Slashdot Mirror
Millions of Internet Addresses Are Lying Idle
An anonymous reader writes "The most comprehensive scan of the entire internet for several decades shows that millions of allocated addresses simply aren't being used. Professor John Heidemann from the University of Southern California (USC) used ICMP and TCP to scan the internet. Even though the last IPv4 addresses will be handed out in a couple of years, his survey reveals that many of the addresses allocated to big companies and institutions are lying idle. Heidemann says: 'People are very concerned that the IPv4 address space is very close to being exhausted. Our data suggests that maybe there are better things we should be doing in managing the IPv4 address space.' So, is it time to reclaim those unused addresses before the IPv6 crunch?"
We get this all the time from our ISP's. "Our scans reveal that you're not using much of the space we've allocated to you." In reality, those IP's are behind firewalls that only permit certain customers to reach them. Otherwise they don't respond - even to pings. The IP's appear dead to everyone except authorized users, and our ISP's aren't authorized.
Yup, I work for one of them, GE - the entire "3.x" class-A network, 16million addresses - most of our internal network is those 3.x addresses, behind firewalls so basically useless - and even better, I pinged a few external GE sites I know of, and none of them even use 3.x addresses!!
maybe 500K employee's & contractors, even add 500K more for servers and unallocated IP's in the ranges, that's still 15*million* unused. Besides which, we could easily run on 10.x internal networking and NAT/Proxy to outside.
Don't be in a hurry to get them back though... its not a priority! (haha)
http://www.grammarmudge.cityslide.com/articles/article/992333/8992.htm
http://www.askoxford.com/betterwriting/classicerrors/grammartips/lyingandlaying
If you are in the process of putting something down, you are laying it down, but that object once it is there, it is lying. The verb lay has a direct object that the action is performed on. He is laying the book credenza. She is laying her purse on the counter. Once it has been laid, it is now lying. The book is lying on the credenza. The purse is lying on the counter. IP addresses are lying unused.
http://en.wikipedia.org/wiki/Laying
I read Slashdot for the headlines, because the headlines, unlike the articles, are usually original and never duplicated
Quite right, there's no reason whatsoever why 98% of users shouldn't be behind NAT gateways. I've seen stupid situations where bloody printers are assigned a public IP - so people can print to them over the internet - Whaaat??? Furthermore pretty much all VPN client software (excluding Microsoft shite, of course) is NAT-T aware.
One other point, not related to the above, TFA states they are using icmp to determine if a host is alive. Really? What is the margin for error here? Pretty much every device I configure with a public IP & connected to the net, will not respond to icmp (except from designated hosts/host blocks) Guess we can take their figures with a pinch of salt then.
If I had an Ass, I'd call it Fanny Bottom, then I could slap my Ass; Fanny Bottom, on the Arse.
I drop ICMP entirely
Then you're an idiot who has no business managing a firewall.
If you're like most of us, all your devices at home are living behind NAT. There's no reason they can't keep living in an ipv4 private network behind an ipv6 router.
NAT is a hack, not a firewall.
The government can't save you.
You forgot the real reason.
IPv6 numbers are damn hard to remember.
Seriously, what's easier?
192.168.0.1 or
2001:0db8:85a3:0000:0000:8a2e:0370:7334
There are two types of people in the world: Those who crave closure
Its already well defined, there is no need for anyone to 'agree' on it, it was agreed on years ago.
You are confusing NAT and PAT. I seriously doubt you use NAT anywhere. You are likely refering to PAT, NAT just translates addresses from one to another, a one to one mapping, one address external is used by one address internal. What you are used to using is PAT, with is Port and Address translation, which allows for one external address and many internal addresses.
NATing between IPv6 and IPv4 is well defined and not difficult to do, there are already plenty of cheapy boxes for home use that do it. Hell mine will even setup an IPv6 Tunnel to someplace like he.net.
PAT on the other hand is something no one cares about because the ridiculous amount of IPv6 addresses means we can just give EVERYONE a /64 and they can use REAL NAT rather than PAT to get the job done.
Finally, part of the IPv6 protocol requires support for making IPv4 address space available over IPv6. Practically any router on the planet which supports both IPv4 and IPv6 will have the support to deal with both and bridge between them.
So your statement is incorrect in that NAT is supported by pretty much every router that supports IPv6, what you are thinking of is not NAT, its PAT which no one in the IPv6 world cares about since its an old hack that doesn't need to exist in the new world of IPv6. Because of that, no routers are going to bother supporting it.
For reference, since the defacto standard at the moment appears to be giving individual users a /64 block, From: http://en.linuxreviews.org/Why_you_want_IPv6
Basically, we can not possibly exhaust this address space on the planet earth, there simply isn't enough matter on the planet to do so, and adding the matter required to do so would result in a gravitaional singularity forming as the matter collapsed onto itself. So ... there is no actual NEED to do it with IPv6.
If you wanted to pick something to worry about, it would probably be the lack of stateful firewalling in those home/cheapie routers which the NATs of today effectively provide a outbound only initiation of connections, with IPv6 and the fact that cheapie routers aren't firewalling by default, we'll end up with a lot more machines fully exposed to the Internet by default.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
You're missing the fact that an IPv6 /64 is what a home user gets, not the total address space. The IPv6 address space is 128 bits, meaning you get 2^64 blocks of 2^64 addresses.
Meaning every square millimeter of the earths surface can be assigned approximately 667 quadrillion unique addresses. With your math, I personally can assign every 0.29cm^2 of the Earth an address out of my block alone.
Please see:
http://en.linuxreviews.org/Why_you_want_IPv6
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
I'm not confusing NAT and PAT. There was a nice writeup at ars technica recently about the IETF's efforts to define a v6/v4 NAT - http://arstechnica.com/news.ars/post/20081006-ietf-working-on-making-ipv6-and-ipv4-talk-to-each-other.html