The exhaustion of IPv4 address space

FireFury03 writes "Cisco has an interesting article talking about estimates for the exhaustion of the IPv4 address space, and the inevitable move to IPv6. It predicts that the IPv4 address space will be exhausted in 2 - 10 years and suggests that it isn't worth trying to reclaim old allocations. With the mainstream use of IPv6 now potentially within the ROI period of many products the manufacturers need to start including support, but will the ISPs roll out native IPv6 networks before they absolutely have to? IMHO, ISPs providing native IPv6 support would be a Good Thing since it opens up the door for peer-to-peer technologies such as SIP without needing nasty NAT traversal hacks, but a major stumbling block seems to be a complete lack of IPv6 support on current consumer-grade DSL routers (tunneling over IPv4 is an option but requires more technical know-how from the end user)." Of course, Cisco may have some vested interest in driving up the IPv6-compatible router sales *cough*, but the bottom line is that the transition will have to happen at some point in the near future.

My cold, dead hands

[BJZQ8]

Until I absolutely HAVE to switch to IPV6, I will keep my much easier-to-remember addresses. Try to remember something like these:

fe80::02d0:c1ff:fe5c:0010/10

2002:c0a8:1122::5efe:0a01:0101/48

2001:7f8:2:c01f::2

I mean, DNS goes a long way towards turning that hex into something memorable, but as a sysadmin it does NOT make my life easier. Let's reclaim some of those /8 blocks allocated to people that barely use them, first. Does E.I duPont REALLY need 0.39% of the internet address space? Does Eli Lily? That is 16777216 addresses, for what? Does Eli Lily even have 16 million adressable devices? It seems to me that we have plenty of IPV4's, it's just the allocation stinks.

Re:Is NAT Better?

[fyonn]

I remember reading a while ago that NAT actually turned out to be better than IPv6 by virtue of it "solving" the limited number of addresses problem and simultaneously providing a defence against simple hacking attempts by hiding your real IP address.

well, it's not "better" as such, just a different solution. NAT is not a golden bullet though. Yes, it does, by and large prevent random machines on the internet directly contacting your unpatched windows desktop at home, but a firewall will do that too, and virtually every dsl router has a firewall these days too. I would like to see home dsl routers supporting native ipv6 but I don't know of any.

I think that ipv6 is a good thing to go for, but it's not finished (but then, is ipv4? :). there's lots of advertised features for ipv6 (mandatory encryption, mobile ip etc) that are good on paper, but aren't all that in the real world.

Mandatory support for ipsec is great.. except how many of us would use it? as there is currently no support for mndatory ipsec encryption to unknown strangers. you've got to be pre-configured for crypto. I'd like to see something like ssh. if you know the key then great, if you don't then you can accept and save one and then while you may not have verified the destination, you're at least protected on the wire. yes, they also need to sort out authentication and perhaps some form of certificate distribution, but lets make a start on something useable.

mobile IP. sounds great! I can be using my ipv6 pda via my mobile phone and as I walk into my house, it picks up my wireless net and my downloads speed up instantly, all the while not dropping the voip call I'm making. or I'm using a laptop on the train and as it flits from hotspot to hotspot I don't lose any of my connections. sounds great! how does it work? you tell me, details are not easy to find. ots of talk, few working implementations (if I'm wrong, please tell me, I'm genuinely very interested).

working with networks as part of my job, I know how useful and really annoying NAT can be, and I really think it should be an option, not a requirement. I'd love to see ipv6 rolled out and see what changes it brings, but I also think it needs a fair amount of work still.

dave

Re:Is NAT Better?

[FireFury03]

I remember reading a while ago that NAT actually turned out to be better than IPv6 by virtue of it "solving" the limited number of addresses problem and simultaneously providing a defence against simple hacking attempts by hiding your real IP address.

NAT in itself doesn't provide any extra security - the connection tracking needed by NAT is what provides the security (and you can do this equally well without using NAT). I wrote an article on this subject a while back.

Whiles NAT does to some extent "solve" the limited number of addresses problem, it also creates many more problems. The Internet was designed to be peer to peer but NAT turns it into a client/server model. Whilest client/server works fine for "traditional" applications such as web surfing, it's a major stumbling block for peer to peer services such as VoIP, which have to employ various hacks to trick NATs into letting the peer-to-peer traffic through (with varying degrees of success). The likes of Skype are designed to hijack the connections of random Skype users who don't have NAT and use them to route traffic between peers who do have NAT when the NAT traversal hacks fail.