Slashdot Mirror

← Back to Stories (view on slashdot.org)

China To Run Out of IPv4 Addresses In 830 Days

Posted by CmdrTaco on from the blame-canada dept.

JagsLive writes "China is running out of IP addresses unless it makes the switch to IPv6. According to the China Internet Network Information Center, under the current allocation speed, China's IPv4 address resources can only meet the demand of 830 more days and if no proper measures are taken by then, new Chinese netizens will not be able to gain normal access to the Internet. Li Kai, director in charge of the IP business for CNNIC's international department, says that if a netizen wants to get access to the Internet, an IP address will be necessary to analyze the domain name and view the pages. At present, most of the networks in China use IPv4 addresses. As a basic resource for the Internet, the IPv4 addresses are limited and 80% of the final allocation IP addresses have been used."

5 of 619 comments (clear)

  1. What is the point in having a public IP address by jeffmeden · · Score: 5, Insightful

    When your WHOLE COUNTRY is behind a firewall? NAT the hell out of that! Flatten it to a /8 network in 10.0.0.0 and put it all behind one public IP. Problem solved!

  2. Netizen? by Anonymous Coward · · Score: 5, Insightful

    Netizen is really stupid word, we really don't need more buzzwords.

  3. China will be first to use IPv6 by QuoteMstr · · Score: 5, Insightful

    I predict that we'll see China begin to use IPv6 addresses before most other people. Why?

    • Extreme scarcity of IPv4 addresses: China gained internet access well after the era of enourmously wasteful address assignment ended.
    • The great firewall is always set up as a traffic relay. Not only does it provide a natural point to set up an IPv6->IPv4 NAT gateway, but running IPv6 internally makes it that much more difficult for dissidents to bypass the firewall.
    • China's strong central state would allow mandating of IPv6 and near-instantaneous implementation.
    • Chinese sites are accessed by relatively few non-Chinese. Therefore, the penalty for running an IPv6-only site inside China would not be very great.

    Granted, I'm no fan of China's human rights policies. But it definitely has an advantage in terms of adopting IPv6. Hopefully, when China switches protocols, it'll catalyze the rest of the world to do so as well.

  4. Re:830 days? China? by mollymoo · · Score: 5, Insightful

    If 25 companies (are there even that many with /8s?) gave back their entire allocation, that would still only add 10% to the pool. That might buy a little time (a year, if we're at 80% and have two years left), but it's hardly going to solve the problem.

    --
    Chernobyl 'not a wildlife haven' - BBC News
  5. NAT is not a solution by QuoteMstr · · Score: 5, Insightful

    NAT is not a solution. It's a huge, gigantic clusterfuck of a problem. Some people only started their careers after NAT was widespread, so they can't imagine how wonderful the world is without it. The internet is much simpler when you can assume that all nodes can directly address all other nodes.

    Look: this is what we've done.

    In the beginning, each endpoint of a TCP (or UDP) connection looked like this:

    [octet][octet][octet][octet][16-bit port]
    [(------- host-------------)(--service--)

    Each octet was routed hierarchically, and the port acted as an additional level of routing within a single node.

    With CIDR, the model moved to this:

    [32-bit opaque address][16-bit port]
    (-------host----------)(--service--)

    This change didn't hurt anything, aside from an increase in router complexity. Allowed the 32-bit address space to be used much more efficiently.

    Now with the IP address shortage, the situation looks like this:

    [48-bit address]
    (----?---------)

    Note how we've lost the distinction between host and service and smushed them all together into one huge opaque number. We've caused ourself lots of problems with this:

    1. One can no longer tell which service is being used based on part of an endpoint address (i.e., the port.). Firewalls, proxies, and so on become much more complicated.
    2. Only part of the endpoint address is provided by DNS. (I'm ignoring SVR records, which nobody uses.) Thus, part of the address needs to be hardcoded:
      • Every damn piece of software has to have a knob to control what port to use.
      • When software is too much trouble to configure, we use hardcoded port-parts. Consider SMTP and HTTP. When the port-portion of the big smushed address is hardcoded, Herculean efforts have to be made to route these services through NAT. Good luck if you want to run more than one SMTP server behind a given NAT gateway.
    3. 48 bits still isn't enough to satisfy growing demand. What happens when you can't address the endpoint you want even if you use all the address bits and all the port bits? Do we start piling on in-band multiplexing? Should every protocol necessitate something like HTTP 1.1's host header?
    4. Getting a publicly-routable endpoint address involves talked to one or more routers, which may or may not allocate a port for you. And this portion of the endpoint address is highly dynamic.
    5. Because of the last reason, protocols that involve callbacks are complicated. FTP, for example, made perfect sense in the days before NAT. Now, it's viewed as a problematic pain in the ass that always needs special NAT rules and connection tracking to accommodate it.

    These days, instead of saying "connect to mydomain.foo.cx", for example, you have to say "connect to mydomain.foo.cx at port 12345". That's out of band address information, and should never be needed. Imagine if DNS only gave you the first three octets an IP address, and every application requires you type in the last one in manually. That's what the world is like today!