IPv4 Address Crunch In 2 Years, IPv6 Not Ready

An anonymous reader writes "We've known for ages that IPv4 was going to run out of addresses — now, it's happening. IPv6 was going to save us — it isn't. The upcoming crisis will hit, perhaps as soon as 2010, but nobody can agree on what to do. The three options are all pretty scary. This article covers the background, and links to a presentation by Randy Bush (PDF) that shows the reality of the problem in stark detail."

Well duh

[n3tcat]

It's not hard to figure out why we haven't solved this problem. It costs MORE to fix it now than it does to wait.

So just wait until it costs more to live with IPv4 than to migrate to new systems. Then EVERYONE will be working on a solution.

Re:Well duh

[John3]

It's not hard to figure out why we haven't solved this problem. It costs MORE to fix it now than it does to wait.

So just wait until it costs more to live with IPv4 than to migrate to new systems. Then EVERYONE will be working on a solution. This is true of technology in general. Government and industry debate global warming and peak oil but do very little to actually address the issue since it costs so much to implement solutions. The IPv4 issue is daunting to be sure, so it's no surprise that IPv6 progressed so slowly. I did a quick search back to 2000 on Google News and industry and tech journals were shouting warnings even back then. So eight years later there is no solution.

The problem will be fixed when the p0rn sites can't get new IP addresses. The adult entertainment industry has driven many of the Internet and web innovations in the past (streaming video, credit card processing) and they'll likely lead us into a bright new future of unlimited Internet addresses. :)

Re:Well duh

[eln]

The problem is that Y2K was handled so well, and as a result the consequences of it were so ridiculously minor, that most people in the general public feel that it was all overblown hype. Yes, there was a lot of hype, but the fact is a lot of programmers worked a long time to make sure things that needed to be fixed got fixed.

However, since most people feel that Y2K was overblown and the money spent on it was wasted, they're unlikely to take seriously any new "crisis" in IT, and will simply refuse to spend any money on it.

Re:Well duh

[orzetto]

This is true of technology in general. Government and industry debate global warming and peak oil but do very little to actually address the issue since it costs so much to implement solutions.

Society is not an amorphous blob with a clear will and an appreciation of its own good. Society is made up by people, and what the decision makers think is "good" is not necessarily good for society; both because the decision makers might be wrong, and because their own interests may be different from those of society (you don't get to be president because you're Joe Average from Missouri).

In the case of Ipv4, as in the one of energy, the interest of society is to fix the problem. The interest of the decision makers, however, is not to fix it, because they are now sitting on a critical asset that is always in demand and that is getting increasingly scarce, and therefore more expensive. The near-disaster scenario is in their interest, because that way they will maximise their returns. It's like the owner of an oasis in the Sahara: rain and rivers would be bad for business, drought is more people depending on you.

I would expect China or India to come up with a solution first: they don't have many IP addresses to begin with, they have growing economies that will sooner or later require more IP addresses, and they have the means to kickstart a major project.

Re:Well duh

[SnarfQuest]

What would happen if we all decided not to curb our oil consumption habits until we either ran completely out of oil reserves.

I remember when I was younger, we were down to 10 years of oil underground. This was some twenty years ago. We did a few minor changes, slight improvement in gas mileage, but not much. We also greatly increased the number of cars on the road. Too bad for you youngsters, you now have only 10 years of oil left underground.

Re:Well duh

[anticypher]

There are no 10 year old backbone routers still in service on any backbone. Anywhere.

Growth of the IPv4 routing table has left all them obsolete. Big routers from 10 years ago have all been migrated towards the edge, where they no longer fulfill a backbone role. Or they've been scrapped for being too costly, slow, power hungry and un-upgradable to modern interfaces.

For all that old kit that tosses IPv6 traffic to the CPU to be routed, it will still be usable for the next few years until IPv6 traffic starts to become more prevalent. By then, the current IPv6 backbone kit will have been migrated out from the core towards the edges. There is no problem with old kit, at least at the routing and switching level.

All the major backbone router manufacturers have included IPv6 natively for at least the last 3 to 6 years. Any internet company that has done a major upgrade to deal with ever increasing traffic levels and customer demands now have IPv6 capable hardware in service in the backbone. Some manufacturers may still charge more to turn the capability on. The ones that don't are seeing increasing sales because all their major clients don't like have a tiered system of features, where the only set with all the needed features is the most expensive one.

the AC

Re:Is this REALLY a problem?

[totally+bogus+dude]

Sure, but that's because you control the NAT and can forward ports, so you can still accept incoming connections. If your public IP address (i.e. what other torrent clients will try to connect to) is controlled by your ISP, you're going to have a hard time getting them to forward the ports you need to you. In fact, they would have a hard time providing this service in a usable and cost-effective manner, even if they wanted to.

Also, there's a good chance OpenBSD + PF is more accommodating of various protocols than an ISP's oversubscribed NAT gateway is likely to be. Even if they do their best, it can still get in the way. For example most gateways can handle FTP by watching for "PORT" or "PASV" messages and dynamically opening/forwarding the requested port (or rewriting it to use the port it wants), but this doesn't work if your FTP session is encrypted.

Finally, a lot of the ISPs seem to be actively discouraging P2P, and will simply use "no more IP addresses" as an excuse to slap in NAT gateways that restrict people to web and email. If you want "raw internet", then you'll have to pay.

With any luck there'll still be enough competition in the ISP space in 2010 to push the rollout of IPv6 onwards. A lot of the big ISPs will probably resist it, as a) it would cost a lot to upgrade and re-engineer their infrastructure to support it and b) they can make lots of money by charging a massive premium for routeable IPs. Not to mention that the media cartels will probably have convinced most people and politicians that the only reason one would want "raw internet access" is for piracy, child porn, and terrorism.

Re:Is this REALLY a problem?

[johannesg]

NAT is a really, really bad solution. It creates two classes of internet user: those that may run servers, and those that may not; a second-rank type of internet citizen, so to speak.

Do you really want to live in world where you can only connect to the servers of your corporate overlords? Wasn't the internet supposed to be offering equal opportunity for everyone?

Re:Is this REALLY a problem?

[$pace6host]

Really, I bet there are huge tracts of IP real estate that would function just as well on NATted private networks. I work at a place that owns lots of IP networks, and 1) we're not allowed to run our own web servers, or any other kind of servers for that matter, and 2) all our outbound traffic is through corporate control points and filtered anyway. Still, the PC on my desk at the office has a public IP address. Do I NEED a public IP address? No. Not really. Most of my traffic is to internal company data anyway (share drives, internal sharepoint intraet collaboration site, outlook servers, inward facing development servers, etc.) The rest is already going through proxy servers. You couldn't get any packets direct to me, either, the routers on the edge of our network filter practically all inbound traffic out. I, and most of my collegues, are wasting our public addresses. I'd bet it's the same in a lot of places. Corporate security policies essentially ensure that the majority of cubicle workers can't possibly make use of any of the "benefits" a publicly routable IP address would actually have, but every PC (and telephone and printer) has one.

I'm not saying NAT is the best solution, or even the right long term solution, just that I think it could be used (fairly successfully) in many more places while we get our collective asses in gear and go IPv6.

Re:Is this REALLY a problem?

[gnuman99]

NAT is *the* *wrong* solution.

Public IP addresses make it simple to have *proper* routing tables.

There is also the ability to track users easily. Imagine you have one of your computers compromised. The computer is then used to control another box that controls another one that drives some botnet. If you have a NAT, the 3rd party that discovered their box compromised will trace it back to ... your NAT! And the NAT is not tracked 99% of the time. So, the compromised box on your site cannot be easily discovered without packet sniffing.

Or an employee is involved in something illegal. The 3rd party produces their logs that list your NAT as the source of the problem. Which computer was used in that activity? You are stuck with tracing the stuff though screen loggers and other invasive BS just because NAT has to exist.

NAT is the wrong solution because of liability. NAT is wrong solution from routing point of view. NAT is wrong solution from technical point of view. IPv4 would have been replaced years ago if it wasn't or stupid NAT gateways everyone has now. Yeah, these will be obsolete with IPv6.

When I left school I thought NAT was the greatest thing in the world aside from sliced bread. Then real world experience forces you to realize that maybe the university usage of public IP on its internal network wasn't such a stupid thing after all. Public IP should be assigned to ALL devices, and then you can use a statefull firewall to protect these assets. Private IP networks should NEVER be connected to public IP networks - let's hope that dies with IPv4. The sooner the better.

Re:FUD

[tyler_larson]

That'll free up a bunch.

First of all, break up the "LEGACY" Class-A allocations. http://www.iana.org/assignments/ipv4-address-space. That'll free up a bunch.

All of the following companies have a full 16.7 Million addresses assigned to them. Level 3 might use theirs, (they actually have 2 blocks), but Halliburton? DEC? Amateur Radio Digital Communications? Do they all really need more than 16 million IP addresses?

This short list accounts for 654 million IP addresses -- over 15% of the address space.

003/8 General Electric Company
004/8 Level 3 Communications, Inc.
006/8 Army Information Systems Center
008/8 Level 3 Communications, Inc.
009/8 IBM
011/8 DoD Intel Information Systems
012/8 AT&T Bell Laboratories
013/8 Xerox Corporation
015/8 Hewlett-Packard Company
016/8 Digital Equipment Corporation
017/8 Apple Computer Inc.
018/8 MIT
019/8 Ford Motor Company
020/8 Computer Sciences Corporation
021/8 DDN-RVN
022/8 Defense Information Systems Agency
025/8 UK Ministry of Defence
026/8 Defense Information Systems Agency
028/8 DSI-North
029/8 Defense Information Systems Agency
030/8 Defense Information Systems Agency
032/8 AT&T Global Network Services
033/8 DLA Systems Automation Center
034/8 Halliburton Company
035/8 MERIT Computer Network
038/8 Performance Systems International
040/8 Eli Lily & Company
043/8 Japan Inet
044/8 Amateur Radio Digital Communications
045/8 Interop Show Network
047/8 Bell-Northern Research
048/8 Prudential Securities Inc.
051/8 Deparment of Social Security of UK
052/8 E.I. duPont de Nemours and Co., Inc.
053/8 Cap Debis CCS
054/8 Merck and Co., Inc.
055/8 DoD Network Information Center
056/8 US Postal Service
057/8 SITA