ARIN Letter Says Two More Years of IPv4

dew4au writes "A reader over at SANS Internet Storm Center pointed out a certified letter his organization received from ARIN. The letter notes that all IPv4 space will be depleted within two years and outlines new requirements for address applications. New submissions will require an attestation of accuracy from an organizational officer. It also advises organizations to start addressing publicly accessible assets with IPv6. Is ARIN hoping to scare companies into action with the specter of scarce resources? This may be what's needed to spur adoption since there appears to be no business case for IPv6 deployment."

What about my toaster?

[MrEricSir]

When IPv6 was announced, one of the benefits was that everything could have its own IP address; even your toaster!

So as for a business case, what about the internet toaster business? If we don't switch to IPv6, what will they do?

Re:What about my toaster?

[omnichad]

IPv6 has 3x10^38 addresses.

Assuming that everyone in the world owns a 1080p monitor, that's about 1x10^16 pixels.

There would be enough IP addresses for each pixel, and still have more than enough IP addresses left to give every man, woman, and child's toaster an IP and also to replace IPv4 in its entirety.

Re:What about my toaster?

[Miamicanes]

> However, since each home network has 48 bits of address space (snip)

The last time I checked (about 6 weeks ago), ISPs are supposed to assign a 48-bit address to each "customer" (read: site, household, office, etc), who'll have 80 bits, not 48, under his direct control -- from a block whose upper 32 bits are assigned to the ISP by the local coordinator (ARIN, RIPE, etc). In English, here's a theoretical IP address represented by placeholder letters (each letter represents 1 hexadecimal digit = 4 bits):

aaaa:aaaa:bbbb:cccc:dddd:dddd:dddd:dddd

where

aaaa:aaaa is a prefix assigned by ARIN/RIPE/etc to the ISP. For now, most of the addresses we see will have "2001" as the first 4 digits.

bbbb is a 16-bit value, representing 65,536 potential customers. This is the part the ISP gets to assign to customers.

cccc is another 16-bit value. This is the part you, the customer, are officially supposed to be able to use however you please

dddd:dddd:dddd:dddd is a 64-bit value. In theory, this value is supposed to be determined by your ethernet card's MAC address. Originally, it was "mandated". Due to privacy concerns (your ethernet card would be trackable out-of-band wherever in the world you used it from and would have effectively been the "tracking cookie from hell"), it was first softened to allow some randomization, and eventually made a "recommendation". More on this in a moment...

So... what does this mean for you, Joe DslCableModelCustomer? In theory, you will someday be getting a letter from them to the effect of, "Your new IPv6 prefix is 2001:3f87:991d:/48". What does this mean? In the real world, it means you'll plug the shiny new Linksys router you bought circa mid-2012 into it, and configure its address to be 2001:3f87:991d::1 You'll then verify that the rest of your network (192.168.x.x IPv4 addresses and all) is happily doing NAT, and forget about it.

To the rest of the world, your desktop PC (192.168.0.128) will either appear to be 2001:3f87:991d::1 (if the router is acting as an IPv4 proxy), or if you're extra-clever, will transparently be rewritten to something like 2001:3f87:991d:0::192.168.0.101 or 2001:3f87:991d:0::c0a8:0065. Ditto, for the other half-dozen computers and devices in your home that are connected to the internet.

A few weeks later, you get into an IPv6 fetish, and decide to abolish the IPv4 legacy and make everything pure IPv6. At this point, your public IP addresses look even prettier:

your firewall's new IPv6 address is set to 2001:3f87:991d::100
your desktop PC's new IPv6 address is now 2001:3f87:991d::101
your TiVO's new IPv6 address is 2001:3f87:991d::102
and so on.

Put another way, nobody is going to put a gun to your head and force you to use the lower 64-80 bits if you really don't want to. If you're a typical home user who just wants to plug things in and have them work, they'll autoconfig using the munged MAC address and publicly assume some horrific, ugly value its owner will probably never type directly anyway. If you want your network to be handcrafted, with addresses you can remember, you're perfectly free to collapse the 80 bits you control down to as few as 1 bit if that's what makes you happy. Maybe even ZERO bits (I'm not 100% sure whether 2001:3f87:991d:0:0:0:0:0:0 is a legitimate address, or whether the ::0 address still refers to the (sub)net as a whole).

As for privacy, I fully expect that most ISPs will eventually have a semi-anonymizing web proxy available for their customers to use. They'll keep logs for a few days to fight spammers, botnets, and criminals, but keep things sufficiently shuffled around to keep marketers from ever getting TOO comfy and intimate with your IP address. It'll make ISPs happy, because they can make it cache traffic and squeeze more use out of their upstream bandwidth.

Note that the allocation scheme I just mentioned IS radically different from what IETF envisioned circa 2000. Sometime in the past 2 or 3 years, they put down the crack

Re:Nothing gets fixed until it breaks

[SnarfQuest]

Just do a HDTV conversion. Give a specific date when IPV4 support will be dropped, then extend the date when the timeout gets close.

It's to try to get some attention

[kevmeister]

I just got back from the ARIN meeting this week and the letters are, indeed, a "scare tactic". Network providers keep reporting that PHBs won't spend any money on IPv6 even though engineers are begging for it. Most corporate officers probably think IP is only Intellectual Property and this is an attempt to draw their attention to the fact that the network world as they know it is going to end soon and that the only way to avoid serious problems is to either stop growing or to start IPv6 deployment. PHBs sometimes get the idea when they realize that not spending some money will lead to big problems in a few years. Others figure that if it's over a year away, it really does not matter because it won't impact their bonus this year, so it may not work, but we can hope.

As I keep pointing out

[wowbagger]

As I keep pointing out on each IPv6 story, there will be little motivation to move to IPv6 until you can hit major sites, like cnn.com and slashdot.org, using nothing but IPv6 packets.

We've made a bit of progress, in that now, if you have IPv6 connectivity to "the Internet", you can in theory do the name resolution entirely by IPv6 packets, now that the root name servers support IPv6.

Note to the "a little knowledge is a dangerous thing" crowd: yes, you can form an IPv6 packet with an IPv4 address, but that doesn't mean the target machine will actually be able to understand it - it is still a completely different packet type than an IPv4 packet.

So, does slashdot.org have IPv6 enabled? Does the colo housing slashdot.org's servers route IPv6 packets from the Internet to the slashdot.org servers? Can "the Internet" route IPv6 packets to the colo?

If a tech site like slashdot.org doesn't have the ability to handle IPv6 traffic, then why should I get all hot and bothered about trying to get IPv6? And if I'm not going to demand it, then why should my ISP spend the effort to supply it?

Re:Nothing gets fixed until it breaks

Go ahead, yank 'em all back. Worldwide, the five RIRs (AfriNIC, ARIN, APNIC, LACNIC, RIPE) go through 12-14 /8s per year. Don't give yourself a charley-horse patting yourself on the back because you managed to move out the exhaustion date by 8 months.

BTW, the US Government *gave back* several /8s.

IPv4 is terminal. Get over it and get your IPv6 on.

Re:Class A Address Space

[drmerope]

Right. Most people are sitting on unaddressable addresses. The ANT census is pretty explicit on this point. Roughly 4% of the IPv4 address space is in use, 30% is not allocated at all, and the remainder (66%) is trapped due to inefficient allocations.