IPv4 Address Crunch In 2 Years, IPv6 Not Ready

An anonymous reader writes "We've known for ages that IPv4 was going to run out of addresses — now, it's happening. IPv6 was going to save us — it isn't. The upcoming crisis will hit, perhaps as soon as 2010, but nobody can agree on what to do. The three options are all pretty scary. This article covers the background, and links to a presentation by Randy Bush (PDF) that shows the reality of the problem in stark detail."

Well duh

[n3tcat]

It's not hard to figure out why we haven't solved this problem. It costs MORE to fix it now than it does to wait.

So just wait until it costs more to live with IPv4 than to migrate to new systems. Then EVERYONE will be working on a solution.

Re:Well duh

[John3]

It's not hard to figure out why we haven't solved this problem. It costs MORE to fix it now than it does to wait.

So just wait until it costs more to live with IPv4 than to migrate to new systems. Then EVERYONE will be working on a solution. This is true of technology in general. Government and industry debate global warming and peak oil but do very little to actually address the issue since it costs so much to implement solutions. The IPv4 issue is daunting to be sure, so it's no surprise that IPv6 progressed so slowly. I did a quick search back to 2000 on Google News and industry and tech journals were shouting warnings even back then. So eight years later there is no solution.

The problem will be fixed when the p0rn sites can't get new IP addresses. The adult entertainment industry has driven many of the Internet and web innovations in the past (streaming video, credit card processing) and they'll likely lead us into a bright new future of unlimited Internet addresses. :)

Re:Well duh

[eln]

The problem is that Y2K was handled so well, and as a result the consequences of it were so ridiculously minor, that most people in the general public feel that it was all overblown hype. Yes, there was a lot of hype, but the fact is a lot of programmers worked a long time to make sure things that needed to be fixed got fixed.

However, since most people feel that Y2K was overblown and the money spent on it was wasted, they're unlikely to take seriously any new "crisis" in IT, and will simply refuse to spend any money on it.

Re:Well duh

[orzetto]

This is true of technology in general. Government and industry debate global warming and peak oil but do very little to actually address the issue since it costs so much to implement solutions.

Society is not an amorphous blob with a clear will and an appreciation of its own good. Society is made up by people, and what the decision makers think is "good" is not necessarily good for society; both because the decision makers might be wrong, and because their own interests may be different from those of society (you don't get to be president because you're Joe Average from Missouri).

In the case of Ipv4, as in the one of energy, the interest of society is to fix the problem. The interest of the decision makers, however, is not to fix it, because they are now sitting on a critical asset that is always in demand and that is getting increasingly scarce, and therefore more expensive. The near-disaster scenario is in their interest, because that way they will maximise their returns. It's like the owner of an oasis in the Sahara: rain and rivers would be bad for business, drought is more people depending on you.

I would expect China or India to come up with a solution first: they don't have many IP addresses to begin with, they have growing economies that will sooner or later require more IP addresses, and they have the means to kickstart a major project.

Re:Well duh

[SnarfQuest]

What would happen if we all decided not to curb our oil consumption habits until we either ran completely out of oil reserves.

I remember when I was younger, we were down to 10 years of oil underground. This was some twenty years ago. We did a few minor changes, slight improvement in gas mileage, but not much. We also greatly increased the number of cars on the road. Too bad for you youngsters, you now have only 10 years of oil left underground.

Re:Well duh

So just wait until it costs more to live with the levies breaking in New Orleans and rebuilding the city than to actually build a new levy system. Then EVERYONE will be working on a solution.

The obvious difference being that nobody drowns if I am unable to reserve an IP block for a few servers. Or do they?!?

(No. No, they do not.)

Re:Well duh

[samkass]

I remember when I was younger, we were down to 10 years of oil underground.

It all comes down to yours sources. 20 years ago, they were still finding more oil each year than was being consumed, so the "10 years left" folks weren't the responsible people. The opposite is true now. 20 years ago it wasn't economically feasible to pump the sludge out of Canada's shale, but now it is. It wasn't economically feasible to put a platform in the middle of the Gulf of Mexico and drill a mile down, but now it is. But all those sources are limited, as well. We have a much more accurate picture of how big the problem is now than we did 20 years ago.

Re:Well duh

[anticypher]

There are no 10 year old backbone routers still in service on any backbone. Anywhere.

Growth of the IPv4 routing table has left all them obsolete. Big routers from 10 years ago have all been migrated towards the edge, where they no longer fulfill a backbone role. Or they've been scrapped for being too costly, slow, power hungry and un-upgradable to modern interfaces.

For all that old kit that tosses IPv6 traffic to the CPU to be routed, it will still be usable for the next few years until IPv6 traffic starts to become more prevalent. By then, the current IPv6 backbone kit will have been migrated out from the core towards the edges. There is no problem with old kit, at least at the routing and switching level.

All the major backbone router manufacturers have included IPv6 natively for at least the last 3 to 6 years. Any internet company that has done a major upgrade to deal with ever increasing traffic levels and customer demands now have IPv6 capable hardware in service in the backbone. Some manufacturers may still charge more to turn the capability on. The ones that don't are seeing increasing sales because all their major clients don't like have a tiered system of features, where the only set with all the needed features is the most expensive one.

the AC

Re:Well duh

[Bert64]

Really they need to take back the large ipblocks that were allocated to companies years ago, but which aren't even being used . Ford has a /8 ipblock (16777216 addresses) that they use internally and dont route to the internet, why cant they use 10.0.0.0/8 internally like everyone else?

Re:Well duh

[SanityInAnarchy]

The problem is, the cost may not be measured in dollars.

Right now, although my ISP only gives me one IP address per subscription, I control it. I can run a private web server, mailserver, etc. I can basically run a website on $10/year (the cost of registering a domain) unless I suddenly get popular. ($30/year if I pay for an SSL cert.)

If we stick with IPv4, this will no longer be possible. IPv6 would bring plenty of improvements on the current scheme, but sticking with IPv4 till it runs out means more NAT, and at the ISP level. And that means a higher barrier of entry to being a web server. It means the Myspaces and Livejournals of the world get to control everything anyone wants to publish.

This is not a cost that we can measure in dollars, though. It's a cost to society.

Re:Well duh

[ArsonSmith]

Yea, it's always cheaper to rip out a century old established economy and replace it with a completely new untested one.

Re:Well duh

[The_Quinn]

There is no "interest of society". Society as such does not have interests. Only individual people have interests. If you try to claim that it is in the interest of every single person in society that IPv4 be upgraded to IPv6, then, frankly, you watch too much Looney-Tunes.

Re:Well duh

[anticypher]

True I've never worked for UUNET, but given their reputation I could believe they still have cisco 7500s in their core. And I wouldn't count UUNETs carrier core as an ISP.

Around here most of the core kit installed in Tier-1 and Tier-2 backbones is Juniper M and T series, Cisco 3700, 12000 and CRS-1, Nortel optical DWDM carrier components, and Foundry MLX and XMR series. There is now starting to be more Alcatel-Lucent and Huawei kit seen in lower cost areas.

I never said that core kit was entirely replaced every few years, but as the core components get upgraded, the lesser capable machines get pushed out towards edge functions. Top of the line kit from 2000 just isn't going to be able to handle today's routing tables, MPLS functions, or new 10G, 40G or OC768 interfaces. But that older kit will do fine feeding less demanding clients.

Migration of old kit is a constant, slow and absolutely necessary function in any well managed carrier network. There are also buy-back programs from the big manufacturers, and plenty of reselling of older machines to finance purchase of new kit. I can believe what you have seen in Tier-3 ISPs with a few hundred or few thousand customers could be a decade old, but that's not what I consider backbone.

the AC

Re:Well duh

[foxylad]

Go and Google "the tragedy of the commons", then tell me society has no interests.

Tell MIT and IBM

To hand over the bazillion address they have lock away. Problem solved for a few more years.

Re:Tell MIT and IBM

[hool5400]

If they consider these addresses to be an asset that other people want, then there is going to be lawyers and dollars involved.

Will get solved when needed to be solved

[Danathar]

People will move and applications will get ported to IPv6, but only when they HAVE To move to IPv6 OR when there is some benefit that outweighs the cost.

Simple.

Re:Why should most people (including 'nerds') care

[anticypher]

Why? Your money is why.

If you want to continue to use an IPv4 address from your upstream ISP, you currently pay about US$10 per month for that address, more if you want a nice static address to run services on.

After 2012, or if one of the hair-brained free-market schemes to buy & sell netblocks comes into effect, the price your ISP has to pay for an IP address goes from ZERO to $10 or $20 per month per address. Currently, with a freely available pool of IP addresses, there was minimal cost associated with obtaining a netblock, just some administrative overhead to ask, and some technical cost to program the routers. ISPs discovered that they could charge US$30/month to a user, of which $10/month covers bandwidth, $10/month for the connection, and the remaining $10/month is the pure profit from renting you an individually addressable IP address.

When the crunch hits, IPv4 addresses will be accounted differently, no longer will they be seen as a free resource that earns $10/month, they'll be seen as a cost center that needs to have a margin associated with it. So if the company has to start paying even $1/month per address, they'll pass that cost on to the end users as a higher monthly fee.

In the end, those who don't have an IPv6 service with a migration strategy will see their internet connectivity increase in price. Maybe only a little in 2010, more in 2012, and if there isn't a mass migration to v6, significant costs after that. You, and every consumer, better hope that ISPs and hosting centers get a migration strategy in place soon, or your costs are going to skyrocket.

That was costs from the consumer PoV.

From the techie PoV, imagine what will happen to your router FIBs if some of those nicely aggregated /8s and /16s de-aggregate into 100s of thousands of individual prefixes. Is there any Cisco router right now that can handle a BGP IPv4 routing table of 2 million entries? Are you willing to scrap your entire Border Router investment in 2010 when the routing table grows from 300,000 routes to 750,000 routes? Do you know what the cost of a Cisco CRS-1 is, even if you can find one used?

the AC

Re:Is this REALLY a problem?

[totally+bogus+dude]

Sure, but that's because you control the NAT and can forward ports, so you can still accept incoming connections. If your public IP address (i.e. what other torrent clients will try to connect to) is controlled by your ISP, you're going to have a hard time getting them to forward the ports you need to you. In fact, they would have a hard time providing this service in a usable and cost-effective manner, even if they wanted to.

Also, there's a good chance OpenBSD + PF is more accommodating of various protocols than an ISP's oversubscribed NAT gateway is likely to be. Even if they do their best, it can still get in the way. For example most gateways can handle FTP by watching for "PORT" or "PASV" messages and dynamically opening/forwarding the requested port (or rewriting it to use the port it wants), but this doesn't work if your FTP session is encrypted.

Finally, a lot of the ISPs seem to be actively discouraging P2P, and will simply use "no more IP addresses" as an excuse to slap in NAT gateways that restrict people to web and email. If you want "raw internet", then you'll have to pay.

With any luck there'll still be enough competition in the ISP space in 2010 to push the rollout of IPv6 onwards. A lot of the big ISPs will probably resist it, as a) it would cost a lot to upgrade and re-engineer their infrastructure to support it and b) they can make lots of money by charging a massive premium for routeable IPs. Not to mention that the media cartels will probably have convinced most people and politicians that the only reason one would want "raw internet access" is for piracy, child porn, and terrorism.

Re:Is this REALLY a problem?

[johannesg]

NAT is a really, really bad solution. It creates two classes of internet user: those that may run servers, and those that may not; a second-rank type of internet citizen, so to speak.

Do you really want to live in world where you can only connect to the servers of your corporate overlords? Wasn't the internet supposed to be offering equal opportunity for everyone?

Re:Is this REALLY a problem?

[$pace6host]

Really, I bet there are huge tracts of IP real estate that would function just as well on NATted private networks. I work at a place that owns lots of IP networks, and 1) we're not allowed to run our own web servers, or any other kind of servers for that matter, and 2) all our outbound traffic is through corporate control points and filtered anyway. Still, the PC on my desk at the office has a public IP address. Do I NEED a public IP address? No. Not really. Most of my traffic is to internal company data anyway (share drives, internal sharepoint intraet collaboration site, outlook servers, inward facing development servers, etc.) The rest is already going through proxy servers. You couldn't get any packets direct to me, either, the routers on the edge of our network filter practically all inbound traffic out. I, and most of my collegues, are wasting our public addresses. I'd bet it's the same in a lot of places. Corporate security policies essentially ensure that the majority of cubicle workers can't possibly make use of any of the "benefits" a publicly routable IP address would actually have, but every PC (and telephone and printer) has one.

I'm not saying NAT is the best solution, or even the right long term solution, just that I think it could be used (fairly successfully) in many more places while we get our collective asses in gear and go IPv6.

p2p

[upside]

I foresee a - perhaps shortlived - opening for lots of filesharing.

Re:FUD

[Divebus]

First, pull the plug on all those AdSense garbage and "Domain Parking" sites. That'll free up a bunch.

What's wrong with this plan?

[argent]

The logical way to go would have been to switch to IPv6 for everything in the core of the internet, working out to the edges, so that IPv4 was routed over an IPv6 network, without requiring anyone at the end points to change... IPv4 packets would be turned into IPv6 packets in the IPv4 subset of the IPv6 address space when they left the IPv4 endpoints, and then turned back to IPv4 if the destination didn't support IPv6. To access IPv6 resources you'd need a gateway that did both DNS and NATting, so your IPv4 lookup for an A record would be handled as a lookup for an AAAA record, and then a private IPv4 address would be assigned to that IPv6 address for you, and a fake A record comes back.

For many purposes proxy gateways would work just fine, with increasingly many programs supporting HTTP proxies for connectivity.

Why didn't this happen?

Re:What's wrong with this plan?

[argent]

Unfortunately the IPv4 address space isn't embedded in the IPv6 address space in the way that you suggest.

I thought there was a chunk of IPv6 address space allocated to IPv4 addresses.

[...]

Ok, so, according to DJB this address space (RFC 2893) could be used for this purpose, but the folks responsible for implementing IPv6 have said that this shouldn't be done.

So I guess that gets back to my original question, why wasn't this done? There's technical support for it in the standard, they just say you're not supposed to do it? Why the hell not? What is the motivation for the bizarre behavior that DJB is complaining about in that article.

Re:Is this REALLY a problem?

[vidarh]

You could, but in that case you'd need your ISP to run application level proxies for the protocols for which it'd be doable. For HTTP it is (starting with HTTP/1.1, since their proxy could use the Host: header to decided where to forward) but it'd require them to run extra hardware and you to tell them which domain names you'll be serving).

That said, an alternative that is definitively possible is for ISP's to start NAT'ing everyone by default and handing out public addresses only to customers who ask. Most people would never know the difference, and frankly for many of them it'd improve security (slightly, at least).

Another alternative is for them to give out v6 addresses, hand out routers with dual stacks to their customers and do NAT style translation to public IPv4 space combined with giving v4 addresses to customers that ask.

I depend on having a public IP, but if my ISP put something like either of those two alternatives in place I'd be perfectly happy with it. Even if they'd charge me a nominal amount.

And that might be a good idea for IP space in general: Charge a small fee per usable IPv4 address allocated from the RIR's. If you pay say $1 per IP address it doesn't matter much for a small business, but it will make a difference to the people holding on to huge chunks of IPv4 space where most of it either is unused or could be switched to local NAT'd addresses. Allocate the funds raised to IPv6 transition projects that anyone can apply for if they give up a certain percentage of their IPv4 space.

Re:Not compatible, not happening

[IkeTo]

> ... it'll be IPv6 or nothing.

The problem is that this is simply not true. Most people can continue with IPv4 under NAT until the first IPv6 big site arrives. But, nobody's going to be that first guy.

Good target: the client side

[Random+BedHead+Ed]

No one wants to run a publicly available site on an IPv6 address, as that would create problems, but the client side is easy to convert, as long is there is incentive. Few customers of major consumer ISPs need real IPv4 addresses, so most ISPs can run their networks on IPv6 and require their customers to have IPv6 enabled (XP, Vista, OS X and Linux can all do this). This would free a lot of IP addresses.

Clearly the market is not embracing this solution, partly because they don't want to force their customers into a transition, but also partly because the market is based upon the cost of procurement, rather than on future availability. Procurement has been cheap up until now. It's the same reason that gas is only about $3.00 a gallon (yes, I said only), despite the anticipated future scarcity. So there are three options:

• Regulate by incentive. Give tax breaks for ISPs that meet a goal (for example, roll out 100% IPv6 networks in urban areas).
• Regulate by disincentive. Set a mid-2009 deadline for the above and penalties for failure to meet the goals.
• Let the market decide. ISPs will willingly shift address space for IPv4 away from consumers who don't need IPv4 addresses, if there's a crisis. So we wait for a crisis to present itself, and IPv6 will start to appear. This is risky though, as TFA points out that (1) this will hit the developing world first, and (2) the crisis will seriously affect innovation in the short term, even if we solve it in the longer term.

It would also be nice to see some financially independent and influential non-profit organizations make the switch, like major Ivy League universities. They're the ones who should really be leading this because they don't have the profit motive that makes businesses shy away from what appears to be a set of risky changes.

Re:And?

[Frank+T.+Lofaro+Jr.]

Anybody can use Linux for routing, or if they need something better, they use Cisco.

Both support IPv6.

When IPv4 runs critically short of addresses, give people a NAT'd IPv4 address and a real IPv6 address.

They can switch to IPv6 if they want/need to, and they won't have a leg to stand on if they don't like it.

Yes, FUD

[Russ+Nelson]

There are plenty of IPv4 addresses to go around. It's just that they're literally priceless. With no price for an IP address or the routing that goes with it, there's no market. So surprise surprise, there's a shortage!

Why don't people listen to us economists when we tell you how to solve your problems? There's plenty of evidence for what happens when you DON'T listen to us.

Re:Is this REALLY a problem?

[canuck57]

NAT is a really, really bad solution. It creates two classes of internet user: those that may run servers, and those that may not; a second-rank type of internet citizen, so to speak.

This already exists, I have to pay $20 extra for my 2 statics. And looking at my firewall logs, NAT for your average user is not a bad idea. Don't worry, P2P will find a way to deal with it. But does offer the ISP ways of cutting down abuse from careless PC Internet users.

But do also agree with the flip side, I am sure ISPs will find a way to screw customers.

Re:FUD

[toadlife]

"At least NAT forces organizations to manage their internal address space and keeps some of the routing burden off our backbone. It also provides some extra security by keeping all those soft targets (client workstations) off the big bad Internet, even when people make a mess of their firewall."

NAT is a causes more headaches than it solves. For corporate clients that you don't want on the internet, firewalls which are no less complicated to configure than any NAT setup, can be used. It would takes less configuration and less processing power to do plain SPI with public addresses than do NAT + SPI.

Now think about that fact that IPV6 bumps up the address space 2^96 times. Imagine the burden that will place on routing tables.

Current routing hardware can handle it just fine.

Without very careful consideration IPV6 could knock the Internet back a decade

You speak as if that would be a bad thing. A decade ago, the internet was made up of peers. Today it's come to the point where a select few actually participate and the rest are only allowed to consume. Everyone being able to participate in the internet again would indeed set the internet back a decade.

Re:Is this REALLY a problem?

[gnuman99]

NAT is *the* *wrong* solution.

Public IP addresses make it simple to have *proper* routing tables.

There is also the ability to track users easily. Imagine you have one of your computers compromised. The computer is then used to control another box that controls another one that drives some botnet. If you have a NAT, the 3rd party that discovered their box compromised will trace it back to ... your NAT! And the NAT is not tracked 99% of the time. So, the compromised box on your site cannot be easily discovered without packet sniffing.

Or an employee is involved in something illegal. The 3rd party produces their logs that list your NAT as the source of the problem. Which computer was used in that activity? You are stuck with tracing the stuff though screen loggers and other invasive BS just because NAT has to exist.

NAT is the wrong solution because of liability. NAT is wrong solution from routing point of view. NAT is wrong solution from technical point of view. IPv4 would have been replaced years ago if it wasn't or stupid NAT gateways everyone has now. Yeah, these will be obsolete with IPv6.

When I left school I thought NAT was the greatest thing in the world aside from sliced bread. Then real world experience forces you to realize that maybe the university usage of public IP on its internal network wasn't such a stupid thing after all. Public IP should be assigned to ALL devices, and then you can use a statefull firewall to protect these assets. Private IP networks should NEVER be connected to public IP networks - let's hope that dies with IPv4. The sooner the better.

Re:FUD

[tyler_larson]

That'll free up a bunch.

First of all, break up the "LEGACY" Class-A allocations. http://www.iana.org/assignments/ipv4-address-space. That'll free up a bunch.

All of the following companies have a full 16.7 Million addresses assigned to them. Level 3 might use theirs, (they actually have 2 blocks), but Halliburton? DEC? Amateur Radio Digital Communications? Do they all really need more than 16 million IP addresses?

This short list accounts for 654 million IP addresses -- over 15% of the address space.

003/8 General Electric Company
004/8 Level 3 Communications, Inc.
006/8 Army Information Systems Center
008/8 Level 3 Communications, Inc.
009/8 IBM
011/8 DoD Intel Information Systems
012/8 AT&T Bell Laboratories
013/8 Xerox Corporation
015/8 Hewlett-Packard Company
016/8 Digital Equipment Corporation
017/8 Apple Computer Inc.
018/8 MIT
019/8 Ford Motor Company
020/8 Computer Sciences Corporation
021/8 DDN-RVN
022/8 Defense Information Systems Agency
025/8 UK Ministry of Defence
026/8 Defense Information Systems Agency
028/8 DSI-North
029/8 Defense Information Systems Agency
030/8 Defense Information Systems Agency
032/8 AT&T Global Network Services
033/8 DLA Systems Automation Center
034/8 Halliburton Company
035/8 MERIT Computer Network
038/8 Performance Systems International
040/8 Eli Lily & Company
043/8 Japan Inet
044/8 Amateur Radio Digital Communications
045/8 Interop Show Network
047/8 Bell-Northern Research
048/8 Prudential Securities Inc.
051/8 Deparment of Social Security of UK
052/8 E.I. duPont de Nemours and Co., Inc.
053/8 Cap Debis CCS
054/8 Merck and Co., Inc.
055/8 DoD Network Information Center
056/8 US Postal Service
057/8 SITA

Re:Is this REALLY a problem?

[r_cerq]

Who modded this "Insightful"? You CAN forward ports to multiple servers, easily. There's plenty of equipment to do that.

Any half-decent load-balancer is minimally L7-aware, to the point of being able to send specific hostnames in HTTP requests to specific servers (or server groups). The ones I primarily use go to the point of allowing me to distribute traffic based on arbitrary headers, cookies, URIs, you name it. Plenty of sites and distinct server farms behind a single public IP address.