Slashdot Mirror
Dispelling the IPv4 Address Shortage Myth
Zocalo writes "While looking up some WHOIS information at RIPE just now I noticed a couple of articles about the IPv4 address space allocation status. IPv4 Address Space: October 2003 is a short summary by RIPE themselves, and IPv4 - How long have we got? is from July 2003, but has lots more detail and pretty graphs!
In short, the "Death of the Internet" due to lack of IP space is a myth, which doesn't bode well for getting IPv6 rolled out any time soon."
The last post possible, Please upgrade to SlashV6 to post more.
I'll take all the addresses I can :-)
If I get enough for free, we will have to use IPV6..
I think I want a screensaver where each pixel has an ip, and then we can replace X with a simple protocol just sending colors!!
I enjoyed both of the articles. The question I have is this. With the number of networks now being NATed and the such, will we ever truly need something like IPv6? It seems like whe I hear about it, the talk is always that every device will have a unique IP address. But what I see is that large deployments of devices needing IP addresses are more and more being done using 192.* or 10.* addresses. Anyone else have more insight?
Random Musings
So yeah, it'll take 20 years to exhaust the space. Let's wait until 2029 to switch to IPv6.
Or instead start switching now (after all, it'll probably take atleast 10 years to get everything switched over) and not worry about IPs until we're extinct.
The cost of moving to IPv6 is going to be so huge that it will remain a research project until the benefits are correspondingly irresistable.
It will almost always be cheaper to hack IPv4 than to switch to IPv6, and this will be the rule for 99% of IP users.
My prediction is that IPv6 will never come into general use, we will stick with IPv4 for at least 40-50 more years. I have absolutely no idea what will replace IPv4, something will, but it will not be IPv6.
Ceci n'est pas une signature
This message was posted on a mailing list in response to a post that claimed that IPv6 would be widespread by 2005 due to an IPv4 address shortage
NATs, unfortunately, made a need to switch over to IPv6 wholly unnecessary. Such a switchover will probably not happen for at least another ten years. Even ten years ago, we were "running out of" IPv4 space due to incredibly inefficient allocations using the "class based addressing" method - by which your network was deemed to either to likely possess 253 computers, 65,533 computers, or 16,777,213 computers. A specific network was identified by 24, 16, or 8 bits. (The more bits it takes to identify a network, the more networks can exist but at the expense of having fewer unique addresses per network.)
This was quickly determined to be an inordinate waste of addresses and as early as the early 90's folks were predicting we'd rapidly run out of addresses. So class allocations changed a little, and instead of giving an organization with 1000 computers a class B (with 65,533 useable addresses), they'd give them four class C's (with 1012 addresses). This helped stem the tide for a bit and arguably saved the Internet's ass, but it was clear that a more elegant system for identifying networks was needed.
After some backbone technology re-architecting, a new scheme called Classless Internet Domain Routing, or CIDR was introduced, which allowed bit-sized granularity, meaning that a network was identified by exactly as many bits as you needed. Your network could possess 13 computers, or 16,381 computers, and the system could deal with that efficiently. CIDR definitely also helped save the Internet's ass. But the addresses kept on coming; that dang Internet was getting popular very quickly! Pundits started talking about The Great IPv6 changeover, despite the fact that less than one person in 100 on the Internet had an IPv6-enabled operating system.
Then came NATs. While Network Address Translation had been used in many environments, it hadn't really taken off tremendously. Then Linksys released a rather affordable cute little blue box. This piece of hardware let home users plug in several computers to the blue box, configure it with a web interface, jack in their cable/DSL connection and suddenly be sharing Internet access easily with everyone in the house, using one IP address and so fooling the ISP into thinking that there was only one computer using the Internet (many ISPs either don't permit or don't have the infrastructure to give out multiple addresses to a customer). These NATs had a secondary benefit, which was that by default, all incoming connections from the outside are dropped on the floor. I'm not sure Linksys had such "firewalling" in mind when originally designing the device - it's purely a practical issue. I mean, if someone says to a NAT "here's this piece of information" - to who which of the four connected computers should the NAT send it? By default, the NAT will give up and just drop the sorry packet. This means that when you're behind a NAT, you're protected from a whole class of Internet attacks. This realization further drove adoption.
Companies with low IT budgets realized that they wouldn't have to buy extra IP addresses from their ISP (which often came at a premium) and that they could have simple firewalling without a complex configuration. Both companies and people could not see the inherent value in having each of their computers have an Internet-deliverable address, and there was real value (protection) to be had in NOT be addressable from the Internet.
This, again, saved the Internet's ass. Instead of an organization of 1000 needing a class B, wasting hundreds of thousands of IPs, or even four Class Cs, this organization now only needs a single IP address to cover all of its desktops. Now instead of thinking about IP addresses as computer addresses, they have started to become network addresses, which is to say,
La via sola al paradiso incommincia nel inferno
IPv6 also provides security infrastructure.
Imagine a world where you can trust the "from" IP address in a packet.
I thought the current issue with IPv4 was not the limited number of ip addresses, but the increased routing tables brought on by classless routing? These days, the central routers on the Internet have routing tables which are huge, which must cost someone somewhere to upgrade them.
IPv6 was supposed to deal with this issue as much as it dealt with the number of ip addresses available, in that it would revert back to a semi class based routing set, with ISPs being assigned a range of addresses.
Thats how I understood it when I asked anyhow.
IPv6 will eventually be adopted, because the way IPv4 addresses are allocated, many regions of the world *do* have a shortage of addresses. In particular, Asia has a serious shortage of IPv4 addresses. In fact, I know of people who run IPv6-only machines in Japan (because there are 6to4 addresses that allow you to reach IPv4 servers with approximately the same functionality as NAT).
Moreover, as people deploy new infrastructure, they may be forced to use IPv6. For example, at some point every cell phone is going to have a routable IP address--and that is definitely going to require IPv6.
So while North American desktop machines are unlikely to be switched to IPv6 any time soon, it will happen in other parts of the world and for other types of hardware.
While we're at it, we should switch to a 5 digit date for the year. Because you know it's going to be Y2k all over again in the year 9999.
0110100100100000011000010110110100100000011000100
At a certain point in the middle of the last decade, everyone thought they would run out of IP addresses. Work was then put into routers and firewalls to bring to the masses the CIDR and NAT to stem the tide. Now on cisco routers you can do fancy port forwarding to use several servers behind one IP. All this work however could have been replaced by investing in ipv6. The fact that ipv6 is not being implemented means investment is being put into a scheme in which people will eventually run out of IP addresses, while there is a complete alternative available.
The single biggest damaging factor of ipv4 is the fact that you cant really run servers behind it. There are already ISPs in many countries that provide service from behind a NAT firewall. This kills many people's freedom of speech and the spirit of the Internet where everyone had their own servers and ran whatever they wanted.
The second damaging factor of the ipv4 is the control that IANA has. Both ICANN and IANA have been used politically and now we have many American ISPs churning out 4 IPs per person and 64 IPs per company, mostly going to waste while ISPs in some countrys like Pakistan's PakNET have 100,000 customers behind one IP none of whom can run their own servers.
ipv6 can fix all these problems in one fell swoop, simplify routing enormously and introduce IPSec and other security technologies.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
I saw an academic paper late last year stating that NAT's and finer subnetting had resulted in a reduction of nearly 30% of allocated IP addresses. That is the first time I saw the "IP shortage no longer a realistic possibility" argument.
To be clear IP shortave wasn't a myth. There was a time where even conservative projections were pointing towards a dearth of IPs. A solution needed to be implemented. IPv6 was one option, NATs and subnetting was another. The market seems to have chosen this last .
Not at all.
Just because you have an assigned network doesn't mean that that network (or all parts of that network) has to be connected. You could even NAT an assigned address behind a firewall if you wanted, and never put out any routing information. It would be just as secure as a non-assigned address, but very convenient in many situations.
For example, I'm setting up an ad hoc VPN right now between several companies collaborating on a project. Naturally, we are not giving access to each others LANs, but separate segments. Howver, we can't ignore the unassigned addresss used by the other partners. If he uses 192.168.100.0/24 for his LAN, I can't use it for my VLAN segment.
Another example is when companies merge. They could just plug their LANs in and know everythign would work.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
When the Bell system was broken up, the phone system's allocation scheme for area codes and prefix blocks was disrupted. Phone service providers were issued blocks of 10,000 phone numbers with a given prefix, from which they allocated local customers. There was no method for reclaiming unused portions of blocks from independent phone companies. So long as one number from a block remained in use, that prefix block could not be reallocated. THAT is why we suddenly needed new area codes--not because we had run out of unused phone numbers. At the time the new area codes were issued, the actual in service phone numbers comprised less than 50% of the available pool.
Fairly recently as compared to when? I remember using ftp behind NAT years ago, back in the mid-90s...and boy does that sound strange.
Anyhow, the stuff now works and is stable (and has for years), so there's no reason to whine about stability, etc. If your software doesn't work behind NAT, it's because they hired an inexperienced network guy to write the code.
Why not complain about something else, like the crappy X server stuff?
I finally took the CCNA class. Been working with the Cisco hardware for years, but finally took a class. I couldn't get the routers to assign class E addresses.
/8's don't have anything in them, or at least nothing reachable by a couple different methods. My tests weren't completely exhaustive. I didn't try every port on every IP. I just did a sampling of IP's for a few different ports and packet types. So, there are a whole lot of unused IP's out on the Internet.. Looking at the logs of some of our sites, with over 1 million uniques/day, you can see where the IP's are clumped up, and huge gaps in the usages.
.
But, for those that don't know, the CCNA book says:
Class A 0.0.0.0 to 127.255.255.255
Class B 128.0.0.0 to 191.255.255.255
Class C 192.0.0.0 to 223.255.255.255
Class D 224.0.0.0 to 239.255.255.255
Class E 240.0.0.0 to 255.255.255.255
Class D are multi-cast, which I don't believe very many people use..
Class E are "Scientific Purposes" or "Research".
I was running a little personal project a while back, to try to find logical distances from various points (places I had access to machines) to other places, and try to map them, to determine if there were more advantagous places to put servers, or redirect customers on particular networks to particular servers.
A whole bunch of those first
Of course, if I was the network god of 3.0.0.0/8 (General Electric), and I was only using say 100,000 IP's, they'd be hard pressed to make me give up any part of that, especially in knowing that they've had that block since the first days of the Internet. Whois says they registered 3.0.0.0/8 in 1988. I definately wouldn't want to be the admin that had to change 50,000 IP's.
I guess it does help with the old estimates, that people are using NAT more frequently. The stories I heard years ago said we would have run out long before Y2k, but since people run NAT's at home and many offices. Nextel has assigned IP's to every phone (ahhh, the wonders of the Internet), but they're all 10.0.0.0/8
For example, on my phone, I select
Menu -> More -> My Info -> Carrier IP
And it shows me 10.154.85.xxx
Using a Nextel im1100, I also get assigned an IP in the 10.0.0.0/8 network.
For those that don't know, 10.0.0.0/8 is a private network. You can use it any way you'd like, but it's completely useless to you on the Internet unless there's a NAT or something between you and the rest of the Internet.
Serious? Seriousness is well above my pay grade.
You know the one. It says that "We don't nee IPV6 because we have NAT". It's the same kind of thinking that says that The Internet == The Web. Just because NAT solves a certain subclass of problems that are more naturally solved by extra addresses, doesn't mean that there is no need for IPV6 because there's NAT.
NAT works great for things like the web, which are initiated behind the NAT machine, and don't make any connections back through the NAT machine. But The Web != The Internet. Even FTP has problems with NAT, but at least those problems are well understood by now. When the original connection is made from the outside world, trying to contact something behind the NAT box, that's when problems start.
Some people see this difficulty in reaching the machines behind the NAT box as security. It isn't. If you have no other forms of security, it helps a little bit, but it's more like a side effect. Saying that this is security is like saying that a rusty lock is more secure than a new one because it is harder to get the key into it. A stopped analog clock isn't right twice a day, it just appears to be right twice a day, but that doesn't mean it is ever working.
If a NAT machine were replaced with a simple firewall machine with a closed-down firewall, you'd have the exact same kind of security. No packets get routed to the machines on the other side of the firewall unless the rules permit it. The only difference is that it avoids a lot of hacks. Rather than having to do "ssh -p 10322 mynatbox.mydomain.com" and having to remember that 10322 corresponds to your mail server, you can simply say "ssh mailserver.mydomain.com"
Doing away with NAT also makes true peer-to-peer networking possible. Currently it doesn't work, you need some kind of a server because you can't initiate connections from the outside world to the NATted boxes. P2P doesn't just mean swapping songs, but also networked gaming.
This is all just about routable addresses so far, but IPV6 is so much more than that. There are features of IPV6 like security that IPV4 simply doesn't offer.
So remember kids, The Web != The Internet, and NAT != IPV6, nor can NAT do everything you can do with routable addresses.
The article is rubbish for several reasons.
Even on its own terms, it predicts we run out of IPv4 addresses in about 20 years. That seems like the age of the universe to the 20-something kid who wrote the article. To those of us with a little more experience, it is not a long time at all to do something as major as converting the Internet to a different addressing scheme.
But the basic assumption of the article, that the present situation is OK and the only reason to migrate is to avoid it worsening, is wrong. In many countries, the IPv4 address shortage is very severe today, not in 20 years from now. IP addresses are expensive in the countries where most people live.
Finally, NAT is not a solution, it's a workaround. Many peer-to-peer applications simply do not work behind a NAT. Sure it lets machines surf the web, send email, and use clients like ftp, telnet, and ssh, but the Internet is much more than a handful of client/server apps. NAT is strangling it.
The *only* (and fatal) flaw with IPv6 is lack of backward-compatibility.
And it's never, ever going to work without it...
http://cr.yp.to/djbdns/ipv6mess.html
(and he really does have the best host/domain/tld combo in existence)
I browse at +5 Flamebait- moderation for all or moderation for none.