Slashdot Mirror
IPv4 Free Pool Drops Below 10%, 1.0.0.0/8 Allocated
mysidia writes "A total of 16,777,216 IP address numbers were just allocated to the Asian Pacific Network Information Centre IP address registry for assignment to users. Some venerable IP addresses such as 1.1.1.1 and 1.2.3.4 have been officially assigned to the registry itself temporarily, for testing as part of the DEBOGON project. The major address blocks 1.0.0.0/8 and 27.0.0.0/8, are chosen accordance with a decision by ICANN to assign the least-desirable remaining IP address ranges to the largest regional registries first, reserving most more desirable blocks of addresses for the African and Latin American internet users, instead of North America, Europe, or Asia. In other words: of the 256 major networks in IPv4, only 24 network blocks remain unallocated in the global free pool, and many of the remaining networks have been tainted or made less desirable by unofficial users who attempted an end-run around the registration process, and treated 'RESERVED' IP addresses as 'freely available' for their own internal use. This allocation is right on target with projected IPv4 consumption and was predicted by the IPv4 report, which has continuously and reliably estimated global pool IP address exhaustion for late 2011 and regional registry exhaustion by late 2012. So, does your enterprise intranet use any unofficial address ranges for private networks?" Reader dude_nl sends in a summary of the issues with allocating from 1.0.0.0/8 from the BGPmon.net blog. "As Alain Durand mentioned on Nanog: 'Who said the water at the bottom of the barrel of IPv4 addresses will be very pure? We ARE running out and the global pain is increasing.'"
AnoNet is one of those who use 1.0.0.0/8 for private VPN because everyone thought it wouldn't be in use. I am pretty sure there are A LOT of organizations and other services who do too.
anoNet is a decentralized friend-to-friend network built using VPNs and software BGP routers. anoNet works by making it difficult to learn the identities of others on the network allowing them to anonymously host content and IPv4 services. Assuming that a router administrator on such a metanet knows only information about the adjacent routers, standard routing protocols can take care of finding the proper path for a packet to take to reach its destination. All destinations further than one hop can for most people's threat models be considered anonymous. This is because only your immediate peers know your IP. Anyone not directly connected to you only knows you by an IP in the 1.0.0.0/8 range, and that IP is not necessarily tied to any identifiable information.
To avoid addressing conflict with the internet itself, the range 1.0.0.0/8 is used. This is to avoid conflicting with internal networks such as 10/8, 172.16/12 and 192.168/16, as well as assigned Internet ranges. As of January 2010 IANA has allocated 1/8 to APNIC.[1] If the service does not switch to another address range then Internet hosts using 1.0.0.0/8 will be inaccessible to AnoNet users.
What will happen will be the standard that us humans have followed throughout the ages.
We will wait until the IPv4 addresses run out and then force businesses to start using IPv6 if they want to get on the internet.
There will be a temporary boon for networking manufacturers as companies will have to change their equipment
As a side curiosity, I wonder how many public IPv4 IPs are actually in use.
I seriously read that as Dagobah
No sig for you!!
They'll never take my 127.0.0.1 away from me, dammit!
Seven puppies were harmed during the making of this post.
Thats the IP address of my luggage.
numbers and car plates.
I'd love to have 1.1.1.1, or 29.09.19.69 (my bday)
The Cloud - because you don't care if your apps and data are up in the air.
Why are some IP addresses more desirable than others? They are just numbers after all.
http://michaelsmith.id.au
I seriously doubt that GE, IBM, AT&T, Xerox, HP, Apple, MIT, Ford, AT&T (again), Halliburton, Bell, Prudential securities, UK government Department for work and Pensions, Dupont de Nemours and Co., Inc, Merck, USPS and some others deserve or need a /8.
I guess it's ICANN or ARIN that forces audits and demands accountability of usage of address space. Who are some of the big targets for recovery? Apple should be target numero uno with the entire 17.x.x.x class A. I know my college used a lot of 143.88.x.x as live ip's for every work station and wifi-connected laptop that happened to come along. No, that's not a lot, but just an example of the waste that goes on.
(Now i'm going to be flamed by the "NAT is just a crappy hack/workaround" crowd.) Oh well.
I had a sucky sig.
The way I understand it, routers still use IPv4. Is it feasable for routers to use IPv6 amongst themselves, freeing their IPv4 addresses for use at endpoints?
Run this script to get your own IPv6 address today:
CUR_IP=(`ip -4 addr show ${CUR_DV} | awk '/inet / { print $2 }' | sed -e 's/^\(\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*$/\1/'`)
IPV6_ADDR=$(printf "2002:%02x%02x:%02x%02x:%04x::%04x" $(echo "${CUR_IP} ${SLA_INTF} ${INTF_ID}" | tr '.' ' '))
ip tunnel add tun6to4 mode sit remote any local ${CUR_IP} ::/0 via ::192.88.99.1 dev tun6to4 metric 1
ip link set dev tun6to4 up
ip -6 addr add ${IPV6_ADDR}/64 dev tun6to4
ip -6 route add 2002::/16 dev tun6to4
ip -6 route add
Install radvd if you want to share your new IPv6 subnet with other people on your local network.
This is all it takes. You do not need to wait for your ISP to get a clue.
Only problem is this does not work with NAT.
Even if you could recoup some of these addresses, this would only afford a few months of use, so it's not going to be worth the effort.
So, what? Some idiots have abused reserved or otherwise unused netblocks for their internal networks. I honestly couldn't care less. I have seen this before, even with other blocks which were already in use. It is a very bad practice. Unfortunately there is only one way people might stop doing this: Allocate the blocks now. If users won't be able to reach certain sites, the admin might change the internal addresses. Or they might not. Who cares? No, really: Who cares?
Where I work perhaps 50% of our IP allocations are due to requests for SSL websites. Now imagine a world without IE6/Windows XP where IIS supported SNI. Unfortunately I suspect Microsoft has once again been far too slow to catch up. That was the obligatory Microsoft bash out the way - seriously though, how long is it going to take to finally lose the ridiculous single address per site requirement for websites in a globally supported manner?
From the beginning of IPv6, something was missing: the possibility for IPv4 only hosts to reach IPv6 only hosts. The solution is a form of nat, called NAT64, but a few months ago it was just a vague proposal AFAIK. As long as this is not solved, the transition to IPv6 *cannot* work. There is a simple reason: the planned transition involves ALL hosts talking both IPv4 and IPv6. When you speak both, inevitably the least used IPv6 is not supported well, and people end up using only IPv4.
It's so obvious, I find it shocking it's not taken into account more seriously.
But I did notice the other day that Time Warner is using 10.0.0.0 for user devices, and not just between the device and its gateway. Such IPs are exposed to the public, and fully routable within their network. Well, the cross-section of the public limited to TW customers, I suppose. I discovered this quite by accident. I thought my WiFi router was at 10.something and was very puzzled by the web page I received, which said "Scientific-Atlanta WebStar Cable Modem". Turns out my router is at 10.somethingelse
cat
I've been using 1.1.1.1/8 at home for years. It's by far the quickest to type and remember.
I'll probably keep using it for a while, until I need to reach any of those officially allocated addresses in 1/8. Hearing they got allocated in Africa and Latina America is really good news, since I rarely go to African and Latin American websites.
It looks like that the Map of the internet needs to be redrawn soon.
No, I don't know why it is that and not something else. We only have a couple hundred assigned IP addresses.
So many network examples out there use 1.1.1.1 and 2.2.2.2 as addresses - I hope the APNIC has the sense to make 1.1.1.0/24 reserved.
1.0.0.0/8 isn't publicly routable - it was reserved, and ISPs don't route it, though they'll be starting now. 1.0.0.0/8 was temporarily safe to use *because* it wasn't routable or used for real Internet sites.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
How about the Class E (reserved for future use) range? That's another 15 "Class A" blocks excluding RFC0919.
How many people use anything but 224/8 for Multicast applications? IANA seems to have most of that space reserved or experimental.
who claim that IP exhaustion is a conspiracy thought up by Al Gore to generate more money for the British Royal Family, and that if we ignore the liberal computer scientists and their biased journals, everything will be fine.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
I'm really ticked about how the allocation of addresses has been handled over the years, and I can't seem to get a reasonable answer as to why the allocation strategy can't be fixed. How come we can't (pardon the expression) claw back a bunch of allocated but unused addresses from the organizations that are squatting on them? How come we can't allocate addresses in smaller blocks?
So still no need to start getting infrastructure ready for IPv6?
Jumpstart the tartan drive.
Oh geez, I'm gonna have to explain things to my Mom after she gets the following notice in the mail:
"Great news! Our engineers have invented an amazing new technology called IPv6 that NONE OF OUR COMPETITORS HAVE: More addresses! Greater speed! Less lag! New HD content never before available! OMG this new technology called VOIP works over it! Perform online backups! And enjoy the $20 increase to your monthly bill!
That or Obama launches a "Rebates for Routers" program - 6 months AFTER I purchase an IPv6 device.
Not the first time the IPv4 Sky is falling. CIDR and NAT fixed the first couple of times. Quite possible there will be a large proliferation of v4 to v6 gateways. Or other policy changes to prolong the available pool of IPv4. The "drop dead date" for running out of address space keeps getting pushed out....
This has been addressed time and time (and time) again. a) Those organizations would have to defrag their IP space before large blocks could get released, a process that's slow, intensive, and expensive. But more importantly, b) even if they did that, and then release those blocks for reallocation, at the current rate of consumption, it'd buy us, what? 18 months? Two years at the outside? Meanwhile, global routing tables would get even *larger*, and they're already gigantic.
No, reallocating unused IPs is a total fucking waste of time. That time would be *far* better spent getting IPv6 deployed so we could all move on from this mess.
I want 1.3.3.7
"There is no Honor, without Pie."
-Weeble
....for 1.3.3.7... :)
-- filgy
Oops - the house which one of my servers is on uses 1.1.0.0/16 for its internal connection.
I told him to change it.
I run an HE tunnel at home to provide IPv6 connectivity to my personal network, and it's been working great, and has the advantage over SIXXS of more geographically distributed tunnel endpoints (SIXXS' seem to be clustered on the east coast, while, HE has endpoints in California, among other places). Though you do need to rig up a script to update the tunnel should your IP address change.
Throw in a free v6-capable DNS hosting service like freedns.afraid.org and you're laughing.
Why does Hewlett-Packard have not one but TWO /8 IPv4 address ranges? Ain't they heard of NAT? How many other corporations have legacy /8 addresses and are holding on to them, not because they need them but because their laziness to move towards efficient use of those addresses creates a sense of entitlement to those very addresses.
How is 1.1.1.1 one of the "least desirable" ip addresses? I'd love to have it!
When I discovered m0n0wall 1.3 hit the pavement, with support for IPv6, I made the move to transition my home network to v6, for no other reason than it seemed like an interesting thing to do (what can I say, I like to tinker). In the process, I looked to moving all my services to v6... obviously I can't completely abandon v4 internally, but I figured, why not move all my internal stuff over? Problem is, among the software I use, the following don't support v6 at all:
Linux NFS client and server
MySQL
MythTV
rtorrent
m0n0wall's VPN implementations (both IPSec (ironically) and PPTP)
And those are just the first four that popped up (though at least I was able to patch rtorrent). God knows what other software out there doesn't support v6. Of course, many of these things can live in private v4 networks for the time being, but until application vendors catch up with the times, it seems v4 and v6 will be living side-by-side for a long time to come.
I wonder if speculators and investors are buying up all the IP4 addresses just to resell them at 10x the price. The same speculators that made billions doing this to housing until a bubble formed.
Or am I just paranoid? I would be tempted myself if I were an evil billionaire.
http://saveie6.com/
ARIN is totally incompetent; Not only does the Prudential have a /8, but back in 1992 when I worked at the Prudential Bank in Atlanta, that totally separate division applied for and got a class-B (158.221) and still holds it to this day. The ridiculous thing is that they will never use it, never did and when I tried to get ARIN to look into getting it back in the late 1990s, that fell on deaf ears. In fact, the Prudential Bank doesn't even exist anymore at the address in the registry entry for 158.221; I don't know if they even exist at all anymore. Go and reclaim dead IP space, and then see what is left.
among the software I use, the following don't support v6 at all
Please file bugs. Most Free Software projects take IPv6 very seriously indeed.
Princess Cruises uses 1.1.1.1 to logoff their (expensive) ship wifi networks.
We are going to run out of IPv4 addresses in March next year (422 days from today) /JB
http://ipv4depletion.com/?page_id=4
When I think of "global pain", I don't think of IP addresses running short, sorry. It was not on my list and still isn't. Maybe it's an annoyance or nuisance to certain affected people. If I don't seem sympathetic, it's because I'm not. It's a problem that needs to be addressed, but let's not resort to self-discrediting hyperbole.
- please main distros, change to ipv6 by default if at all possible;
- someone please point/make a quick (one page) ipv4 to ipv6 migration guide;
- is there a way to make all ipv4 addresses become ipv6 with leading zeros implied?
- how to make the old equipment work? do they signal ipv4/6 compliance? (absence of ipv6 compliance could be understood as ipv4)
and other things I may come up with...
In the case of NFS and MySQL, both know about it, and both are looking to fix it, but we won't see the changes any time soon (MySQL expects to see v6 support in version 6.0, and I have no idea when NFSv6 support will land). rtorrent has a patch, but it isn't in stable yet, and I inquired on the m0n0wall mailing list, but alas, received only radio silence. As for MythTV, there's absolutely no mention of v6 anywhere, aside from a stub page on their wiki, so I'm not sure it's even on their radar (though you're right, I should inquire).
There has been an increasing amount of IPv6 support out there. Part of the problem in terms of going IPv6 right away is that many of the high end routers out there accelerate IPv4 but don't accelerate IPv6. Basically when you deal with large amounts of data, it is infeasible to do everything in software. So you have ASICs to help speed everything up. Works great, but said ASICs have limits to what they can do and being hardware, can't simply be reprogrammed. This means you have to buy new hardware to support IPv6, which is of course expensive.
We had that situation on the campus I work on a few years ago. Some people were wanting IPv6 but we didn't support it. Technically, it could be enabled and run on the routers' CPUs but that would only work if a few people used it. If usage got higher, the routers would crash under the load. We needed new routers (or more properly new supervisor modules for them) to support it. However, it was really expensive, a few million for all of campus. That money was not going to be spent just so people could play with IPv6.
However, we've had to upgrade the routers anyhow to support more traffic and such, so now they have IPv6 hardware and IPv6 is routed on campus.
Thus I think you'll see this continue to happen. New hardware supports IPv6, companies will get it, and will then be able to support IPv6 no problem. It just won't be an immediate process. They aren't going to go and buy IPv6 hardware just to get IPv6 support if they don't need it. However, when they need new hardware anyhow, the stuff they get will have IPv6 support.
I think we are more likely to see a gradual change. More and more networks will start supporting IPv6, and people will start using it because it'll be cheap. An ISP will say something like "Well sure, you can buy IPv4 addresses for $10/month each, however your account includes more IPv6 addresses than you can ever use for free anyhow." So people will start using it.
I am a former good faith Wikipedian banned because of checkuser abuse by J.delanoy and Dominic. Wikipedia uses a flawed assumption that if you share a popular subnet you must be a sockpuppet of a vandal. With more and more people behind NAT get ready for Wikipedia to ban more of its users due to the flawed checkuser. This is the most annoying example of the shrinking IP addresses.
Shouldn't this all be handled in the network stack?
http://michaelsmith.id.au
...or has ICANN managed to weasel its way into IP allocations?
The major address blocks 1.0.0.0/8 and 27.0.0.0/8, are chosen accordance with a decision by ICANN to assign the least-desirable remaining IP address ranges to the largest regional registries first
I thought IANA was responsible for IP allocations. Don't tell me ICANN has IANA in its evil grasp as well!
Uh, no, not at all. To resolve v6 hostnames, you have to retrieve AAAA DNS records instead of A records. That's an application-level activity. Once a v6 address is chosen, the application must be written to create a v6 socket from that address.
Now, it's true that higher-level APIs can hide these details (I believe Java applications are automatically v6 aware thanks to the higher-level APIs exposed by the JDK), but applications written against POSIX must be explicitly written to support v6.
Which begs the question... how many single stack systems are left out there? Is this really an issue?
All current desktop operating systems are dual stack capable.
Most current 'big iron' routers, switches & etc are dual stack capable.
Lower level stuff like dumb switches don't give a damn.
That pretty much leaves the consumer grade DSL and Cable gateway.
Newer ones are dual stack, but most aren't.
However, given the crappy quality of these devices, they will all be doorstops within a couple of years... and replaced with dual stack gateways ( of similar crappy quality).
So should we really be worried about leaving anyone behind?
I have dual stack at home, natively. For all intents and purposes, IPv6 is useless to me. As a result, support is worse. If it goes down, I don't really notice it, and my ISP doesn't give much of a fuck ("err, use IPv4").
Furthermore, as long as not everybody has dual stack, everybody suffers from IPv4 address exhaustion. In other words, the dual stack "solution" means that we have to use IPv4 until every single host (or at least every host we need to talk to) has implemented IPv6. In reality, it's clear that 20 years in the future there will still be idiots still running IPv4, because they can't be fucked to migrate. When I see how networking is broken in many enterprises, I don't see how they'll ever migrate to IPv6. I could tell you about all the brokenness I've witnessed, even in companies that are supposed to be somewhat technically oriented, and it's fucking scary.
Forget dual stack. And don't call it a "solution," it's not just ridiculous, it's delusional.
If it makes you feel better, I recently found out that the Homegroup feature in Windows 7 *requires* IPv6 to function. Reassuring on one level, on another level (the one that has me replacing my venerable wifi router) it's a complete pain in the ass.
Comment of the year
Expect those that hold an outrageous, overly-sufficient block of IP addresses to begin trading the subnets for cash, if, of course, the price of trading them is less than the cost of implementing IPv6.
Anyone want to build a trading application?
Oh dear. I thought Peak IP was just a myth!
I'd love to have 1.3.3.7 as my permanent IP address.
On the Windows side, RDP still doesn't appear to support IPV6 yet.
Is this really an issue? All current desktop operating systems are dual stack capable.
"Capable" is necessary but not sufficient. To be useful, all of those devices you listed also have to be configured so that they are functional as IPv6 devices. That may be the bigger challenge at this point.
I don't care if it's 90,000 hectares. That lake was not my doing.
regional registry exhaustion by late 2012
This is excellent timing. For what you ask? Then end of the world is all, hence we won't need anymore [IP's].
Good timing chaps!
Why is common sense called that if it's not common?
Indeed, the real irony is that Microsoft is well ahead of the game when it comes to v6. In Vista and Win7, v6 is enabled by default, and MS has been running a Teredo server (but unfortunately no relays) for some time now.
rtorrent and m0n0wall need to get their act together, but the thing is that NFS and MySQL are amongst the services with the least-pressing need to incorporate IPv6, as they're almost never publicly-accessible services (IPv4 is going to live on in internal networks long after it's dead on the wider 'net; remember IPX?).
MythTV may be an issue, but I'm assuming most of its communication with the outside world happens over HTTP, probably with curllib or similar libraries, so "IPv6 support" should just mean compiling against a reasonably modern version of the library supporting IPv6, and possibly UI tweaks. On the server side, all the major HTTP implementations already support IPv6.
131/8 was used in one or a few books or TCP/IP training courses. I can't remember which, I think it might have been Novell's TCP/IP course.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
So, when will the network providers start to offer IPv6 connections?
Grey's Law: Any sufficiently advanced incompetence is indistinguishable from malice.
And when you're only getting no where near IPv6's address space for the same upgrade cost, it'd be a very large effort for very little value.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
In the case of MySQL, stop using a toy and start using a REAL database.
http://www.postgresql.org/about/featuredetail/feature.67
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
IPv6 Support is in progress for MySQL. It looks like it's maybe going to be in 5.2 or 6.0 (depending on how you read it).
See http://forge.mysql.com/worklog/task.php?id=798
Like most people, I'm waiting until my ISP switches to IPv6. Until they change my IP address, then I have no reason to change my internal IP addresses. I mean really, what's the point? Most of us have no control over whether IPv6 is implemented anyway.
"A total of 16,777,216 IP address numbers were just allocated to the Asian Pacific Network Information Centre IP address registry for assignment to users"
Oh, that's good to know. Now I don't have to bother looking up the registrar for all of those hacking attempt logs on my Linux server.
Done for netatalk. Supposedly they're working on it for netatalk 2.1, due out maybe some time this year.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
When I got in to tech 10 years ago, IPV6 was 6 months away from implementation, AFAIK it still is ;)
I'll keep null-routing the spammers.
Good luck to them on their newest IPv4 beachhead. It won't get them even a ping.
Me
and I have no idea when NFSv6 support will land
Latest changelog entry from the Fedora nfs-utils package:
* Thu Jan 21 2010 Steve Dickson 1.2.1-13
- mount.nfs: Configuration file parser ignoring options
- mount.nfs: Set the default family for lookups based on defaultproto= setting
- Enabled ipv6
Am I the only one that can see the connection? :)
"which has continuously and reliably estimated global pool IP address exhaustion for late 2011 and regional registry exhaustion by late 2012"
The Maya Calender ends 2012 a coincidence I think not!
They have foreseen the end of IPv4 address space.
It's the beginning of the end.
I thought there were only 126 Class A networks, 1.0.0.0/8 - 126.0.0.0/8, and as there are 16,384 Class B networks, where does this 256 major networks come from?
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
Generally speaking, MySQL is very well suited for home use. I'm as much of a proponent of using the right tool for the job as anyone, but the various home applications are the sort of thing that MySQL is aiming to serve. Given how long we've been transitioning the ipv6, the lack of support for it in NFS and MySQL is disheartening.
"The universe seems neither benign nor hostile, merely indifferent." --Carl Sagan
for an IPv4 dead pool!
POSIX support is easy if you use the new generic getaddrinfo and getnameinfo. Code needs to be ported from the old way which hardcoded IPv4 addresses (AF_INET). A properly written program will support both IPv4 and IPv6 and will use the right one based on network interfaces and DNS.
are those countries too poor to implement NAT or something?
Since July 2007, I have developed and maintained a dual-stack IPv4+IPv6 network for my employer. Considering the recent news, I will be publishing more on my internal work ASAP. Here's what you can do to get started...
/48, with each site its own /64. You can also co-route global address ranges with IPv6: so I have a second set of addresses based on a /48 I get from HE.net's tunnel broker; I've been able to switch to that from SixXS subnets without having to reprogram 200+ internal DNS entries because of the ULA range.
1. Most offices can run off a single IPv4 static IP address: the majority of my sites use 192.168.1.0/24 internally.
2. For permanent internal IPv6 access, I route Unique Local Addresses to each site. All the company uses a
3. I use tinc to link together my IPv6 sites over IPv4 Internet: this is the original work I did back in 2007; I've long since figured out how to dynamically route with OSPFv3 instead of static routes.
4.I've been regularly blogging about my IPv6 findings in my tech blog, as well as collaborating with a friend or two via StumbleUpon & Facebook. http://unquietwiki.blogspot.com/search?q=IPv6
Just quite assigning IPv4 addresses, especially garbage ones that people without a lot of brains have been using for LANs in violation of the spec for years.
The pain will go away when we really are forced to use IPv6. The technology is here, and it already works. When Cable and DSL customers can't access websites, then their providers will have no choice but to pull themselves into the 21st century. If they don't do it, then that is simply an opportunity for a business to provide IPv6 tunneling to people. I could easily see IPv4-only customers who need to remotely access their employer to pay for such a service. And once some clever person figures out that they can buy IPv4 addresses from people and sell them at huge mark-ups to businesses that want them for their main online sales presence. Not unlike what happened when the phone company ran out of 800 numbers and started issuing 888 and 866 numbers, people with old non-commercial 800 numbers were being contacts to buy their number (in the 1990s, often a family would get an 800 toll-free number so their college attending kids can call without a calling card)
I don't mean to trivialize the whole IPv4 panic, but from where I sit it really does not seem like a big deal.
“Common sense is not so common.” — Voltaire
If we went forth and put TCP on top of CLNS/CLNP.... But Nooooooo... The "Not Invented Here Syndrome" struckthe IETF, and here we are, with a messy migration to IPv6.
Have fun!
Suerte a todos y feliz dia.
*** Suerte a todos y Feliz dia!
The IPv6 spec reserves space for the entire IPv4 network, making translation between the two a snap
That reservation is more or less a joke. It is great (in principle) if you want to send a packet from an IPv6 host to an IPv4 host. But how does the IPv4 host send a reply back? The short answer is, it can't. It can't because there (obviously) is no static mapping of IPv6 addresses to IPv4 address. There is no way to cleanly fold 128 bits into 32.
That means that there are only three basic ways for IPv4 hosts and IPv6 hosts to interoperate: v4v6 network address transation (NAT), application layer gateways (ALGs), and dual stacks. Presumably, the main point of IPv6 is to avoid NAT, so v4v6 NAT is a relatively undesirable solution. Application layer gateways for every external communication protocol are even more problematic. That leaves dual stacking, which is a way of solving the IPv4 IPv6 interoperability problem by conceding the plain truth - that IPv4 and IPv6 are not interoperable and never will be.
The only way to avoid NAT or ALGs is for every last Internet connected device on the planet to be dual stacked. That is going to take at least a decade. There will probably be lots of strange NAT and ALG solutions in between.
The more interesting question is if there were a market for IPv4 addresses, such that organizations had a significant economic incentive to renumber and minimize the number of IPv4 addresses they used (and the size of the routing tables necessary to reach them) how long could we survive on the current system? I would guess a half century at least.
Given the likelihood of this sort of economically motivated renumbering effort once centrally allocated blocks of IPv4 addresses run out, at what point does the overhead of the necessary network address translation outweigh the cost of administering a parallel IPv6 network that reaches nearly every device on the planet, in addition to the IPv4 network that is already there and which must remain there indefinitely (down to the level of each individual PC) in the absence of all the alternative v4v6 NAT and ALG devices we are trying to avoid in the first place?
Essentially IPv4 has a defective design, and IPv6 has exactly the same defect, with a slightly larger address space. Slightly because hierarchical allocation will use up those initial 64 network addressing bits in a big hurry. IPv6 is no more than a stop gap for a some sort of variable length address (VLA) scheme, the only alternative that that isn't essentially an exercise in planned obsolescence.
The Federal Reserve System was instituted before the Great Depression.
Yes. However, its power was limited at best prior to the change from the gold standard to a fiat currency, a transition that started in the Great Depression with a nearly 2:1 devaluation of the dollar (preceded by making all private gold holdings temporarily illegal), and completed with the final abandonment of the gold standard nearly a half century later.
Since the latter date, the only thing that ultimately sustains the value of the dollar is the Fed's motivation not to print too many of them, a motivation which more often than not goes in the other direction. Hence the decade of 10-12% inflation that immediately followed the abandonment of the gold standard in August 1971. All we need to do to solve the unemployment problem is to print a sufficient amount of money, right?
One wonders how the phone companies were able to solve those kind of issues without even having a common length of phone numbers.
Heck, many countries went from 6 digits number to 10 without many issues. And I can call any country from any country no matter how many digits the phone numbers have in either country.
No someone come in and explain to me why this cant be done with network addresses ?
Is somebody is going to tell me that the telephone tricks dont work because IP networks are packet-switched rather than circuit-switched ?
It's a "solution" that requires that, at some point in the future, everyone will jump to IPv6 at the same time. It's not a gradual transition.
What would be a gradual transition would be a solution whereby some people can actually start using IPv6 right away and others move little by little.
TV is centralized. The internet is not.
It doesn't matter how many IPv6 addresses you have as long as there remain IPv4 only clients that cannot access them. The only way the transition is going to be gradual is with a whole host of v4v6 and v6v4 NAT and application layer gateway devices.
The main people that need to run such devices are the end user ISPs. Until they do, no IPv4 only client will ever be able to reach a IPv6 only server. SNI aside, every publicly addressable IPv6 server will require the same number of IPv4 addresses as it does now. Dual stacking will not save an iota of IPv4 address space until IPv4 clients are practically required to use some sort of v4v6 NAT or ALG to access the rest of the (IPv6) Internet. To say nothing of the v4v4 or v6v4 NAT required so that every last ISP client doesn't require a routable IPv4 address as well.
I have have seen the future, and it is NAT until the cows come home (unfortunately). All this dual stacking is a worthless exercise without the v4v6 and v6v4 NAT (or ALGs) necessary so that the number of IPv4 addresses required actually goes down. I sure hope somebody is reserving the address space so that v4v6 NAT is actually practical, because we are going to need it for a long time, and the IPv4->IPv6 transition won't happen without it.
POSIX support is easy if you use the new generic getaddrinfo and getnameinfo. Code needs to be ported from the old way which hardcoded IPv4 addresses (AF_INET). A properly written program will support both IPv4 and IPv6 and will use the right one based on network interfaces and DNS.
Pure client software is easy to adapt, as you note. Software that opens server sockets is slightly more complex as it may need to open two sockets (one for v4, one for v6) where it previously only opened one. There's also questions relating to what happens when a v6 address hits higher-level software due to their no longer using just digits and dots. (Yes, that sounds silly but it's probably the single biggest software issue left: working out where people have done silly things with assumptions and used discovered addresses in odd ways.)
"Little does he know, but there is no 'I' in 'Idiot'!"
Dual stack creates a catch 22. What is the point while we have enough ipv4s. We can't use it when we run out. To address this currently on the table are: NAT64 (not the deprecated NAT-PT) and dual-stack lite.
NAT64 is for pure ipv6 clients and when talking to a client with only v4 connectivity it NATs them into ipv6 space. This is deployed somewhere in China already, and there are ieft drafts busily sort out the general case details. That nasty part is that it requires DNS64 to work which tends to get in the way of DNSSEC but otherwise it seems to work fairly well.
Dual-stack lite is the other possible solution on the table. This again assigns only ipv6 address to the customer. But there is also a 4 in 6 tunnel to an ipv4 NATTing firewall that will remember both your ipv4 RFC1918 private address and ipv6 address the packet was tunnel in from.
Both of these require scary NATs across multiple customers an ipv6 address as input. But at least they gets ipv6 to consumers.
The very scary transition scenario is scary NAT across multiple customers with no ipv6 addresses to escape with.
Today most interesting servers have real v6 options already and are staying v4 because there are a lot of horrible or broken ipv6 setups today. I get routed to Europe from San Francisco when I use 6to4 or Toredo tunnels, and my ping times to google go from 20ms to 170ms, and there are much worse setups out there.
It is the new clients going v6 because they have no choice that is going to drive v6.
... must definitely not know his decimal table.
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
IPv6 for NFS is available since Linux 2.6.30, according to http://fedoraproject.org/wiki/Features/NFSClientIPv6
:wq
What you describe is "niche", not gradual. Gradual would be a scheme whereby usage grows steadily and significantly. With what you describe, traffic grows very little, for a very limited set of applications (torrents and your port 22 traffic).
But more importantly, it means that there's no reason to move to IPv6 if you have addresses. And those who don't are fucked because they can't do jack shit with their shiny new IPv6 addresses. Well, jack shit except warez and trying to hax0rize your boxen.
My xkcd "Map of the Internet" poster just got outdated.
well I think this whole Maya Calender issue is highly overrated. Everbody is wondering about this 2012 date. But I say: If the Maya had realy been that prophetic - for them, a calender that ends in the 16th century would have sufficed .
Or rather, old applications hardcoded with AF_INET sockets need to be rewritten to use the AF-agnostic POSIX APIs - if you use getaddrinfo(), you generally don't need to care about the AF. Of course, there's some cross platform complications, but isn't there always...
When you have both stacks, and one of them has all you need (IPv4) and the other has nothing the other doesn't (IPv6), you end up not using the latter, and/or it gets neglected.
That's why Google had to implement their big DNS kludge: many IPv6 connections are fucked, but nobody notices because nobody uses it.
They will get less peers on their bittorrent,
No they won't. Because everybody who has an IPv6 address on bittorrent ALSO HAS an IPv4 address.
Again, I have native IPv6 at home, and it's completely useless. I mean it's nice to have it, as a sysadmin, so I can play with it to learn the thing. But it's completely useless, and will remain so until everyone has migrated -- i.e. never if things don't change. And things will only change when a form of Nat is implemented.
Mark my fucking words.
Dual stack is not a transition plan.
Ok, my bad. Somehow my eyes looked at 1.0.0.0 and saw 10.0.0.0. Yes, nobody should have been using 1.0.0.0 for private networks, and if they have, you're right, they haven't got a lot of brains.
It's a matter of demand. ISPs, I think, don't want to be in the position of 'forcing' IPv6 on their customers and then being blamed for problems the customers have because they are using IPv6 and pretty much everyone else on the Internet *isn't*. Where's the advantage here, from a marketing/PR standpoint (there might be technical advantages which your customers will never know about)?
As an ISP, why would you want to spend a lot of money on marketing and technical support to 'evangelize' customers on IPv6? First you have to convince customers they need something before you can 'sell' it to them.
The Slashdot crowd (at least, those of us who understand why IPv6 will be a good thing, long term) need to start educating/evangelizing our family, friends, and acquaintances about IPv6 and get them all to email their ISP asking when the ISP will be implementing IPv6. Maybe if the ISPs saw enough requests from customers, they'd decide to at least make it available for those who want it.
MySQL? Try a real database.
The other problem is that if people are proactive about fixing things beforehand, rather than be grateful, other people then just ridicule: "All that money got spent fixing it, and then nothing happened", which misses the obvious point that maybe nothing happened because it was fixed.
I've seen it on here, even geeks aren't immune to this fallacy. Y2K is the classic example, but it also happens with epidemic warnings, most recently with swine flu - if a Government doesn't vaccinate and there's an epidemic, they get blamed. But if they do vaccinate, then even if the risk was genuine, and even if epidemic is averted due to the vaccination, they still get blamed for scaremongering and wasting resources.
Imagine if people warned of the problem, and a load of money was spent fixing things so we moved to IPv6 in time, and no problems occurred. Would it be hailed as a great success? Of course not - lay people would just be going for years afterwards "Oh, remember all that nonsense about the IPv4 problem, and then nothing happened?"
If I were you guys, I wouldn't hang my hat on IPv6 either. Those addresses could run out before you know it (especially since I just assigned 15 million ip addresses to my toaster oven this morning)...
It is great (in principle) if you want to send a packet from an IPv6 host to an IPv4 host.
In 'principle', whatever. The problem is that this does not, in fact, fucking work, as I've ranted about here every time this has come up.
The problem is said idiotic 'dual stack', and the goddamn idiotic way the entire thing was built.
What should have happened is that, by now, 90% of the devices on the planet should be using IPv6 to communicate using IPv4 addresses. Everyone should be talking IPv6, and when it hit an IPv4 only network, it got converted if it's in the IPv4 range. All devices should only speak one thing in each direction. If the other end, or the other devices on the network, spoke IPv6, it spoke IPv6, otherwise, it not only would speak IPv4, it would convert other traffic.
No damn tunnels, no damn 'dual stack', no damn confusion. You plug the device in, it uses link-level negotiation to say 'IPv4 or IPv6', and picks IPv6 if it can, and converts things back and forth as needed. You get one IP, and if it's in the IPv6 range, you can't use it over IPv4-only networks, so everyone stays with the IPv4 ranges until they're sure there aren't a lot of IPv4-only networks.
At some point, we'd hit high enough percentage IPv6 traffic that we could safely start selling IPv6-only addresses. Eventually, companies would start trading their IPv4 in. We could leave that address space as a slightly more expensive option, so that people with hardware that can't ever be upgraded to do IPv6 could keep using it. (Because the traffic would be transparently converted.)
Instead we got a damn rollout of IPv6 on OSes...no consumer routers or anything, and no one is actually using it anyway, so we're going to run into a metric shitload of problems when we actually try to switch over.
Why did we do that that way, instead of the sane way? (The way we, in fact, changed TCP from single byte addressing to four byte addressing.)
Well, it was slightly cheaper to have a dual stack device than a converter device. Maybe. In actuality, of course, everyone just kept making goddamn IPv4-only devices.
If corporations are people, aren't stockholders guilty of slavery?
I had a tier1 carrier tell me their private IP MPLS network is using public addresses because of a software limitation of their label routers. This was after I asked why it wasn't privately addressed, then they said well some customers could have conflicting address space, which I then pointed out VRF and finally he got an engineer on the phone who said flat out it was a software limitation at the time of implementation. We're talking about hundreds of thousands of addresses here.
/24 of public address space. Did we ask for it? No. I tried to give it back, they don't want it.
We have a few dozen internet T1s used for backup connectivity and every one of them came with a
The problem here is the RIRs aren't doing their job in policing the address space. They get all starry-eyed when some big telco shows up and asks for a massive block of address space and just hand it over. The amount of wasted address space is SICKENING.
On the other side, the shear number of IPv6 addresses means that every network connected device can have it's own unique IP address hard coded at the factory, specific for the region where it is to be sold.
That's called a MAC address and it cannot substitute for an IP address. How's the factory going to know what logical structure the servers are going to inhabit? Your scheme eliminates the ability to do cut-through routing--that's a big hit in performance especially when there's 128 bits to read.
Time to bone up on the differences between physical and logical addresses.
Rescind/revoke all address blocks for China.
> There's also questions relating to what happens when a v6 address hits higher-level software due to their no longer using just digits and dots
Reverse-NAT. Basically, you have a translation gateway sitting between the IPv6 network and IPv4 network that allocates an IPv4 address from its pool, and makes a note to associate it with the real IPv6 address. For example, 2001:6969::100 might be mapped by it to 192.95.17.9. You'd tell your IPv4-aware app to connect to 192.95.17.9. The translator sees the outbound datagram, recognizes its address as a mapped alias, rewrites the datagram in IPv6 format with a destination address of 2001:6969::100, and sends it on its way. Inbound datagrams from 2001:6969::100 get rewritten from IPv6 format to IPv4 format the same way, with 192.95.17.9 as the faux source address. There are three main problems that have to be addressed: availability, persistence, and global-applicability.
The first is scalability and security (listed together because the more secure you make it, the less scalable it's going to be in real-world use). It's not really practical to do this kind of translation at the backbone or enterprise level, because 1) the mapping table would rapidly become huge to the point where it literally became an architectural chokepoint, and 2) it would be trivially easy to launch denial-of-service attacks against everyone who depended on that translator by simply flooding it with requests to overflow its buffers. You COULD try to partition it off and implement security, but this is one of those times when it's easier and more reliable for everyone overall to just limit the scope of collateral damage and move responsibility for the 4-6 translation to a more local layer... like a home router, or even the operating system's network stack. When every microsecond counts, you just can't stop to scrutinize every request passing through the router. At least, not cheaply. My own prediction is that this function will fall to the future equivalent of a home or small office's router. If denial of service attacks become a real problem, you'll probably see low-end routers simply divide the network into two groups: those with IP addresses for which translation will be done (ie, older embedded devices that can't easily have the network stack replaced), and those that are on their own and will be simply ignored if they ask for translation help (ie, any PC running Windows, Linux, OS-X, etc) -- with possible partitioning of mapping resources for the few devices left that genuinely need the router to do the job for them.
OK, the next problem: persistence. Put another way, if the router or software stack maps 2001:6969::100 to 192.95.17.9, how long does it need to remember that mapping... and how will it actually store it if necessary? I'm going to guess that the first home translating routers will basically treat this task the way port mapping to internal private addresses gets handled now: you'll have to go to the router's admin app, and manually set up any 4-to-6 mappings you need to have persist. Everything else (like web surfing) will just be done dynamically, with persistence that's at least long enough to last between datagrams, but not necessarily day to day. Say, 10-30 hours. A pain, but then again... how many different raw IP addresses do you REALLY deal with directly behind any given router today? Remember, we're talking about raw addresses that have to persist indefinitely for your future reliable use, not the cached results of a dns lookup.
That brings up the third, and stickiest problem that has no good solution right now: global applicability. For the classic acid test, just look at h.323. It's been a nightmare to NAT ever since day one, because it encodes (what it believes to be) its IP address in the data itself. The problem being, without an intelligent application-level gateway, the recipient PC ends up seeing a return address that can't actually be reached directly. Personally, I think this is another one of those issues that will get swept under the rug out
1.1.1.1 isn't non-routable the way 127.0.0.3 or 254.0.0.1 are - it's just part of a block of addresses that weren't currently assigned by IANA or the RIRs and therefore aren't advertised to the public by ISPs. If you're using them inside your own network, you can theoretically do anything you want with them except advertise them to the outside world, the same way you can with RFC1918 addresses - it's just a Bad Idea now that 1/8 has been allocated.
The 192.168.x.x and 10.x.x.x addresses are all private-space addresses, so there's no way for me to tell where they are, but if the 212.74 addresses are part of your own network, there's nothing that indicates that this traffic ever hit the public Internet - maybe they're showing up because you're using registered addresses internally, which is fine, or maybe you've got a box that's got a 212.74 address on the public side and RFC1918 on the private side and it's picking the external one to include in traceroute packets; either way is fine.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks