IPv4 Address Use In 2008

An anonymous reader writes "The world used 197 million new IPv4 addresses in 2008, leaving 926 million addresses still available. The US remains the biggest user of new addresses, but China is catching up quickly. Quoting Ars Technica: 'A possible explanation could be that the big player(s) in some countries are executing a "run on the bank" and trying to get IPv4 addresses while the getting is good, while those in other countries are working on more NAT (Network Address Translation) and other address conservation techniques in anticipation of the depletion of the IPv4 address reserves a few years from now. In both cases, adding some IPv6 to the mix would be helpful. Even though last year the number of IPv6 addresses given out increased by almost a factor eight over 2007, the total amount of IPv6 address space in use is just 0.027 percent.'"

ipv6 increases by a factor of almost 8.

[PhrostyMcByte]

great, so now we're at 8 IPv6 sites, all of which are tunnel brokers!

Re:ipv6 increases by a factor of almost 8.

[Gazzonyx]

great, so now we're at 8 IPv6 sites, all of which are tunnel brokers!

Which, ironically, doesn't work well with NAT. That'll play out nicely when we're out of IPv4 addresses.

How many here think ISPs will try to use NAT to get around IPv4 exhaustion, effectively killing the very brokers we're trying to use as a means to avoid the very same problem?

Re:ipv6 increases by a factor of almost 8.

[paul248]

When the crunch comes, any ISP that isn't batshit insane will be deploying native IPv6 alongside their NAT.

Re:ipv6 increases by a factor of almost 8.

[LordKaT]

What ISP isn't batshit insane in the US?

Re:ipv6 increases by a factor of almost 8.

[Shikaku]

I'll tell you when I post from said ISP.

Re:ipv6 increases by a factor of almost 8.

[skifun20]

Airlogic Internet Services! I'm part of them! and we rock. we provide the best service we can and deal with our customers problems. only problem we have is that we only service places where you cant get crapcast and at&t because they don't want to spend the money to run cable to the sticks. :) honestly I cant wait for IPv6 I'm kinda tired of having to ask the boss for more ip's when I want to put up a new game server in the basement of our COLO. Hurray 250Mbs fiber connection WOOT! ;)

Re:ipv6 increases by a factor of almost 8.

[nonewmsgs]

dammit comcast is screwming me over again and i just realized. airlogic please fiber me.

Re:ipv6 increases by a factor of almost 8.

[Opportunist]

Why not? Because people will run to their competing companies when they are locked in behind NAT?

What competition?

Re:ipv6 increases by a factor of almost 8.

Speakeasy, though it's impossible to feel entirely comfortable with them now that Best Buy owns them. No sign of interference yet, but you never know...

Re:ipv6 increases by a factor of almost 8.

No, what's batshit insane is enabling IPv6 on routers that process switch that traffic (Hi Cisco!). A successful IPv6 deployment is going to mean a forklift upgrade for lots of companies. In this capital environment, it ain't gonna happen for a long time.

Re:ipv6 increases by a factor of almost 8.

[wcb4]

Just outta curiosity, what country are you in? I know that the state of broadband here in the US is deplorable, just checking out what country I should be looking for real estate in ;-)

Re:ipv6 increases by a factor of almost 8.

[Belial6]

I wouldn't mind seeing some of that here in Santa Rosa, CA. AT&T just informed me that they will not sell me internet access because the second unit on this property has one of their competitors as their ISP. If I get the other unit to cancel their internet, then they will sell me a fiber connection. They graciously informed me of this by standing me up for the install time and making me sit on hold for half an hour before telling me that they had decided not to show up 3 days earlier, and just didn't bother to let me know that I didn't have to be home waiting for them in the middle of a business day.

Re:ipv6 increases by a factor of almost 8.

[skifun20]

Aww, damn at&t they really are pathetic. anyway. I'd love to be in other states, but unfortunately we are small underdogs, and currently only service parts of Illinois. I keep pestering my boss to expand to other states, (and ya know, have me move out there to head the whole thing) but no. alas, one day maybe. take care all and check out our website www.airlogic.net Peace!

Re:ipv6 increases by a factor of almost 8.

[Cajal]

Actually, there are over 1,000 IPv6-reachable websites. See http://sixy.ch/ for a list.

0.027%

[Ant+P.]

the total amount of IPv6 address space in use is just 0.027 percent

So how many is that, in quadrillions?

Re:0.027%

[Roguelazer]

Yeah, that seemed a little unlikely to me as well. There are 2**128 addresses in IPv6. Even assuming that all of these were allocated in 64-bit subnets (fairly common), that's still 5*10**15 subnets. Which is a hugely ridiculous amount, many times larger than the IPv4 Internet. Something's fishy about this number...

Re:0.027%

[Bacon+Bits]

I thought they were only handing out live IPv6 addresses that were compatible with IPv4? That is 0:0:0:0:0:0:127.0.0.1 or ::127.0.0.1.

Re:0.027%

[mrcaseyj]

I think what was meant was that of all the addresses in use .027% are IPv6 addresses and the other 99.973% are IPv4.

Re:0.027%

[TBoon]

Given that 0.027% of 3.4x10^38 is around 10^34, I assume that they mean 0.027% compared to the usage of IPv4, which comes out to around 1 million.

Re:0.027%

[viyh]

No, they probably mean "allocated", instead of actually "used" like they said. Many companies have already grabbed large IPv6 blocks but they are hardly in use at all.

Re:0.027%

[McGiraf]

wow, finally!

In other news .027% of slashdotters can understand what they read.

Re:0.027%

[paul248]

In general, the first half (64 bits) of the address identifies a subnet, and the last half is a host ID.

A typical end-user should get an allocation between a /48 and a /64. ISPs are typically given allocations in blocks of /32.

0.027% of the space is somewhere around a million /32's.

Re:0.027%

[bugg]

In general? AFAIK there are no exceptions. Am I wrong?

Re:0.027%

[ion.simon.c]

My IPv6 addresses say no.

Re:0.027%

[ion.simon.c]

You *are* wrong.

* Ability to get your own /48 prefix once your tunnel is up
Via: http://tunnelbroker.net/

Re:0.027%

[Peristarkawan]

Nope. Try following the link in the actual article: "IPv6 address space given out: 143645.78 /32s in 3090 blocks out of 536870912 possible /32s in the currently defined global unicast space (2000::/3) = 0.027%."

Re:0.027%

You mean, .027% of slashdot submitters can express themselves properly.

Re:0.027%

[swillden]

Even assuming that all of these were allocated in 64-bit subnets (fairly common), that's still 5*10**15 subnets.

They're often handed out in /48 subnets -- go over to tunnelbroker.net right now and you can get five /48s and 10 /64s just for the asking.

Still, though, that doesn't change your point. That would still mean that 76 *billion* IPv6 /48 subnets have already been allocated.

However, those /48s are not allocated by ICANN. They allocate larger blocks, and at the moment I'll bet they're handing out /96s. There are four billion /96 subnets, so that's a reasonable thing to do. 0.027% translates to a little over a million /96s, which is also too much, but perhaps if you count the /112s that are pre-allocated for link-local, unique-local, multicast and IPv4-transition addresses, or perhaps if you look ONLY at the 2001::/112 space (which, AFAIK, is the only part currently used as Internet-routable), then the 0.027% could make sense.

BTW, if anyone thinks it's wasteful to allocate /48s to individuals, since a /48 contains 10^24 addresses, you have to keep in mind that if there were 10 billion people on the planet, there are enough /48s that everyone individual could have over 28,0000 /48s.

If there's anything "wasteful" in IPv6-land, it was the decision to use 128-bit addresses in the first place. 2^128 is an unbelievably big number. 64 bits would have been plenty to ensure that we never need another address space as long as we're confined to a single solar system. In actuality, though, IPv6 has a 64-bit address space. The other 64 bits are used to make stateless autoconfiguration work, to eliminate the need for DHCP (and it's really cool -- MUCH faster and cleaner than DHCP).

Re:0.027%

[swillden]

Umm, I'm not fully awake.

s/\/112/\/16/g and s/\/96/\/32/g

Re:0.027%

[petermgreen]

Even assuming that all of these were allocated in 64-bit subnets (fairly common), that's still 5*10**15 subnets. Which is a hugely ridiculous amount,
True, but your assumptions seem to have little to do with reality. The registries don't allocate /64s they allocate /32s which are than suballocated by ISPs (usually as a /64 , a /48 or sometimes something in between)

If you actually follow the source of that number you find the following statement.

IPv6 address space given out: 143645.78 /32s in 3090 blocks out of 536870912 possible /32s in the currently defined global unicast space (2000::/3) = 0.027%

Those numbers seem belivable to me. IIRC most allocations are /32 but a few isps have somehow got allocated much bigger blocks to allow them to use 6to4rd (which is incrediablly wastefull of address space).

Re:0.027%

Those were IPv4-Compatible Addresses, which have been deprecated and replaced by IPv4-Mapped Addresses, such as ffff::127.0.0.1.

These addresses are never used over a network, and are only used to specify an IPv4 address in an IPv6 application.

Also, 6to4 creates a public /48 subnet for every IPv4 subnet.

Re:0.027%

Those were IPv4-Compatible Addresses, which have been deprecated and replaced by IPv4-Mapped Addresses, such as ffff::127.0.0.1.

My bad. It is ::ffff:127.0.0.1, not ffff::127.0.0.1.

Re:0.027%

0:0:0:0 = ::

Re:0.027%

[bugg]

I don't think this contradicts anything - you are allocated a /48 prefix, but that gives you 16 bits for subnets and 64 bits for hosts in each subnet you create. The idea is you have 64 bits for the host and, if you're working within 1 /48, 16 bits for the network identifier. This lets people move subnets more easily (as only the prefix would need to change) and simplifies routing tables.

I never asserted that allocations were only /64s - that would be crazy and very obviously wrong - but I do believe that hosts are always 64 bits. Wikipedia for Subnetwork seems to state that you can subnet further, but you'll tend to run into problems because of the stateless autoconfiguration features - which are a core part of IPv6 - requiring a /64 bit prefix for the network.

Re:0.027%

[ion.simon.c]

Your assertion that host addresses are always 64 bits may be correct. My grasp of the subject matter is *very* weak. However, I daresay that you can have a IPV6 host that's been generated from even a /128 assigment. All the subnet stuff is for is to manage routing between groups of hosts (or even single hosts in our /128 example), right? Stateless autoconfig won't work, but we *do* have DHCPv6.

Re:there's plenty of address space

[mrcaseyj]

The ISPs don't care if the IPv4 addresses run out. They like it because then they'll be able to start charging extra for IPv4 and IPv6 addresses whereas they've been just giving them out for free. NAT also cuts their traffic costs because it keeps customers from running servers.

Artificially Increase Demand

[nathan.fulton]

Instead of waiting for demand to outstrip supply, the IANA should artificially increase demand by bloating the prices for blocks. This will cause everyone to focus more on IP conservation. Because let's be truthful: IPv6 isn't going to be widely adopted in 5 years unless something changes (and it's best for everyone if that "something" isn't a complete lack of IP Addresses)

Re:Artificially Increase Demand

[knorthern+knight]

If I was an IPV6-hater, I couldn't come up with a better put-down of IPV6... that it's so pitiful that the only way to get quick adoption is to artificially kill the competition. Sounds like a Microsoft tactic.

I'm neutral on IPV6; when it becomes necessary, I'll switch. I'm running linux, which is ready for IPV6. We will exhaust IPV4 adress space in a few years, unless ISPs go NWN (Nuts With NAT). Reclaiming /8's from the likes of GE and Compaq (Compaq has 2 /8's; 16 million addresses) may buy another couple of years, but it only delays the inevitable.

Re:Artificially Increase Demand

[MyHair]

Because let's be truthful: IPv6 isn't going to be widely adopted in 5 years unless something changes (and it's best for everyone if that "something" isn't a complete lack of IP Addresses)

It's already enabled by default in Linux distributions and Windows Vista and Server 2008. The major backbones should be able to handle it. Many businesses use proxy and other gateway servers for intranet-to-internet access, so if a company is not ready to migrate the intranet to IPv6 right away they can just put it on their proxy, gateway and public servers.

I'm not saying it will happen, but I don't think the obstacles are technical at this point. I think what needs to change is to put all the porn on IPv6-only servers. Or YouTube, FaceBook, MySpace, etc.. Okay not literally, but either the customers or the service needs to be accessible by IPv6 only before it make sense for everyone to make the effort. I'm guessing it will be forced when governments or militaries have large masses of users on IPv6 and the IPv6-IPv4 gateways start getting overloaded.

Re:Artificially Increase Demand

[A+beautiful+mind]

This will cause everyone to focus more on IP conservation.

...and 6 months later when the IP addresses run out for good, we're back at the old problem. Why not solve the problem properly, instead of degrading much of the Internet with NAT and putting up barriers to growth - especially in the mobile communications sector?

Re:Artificially Increase Demand

I think what needs to change is to put all the porn on IPv6-only servers.

Something similar to that will happen in the not so distant future: ipv6experiment.com.

Re:Artificially Increase Demand

[ion.simon.c]

GODDAMN IT. STOP LINKING THIS!

filter filter filter fodder.
filter filter filter fodder.
filter filter filter fodder.

Re:Artificially Increase Demand

It's already enabled by default in Linux distributions and Windows Vista and Server 2008

Yes, and it's the first thing I disable. There have been many cases where bad/incorrect DNS records for ipv6 cause trouble.

Re:Artificially Increase Demand

[Richard+W.M.+Jones]

RIPE gives away IP addresses for free, so not sure what difference that would make.

My previous comment on the subject shows they're not exactly used efficiently ...

Rich.

Re:Artificially Increase Demand

If I was an IPV6-hater, I couldn't come up with a better put-down of IPV6... that it's so pitiful that the only way to get quick adoption is to artificially kill the competition. Sounds like a Microsoft tactic.

If I were a Microsoft lover, I couldn't come up with a more favorable comparison. IPv6 is the better technology, but it lacks widespread adoption. In your world, Microsoft is the brilliant underdog.

Back in the real world, there is such a thing as the tragedy of the anti-commons. Despite the clear mutual benefit to all parties of IPv6 adoption, there is little benefit to be had from being the first one to do it. This is exactly the kind of problem the IANA exists for.

Re:Artificially Increase Demand

[gbjbaanb]

I'd say the main stumbling block is netgear, belkin et al. Hardly any of them make a home router that is IPv6 capable, so even if my server,my desktop, and my ISP supports IPv6, I still can't use it. (Ok, there's teredo and other gateways, but they're not what we really need or want)

If I had a IPv6-capable router, then it'd be a totally different story. I think we either need some pressure brought to bear on the router manufacturers, or they need to get wise to the idea that making their new models IPv6 capable will be a good marketing point, I'd buy one because I know the difference, the man of the street would buy one because, well, who wants an old v4 model when you can have a v6 one :)

Re:Artificially Increase Demand

[fast+turtle]

Most of TW/RR is already using NAT and one of the unroutable blocks of IP's. All they have to do is divide their network into even smaller subnets (we're already seeing this in high demand areas) **Appearently I'm special/lucky as I've got a routable IP - might be due to VOIP product and low demand here**.

Combine this with Harvard/MIT/Stanford/UC/CSU and other universities selling off parts of their "A" class ip's for major profit and I doubt we'll be running out of availble addresses for at least another 20 years.

The only thing which will push IP6 implementation will be government regulation/requirements to includes a Unique ID for every device based on the unit MAC address. An easy way for the government to force the change is to require all of the manufacturers to disable IP4 support in the NIC unless it's for Government/Military Use.

Re:Artificially Increase Demand

"Compaq has 2 /8's"

Ummm, that's nice - how many does HP have?

Given that HP bought Compaq almost 7 years ago,
it's probably the more relevant question. Oh, and
at least one of those (16.xxx) was DEC's in the
Good Old Days...

And, just because you can't see those networks from the
outside world, doesn't mean that the addresses aren't allocated internally.

Re:Artificially Increase Demand

[XanC]

Check for your hardware on OpenWRT's compatability table. An IPv6 router is a flash away!

Re:Artificially Increase Demand

[slash.duncan]

Actually, a good share of the home/SOHO level routers are (or can be, user loaded firmware, if they aren't from the factory) Linux based now days, and can easily run IPv6 enabled firmware since Linux has been IPv6 capable for years. Of course all the -WRT compatible routers such as my Linksys WRT54GL (which I upgraded to OpenWRT shortly after I plugged it in) are in that category, and there's a number of them around. The wireless-N based routers aren't as open yet, AFAIK, but that's very likely to change given a couple years, and we have that anyway, before the IPv4 IP shortage hits.

So while few ship with IPv6 at this point, it's certainly not because they can't. It's simply that the demand isn't there for it yet. For those who want/need it, there are and have been for sometime user-load firmware options with IPv6 enabled. Yes, at this point that requires somewhat over the average geek quotient, but then again, so does worrying about IPv6 at this point. The average user doesn't care, as long as it works. (Heh, they don't even care if it's wide open to the world and being used to spam or DDoS or whatever, as long as it still works for them, so why would they care about IPv4 vs. IPv6? Making the Internet work is what they pay the ISP for!)

I do still have IPv6 still disabled here, but just as I prepared for some time to switch to Linux while ensuring I was buying all Linux compatible hardware, and then switched and became a functional Linux power user in a matter of three months (including learning the kernel config system and how to compile my own kernel, and configuring by hand a triple-head X setup), when I'm ready to switch to IPv6, I expect I'll have it done in a week or so. (Present status, computers and router are hardware-ready, the modem is waiting for IPv6 compatible DOCSIS 3 modems to be available here in the US, and I don't know the status on my VoIP adapter, except that I ensured both it and my VoIP provider are SIP standard compliant so I can switch out VoIP hardware or provider if I find it necessary to do so.)

Re:Artificially Increase Demand

[rubah]

I dunno, if we saw something like the television switchover in the US where a large body [government or not] would foot the bill for the change, it could happen very quickly.

It's all a matter of someone up there wanting to make it happen instead of just ignoring it.

Re:Artificially Increase Demand

[Cajal]

It's already enabled by default in Linux distributions

That doesn't mean that every (or even most) of the apps that come with your distro handle IPv6, or that there aren't bugs with those that do. There's still a lot of software bugs to fix.

Re:Artificially Increase Demand

>it only delays the inevitable.

But why prolong the pain if disaster is better to strike now once for all?

Re:Artificially Increase Demand

[FireFury03]

I don't think the obstacles are technical at this point.

Yes and no. Whilst most software is probably happy with IPv6 (although certainly not all software, by a long shot), to my knowledge there are no home-user grade routers which do IPv6. So not only will all the home users have to upgrade their DSL routers, but there is still nothing for them to upgrade *to*.

The other big problems are:
1. Very few ISPs will actually provide their end-users with a native IPv6 connection, whether or not their core network supports it. I actually migrated away from the ISP I was using (PlusNet) after asking them what their plans for rolling out IPv6 were and they replied saying they weren't going to do it in the foreseeable future.
2. The chances of getting IPv6 server hosting are much better than an IPv6 home internet connection, but there are still a lot of data centres who don't provide it.
3. With next to no end-users on IPv6 there is little incentive for server owners to add IPv6 support to their servers (which may involve changing data centre).
4. With next to no servers on IPv6 (and practically zero that are *only* on IPv6), there is little incentive for ISPs and home-router vendors to support IPv6.

I think what needs to change is to put all the porn on IPv6-only servers.

http://www.geekzone.co.nz/LennonNZ/2650

Or YouTube, FaceBook, MySpace, etc..

Making any service IPv6-only is pretty much suicide. Especially for something like MySpace - do you actually expect a MySpace user to even know what IPv6 is, let alone how to get it?

I'm a big supporter of IPv6, but with the current state of affairs I'm not sure how the migration can proceed until IPv4 addresses run out. My prediction of how things will go is:

1. Most ISPs, end-users and server owners will continue to go on the IPv4 course.
2. There will be a big Y2K-style "oh crap, the sky is falling" moment just before (or maybe just after) the IPv4 addresses run out.
3. ISPs will set up a stop-gap solution of handing out RFC1918 addresses to their customers and doing NAT within their networks (this will spectacularly break lots of stuff)
4. Server owners and datacentres will start running proxy servers in front of the web servers in order to reduce the number of machines requiring globally scoped IP addresses.

Whether or not IPv6 adoption accelerates after the IPv4 addresses run out is a bit of an open-question. To some extent, I expect a lot of ISPs to NAT their customers' internet connections for a long time. Migrating everything to IPv6 over the course of many years would, of course, be much cheaper than waiting until crunch-time, but sadly most people ignore the long-term view.

A few years ago I was working in the phone industry, and was quite stunned to discover that telcos are generally upgrading their SS7 infrastructure to IMS on IPv4 - spending millions on upgrading their old networks to run on an already obsolete protocol. Seems like crazyness to me, especially since IMS has been designed to run on IPv6 since day one.

Why are they still available?

What's to prevent someone from buying them all and charging more later?

An open market for IPv4 addresses would solve the 'depletion' problem by encouraging the most wasteful users to sell their addresses.

Re:Why are they still available?

[Wesley+Felter]

What's to prevent someone from buying them all and charging more later?

You can only get addresses if you can demonstrate a legitimate use for them. To get millions of addresses, you'd have to show that you have millions of devices that need them. Also, technically you can't resell addresses.

Re:Why are they still available?

[A+beautiful+mind]

Also, technically you can't resell addresses.

Not just technically. It would be a huge, huge routing problem to do so and the regional registrars would step in to get back the IPs, since they are delegated and not bought or sold.

Re:Why are they still available?

[jabuzz]

Do you want to explain why HP has two class A IP blocks then? Do you honestly think they need them? Or are they just an historical accident from takeovers and mergers?

If you created a market where some of the large class A networks that where allocated for free many years ago could be broken up and sold off for money then I am sure that companies with excess network allocations would put in the effort to make selling them off a viable proposition.

The basic problem at the moment with IP4 is that there is no market. The problem with IP6 is that there are millions of network devices (think printers, wireless access points, etc.) that don't run IP6 and there is no upgrade path (mostly because the device manufacture is not offering a suitable firmware upgrade). This makes the deployment cost high, very disruptive and difficult to justify.

Re:Why are they still available?

[Ed+Avis]

That's just the problem. Let people buy and sell IP addresses freely. You do not have to show a 'legitimate' use to buy oil or gold or land or trademarks. What we have now is a feudal system where space is 'allocated' by the king. Just as that changed to a free market in real property, we need a free market in IP addresses. That would provide the necessary incentive to conserve addresses, and to adopt IPv6 when it becomes necessary.

Re:Why are they still available?

[Lennie]

They were handed out like candy in the old days of the internet and the HP/Compaq (DEC was the part that had the the IP-block) merger/buyout/whatever gave them 2 large blocks. If I'm not mistaken.

Re:Why are they still available?

[Pentium100]

The problem with IP6 is that there are millions of network devices (think printers, wireless access points, etc.) that don't run IP6...

And I see absolutely no reason whatsoever to give my printer a publicly accessible IP address that I would still need to block at my firewall. If IPv6 becomes really necessary to access the internet then I would just use a NAT that allows to access IPv6 network from a IPv4 (my internal) network (read somewhere that this type of NAT is possible).

Re:Why are they still available?

[Keruo]

Your home network is not like all other networks.
There are multiple valid reasons to give printer publicly accessible ip.
Atleast in corporate networks.

Re:Why are they still available?

I don't understand... The IETF specifies a disruptive protocol change with a massivly ineffecient addressing scheme with an address pool way larger than necessary even for an intergalatic federation of plants. (Keep in mind the *average* payload size of packets transiting the network is less than 50 bytes!!)

It prevents humans from having any hope of remembering an address even with the zero compression scheme, encourages routing table fragmentation over time on a grand scale and significantly and unecessarily increases demand on hardware and storage to route and store address related information throughout the network.

Then as they remain puzzled about why nobody cares about IPv6 (disruptive change, less efficient network and no immediate benefit is always a loosing combination) they go off and make rediculous decisions to try and get people to care about their issue such as reclassifying the reserved class E block (1/4 billion addresses) .. ~1/16th of the Internet as private... as if the worlds largest corporations don't already have more than enough private addresses to choose from while the total exhaustion of address space is just right around the corner.

Sometimes I wonder why I even bother to stay on any of the IETF lists.. Between committee nonsense, college kids submitting papers and cranks like Terrell its almost always a waste of time.

Re:Why are they still available?

[jcrousedotcom]

That's why my server and all my workstations at the state agency I work (and am a network admin) for have publicly accessible IP's that are behind a fireware and consequently blocked from public connectivity? Yeah, that makes sense. ;)

Re:Why are they still available?

[volkris]

Um... nothing?

If someone is able to buy all of the addresses and charge more for them later, then the addresses were underpriced to start with and this "scammer" is fixing the situation.

Re:Why are they still available?

[mrbcs]

I wish I had mod points. This is exactly how I feel and I honestly don't think that ipv6 will ever happen. Nat works and will be used by the isps. I've seen it done now first hand.

It's not like cell phones. I may need 3 or 4 phone numbers, but I only "NEED" 1 ip. everything else is natted. I fail to see why this is such a big issue. This whole ipv6 shit will break more than it fixes if it ever gets off the ground. The sky has been falling for ten years now and I think most of us just ignore it now.

It's almost the same as the linux zealots. That shit'll never fly either.

tunnelbroker.net

[XanC]

Get your IPv6 addresses here: Tunnelbroker.net

They've got a ton of presences all over the place, so latency is not too bad. It's really nice to be able to SSH directly to your boxes behind your router. Every address you get contains the square of the IPv4 address space for your own use.

Then bug your ISP to give you native connectivity.

Re:tunnelbroker.net

[sleeponthemic]

I notice on that website their counter for ipv4 addresses still available is far different to that of the one mentioned in TFA. 560 million. Maybe it's just a cheesy flash counter and not based on any facts but it is extremely inaccurate, if so.

Re:tunnelbroker.net

[jd]

There are many IPv6 tunnel brokers - British Telecom, Hurricane Electric, and so on. Since it costs nothing to get an IPv6 tunnel, it's trivial to do, and all modern OS' support it, anyone worthy of the title of geek should already be using at least one such tunnel. (Hell, I used to run 10 IPv6 tunnels on Linux 2.0.20!)

Re:tunnelbroker.net

[MichaelSmith]

If the tunnel exit is outside the Great Australian Firewall then you can count me in.

Re:tunnelbroker.net

[TooMuchToDo]

I've hassled Comcast excessively to get my native IPv6 on business connections. Both me poking them and my posts on NANOG regarding the same fell on deaf ears. So I switched to Hurricane Electric. Native IPv6 FTW!

Disclaimer: Just a very, very satisfied transit customer.

Re:tunnelbroker.net

[ion.simon.c]

Aye. Check the HE's POPs. Many of them are inside the US.

Re:tunnelbroker.net

[ion.simon.c]

Where does HE serve?
Also, how would a residential user select them as his ISP? ;)

Re:tunnelbroker.net

[TooMuchToDo]

Ahh, that's the rub. I get HE from Equinix, and then shoot it about 10 miles away using wireless on their roof =( On the other hand, you could always tunnel IPv6 over IPv4. I've done that in some situations where IPv6 was a must. Works well, but it ain't native :(

Re:tunnelbroker.net

[ion.simon.c]

Yeah. I've a tunnel through HE's tunnel broker service.

*sits on his hands, waiting for Comcast to get with the times*

Re:tunnelbroker.net

[Tony+Hoyle]

BTExact shut down their tunnel broken. Apart from Sixxs there aren't any the UK any more. Anyway, tunnels suck. They add huge amounts of latency and are unreliable

Luckily there are at least two ISPs that'll route IPV6 (AAISP and Entanet).

Unluckily unless you fork out for a cisco router (or hack an old linksys) you can't use it..

Re:tunnelbroker.net

[TheRaven64]

Apart from Sixxs there aren't any the UK any more

The JANET tunnel broker is still running, and JANET is switching to all IPv6 internally this year. I get around 20ms RTT to hosts pretty much anywhere on JANET from Virgin Media, so the additional latency shouldn't be too much.

Unluckily unless you fork out for a cisco router (or hack an old linksys) you can't use it..

I have a PC Engines WRAP (266MHz Geode, 64MB RAM, two ethernet, one WLAN, 7W) which runs OpenBSD nicely. Cost about as much as a decent access point.

Re:tunnelbroker.net

[Chemisor]

> It's really nice to be able to SSH directly to your boxes behind your router.

Really nice for hackers too. I don't know about you, but even if the whole internet switches to IPv6, I'm still keeping my NAT firewall. My computers have no business being poked from the internet.

Re:tunnelbroker.net

[Just+Some+Guy]

I don't know about you, but even if the whole internet switches to IPv6, I'm still keeping my NAT firewall.

I'm keeping my firewall too. Who's crazy enough to drop it just because IPv6 is around?

My computers have no business being poked from the internet.

Then don't let them be poked, and find a better argument for having good connectivity.

Re:tunnelbroker.net

[swillden]

Every address you get contains the square of the IPv4 address space for your own use.

And if that's not enough for you, they'll give you a /48, which contains 65,556 subnets, each as big as the IPv4 address space squared.

Re:tunnelbroker.net

[Bearhouse]

Mod up! Don't use a shitty access point, roll your own.

Re:tunnelbroker.net

[slash.duncan]

AFAIK, DOCSIS 2.0 modems won't do native IPv6. That takes DOCSIS 3.0, one of the new features of which is native IPv6 capabilities. Until your market deploys DOCSIS 3.0, then (and Comcast does seem to be a bit ahead there, at least in its two high-speed markets), hassling the cableco isn't going to do you much good.

Unfortunately DOCSIS 3 has been vaporware for ~2 years now. There's certified equipment now, but from what I read, most of it's going to Asia. It's quite difficult to find DOCSIS 3.0 modems available from anyone in the US retail, and from what I read, many US cablecos are holding out for DOCSIS 3.1 or 3.0 plus proprietary extensions, due to deficiencies in the 3.0 spec meaning it won't let them compete effectively with the telcos for long. But 3.1 could be another year... or two or three given the delays 3.0 seems to have had, and another year or two to deployment after that!

But... I do expect they'll have to do /something/ in a couple years, be it DOCSIS 3.0 or something else, because 2.0 just isn't going to cut it after that, both bandwidth-wise and IPv6-wise.

Re:tunnelbroker.net

[Midnight+Thunder]

In certain places, such as in France, there are already ISPs that offer IPv6 to their customers. Living in Canada I would like this to be the case too, but even apparently tech oriented ISPs such as Tech Savvy fail to do so.

The other problem is there are still a lot of companies not selling IPv6 capable routers. Example of router manufactures who seem to be doing an effort are Apple and Buffalo. D-Link apparently has a road plan, but other companies such as Linksys are missing in action.

I have tried discovering and trying to understand IPv6 to the best of my ability, but in doing so realise that there is still work to be done to make it appear as straight forward as IPv4. While there is radvd, DHCPv6 needs to be made available in all operatings. Either that or radvd needs to provide support for discovering of the DNS server and other services. There is Bonojour, but until this is made a standard on all operating systems, then DHCPv6 is the best way to go. MacOS X is one OS not yet supporting DHCPv6, and I hope that it is provide to Snow Leopard and made available to Leopard.

Re:tunnelbroker.net

And then you can use this awesome ipv6 address to connect to all the other ipv6 users...which are all tunneled too.

Seems like a circlejerk. Might be good if you were stuck behind NAT, but still wouldn't get you very far.

Re:tunnelbroker.net

[admdrew]

Using NAT for security is not a great idea. If your perimeter is breached, NAT is not going to save you from someone (or someone's scripts) who is determined to break into your network.

Re:tunnelbroker.net

[petermgreen]

BTs seems to have disapeared...........

There are quite a few but afaict most of them can't be used from behind a nat and the one I know of that can ( freenet6 ) is pretty sucky (at least for a user in the UK since freenet6 has thier POP in the US).

Re:tunnelbroker.net

[macdaddy]

Having a DOCSIS 3 CM has nothing to do with providing IPv6 to the CPE. DOCSIS 3 added IPv6 support for the CM itself. It could care less what flows across it. The CMTS on the otherhand is another matter. IPv6 support can be configured on a cable interfaces of a Cisco uBR which doesn't yet support DOCSIS 3. The uBR7225VXR is a good example. Other vendors are different. Arris C3s do not and never will support DOCSIS 3. DOCSIS 3 isn't a simple software upgrade. It has specific hardware requirements. Arris' C4 on the other hand is modular and can have modules with DOCSIS 3 support installed in it. Motorola's BSR line is similar. The pizza box CMTSs do not support DOCSIS 3. The larger modular chassis like the BSR 64000 will eventually support DOCSIS 3 (they currently don't or didn't the last I looked).

On the topic of DOCSIS 3 in general, there is no such thing as DOCSIS 3.1. There also is no such thing as "proprietary extensions" being added to DOCSIS 3.0. The notion is purely horse shit. A CM or CMTS is only certified by CableLabs as DOCSIS-compliant if it adheres to the strict CableLabs DOCSIS spec. There aren't any "proprietary extensions" in DOCSIS. This is exactly what DOCSIS was created to eliminate. CMs are 100% interchangeable. Moto CMs offer no enhancements on DOCSIS that Arris CMs don't already offer and likewise with the other smaller CM manufacturers.

The only things slowing DOCSIS 3.0 deployment are 1) demand or need for the benefits of DOCSIS 3 (bandwidth or IPv6 support for CMs) and 2) cost. DOCSIS 3.0 requires a significant investment in the HE. It's not a simple software upgrade. In many cases the CMTS itself must be replaced and a new investment made in expensive new hardware. If the cost was the same then we'd be deploying DOCSIS 3.0 CMTSs today and migrating CMs as needed. An Arris C4 costs approximately $250,000 for a basic chassis with half a dozen upstreams and a single downstream. The pizza box C3 which does not support DOCSIS 3.0 (and never will) costs $20,000. If the demand was there for bandwidth we'd be deploying DOCSIS 3.0 CMTSs. If we were Comcast and had the world's largest CATV OSP we'd be deploying DOCSIS 3.0 CMTSs for our CM management needs alone (and they are BTW regardless of whether or not they're offering DOCSIS 3.0 to their users).

No need for IP addresses under Ninnle!

Ninnle Linux broke the IP barrier a couple of years ago, and has implemented something that will soon render the whole notion of IP addresses completely obsolete.

Re:No need for IP addresses under Ninnle!

torrents?

Re:No need for IP addresses under Ninnle!

[Ragzouken]

Broke the IP barrier? What speed were they going?

Re:No need for IP addresses under Ninnle!

It doesn't exist, man.

Re:No need for IP addresses under Ninnle!

[admdrew]

Plaid.

Can someone calculate that for me?

[frooddude]

What is .027% of 2**128

Here's a neat (and understandable) place to find out just how stupid it is to say that "only X%" if IPv6 is assigned: http://www.tcpipguide.com/free/t_IPv6AddressSizeandAddressSpace-2.htm

IPv6 is HUGE. I didn't even understand how huge until I found out I can get an address for every friggin cell in my body.

Weeeee!

Re:Can someone calculate that for me?

[paul248]

The space may be astronomical, but astronomical amounts of space are wasted in order to simplify routing and such.

For all practical purposes, I would estimate that IPv6 is about 64k times larger than IPv4.

Re:Can someone calculate that for me?

you know, i knew how big the address space was but hearing it put in those terms, wow. one billion a second for 4.5 billion years and we still wouldn't be quite a trillionth of the available space.. yay us. now how do we get to 4: make $$$

Re:Can someone calculate that for me?

[thogard]

Except its not the IPv4 address we are running out of, its the number of blocks of address space that we are running out of and that was made worse when they stopped allocating /24. Every dual homed network out there will need a 2 routing entries even if they only use IPv6 addresses. We could double the IPv4 address space by using the protocol version bits and most (leaf node) routers won't even care.

Re:Can someone calculate that for me?

64k times larger? Care to explain how you figure that, because I'm not sure you comprehend how fscking large the IPv6 space is.

2^128 is roughly:
340,282,366,920,938,463,463,374,607,431,768,211,456

IPv4 address space is 4,294,967,296. That multiplied by 64,000 is roughly. 274,877,906,944,000

340,282,366,920,938,463,463,374,607,431,768,211,456 vs 274,877,906,944,000

I think you're a bit off by a few orders of magnitude.

Re:Can someone calculate that for me?

[fbjon]

I think you're a bit off by a few orders of magnitude.

Did you read the post? Large bits of IPv6 are deliberately wasted in order to simplify routing. Thus, while there may be many more leaves, the branching structure is only 64k larger, to his estimate.

Re:Can someone calculate that for me?

try cabeling them all though.

Re:Can someone calculate that for me?

[cababunga]

I can get an address for every friggin cell in my body.

Finally missing piece of the puzzle. When IPv6 was first planned it suppose to give enough addresses for every cell phone, but apparently due to miscommunication, they made it large enough to give address to every cell.

Re:Can someone calculate that for me?

For all practical purposes, I would estimate that IPv6 is about 64k times larger than IPv4.

That should be enough for anyone.

Re:Can someone calculate that for me?

[paul248]

In IPv4, a typical customer allocation is /32. In IPv6, it's /48. Thus, by a *very* rough estimate, IPv6 has an extra 16 bits, or 64k times more.

Re:Can someone calculate that for me?

IPv6 is HUGE. I didn't even understand how huge until I found out I can get an address for every friggin cell in my body.

Every cell? Ha. Try every atom. Astronomers estimate the number of atoms in the universe on the order of 2^80.

And there are 2^128 ipv6 addresses.

Re:there's plenty of address space

[sigipickl]

I don't know which ISP's or upstream providers you are dealing with, but in the last 2 years, every DS1/3 circuit I have ordered required quite a bit of justification for anything more than 5 IPv4 addresses. No, I have not had to pay extra for addresses yet, but I have been told by AT&T and others that /24 blocks are basically impossible to get on anything less than DS3's nowadays.

The last time I did get a /24 or larger block of IPv4 addresses was 3 years ago on a 6mbit bundle of T1's. That was a /23 for a hospital network of 5000+ internal hosts. At last check, we were using about 200 of our allotted 500+ addresses. A bit wasteful.

I remember getting T1's in the mid-to-late 90's, and there were no questions asked- you just got a /24.

Why did they do it this way?

[arrenlex]

I don't understand why they made IPv6 the way they did.

Sure, the size of the new address space is absolutely staggering, but this was done at the expense of making them impossible for a person to remember. Right now, I can go to some internet cafe and ssh into my home network because I can remember the IP.

Were I using an IPv6 address, I would have to pay for DNS service just so I could log into my own network remotely, or keep a scrap of paper and laboriously type it out.

Why not extend IPv4 by adding more bits to the representation of each octet? For example, instead of using 8 bits, use x bits where x is specified at the beginning of the address. For example, you can use x=10 and create an address up to 1024.1024.1024.1024.

This still allows people to remember them easily, as there is no difference between remembering, say, 189 and 857 from a human brain perspective. It's three digits in each case. And, you can go as high as you need to. You can never deplete it, as you can just keep using more bits to represent the address when necessary, and all of the applications supporting such a protocol would be able to support that natively.

Best of all, assume x=8 unless explicitly specified, and voila -- perfect backwards compatibility with the existing IPv4 protocol. You no longer need to have separate treatment of IPv4 and next-gen address spaces, because IPv4 will be a subset of the expanded space.

Why the current mess of horrible alphanumeric sequences? Why didn't they make it easy on our eyes and do it like this?

Re:Why did they do it this way?

[compro01]

There are several free DNS services, such as dyndns and no-ip, which work just fine for such uses.

Re:Why did they do it this way?

[LordKaT]

A typical IPv6 address in dotted notation looks like:

128.91.45.157.220.40.0.0.0.0.252.87.212.200.31.255

So ... yeah, it's not that much better.

Re:Why did they do it this way?

[eggnet]

Or you put your IPv6 address in ~/.ssh/config

Re:Why did they do it this way?

[paul248]

If your connection gets a /48 allocated to it, then you can have a relatively simple address, like:

2001:db8:a5b2::1

Where the last part is statically assigned by you. The addresses aren't really that messy unless you're using relying on autoconfiguration for the last 64 bits.

Re:Why did they do it this way?

[mcrbids]

Why not extend IPv4 by adding more bits to the representation of each octet? For example, instead of using 8 bits, use x bits where x is specified at the beginning of the address. For example, you can use x=10 and create an address up to 1024.1024.1024.1024.

You misunderstand the meaning of the octet, which is little more than a way to make a large number more understandable. If you take 255*255*255*255 you end up with the largest number that can be stored in a 32 bit integer. And it's this integer that is actually your "ip address". It's just rendered in octet format because 63.95.215.231 is much more readable than some huge integer like 2393201938.

But when you are talking about very, very, very, very large numbers, such as 2^128, even breaking up the numbers into "bite sized chunks" falls apart. Even when you use alphanumeric values, it still is hard to remember.

So DNS is your friend. It works well, fast, and reliably.

Re:Why did they do it this way?

[MyHair]

They made it that way because it's similar in structure to IPv4 and made it long not to make 2^128 addressable devices but to make (theoretically up to) 2^64 collision domains with the possibility for 2^63 globally Unique IDentifiers and 2^63 non-globally-unique ID's. But a lot of people are going to ignore the global ID part and use (network)::1, (network)::2, etc. or have fun with hex letters with (network)::dead:beef and such. (Luckily--actually by design--these simplified IPv6 addresses will usually happen to be be in the non-globally-unique range.)

They intend to waste a lost of potential addresses to make routing tables simpler. Ideally the IPv6 network map will be a hierarchical structure of networks.

If you don't have DNS handy there are a growing number of peer-to-peer name resolution protocols that I expect will become more popular with IPv6 addressing.

So the answer is that the "horrible alphanumeric sequences" are designed to make easy-on-core-routers hierarchical routing feasible while squaring the theoretical maximum number of addressable hosts. And they really expect people to use managed or peer name resolution, anyway.

Re:Why did they do it this way?

[mysidia]

Dotted notations were considered when the IPng project (that lead to IPv6) was just getting started, and they were firmly rejected due to various problems. Dotted decimal notation loses its meaning when dots no longer denote octets.

Allowing the user to specify octet size is a problematic because it means many ip addresses have several radically different representations.

Lexically, using dots makes it look like an IPv4 address or hostname

Hexadecimal notation with colons works great.

It very clearly delineates the bits (esp. the leading bits) which are meaningful to IPv6's scoped addressing.

And the notation is actually fairly compact.

IP addresses are not meant to be memorized by humans in IPv4 OR v6. Use DNS for memorable identifiers.

Or (if you insist) use a hosts file, and carry it with you always.

Re:Why did they do it this way?

[MichaelSmith]

I want to move to Mars because my brain is too small to remember my Earth latitude and longitude.

Re:Why did they do it this way?

afaik, the ipv6 address is composed of of the mac address inside. which means its going to be at least 48bits ie 12 hexadecimal digits long.

Re:Why did they do it this way?

[knorthern+knight]

> Why not extend IPv4 by adding more bits to the representation of each octet?

*ANY* physical change to IPV4 breaks IPV4, as far as today's applications, operating systems, and internet routers are concerned. Repeat... *ANY* physical change to IPV4 breaks everything that relies on IPV4.

> Why not extend IPv4 by adding more bits to the representation of each octet?
> For example, instead of using 8 bits, use x bits where x is specified at the
> beginning of the address. For example, you can use x=10 and create an address
> up to 1024.1024.1024.1024.

Because internet traffic would be painfully slow, that's why. Current routers (the hardware that the internet runs on, not the toy between your modem and your computers) are hard-coded in ROM/firmware to handle 32-bit addresses. They can handle 128 bits in software, but it's a lot slower. Think hardware acceleration versus software acceleration for video cards. New routers can be had which do 128 bits in hardware. Your suggestion breaks down because...
a) the router would have to figure out dynamically how many bits constitutes a data packet.
b) once it figures that out, it has to route it. Because there are endless possibilities, it has to be done in software, again slowing it down.

> Best of all, assume x=8 unless explicitly specified, and voila -- perfect
> backwards compatibility with the existing IPv4 protocol.

Wring, wrang, wrung... wrong, wrong, wrong. At the hardware level, TCP/IP is a series of 8-bit bytes. Ain't gonna change without throwing out almost every computer currently in existence. That would make the switch from IPV4 to IPV6 look trivial.

Just in case you modify your proposal to say X=N bytes instead of X=N bits, there is still a problem. You would need a "flag byte" to signal how many bytes to use. IPV4-compliant software and hardware would choke on the extra bytes in the stream. I repeat what I said at the beginning... *ANY* physical change to IPV4 breaks IPV4. Given that assumption, we may as well start from scratch, and go back to square 1 when designing IPV6.

Re:Why did they do it this way?

It really would be best to leave this kind of thing to the people who know what they're talking about. That's why you weren't on the IPng committee.

Re:Why did they do it this way?

This comment clearly states to me that you did not inform yourself of the new enhancements the IPv6 protocol has. I can't wait till we are finally ready to make the jump into v6 and leave v4 behind. It was not one person that brainstormed on this and i'm guessing a simple solution like this was considered but marked as insufficient...
Have a look at frooddude's link above and you will see that v6 is going to be the best improvement to networking known to man.(and network administrators)
for your personal issue with remembering I would say: Go DNS or go home :)

Re:Why did they do it this way?

[Casandro]

Well there just are 32 bits for the address. So they need to make new headers and thus a new protocoll.

Further more there are a lot of features in IPv4 which seemed like a good idea, but turned out to be bad ideas. Those features have been fixed in IPv6.

Re:Why did they do it this way?

[lintux]

> You misunderstand the meaning of the octet,

Yours is also a bit lacking:

> If you take 255*255*255*255 :-P

Re:Why did they do it this way?

[Skofo]

They made it the way it is so that we don't have to go through the whole process of adopting another IP system any time soon. The use of the internet and IP addresses has grown exponentially since the internet first began, and I don't expect the growth to slow down any time soon. Soon enough our pencils will have their own IP addresses. Also, I'm very certain that pretty much every ISP will take advantage of the IP addresses with many 0's, which will circumvent the potential clunkiness of IPv6 and make addresses a lot smaller than they have the -potential- to be. So your typical IP address will probably be something like 2001::57ab, at least in the first half dozen years or so.

Re:Why did they do it this way?

[genik76]

Just make the effort to memorize, your brain adapts to different kind of character sequences.

Re:Why did they do it this way?

If you take 255*255*255*255 you end up with the largest number that can be stored in a 32 bit integer

Huh, my 32-bit integers go all the way to 255*257*65537.

Re:Why did they do it this way?

So you're telling me you are physically unable to remember 2001:218:dead::1 ?
All it requires is some getting used to.
It is not that complicated.
I'm really quite sick of seeing the addresses are too difficult argument.

Re:Why did they do it this way?

>>IP addresses are not meant to be memorized by humans in IPv4 OR v6. Use DNS for memorable identifiers.

Cash in your nerd card, please.

Re:Why did they do it this way?

You misunderstand the meaning of the octet, which is little more than a way to make a large number more understandable. If you take 255*255*255*255 you end up with the largest number that can be stored in a 32 bit integer.

(2^8-1)^4 != 2^32-1

Re:Why did they do it this way?

[swillden]

Were I using an IPv6 address, I would have to pay for DNS service just so I could log into my own network remotely, or keep a scrap of paper and laboriously type it out.

In practice, IPv6 addresses are really not that hard to remember.

An IPv6 address consists of eight words (word == two bytes, written as four hexadecimal digits). Eight words is a lot to remember, but you only have to remember three of them.

Is 230:c:36b easier or harder for you to remember than 94.212.203.102? It's much easier for me.

The reason you only have to remember three of the eight words is the first word is fixed for the foreseeable future (2001) and YOU get to pick the last four words, so there's no reason not to pick easily-remembered values like, say, ::1. For example, my desktop machine at home has the autoconfigured address 2001:230:c:36b:219:dbff:feda:e9dd, which would be horrible to remember, but I also configured it to use 2001:230:c:36b::1.

So, you end up typing a few characters more than a typical IPv4 address (17 vs 14 in my examples here), but the part you have to memorize is at most twelve digits -- the SAME as IPv4, except that the IPv6 digits are hexadecimal, not decimal.

Or you can just use DNS.

Re:Why did they do it this way?

So DNS is your friend. It works well, fast, and reliably.

and is trivially easy to Man In The Middle.

Re:Why did they do it this way?

[mikael]

Unfortunatelu, many TCP/IP implementations were designed assuming that the four values of each address were always going to be bytes.

There might be a way of transparently mapping the bits of each number of your method into the six bytes of the IP6 system, so that a six byte (48-bits) number can be remembered as a series of four 12-bit values.

This would still requires that addresses are remembered as something like 4095.4095.4095.4095 for a broadcast address.

With six bytes of IE6, you would have to remember 18 digits (6 values with three digits), but with four 12-bit values, you would have to remember 16 digits (4 values with 4 digits).

Re:Why did they do it this way?

[Geoffreyerffoeg]

*ANY* physical change to IPV4 breaks IPV4. Given that assumption, we may as well start from scratch, and go back to square 1 when designing IPV6.

Well, that's not really true (both of those). IPv6 addresses are their own namespace, and can't communicate with IPv4 addresses automatically. Think of how FAT got long filenames ... or how DNS grew extra TLDs like .info ... or how MX and SRV records in DNS started showing up, although using regular A records for mail and other services still works.

If you extend IPv4 in a clever way, rather than rewriting the whole thing and coming up with a new address space, you can increase adoption because people don't have to get everything upgraded end-to-end to make your system work.

Here's an example of such a scheme. Let's call it IPv4+. I'm going to say that it uses 64 bit addreses (but only because that's convenient). The first 32 bits are an existing IPv4 address, and if you own a single IPv4 address you own all 2^32 IPv4+ addresses that start with the IPv4 address. Allocation works as normal, etc. Maybe for good measure we'll take an IPv4 class A (1.x.x.x?) and reserve it _just_ for IPv4+ allocation.

So the first thing that happens is that everyone who uses NATs already has a convenient address. If my home IP address is 18.242.0.29, and my desktop behind the NAT is 192.168.0.2, then if I want a public IPv4+ address I can just use 18.242.0.29.192.168.0.2.

The next thing that happens is, if I want to reach that machine from a part of the Internet that only supports IPv4, I can tunnel IPv4+ inside IPv4. (I can even use an existing standard like RFC 1853) or something. The routers that don't need to be upgraded just see the outer header that says to send it to 18.242.0.29, and they use existing BGP or whatever and send it on its way. Once it gets to 18.242.0.29, which does support IPv4+, it figures out how to reach 18.242.0.29.192.168.0.2. Note that none of the backbone needed to be upgraded: I just need client and server support for IPv4+. End-to-end, if you look at it like an IPv4 packet, it gets routed correctly by the existing Internet.

So, there are two benefits of this strategy. First is that you use an existing naming scheme (IANA assigned IPv4 addresses) and build on top of it. The second is that you use an existing protocol and build on top of it, and only the machines that care about IPv4+ address space need to upgrade to IPv4+.

IPv6 does neither of these. Dan Bernstein condemns IPv6 much more scathingly than I can, having been part of the IPv6 discussions, but he basically agrees with me.

Re:Why did they do it this way?

[flonker]

What problem would this solve? You don't gain any additional routable addresses with this method, since the core routers stay the same. Basically, you end up with a half-assed form of NAT.

Re:Why did they do it this way?

[mcrbids]

255*255*255*255 = 4294967296 when you include the zero position! Represented in more normal base 10, you'd be multiplying 256*256*256*256 (-1 if you think zero doesn't mean anything), which completely fills a 32 bit integer...

Perhaps I represented this a bit awkwardly, but you get the idea now?

There is, of course, an entire discourse on the value of a zero. Why, for example, does 10 take two digits, when it's the conclusion of a logical sequence of single digits? 10 is not 0^10th, but 100 IS 10^10 and 1000 is 100^10 which is logically inconsistent, and what we now take as zero is really best approximated by NULL, which has no immediately recognizable digit. (Yes, there's an ANSI "nul" character but who actually knows it? Slashdot's garbage filter even rejects it, and you certainly aren't taught it in grade school)

(sigh) Even the relatively elegant digital Roman numeral system has its share of kluges....

Re:Why did they do it this way?

[sagematt]

and 1000 is 100^10

Excuse me, what? You are confusing the base with the exponent.

http://en.wikipedia.org/wiki/Exponentiation

Why, for example, does 10 take two digits, when it's the conclusion of a logical sequence of single digits?

In behalf of Slashdot, I ask you to retake high school math. Your parents lost their money on you.

http://en.wikipedia.org/wiki/Base_(mathematics)

Re:Why did they do it this way?

In a sense, what you propose already exists - your scheme sounds like a more limited version of 6to4. And, well, it's fine I guess, but it would increases complexity and be less flexible and more brittle. You'd need to keep NAT as long as pure IPv4 end sites remain, and even if they ultimately go away you have extra complexity at the gateways between the two protocols.

Re:Why did they do it this way?

You don't have to use stateless autoconfiguraiton and there are abbriviations allowed in an ipv6 address.

So assuming your provider gives you a /48 and you don't use stateless autoconfiguration you can have an address like

2???:????:????::1

which isn't that much worse than an ipv4 address.

Re:Why did they do it this way?

ipv6 doesn't do it that way because routing would be much more complicated. Sure, that would be easy to remember and type, but routing and subnets (which are trivial in ipv6) would be extremely difficult with that scheme.

IP addresses are for computers and routers. It's best not to remember them. You'd be better off registering the domain name 1024.1024.1024.1024.com. There's plenty of free dns services out there for just that.

Re:Why did they do it this way?

I want to get 2001:dead:beef::/64.

Re:Why did they do it this way?

[sjames]

Well, in your example, you've memorized 16 digits. That's as many as you need to remember for your home's v6 prefix since the 2001: at the beginning is pretty much a constant (or 2002: if you're on a 6to4 prefix).

If you use autoconf there's more, but you can just assign simple IPs.

The sequences are all numeric, they just happen to be in hex :-)

All the routers out there REALLY need fixed length IP addresses. The larger ones use asics to read the packet and make a fast decision. It's non-trivial to roll out a new address length on them. Many of the first routers that supported v6 only did so by handing v6 packets up to the general purpose CPU (and so they were quite limited compared to their v4 capabilities). That's why IPv6's address space is so large, the hope is that we won't need to grow the address size again any time soon.

Re:Why did they do it this way?

[Geoffreyerffoeg]

Yes, you'd need to keep NAT, but that's a special case of my proposal not requiring changes to the Internet anywhere. It encourages changes, and two people who make the same change can talk to each other without the routers in between cooperating, but it doesn't mandate them. If you want to keep NAT, nobody's stopping you.

It would increase complexity at the gateways between the two protocols, yes, but IPv6 involves increasing complexity at every gateway -- unless those gateways aren't routing IPv4.

I guess I'm starting from the assumption that we can't ever make IPv4 go away.

Unfair knocking of V6

[mysidia]

Even though last year the number of IPv6 addresses given out increased by almost a factor eight over 2007, the total amount of IPv6 address space in use is just 0.027 percent.'"

IPv6 addresses are 128 bits instead of v4's 32-bits. I sure HOPE the percentage stays small.

It's a preposterous claim that a whole 0.027 IPv6 addresses are in use. If that many addresses were in use, then that would mean IPv6 is wildly successful

If you just consider the first 48 bits of a V6 address. That's 281474976710656 network addresses.

IF 0.027% of those are in use, then 75,998,243,711 IPv6 networks have been used, which is more networks than IPv4 has ip addresses.

The full 128 bits allows for 340282366920938463463374607431768211456 host addresses.

If 0.027 of those are in use, then that would mean 91876239068653385135111144006577417 IPv6 host addresses are in use.

Re:Unfair knocking of V6

[Peristarkawan]

0.027% of the IPv6 address space has been given out. Since the addresses are given out in large blocks, that doesn't mean that each and every address given out is actively being used.

Re:Unfair knocking of V6

[Decameron81]

It's not 0.027% of available addresses in IPv6, it's 0.027% of all allocated addresses in IPv4 + IPv6.

Re:Unfair knocking of V6

[mysidia]

I think you missed my point. They're trying to say ONLY 0.027% has been given out as EVIDENCE that noone is using IPv6, and I still contend that it is misleading to cite the percentage in that context. Quote from the article summary:

Even though last year the number of IPv6 addresses given out increased by almost a factor eight over 2007, the total amount of IPv6 address space in use is just 0.027 percent.

Re:Unfair knocking of V6

0.027 % is actually 0.00027. We are talking about 2 orders of magnitude smaller.

Now, IPv6 is huge, so the number is still large even two orders smaller.

I'd like to know, for comparison, what percent of IPv6 all of IPv4 represents. It may well be that 0.027% is a huge space in comparison to all of IPv4. My back-of-envelope calculation suggests so.

Even if you take an earlier post that says its 100X larger, that makes IPv4 1% of IPv6, in comparison to 0.027%. Now that is a useful comparison.

Can someone come up with the real numbers?

we should get back IPV4 addresses from spammer isp

A lot of IPV4 addresses are owned by ISPs hosting spammers. If we can reclaim those, i think we can live a little longer with IPV4.

Get back IPv4 addresses assigned years ago

[gregmac]

There's a whole ton of IPv4 address space that seems to be allocated to people that don't realistically need it. For example, HP, Apples. IBM, MIT, Ford, Digital, Halliburton, GE, Xerox and a bunch more all have /8's. AT&T has two /8's. Do these companies really need 16 million public IP addresses?

I know of many universities that have /16's, and really, same situation - do they really need 65k addresses? Labs, residence PCs, wifi laptops, are all assigned public IPs, and then behind a firewall so nothing is accepted inbound anyways. These systems could easily be assigned private addresses and stuck behind NAT.

Why don't we just tell them they have to justify use of all their IPs, and then in a year or two, subnet the crap out of their space and take over anything they're not using to serve internet-facing services? It would likely free up a few hundred million IPs, extending IPv4 space for a few more years.

Re:Get back IPv4 addresses assigned years ago

Why don't we just tell them they have to justify use of all their IPs, and then in a year or two, subnet the crap out of their space and take over anything they're not using to serve internet-facing services? It would likely free up a few hundred million IPs, extending IPv4 space for a few more years.

Just to delay the inevitable? If the transition to IPv6 is only done under pressure, nothing is gained by having a few more years without pressure.

At the current rate, 16 million IPs would delay the exhaustion of IPv4 addresses just about three weeks:
http://www.potaroo.net/tools/ipv4/index.html

Re:Get back IPv4 addresses assigned years ago

[jelle]

Why? While it seems 'unfair' that they have those big chunks, that is not the problem. 'a few more years' only delays the breakdown point a bit, it doesn't make it go away...

The problem is that ip4v isn't big enough, and that NAT restricts addressability in a way that the end user (behind nat) cannot control.

Would you like to be put behind a NAT by your ISP, because you're a mere 'internet user' on a 'home connection', so obviously you don't need incoming connections, since the ISP decided for you that those can only be bad for you?

Without action, that's where we'll end up. People will find their ISP putting them behind NAT. Goodbye good skype connections, goodbye many internet protocols for you. Goodbye net neutrality. It will start costing a hefty premium to rent an 'internet addressable IP'...

Re:Get back IPv4 addresses assigned years ago

[Strider-]

I know of many universities that have /16's, and really, same situation - do they really need 65k addresses? Labs, residence PCs, wifi laptops, are all assigned public IPs, and then behind a firewall so nothing is accepted inbound anyways. These systems could easily be assigned private addresses and stuck behind NAT.

You are missing part of the point of the "public" IPs. By definition, public IP addresses are globally unique. This makes it easy to integrate or even just link two separate networks, since you can be absolutely sure that there will not be duplicated IP addresses. You try integrating or linking two separate, private networks that are both running on 192.168.0.0/24 :)

Re:Get back IPv4 addresses assigned years ago

[jabuzz]

Part of the problem is all the legacy, but perfectly good hardware that does not do IP6. Why should I throw out a HP LaserJet 5M+ with only 100,000 pages just because it does not support IP6? The longer we can put off the delay the less of this legacy stuff will be around, and the lower the barrier to the adoption of IP6.

Re:Get back IPv4 addresses assigned years ago

[Lennie]

Atleast it's not as bad as with two 10.0.0.0/8's. ;-)

Re:Get back IPv4 addresses assigned years ago

[Pentium100]

Would you like to be put behind a NAT by your ISP, because you're a mere 'internet user' on a 'home connection', so obviously you don't need incoming connections, since the ISP decided for you that those can only be bad for you?

The company I work for would gladly be behind ISPs NAT (and give away the static public IP) if that meant paying less, since we do not have any servers, and use the internet for web browsing and email, and are sitting behind a local NAT (zero forwarded ports) anyway.

On the other hand, I like my static external IP.

Re:Get back IPv4 addresses assigned years ago

[admdrew]

Ugh... could be worse; I've seen some corporate networks use public IP space for their private network.

Re:Get back IPv4 addresses assigned years ago

[budgenator]

It's not going to work well each IPv4 addresses has a limited number of ports
1-1023, are Well Known Ports and unavailable,
1024-49151, are Registered Ports and unavailable,
49152-65535, are Dynamic and/or Private Ports; this leaves 16,383 as the maximum number of connections that can pass through a NAT. If each computer is real nice and only opens one connection each it doesn't seem too bad but if the web browsers opens 10 connections to load a page and a yahoo messengers and a bittorrent session is running along with a system updates that one address is going to be pretty jammed.

Re:Get back IPv4 addresses assigned years ago

I know of many universities that have /16's, and really, same situation - do they really need 65k addresses?

Your options are 65536, 32768, 16384, 8192, 2048, 1024, etc.

You can't realistically NAT a server setup, so 256 is way too small. You also have to remember that most universities will have 10k+ students. And what can you NAT? As several people point out, large scale NATting is problematic. You might squeeze a 10K-student school into 1024 available ports, but your IT and help-desk staff aren't going to like you.

Any large university has pretty good claims to at least 16K IP addresses, but the effort in trying to reclaim the addresses has problems:

1. You need to know who has the addresses,
2. You have to decide which blocks to take back
3. You have to restructure networks
4. Your 48K IP addresses will be gone within a few days (if not hours), and
5. The routing tables get hairy again.

You're scraping the bottom of the barrel: no matter how much you get, you've effectively run out and have to do something else anyways.

Re:Get back IPv4 addresses assigned years ago

[oasisbob]

I take it you've never resubnetted a network before. I've done a /19 and a /18, and it's no fun.

You really think that those who have a /8 conserved space from the beginning? I doubt most even have their devices confined to a /9, let alone easy-to-reclaim blocks which fall on CIDR boundaries.

Re:there's plenty of address space

[MichaelSmith]

Sounds like a lot (maybe half?) of allocated addresses are not in use. I wonder how the cost of turning /23s into /24s compares with going IPV6 everywhere?

No need for IPv6, ever

[isdnip]

Because IPv6 was an awful mistake, an abortion created by a project group (IPNG) that had become so politicized that the best people had left. The remaining participants were hardly even the B team; they were F Troop. IPv6 was a mashup of two undergrad-level hacks, Steve's IP and Paul's IP, by Steve Deering and Paul Francis. Steve has disclaimed IPv6 and Paul's in a daze. All this was done before "ISP" was a household word -- it was still the NSF's private network.

So IPv6 perpetuates IPv4's mistakes and adds more of its own. It is costly but doesn't fix anything.

The existing v4 space is not well utilized. Blocks can be traded/bought/sold in the interim until something smarter than IPv6 comes along. IPv6 at this point is mainly a hack by equipment vendors to make you buy costly new stuff.

NAT is harmless to any application that is not broken in the first place. There is never justification for putting an IP address inside the application layer. Look at HTTP: It uses names, not addresses. In fact, it was a mistake to have applications resolve DNS; that should be a function of TCP/IP itself.

Re:No need for IPv6, ever

[Percy_Blakeney]

NAT is harmless to any application that is not broken in the first place. There is never justification for putting an IP address inside the application layer.

That's a rather silly thing to say. I would agree that applications should avoid handling IP addresses directly in their application-layer data, but to say that it's never justified is just stupid.

In fact, it was a mistake to have applications resolve DNS; that should be a function of TCP/IP itself.

You apparently don't understand the concept of layering.

Re:No need for IPv6, ever

> Because IPv6 was an awful mistake, an abortion created by a project group (IPNG) that had become so politicized that the best people had left.

It has problems, but I can't think of a networking protocol, at any layer, which didn't. The question is not "does it have problems?", but "is it better to switch to IPv6 than to stay with IPv4?". For a lot of us, the answer is "yes".

> So IPv6 perpetuates IPv4's mistakes and adds more of its own. It is costly but doesn't fix anything.

It has the potential to restore the end-to-end principle across most of the internet. (I can't think of anything else I do on my computer where the standards we use have static limits which are so low.)

> The existing v4 space is not well utilized. Blocks can be traded/bought/sold in the interim until something smarter than IPv6 comes along. IPv6 at this point is mainly a hack by equipment vendors to make you buy costly new stuff.

A good solution today is infinitely more valuable than a perfect solution never. Again, simply observing that there are problems with the current administration of IPv4 addresses is not useful. What might be useful would be comparing the relative cost of "fixing administrative problems with IPv4" to "switching to IPv6". In my experience, getting people to upgrade to a newer technology is a lot easier than fixing social issues.

Besides, all of my stuff (at work and at home) already supports IPv6. I don't have to buy anything new. If you invented something better than IPv6 today, wouldn't I have to buy new equipment that supported *that*?

> NAT is harmless to any application that is not broken in the first place. There is never justification for putting an IP address inside the application layer.

Sure, and running without memory protection is harmless to any application that is not broken in the first place. Those of us who have ever done any large-system design in real life have learned the hard way that there are quite a few broken applications in the world.

> Look at HTTP: It uses names, not addresses. In fact, it was a mistake to have applications resolve DNS; that should be a function of TCP/IP itself.

So instead of upgrading IP, you merely want to change how DNS and TCP and all networking applications work? Yeah, good luck with that.

Re:No need for IPv6, ever

I hope you are right.

There's a huge amount of network code that needs a major rewrite to support ipv6.

I am not thinking about small tools, I am thinking about big connection tracking systems (routing software, monitoring/stats software etc).

A 128 bit value has no possible representation in one of the standard unsigned integral types:
there is no uint128_t, and this means major changes to existing hash tables and related code.

Re:No need for IPv6, ever

[johannesg]

Because IPv6 was an awful mistake, an abortion created by a project group (IPNG) that had become so politicized that the best people had left.

Wow, you have a lot of big words - but you show very little in the way of concrete facts. WHY is it an awful(sic) mistake? Just because you have to remember a few more hex digits? Boo-hoo, the world is a lot larger than just your back yard you know, and those other people also want to get on the internet.

Just screaming that something is bad without explaining why is not really a convincing debating tactic...

The remaining participants were hardly even the B team; they were F Troop. IPv6 was a mashup of two undergrad-level hacks, Steve's IP and Paul's IP, by Steve Deering and Paul Francis.

...and neither are personal attacks on people who aren't even present to defend themselves.

So IPv6 perpetuates IPv4's mistakes and adds more of its own. It is costly but doesn't fix anything.

Which mistakes does it perpetuate? Which ones does it add? Why is it costly? (I can sort of guess that last one: because there is so much IP4 equipment out there. Well, here is a newsflash: it will be costly to switch to _anything_ other than IP4, whether it is IP6 or something else!)

The existing v4 space is not well utilized. Blocks can be traded/bought/sold in the interim until something smarter than IPv6 comes along. IPv6 at this point is mainly a hack by equipment vendors to make you buy costly new stuff.

So... Let's say I get assigned an IP that was previously unused by AT&T (since they have so many). Do you have any idea of the routing complications if this happened all over the world?

How do you think a "smarter" solution than IP6 will look like? Just give us a general idea, I don't need an RFC right now...

NAT is harmless to any application that is not broken in the first place. There is never justification for putting an IP address inside the application layer. Look at HTTP: It uses names, not addresses. In fact, it was a mistake to have applications resolve DNS; that should be a function of TCP/IP itself.

How can I write an application that connects from one NATted box to another? Ah, right, I can't. So the fundamental principal of end-to-end communication gets thrown out of the window, and the internet is reduced to a television model, with producers (those who have IP addresses) and consumers (those who do not). And that is something we REALLY do not need.

Re:No need for IPv6, ever

[swillden]

IPv6 at this point is mainly a hack by equipment vendors to make you buy costly new stuff.

Bull. At this point danged near everything deployed already supports IPv6. All of the endpoints running a major OS (Windows, *nix) support IPv6. Most of the application software supports it, and already requests and uses AAAA records if the host has an IPv6 address. The backbone supports it. DNS supports it. All of the ISP's equipment that is newer than four or five years old supports it, and most of the older equipment just needs a software upgrade to support it. Really, about the only part of the existing infrastructure that doesn't support it is everyone's home routers, and all they need is a firmware update.

All we need, right NOW, to put IPv6 in common use is for ISPs to request addresses from ICANN (which is giving them FREE to anyone who has ICANN-assigned v4 addresses) and configure their equipment. Add some AAAA DNS records and users will be hitting their favorite web sites via IPv6. Until sites get around to setting up those AAAA records, users will continue getting to them via IPv4.

What you say may have been true a few years ago, but it's not now.

Re:No need for IPv6, ever

[Pentium100]

So instead of upgrading IP, you merely want to change how DNS and TCP and all networking applications work? Yeah, good luck with that.

How about this:
Upgrade DNS to give out port numbers.
For example: I want to go to http://www.example.com/ the DNS gives the answer 1.2.3.4:80, if I want to go to http://mail.example.com/ DNS gives 1.2.3.4:81, therefore a NAT with port forwarding could work for multiple servers.

Old applications would still use the old ports, however, new ones would automatically get the port number from DNS, and for old ones you wold have to type the port manually.

Yes, there are some applications that have to use whole IP (for example, protocols other than TCP or UDP), but the need for separate IPs can be greatly reduced.

Re:No need for IPv6, ever

[Pentium100]

How can I write an application that connects from one NATted box to another?

Hamachi does it somehow...

Re:No need for IPv6, ever

[isdnip]

It's never justified. Names, not IP addresses, should be used. The historical rationalization is that FTP did it. But FTP did it for a very specific reason (printing to a BBN PTIP) that no longer applies.

And I do know layering. Putting an IP address in the application layer breaks layering! Addresses belong to the IP layer, and thus should be resolved there.

TCP/IP breaks layering all the time, but then it's a sloppy 30+ year old prototype. Good for its day, obsolete today. And v6 makes it worse.

Re:No need for IPv6, ever

[admdrew]

Upgrade DNS to give out port numbers.

Erm, really? So, how does "example.com" resolve? Are you proposing different DNS names for *every* service offered?

Plus, you're going to need to upgrade a *lot* more than DNS, and you're giving it a purpose it's not supposed to have. The *client* is what decides what port/protocol to generate traffic on, not DNS. Also, what of applications that require multiple ports/protocols to communicate? Your change breaks the concept of servers listening, and clients generating the traffic.

Re:No need for IPv6, ever

[compro01]

Yes, it uses a NAT traversal technique, which doesn't always work. It's a hack on top of a hack, and is a really lousy substitute for just having things publicly routable.

Re:No need for IPv6, ever

[admdrew]

Hamachi uses a central server in addition to software on both 'client' networks. Connectivity between any two clients is pretty easy if you have an application in the middle to handle connections.

Re:No need for IPv6, ever

[Pentium100]

IPv6 also requires a lot of changes, if it didn't, it would be easy to implement.

Just like DNS resolves example.com to 1.2.3.4, it could resolve http://example.com/ to 1.2.3.4:81, the application would ask not only for the IP, but also for port. Now, as I said, some applications would not be able to use this, so you would still need more than one IP, except if you have 100 web servers, they could all share the same IP, while being on separate machines.

For old applications that do not ask for port, the DNS would respond like it does now, but you may have to specify the port manually.

On the other hand, I read somewhere that it is possible to configure a NAT to route between v4 local network and v6 internet. If that is not a lie, I may just have found a way for my old PCs to communicate with the internet after everyone has switched to v6...

Re:No need for IPv6, ever

[admdrew]

IPv6 also requires a lot of changes, if it didn't, it would be easy to implement.

It does, yes, but IPv6 does not change the nature of how server/client applications function.

You realize the "http" portion of your example URL is what is determining the protocol and port at the application level, right? You do not ask a DNS server to resolve "http://example.com", you ask DNS to resolve "example.com" and then the *application* generates 'http' traffic to the resolved host. Essentially, you are proposing that port numbers be used for routing. How is that ultimately better than instituting a larger numbering system for IPs (IPv6) that is already widely supported and does not dramatically change how all modern applications work?

Re:No need for IPv6, ever

[Pentium100]

Yes, I know that currently the application determines the port. Anyway, my idea probably would have greater backward compatibility with existing networks and software (yes, typing a nonstandard port number may be inconvenient (if you use an old application), but you still can connect to whatever server you want in contrast to IPv6 under which old applications cannot access the servers at all, unless they still have an v4 address).

Re:No need for IPv6, ever

[Pentium100]

However, once the connection is established, the central server is no longer needed.

Re:No need for IPv6, ever

[admdrew]

Anyway, my idea probably would have greater backward compatibility with existing networks and software

Because older applications would still be able to generate routable traffic? Maybe... but this introduces additional problems, because you are still using ports for routing purposes *and* application traffic.

Also, how do 'legacy' applications access services on destination hosts that are on non-standard ports? A old web browser, for example, is going to make a connection to "http://www.example.com" using tcp/80. How is that browser able to connect to the webserver running on mail.example.com, if it's running on tcp/81? Manually entering "http://mail.example.com:81" may be an option with a browser, but what about an application that is hard coded to make a connection to a specific hostname and port?

And again... are you suggesting that all server applications should require their own unique DNS names?

While your idea is unique, I think it would too dramatically change the way modern networking works and would create too many other problems to be a viable solution.

Re:No need for IPv6, ever

[Pentium100]

As I said before, my idea would have greater (but not 100%) backward compatibility, and some applications would still need for the server to have a separate IP (hardcoded ports, usage of protocols other than tcp/udp).

And again... are you suggesting that all server applications should require their own unique DNS names?

At least some of them have their own DNS names already: ftp.example.com pop3.example.com smtp.example.com etc, while I fully understand that these meant to be used so that different services can be located on separate hosts, this could be used in reverse (multiple services, one IP).

For old applications that have the port hardcoded, if the server is also hardcoded, you can use your router to intercept the connection request and change the destination ip/port accordingly, or (server address is not hardcoded) you can use some sort of proxy application on your PC. While this way is not that convenient it would still be better than your old application not being able to access its server at all.

It still has more backward compatibility than IPv6.

Oh well, at least I tried.

Re:No need for IPv6, ever

[volkris]

Your "pretty easy" seems to be largely theoretical.

NAT traversal is a hack, and an ugly one. The central server is used to trick the underlying protocols into forming an end to end connection. In theory this may be easy, but in practice it doesn't always work.

In my experience it fails more often than it succeeds. Maybe that's ok for some p2p applications where half the connections can fail because there are hundreds anyway, but for viop and file transfer applications it's fatal.

Re:No need for IPv6, ever

[admdrew]

It's actually called reverse tunneling, and it works exceedingly well. In a typical reverse SSH tunnel, an outbound TCP connection is made to a server, which brings up a tunnel that the server is able to send traffic over back to the client. This removes the need for the client to allow any inbound-initiated traffic or any possible NATing.

Re:No need for IPv6, ever

[volkris]

Well right... but that requires a server to act as a relay for all of the traffic. It's bad enough that most NAT-fighting implementations require a centralized server to participate in the hole punching; having to relay 100% of the traffic through an external server just because of the failings of NAT is another level of pain.

So what happens when your peers each have plenty of bandwidth to transfer the data they need to transfer, but you don't have a central server or it don't have the bandwidth to act as a relay? You're sunk.

Because NAT sucks.

Re:No need for IPv6, ever

[Wowlapalooza]

DNS already has this functionality in the form of SRV records, see, e.g. http://www.pantz.org/software/bind/srvdnsrecords.html The problem is, the client software maintainers/vendors have yet to incorporate SRV support into their packages/products.

Re:No need for IPv6, ever

Do you have any idea of the routing complications if this happened all over the world?
As a network engineer I can tell you that it won't be a problem. It might be somewhat inconvenient if every adres is on a different continent, but routing small subnets is not a problem.

How can I write an application that connects from one NATted box to another? Ah, right, I can't.
It is called port-forwarding in your firewall. You do have your publicly (even though they are NATted) visible boxen behind a firewall, do you?
Or you could set up a reverse-tunnel, also quite easy.

Re:there's plenty of address space

[spudnic]

Doesn't this just prove the point? Do you really want 5000+ internal hosts on a hospital network to be directly accessible from the Internet?

It seems in your case you should only require routeable addresses for your external servers, firewall, vpn, etc. and let everything else live on the inside.

So if you're ordering up all of these circuits please do us all a favor and don't even ask for more addresses than you actually need. Thank you very much.

Get IPv6 now, you might be sorry later

[Casandro]

Now you can still get n times 2^80 IP-Addresses for free from tunnel brokers like Sixxs.net. They even offer reverse DNS delegation and such things. You won't get that level of service from your local ISP, ever.

Re:Get IPv6 now, you might be sorry later

[Wesley+Felter]

You can also get 2^80 addresses from the 6to4 fairy with no tunnel broker required. And since the whole point of IPv6 is that it won't run out, there's really no need to stock up in advance.

Re:Get IPv6 now, you might be sorry later

[Casandro]

Yes, but right now you can get them from 2 guys in swiss insteadt of some big company which wants to charge you extra for access to Wikipedia.

IPv6 solves most technical problems, but unfortunately many problems are not technical, but caused by greedy ISPs.

Having a neutral ISP is a big advantage.

Re:Get IPv6 now, you might be sorry later

[Tony+Hoyle]

Yeah but 6to4 is broken... for example, trace to 192.88.99.1 from my server in Dallas ends up in a server in Holland, and would add 360ms to my first hop.

Really you want (a) routed ipv6, (b) a nearby tunnel. 6to4 is a desparate last resort.

Re:Get IPv6 now, you might be sorry later

[Wesley+Felter]

And I suppose if everyone uses tunnel brokers instead of 6to4, it'll never be fixed.

Re:there's plenty of address space

[MichaelSmith]

NAT is fine for a typical workstation now but I think it is a bad idea to build assumptions about the way applications work into network architecture.

World's biggest consumers of everything

[SystematicPsycho]

While China and the US consume the world's resources, even the virtual ones the rest of the world is trying to adopt more efficient methods? Same old familiar story.

Re:World's biggest consumers of everything

[Just+Some+Guy]

While China and the US consume the world's resources, even the virtual ones the rest of the world is trying to adopt more efficient methods?

There are only so many ways to efficiently directly address a few billion devices. As computers become ubiquitous (picture a kid in India with a cell phone), so does the demand for addresses. There's no such thing as "fault" here; everyone wants this.

Re:World's biggest consumers of everything

[WindBourne]

Think that it might have something to do with population base? The truth is that all wealthy nations consume resources. LOTS of it. Those that are exporting "consume" even more.

Re:there's plenty of address space

[HTRednek]

You apparently don't run any servers either. Just because someone uses NAT does not mean they cannot run a server. If you have a web server in your home and your ISP assigns you a public IP address, your modem (DSL) or modem and router (Most Cable) simply utilizes PORT FORWARDING. If its a standard web server, you simply direct port 80 to the internal NAT address of your server (ie 192.168.0.100, or 10.0.0.10, or whatever...)and voila. FTP? Use 20/21. Not too complicated.

Re:there's plenty of address space

Try running more than one HTTPS server behind a single external address and see how wonderful you think NAT is then.

Someone please answer this?

[Conspiracy_Of_Doves]

Why not just take every existing IPv4 address and make it an alias for the same IPv6 address, but with 5 zeros in front of it? And declare that the owners of those IPv4 addresses now own the corresponding IPv6 addresses?

Re:Someone please answer this?

[Strider-]

Why not just take every existing IPv4 address and make it an alias for the same IPv6 address, but with 5 zeros in front of it? And declare that the owners of those IPv4 addresses now own the corresponding IPv6 addresses?

That's basically what 6to4 tunneling does, except that the ipv4 address defines a /64 subnet. :)

Re:Someone please answer this?

1) Addresses can't (or rather, shouldn't) be assigned arbitrarily. The address has to give routers some clue as to what to do with a packet. While it would be feasible to embed an IPv4 address inside an IPv6 address (just like they embed MAC addresses inside IPv6 addresses today), doing so still leaves a host of unsolved problems for routers.

2) Ignoring that, your ISP still does not support IPv6.

3) Even if they did, none of the software you use is compatible with IPv6 yet. (If you were one of the people who are already using IPv6, I doubt you would've asked that question.)

Re:Someone please answer this?

[swillden]

Why not just take every existing IPv4 address and make it an alias for the same IPv6 address, but with 5 zeros in front of it? And declare that the owners of those IPv4 addresses now own the corresponding IPv6 addresses?

Because that ignores the biggest feature of IPv6 -- the solution to the routing table size problem. Also, there's no need to do that. ICANN is providing v6 address blocks for free to everyone who has ICANN-assigned v4 addresses, and the IPv4 and v6 infrastructure can easily coexist during a transition, so there's no reason not to use new v6 addresses which are hierarchically-structured for easy routing.

Re:Someone please answer this?

[MyHair]

That's basically what 6to4 tunneling does, except that the ipv4 address defines a /64 subnet. :)

Actually with 6to4 you get a /48. Handy to know in case you need more than 2^64 IPv6 hosts behind your IPv4 address. Or if you want multiple IPv6 subnets behind an IPv4 address which seems more likely.

Re:there's plenty of address space

[aaron.axvig]

Why would you use addressing to keep un-authorized traffic from your computers. That is what a firewall is for. The whole NAT thing is really frustrating if you are trying to do any push application, VPN, video-conferencing...etc. Yes there are ways to cope, but why port forward when you could open ports in a firewall?

Holy Shit

[DanZ23]

I had no idea exactly how big either. From your link:

[...]imagine the IPv4 address space is the 1.6-inch square above. In that case, the IPv6 address space would be represented by a square the size of the solar system.

Assumptions are fine

[TheLink]

It's perfectly fine to make assumptions, in fact it's part of designing stuff. You can't know everything in advance.

You WILL have to make assumptions anyway - after all you aren't going to ask for 2 billion IP addresses for the hospital. Even if someone argues that in the future some applications may require machines to have thousands of IP addresses, but as a designer you are going to say "Even if that's the case, a hospital is unlikely to want that app, or by that time, the hospital and the world would have gone to IPv6".

How good the assumptions are, shows you how good (or lucky ;) ) the designer was.

It's perfectly reasonable to assume that most computers in the hospital should never need to have outsiders able to connect directly to them.

This may not be true for universities, but it is likely to be even more true for banks - only a very few ways in and out.

Many universities have an open campus, and outsiders can walk to any building and try to enter them, and the buildings themselves are designed with multiple entry points. Banks in contrast are desigend to have just a few entry points (that's why the crooks often make their own entry points ;) ).

Re:there's plenty of address space

[sigipickl]

No, 5000+ hosts do not need to be *directly* accessible from the internet, but there are an exponentially growing number of devices and information stores that need to be accessed by vendors and business partners (a good example is the change to digital diagnostic imaging by many hospitals over the last few years- those images have to move from hospital to hospital and hospital to clinic somehow). While solutions like Citrix or SSL VPNs are solving many of these issues, often direct VPN access is the only solution. With the VPNs, classic LAN-to-LAN tunnels within NAT space (RFC 1918) are not only prone to conflicts, but are complex to secure. Landing VPNs on routeable addresses outside the firewall (then pin-holing) is most often the only logical choice.

In the specific hospital case above (and this problem exists in many more industries besides healthcare, I'm sure, but healthcare technology is my area of experience)- based on the growth of connected devices, I will be out of IPv4 addresses in about 2 years. Maybe I was a bit loose with my 'wasteful' comment above- but in hindsight I am glad I hoarded when I did. Those remaining 300 routeable addresses are becoming precious. The days of handing out large IPv4 blocks are over as far as ISP's see it, so do I start hoarding more IPv4 addresses now? Sadly, I will probably have to, even if I am charged a nominal fee; it will most likely be cheaper than implementing IPv6, at least in today's skill-set market.

Re:there's plenty of address space

[TooMuchToDo]

I'm moving an installation from telco-owned to a carrier neutral facility (Equinix). I was able to get a /20 without a problem (although justification was necessary). Justification is ALWAYS necessary with ARIN, as they're strict with the IP space (as they should be).

Consumer Routers and IPv6?

[WimBo]

When will consumer grade routers support IPv6?

When I can go and get a netgear, linksys, or dlink router that supports IPv6 then I'd hope that I can get IPv6 connectivity from my ISP. (QWest)

I'm running Vista and Linux here at home, and could operate on ipV6 without any issues right now, except that I guess most software is only configured to talk ipv4. (Does Firefox attempt to talk to any ipV6 locations?)

Re:Consumer Routers and IPv6?

[compro01]

Yes, Firefox can do IPv6. There's an option (network.dns.disableIPv6) to disable it in about:config, though it is enabled by default.

Re:Consumer Routers and IPv6?

[lintux]

Many customized router firmware images (think of OpenWRT and friends) support IPv6. I adapted mine to get that. It sets up a tunnel to SixXS and announces my IPv6 /64 on my LAN. Everything just works.

Not sure if anything out of the box can do this yet, especially the tunneling part.

Re:Consumer Routers and IPv6?

[am+2k]

Apple's Airport Stations (including Time Machine) support IPv6 out of the box.

Re:Consumer Routers and IPv6?

[TheRaven64]

I guess most software is only configured to talk ipv4

Any software written relatively recently should be using the getaddrinfo() interface to the socket library for remote service lookup. This takes a host name and service name as arguments, but nothing protocol-specific. You then get a list of protocol-independent address entries back. This means that the same code will work with IPv4, IPv6, AppleTalk, or MagicFutureProtocolThatGoesToEleven.

Re:Consumer Routers and IPv6?

[Guyver3]

D-Link DIR-615 Hardware Revision C

http://www.tunnelbroker.net/forums/index.php?topic=296.0

I bought 2, they work mint both for native and tunneled.

microsoft? patented?

[reiisi]

No thanks. Not even if they swear on a stack of bibles they'll never sue.

ipv6 vs mac addresses?

ipv6 = 128 bits.

mac address = 48 bits.

does that mean that mac addresses will be duplicated?

garanted, not soon, since 2^48 = 281.474.976.710.656, but i don't understand... does this mean that mac will lose a lot of their current uses?

i mean, if you rewrite mac specs, you have to revrite ipvX specs, so you got to reuse mac addresses...

Re:ipv6 vs mac addresses?

[Lennie]

No, actually your MAC-address can be used on the LAN the assign your system an IPv6-address automatically. In IPv6 the last 64-bit are for the LAN(s)/subnet(s) and the first part should go in the global routing table.

If they intend to waste a lot of addresses...

what percentage is going to be wasted?

And why is it a good idea to make routing tables simple? IPv4 routing tables must be hideous if were running out of IPv4 addresses.

Re:If they intend to waste a lot of addresses...

[MyHair]

what percentage is going to be wasted?

Surely most of each assigned range. It is intended that each local LAN segment will have 2^64 usable addresses, half of which are intended to be globally unique and half which aren't. However this is nothing to stop someone from subnetting smaller networks than a /64; it will just break the stateless autoconfiguration ability so you need to assign static addresses or use DHCP6.

Heck, I have a /48--2^16 networks of 2^64 useable addresses--through a tunnel broker and I'm using less than a dozen addresses.

And why is it a good idea to make routing tables simple? IPv4 routing tables must be hideous if were running out of IPv4 addresses.

They are. For each packet a router has to compare the destination to a list of routes to determine where to send the packet. If all the addresses starting with 2001:0db8: by design are accessible by the same border router then your routing tables can be much simpler. That is not the case with IPv4, and the routable address space is about to increase by many orders of magnitude.

Simplified routing makes a huge difference on backbone routers.

So many addresses... so why can't I get one?

[m50d]

My home network has been IPv6-ready for three years. Two years ago I looked at actually switching it over - it would've been a cool geeky project. But the IPv6 overlords in their infinite wisdom have decided that we can't just use a 192.168.0.* equivalent, oh no. All addresses must be publicly routeable.

Which is fine - after all, there should be plenty of addresses, right? So why is there nowhere that will give me, as a private individual, an IPv6 address (officially, I mean - I'm aware of that website that generates an address that should be ok to use)?

This sort of thing should be what drives the IPv6 transition - I'm willing to experiment, to find problems and fix them. But the system is such that I am locked out of doing so.

Re:So many addresses... so why can't I get one?

[mikael_j]

What are you talking about? There are plenty of tunnel brokers that will get you your own /64 or /48, the fact that you clearly didn't bother to look doesn't mean that something doesn't exist.

/Mikael

Re:So many addresses... so why can't I get one?

[petermgreen]

As an end user you get your block of IPV6 addresses from whoever provides you with IPV6 connectivity.

Re:So many addresses... so why can't I get one?

[TheRaven64]

But the IPv6 overlords in their infinite wisdom have decided that we can't just use a 192.168.0.* equivalent, oh no. All addresses must be publicly routeable.

There is also a private v6 address range - anything in the fc00::/7 range should not be publicly routable so you can use this for totally private machines (not sure why you'd want to, but you might).

So why is there nowhere that will give me, as a private individual, an IPv6 address (officially, I mean - I'm aware of that website that generates an address that should be ok to use)?

Google for a tunnel broker near you. They will give you a /64 (i.e. a subnet of 2^64 addresses). This is not a range that 'should be ok' it is a range that is selected from the range given to that tunnel broker. They will then route all IPv6 traffic for you. Alternatively, you can use 6to4. Every public IPv4 address has a corresponding /48 in the 2002::/16 subnet, generated by appending the v4 address to the 2002 prefix. If you have a public IPv4 address, you can use the corresponding 6to4 address range without an explicit tunnel broker.

This sort of thing should be what drives the IPv6 transition - I'm willing to experiment, to find problems and fix them. But the system is such that I am locked out of doing so.

No, your inability to google for basic information is locking you out of doing so. If you want to have it just work without needing to know anything, but a recent Airport base station from Apple and use that as your router - it will configure 6to4 for you and route all v6 traffic from the local network without any effort.

Re:So many addresses... so why can't I get one?

[Pentium100]

There is also a private v6 address range - anything in the fc00::/7 range should not be publicly routable so you can use this for totally private machines (not sure why you'd want to, but you might).

Good to know, because I still do not understand why all of my PCs should have a publicly routable IPs if they should not accept incoming connections and I would have to filter then at my firewall and I would still use NAT to fool my ISP into thinking that I only have one PC. So I can use thee private range anyway.

Re:So many addresses... so why can't I get one?

[MyHair]

But the IPv6 overlords in their infinite wisdom have decided that we can't just use a 192.168.0.* equivalent, oh no. All addresses must be publicly routeable.

Others mention private alternatives; I'll summarize them here:

Site-local addressing fec0::/10 , deprecated . This is deprecated, but I don't expect these addresses to be reused for other purposes in...ever, I guess. Just pick a network address beginning with fec0: through feff: and have fun.

Unique local addressing fc00::/7 . For various reasons described elsewhere IETF would prefer all addresses be unique even if they aren't globally routable. Pick your own /48 between fc00:0:0: through fcff:ffff:ffff: and have fun. Or you can go to SixXS and have one non-authoritatively registered to you.

6to4 2002::/8 . If you have a public static IPv4 address then you automatically have a /48 starting with 2002: and then your hex-encoded IPv4 address. If not, then there should be no harm in using a private IPv4 address to make your 6to4 /48. For example, if your NAT router is 192.168.1.1 then your 6to4 subnet could be anything from 2002:c0a8:0101:0::/64 through 2002:c0a8:0101:ffff::/64 . (If you want to be sure no private packets escape to the real internet then null route 2002:/8 or 2002:c0a8:/16 at your IPv6 router if you have one.)

Which is fine - after all, there should be plenty of addresses, right? So why is there nowhere that will give me, as a private individual, an IPv6 address (officially, I mean - I'm aware of that website that generates an address that should be ok to use)?

See the SixXS link above. There is no official ULA registry, but they're the only ones I know of that are trying so far. The ULA addresses are not publicly routable, so a collision is not really a problem unless your network needs to someday merge with a colliding network. I could see that happening with major corporations, but it's not likely a problem with the typical home LAN.

Helpful tinkerer hint: Whenever you get an IPv6 range you generally get a /48, but as you assign IPv6 networks and routes to your network you will want to use /64 subnets. You don't have to, but things generally tend to make more sense that way, and default settings tend to assume that setup.

Now if you want to be on the live global IPv6 network then you can go to a tunnel broker and request a tunnel and/or subnet, and then you get a live address range. I'm in North America and use the free SixXS.

Re:So many addresses... so why can't I get one?

[TheRaven64]

I still do not understand why all of my PCs should have a publicly routable IPs if they should not accept incoming connections

Because they still receive packets? That's what routable means - able to have packets routed to it. The point of private address ranges is to allow networks that are not part of the public Internet without the possibility of routing conflicts with machines that are when a machine is connected to both. Using them for NAT is an ugly hack.

I would have to filter then at my firewall and I would still use NAT to fool my ISP into thinking that I only have one PC

Why? You're adding a layer of complexity for no reason. You have two options. The first is a firewall rule that says 'drop all connections originating outside'. The second is a firewall rule that says 'drop all connections originating outside. For all connections originating inside, keep track of the originating IP and port, map them to a currently-unused port on this IP, and remember that for as long as the connection lasts. Once you notice that the connection has dropped, forget about the mapping.' Which of these do you think is likely to be faster and less prone to exploitable errors?

So I can use thee private range anyway

Or you could have your firewall do masquerading and make all v6 packets appear to come from the same v6 address in your publicly-routable subnet but, again, why would you? Your ISP either assigned you a v6 subnet (typically the smallest they'll give you is a /64), in which case they expect it to be connected to a network, not a single computer, or they didn't. If they didn't, then you'll need to use tunnelling, and your ISP has no idea how many computers are connected because they just see packets bound for a single v4 address.

IPv6

[muadda]

When I was in France, my ISP gave me IPv6 connectivity at home for free. Not all ISP in France give IPv6 but that's a start. When I moved to UK, I only have IPv4 and I think most ISP here give only IPv4. Do we have some statistics per country? What are the countries more advanced in IPv6 for the end-user at home?

Re:IPv6

[TheRaven64]

The situation in the UK is highly politicised. BT is doing everything they can to get the regulator to remove constraints from them, including holding up ADSL2 upgrades and IPv6 support (which holds up all BT resellers, which means most UK ISPs other than Virgin Media and a small number of LLU providers). The correct response from the government should be 'meet these targets or find yourself the subject of forced renationalisation,' but I suspect it will be 'oh well, if you insist, we'll deregulate you, as long as you promise to not rip off the consumer too much'.

Re:there's plenty of address space

[Tony+Hoyle]

Or, more obvious for a home user... two copies of any online game on two machines in the house.

Port forwarding is an ugly hack designed to work around an ugly hack. You should be using an IP per machine even now.. it's not like they're hard to get, I got 16 just by asking nicely.

Create your own IPV6 config for Debian / Ubuntu

Ipv6 6to4 config generator for Debian and Ubuntu. No registration needed, just an IPv4 address.

If somebody was smart....

they might actually create a distro with that name. You have provided searchability for it for 6 years. Of course, they would then have to be everything that you have claimed. Still, it might be fun.

Who cares about extending IPV4

[WindBourne]

IPv6 is the way to go.Able to control a great deal more. Back in the 80's and 90's, nearly all of the IPs were public spaced. I want that back.

Re:Who cares about extending IPV4

[Pentium100]

And I see no reason for my whole internal network to have public IPs just to have them blocked at the firewall (essentially making the same as is currently with a NAT). Also, it is difficult (if not impossible) to make windows NT4 and 2000 work with v6.

However, I have read somewhere that it is possible to have a NAT between a v4 internal network and v6 internet, so I will use it when the time comes.

Re:Who cares about extending IPV4

[zzatz]

You have a device that performs two separate functions: NAT and firewall. The design and purpose of a firewall is to control access. The purpose of NAT is to translate addresses.

NAT is not designed to control access. 1:1 NAT doesn't control access. 1:n NAT prevents incoming connections as a side effect of the way that it breaks TCP/IP.

You should control access to systems and services with tools designed for that purpose, where the control is explicit and documented. Depending on a side-effect of something intended for another purpose will eventually bite your ass.

Show me a single device or OS supporting IPv6 which does not include a firewall. You don't need NAT for modern systems. You may need NAT for legacy systems. Both need firewalls.

Re:Who cares about extending IPV4

[Pentium100]

So, if a device does not have to be accessed from outside (or does not have to accept incoming connections), why should it have a public IP?

For example - my printer. It does not need to access the internet or accept incoming connections from outside.
A client-only PC. It needs to access the internet, but not accept incoming connections.

Also, a 1:n NAT is very useful in fooling your ISP into thinking that you have only one PC (in case that ISP would charge you more for multiple PCs).

So yeah, I give all of my PCs long v6 addresses, then filter them to make everything work like it did with v4, but with IPs that are harder to remember...

Also, I have PCs that run windows NT4 and 2000 (using xp/2003 would mean that I need better hardware (=more heat) just for the OS itself, because these PCs do their tasks nicely).

Re:Who cares about extending IPV4

[WindBourne]

It amazes me that in this day and age, ppl think that nats are the way to go. Personally, I love being able to talk from all of my systems out on the net AND to get response to them. Yes, they have to be locked down. So what? As you said, firewalls are needed. Sadly, many ppl think that a NAT is as effective as a firewall and appear to love losing their freedom.

You know, just seeing your parents response, I think I can finally understand how private citizens can like gov. like China's, USSR, etc.. They get use to what they have and do not know what they are missing.

Re:Who cares about extending IPV4

[zzatz]

NAT has nothing to do with public/private. Stop confusing the two issues.

You stop incoming connections the same way with IPv4 or IPv6, with or without NAT. Stopping incoming connections is the job of a firewall.

A firewall inspects packets and accepts, rejects, or denies them according to the configured policy.

NAT inspects packets and rewrites them to change the source and destination addresses. This has nothing to do with allowing, rejecting, or denying connections, except that NAT may not know where to route a connection. But if it does know, NAT will happily allow the connection.

You don't seem to understand that your router has both firewall and NAT functions, and that the part you like is the firewall. Blocking incoming connections is performed by the firewall part of router. Not the NAT part.

I don't remember numeric addresses, that's what computers are good for. I don't remember IPv4 addresses any better than IPv6 or MAC addresses. I copy and paste. DNS provides names that people can work with.

Re:Who cares about extending IPV4

[Pentium100]

If IPv6 was something that I had to install only on my router, I would have done it already (or would do when I change my routers software), now, not only do I have to install it on my router, but on all of my devices, for little to no advantage. Yes, all of my PCs would have public IPs, yeas, they would be filtered, so, where is the advantage?

Also, I have old PCs running Windows NT4 and 2000 which (AFAIK) do not support IPv6, my printer also doesn't. So, I would have to have both versions, remember to map ports correctly, so that my PCs can accept incoming connections (for BitTorrent and other services) from v4 and v6 clients (and that the incoming connections do not end up routed to different PCs).

Now, if I want to access my network from outside, I use VPN (L2TP). L2TP, by the way, works even when both endpoints are behind a NAT, given that appropriate protocols and ports are forwarded to the server (client does not need any forwarding). If I cannot use VPN, I can map a port to some service that I want to access even if I can't use VPN, then I have to remember my IP (or hostname) and the port, instead of having to remember IPs for all of my PCs (and ports too).

I am sure that I am not alone thinking all this, because, as we see, v6 usage is kind of limited.

I like to be able to appear as a single PC (just in case my ISP decides that I should also pay for every PC that I have), also, I do not want anyone to know how many different PCs are in my network and whether those multiple connections are originating from one or more PCs.

Re:Who cares about extending IPV4

[zzatz]

"If IPv6 was something that I had to install only on my router, I would have done it already (or would do when I change my routers software), now, not only do I have to install it on my router, but on all of my devices, for little to no advantage. Yes, all of my PCs would have public IPs, yeas, they would be filtered, so, where is the advantage?"

Every recent OS already has IPv6 installed, so you are complaining about work that you don't need to do. NAT complicates and makes additional work for protocols used for VoIP. Eliminating NAT reduces the extra work NAT requires.

"Also, I have old PCs running Windows NT4 and 2000 which (AFAIK) do not support IPv6, my printer also doesn't. So, I would have to have both versions, remember to map ports correctly, so that my PCs can accept incoming connections (for BitTorrent and other services) from v4 and v6 clients (and that the incoming connections do not end up routed to different PCs)."

You may recall that I mentioned that you might need NAT for legacy systems. New systems support IPv4 and IPv6 and do not need any special setup to work with both. Your legacy systems will look up the printer address by name, and get an IPv4 address. Your new systems will look up the printer by name, and get an IPv4 address. Where's the extra work?

I'll tell you where the extra work is, it's mapping ports to work around NAT for BitTorrent. Port forwarding or mapping is extra work required by NAT. If every device has a public IPv6 address, you don't need to forward ports. You simply add a firewall rule to allow access, exactly as you do with NAT. But a firewall rule isn't enough with NAT, you must ALSO add a mapping or forwarding rule. NAT == more work.

"Now, if I want to access my network from outside, I use VPN (L2TP). L2TP, by the way, works even when both endpoints are behind a NAT, given that appropriate protocols and ports are forwarded to the server (client does not need any forwarding). If I cannot use VPN, I can map a port to some service that I want to access even if I can't use VPN, then I have to remember my IP (or hostname) and the port, instead of having to remember IPs for all of my PCs (and ports too)."

You never need to remember IP addresses. They aren't meant for humans. Use names. Numeric addresses are for routing packets, and only routers should care about them. The only time I deal with IP addresses is when I configure DNS and DHCP for my home network. Every system has a hostname.

I access my home systems from anywhere on the Internet the way it is meant to be done. My ISP allows servers, does no filtering, and provides a static IP. I don't need to remember my IP, I have a domain registered that resolves to it. If I change ISPs, my domain will resolve to my new address.

I use NAT because my ISP doesn't support IPv6. I pay for one static IPv4 address. I'd rather have more, but they charge extra. So I use NAT and know how much extra work that involves. IPv6 would simplify my setup, like it would simplify yours, if you only realized it.

When I ran BitTorrent on my desktop, I had to enter a firewall rule to allow incoming connections, and I had to enter a NAT rule to forward the port. I upgraded my router, and now I run a torrent client on it. No NAT forwarding rule was needed, so instead of two rules, only the firewall rule was needed. NAT adds work.

"I am sure that I am not alone thinking all this, because, as we see, v6 usage is kind of limited."

It's limited because too many ISPs don't support it.

"I like to be able to appear as a single PC (just in case my ISP decides that I should also pay for every PC that I have), also, I do not want anyone to know how many different PCs are in my network and whether those multiple connections are originating from one or more PCs."

Your ISP can look at your port usage and tell that you are using NAT. They probably don't care how many computers you use. They care about about how many IP addresses you use, because IPv4 addresses are in short supply. They have no reason to care how many IPv6 addresses you use, because all of your IPv6 addresses will take up the exact same space in the routing tables as a single address.

Re:Who cares about extending IPV4

[Pentium100]

So, I use v6 only = clients that use v4 only can't connect to me = bad.
If I use v4+v6 so that all clients can connect, it involves NAT port mapping for v4 and firewall for v6.

If I want to redirect incoming connections to another PC, with v4 I have to change the port mapping, so that port 1234 goes to 192.168.0.5 instead of 192.168.0.4. How do I achieve that with v6?

probably something like this:

was:
2001::4 ->2001::4
2001::5 ->2001::5
now:
2001::4 ->2001::5 for port 1234
2001::5 ->2001::5 for everything, except port 1234

Also, one ISP (not mine) has actually tried to limit the usage of NAT by setting TTL=1 to all "download" packets, while you can get around it with custom router firmware or using PC as a router, reguar consumer routers just drop all incoming packets. So it seems they cared (or still do) about multiple PCs (probably they do not want their clients sharing the connection with their neighbors).

Kaminsky

So DNS is your friend. It works well, fast, and reliably.

Unless your name is Kaminsky,

Re:there's plenty of address space

[petermgreen]

Both will be very expensive, and why would any company in thier right mind want to give up scare addresses (and right now they can't legally sell them though that may change)

I suspect that when IPV4 addresses do finally run out ISPs will force residential users behind nat and re-use their addresses for more lucrative customers.

Re:there's plenty of address space

[petermgreen]

The current situation with most residential ISPs is that each customer gets one public IP. This is typically terminated on a NAT router (either combined with the modem or as a seperate device). In this situation you can port forward because YOU CONTROL THE NAT.

When (not if) IPV4 addresses run out I strongly suspect the first thing the ISPs will do is force residential customers to either pay more or go behind an ISP LEVEL NAT (in some countries afaict they are already doing so). By doing this they will free up adresses for more lucrative customers. Since this nat is shared between multiple customers the customers will almost certainly not control the nat and will therefore not be able to set up port forwards.

No. Just, no.

They mean out of all addresses in use, only 0.027% are IPv6.

great ip6 news because of economy!

[rubycodez]

global recession will slow the demand and use of ip4 space, so ip6 adoption can be pushed out 5 to 10 years more, just like it's always been for the last 20 years.

Re:there's plenty of address space

[ghbpiper]

NAT also cuts their traffic costs because it keeps customers from running servers.

Aside from TOS issues, running servers (at least web servers) is no big deal. I've run a web server for years on dynamic IP addresses, thanks to dyndns.org.

For all practical purposes v4 has already run out

For all practical purposes the IPv4 address space has already run out. Just look around you, your friends and colleagues are all behind some kind of NAT proxy. For a consumer it is in most areas not reasonably possible to get a fixed IPv4 address. And this has brought us all the NAT problems, hacks and horribleness. And even with all that trickery, or probably more realistically because of all that trickery, lots of things that should work don't, or don't work all the time, behaving erratically. This is not the Internet I thought we were going to get, back when I was still dreaming in the nineties.

Re:there's plenty of address space

[volkris]

I don't think it's even fine for a typical workstation now.

I have to jump through so many hoops and deal with so much hassle to get through NAT issues with certain programs... maybe you'd say a typical workstation would just give up, but from where I'm standing NAT gets in the way of even some common workstation programs from voice/video over IP to cluster computing.

Incomplete implementations

While it may be enabled by default in some OS's, most of them lack the required DHCPv6 support. While stateless autoconfiguration works, you won't get DNS server addresses from the router directly, which kinda sucks as v6 addresses are challenging to remember...

Mac OS X doesn't yet support DHCPv6 so I have to manually configure my nameservers.

Re:Incomplete implementations

[MyHair]

There is RDNSS which my router advertisement daemon supposedly supports, but I haven't tried it and don't know how ubiquitous it is.

But yeah, now that you mention it DNS support isn't quite homogeneous yet on IPv6.

Ninnle is already out there in our hearts...

What do you mean, 'I' have provided searchability for it for six years? I'm hardly the only Ninnle user on the planet. I just do what anyone else here does, and that is to recommend something that I use, find effective and believe it. Besides, I've only been tuning into /. since 2005.

Re:there's plenty of address space

I just received a /24 for a small network from AT&T on a link quite a bit smaller than DS3. I also received a /24 from another ISP for this same network on a slow link.

Apparently needing BGP still gets you past the gatekeepers. Sure, you can do BGP with smaller subnets but it requires some careful consideration and planning and you lose a lot of your control. The ISP's fortunately understand this and will still hand out /24's.

Re:there's plenty of address space

[GoRK]

You are confusing "Publicly Routable" with "Directly Accessible" This is a distinction which cheap consumer-grade "routers" have blurred and it's even starting to seep up into the minds of network engineers.

You can have devices using NAT to RFC-1918 address that are just as "directly accessible" as any other host. Likewise you can have machines with routable addresses that are not in any way connected to the Internet. There are lots of valid reasons to do both depending on the applications, the hardware and the infrastructure.

Re:there's plenty of address space

[hr+raattgift]

The problem lies in any apps written since the mid-1990s that make two critical assumptions about its own network layer (IP *or* IPv6) address (NLA, generically), and the same about its counterparties'.

Assumption one: the local address is universal and isotropic.

Assumption two: the local address is fixed and permanent.

These assumptions are bad with or without the presence of NAT, because of DHCP, renumbering, multihoming and mobility.

The first assumption leads to the embedding and use of NLAs in higher level protocols that lead to breakage when the NLA cannot be used as a destination address as it is. This can be because of transient routing problems (or deliberate policy), and can be avoided simply by using a simple indirection through the DNS or equivalent mapping database that will give up one or more NLAs which are valid as destination addresses.

NAT mainly serves to increase the incidence of problems associated with assumption one, because it generally introduces anisotropy to addresses. Obviously if "A" knows it's 10.0.0.6 and tells a counterparty "B" to connect to it at that address, if B is somewhere far away topologically, "B" is unlikely to be able to make use of it. One solution: embed symbolic DNS names into the stream and indirect through that. Instead of "10.0.0.6" with the assumption that a well known port (e.g. TCP, 20) embed (for example) ftp-data._tcp.mysymbolichostname.mygatewaydnszone.somesite.com into the stream and expect the other side to use do a SRV RR lookup in the DNS.

A bit of glue to tie NAT-and-firewall-hole-punching into an on-NAT/on-firewall nameserver is most of what's necessary to remove the need for application-level gatewaying and translating for simple connectivity purposes.

Older protocols (like ftp) are going to remain a problem; the reasons these have not been fixed already are largely political -- these older protocols are known to have serious security problems, and there are many people who reject wholesale the idea of adapting to the existence of NLA anisotropy in the real Internet.

This also gets in the way of host and subnet mobility and multihoming. We lack a standard session protocol which would allow for generic graceful reconnects of application-to-application communications as e.g. a mobile phone moves from a wifi to a 3g wireless provider and then to another wifi unrelated to the first; or as a conference attendee walks with her laptop from the conference wireless network to her hotel room. The standard again would largely involve a bit of glue around DHCP and dynamic DNS, and is stalled for mostly political reasons (security of DNS, and acceptance of this mode of mobility necessarily leading to transience of addresses and typically leading to transitioning from one anisotropic address to another).

NATs are simply there. Not adapting to them for aesthetic reasons is a poor engineering choice. Complaining that they are in the way is complaining about that engineering choice.

Re:there's plenty of address space

[hr+raattgift]

Port forwarding through a stateful firewall and NAT hole punching are identical for a higher level communication that does not embed network layer addresses (NLA, in this case IPv4) and expect them to be useful for the other party or for a long period of time or both.

Think of a trivial service like echo (TCP, RFC 862) where whatever application data is sent from the client is reflected back to the client unchanged by the server. If the client connects to 128.100.100.1 tcp port 7 it does not matter whether 128.100.100.1 is the actual server address behind a firewall that allows that connection, or is the address of a NAT that forwards port 7 to an internal host. Right?

Complex services which require rendezvous often have made unreliable assumptions about NLA lifetime and isotropy. These assumptions are the source of frustration. The lack of a stanard generic workaround for future rendezvous in the presence of ephemeral NLAs is another problem.

Trying to make NLAs non-ephemeral is a poor solution (it ends up becoming bridging); a better one is to have a stable handle that maps to a dynamically updated NLA/service-address. Wide Area Bonjour does this (mDNS + dns-sd + private dynamic DNS zones for updating A RRs and SRV RRs as they become discovered through NAT-PMP, uPNP, probing and feedback), and it helps with any application protocol that transfers DNS names and symbolic port names as rendezvous points instead of IP addresses (with implicit mappings for well-known ports).

Essentially all Mobile Me (formerly .Mac) users have a private (key-protected) DNS zone membername.members.mac.com that is updated by their various Mac OS X systems so that they can rendezvous with one another ("Back to my Mac"); the zones mainly contain A and SRV RRs keyed to the configured Computer Name (in System Preferences > Sharing).

Most Mobile Me customers can therefore do things like:

ssh mycomputername.mymembername.members.mac.com

which will result in a DNS service discovery query of

_ssh._tcp.mycomputername.mymembername.members.mac.com

which will resolve a SRV RR like

0 0 22 computername.real.dom.ain.

(and/or possibly other RRs like PTR, A, AAAA, CNAME or TXT).

Behind a NAT that might become "0 0 2193 nat-dns-name.some.where." or "0 0 41111 128.100.100.1".

ssh then will resolve the DNS name or use the IP/IPv6 literal, and use the port literal, and connect appropriately and seamlessly; host key checking is done on its argument, rather than on the intermediate indirection symbolic names or the ultimate NLA.

This works just as well for datagram type services as for connection-oriented ones.

Most of this is unencumbered open standards documented at http://www.dns-sd.org/ (for example).

The point however is to use something that really is long-lasting and isotropic, like a DNS name, as a rendezvous point. The Back to my Mac approach is illustrative, but is not a good choice, since key-protected private DNS names obviously are only isotropic for those that know the key!

A standard API for this sort of rendezvous among hosts that are subjected to NATs and being moved from one part of the network to another, and a general consensus about avoiding the use of NLAs as remotely-useful long-lived rendezvous handles, has been elusive in the IETF, mainly for political reasons.

This is particularly sad since many IETF conference goers migrate their own laptops from the conference wifi to their hotel rooms several times during the conference, and many of them have home and work machines behind a NAT or firewall they do not personally control, and yet they don't seem to mind the lack of session survival (or the hotchpotch of per-application recovery approaches) that results.

Re:there's plenty of address space

[volkris]

You've overemphasized small problems here and underemphasized large ones.

"A bit of glue to tie NAT-and-firewall-hole-punching"? Really? It's just that easy?

What about the serious problems with NAT hole punching, it's unreliability and complexity due to details of the particular NAT implementation? What about the policy issues of firewall hole punching? These aren't trivial problems to overcome; we've been trying to get various hole punching techniques to work for years and it's still crappy, unreliable, and un-userfriendly.

NATs don't suck for aesthetic reasons; they suck because they get in the way of operation and have to be worked around through the use of voodoo and luck.

Re:there's plenty of address space

[hr+raattgift]

"A bit of glue to tie NAT-and-firewall-hole-punching"? Really? It's just that easy?

Yes. http://www.dns-sd.org/ for DNS queries with dyanmically updated A and SRV RRs (among others); NAT-PMP or uPNP or STUN (or Teredo) for acquiring the information to update into those RRs.

Literally millions of people use these technologies daily as part of either using Back to my Mac, using a Mac OS X system behind an Apple Airport wireless station, or both. It works pretty well, and users don't even notice other than seeing their various machines in Finder window sidebars as they move their laptops around from subnet to subnet. It's also straightforward to put a NetBSD system into the mix (probably other similar sytems too), or to set up your own multiplatform Wide Area Bonjour server.

Gateway implementation bugs are not necessarily NAT-specific, as you note. Any feature -- new or existing, optional or mandatory -- can have bugs.

Policy issues affect non-translating firewalls just as they affect translating firewalls.

No, they aren't trivial problems (bugs bad; policy elucidation or creation problems bad) but they are not specific to NAT.

That NATs get in the way of operation should be incentive for generic workaround API development, rather than hoping that the NATs will just get out of the way. They're established and aren't going to vanish soon.

Re:there's plenty of address space

[volkris]

Listen to yourself: "generic workaround API development"? Really? The simple keyword "workaround" is a pretty striking clue that these engineering issues aren't aesthetic.

As for hole punching, I hear often that it's very successful, reliable, even easy to do. And yet in my personal life I'm struck by instance after instance of myself, my friends, family, and coworkers hitting up against non-working software where the problem can be tracked back to failed hole-punching.

It's one of those "Who are you going to believe, me or your own eyes?" things: everyone says holepunching works, but I see first hand from a wide variety of programs, in a wide variety of environments, operated by a variety of independent users, that it fails 90% of the time.

Then, I try to look research the issue in software I run myself only to find developers insisting that there is no bug while I myself can't find them either.

So who am I to believe? My own experience, based on far more than a few isolated occasions, shows pretty conclusively that hole punching doesn't work reliably.

Re:there's plenty of address space

[hr+raattgift]

They're there. You have to work around them. That's an engineering fact, not a comment on their aesthetics. Such aesthetic concerns are not really in the realm of engineering; it is not engineering if you are unwilling to engineer a fix or workaround just because the problem is ugly.

Moreover, simply repeating "NATs are ugly" or listing off justifications for that opinion is not going to get rid of them.

That there are difficulties in NAT traversal for protocols that require knowledge of counterparty NLAs or for applications that require rendezvous with particular counterparties at arbitrary times is a truism, not an argument against engineering a generic workaround API.

Confusing a truism that is part of the problem statement with a solution is poor engineering practice. "If only they weren't there!" does not make NAT traversal easier for anyone.

That said, there are several largely working toolsets for doing NAT traversal; several are open source, freely available and probably unencumbered. The people working on them accept bug reports, especially where your (reduceable, repeatable) experience conflicts with the expectation of "it just works". Presumably people working on 3rd party applications that have problems traversing NATs take bug reports too. You know the drill.