ARIN Letter Says Two More Years of IPv4

dew4au writes "A reader over at SANS Internet Storm Center pointed out a certified letter his organization received from ARIN. The letter notes that all IPv4 space will be depleted within two years and outlines new requirements for address applications. New submissions will require an attestation of accuracy from an organizational officer. It also advises organizations to start addressing publicly accessible assets with IPv6. Is ARIN hoping to scare companies into action with the specter of scarce resources? This may be what's needed to spur adoption since there appears to be no business case for IPv6 deployment."

What about my toaster?

[MrEricSir]

When IPv6 was announced, one of the benefits was that everything could have its own IP address; even your toaster!

So as for a business case, what about the internet toaster business? If we don't switch to IPv6, what will they do?

Re:What about my toaster?

[omnichad]

IPv6 has 3x10^38 addresses.

Assuming that everyone in the world owns a 1080p monitor, that's about 1x10^16 pixels.

There would be enough IP addresses for each pixel, and still have more than enough IP addresses left to give every man, woman, and child's toaster an IP and also to replace IPv4 in its entirety.

Re:What about my toaster?

[shadow349]

So as for a business case, what about the internet toaster business? If we don't switch to IPv6, what will they do?

They can receive bailout funds from the stimulus bill under the guise of a "smart power grid" appliance.

You think I'm kidding, don't you?

Re:What about my toaster?

[Miamicanes]

> However, since each home network has 48 bits of address space (snip)

The last time I checked (about 6 weeks ago), ISPs are supposed to assign a 48-bit address to each "customer" (read: site, household, office, etc), who'll have 80 bits, not 48, under his direct control -- from a block whose upper 32 bits are assigned to the ISP by the local coordinator (ARIN, RIPE, etc). In English, here's a theoretical IP address represented by placeholder letters (each letter represents 1 hexadecimal digit = 4 bits):

aaaa:aaaa:bbbb:cccc:dddd:dddd:dddd:dddd

where

aaaa:aaaa is a prefix assigned by ARIN/RIPE/etc to the ISP. For now, most of the addresses we see will have "2001" as the first 4 digits.

bbbb is a 16-bit value, representing 65,536 potential customers. This is the part the ISP gets to assign to customers.

cccc is another 16-bit value. This is the part you, the customer, are officially supposed to be able to use however you please

dddd:dddd:dddd:dddd is a 64-bit value. In theory, this value is supposed to be determined by your ethernet card's MAC address. Originally, it was "mandated". Due to privacy concerns (your ethernet card would be trackable out-of-band wherever in the world you used it from and would have effectively been the "tracking cookie from hell"), it was first softened to allow some randomization, and eventually made a "recommendation". More on this in a moment...

So... what does this mean for you, Joe DslCableModelCustomer? In theory, you will someday be getting a letter from them to the effect of, "Your new IPv6 prefix is 2001:3f87:991d:/48". What does this mean? In the real world, it means you'll plug the shiny new Linksys router you bought circa mid-2012 into it, and configure its address to be 2001:3f87:991d::1 You'll then verify that the rest of your network (192.168.x.x IPv4 addresses and all) is happily doing NAT, and forget about it.

To the rest of the world, your desktop PC (192.168.0.128) will either appear to be 2001:3f87:991d::1 (if the router is acting as an IPv4 proxy), or if you're extra-clever, will transparently be rewritten to something like 2001:3f87:991d:0::192.168.0.101 or 2001:3f87:991d:0::c0a8:0065. Ditto, for the other half-dozen computers and devices in your home that are connected to the internet.

A few weeks later, you get into an IPv6 fetish, and decide to abolish the IPv4 legacy and make everything pure IPv6. At this point, your public IP addresses look even prettier:

your firewall's new IPv6 address is set to 2001:3f87:991d::100
your desktop PC's new IPv6 address is now 2001:3f87:991d::101
your TiVO's new IPv6 address is 2001:3f87:991d::102
and so on.

Put another way, nobody is going to put a gun to your head and force you to use the lower 64-80 bits if you really don't want to. If you're a typical home user who just wants to plug things in and have them work, they'll autoconfig using the munged MAC address and publicly assume some horrific, ugly value its owner will probably never type directly anyway. If you want your network to be handcrafted, with addresses you can remember, you're perfectly free to collapse the 80 bits you control down to as few as 1 bit if that's what makes you happy. Maybe even ZERO bits (I'm not 100% sure whether 2001:3f87:991d:0:0:0:0:0:0 is a legitimate address, or whether the ::0 address still refers to the (sub)net as a whole).

As for privacy, I fully expect that most ISPs will eventually have a semi-anonymizing web proxy available for their customers to use. They'll keep logs for a few days to fight spammers, botnets, and criminals, but keep things sufficiently shuffled around to keep marketers from ever getting TOO comfy and intimate with your IP address. It'll make ISPs happy, because they can make it cache traffic and squeeze more use out of their upstream bandwidth.

Note that the allocation scheme I just mentioned IS radically different from what IETF envisioned circa 2000. Sometime in the past 2 or 3 years, they put down the crack

Nothing gets fixed until it breaks

[madbavarian]

Nothing gets fixed until it breaks so fully that people can't ignore it any longer. ARIN should just hand out the last of their IP assignment already and then we can move on with actually deploying IPv6.

Re:Nothing gets fixed until it breaks

[SnarfQuest]

Just do a HDTV conversion. Give a specific date when IPV4 support will be dropped, then extend the date when the timeout gets close.

Re:Nothing gets fixed until it breaks

[vivin]

There are a number of corporations and organizations that own /8's

Here is a list

Here's a few from the list:

003/8 General Electric Company
004/8 Level 3 Communications, Inc.
008/8 Level 3 Communications, Inc.
012/8 AT&T Bell Laboratories
013/8 Xerox Corporation
015/8 Hewlett-Packard Company
016/8 Digital Equipment Corporation
017/8 Apple Computer Inc.
019/8 Ford Motor Company
034/8 Halliburton Company

Seriously... why does Ford Motor company need a /8?

The US government also owns a whole bunch of /8's

Instead of hogging these, they should just give them up. They don't need all these addresses.

Re:Nothing gets fixed until it breaks

Seriously... why does Ford Motor company need a /8?

They've been keeping it in reserve for a rainy day.

Do you know how much a /8 is worth in today's market? It could pull Ford out of its financial problems!

Re:Nothing gets fixed until it breaks

[Blue6]

A lot of the companies that have class A networks had them issued before CIDR. Also don't underestimate the size of some of these networks. Ford has a half dozen datacenters spread out around the world thousands of VOIP phones, Desktops / Laptops, routers, switches, AP, servers. Not to mention most modern manufacturing plants PLC's run on a IP network sure you will never use the whole space but do you really think they are going to re-IP a network that size. Ford also owns a class B network :)

Re:Nothing gets fixed until it breaks

[Bandman]

And there's absolutely no reason that those devices can't be assigned an address from the 10.x portion of RFC 1918. None at all, except for the magnitude of the problem.

They should have planned for that so, so long ago.

Re:Nothing gets fixed until it breaks

Go ahead, yank 'em all back. Worldwide, the five RIRs (AfriNIC, ARIN, APNIC, LACNIC, RIPE) go through 12-14 /8s per year. Don't give yourself a charley-horse patting yourself on the back because you managed to move out the exhaustion date by 8 months.

BTW, the US Government *gave back* several /8s.

IPv4 is terminal. Get over it and get your IPv6 on.

It's to try to get some attention

[kevmeister]

I just got back from the ARIN meeting this week and the letters are, indeed, a "scare tactic". Network providers keep reporting that PHBs won't spend any money on IPv6 even though engineers are begging for it. Most corporate officers probably think IP is only Intellectual Property and this is an attempt to draw their attention to the fact that the network world as they know it is going to end soon and that the only way to avoid serious problems is to either stop growing or to start IPv6 deployment. PHBs sometimes get the idea when they realize that not spending some money will lead to big problems in a few years. Others figure that if it's over a year away, it really does not matter because it won't impact their bonus this year, so it may not work, but we can hope.

IPv4 Address Exhaustion Is Always Be 2 Years Away

[afabbro]

Case in point. Thought it was supposed to be 2010? Now it's 2011.

IPv4 addresses won't magically be exhausted one night. They'll just start getting more expensive.

As I keep pointing out

[wowbagger]

As I keep pointing out on each IPv6 story, there will be little motivation to move to IPv6 until you can hit major sites, like cnn.com and slashdot.org, using nothing but IPv6 packets.

We've made a bit of progress, in that now, if you have IPv6 connectivity to "the Internet", you can in theory do the name resolution entirely by IPv6 packets, now that the root name servers support IPv6.

Note to the "a little knowledge is a dangerous thing" crowd: yes, you can form an IPv6 packet with an IPv4 address, but that doesn't mean the target machine will actually be able to understand it - it is still a completely different packet type than an IPv4 packet.

So, does slashdot.org have IPv6 enabled? Does the colo housing slashdot.org's servers route IPv6 packets from the Internet to the slashdot.org servers? Can "the Internet" route IPv6 packets to the colo?

If a tech site like slashdot.org doesn't have the ability to handle IPv6 traffic, then why should I get all hot and bothered about trying to get IPv6? And if I'm not going to demand it, then why should my ISP spend the effort to supply it?

Re:IPv4 Address Exhaustion Is Always Be 2 Years Aw

[Lord+Ender]

ARIN really is the most trustworthy source you could have for a claim like that, though. Sure, many have made the claim before, but this is the next best thing to having Jesus, Moses, Mohamed, Buddha, and Thor all sit down with you around a burning bush and explain the importance of implementing IPv6.

Re:We need ipv4.5

[georgewilliamherbert]

Why couldn't we just add another octect. So my new IP is 1.24.101.1.15

Fortunately, nobody in their right mind would let Slashdot design a new network protocol.

Re:We need ipv4.5

[Bandman]

Awesome idea. We'll give Google 1/40, The government can 2/40, IBM will get 3/40, etc etc etc

Same problem. The ipv6 is not a "bad" idea, it's just sort of like...imagine in 1950s if the phone company decided "we could go with area codes to subdivide numbers to prevent running out, or we could use letters AND numbers".

Can you imagine the upheaval?

In a lot of ways, that would have been even easier to deal with, because everyone's phone was owned by AT&T. New phones could have been issued without too much problem.

No, imagine it instead in the mid 1980s. Ma Bell doesn't own the phones any more, in fact there are tons of cheap phones available, cell phones are starting to come out, and there are still rotary AND push button phones.

That's more like what the IPv6 switch is like. Do you give the new people 2 numbers, so that grandma can still call them? How long is it before you stop accepting legacy phones that only have 10 dialing options? How the hell do you get DTMF to work with 36 numbers? Do we need area codes? It would be weird without them, but we don't really need them.

The equivalent of these questions are still being asked. Just a couple of months ago, there was a huge to-do about NAT and IPv6. "IPv6 is a world without NAT". The hell it is. My internal routers don't get publicly routable IP addresses, even if I have to NAT back to IPv4.

When the wrinkles get ironed out, we're going to wonder how we ever did without it. During the transition, it's going to be hell for everyone (with the possible exception of the clueless end user, who might have to buy a new router at most).

Re:Class A Address Space

[drmerope]

Right. Most people are sitting on unaddressable addresses. The ANT census is pretty explicit on this point. Roughly 4% of the IPv4 address space is in use, 30% is not allocated at all, and the remainder (66%) is trapped due to inefficient allocations.

Re:We need ipv4.5

[snaz555]

Just a couple of months ago, there was a huge to-do about NAT and IPv6. "IPv6 is a world without NAT". The hell it is. My internal routers don't get publicly routable IP addresses, even if I have to NAT back to IPv4.

I agree with the sentiment - however, it's one of policy, not mechanism. NAT is a pretty poor substitute for a router that implements policy (known as a firewall). NAT has literally an all-or-nothing granularity. For instance, I might want to specify that an internal host can enable BitTorrent via UPnP, but under no circumstances can CIFS be allowed through - in either direction. An internal host sending a CIFS solicitation out does not mean a pinhole should be opened and some set of hosts (depending on cone of restriction) free to respond. NAT is just not a practical policy tool. It's an address space recovery tool. Reverse NAT, however, has some redeeming qualities for load balancing and failover - I'm not versed well enough in IPv6 to understand how they'd be implemented without NAT. (Anycast addressing, I suppose.)

But you can implement NAT in IPv6 just as much as in IPv4 if you wish. A router could appear to have a single interface ID and translate to/from that. It's largely unnecessary though since instead of a handful of IPv4 addresses you have an entire 64-bit space to yourself (and maybe even the SLN prefix, not sure about that).

IPv6 really is a major cleanup and simplification from IPv4. I'm slightly disconcerted by the increased dependency on DNS however.