Slashdot Mirror
China To Run Out of IPv4 Addresses In 830 Days
JagsLive writes "China is running out of IP addresses unless it makes the switch to IPv6. According to the China Internet Network Information Center, under the current allocation speed, China's IPv4 address resources can only meet the demand of 830 more days and if no proper measures are taken by then, new Chinese netizens will not be able to gain normal access to the Internet. Li Kai, director in charge of the IP business for CNNIC's international department, says that if a netizen wants to get access to the Internet, an IP address will be necessary to analyze the domain name and view the pages. At present, most of the networks in China use IPv4 addresses. As a basic resource for the Internet, the IPv4 addresses are limited and 80% of the final allocation IP addresses have been used."
Try the whole world. According to this counter, the world will be out of IPv4 addresses in 768 days.
Sounds like it will be easier than ever to ring the Wong number!
Smivs on the intertubes!
Do any Chinese citizens even have "normal" 'net access now? Thought NAT was used heavily, not to mention the GFWOC
Don't blame me, I voted for Kodos
To get a quick infusion of 700 billion IP4 addresses -- NOW!
The dangers of knowledge trigger emotional distress in human beings.
When your WHOLE COUNTRY is behind a firewall? NAT the hell out of that! Flatten it to a /8 network in 10.0.0.0 and put it all behind one public IP. Problem solved!
Or will they just open up reserved addresses or something stupid like that?
---- Liquid was a patriot ----
Netizen is really stupid word, we really don't need more buzzwords.
Heck, they already firewall everybody -- why not just break IPs up into NATted subnets? The 10.x.x.x range should give them enough room for awhile, right?
Paleotechnologist and connoisseur of pretty shiny things.
A: Because it breaks the flow of a message.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
.
C'mon HP, be a good netizen and give back the bulk of those IP addresses. Try using NAT instead of hoarding IP addresses that others so desperately need.
I predict that we'll see China begin to use IPv6 addresses before most other people. Why?
Granted, I'm no fan of China's human rights policies. But it definitely has an advantage in terms of adopting IPv6. Hopefully, when China switches protocols, it'll catalyze the rest of the world to do so as well.
...and enable NAT.
Problem solved. :)
To error is human, to forgive, beyond the scope of the OS.
Slashdot runs it's 15th story about IP addresses running out "real soon now". The first was something like 5 years ago :)
These stats ignore the fact that there are huge available allocations that can go behind NAT's. An ISP can NAT big chunks of its user network. Charging even a modest amount per IP would free up huge numbers of IPs. There are abandoned blocks (companies out of business) and wildly oversized blocks (MIT etc).
Plus, we've been hearing these stories for years. The idea that the internets resources are going to become ipv6 anytime soon is unlikly. So folks are going to figure out a way to manage the existing pool, where there is lots of room for improved efficiency.
Fun to keep on reading these stories... they're always written as breaking news :)
If only they could run out sooner.
They're even running out of RFC 1918 addresses.
"new Chinese netizens will not be able to gain normal access to the Internet."
They aren't able to gain "normal" access to the internet already! Hail the Great Chinese Firewall.
the LHC will end it quicker than that. They estimate some 90 days until they've got their repairs done ;)
--- Eat my sig.
Impose a one IP address per family rule...
Task Mangler
And what miniscule percentage of those sites AREN'T spam/phishing/scamming of one form or another...
That could be so much more poignant if you could actually spell.
What actually happens for domestic users when the addresses run out? I get my one, dynamic address at home from the ISP and I guess tomorrow they give that to some other subscriber (DHCP lease seems to be 24 hrs). If there are too few addresses, then what? No more new subscribers; or do they, the ISPs, allow over-subscription and not all customers can get an IP address every day?
Seriously their government is hell bent on controlling what goes into and out of that nation and what better way to do that than by forcing people to use a proxy..
"Ahh! Arrogance and stupidity in the same package, how efficient of you!" --Londo Molari
Pease porridge hot
Pease porride cold
Pease porridge in the pot
Nine days old!
----------------------------------- My Other Sig Is Hilarious -----------------------------------
IP4 doesn't have enough addresses, of course a managers solution is to put of the inevitable so that it happens on someone elses watch rather then taking the time we got now to develop and implement a solution.
IF pushing IP6 doesn't work in the roughly 2 years remaining THEN we can use the buffer of under-used blocks as a last reserve. if we use the reserves now, and do nothing then we still have the same problem, just a bit further away but this time with no reserves remaining and no work chance of it being solves in time.
You should run for president, you would do well with your solutions.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
We still need to switch eventually, but this could push it back a ways.
NAT is not a solution. It's a huge, gigantic clusterfuck of a problem. Some people only started their careers after NAT was widespread, so they can't imagine how wonderful the world is without it. The internet is much simpler when you can assume that all nodes can directly address all other nodes.
Look: this is what we've done.
In the beginning, each endpoint of a TCP (or UDP) connection looked like this:
[octet][octet][octet][octet][16-bit port]
[(------- host-------------)(--service--)
Each octet was routed hierarchically, and the port acted as an additional level of routing within a single node.
With CIDR, the model moved to this:
[32-bit opaque address][16-bit port]
(-------host----------)(--service--)
This change didn't hurt anything, aside from an increase in router complexity. Allowed the 32-bit address space to be used much more efficiently.
Now with the IP address shortage, the situation looks like this:
[48-bit address]
(----?---------)
Note how we've lost the distinction between host and service and smushed them all together into one huge opaque number. We've caused ourself lots of problems with this:
These days, instead of saying "connect to mydomain.foo.cx", for example, you have to say "connect to mydomain.foo.cx at port 12345". That's out of band address information, and should never be needed. Imagine if DNS only gave you the first three octets an IP address, and every application requires you type in the last one in manually. That's what the world is like today!
Am I the only one that noticed Hey, they can only have one baby, but we'll give them 3 IP addresses? Sounds like the Chinese government is getting liberal or something
Support NYCountryLawyer RIAA vs People
We are not running out of IPv4 addresses, but we are running out of IPv4 routes. IPv6 isn't going to fix that and in fact doubles the number of routes needed.
Carly Fiorina's ego. It's so big that it was necessary to support all of her ego's operations. If it grows any more, the IPv6 address space will be screwed as well.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
So the world runs out of addresses before China runs out?
The world will run out of new blocks to allocate (as in "254.xxx.yyy.zzz"), before China gives out all addresses in the allocated blocks it has (as in "www.254.254.254").
Nonetheless, IPv4 can only provide a little lower than 253^4 different addresses. What makes it worse is that it's allocated in chunks (some chunks are reserved like the 127.x.y.z family - other addresses may be free but land in a range which is allocated to some company and thus can't be used by your computer).
Thus even if some providers use dynamic IP (only those machine which are connected have an IP address - thus an ISP needs a chunk only as big as the number of simultaneously connected users, not as the total number of subscriber), and lot of router use NAT (only 1 single IP address is visible on ther internet. all the machine are visible through this address and use a private address on the internal network),
in a world where everything including your fridge is connected to teh interweb 24h a day, 7 days a week, we will quickly run into a situation where no more IPv4 address can be assigned to a new machine :
- the ISP has ran out of addresses in its chunk because there are more simultaneous connection (because everyone stays perpetually connected) that there are free address in the chunk (china will reach this point in 2-3 years)
- and there are no more new free chunk to allocate for the providers (all are already either reserved like the 10.*.*.* and 192.168.*.* range, or have already been allocated to others) thus now way to give more chunks with more IP to the ISPs (the world will reach that point too in about 2 years).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Can they really have one?
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
Just to get this out of the way, for everyone that suggests "we don't need no IPv6, just use NAT!", the answer is "down boy, bad doggie".
NAT is a horrible joke that has gone on far too long.
/Mike
-- "So, what's the deal with Auntie Gerschwitz et all?"
I have a friend that did support for an ISP that had this problem. Their answer, have the customer refresh/renew ip addresses until they get one.
"Li Kai, director in charge of the IP business for CNNIC's international department, says that if a netizen wants to get access to the Internet, an IP address will be necessary to analyze the domain name and view the pages."
Isn't this stating the painfully obvious? Haven't we always had to have an IP address to access the Internet and view web pages?
Hopefully, when China switches protocols, it'll catalyze the rest of the world to do so as well.
Given the fact where most of the cheap modems/routers are currently produced, that also means that IPv6 supporting routers will quickly be available worldwide.
The big IPv6 switch will be more easy for the rest of the world (at least at the ISP level).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
stop saying "netizens".
It must have been something you assimilated. . . .
That's an interesting thought. Kind of like going back to the dial up days, where you sometimes couldn't get a connection to your ISPs modems because they were all in use.
I think it's more likely that you'll get NATed though, and have to pay if you want a real IP address.
My company has a quarter million employees. That means a quarter million desktop computers, a quarter million automated parking spaces, a quarter million employee badges, a quarter million IP phones, a quarter million cell phones, a quarter million ....
And that's not even counting our publicly-accessible web servers and our employee kitchens, where every microwave, coffee pot, ice machine, and vending machine is online.
All these things need network connectivity.
ISPs will not be able to oversell their DHCP pool. Back in the days of dial-up, yes, but now that every broadband ISP installs a router/modem that is on 24 hours a day not a chance. Most people will turn off or suspend a computer when it's not in use, but will never do the same for their router.
Or does the summary plagiarize itself...?
.under the current allocation speed, China's IPv4 address resources can only meet the demand of 830 more days and if no proper measures are taken by then, new Chinese netizens will not be able to gain normal access to the Internet."
."
". .
"By the current allocation speed, China's IPv4 address resource can only meet the demand of 830 more days. If there is no available new resource by then, new netizens will not be able to gain normal access to the Internet. .
Why is everyone in the comments talking about various steps (reallocating large blocks, more widespread NAT, etc.) that would allow us to push back IPv6?
It seems that we very close to the point where every device supports IPv6 (Vista adoption is helping this) but just isn't using it. Let's start turning it on. What better way to help the adoption than by having users who are IPv6 only complaining?
-bugg
they'd have plenty. Anyway, since they censor the Internet, they only need one public IP.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
We've only used half the available numbers.
Just start using negative numbers: -248.100.-97.-201
Cress, cress, lovely lovely cress
Almost all of these things can be using a non-publically routable IP address. NAT exists for a reason. Do you really need to be able to log in to automated parking space 1a from anywhere directly, with no firewalling? I don't think so. If you do, however, please post your IP range, I want some free parking. :)
From http://www.iana.org/assignments/ipv4-address-space/ I count 39 /8 blocks assigned to individual companies or organizations. That's purely wasteful, since it is highly unlikely that any of these companies actually need the 16 million or so addresses in those blocks. If those blocks were reallocated, which will likely occur if we reach "X-day" ( http://entne.jp/tool/toollist/index_en.html ) before IPv6 becomes widespread, we will have gained approximately 500 million IP addresses. That will probably be sufficient to buy us another two years, since we currently have about 566 million free and two years to go (again according to the IPv4 exhaustion counter).
/8 blocks by 2010.
So, we should have another four years if IANA pushes for reallocation of the
8.3 * 10^2 days
An ISP can NAT big chunks of its user network
And in so doing break any application that needs to receive incoming connections.
This behavior is by design. The standard terms for residential service plans already restrict "running a server". FTP clients can use passive mode.
NAT?
oh wait...that makes 80gbit deep packet inspection tricky....
Good people go to bed earlier.
Why can't some of the owners of /8 address spaces return them back to be re-allocated?
For example, HP owns 15.0.0.0 through 16.0.0.0 (~33m ip addresses) can't they get by on just ONE class A network?
Apple owns 17/8
MIT own 18/8
US Postal Service 56/8.
http://www.iana.org/assignments/ipv4-address-space/
Do all these companies need to have ALL of their devices on publicly routable IP addresses? From a security standpoint, I would hope not. Odd since IBM, a company much larger than MIT and Apple can get by on just one /8, and I'm having trouble believing that HP requires 2 /8 networks.
We talk about making our datacenters "green" by consuming less power, there's got to be an equivalent for consuming fewer public IP addresses.
I've just finished re-IPing our datacenter (~5000 servers), not to 'release IP addresses back, but to undo the damage done by years of seemingly randomly assigning IP addresses to servers in our datacenter. Yes it's a pain, but so is any form of cleaning up your datacenter (cabling for example).
I work for an ISP and even our PRINTERS and desktops have publicly routeable IP addresses. All of these devices of course point to a single gateway and have no real need to communicate directly with the outside world so NAT would be a perfect solution. I'm tired of reading about "the sky is falling". When we "run out" of addresses there will be public auctions to the highest bidder. Companies will NAT what they don't need direct access into.
Maybe if they stopped giving away addresses to every other spammer and scammer that wanted one in China they would still have some to spare?
The exhaustion of IPv4 address space - dated 17th October, 2005
You are right, there's a whole lot of articles talking about this problem. And there have been people touting the NAT silver bullet for as long as the shortage has been known about. The interesting thing is that the rate of IPv4 consumption has kept increasing regardless.
That sounds like a huge step backwards. Hopefully it won't come to that.
What's the disadvantage (beyond legacy devices) to switching to IPv6? Don't most operating systems support it? (noob question I know, but what's the deal?)
You can't put a whole country behind one public IP because of port starvation. All those people will need multiple ports for their connections, even some large organizations experience this problem!
According to this :
Photos.
Maybe we are forgetting that China also has access to the IP addresses allocated to Tibet, Hong Kong and even Taiwan! Now we know why they are occupying these territories, it's all about IPv4!
Oops, the link is www.ipv6.org.tw/summit2008/doc/1-2-2.pdf
Photos.
I do think its amazing how something this old lasted this long. To be fair, who in 1981 thought that 4,294,967,296 would not be enough?
They will probably need to build a great Chinese NAT.
Imagine one IP for whole China.
Eugene 'HMage' Bujak
Why will white goods need to be on the internet at all?
I mean a *good* reason , not just the usual re-hashed fridge-can-reorder-beer-for-you Jetsons style drivel that is laughably spoken about as some vital function by techno evangelists.
With that great firewall of them, it should be very easy to just set up NAT.
Ordinary users of the IPv6 Internet should be allocated as a minimum two /64 subnets. One /64 subnet would be for a private LAN network and the other /64 subnet would be for a public facing DMZ network. The DMZ network would be useful for any kind of reachability which only selected people can access content. IPv6 capable VoIP PBXs would be especially useful here like Asterisk and Freeswitch. Imagine the possibilities of assigning every phone call or user its own IPv6. This should elimiate VoIP spam.
Other notes: Point to point links should be a /126, not a /64. Businesses of differing sizes don't need a full /48. This would be like giving out blocks of IPv4 Class A addresses all over again. The size of the allocated IPv6 for a business should match their real size and needs. Applications and operating systems need to be more IPv6 aware.
Peak IP4 is a myth; there are still plenty of addresses buried in the Canadian tar sands. However, in the short term, the only solution is to lift the ban on coastal drilling for IP4 addresses.
You try and remember even a single IP6 address or even type one in accurately and you'll see what I mean. Whoever though hex codes were the way to go for IP6 should be hung drawn and quartered then forced to run a IP6 DNS service in hell.
Thank goodness, maybe they will take away the Chinese spam houses IPs and use them for something less irritating.
Although IPv6 will be glorious when it arrives for the masses to use, it is still just as temporary well. It will eventually run out. Faster actually, since, as I have come to understand it, correct me if i am wrong, each individual computer will have its own global IP. Meaning that a company with 1 outer connection, and 5000 networked computers has the potential to take up 5000 global IP's instead of one. Just my thoughts.
--gmxgeek
Good now we block all there IP's from Spamming China.
I'm sure there good people in China but I have to tell you I block all china and Russian IP on my server.
I'm life has been beautiful.
If we move to IP 6 this will take up a lot more resources.
Cheers,
Web Server Admin
Why is everyone in the comments talking about various steps ... that would allow us to push back IPv6?
Because it's new, and change causes fear. And you have so many people who've had it hammered into their thick Certified+ skulls that NAT is a security measure. On the geek side, it's because people think it's a lot easier to remember an IP address that's only four octets.
It seems that we very close to the point where every device supports IPv6
Far from it, actually. While most of the mainstream operating systems now do, lots of embedded devices don't. I still haven't been able to get my wireless bridge (two wrt54g running OpenWRT) to pass traffic. My IP phone, not that, either. DSL Modem? Nyet. IPTV STBs? Sorry.
Let's start turning it on. What better way to help the adoption than by having users who are IPv6 only complaining?
Microsoft is making a big push, even on the server side. IIRC, you can't install Exchange 2007 w/out IPv6 enabled at the install.
The bigger problem is that there aren't many ISPs that push it out to the endpoints, because their backbones don't support it. My DSL provider gets most of its upstream service from Global Crossing (who are doing lots of stuff with v6), but I haven't seen anything get out towards me. I'm stuck in tunnelville.
Thankfully, SiXXs is pretty reliable. On my co-lo on a different ISP, my ping times over my he.net tunnel are now stastically the same as with v4.
Has anybody noticed that the summary is basically repeated twice?
I wonder if anybody noticed the summary was repeated twice.
they will take them anyway.
Yes I know the comment is not nice, hence AC
It is mostly up to the ISP's right now. I can't just 'turn on' IPv6 for my computer. My ISP has to use it before I can.
--gmxgeek
Esepcially since Teredo let's just about anyone have ipv6 connectivity even behind a firewall.
Combine that with bittorrent clients that can use ipv6 and you now have a reason to not hide behind NAT.
If enough people start using ipv6 tunned over ipv4 I bet the ISP support will get better fast.
So just turn ipv6 on and use it.
NAT is not a firewall! One could easily have a public automated parking equipment on a public routable IP address BEHIND a proper firewall. People like to equate NATs to firewalls. They are not the same thing.
But yeah, this whole problem could be solved for the time being by freeing up the ridiculous portion of address space reserved for just a couple of companies.
Isn't China behind a massive firewall?
Easy as pie. NAT.
Done.
Like China has "real internet" anyway.
-Toll_Free
It isn't backwards compatible in any real sense with IPv4. You might as well switch to a different protocol entirely then switch to IPv6. IPv6 can talk back to IPv4 through crazy tunnels that nobody but people on slashdot understand. But nobody on IPv4 can talk with IPv6 easily (from my understanding, anyway)
Plus, IPv6 doesn't solve any other problem besides address space. It doesn't solve:
1) Roaming between different networks and keeping your sessions alive.
2) Multicast in any kind of sane way. Nobody cares about where a named document is served from--chunks might come from my microwave, my cell phone, my neighbors dog collar... I dont care. All I care about is that the document originally came from the right source, it is the most current version, and it hasn't been modified. Think BitTorrent meets GNUtella meets Freenet, only way down in layer 3, not the application layer.
3) Mesh networks. Ever try to set up a mesh of wireless network access points and maintain a sane address scheme? Think of the hacks your cell phone provider must use.
4) Doesn't do a damn thing about DDOS attacks or other kinds of network nasties. It doesn't matter how good your firewall is if an attacker can flood one end of it.
5) Doesn't provide any real authentication. The network itself should let you be as anonymous or as "real" as possible. Fixing SPAM of all forms requires real authentication at the deepest bowls of the network stack. Layer 3 could be handling authentication for SMTP, IMAP, HTTP, AIM, whatever-- right now every protocol has to re-invent their authentication scheme... some suck (OpenID, which doesn't work with anything but HTTP) some are pretty slick (SSH + public key crypto), some are even at layer 2 (WiFI - WEP/WAP).
6) Doesn't somehow magically fix the ability for people to use botnets or open proxys to screw you over. I dunno how you fix this, or if you even really can. All I know is right now the IP address is meaningless... it is useless to block IP's, it is useless to to use an IP for tracking a session (a single AOL user hitting your page will use several IP addresses). Maybe layer 3 needs some kind of "cookie" or way to maintain a session that doesn't require a stable network address. That way, a session could be maintained even if I hop between access points and change network addresses.
Does Intrade take bets on IPv6 adoption? I'd like to put money on it never getting widely adopted. I'd wager some guy like Vint Cerf will pimp a new, better protocol by the time we really, really run out of IP addresses. I'd also wager this magical new protocol will solve at least a few of the problems I've given above. I also would bet it will challenge how we look at the network... maybe the OSI network model isn't the best way to think about networking?
Isn't the problem that nobody who could fix this is motivated to do so?
If we all switch to ipv6 now, then everyone on the existing internet has incurred a cost, but will see no benefit; the benefit will go to currently-unconnected Chinese who will not pay the cost because the work will already have been done by the time they join up.
The only way that the switch to ipv6 is going to happen, is if someone finds a way of making the currently-unconnected Chinese population pay for it. That could be done, for example, by waiting until ipv4 addresses become very scarce, then auctioning the remaining ipv4 addresses for large sums of money, and using that money to switch everyone else over to ipv6. But then you've got the problem of distributing the money...
Had every router shipped since 3 or so years ago been required to have a) IPv6 support w/ stateful firewall on by default for internal hosts and b) a "turn on 6to4" button, we would have been near done already. That simple. You can do it with current routers with firmware mods and a lot of work.
"Strangers have the best candy" -Me
Stan Marsh: "And so what have we learned through this ordeal? The internet went away, it came back, but for how long we do not know. We cannot take the internet for granted any longer. We as a country must stop over logging...on. We must use the internet only when we need it. It's easy for to think we can just use up all the internet we want, but if we don't treat the internet with the RESPECT!!! it deserves, it could one day be gone forever.
So let us learn to live with the internet, not for it. No more browsing for no apparent reason, no more mindlessly surfing on our laptops while watching television. And finally, we must learn to only use the internet for porn twice a day... max."
Murphey's fighting Occam, and we're in the stands.
So it's like this. No one says my provider has to give me a publicly routable internet access. Most people only surf the net. Most people aren't running stuff out of their house. Why is Comcast giving those people publicly routable addresses? Why not just have their own class A private network space, and when your cable modem connects, why don't they just give you a 10.x.x.x address and save the public internet address for people who actually host services from their homes? There's no reason to give joe schmo who only checks his webmail and watches video.msnbc.com a public address. Ridiculous.
Actually, the problem is that most DEVICES don't support IPv6. The only thing the adoption of Vista (and also OS X which enables IPv6 by default) has done is increased the support for IPv6 on computers.
What about your router? The only SOHO router I know of that supports IPv6 out of the box is Apple's Airport Extreme. What about the Cable/DSL Modems, not to mention all the other Linksys, DLink, (Insert your brand) routers?
What difference does it make if most of the computers can use IPv6, if the infrastructure that connects them to the internet still doesn't/can't support IPv6?
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
i heard they got a whole mess o' internet in california. enough for everyone!
on the IPv4 route problem, and then mod parent up for introducing an interesting topic to discuss?
dave
Since everyone in china has to pass through their great firewall for censorship, couldn't they just use NAT and shut the fuck up ?
(for anyone without servers, that is...)
PS this is sarcasm, btw :)
Seems to me like nobody wants IPv6. Why should we force something like IPv6? It isn't like earth will implode the day we run out of address space.
If we force IPv6, we run the risk of pushing back something else--innovation. Odds are good there is a better way to do this interweb thingy, and if the governments start mandating IPv6, you can forget about network research. That or worse, conservative people blow tons of money on IPv6 upgrades only to find themselves on a virtual island because everybody else has move on to StarNetV8 (now with free ponies).
I worked with a company that had TWO public /16s and static NAT'd one public /16 to the other /16 internally. Of course its hard to blame hoarders since you could probably never get another /16, and IIRC these were "old" allocations from the 80s or early 90s when a /16 was to be had by just about anyone who asked.
Only 830 days to less SPAM !
Success is not the result of spontaneous combustion, you must set yourself on fire.
Its not that we're actually running out of IP addresses, its they were poorly allocated to begin with.
In total, there are 4.2 Billion IP's available in the IPv4 Space.
Summary of wasteful allocation:
1) 10.X.X.X for internal usage,
2) 192.168.X.X for internal usage
3) 172.18.X.X for internal usage
4) 127.X.X.X reserved for localhost,
5) 169.254.X.X for "I'm not on a network" IP's
6) Everything 1.X.X.X - 10.X.X.X is reserved for IANA.
So adding this up we've wasted
1) 16,581,375
2) 65,025
3) 65.025
4) 16,581,375
5) 65.025
6) 149,232,375 Total : 182,560,200 IP's unusable.
There is no reason why private networks need three different ranges of IP's for private use. Most, if not all businesses can get away with using the 192.168 or the 172.18 ranges(Exceptions would be google, governments, and research places with over 65k machines)
Then you have residential users who think they need an IP for each computer and their xbox.
Realistically, a company with a mail server, web server, ftp server etc... only needs one IP and a NAT to do port forwarding to the inside network.
If they clamp down on IP usage and free up some of the wastefully reserved IP ranges we wouldn't be having this discussion
"I mean a *good* reason"
He meant a good reason.
To quote LongNoi "QZTR was right and won't leave me alone because I called him a moron when I was wrong" FYS
The refrigerator is a poor example, but other appliances and home HVAC systems could realize significant energy savings by communicating with each other, and by being controlled remotely over the internet (or some other means).
There are a lot of interesting scenarios: if you had real-time, fluctuating power pricing, you might want to have appliances change their energy consumption or other settings in response to their cost. Only run some appliances when the spot price is below $0.15/kwh, for example.
Or even simpler, if you have a peak-load factor as a component of your bill, devices could communicate with each other to ensure the total draw at any one time doesn't exceed some predetermined maximum. Different appliances would each have a priority, and would have to shut down to accommodate higher-priority draws. (E.g.: the clothes dryer would shut off if you turned on the electric stove or microwave, because it would have a lower priority -- unless you were really obsessive about not having wrinkled clothes, I suppose, in which case you could set it the other way around.)
The two could be combined, as well: once you have the infrastructure in place, you could set up whatever rules you wanted, balancing preferences for certain services against costs, and prioritizing certain services at various times. It wouldn't be hard to produce detailed reports of what each appliance/service was costing to operate, and how new rules would affect costs based on past usage patterns. (There's the potential for a lot of complexity in the control system, but to a user it might seem very simple on the surface.)
Also, there's a wide range of appliances that really only need to run when people are in the house (or just before they enter the house) but tend to run continuously because it's a PITA to run them based on inflexible timers: HVAC, lighting, water heaters, possibly even water pressure-pumps. Devices would only be turned on when necessary for another device, or a user need was anticipated. I could easily imagine a system that was plugged into an online calendar and controlled this in a way that hid it from the user as much as possible. Heck, if you had a PDA with GPS, you wouldn't have to do anything.
The driving force behind "home automation" up until now has mostly been the geek factor of controlling all your lights/appliances/whatevers from a single point, but I think in the future, energy savings and integration will be the selling point. Since it seems unlikely that we'll really make significant inroads on alternative sources of energy before we start to run low on petroleum, there's a non-trivial chance that energy may become staggeringly expensive. I could easily see a future where the running costs of energy-intensive appliances greatly exceed -- even to the point of triviality -- their purchase price.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
http://debian6to4.gielen.name/
generates a configuration specifically for your computer, based on its IPv4 address.
This way your entire local network will have real IP addresses, while you only need a single IPv4 address.
The reason organizations don't "give back" their IP assignments is that there is not much incentive to do so. Why not a market based solution?
One example: I am puzzled that radio amateurs (AMPRNET) own 44.00.00.00/8 and do not make significant use of it. As a ham myself, I'd be happy to convert that to, say, $10M for the betterment of the hobby.
Fiat Lux.
Should they conserve IP Addresses and just inflate their tires or should they start drilling for more ip addresses now?
What is IPv6, 128-bit address space? That is what, 16 bytes?
Worse case in decimal (I added the dashes so *I* could make sure I typed it right :-)
216:126:59:03-58:95:58:32-126:43:55:129-59:59:59:1
Worse case in hex (same deal).
FA:FA:FA:FA-12:55:43:BA-55:DA:CC:DB-89:A1:C1:01
Basically, you are boned :-) Maybe we need a different number system that is like Base64 instead of Base16? Heck... why not just base64 encode the IP address. Base64 is what, A-Z, a-z, 0-9,+,=? A Base64 encoded IPv6 address is just:
Az.
Or make it Base32 instead so you can be case insensitive (A-Z, 0-9 and only drop a couple easy to mix up characters like i, l and o to get to 32 chars). A Base32 IPv6 is:
A1Y2.
You could even break out subnets with Base32:
A1Y:2/96 (subnet mask ZZZ0)
So yeah... why didn't they go Base64 or Base32 instead of Base16?
I hate doing what I'm about to do, link to my own comment, but what the hell.
IPv6 would be way easier to remember if they Base32 encoded it instead of using Hex (Base16 encoding). See here
Does it bother anybody else that many of the holders of the /8 IP addresses don't even use them for their web sites?
http://en.wikipedia.org/wiki/List_of_assigned_/8_IP_address_blocks
Example:
GE.. 3.0.0.0 â" 3.255.255.255... nslookup www.ge.com = 216.74.131.56
IBM.. 9.0.0.0 â" 9.255.255.255... nslookup www.ibm.com = 129.42.60.216
Ford.. 19.0.0.0 â" 19.255.255.255... nslookup www.ford.com = 63.147.175.36
I guess it's not that strange that they're not hosting their own websites... but that's a helluva lot of IP addresses that they hold to be "pilfering" from the limited supply that the rest of us have to play with.
Sniffle. Sniffle.
Totally blew it! I must not have had my coffee yet. Those examples I gave were not 128-bit addresses, they were like 256-bit and I made a whole case around an address space that had twice the string length as IPv6.
Sheesh. Now I'm embarrassed. Better hand in my nerd card.
But still... my Base64 and Base32 examples are right and my point still stands. Just ignore the hex & decimal examples. heh...
Agreed, I screwed up, and meant to say, "directly, with no firewalling and no NAT." Though to be semantic about it, NAT is actually considered a type/generation of firewall even though it really doesn't firewall in the popular sense of the term. You can only forward certain ports onwards. NAT only firewalls are all but dead these days, so the point is a bit moot, but its something to note.
I run my own mail server and have router-side blocks for entire IP blocks, including China. Even so, a *significant* portion of the spam hitting my mail server originates from China. I'm all for universal access, but only if it's used responsibly. Clearly that isn't the case here, so let the pool dry up. I'd say the same thing if the majority of my spam came from elsewhere. Nigeria, you're next!
Please visit my store on eBay. IP addresses now for sale!
Do not trust this signature.
Your plan for world domination might work in theory, but there is some flaws in it.
1) Unless you are "big", your IP addresses come from you ISP. The second you switch ISP's, your appliances will have to renumber and you'll have to get your "iKitchen" software to use the new addresses.
2) Why does it matter where the toaster gets on "the net" anyway? Why can't it use the cell phone network instead of my Netgear router? In theory, those two entirely different networks can talk to eachother, right? Why does TCP/IP make it so difficult to do so? It shouldn't matter if the data packets are sent via SMS to my laptop's hotel internet connection.
3) What if my iSink has a washer malfunction and starts to flood the kitchen? I have a cell phone that is almost always on and I have a laptop that might be on. How does the iSink know where to locate me and which device to use? TCP/IP only makes it easy for my laptop to continually poll my iSink for equipment failures. TCP/IP makes it almost impossible to *push* information to my devices. It doesn't even began to address *which* device to push the information to!
So really, NAT has nothing to do with anything. No NAT, no stable IP addresses. No VPN, my iSink will flood the iKitchen and nobody will stop it.
It does *not* connect to a proxy server outside of your nat. NAT transversal means "Use a protocol called UPnP to talk to the NAT box and get it to hook me up with a few forwarded ports".
In otherwords, uTorrent or whatever asks your Netgear router to forward a couple ports for it. It does *not* connect to a proxy server, that would be insane for a number of reasons no the least of which is *whose* proxy would it connect *to*?
Do they also restrict me from playing games with my friends? Most games require the host to be able to accept incoming connections.
MMORPGs and other games where a well-known party provides a dedicated server do not. If you want to run this dedicated server, upgrade your service to a business class SLA.
How about DCC chats on IRC? Are those also prohibited?
Instead of DCC, use encrypted XMPP through a well-known dedicated server.
What about file transfers on IM clients?
The party with a more powerful machine could be construed as running a server. Use your ISP's web space.
don't care.
Can't they just all use the same IP address just like they all shared the same license key of Windows XP?
Because unless you set your TTL to like 60 seconds, you cannot "roam" between network addresses. How will your iSink be able to inform you of is washer failure when it has a stale DNS record because your laptop changed access points and network addresses?
Plus, what do these mythical DNS hostnames look like and who is managing them? Do I have to assign a DNS record to every device in my home in order to contact them? Do we all have to own a domain name, or will my iSink become corysink4032.seattle.wa.comcast.net? How will my parents manage this at their home?
I dont care how SMS works (though I do know how it works). But I do know it is a good way to contact my mobile phone to notify me of a washer failure. In fact, SMS is a far better way to contact me because my cell phone number is globally unique *and* can roam across providers and still be reachable. Your DNS hacks aside, you can't do that with TCP/IP.
wall street gets their free cash, but not from taxpayer wallets.
win-win
You would eat a casserole that had been sitting in your oven for a month? Not to mention that having most of those things on while you are not home isn't safe.
Easy solution: most firewalls can perform NAT/PAT, so I'm sure the Great Firewall can do Great NAT/PAT!
NAT is a hack to fix a problem. It's a good hack, but if a better solution exists (and it does, it's called IPv6) then we should use that rather than a bodge that's entire purpose is to work around a problem that shouldn't exist.
"The weirdest thing about a mind, is that every answer that you find, is the basis of a brand new cliche" -
With either with polling for price information or a central controller (which would be needed anyway) that received pushed updates.
Solution: Yank the IPs from spammers and script kiddies back and buy yourself a few more years.
My servers see attacks from *A LOT* of IP addresses, most of them located in China. I sometimes wonder if there are *ANY* hosts in China not infected by malware or operated by black hats.
Maybe they got more internet in Californee...
its called NAT... it works and widely used it solves the problem for a very long time.
isn't ipv6 more easy to control, track, trace, or monitor?
is it possible this is just a farce to push the new standard?
or am i confusing this with Internet2.
please to be educated. /danke
https://www.accountkiller.com/removal-requested
WHY can't we release reserved Class E Addresses...?
Isn't that WHY they're reserved? For when we run out?
IPv6 doesn't help home automation at all. Once you expand beyond your little subnet, network addressing becomes a challenge. Sure it is great all these devices have globally routable IP addresses, but the *exact* IP address changes every network you get onto.
Here is a good scenario that even has cars:
- You own a car. You would like to get to your music collection at home to play some of the latest tunes from Back Street Boys.
Question:
1) What is the address of my media server at home? If you said DNS, wrong. Who controls the DNS - you or your ISP? Given you are not a nerd, odds are good your ISP will give it a name... something like cust0323.provo.ut.qwest.net. Sure you can change that to joesmedia.provo.ut.qwest.net, but some other jerk is named joe and he owns a media server too. Odds are high your hostname will be joe210949.provo.ut.qwest.net
2) While I'm driving down the road, my cars IP address is changing every couple miles as I switch between providers and cell towers. How does this get handled? If you said the application should handle this, I think you are wrong. Handling network address changes and keeping a session is something the bowls of the stack should handle.
3) Since cars IP is changing all the time, how will my VoIP calls get sent to my car stereo instead of my home phone? If you said DNS, you are wrong. DNS has too much caching to deal with my always changing IP address. Plus, which DNS servers will my car be using on each network? More importantly, which DNS servers will my car contact to update the AAAA record for my car. Even more important, what does that DNS hostname look like anyway? Is it gonna be car395323.autos.btinternet.net?
My point is, IPv6 doesn't solve anything. Both your examples and mine are examples of what happens when all our devices are always on "the net". The problem people seem to think the only way to get everything connected is by trying to force fit everything into a TCP/IP way of doing things. Nobody said the net has to be IPv6. In fact, IPv6 probably is *not* the best way to get everything on the net.
There are several NAT traversal solutions (e.g. STUN)... using an external proxy is typically the method of last resort.
What if your thermostat could get the weather forcast for the next 3 hours. That way it wouldn't need to heat your house up if it is just gonna be 70 degrees out in an hour anyway. Big buildings already do stuff like this, why can't our home systems do it too?
What if your car or mobile phone could tell your thermostat you just left the house and that it doesn't need to maintain a temp of 70 degrees anymore? For that matter, why cant I use my 1080p hi-def monitor (aka, my TV) to manage my HVAC system? Why cant the HVAC system talk with my SageTV/Tivo/MythTV so I can control it with a remote? Likewise, why can't my apartments dryer notify my DVR that the laundry is done so I can go down and get it?
That's why Comcast is announcing limits on their service - use it too much, you go to the back of the queue for addresses.
The architects of IPv6 envision an environment that *everything* has a globaly unique address. If everything in my apartment has a unique address, what, exactly, are these hostnames going to look like?
If every speaker in my stereo system has its own IP address, what will the hostnames be--ltweeter.livingroom.myhouse.mycity.mystate.myisp.com? How will they differ from my bedroom stereo? Keep in mind I mean *every speaker*.. every tweeter, midrange and woofer should be controlled by the amplifier.
We already are "out" of human friendly domain names. Do you really think there are enough easy to remember domain names for every single home on the planet?
And if you dont buy your own domain name, is your ISP's DNS going to be ready to handle the burden of every device, every speaker and every lightbulb all trying to register themselves and get unique, globally routable hostnames?
Look at how poorly this kind of stuff scales already. If you are named "Kim Nguyen" and want to use your name on MySpace or Facebook, you are probably gonna be kimnguyen40000 by now. You think it is bad now, wait until every lightbulb on the planet wants to register a hostname.
PS: lightbulb21.myhome.mycity.mystate.myisp.com won't cut it either.
Internets"? Can't we just do an overlay, and add more pipes and tubes?
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
If you were using them for the lower parts of your DNS, now you've got to "rename" every device in the house. "Buy a domain name" you say? Too late, with IPv6 everybody will try to register a domain name to get around "domain name lockin" and nothing good will be left.
Plus, none of this addresses the fact that whatever DNS server you use will also have to manage "knowing what all these devices to". If your lightbulb is on a different subnet from the lightswitch, how will they discover eachother? DNS? Whose DNS server?
(the answer, I suspect, is your netgear router will manage your DNS records and let you set up a private top level domain name... the problem will be that now everybody has private TLDs that cannot see eachother and you wind up with exactly the same problem as you did with NAT boxes)
in a world where everything including your fridge is connected to teh interweb 24h a day, 7 days a week
And tell me again why my fridge will be on a public IP, rather than the 192.168.1.xxx address my Best Buy $49.99 Linksys router will give it?
Your's will probably be on a private address. But as it has 100% uptime, it will be constantly connected to the web, which will cause your router to stay connect almost 24h (except, when the ISP forcefully reset the connection and forces a DHCP renewal), which in turn makes that your router will constantly hold and never let go its public IP adress (except for an occasional DHCP renewal). Netword connected appliances that periodically phone home already aren't unheard of (gaming console checking for firmware upgrades, media player checking DRM licenses, multimedia systems downloading various data such as news, meteo and/or TV guides, etc.).
And they dangerously bring the "amount of simultaneously connected users" close to the "total amount of subscribers".
Even better, explain to me why I, as Joe Sixpack will *need* my fridge on a public IP where every flaw and exploit will be passed directly to it, rather than dropped at the NAT box?
It's not about the need. It's about the fact that it's going to be anyway, and thousands of "shiny" features are going to be added afterwards. (And will inevitably end up exploited in every possible way as you are justly afraid).
People are currently already enjoying the ability to connect to their home tivo-like setup to remotely program recording, to be able to share data from their home computer (not as in "I'm geek and I have a nice home built Linux file server", but as in "I have a Mac and leave it on 100% of time, because thank iAirSomething, I can access my home photo at work to show them to my colleagues"). The imaginary future internet enabled fridge will probably be able to automatically generate a list of groceries. And Joe-6-pack will love to be able to log to his fridge (using some secure password as "joe" "beer" or "123456") to check how much six-packs he needs to buy on the way home.
Or why a college or university needs to put every last workstation, printer, AP, and toaster on a public IP address?
Lots of tools used in academia are old and date back before the age when NATs became pervasive. Internet was never designed with NATs in mind in the first place. At that time, it was just about a few academia linked together on the same network as some military. Back then it simply made sense to put everyone (of the few thousands of computers) on the same net because that was the way it was designed. Nobody was thinking that 20 years down the line not only everyone would have an internet connected computer, but everyone would even have 20-something online appliances at home AND AT THE SAME TIME still use a deprecated addressing scheme designed at a time when the net was just about a thousand of computers spread over twenty faculties all talking together.
What happened is that the same designs remained in the same place, simply more computers were appended to the same old network. Every decade maybe cables were upgraded, but nobody bothered changing the topology of the network.
Also, lots of (old and not so old) networked application require both ends to be visible to each other and sitting on the same net (lots of old-school unix phone apps, or even recent VoIP systems simply start listening on local ports and assume that, wherever the user is).
People are still using them and still need to be able to quickly setup a connection between the relevant computers. Which may now be in separated buildings and/or departments.
NAT exists because NAT works. No, it is not the be all end all for any perceived IPv4 woes, but there is a metric assload of stuff out there with a public IP that either should be, or desperately NEEDS to be on a 10.xxx.xxx.xxx netwo
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I don't keep spam in my fridge or pantry now, why would I want the store to put it there?
Will somebody PLEASE tell the Chinese about NAT!
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
When I get to that Internet I'm gonna click on just about everything in sight. 'Might even click on a pop-up ad just for the heck of it.
Have you driven a fnord... lately?
You must wait a little bit before using this resource; please try again later.
...allegedly shows China's intentions to eradicate anonymity on the Internet to bring dissidents into line.
http://news.cnet.com/8301-13578_3-10040152-38.html
They are joining the IETF to accomplish this, and interestingly the USA is pursuing the same goal at the IETF re: anonymity (though not naming dissidents).
It is in neither governments' interest to keep IPV4 and the practice of NATing around. Security theater may push applications on an IPV6 Internet to increasingly reject users at NAT'ed, re-used IPs.
Have your fridge respond to SNMP queries and return temperature, power consumption, and so on.
A monitoring system could record and make sense of this data to optimise power consumption and so on.
Seriously, that's not the point. Everybody does that, because that's what you have to do; but trust me, for having dealt with the low level stuff of VoIP, this is a major pain in the ass. And that DHCP server is a major spof. Pof pof.
There is no upgrade path to IPv6. As you just implied, it "just" takes everybody switching ... and it doesn't make sense for anyone to switch until then. So nobody does.
China is all behind a firewall anyway, so they could just allocate from 10.0.0.0/24.
I've been using IPv6 since about 2001, but after the BT Exact Tunnel Broker stopped, I was lost as to where I could get access from. I signed up with Sixxs, but they have rather tight (anal, some would say) policies. They'll give you access, etc, but a single bounced/rejected email, and they disable your account. http://www.sixxs.net/faq/account/?faq=bounces.
Then I gave Hurricane Electric's Tunnel Broker a try. What a breath of fresh air. It takes about 2 mins from sign-up to being connected - they give you the relevant commands to run too, if you're not familiar with it. If you've got 2 mins to try it out, give them a go.
And Slashdot - how can you be one of the top tech sites, and not be accessible over Ipv6? And throw in SSL too, while you're joining the 21st century.
Get your own free personal location tracker
Wouldn't it be possible to use a DNS record to specify the port of a particular instance of a service? (I think this is what an SRV record can do; correct me I'm wrong.) Just a thought, I could see it making things uglier too.
Saying "I'll probably get modded down for this" in a post is the best way to get it modded up.
Using base64 to encode a 128-bit address would only reduce it to 22 digits.
Now if you were fluent in Japanese and could reliably differentiate all 2000 jouyou kanji you'd be up to 11-bits per digit and the address could be represented with a mere 12 characters ;)
The standard terms for residential service plans already restrict "running a server".
That's only standard in the third world.
As I understand it, TOS restrictions on home servers are standard in the United States, home of Slashdot. I can cite the policies of major U.S. home ISPs, such as Verizon and Comcast, if you want. So does that make Slashdot a third-world web site?
There will be 2 more years until we run out of IPs and about 4 more years if we use big corporations IPs.
2008 + 4 = 2012 = end of the world
I guess the mayans were right after all...
Okay, I'm a little sick of seeing this argument.
Network/port address translation is /not/ a security system. It is /not/.
A NAT box is two things: an address translation system, and a /router/. The router is just the same as any other router - if you send it a packet with a destination address that it knows how to route, it will forward it along to that destination, regardless of any NAT rules you might have in place. If you send it a packet addressed to 192.168.1.23 from the public side, and that address is routable as far as the NAT box is concerned, /it will forward it on/. I could sit on the public side of that NAT box and spam it with connection requests on common ports (443? 22? 13[789]?) - ~65000 packets could map out the contents of the NATed network without ever hitting the NAT rules. NAT would have supplied /zero/ security, even through obscurity.
In order to provide security the NAT box has to refuse to forward those packets, unless they meet one of the NAT rules. Oh, look - it's suddenly become a /firewall/.
Now change that scenario to an IPv6 router: you could indeed set it up such that anyone outside could send anything they wanted into the site network, but that would be the same as the NAT box. Alternatively, you could set it up to block incoming traffic unless it matches certain rules - a firewall, and in fact /exactly the same/ firewall as existed on the NAT box. The only difference is that the machines behind the IPv6 firewall are publically addressable, meaning that they can be used for /anything/ a public Internet host can, assuming they're granted permission by the firewall. No futzing around with DNAT and non-standard ports, just simple, reliable operation, exactly the way the Internet was originally designed.
/Now/ do you see why people keep saying that NAT has nothing to do with security? Any security you get from sitting behind a NAT box is entirely due to the firewall that is almost always implemented alongside the NAT. And /that/ can be replicated on the non-NATed network, without replicating the management headaches that NAT introduces.
</rant>
Now that I've got that off my chest, I'll concede that it's rather more difficult to get an rfc1918 address across the public Internet to your NAT box than it is to get a publically routable IPv6 address there (modulo the limited IPv6 availability, of course). That said, with the increasing prevalence of wireless networking it's becoming easier and easier, and even without that it's possible that rfc1918 addresses won't be dropped by intervening routers (ironically, increasing use of NAT will likely make that more of an issue, as companies demand the ability to route their NATed traffic across semi-public WANs). So, although there /are/ some valid arguments that NAT combined with rfc1918 addressing provides significant security benefits, they're not as great as people generally like to think, and they're a lot less reliable than a firewall which doesn't make /any/ assumptions about address routability.
himi
My very own DeCSS mirror.
... should free some IP ranges
To introduce the Great NAT of China !!
HA my router doesn't even have a power button!
Semi-automatic amateur armchair Australian philosopher; conjecture ready at any moment...
Using NAT is incredibly short-sighted. NAT only works to grow existing client networks by a factor of maybe 100. It can't be used for new services, because those services must be directly addressable; I don't see anyone wanting their URL to be http://my.stupid.business:3431/. It can't be used for new networks, because you can't use NAT if you don't already have some routable addresses. It won't support new ways to exploit connectivity, or developing regions and economies.
But of course, it will happen, because NAT is cheap and quick and easy and there's plenty of people who are happy to use a solution that will give them enough to get by another year.
how do you explain all of the commercials I see from Time Warner touting how 'superior' Roadrunner is for gaming?
Because some of the most popular games, such as World of Warcraft, use a dedicated server operated by the publisher.
Why is that email marketing companies get so many ipv4 addresses? ISP's have a hard time getting a /22 while some email marketing companies use up /18's and more. They only need a single IP Address, they just like lots to help get past blacklists.
You're right, things in the home don't generally support IPv6 yet. But in enterprise and universities, I think we're in a different boat: and I think we, especially those of us who work on university networks (which I do), should start doing preparations to set sail.
-bugg
Some ISPs already do oversell their DHCP pool; many of these operate WiFis in airport lounges, cafès, hotel common areas and the like, where individual devices are only connected transiently.
SOHO routers should sleep on idle. Most don't. This is a bug. If there is nothing generating traffic, and nothing in the ARP cache, the router should enter a low power mode.
Since most of these routers are controlled by the ISP, and consume a few watts of power, it is grossly unfair to their customers (and their non customers in the area) that they do not implement a sleep-on-idle/wake-on-activity-or-administrative-access-from-ISP-side.
The idle timer need not be aggressive, precisely because people do suspend or turn off computers when they go to work or school or out shopping, etc.
it isn't strange at all. how does it follow then that they're not making use of this address space? who wrote the law that says you have to host your webserver inside of IP space you on, and who wrote the logic that makes that necessitates under"utilization" (I hate the word utilize; see dictionary.com)? it was probably a guy by the name of N. Sequitir.