Slashdot Mirror
The exhaustion of IPv4 address space
FireFury03 writes "Cisco has an interesting article talking about estimates for the exhaustion of the IPv4 address space, and the inevitable move to IPv6. It predicts that the IPv4 address space will be exhausted in 2 - 10 years and suggests that it isn't worth trying to reclaim old allocations. With the mainstream use of IPv6 now potentially within the ROI period of many products the manufacturers need to start including support, but will the ISPs roll out native IPv6 networks before they absolutely have to? IMHO, ISPs providing native IPv6 support would be a Good Thing since it opens up the door for peer-to-peer technologies such as SIP without needing nasty NAT traversal hacks, but a major stumbling block seems to be a complete lack of IPv6 support on current consumer-grade DSL routers (tunneling over IPv4 is an option but requires more technical know-how from the end user)." Of course, Cisco may have some vested interest in driving up the IPv6-compatible router sales *cough*, but the bottom line is that the transition will have to happen at some point in the near future.
Most of the major ISPs have already rolled support for IPv6. They started the rollout about five years ago when the lack of IP address began to be a problem. I know for a fact that Sprint is ready to roll it, they are just waiting for other networks to support it. T-Mobile is also ready to roll it as is AOL. It's not really a big deal. It's already been done. Everyone is just waiting to push the big red button and turn on the support. Hell, even Windows supports it.
"and suggests that it isn't worth trying to reclaim old allocations."
Isn't worth it to whom?
"Draco dormiens nunquam titillandus."
I've been looking forward to a time when everyone gets at least one fixed IP address. Want to run a server of any sort? No? How about a mail server built in to your cable modem? Or do you like your email getting stored at your ISP? Then there are any number of handy p2p type apps that will benefit. VOIP comes to mind - without needing to subscribe to a directory service. Fire up gnome-meeting or whatever and enter your friends IP (well the software could remember it for you) - the same IP they have every time. Actually, fixed IPs for everyone reduces the role of the ISP to simply being a network connection like they should be. Also, it takes effort from developers to get software working through NAT, so the burden on them should be reduced.
I have worked in the internet service business for over a decade now. I have seen a lot of things come and go, and a lot of predictions about when we would run out of IP space.
The bottom line is that the only people who realy WANT a rollout of IPv6 is Cisco. Why? Because the vast majority of their existing installed routers will not support IPv6 with anywhere near the same feature set and packet rate as those routers can handle with IPv4. Thus, IPv6 means people upgrading equipment that isn't really deficient.
Most people have no concept of:
a) How much IP space we have left.
b) How extremely inefficent we have been with a large percentage of the address space.
c) How much assigned, announced, and routed space is completely unused.
d) How much the rate of growth has flattened.
e) How wrong every prediction about when we run out of IP space has been thus far.
If you search the nanog archives, you'll see posts by myself going back many years stating essentially "Somebody tell me why we need IPv6 again?"
Do not hold your breath. We're 10-15 years away from IPv6, because it will take an even larger gross expenditure for the service providers to upgrade to support IPv6 than it did for the broadcast industry to upgrade to HDTV.
This is what industries that rely on revenue growth do when their customer growth flattens. They invent a new widget, come up with reasons why everybody needs it, market it, and hopefully everybody buys the product all over again. IPv6 is admittedly a good bit different; it was created by geeks in attempt to solve a perceived problem. However, it was siezed upon by the router vendors as a future "upgrade when growth flattens" path.
Don't buy into the hype. IPv4 is here to stay for a long time. Even when IPv6 starts to have some decent degree of market penetration, you will always find most of the devices on the net are IPv4 behind IPv6 to IPv4 NATs.
I don't think that IPv6 will see the end of NAT at all. NAT is a very quick and covenient technique for consumer DSL routers to use.
/28), even with the increased address space. And even when you do have multiple addresses allocated, what about the users that have one more machine than usable addresses? Small company networks etc? Now matter how many addressed IPv6 supplies, we will run out eventually, and much sooner than we expect.
For a start, a lot of ISPs only offer one address, partly to encourage people to buy more expensive packages with multiple addresses, and NAT transparently solves that issue.
There is no reason to assume that increased avilability of addresses will cause ISPs to offer more addresses to consumers - after all if they anticipate 100,000 single PC broadband connections, they are going to find it hard to get approval for 800,000 addresses (to allow a
Also low end ADSL connections often force NAT upon a user, allowing the vendor to create a differentiator between it's commercial and domestic offerings.
In the end NAT offers security, independence of allocated IP space to available addresses, simplified network management with an excellent delineation point between vendor and consumer (the ISP dosen't have to worry about what is inside the end user network), and a reasonable form of security. It's great for a small internet connected network.
I know that Azeurus happily opens up a few ports on my router every time that I start it up. Whether this is a good idea security wise is another story...
NAT is not a security tool.
NAT is not a security tool.
NAT is not a security tool.
Network Address Translation was never intended to function as a firewall or a packet filter, it was designed exclusively to allow multiple computers to share the same IP at once. That's it.
The fact that NAT has some side effects which are similar to a firewall has been a big problem for network security, because it leads users and even administrators to believe that their network does not need a firewall because they use a NAT system.
We are finally, after many years, starting to see real firewall use become commonplace, and a XP even has an automatic software firewall now, but if it hadn't been for NAT, I bet people would've been implementing real, security-focused firewalls a lot earlier.
Actually, NAT is better because it provides address space isolation. If your organisation has 500 computers that all have a public IP address, it is harder for you to switch providers (500 IPs is too small to get your own address space for). When you switch your provider, you have to renumber all hosts, fix config files, fix DNS servers etc -- a royal pain in the ass. A NAT allows your to keep your internal structure exactly the same while you switch providers. That address isolation is very important for small-mid sized companies.
... and each site advertising its own address space is expensive for the ISP's because they cannot perform route aggregation (since your address space may not line up with the address space of each ISP). NAT solves this by having each site be NAT'ed behind that ISP's IP address (convinient for the ISP, cheaper for the company). The internal company network runs in the private space and when traffic crosses to the public internet, it gets an IP from the ISP it came out of ... consequently replies come back in through the ISP. Read: If you send a packet out of India, the response won't come back inthrough America ... which would otherwise require you to then forward it to India through your company's routers.
Second, NAT helps multihomed corporations. For large companies, your 10k hosts are going to be distributed over many states/countries/ISPs
It is this address isolation and multihoming support that drives NAT use in small and large companies. Address space depletion has nothing to do with it. IPv6 does not fix these problems; companies will continue using NATs because NATs do.
NAT and firewalls (FW) are 2 separate things, as you can have NAT without a FW, and you can have a FW without NAT. Now, NAT, by its nature, inherently has some features in common with FWs, such as that it effectively hides ports unless they're mapped.
A second item is that moving to IPv6 will not necessarily remove NAT or the current 1 router many PCs setup so many of us have. ISPs in general have charged per IP connection/computer, considering each IP a separate computer. Do you honestly think that will change with IPv6? That ISPs are going to be nice and just let you wire up however many systems you want to their network?
I don't think they'd give up that type of revenue stream. (Besides, think of the security nightmare of locking down and managing security for all those items, like your refrigerator! You'd want some sort of appliance FW/NAT box, both to secure you and keep you from paying extra each month. The latter would be the selling point for most normal users.)
The cesspool just got a check and balance.