Slashdot Mirror
Dispelling the IPv4 Address Shortage Myth
Zocalo writes "While looking up some WHOIS information at RIPE just now I noticed a couple of articles about the IPv4 address space allocation status. IPv4 Address Space: October 2003 is a short summary by RIPE themselves, and IPv4 - How long have we got? is from July 2003, but has lots more detail and pretty graphs!
In short, the "Death of the Internet" due to lack of IP space is a myth, which doesn't bode well for getting IPv6 rolled out any time soon."
Class E addresses are still under the "Reserved for Future Use" mantra.
The last post possible, Please upgrade to SlashV6 to post more.
~~~
I'll take all the addresses I can :-)
If I get enough for free, we will have to use IPV6..
I think I want a screensaver where each pixel has an ip, and then we can replace X with a simple protocol just sending colors!!
I enjoyed both of the articles. The question I have is this. With the number of networks now being NATed and the such, will we ever truly need something like IPv6? It seems like whe I hear about it, the talk is always that every device will have a unique IP address. But what I see is that large deployments of devices needing IP addresses are more and more being done using 192.* or 10.* addresses. Anyone else have more insight?
Random Musings
Using redundant private address allows more than the 2^32 addresses to be created, as long as we have some "hubs" standing between each of the subnets, it's ok...
The real "problem" is that we could eventually get to some private inside private inside private network which could force consummers to pay some toll-fees to access other subnets...
Trolling using another account since 2005.
So yeah, it'll take 20 years to exhaust the space. Let's wait until 2029 to switch to IPv6.
Or instead start switching now (after all, it'll probably take atleast 10 years to get everything switched over) and not worry about IPs until we're extinct.
I thought another major pro for IPv6 was security? It has a lot more built into the protocol doesnt it?
The cost of moving to IPv6 is going to be so huge that it will remain a research project until the benefits are correspondingly irresistable.
It will almost always be cheaper to hack IPv4 than to switch to IPv6, and this will be the rule for 99% of IP users.
My prediction is that IPv6 will never come into general use, we will stick with IPv4 for at least 40-50 more years. I have absolutely no idea what will replace IPv4, something will, but it will not be IPv6.
Ceci n'est pas une signature
This message was posted on a mailing list in response to a post that claimed that IPv6 would be widespread by 2005 due to an IPv4 address shortage
NATs, unfortunately, made a need to switch over to IPv6 wholly unnecessary. Such a switchover will probably not happen for at least another ten years. Even ten years ago, we were "running out of" IPv4 space due to incredibly inefficient allocations using the "class based addressing" method - by which your network was deemed to either to likely possess 253 computers, 65,533 computers, or 16,777,213 computers. A specific network was identified by 24, 16, or 8 bits. (The more bits it takes to identify a network, the more networks can exist but at the expense of having fewer unique addresses per network.)
This was quickly determined to be an inordinate waste of addresses and as early as the early 90's folks were predicting we'd rapidly run out of addresses. So class allocations changed a little, and instead of giving an organization with 1000 computers a class B (with 65,533 useable addresses), they'd give them four class C's (with 1012 addresses). This helped stem the tide for a bit and arguably saved the Internet's ass, but it was clear that a more elegant system for identifying networks was needed.
After some backbone technology re-architecting, a new scheme called Classless Internet Domain Routing, or CIDR was introduced, which allowed bit-sized granularity, meaning that a network was identified by exactly as many bits as you needed. Your network could possess 13 computers, or 16,381 computers, and the system could deal with that efficiently. CIDR definitely also helped save the Internet's ass. But the addresses kept on coming; that dang Internet was getting popular very quickly! Pundits started talking about The Great IPv6 changeover, despite the fact that less than one person in 100 on the Internet had an IPv6-enabled operating system.
Then came NATs. While Network Address Translation had been used in many environments, it hadn't really taken off tremendously. Then Linksys released a rather affordable cute little blue box. This piece of hardware let home users plug in several computers to the blue box, configure it with a web interface, jack in their cable/DSL connection and suddenly be sharing Internet access easily with everyone in the house, using one IP address and so fooling the ISP into thinking that there was only one computer using the Internet (many ISPs either don't permit or don't have the infrastructure to give out multiple addresses to a customer). These NATs had a secondary benefit, which was that by default, all incoming connections from the outside are dropped on the floor. I'm not sure Linksys had such "firewalling" in mind when originally designing the device - it's purely a practical issue. I mean, if someone says to a NAT "here's this piece of information" - to who which of the four connected computers should the NAT send it? By default, the NAT will give up and just drop the sorry packet. This means that when you're behind a NAT, you're protected from a whole class of Internet attacks. This realization further drove adoption.
Companies with low IT budgets realized that they wouldn't have to buy extra IP addresses from their ISP (which often came at a premium) and that they could have simple firewalling without a complex configuration. Both companies and people could not see the inherent value in having each of their computers have an Internet-deliverable address, and there was real value (protection) to be had in NOT be addressable from the Internet.
This, again, saved the Internet's ass. Instead of an organization of 1000 needing a class B, wasting hundreds of thousands of IPs, or even four Class Cs, this organization now only needs a single IP address to cover all of its desktops. Now instead of thinking about IP addresses as computer addresses, they have started to become network addresses, which is to say,
La via sola al paradiso incommincia nel inferno
It was very interesting...
Daxy's Networking Blog
IPv6 also provides security infrastructure.
Imagine a world where you can trust the "from" IP address in a packet.
I thought the current issue with IPv4 was not the limited number of ip addresses, but the increased routing tables brought on by classless routing? These days, the central routers on the Internet have routing tables which are huge, which must cost someone somewhere to upgrade them.
IPv6 was supposed to deal with this issue as much as it dealt with the number of ip addresses available, in that it would revert back to a semi class based routing set, with ISPs being assigned a range of addresses.
Thats how I understood it when I asked anyhow.
The entire second article is null and void for this reason, quoted from the article:
Of course such projections are based on the underlying assumption that tomorrow will be much like today, and the visible changes that have occurred in the past will smoothly translate to continued change in the future. There are some obvious weaknesses in this assumption, and many events could disrupt this prediction.
The argument that we're going to run out of space is based on the assumption that in the (near) future MANY MANY household appliances and objects which don't currently have anything to do with the internet are going to become attached to it.
~Berj
*SPOILER*
this is a joke from the simpsons
I don't see any reason to rush to IPv6. With all the NATing going on, and all the old orgs that have way more ip space than they need, IPv4 should last a long time. By the time we need something different, who is to say that IPv6 will be the best solution.
:)
There are two groups that seem to want to push IPv6. One group is made up of tech geeks, who can't sit still and enjoy life with IPv4. The scary group are the big brothers of the world, who would like nothing more than to have individually traceable numbers to an exact device, no currency that lacks tracking and stupid colors (i.e. not green), and black boxes in vehicles supposedly for "tolls" but actually for tracking the citizenry. Oh, and the limiting of gun ownership to "militias" organized by the state. Then we can finally be just like the Soviet Union was, which is their plan anyway.
Exactly why we need Reagan back, to drive these pinkos back into their caves.
Vidar
The brains of a chicken, coupled with the claws of two eagles, may well hatch the eggs of our destruction.
Assuming a smooth continuity of growth in demand where growth rates are proportional to the size of the Internet, and assuming a continuation of the current utilization efficiency levels in the Internet, and assuming a continuing balance between public address utilization and various forms of address compression, and assuming the absence of highly disruptive events, then it would appear that the IPv4 world, in terms of address availability, could continue for another two decades or so without reaching any fixed boundary. Yeah, two decades if everyone's pacemaker isn't running Apache on a wireless connection by then.
Whatever it's other advantages, IPv6 will greatly reduce privacy. One partion of the 128 bit source will be your MAC, there for all to see and log.
Dialup and DHCP give some piercable measure of anonymity. Somebody has to approach your ISP and get the logs manually.
Let's just forego IPv6 all together and wait for IPv8 to set in.
Well, it certainly doesn't look like a myth to me, who have been involved in the process of acquiring a range of IP addresses.
(8-DCS)
NAT sucks. I want to be able to reach any computer on my LAN from the outside by its own IP address. So I hope IPv6 is implemented sooner rather than later.
But of course that won't come out of the US. The US has 70% of the IP addresses, there won't be a shortage there any time soon. Asia doesn't really have another option though. This will soon be yet another area in which the US lags behind the world.
I believe posters are recognized by their sig. So I made one.
why dont we just beat up ppl that arent using their ips, and take their ips from them?? Spammers are a good first choice...in fact we can start w/ the ppl who posted that gummie bear and yoda doll comment earlier on this topic....
I thought IPv6 was supposed to help with the large internet routing tables and help deal with some security issues. Its been awhile since I read up on this since I deal so much in IPv4 that it just hasn't been necassary for me to readup on v6 in awhile. Hmmm... Perhaps thats why we aren't going to upgrade, we're all too busy dealing with v4....
How long do we HAVE?
for IPv6
Necessity is the mother of invention, and we don't need it.
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
no seriously, if Walmart and the DoD make an effort it'll happen. (its a joke laugh) Whats more likely is that China or some other country with a highly centralized internet setup will be the first to push IPv6 all the way. Its already been done on smaller scales, so maybe someone can explain where the costs are in pushing it worldwide (besides anything hardware related)?
[Fuck Beta]
o0t!
We scrap IP totally and all band together to create a big token ring network?
That when IPV6 goes official that the gorverning body would consider handing out a block (maybe 256 addys) to every person. These are assigned permanently and can then be your phone number, personal webspace, permanent email address, etc. I think this would be really nice,
Anyone care to comment on their perceived pros and cons to this idea?
-- The morphemes of your disquisition are ascertainable, but they have eschewed an ambit of transpicuous exposition.
If ipv4 isn't broke, then there's no need to fix it with ipv6: instead, the time is used to allow ipv6 killer apps (your fridge telling your tv that you need more milk) to further mature. Like BBSes and JaNET had Internet gateways, there'll eventually be gateways between ipv4 and ipv6 Internets, and it'll suddenly be with us as if it always had been.
About then we should be discussing whether housebricks should have IP addresses to report being dug through, or whether being able to detect movement means it could detect the movement from soundwaves, people talking. I can only hope I don't have to shout into each brick the serial number from the inevitable shrinkwrap license.
Being behind behind NAT boxes has greatly reduced the public address space needed by many I'm sure, but it cripples our ability to function as equals on the net.
Just as there have been moves to allow people to retain a phone number when changing cellular carriers, Having a permanent IP (or range of IPs) could have many uses.
All willing to have IPs starting with something along the lines of a social security number please raise your left foot. All spammers wanting my IPs, raise both feet.
Can't have a 1 to 1 mapping of all domain names to unique ip's.
Imagine a world where everyone did have a homepage on a unique machine w/ no redirecting depending on the ip or hostname or other network tricks.
Nat will never solve that. It'd solve really silly things like, tracking who connects to what and how. And we wouldn't have silly kludges of solutions, like HTTP 1.1's Host: thing.
Put up a new website? Just give it another ip! And do an ip mask in apache.
-
ping -f 255.255.255.255 # if only
IPv6 will eventually be adopted, because the way IPv4 addresses are allocated, many regions of the world *do* have a shortage of addresses. In particular, Asia has a serious shortage of IPv4 addresses. In fact, I know of people who run IPv6-only machines in Japan (because there are 6to4 addresses that allow you to reach IPv4 servers with approximately the same functionality as NAT).
Moreover, as people deploy new infrastructure, they may be forced to use IPv6. For example, at some point every cell phone is going to have a routable IP address--and that is definitely going to require IPv6.
So while North American desktop machines are unlikely to be switched to IPv6 any time soon, it will happen in other parts of the world and for other types of hardware.
While NAT and CIDR made a big difference on the ability to make IPv4 address space last longer, the intrinsic use of IPSec and auto-renumbering features of IPv6 may be enough to get some moving toward it. And they are only two of the benefits.
The argument to stay on IPv4 sounds a lot like the argument to stay with SNA... We've got it, we know it, we don't know what else we need from it...
I'm ready for IPv6 when my first customer wants it. Not a day sooner, not a day later.
P.S. - LU 6.2 to IPv4 with 3172 was pre OSA. Now I can put IPv4 or IPv6 on the host.
~8^]
You are either ignorant of the plethora of IPv6 address varaitions (no, it doesn't have to include your MAC address! And even if it did- SFW?! Hey, here's the MAC of my cable modem: 000B06A75742! FIND ME.) or just trolling.
My Guess? Trolling.
Excuse me, IPv6 reducing privacy?! HAHAHAHAHAHAHA! Go learn about IPsec and IPv6 because I can't waste my time on you.
In the future, I would want to not be isolated from my friends in the Space Station.
it's a race between IPv6 and *NIX running out of timestamp room in an int... only 3227004721 seconds to go!
While we're at it, we should switch to a 5 digit date for the year. Because you know it's going to be Y2k all over again in the year 9999.
0110100100100000011000010110110100100000011000100
At a certain point in the middle of the last decade, everyone thought they would run out of IP addresses. Work was then put into routers and firewalls to bring to the masses the CIDR and NAT to stem the tide. Now on cisco routers you can do fancy port forwarding to use several servers behind one IP. All this work however could have been replaced by investing in ipv6. The fact that ipv6 is not being implemented means investment is being put into a scheme in which people will eventually run out of IP addresses, while there is a complete alternative available.
The single biggest damaging factor of ipv4 is the fact that you cant really run servers behind it. There are already ISPs in many countries that provide service from behind a NAT firewall. This kills many people's freedom of speech and the spirit of the Internet where everyone had their own servers and ran whatever they wanted.
The second damaging factor of the ipv4 is the control that IANA has. Both ICANN and IANA have been used politically and now we have many American ISPs churning out 4 IPs per person and 64 IPs per company, mostly going to waste while ISPs in some countrys like Pakistan's PakNET have 100,000 customers behind one IP none of whom can run their own servers.
ipv6 can fix all these problems in one fell swoop, simplify routing enormously and introduce IPSec and other security technologies.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
While it true that the those few articles which predicted a shortage in Asia were wrongly presented, the point is that the given the rate at which the Asian countries are growing in their requirements for IP space we will see shortage and possible poilitical fallouts. To call the shortage a myth is wrong
There are two kinds of egotists: 1) Those who admit it 2) The rest of us
I think that moving to IPv6 is really going in the wrong direction. Sure, it would be great to have an IP address available for every molecule in the universe, but the side-effect of addresses like fec0:02::0060:1dff:ff1e:26ee is not worth it. It's hard enough to remember a dozen IPv4 addresses, their associated subnet masks, and various DNS servers, gateways, etc. The answer is efficient use of the space we have. It used to be easy to get addresses; a school district I used to work for probably had 300 unused IP's...and two used ones. If we start taking back those unused addresses, we can go a lot, lot longer with the address space we have.
Why would any of the devices in my house have to have a global IP address? Why would I want someone half way around the world accessing my toaster.
This is why we have firewalls and routers. The number of IP addresses is unlimited, but the number of global IP addresses are limited.
It sounds like someone want to sell a new product.
Lies, damn lies, and statistics.
The author is looking at the rate of IPv4 address allocation, and extrapolating future growth based on the current rate. This is a severely flawed methodology, because it does not take into account efficiency of utilization.
Ten years ago, as the author notes, most networks used around 1% of their allocated IP addresses. Now, networks are expected to use over 50% of their addresses before they can receive a larger allocation. As a result, while the number of *allocated* addresses has not been growing rapidly, the number of *used* addresses certainly has.
Unfortunately, utilization efficiency is bounded -- it's hard to use more than 100% of your allocated IP addresses. As a result, the rate at which IP addresses are allocated is likely to take a sharp turn upwards, as organizations which until now have been making efficiency improvements, find that they really do need a larger address allocation.
Tarsnap: Online backups for the truly paranoid
for implementing ipv6 is not necessarily that we will run out of IPs but that IPs will become too expensive for ordinary people and small businesses. Jason
Are you intolerant of intolerant people?
Bottom line is we have some time before we run out of IP addresses for Public use. So do we need to change tomorrow? No.
But, why not be proactive. I can't tell you how many times at work being proactive has saved our butts. However, I can tell you how screwed we were when we had to "react". So why not start moving over? It can be done slowly, and not rushed.
Just my $.02
I saw an academic paper late last year stating that NAT's and finer subnetting had resulted in a reduction of nearly 30% of allocated IP addresses. That is the first time I saw the "IP shortage no longer a realistic possibility" argument.
To be clear IP shortave wasn't a myth. There was a time where even conservative projections were pointing towards a dearth of IPs. A solution needed to be implemented. IPv6 was one option, NATs and subnetting was another. The market seems to have chosen this last .
I for one welcome our MAC-tracing overlords.
I like the idea of a good NAT firewall with private addresses inside. This way you only use 1 IP on the outside.
This is a test. This is a test of the emergency sig system. This has been only a test.
Basically, the goal is to get static IPs for all your devices: you mobile phone, pocket PC, laptop, desktop--so that with your data can find you no matter where you happen to be. So we need about 5 or 6 IP addresses for each person on the planet. Given that we currently don't even have enough IP addresses for all the people in China, looks like we need to upgrade IP.
That's not to say it'll stay this way, or that I think NAT is a great thing, but as it stands NAT is optional for most people.
I for one would love to have public addresses for every machine on my LAN, and replace my NAT router with a simple, small, web-interface firewall box where I can open ports on a per-address basis (I don't think Linksys, D-Link, and the other sub $100 consumer router manufacturers make these, but they should). But in the meantime I'll make do with my SMC's finicky "Virtual Server" port forwarding features.
This myth made my ISP decide that they could no longer charge for extra ip's handed out to customers, they said they just didn't have enough. This was the only way that you were allowed to use more than one machine on the cablemodem. Now they've finally allowed using NAT ... don't wake 'm up :)
karma capped
We are talking about replacing X, remember. This is an important aspect of the grand plan.
...?
Should I apply for a patent?
Of course you should apply for a patent -- how else will you sue Microsoft for hijacking the grand plan
-kgj
-kgj
Whereas this isn't really related, I've just put up a resource for geolocation of IP's to country/city. It'd be cool if some slashdotters were to type in/select their city - only takes 10 seconds :-)
:-)
The url is hostip.info. The idea is to provide a free geolocation service that you can download the DB from. All the other ones I've found are either pay-for, limited in what you can do, or only to country-resolution. At the moment, this is just to country-resolution as well, but who knows how far it'll go
Simon.
Physicists get Hadrons!
I was working at an ISP when my favorite customer asked me, "I need 12 Class C networks for all of my virtual hosts". A few months back, he had purchased a load balancer (Alteon) that could load-balance web servers and provide a public address to the Internet for the cluster. No one would have any reason to access each individual virtual IP address on the web servers themselves, so I pulled a few address blocks out of my pocket: ...etc...
172.16.0.0
172.16.1.0
172.16.2.0
I later explained to him that they were reserved addresses that weren't routable. He thought I was a genius. I, like many other network engineers, was just doing my job. If no one has any business accessing a server or computer from the Internet, don't make it routable to the Internet.
-ez
Karma: Whore (you post anonymously when you nothing constructive to add)
I want an IP address for every memory location in each of my boxes.
-kgj
-kgj
Back in june, their IP6 plans were big news.
5 25 8&mode=thread&tid=103&tid=126&tid=95&tid=9 9
http://slashdot.org/article.pl?sid=03/10/22/175
Given their size, this will get IP6 into many parts of the USA.
I'll scream. Lets get the facts straight.
What most people think of as NAT boxes, are actually combination NAT/Firewalls. The fact that you have non-unique private IP addresses on the hosts behind it does not make anything more secure. If the NAT box is compromised, its real easy to go after the machines behind it. This is no different than having public IP addresses on the devices behind your firewall. Firewall gets compromised, same deal. Now if you have firewall configured correctly, it will block packets to the hosts behind it. With a NAT device, this is really the only mode of operation it has, short of port forwarding certain things to internal addresses.
Now, does this make sense to any of you people, or are you all slow?
Most ISPs are making good $ charging out the ass for multiple IPs.
Comcast wants something like 20 bucks extra a month for each extra IP. Folks who don't understand firewalls and routers and NATs think they need one for their Xbox, PS2, laptop, etc.. Of course, they can only claim they need to charge because of the shortage within the IPv4 addressing space.
IPv6 makes this means of income obsolete. We all know that phone, cable, and media companies absolutely HATE when an improved technology comes along and makes their business model null and void.
IPv4 is here to stay for a long while.
I don't need no instructions to know how to rock!!!!
At least know the proper NAT ranges! I've seen even professionals *extremely* misguided that 192.0.0.0/8 and 10.0.0.0/8 are the two NAT networks. They aren't, well, 10.0.0.0/8 is. Again, the private subnets are:
10.0.0.0/8
192.168.0.0/16
172.16.0.0/12
Don't use outside that range! I've seen stuff *ship* with what is obviously meant to be a private net address that was outside the range because the manufacturer didn't know the netmasks...
XML is like violence. If it doesn't solve the problem, use more.
Excellent essay.
I think there are some counterforces at work against the IPv4 inertia that we're currently experiencing. We may not run out of addresses, but you imply yourself that we're running out of useful addresses - people can't provide services off of their own computers.
I believe that for the last 2-3 years we've seen a trend by "plebians" as you accurately put it - the second-class citizens of the Internet who have asynchronous bandwidth and not much address space - to want to publish their own content. Almost every ISP now offers webspace to its customers and tools to build a website. Blogs are skyrocketing in popularity, despire the lack of many with actual entertaining content. People want to read about . . . other people like them. It's the Reality TV trend, carried over to the Internet. (Or perhaps Reality TV is the Internet trend, carried over to television, but I digress.)
Powerful open source and for-pay web tools are making it easier and easier to publish dynamic content. Soon people will discover that there are other ports than port 80, and will want to establish dynamic applications over those protocols as well. Tools will spring up to help those entrepreneurs. All these trends are going to continue; I predict we'll see an exponential growth in people using the Internet to become creators, instead of just consumers.
With these citizen-created services will come a need for the security features, never mind the address space, that IPv6 has to offer. People are already starting to realize that NATs are making it more difficult to run the publication apps that they want to run. I see "I can do that at work; why can't I do it at home?" becoming a common complaint. "I want to publish on the Internet" will be the mantra that finally kicks IPv6 into gear.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
The reason why we want more addresses isn't because we want more nodes, it's because we want simpler routing. If every single node was at a different place on earth, the routing for them all would be a mess; the way IPv4 is designed the routing tables on routers would be huge. The more open space you have between addresses, the simpler routing is. NAT is *not* a solution to IP address shortage, it is a hack. NAT does not provide true connectivity. People don't want to be on unroutable addresses, they do it because they have to. IPv6 solves a lot more problems than ip address shortage. Don't even think of posting your opinion here until you've gone through the entirety of www.6bone.net Auto address configuration, security, simpler routing. Once again, I hate most slashdot users. People who post "We're not running out of addresses, we don't need IPv6" have about the mentality of a 15 year old script kiddie. Learn what the problem means before you try to answer it.
The Internet today doesn't have a structure that reflects IP address allocation, thus requiring huge routing tables to be maintained by routers.
RFC 3587: Moreover, the allocation of IPv6 addresses is related to policy and to the stewardship of the IP address space and routing table size, which the RIRs have been managing for IPv4.
The general format for IPv6 global unicast addresses as defined in "IP Version 6 Addressing Architecture" [ARCH] is as follows:
<global routing prefix> <subnet ID> <interface ID>
where the global routing prefix is a (typically hierarchically-structured) value assigned to a site (a cluster of subnets/links), the subnet ID is an identifier of a subnet within the site, and the interface ID is as defined in section 2.5.1 of [ARCH]. The global routing prefix is designed to be structured hierarchically by the RIRs and ISPs. The subnet field is designed to be structured hierarchically by site administrators.
Not at all.
Just because you have an assigned network doesn't mean that that network (or all parts of that network) has to be connected. You could even NAT an assigned address behind a firewall if you wanted, and never put out any routing information. It would be just as secure as a non-assigned address, but very convenient in many situations.
For example, I'm setting up an ad hoc VPN right now between several companies collaborating on a project. Naturally, we are not giving access to each others LANs, but separate segments. Howver, we can't ignore the unassigned addresss used by the other partners. If he uses 192.168.100.0/24 for his LAN, I can't use it for my VLAN segment.
Another example is when companies merge. They could just plug their LANs in and know everythign would work.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
The problem with IPv4 does not seem to be the lack of address space, but that will be a telling factor when/if a switch is made.
The major problems are, as has been mentioned, its inefficiencies and its current state. Currently the IPv4 standard is a cobbled together mess. VLSMs and NATing are late additions to the game, and are merely attempts to save an old and dying hulk. The fact remains that no matter what we add to IPv4, it will always be inefficient. In IPv6, most of these methods are inherent and relatively efficient. The mere fact that they are inherent as opposed to added on makes the standard a better one than IPv4 will ever be. Heck, IPv6 even has features that IPv4 doesn't (And probably won't).
Address space, though, will play a significant part. The graphs and projections are all well and good, but I don't believe they take into account many of the factors involved. As broadband and DSL become more popular and more implemented, it is going to increase the demand for static addresses. Even though there are bad points to having a static address, there are also good points. People will want to have their own address for everything from their cell phones to their home LANs to whatever you can think of. The rush of in the early 90's is nothing compared to what's coming. We have to account for the further IPzation of all products in life, from cars to houses to coffeemakers to refrigerators. Home networks are on the spread. All these things are going to make people want more addresses, addresses that IPv4 can't provide, and even if it could, it would be inefficient, time-consuming, and slower than any thing that IPv6 would provide. This will drive a move away from IPv4. As youngsters become more and more used to the changing faces of tech, they will become more educated in its use as well. This will mean that today's techies will be tomorrow's average citizen. I, personally, don't know of any geek, techie, nerd, whatever you want to call it, who likes using a system that is old, broken, and inefficient to boot! Maybe you do, but I doubt it. These tech savvy youngsters, coupled with increasingly knowledgeable management (hey, it could happen!) would only increase the drive away from IPv4.
And finally, I think that the authors forgot to take in to account the fact that most growth in certain fields happens exponentially. Most of the technologies that will drive a move away from IPv4 are new, or not old enough to be established. As soon as they age just a bit, and the bad ones are weeded out, the growth in those fields will rise by leaps and bounds. We have seen it with television, radio, cell phones, and most especially computers. To predict an almost linear line of growth is approaching on the naive! Like I said, growth states slow and rapidly increases after it reaches critical mass.
With all that said, may IPv4 rest in peace. Long live IPv6!
When the Bell system was broken up, the phone system's allocation scheme for area codes and prefix blocks was disrupted. Phone service providers were issued blocks of 10,000 phone numbers with a given prefix, from which they allocated local customers. There was no method for reclaiming unused portions of blocks from independent phone companies. So long as one number from a block remained in use, that prefix block could not be reallocated. THAT is why we suddenly needed new area codes--not because we had run out of unused phone numbers. At the time the new area codes were issued, the actual in service phone numbers comprised less than 50% of the available pool.
So please stop telling me there is no problem. I thought the basic premise of capitalism was that a resource that is plentiful should be available for a low price?
Saying that NAT solves the problem is shortsighted. You can put many clients behind a NAT, setting up many servers is more difficult. Sooner or later, each portable phone will have an IP stack, and thus will need an address. As long as those phones are clients, NAT will do the trick, but sooner or later somebody will want to build an application where each phone is a server...
Using NAT is the same kind of kludge than using offsets for 16 bits pointers in the 8086 instead of 32 bits pointers it worked for some time, but ultimately it was not the solution.
I'm not saying I have a god given right for an IP address, but that for certain application, peer-to-peer, it will help. I will not be surprised when china or Japan has the next killer app that runs on portable phones, or lots of small computers and basically was possible because the region adopted IP6. When this happens, the same guys who are now saying the IP6 is irrelevant will bemoan the fact that this opportunity was neglected by politics.
You might argue that the problem is not the address space, but the organisation distributing them - as with food, this is true (but I did not hear Bush saying that Montesanto should stop doing better crop and improve food distribution in the world). In the end, this is a political problem - in general it is easier to solve technical problems.
I've known this for a while now. It's clear that since a lot of people are moving to NAT to try and protect themselves from viruses and worms exploiting windows vulnerabilities, as well as people sharing service from a single ISP, that IPv4 is here to stay until v6 is legislated into effect.
Fairly recently as compared to when? I remember using ftp behind NAT years ago, back in the mid-90s...and boy does that sound strange.
Anyhow, the stuff now works and is stable (and has for years), so there's no reason to whine about stability, etc. If your software doesn't work behind NAT, it's because they hired an inexperienced network guy to write the code.
Why not complain about something else, like the crappy X server stuff?
IP shortages forcing the creation of NAT actually turned out to be a good thing.
NAT has created the opportunity that most private boxes can be operated behind the integrated firewall that is normally provided by such devices. If the cable companies would provide the cable modem with NAT and modest firewalling instead of assigning public addresses to the uninformed masses, many of the recent insecurities would be *much* less critical.
In the best possible world, everyone would be running public addresses behind a properly configured firewall, with security patches addressed in a timely manner.
In the *real* world, we have unpatched machines directly accessible with little hope they will be addressed. I wish the NAT bashers would settle down. No, NAT and weak firewalls are not secure... but they are an order of magnitude better than hanging the clueless out in the wind like is currently done.
Those who moan about not being able to run the services they want should really learn about port mapping.
Of course, my cable company recently decided I can't even *send* to port 25 anymore, except for the cable company server... that has nothing to do with IP allocation or NAT. It has *everything* to do with the problem addressed above... if the company would supply a NAT box with firewalling, they could do the firewalling of 25 at the users computer, and the user could open an additional server without compromising the integrity of the Internet at large with virus laden beasts.
IP 6 will mean even more machines without even weak firewalls, meaning a more vulnerable environment for those without the clue to buy a firewall.
Sig under construction since 1998.
[/sarcasm] BTW, privacy and anonymity aren't the same thing.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Plus, it's better to get it off the ground now than wait for the numbers to run out, and if they believe that they'll run out in 2005, then it's better to be safe than sorry.
Last I heard, the big issue that was going to be the "death of IPv4" was the growth of the non-default routing table.
Almost every internet host and router has a default route pointing to their upstream. At the core of the internet are a collection of routers that do not have default routes, but instead must be able to find the next hop for *all* hosts.
Because of the haphasard allocation of IPv4 addresses, it's relatively difficult to agregate those routes, and so the routing table is very large. It takes very expensive machines to keep up.
IPv6 is not required to fix the problem, per se, but it would require a complete re-addressing of most of the existing Internet. The reason we're where we are is that when those legacy allocations were made, no one had any clue that the Internet would be as pervasive as it is. Now that we know better, we can insist on better agregation. IPv6 was designed with this in mind, but the biggest contribution will be that agregation of routes will be insisted upon from the start. That means that the non-default routing table will be vastly smaller, and the core routers will scale much better.
At the same time, it is true that we've managed to stretch IPv4's address space through abominations like NAT and name based virtual hosting. I'd hardly call that a victory.
I keep seeing articles about switching over from one addressing scheme to another. DJB rants about how it will cost trillions and trillions of dollars and everyone must one day suddenly turn off all IPv4 machines, and switch on v6 machines. His narrowminded buttheadedness is as good a reason as any to avoid his holier-than-everyone-else-ware.
.gov.us space, showing how WinXP, longhorn, and the .net infrastructure are already IPv6 enabled. By developing your products on a windoze platform, then automatically you meet one of the newest checklist items. There is no mention about how Solaris, some-but-not-all linuxes, and OS X all have IPv6 ready to go.
All modern machines are shipping with IPv6 built in, ready to turn on. Its not an exclusive switch, both stacks peacefully co-exist, and resolvers are capable of returning one preferred scheme over another.
So for the next few years we'll see more and more IPv6 enabled machines, running both v4 and v6. Until one day some marketing fscktard figures out it is THE great bullet item to differentiate his product from all the others, then there will be an avalanche of "Newest Generation Internet" products.
Microshaft is already beating the IPv6 drum to developers who want to sell into the
There is still a ways to go for other equipment manufacturers. Cisco consumer grade products can't deal with IPv6 at all, and they are digging their heels in to prevent home users to have IPv6, but with no rational explanation except it might somehow hurt their revenue. Other SOHO router products are a mixed bag, but over the next year or two it will become a mandatory feature.
There are lots of cariers in Europe now offering IPv6, and IPv6 exchange points are opening up. Some of the more progressive IXes offer it to their customers, although pricing is still very random because the traffic is too small at the moment. Within a year or two, IPv6 will just be offered along side IPv4 all over Europe, because traffic is just traffic. Then all those little islands will join up and we'll see a long period of co-existence between stodgy nostalgic backwards looking IPv4 types and businesses who need to be on the latest version of the internet.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
A lot of the reason why IPv4 won't run out is due to the fact that it's so hard to get any space. With extremely strict assignment rules, of course it will be a while before they are all used up.
Unfortunately, this just means that the ugly hack known as NAT will continue to be used, breaking many applications and protocols, not to mention external reachability of many devices. If there was reachability to all devices, the net would be a lot more useful for controlling embedded devices, but then we'd quickly use up a lot of space more quickly.
Address space is only a part of the reason to move to IPv6. There are plenty of other features which should be reason enough to move over:
- Auto address configuration
- No more LAN renumbering/resizing games
- Built in tunnelling functions for portable devices
- Simpler address hierarchy
- Address renumbering is much simpler, and will soon be do-able automatically
- Standardised IPSec functionality in all devices
IPv4 will not run out with the current allocation guidelines - but it will continue to have incredibly restricted functionality due to NAT.
Sparks:Gadget:Beer Maker
"As others have noted, the "protections" and IP multiplication benefits of NAT have had a side effect of choking information flow and flexibility."
That's the very definition of "security". You can either have open "information flow" and be at risk, or you can control information flow, and have security. And flexibility is an inverse function of security. IPv6 isn't going to change those facts, only make them finer-grained (this machine has more security than that machine, as opposed to "this group" of machines has more security than "that group" of machines).
Building out the Interstate system during Eisenhower's time, IMHO, was a big factor in cementing America's dominance - enabling faster, cheaper interstate commerce, and allowing America to be a more homogenous melting pot. It will even help the struggling IT industry, wouldn't it?
Why not do the same now? That is, build the digital highway on IPv6. Mandate that all govt agencies start using the system, juicing up the telecom industry, and taking advantage of all that dark fiber?
Wouldn't IPv6 make e-govt, web services easier among other things?
Heck, maybe, they can revamp the SMTP system too to require IPv6 usage, so that you can really track down em spammers!!!!
Well at least I have. I want to run https/ftps on several of my subdomains, but I only have one ip. I can only use https with one hostname per ip.
That's just one example. Another is sending a file or playing a game or whatever between two computer each behind a different NAT. You have to do ugly port forwarding rules that might be more or less huge ranges. People have to learn how tcp/ip works on a level completely unnecessary unless you're a techie. And god forbid you want to run two public game servers behind the same nat (many games don't let you specify port to connect to).
NAT is a necessity, not a feature. Things would be so much easier if it wasn't needed.
"NAT killed IPv6"
That's because NAT is a *better* solution than IPv6.
Now before you get your knickers in a bunch, lets take a look at the old saw of "VHS won despite Beta being better".
I'm here to tell you that this is the biggest myth in the tech community.
When VCR's first came out, people wanted them to timeshift, and to tape movies from TV. But a movie is 2 hours long. Beta was first and a compromise was to limit recording time to 90 minutes per tape.
Whoa. Big problem.
JVC sensing an opportunity made a small, but significant "improvement". They made the recording time 120 minutes. Picture quality was worse, but here the key point:
"People didn't care about the best picture, they wanted to tape movies".
Thus, the videophile saw beta was clearly better than VHS because the picture was noticably better. So VHS got a foothold.
Sony finally killed off beta by making a key mistake.... they refused to license Beta except under very stringent and costly conditions. By contrast, JVC was whoring the VHS spec out to everybody.
By this time, Sony figured out a way to get longer record times, but it was too late. The die was cast. Sony lost beta because they didn't move quickly enough on the features that people wanted, and they didn't move agressively to get licensees of their Beta technology.
This was repeated with the 8mm debacle just a few short years later.
What does thsi have to do with IPV4 vs IPV6. Only this:
While IPv6 is a technically "better" solution, it isn't solving the problem that people want, and it has a fairly high price tag to boot! So IPv6 from that standpoint is the Sony Betamax of 2003. Better, but only to the elite few.
My pet peeve is not being able to use NetMeeting without a server in the middle when both ends are behind a NAT. This happens all the time from one work place to another work place. Doesn't the same problem affect all p2p applications?
I'm not certain you understand security to begin with(1). Security has never been about absolutes, but about statistics. What are the odds of a simple consumer-level NAT box being compromised to being with? What about a NAT box in front of a business? Saying that NAT isn't security because it can statistically be compromised is silly. All security can eventually be compromised. Does that mean that it isn't security?
(1) The purpose of security is to discourage someone from doing something, and if they do pursue? To slow them down.
"magine a world where you can trust the "from" IP address in a packet."
Just so everybody knows, this is the same kind of "trust" that microsoft wants you to have with Longhorn.
Thanks, but no thanks.
Anonymity is a good thing, even if you have to put up with a bunch of crap from "the bad guys".
what you talking about my grandmamma for?! ;)
In the future, I would want to not be isolated from my friends in the Space Station.
Want to increase the demand for IPv6? Offer legal amnesty for pr0n, games and MP3 swappers. The public will want at that stuff, and push the technology to shift over.
How do you think we got here in the first place? Entertainment built the internet we know today, not technological innovation.
Ruby on Rails Screencast
His two decades will become 5-10 years easy...the reason? You cant use past data to predict what will happen, as more and more appliances (or whatever else) come out the rate at which IP space is used up will continue to grow...unless you force someone within a household to use routers for all their networking needs there is no stopping the explosion...IP space will run out well before his predictions. Even if his predictions are correct should we wait until the last minute to introduce a new format? The longer we wait the more expensive a switch will cost to everyone involved...that cost will certainly end up with the customer in the end...
"This will soon be yet another area in which the US lags behind the world."
Cell phones suck anyway. Their utility is extremely limited, and they mostly appeal to adolescents with too much money and too little sense.
Its okay to be away from the phone. Get over it already.
2003: An Address Space Odessy
I'm a good cook. I'm a fantastic eater. - Steven Brust
two decades...with lots of assumptions thrown in for good measure.
What I haven't seen mentioned here is that the number of new public IP address requests is not a constant. Sure at the current rate of consumption we may have 20+ years.
However, more and more I see new devices popping up and old devices being retrofitted (insert obligatory internet fridge/toaster comment here) and I can see the number of nedded IPs increasing exponentially. Especially as the US economy heats back up (if/when) and we all go buy our new internet enabled toys.
Couple that with migration to VoIP and other IP encroaching and the number when we run out may be more like 10 years.
At least that's always been my impression.
With IPv6 it will be very very very hard for a worm to find even one machine to spread to. On average it will have to scan at least 2^32 IP addresses, assuming that the average IPv6 network has 65000 hosts on it (10 is probably more likely) and that the worm knows enough to only scan networks that have hosts on them at all. That's like scanning the whole IPv4 Internet from a single machine -- not likely. So IPv6 should help a lot.
Finally! A year of moderation! Ready for 2019?
Unless maybe Microsoft 1) puts it on all new Windows OS and 2) DISABLES IPv4 completely. Otherwise we will stick with IPv4 for along time.
.. let's say you are the next google, amazon, ebay, etc. You want to set a web site, will you choose IPv4 or IPv6? Of *course* you will choose IPv4, because most people are using it.
.. I don't know why everybody says it's so terrible and breaks FTP .. why do I care if it breaks an obsolete protocol like FTP?? I don't even *use* FTP any more if I can help it.
Think about it.. the only way IPv6 will be "the standard" is if all your favorite sites are on IPv6 *only*.
The only way your favorite sites will be on IPv6, is when 95-100% of the client machines are on IPv6 *only*.
The key here is *ONLY* IPv6. As long as machines are on "both" networks, there is absolutely no reason for a company to use IPv6.
Now
Let's say you are an ISP customer, your ISP offers you an IPv6 address, or an IPv4 address. The IPv4 address will access all sites (because we're in the middle of the changeover, remember), and the IPv6 address will access, maybe, a handful of geeky sites.
Why would you get an IPv6 address? The big sites won't abandon IPv4, there's plenty of IPs for them, and therefore ISPs and clients won't abandon it either.
As long as you are using IPv4 in any capacity, YOU AREN'T SWITCHED OVER to IPv6. That's the key that everybody is missing..you don't get any of the IP address space benefits as long as you are still clinging to IPv4.
The other benefits of IPv6 are irrelavant, because the address space is different.
This is subtle but I believe the changeover will NEVER happen, and the BSD/Linux, etc, machines that are all rearin' to go with IPv6 will be used only for private networks (behind NAT and/or tunnel boxes, ironically).
NAT is not so bad
NAT is the right solution for IP address shortage. Instead of wasting time with IPv6, they should've been looking at lower-level NAT routing/addressing protocols that are backwards-compatible, if that's possible.
I believe ISPs should offer "budget" service which is entirely NAT'd and web/mail/IM only. That would remove HUNDREDS of THOUSANDS of addresses and make them available for re-sale.
Here is a web site and project that tracks how IPv4 addresses are allocated and misused, i.e. hijacked: http://www.completewhois.com/statistics/index.htm .
The way I read it, a huge percentage of IPv4 addresses are not even being used...
"There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence."
BTW I'm also for a huge subnet of IPV6 that translates GPS coordinates to an address (not to the LSB, so apartment, fridges, etc aren't a problem). This could aid routing, spam, etc...
I'll take all the addresses I can. Do you work at MIT?
From the article: The IANA policies for allocation of IPv4 address blocks to the RIRs are applied fairly and are based purely on the documented need for address space.
Europe has far fewer IP addresses than North American organizations, which have been assigned 74% of all current IPv4 addresses.
Both Stanford and MIT have more IP addresses than all of China.
the original parent states that this article could spell bad news for the ipv6 rollout. Yet, i see no reason why it should have any bearing on ipv6 at all. Why should the ipv6 rollout wait until we have no ip space left in 20 years. Why not switch over and let the availability of space drive innovation for new ideas to use that address space. Theres nothing saying we can't migrate to ipv7, 8, 9, 10 whatever some day later on. ipv6 should proceed at whatever rate the industry is ready for, not by when we are almost out of time. Much the same with our fossil fuel situation, IMHO.
I especially enjoyed the pie charts... Mmm.. Pie...
DOH!
I think the solution is to implement a newer IP system using NAT. Instead of moving to IPv6, why don't we simply append a few octets on the end of the IPv4 address space? These would route through the internet using the first 4 octets, and would be translated to a full address by a NAT-like device. Older hosts and networks could still use current IPv4. As infrastructure gets upgraded, instituitions would collapse thier IP allocations, the IAN would reclaim IPv4 addresses (and reassign them), and eventually the NAT devices would be redundant.
You need to upgrade something before it's broke!
As previously mentioned, IPv6 is about more than address space...
Seriously, what happens when the entire world is running IPv4 stuff (as it is now) but CAN'T live without it?
We need to do the upgrade before the cost of the upgrade becomes so high we can't support it. I say do it now, while the net is still small.
Try thinking like a virus. You don't need to scan the equivalent of the entire Internet. All you need to do is scan from the (infected?) machine you're on out to a given radius, and infect those you find. As you can see, the infection rate is exponential using divide and conqueror as a strategy. The same applies to real-life viruses and worms (remember not every "host" can be infected, but if enough do...)
Another problem that is actually more pressing has to do with the unique autonomous system number (AS) that are used in BGP (the internet's routing protocol). In the past, a network would just use an AS number from the private partition of their upstream provider, but now more and more networks are becoming multi-homed to two or more providers. Once a network is multi-homed, it then has to request its own AS number. These AS numbers are actually being depleted faster than IPv4 addresses. It has forced the BGP community to begin phasing in a larger AS number field.
Great... someone DOS'ed my monitor!
However, I strongly suspect that Crisco [sic] and other HW vendors will require your MAC to facilitate their routing. Why else is IPv6 128bit addrs? To have lots to facilitate routing!
Remember, no one gets to assign their own IPaddy. You have to use whatever your ISP gives you if you expect packets to go out, let alone return.
End-to-end connectivity is all that matters.
IPv6 partisans miss this point, so it's
important to drive it home.
-I like my women like I like my tea: green-
IP v6 is not a particularly good solution. The address fields are way too wide - and when you try to layer TCP on there, the per-packet overhead is just too big.
That, plus it doesn't seem to be backwards-compatible enough. I think a solution could be engineered whereby hosts that are really on the internet (not behind a firewall) switch to whatever new scheme is supposed to be in use, and regular client machines continue to operate behind NAT's, etc. You could unify the TCP port number and the IPv4 address into some IPv7 (or whatever) unique destination/service identifier.
Considering that there are almost no uses for IP without TCP (or UDP), not unifying those two protocols is just wasteful.
I am not in favor of IPv6 being rolled out. I think at the present time, it will amplify all the existing problems we have yet to solve.
I can appreciate the improved security and anti-spoofing provisions but the cons outweigh the pros. Most of what people are expecting to see with IPv6 will likely not be available to them. It's unlikely that broadband ISPs will give their customers more address space in order to avoid using NAT.
NATs and VPNs serve very valuable uses within a safe and secure-computing model. If more address space means less people will be using VPNs, that's a bad thing. It will result in more vulnerability of more machines and more headaches for everyone.
We also have the spamming/DOS issue, which is completely out of hand. There are measures that could be taken with the existing system which would dramatically reduce these problems. Moving to IPv6 will only make things worse until we adopt more regulation of the existing network systems.
Nowhere is this more obvious than in the area of RBLs. A move to IPv6 would largely wipe out all smtp-based anti-spam blacklisting.
If you installed Longhorn 4051 that was distributed at the MS PDC last week, you'd see that the default install includes "Microsoft IP version 6." A simple ipconfig /all will show you that there appears to be an IPv6 address bound to the NIC.
Where is got the IP from, I have no idea, though. I assume it's the equivalent of the MS 169.254.x.x null IP.
That's funny to hear that there is no 'IPv4' shortage... Certainly not for US/Europe/Asia, as those places are taking more than 95% of the IP address range.
Now, have a look in Latin America... According to RIPE itself we have about 2% of the allocated IPs.
Yet i do not need any statistics at all, in order to know the IP shortage here... Just try to set up an ISP/whatever_taking_IPs, for example, and see how "easy" (yeah, sarcasm) is to get IPs assigned to you.
...so arguably, it is already available and usable, if not used, in the US.
In short, the "Death of the Internet" due to lack of IP space is a myth, which doesn't bode well for getting IPv6 rolled out any time soon.
Perhaps, but IPv6 will make addresses cheap and plentiful. Right now I pay $10 a month for one static IP. I want there to be so many addresses available that providers start advertising "Over 60,000 static IPs free with every account!" (Or the equivalent in name-based routing or any other technology that makes it quick and easy for me to throw another box on the network and connect it to the rest of the world.)
Five percent of one year's DoD budget puts us on Mars.
Some disruptions could be found in technology evolution. An upward shift in address take up rates because of an inability of NATs to support emerging popular applications is a possibility. The use of personal mobile IP devices (such as PDAs in their various formats) using public IPv4 addresses would place a massive load on the address space, simply due to the very large volumes associated with deployment of this particular technology.
The push for IPv6 does not look as though it will come from the growth that we have seen so far. It will come from the multitude of ip consuming devices that are poised to enter the market. VoIP anyone?
Or maybe just because no one can stop thinking about what it would be like to be a young girl named Lain?
George II -- Spreading Freedom and American values, one bomb at a time.
Whoever thinks NAT will become useless when IPV6 comes about is smoking the good stuff.
I mean, if my ISP found out that I was running as many computes as I was off a single IP, don't you think they would want to charge me more money?
I could easy get an IPV4 address for all my internal boxes, but at $10 a pop, that adds up to real money.
From the article:
There is a rather unique router operated within the campus of the University of Oregon ( www.route-views.org).
"Rather unique?" There is no such thing. Uniqueness is binary: either something is unique, or it is not. There are no degrees, and there are no such things as "rather unique," "very unique" or any other qualifier.
Grumble. I wish publishers would accept copy only from people who can actually WRITE...
In times of universal deceit, telling the truth gets you modded -1 Troll
In short, the "Death of the Internet" due to lack of IP space is a myth, which doesn't bode well for getting IPv6 rolled out any time soon."
This is just one of maybe 10 nice features with IPv6. Another is native support for IPSec. And ad hoc support for all those handheld devices popping up everywhere. But sure, the address space is maybe the most important one, and the most well known. However, I'd personally really like to see IPv6 rolled out just for the non-address space related improvements.
Beware: In C++, your friends can see your privates!
I'm pretty sure that Universal Plug and Play (uPnP) provides a way for IM to negotiate through NAT. My netgear router added that to the menu in the last software upgrade.
At least my family, all on boxes behind the NAT router all seem to be able to use MS IM service. I also managed to use it from my linux workstation using KOPETE.
...is the biggest fallacy I have ever heard of, especially for people who make extensive use of them. You end up forwarding legions of ports for all the services that must be exposed to the internet, all from one ip address. This means hackers have ONE ip address that effectively has hundreds of services running on it, instead of many different computers with one or two services, which takes much longer to scan.
It is true that public ip addresses might expose all the *nix computers running sshd, and all the windows computers running smb, but that's what a firewall is for! And one has to have a firewall equivalent (i.e., a machine that all packets must route through) anyway if he's using NAT. Most NAT boxes are firewalls, too.
The only downside to public ip addresses is that it isn't strictly necessary to have a packet filtering solution to get up and running. But only a fool would set up a corporate network w/o some sort of protection.
In short, it is actually less work to configure a simple firewall which blocks everything to public ips than it is to configure a simple NAT solution which blocks everything to private ips. And once you start forwarding ports, it's actually the NAT that's less secure, because of the single point of entry. Let's not forget as well that people often "DMZ" one of their internal machines, exposing an entire machine to the outside, which again is far worse than a public, firewalled ip.
Again, public ips w/o a firewall is an even more insecure situation, but public ips aren't less secure per se. They're less secure in the hands of a fool.
-Dan
Yeah, that's it. When I can get 64k IP addresses for the same price as 4, I'll replace my entire router cabinet.
It's da cash, like the man says.
Ceci n'est pas une signature
You know the one. It says that "We don't nee IPV6 because we have NAT". It's the same kind of thinking that says that The Internet == The Web. Just because NAT solves a certain subclass of problems that are more naturally solved by extra addresses, doesn't mean that there is no need for IPV6 because there's NAT.
NAT works great for things like the web, which are initiated behind the NAT machine, and don't make any connections back through the NAT machine. But The Web != The Internet. Even FTP has problems with NAT, but at least those problems are well understood by now. When the original connection is made from the outside world, trying to contact something behind the NAT box, that's when problems start.
Some people see this difficulty in reaching the machines behind the NAT box as security. It isn't. If you have no other forms of security, it helps a little bit, but it's more like a side effect. Saying that this is security is like saying that a rusty lock is more secure than a new one because it is harder to get the key into it. A stopped analog clock isn't right twice a day, it just appears to be right twice a day, but that doesn't mean it is ever working.
If a NAT machine were replaced with a simple firewall machine with a closed-down firewall, you'd have the exact same kind of security. No packets get routed to the machines on the other side of the firewall unless the rules permit it. The only difference is that it avoids a lot of hacks. Rather than having to do "ssh -p 10322 mynatbox.mydomain.com" and having to remember that 10322 corresponds to your mail server, you can simply say "ssh mailserver.mydomain.com"
Doing away with NAT also makes true peer-to-peer networking possible. Currently it doesn't work, you need some kind of a server because you can't initiate connections from the outside world to the NATted boxes. P2P doesn't just mean swapping songs, but also networked gaming.
This is all just about routable addresses so far, but IPV6 is so much more than that. There are features of IPV6 like security that IPV4 simply doesn't offer.
So remember kids, The Web != The Internet, and NAT != IPV6, nor can NAT do everything you can do with routable addresses.
why is everyone going with the baseless assumption that the current curve will continue? What about the entire new classes of devices that are getting IPs? Even if the curve does continue, thats a relatively small piece of data to extrapolate that far from.
"(just imagine all the pain you have to go through to use your favorite P2P/game/whatever behind a NAT router)."
You forgot about UPnP.
And I believe Linux and FreeBSD can do the same.
Maybe this is one of failing of IPv4 - not the fact that we are going to run out of IP addresses, but the fact that we are starting to run out of BIG blocks of addresses. Most companies like to have their computers on a single block of addresses, makes for cleaner setups.
And honestly, who really cares about the fact that someone is planning ahead for IPv6 and IPv4 is going to last a while? I mean, maybe the sky isn't falling, this is just a way to make sure that we never get into a bind where it is. Look at the (totally bogus) Y2K bug: we THOUGHT it was a problem, and were running to the zero hour to fix it. While it ended up being a dud, if you have the foresight why wait that long?
Besides, lets say the numbers are right 2 decades for IPv4. That means at the current rate we would have 1.3 MILLION years for IPv6. Then there is no worry whatsoever. I guess the question is, what kind of adgenda would be pushed by everyone moving to IPv6?
RonB
It is human nature to take shortcuts in thinking.
The article is rubbish for several reasons.
Even on its own terms, it predicts we run out of IPv4 addresses in about 20 years. That seems like the age of the universe to the 20-something kid who wrote the article. To those of us with a little more experience, it is not a long time at all to do something as major as converting the Internet to a different addressing scheme.
But the basic assumption of the article, that the present situation is OK and the only reason to migrate is to avoid it worsening, is wrong. In many countries, the IPv4 address shortage is very severe today, not in 20 years from now. IP addresses are expensive in the countries where most people live.
Finally, NAT is not a solution, it's a workaround. Many peer-to-peer applications simply do not work behind a NAT. Sure it lets machines surf the web, send email, and use clients like ftp, telnet, and ssh, but the Internet is much more than a handful of client/server apps. NAT is strangling it.
I just ask a perfectly reasonable question. Just looking for the answer. I did find the original post funny, I just wanted to know. I wasn't in the least trying to be an ass.
What is going on here. Everybody have a bad day or something? Did somebody hit me with a Troll gun?
Grow up and learn to communicate.
+500
I am a more-or-less typical internet user. I have a cable modem from RCN for my household which happens to have 4-6 computers. Of course, right now I am using NAT. This is an incredibly lame solution for a number of reasons which have been discussed exhaustively here already.
RCN provides me with a connection, X bandwidth, and 1 IP.
My incremental cost of more IPs on the same connection and bandwidth is prohibitively high. (I would consider a penny or two per month per IP to be "reasonable" since each IP should have trivial overhead for the ISP)
Ergo, we are out of IPs already.
I'm not a smorgasbord.
I think the reasons that the ISPs screw you on the extra IPs are because they can, and, if you want more than one IP, you're probably somebody who wants more resources so it's going to cost them more.
To those who claim that companies use the private addresses not because of security considerations, but because they are short of address: I have worked for two companies (BBN and IBM) which had several A-class addresses assigned to them at some point. They have *returned* several of those A-class address, completely voluntarily back to IANA, and this is simply because they have converted their internal address structure to private addresses. The main reason? Security. That's the point 1. Point 2 is those who claim that in a future every appliance in our houses will need an IP address haven't got a clue. Most likely, there will be some proxy device, and in turn it will comunicate with house applicance via some other non-IP protocol.
Finally, from the horse' mouth so to speak. A conversation with a guy who was one of the IETF chair. Won't give up his name because he's still IETF chair but different division. What he told me is the following. The whole idea of IPv6 was originally to comfort those who claimed there woud be a shortage of IP addresses, back to the time when IP was just becoming more popular. The exact quote: " we were pushing IP, and then there were some voices saying that in a future 32-bit addressing scheme would limit the scope of IP. So we've invented 128-bit address scheme, just to got those folks shut up. But noone really considered at that time conversion from IPv4 to IPv6 would take place any time soon. If ever. The main reason is still the cost of conversion. As the time goes by, and IP keeps proliferating, Internet-wide conversion to IPv6 becomes more and more problematic. Meanwhile that dreaded address shortage is like a horizon - it just keeps moving away from us as we approach the presumed date.
The *only* (and fatal) flaw with IPv6 is lack of backward-compatibility.
And it's never, ever going to work without it...
http://cr.yp.to/djbdns/ipv6mess.html
(and he really does have the best host/domain/tld combo in existence)
I browse at +5 Flamebait- moderation for all or moderation for none.
Behold the Aurora Borealis! ;-)
Karma: It's all a bunch of tree-huggin' hippy crap!
An object can be unique in one way, or it can be unique in many ways. It can be unique in the same way that lots of other objects are unique, or it can be unique in a way that few other objects are unique. Every router is unique in at least one way, whether by IP address or location within the network. This particular router is unique in a way that is unique, which makes it "rather unique".
Grumble. I wish posters would only be pedantic about things that are CORRECT...
Politas
That's how I got my /28. I mailed my ISP and told them I needed more IPs. "Fine", they said, "pay for a business connection, tell us how many IPs you need, and pay us $100 once".
It has been more expensive than a single IP, but the IPs were available, when I needed them.
For the record, I'm in Europe, and on a 256/256 DSL, so it's not like I'm paying for a T1 or anything.
/Styx
The problem is that there isn't free IP space EVERYWHERE northern america has HEAPS of ip space but places like asia have run out maybe the USA should give away their vast IP space to us aussies and our neighbours.
Yes and nat isn't a solution either as so many people have pointed out.
bloodbob
RCN (ex-Erols), yes... even Cox Cable charges like 5 a month or so for an IP. When I was on dialup with RCN (Erols Internet), I had a static IP and it was supposed to cost 20 a year. Now, it's supply versus demand.
-- This space for lease, low setup fee, inquire within!
That was beautiful. Mr Bowie would be proud.
Having, at least a decade and a half ago, been peripherally involved with IPv6 at the spec stage, I'm not convinced it's really the answer to anything.
There are loads of things in the Internet that are "broken" in the sense that they were never designed for a global and hostile network environment and some things that are just broken (such as TCP).
IPv6 doesn't really fix any of the broken things, apart from the lack of address space. The only reason to have a larger address space is to construct a (potentially) universally connected network layer. However, without the ability to control network-layer traffic more effectively at subnetwork boundaries - and more easily-managed and stable routing - the universally-connected network isn't going to happen.
IPv6 is a solution to a problem of 20 years ago and really has no bearing on today's problems.
We already use IPv6, simply because it's more convenient. If you have multiple networks with 10.* or 192.168.* addresses, two things happen. Firstly it's very confusing, so you make mistakes and the routing stops working. Secondly you have to set up VPNs explicitly which is extra work.
With IPv6, none of this happens. All the organisations have an Internet connection, and that gives them the network part of the address. The host part of the address comes from the MAC address of the ethernet card. No room for confusion.
You might object that we had to go to the trouble of getting IPv6 Internet connections, but we didn't. IPv6 can be routed over IPv4. This means that we only need our regular Internet connections, and we don't have to run routing daemons or anything like that. The existing IPv4 infrastructure gets our packets from one site to another.
IPv6 is also much easier to configure because everything happens on the server. If a client has IPv6 enabled, all you have to do is plug it into the network and it will configure itself. Yes, in a way it's like DHCP, but the addresses don't change. This means that you can have long-lived DNS entries pointing to your boxes, that sort of thing, which you can't do easily with DHCP.
The one time I wouldn't use IPv6 is in a place with lots of old boxes that don't support it very well. But if you have modern Linux or BSD installations or Windows XP, enable it today. You won't regret it.
I'd quite like to set up a website which is only IPv6, to encourage people to upgrade (that is if I can't persuade Slashdot to drop support for legacy protocols). You only get to see the Dancing Kame if you are IPv6 enabled, but that probably isn't enough to tempt people to switch!
/.
Since CIDR (Classless InterDomain Routing) was introduced (which allowed route aggregation to function properly in the core routers) there has been no IP addressing problem.
It was never really an issue of address space after CIDR... which was introduced to fix the unscaleable explosion of memory requirements in BGP.
The concept of address class is obsolete! But then, so are Ciscos, so I'm not suprised that they are still pumping that dead horse.
Free your mind.....
--Charlie
Does IPv6 do anything to help w/ advertising routes for smaller networks?
I have an internet business that I'd like to get my own routable network for so I could have redundancy and portability. However, at least partially due to efficient design, I have fewer than 20 internet-addressable servers, so I don't qualify for my own netblock (need > 600 IIRC).
My only options are to move to a colocation facility (very far away, very expensive, overkill, and a security issue) or to try to bum a netblock off of one of my ISP's (not portable, hard to get w/ only two very-competitive ISP's in town). The root cause of this is that the big players don't want massive BGP tables, which is understandable.
As I see it, the problem isn't that I want my own net, it's that BGP/IPv4 can't handle what I want. AFAICT, IPv6 doesn't improve the situation, since the BGP tables get 4x bigger overnight. Somebody sufficiently clever could figure out a way around this problem.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
First off, you are in no way a typical user if you have 6 comuters hooked up. Second, you seem to either be missing the point of the additional cost of IP's or intentionally glossing over the main issue, which is this- you need extra routable IP's to run a server. The IP isn't what you are being charged for, it's the bandwidth usage you will incur. AOL users are NATed all to hell, they never notice because they are not serving.
Your one or two cents idea is foolish, and it porvesd that you don't understand this industry a bit. ISPs don't want you to use 100% of your vailible bandwidth 24x7. Routable IPs are for servers. Servers use the bandwidth all the time. Get it yet?
I would consult your Terms of Service and see if you are even allowed to run servers, if not you are asking for a free IP to violate your TOS. Your ISP would be brain damaged to give them to you for pennies.
Another point is this- if you claim you need these other IPs for honorable purposes, you have just illustrated WHY we are "out of IPs". Either you want them to use them a lot, thereby explaining the cost, or you want them to sit there and do nothing, whitch explains why they are so dear. People have them and do nothing with them.
NAT is the solution. IPv6 is a silly pain in the butt for the people responsible for IP infrastructure. Read the RFCs and all will become clear. There is plenty of space if you know how to configure a network. I think a case could be made that if you don't know how to configure a network you should be kept as far from potentially running a server farm as possible.
Carpe Deez
I have to apologize for all the typos in that post. I feel intense shame. My lack of proofreading is inexcusable.
Carpe Deez
First off, you are in no way a typical user if you have 6 comuters hooked up.
Perhaps I should have said "I am 3 or 4 typical users." One household, multiple people.
you need extra routable IP's to run a server. The IP isn't what you are being charged for, it's the bandwidth usage you will incur.
If by "server" you mean "something that listens and accepts connections on a well-known TCP or UDP port", then yes, I want to run servers. If by "server" you mean the more common definition, "something which serves content to other people", then no, not really. We must not give up and decide that running services (online games, ident, peer-to-peer protocols for conferencing and the like) is something to be reserved for "commercial" ISP customers. That is NOT the future.
Your one or two cents idea is foolish, and it porvesd that you don't understand this industry a bit.
I don't fault the ISP industry for charging so much; I fault the system for allowing it to be a reasonable way to do business. There is no reason more IPs = more bandwidth, and the system ought to accomodate a business model which makes it exceedingly practical to sell the two as independant variables, with "expensive" bandwidth and "cheap" IPs.
Routable IPs are for servers.
This is a really shitty attitude which serves only to defend IPv4's existence. There is no reason this condition should persist.
I'm not a smorgasbord.
Ok, explain to me in this wonderful world of free everything what your second machine with a routable IP will be doing. Do you feel a second phone number from the phone company should be 2 cents a month too?
Carpe Deez
Ok, explain to me in this wonderful world of free everything what your second machine with a routable IP will be doing.
Both computers will be simultaneously participating in the same (online game, online personal conferencing service, terminal sharing protocol, a million other things that don't matter).
Do you feel a second phone number from the phone company should be 2 cents a month too?
If you don't understand the difference between multiple phone numbers and multiple IPs you have completely missed the boat. For now, phone lines are burdened by a shitty but adequate protocol/routing system, and the internet is bound by a shitty and already inadequate IPv4 protocol. But I'll entertain your suggestion that some comparison could be made. Suppose phone numbers were allocatable independently from phone lines. Suppose that it were technically trivial to route two phone numbers over the same phone line. Suppose that there was no benefit (i.e. bandwidth of phone conversations) to having multiple phone numbers, other than that a person could call you on distinct numbers. And suppose that there was a virtually unlimited quantity of phone numbers available, as opposed to the current situation where (in the US) you get 10 digits, 3 of which are pretty sharply geographically bound, and 3 more of which are somewhat regionally bound - for example if there were, oh, I dunno, 2^128 phone numbers available in total. Then yes, I would say a reasonable cost for an additional phone number would be a few cents a month.
I'm not a smorgasbord.
Uh, I don't know where you are from, but two phone numbers on one line has been possible and indeed sold in the United States for at least 45 years. In fact, every smartass supposition you made up there is in fact 100% accurate. Your ignorance of the situation here is breathtaking. Lemme guess- you're a web designer.
Actually you were right about one thing, there are a finite amount of phone numbers. Just like IP addresses. Guess why we are running out of this massive pool of phone numbers? Because people have a cell phone, a land line, an office phone (which can use the NAT like 'extension'), a fax line, and a second line for their analog modem.
Now if those people use all of those lines at once, they should pay for all of those lines. If they don't, maybe they should quit wasting those precious phone numbers.
Maybe you should try to see what the ramifications of your argument are before making it in the first place and save me the trouble.
It boils down to this- IP's cost money. Pennies is ridculous and only shows you have no frame of reference to make these statements.
Carpe Deez
Uh, I don't know where you are from, but two phone numbers on one line has been possible and indeed sold in the United States for at least 45 years.
I am unaware of anywhere where a residential phone line consumer can request a second phone number for their residential line without buying a second line. Please provide a reference to availability and pricing of such a service.
Lemme guess- you're a web designer.
Software Engineer, sorry.
It boils down to this- IP's cost money. Pennies is ridculous and only shows you have no frame of reference to make these statements.
No shit IPs cost money - now. Please read the original comment you responded to. IPs cost money because we are already out of IPs. We are already out of IPs because we are still using IPv4. Hence the original article is a load of crap. I claim that if everyone used IPv6, ISPs would give out multiple IPs to regular users cheaply (except it wouldn't be pennies for each individual IPv6 address, it would probably be more like hundreds or thousands included in the basic cost of your service). This is because the fact of the matter is that IPs effectively cost NOTHING - as long as you're not stuck with IPv4.
I'm not a smorgasbord.
I use bittorrent in a NATted network and it does upload a lot, and counts as seed.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
You are intentionally being obtuse. The reason there is a shortage is that people like you are cavalier about addresses. IPv6 may be a good idea, I'm not debating that, but IPv4 is not only a good idea, it's the idea we all agreed to use.
As for the multiple phone number thing, have you ever heard of a party line? Here in Kentucky it's sold as ringmaster service. Two different phone numbers, one physical line.
You are a software engineer, I won't try to tell you about memory management. I am a network engineer, please don't try to school me on IP protocol.
Carpe Deez
The reason there is a shortage is that people like you are cavalier about addresses.
I hardly see how. As I originally stated: I only get one IP from my ISP. I want more for non-commercial, non-bandwidth-intensive reasons which I consider legitimate.
IPv6 may be a good idea, I'm not debating that
Then why are you, as a network engineer, defending NAT as a solution, hmm? Because I'm a non-network-person, and I want people to have more IPs, I'm an obnoxious jerk who just wants to serve warez to kiddies from my home.
I'm not a smorgasbord.
Ok, I'll explain this really slow so you can understand it.
NAT already works. You aren't really sure why you want a second IP address, you just know you want it for 3 cents a month. There is a lovely thing called PAT that would do exactly what you have demanded, but it's not a free IP so you don't want that.
IPv6 is a pain in the ass for people like me, who would have to retrofit the whole damn internet because you need a net aware toaster.
IPv4 is fine, there is no need to fix something that not only isn't broken, but isn't going to break in the near future.
You claim that IPv6 will fix your problem, but I think that problem is you think you need more routable IP addresses. You can't explain what you want them for that isn't a violation of a residential use contract. Maybe you should think about what you want before you bitch that you can't have it.
Just a thought.
Carpe Deez
I could have sworn I really did explain why I want multiple real IPs. But apparently you've already decided to ignore me. Obviously NAT "works", but it sucks. There's plenty of other comments in this discussion on the topic of NAT sucking if you don't want to believe me. Here's a nice list of things that NAT breaks which I took from the frizz's comment.
What do you care if I want my toaster to have a routable IP? The ONLY reason that's a bad idea is that IPv4 has created a scarcity of IPs. You just don't want to have your life inconvenienced by the transition to IPv6. Your argument is completely circular and pointless. And so we get stupid articles like this one by people like you who claim that we're not out of IP addresses and IPv4 isn't broken. The fact of the matter is that IPv4 is adequate to do a bunch of stuff and it's inadequate for a lot of other stuff. A lot of that other stuff is totally valid and your repeated presumption that it's all illegal or otherwise against my residential use contract isn't going to make it go away. Is it essential? Probably not - but how essential it is that everyone have cheap IPs is not in any way a function of the laziness of the network engineer who has to implement the protocol to support it. So let's not pretend that migrating to IPv6 is "pointless" because we won't "need" it for 20 years. Let's migrate as soon as we practically can and stop coming up with stupid excuses not to.
I'm not a smorgasbord.
Ok, let's assume that you are right here. What happens when we are out of IPv6 addresses? IPv8? What about a plan to conserve IP addresses? Would that be such a horrible problem for you?
Better yet, how about you convert everything to Novell or Appletalk?
Carpe Deez
3*10^38 ought to be enough IPs for everybody. =)
Seriously, that's enough IPs so that everybody on Earth can have their own unique set of IP addresses for each square nanometer on the surface of Earth. 128-bits is probably more than enough address space to handle everything that humans will ever want to address precisely. Unless we start giving out /32s to individual ISPs, we're not going to have a problem.
When IPv6 is found to be obsolete, it will not be because we've run out of addresses and are resorting to NAT to distribute them. It will probably be because we want more features out of IP unrelated to address space.
I'm not a smorgasbord.
Time will tell. Let's rekindle this in five years.
Carpe Deez
My bittorrent uplaod speeds are aproximately 2/3 my download speeds, which seems reasonable.
;-)
I'm not quite sure why I always seem to be able to do the things that "you can't do" behind NAT.
Perhaps my configuration is wrong.
Read, L