Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dispelling the IPv4 Address Shortage Myth

Posted by ryuzaki0 on from the put-on-your-debating-hat dept.

Zocalo writes "While looking up some WHOIS information at RIPE just now I noticed a couple of articles about the IPv4 address space allocation status. IPv4 Address Space: October 2003 is a short summary by RIPE themselves, and IPv4 - How long have we got? is from July 2003, but has lots more detail and pretty graphs! In short, the "Death of the Internet" due to lack of IP space is a myth, which doesn't bode well for getting IPv6 rolled out any time soon."

8 of 505 comments (clear)

  1. Re:If it isn't broken... by leerpm · · Score: 3, Informative

    The US military is moving to solely IPv6 by the end of the decade. The rest of the US government will probably be not too far behind. IPv6 is happening right now, and will replace IPv4.

  2. Re:Good articles by CausticWindow · · Score: 5, Informative

    There is more to IPv6 than a larger address space. The address space issue is just what is commonly pushed, since it's something that's easily grasped even by non-techies.

    The true benefits of IPv6 are things like; improved routing, multicasting scope, greater flexibility in what packets contain, flow labeling, privacy and authentication.

    Especially flow labeling will be important if the net is going to be a source of media. Streams could get a higher priority, so low latency and glitch free audio and video can be possible. Makes me wonder if this couldn't be abused though.

    --
    How small a thought it takes to fill a whole life
  3. Re:Good articles by leerpm · · Score: 3, Informative

    NAT does nothing that any decent real router/gateway cannot do as well. You install a router at the entrance to your network. It hands out REAL IP adresses to your hosts, and you put rules in your router that say 'drop TCP/UDP packets that are heading for port 1024', excluding those hosts that you want to run web/email/SSH on, etc.

  4. Couterexamples by hey! · · Score: 3, Informative
    Nonsense, I think most of us do it because it makes good sense. You don't want your local network having a public IP address, even if you do have a firewall and the best IDP system available. Why create the risk?

    Not at all.

    Just because you have an assigned network doesn't mean that that network (or all parts of that network) has to be connected. You could even NAT an assigned address behind a firewall if you wanted, and never put out any routing information. It would be just as secure as a non-assigned address, but very convenient in many situations.

    For example, I'm setting up an ad hoc VPN right now between several companies collaborating on a project. Naturally, we are not giving access to each others LANs, but separate segments. Howver, we can't ignore the unassigned addresss used by the other partners. If he uses 192.168.100.0/24 for his LAN, I can't use it for my VLAN segment.


    Another example is when companies merge. They could just plug their LANs in and know everythign would work.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  5. Shortage of area codes teaches a lesson by UpLock · · Score: 3, Informative

    When the Bell system was broken up, the phone system's allocation scheme for area codes and prefix blocks was disrupted. Phone service providers were issued blocks of 10,000 phone numbers with a given prefix, from which they allocated local customers. There was no method for reclaiming unused portions of blocks from independent phone companies. So long as one number from a block remained in use, that prefix block could not be reallocated. THAT is why we suddenly needed new area codes--not because we had run out of unused phone numbers. At the time the new area codes were issued, the actual in service phone numbers comprised less than 50% of the available pool.

  6. Re:Good articles by Minna+Kirai · · Score: 5, Informative

    wouldn't you have to run some sort of firewall on each individual machine, rather than just the gateway/router?

    No. The questions of whether computers on a LAN have their own IP addresses and whether they are firewalled by a dedicated box are independent. Even if each machine has an IP address by which it is publically addressable, you can still have a system which protects it by blocking known-dangerous ports.

    The advantage of a situation like that, for instance, would be that you could have the firewall block file-sharing/RPC ports, while still allowing port 80 inbound so the individual machines can run webservers. With a NAT, only one local system could have a webserver, and you'd have to configure which one got it on the firewall.

  7. Re:Good articles by E-Rock · · Score: 3, Informative

    Not exactly. If you have a professional grade NAT device you can bind multiple real IPs to the router and then forward internally based on port and IP. So if you have x.x.x.1 and x.x.x.2 bound to your NAT, you can point x.x.x.1:80 to 192.168.0.1 and x.x.x.2:80 to 192.168.0.2. Just like with a firewall and real IPs.

  8. Re:just remember by JWSmythe · · Score: 4, Informative

    I finally took the CCNA class. Been working with the Cisco hardware for years, but finally took a class. I couldn't get the routers to assign class E addresses.

    But, for those that don't know, the CCNA book says:

    Class A 0.0.0.0 to 127.255.255.255
    Class B 128.0.0.0 to 191.255.255.255
    Class C 192.0.0.0 to 223.255.255.255
    Class D 224.0.0.0 to 239.255.255.255
    Class E 240.0.0.0 to 255.255.255.255

    Class D are multi-cast, which I don't believe very many people use..

    Class E are "Scientific Purposes" or "Research".

    I was running a little personal project a while back, to try to find logical distances from various points (places I had access to machines) to other places, and try to map them, to determine if there were more advantagous places to put servers, or redirect customers on particular networks to particular servers.

    A whole bunch of those first /8's don't have anything in them, or at least nothing reachable by a couple different methods. My tests weren't completely exhaustive. I didn't try every port on every IP. I just did a sampling of IP's for a few different ports and packet types. So, there are a whole lot of unused IP's out on the Internet.. Looking at the logs of some of our sites, with over 1 million uniques/day, you can see where the IP's are clumped up, and huge gaps in the usages.

    Of course, if I was the network god of 3.0.0.0/8 (General Electric), and I was only using say 100,000 IP's, they'd be hard pressed to make me give up any part of that, especially in knowing that they've had that block since the first days of the Internet. Whois says they registered 3.0.0.0/8 in 1988. I definately wouldn't want to be the admin that had to change 50,000 IP's.

    I guess it does help with the old estimates, that people are using NAT more frequently. The stories I heard years ago said we would have run out long before Y2k, but since people run NAT's at home and many offices. Nextel has assigned IP's to every phone (ahhh, the wonders of the Internet), but they're all 10.0.0.0/8 .

    For example, on my phone, I select

    Menu -> More -> My Info -> Carrier IP

    And it shows me 10.154.85.xxx

    Using a Nextel im1100, I also get assigned an IP in the 10.0.0.0/8 network.

    For those that don't know, 10.0.0.0/8 is a private network. You can use it any way you'd like, but it's completely useless to you on the Internet unless there's a NAT or something between you and the rest of the Internet.

    --
    Serious? Seriousness is well above my pay grade.