging per routeable IP. I've had that conversation with Charter. They don't care how many machines you're running on your private network as long as they aren't nabbing IP's from the DHCP.

Perhaps it's time to find a new ISP?

35 trillions won't be enough!

[christophe]

Fast forward 50 or 100 years... Everyone has Internet-enabled tools, chairs, glasses... whatever, because everything has a RFID inside, because the TPAA (Things producers Ass. of A.) wants to track everything, because some geeks have found a use to a connection between my pen and my fridge, because it is so easy and cheap...
1) BUT this tendency to Internet-enable everything will expand to any file on my computer. A CD has a RFID/IP to connect it to the desk, why not every of my MP3? Why a book and not on e-book ? A computer will needs millions of IP addresses.
2) Worse: we'll finish as virtual beings in the in virtual words (think Ultima Online in 2100). And we'll want everything in this world to have Internet addresses too. I'll ask my little desktop computer to create my own little Matrix, for me alone... and everything there has an address of the IPv6 space (to help me interconnect the real and the virtual world).

And if it's not enough:

3) Cyber beings (a few billions humans, much much much virtual intelligent creatures) find the world rather small for so many entities. Not enough computers on this small planet to compute all the worlds that each entity wants created for itself (and to run the compilation of the 10^15 lines of the brand new Linux 2.80.0). So the Metamegamatrix expands to Jupiter, Saturn and creates a Dyson sphere aroud the Sun, converting every joule of energy into computational power for the simulation.

And in 2203, Slashdot makes headlines on IPv9 with 2048 bits addresses.

Re:Bullshit!

[NilsK]

IPv6 is ready for prime time. People are using it (I, for example). You can buy access to IPv6-native backbones. All the major OSses support it. There is really no excuse not to be already using it.

Privately, you can use it, correct. In an commercial environment you can not really setup an IPv6-network, because there are many devices not supporting ist. At least printers are a show stopper. All those other devices (barcode-scanners, IP-Phones, cameras .. whatever speaks IP today) is part of the infrastrucure and has to be IPv6-capable to start using it.
So at first we have to get the vendors to make the devices capable of IPv6, then wait for about 5 years and then we can use it in a commercial area.

Re:Imagine the uses

[fermion]

The geeks want IPv6 because it is there. IP addresses for all, too plentiful and too cheap to meter!

The electronics manufacturers want IPv6 to boost sales. Everything having an IP address means everything will need hardware and software to support connectivity. No one will notice another $100 on a refrigerator or tv. Of course, these appliances will be network ready, and will cost another $500 to be network enabled.

The telcos are wondering why the hell they need to pay for IPv6 upgrades since they are making money selling IP addresses one at a time to the consumer. The ISPs are fighting NAT technology to drive these profits, and drive the myth of scarcity, thus increasing the profits.

The hackers are crackling wildly at the new opportunities to snoop, spy, and cause general mayhem. Everything addressable from anywhere. Denial of service attacks on the cable box. The meat industry will hack into refrigerators, check for sufficient quantities of dead animals, and, if it doesn't find it, plant child porn or terrorist plans on the computer.

The sane of us are sitting back chuckling knowing it will happen when it becomes necessary, just like the migration to 10 digit dialing and portable phone numbers.

What about the DOT.BOMB's?

[Lester67]

A few years ago I worked for a business oriented web hosting company (which also disappeared a little later in the dot.bomb crisis.)

At the time, we were trying to buy up a considerable chunk of IP addresses from another company that had already gone tits-up. Due to bankruptcy courts, etc, the sale never went through.

My question is, how many IP ranges are still out there that were purchased up, but never accounted for, or added back to the available population?

If a company did fold, but held a chunk of IP addresses, how long can they sit in limbo before they are re-released back into "the wild"?

I guess my bottom line question is: Are we really running out in 2005 due to a lack of availability, or mismanagement?