Dispelling the IPv4 Address Shortage Myth

Zocalo writes "While looking up some WHOIS information at RIPE just now I noticed a couple of articles about the IPv4 address space allocation status. IPv4 Address Space: October 2003 is a short summary by RIPE themselves, and IPv4 - How long have we got? is from July 2003, but has lots more detail and pretty graphs! In short, the "Death of the Internet" due to lack of IP space is a myth, which doesn't bode well for getting IPv6 rolled out any time soon."

Re:Good articles

[CausticWindow]

There is more to IPv6 than a larger address space. The address space issue is just what is commonly pushed, since it's something that's easily grasped even by non-techies.

The true benefits of IPv6 are things like; improved routing, multicasting scope, greater flexibility in what packets contain, flow labeling, privacy and authentication.

Especially flow labeling will be important if the net is going to be a source of media. Streams could get a higher priority, so low latency and glitch free audio and video can be possible. Makes me wonder if this couldn't be abused though.

Re:Good articles

[Minna+Kirai]

wouldn't you have to run some sort of firewall on each individual machine, rather than just the gateway/router?

No. The questions of whether computers on a LAN have their own IP addresses and whether they are firewalled by a dedicated box are independent. Even if each machine has an IP address by which it is publically addressable, you can still have a system which protects it by blocking known-dangerous ports.

The advantage of a situation like that, for instance, would be that you could have the firewall block file-sharing/RPC ports, while still allowing port 80 inbound so the individual machines can run webservers. With a NAT, only one local system could have a webserver, and you'd have to configure which one got it on the firewall.

Re:just remember

[JWSmythe]

I finally took the CCNA class. Been working with the Cisco hardware for years, but finally took a class. I couldn't get the routers to assign class E addresses.

But, for those that don't know, the CCNA book says:

Class A 0.0.0.0 to 127.255.255.255
Class B 128.0.0.0 to 191.255.255.255
Class C 192.0.0.0 to 223.255.255.255
Class D 224.0.0.0 to 239.255.255.255
Class E 240.0.0.0 to 255.255.255.255

Class D are multi-cast, which I don't believe very many people use..

Class E are "Scientific Purposes" or "Research".

I was running a little personal project a while back, to try to find logical distances from various points (places I had access to machines) to other places, and try to map them, to determine if there were more advantagous places to put servers, or redirect customers on particular networks to particular servers.

A whole bunch of those first /8's don't have anything in them, or at least nothing reachable by a couple different methods. My tests weren't completely exhaustive. I didn't try every port on every IP. I just did a sampling of IP's for a few different ports and packet types. So, there are a whole lot of unused IP's out on the Internet.. Looking at the logs of some of our sites, with over 1 million uniques/day, you can see where the IP's are clumped up, and huge gaps in the usages.

Of course, if I was the network god of 3.0.0.0/8 (General Electric), and I was only using say 100,000 IP's, they'd be hard pressed to make me give up any part of that, especially in knowing that they've had that block since the first days of the Internet. Whois says they registered 3.0.0.0/8 in 1988. I definately wouldn't want to be the admin that had to change 50,000 IP's.

I guess it does help with the old estimates, that people are using NAT more frequently. The stories I heard years ago said we would have run out long before Y2k, but since people run NAT's at home and many offices. Nextel has assigned IP's to every phone (ahhh, the wonders of the Internet), but they're all 10.0.0.0/8 .

For example, on my phone, I select

Menu -> More -> My Info -> Carrier IP

And it shows me 10.154.85.xxx

Using a Nextel im1100, I also get assigned an IP in the 10.0.0.0/8 network.

For those that don't know, 10.0.0.0/8 is a private network. You can use it any way you'd like, but it's completely useless to you on the Internet unless there's a NAT or something between you and the rest of the Internet.