Slashdot Mirror
NRO Warns They Are On Final IPv4 Address Blocks
eldavojohn writes "According to the Number Resources Organization, they will have issued their final twelve IPv4 blocks in a few months. Each block is 16 million addresses and represents 1/256th of the total addresses issued. We are now down to 12 blocks left in the global pool for issuing to Regional Internet Registries, who will then assign the last addresses that will run out sometime later in 2011. The pool of free addresses works out to be less than half of where we were in January. The new numbers from the NRO indicate estimated global pool IP address exhaustion in a few months, a year earlier than they estimated at the beginning of 2010."
When it gets expensive to continue using IPv4, which may not be until well after we "run out."
You're not seeing some magic IP address fairy making them last longer, you're seeing armies of senior IT pros working until after dark trying to sort this all out and deal with things because the pointy-haired bosses on top have been seeing that IPv4 is 'good enough.' As long as IPv4 looks easier and cheaper on paper than IPv6, that's what we'll be using.
Well, NAT saved us from a certain doom, and also provides extra security (might act as a firewall).
I don't see IPv6 deployed 100% any time soon. Increasing the number NATed Internet users might be the only feasible solution, at least in short term.
Álvaro
I'd like to see you try.
jhw
Less than one year (12 months)
For sure before the end of next year, but probably not by the end of this year.
My bet is in Feb or March of 2011.
Keep in mind, despite having 12 /8 blocks left, that really means 6.
Once there are only 6 blocks left, whoever purchases #6 has ended the game, because the remaining 5 left are automatically to be given to the other world registries at that same moment.
So in reality those last 6 blocks will all go at the same time.
So 6 more /8 purchases and we will be out of space.
They just sold off 12 /8's in the past few months, so it will take half of 'a few months' at the same rate, even though I suspect it will go faster now that there is a crunch for it.
You don't want that question answered. Just like when a car's headed for a sheer cliff, you don't want to know exactly when it'll go over it. You want to avoid ever having to have that question answered.
The reason the day of recekoning's been being pushed back is because the IT techies, even as they've been warning of the inevitable cliff, have also been doing everything they can to push the deadline back. They know there's going to inevitably be problems making the switchover to IPv6, and they're trying to buy as much time as possible so we'll have time to fix any glitches, but sooner or later they're going to run out of ideas and tricks and the deadline's not going to move anymore. Ideally by that point it shouldn't matter because we've taken the warning and done what's needed to avoid the cliff entirely. But if everyone keeps assuming that, just because the deadline's been pushed back once, it'll keep being pushed back indefinitely, well, suddenly going into free-fall as the car's wheels pass over the cliff-edge is not a good feeling.
You want really impressive examples? Look back to the big fireball over Cape Canaveral that a few seconds before was STS-51-L (Challenger), or the big fireball over Texas that a few minutes before was STS-107 (Columbia). Challenger blew up because the managers at NASA knew the O-rings were eroding and would sooner or later be breached, and they brushed this off with "Well, it hasn't happened yet so it won't happen ever.". Columbia disintegrated during re-entry because managers at NASA knew pieces of heavy foam insulation were striking the leading edges of the wings during launch and sooner or later one of those strikes would fatally damage the heat-resistant panels, and they brushed this off with "Well, it hasn't happened yet so it won't happen ever.". When we run out of IPv4 addresses the results won't be quite so pyrotechnic, but if we keep saying "Well, it hasn't happened yet so it won't happen ever." we will end up regretting it.
And yet none of those would make more than a dent.
They're allocating /8s, even the addition of several /8s would only extend the time frame by a few to several months, compared to the siginifigant effort required to reclaim them.
a handful of selfish greedy people are no match for millions of selfish, greedy people -u4ya
> Well, NAT saved us from a certain doom, and also provides extra security
NAT is a horrible hack. It might be a good solution for some things, but to fix the addressable space option, it is a disaster.
Talk about an almost entirely useless "broadcast" only Internet. Is that what you want?
> (might act as a firewall).
Even worse. I don't even want to begin to explain to you why you are wrong about this. The broad adoption of UPNP makes the idea that NAT provides you with a useful firewall complete idiocy....
If you want a firewall, make a firewall. Do not rely on NAT. Ever.
Why do we have to have this conversation every single time the issue comes up? gods...
We have allocated 14 /8 networks since January of 2010 (source: http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt )....meaning we go through about 1.5 /8s every month. Reclaiming a /8 will take more than a couple weeks, so the simple fact is that reclamation isn't worth the effort: we would burn through several /8s in the time it would take us to reclaim one of them.
We will just NAT the NATed NATed NeTed NAT and run the entire internet on a single IP address TRA-LA!
Then there's the free market cool-aid crowd who can't see why bidding wars driving the price of a single IP into the thousands a year is a big deal.
Next up, the "It's so HAAAAAAAAaaaaaRRRRRRRRrrrd!" crowd who don't understand why they should burn their geek card for saying that. That and their close relatives who still haven't realized that very simple firewall rules grant 100% of the security NAT does.
This has been debunked so many times, in this thread and others, that I'm fully in favor of banning anyone who mentions it ever again.
Not a typewriter
So let me get this straight.. In the beginning we had a very simple very open design. Any host can talk to any other host on any port. Then, over the years bouts of paranoia, fear, and idiocy have created default drop firewalls and nat devices that fundamentally break the open nature of the internet, protocols that rely on that nature break when presented with that stupidity, and somehow it's the fault of the protocol designer?
How would you suggest we operate? Instead of using my internet connection to accept connections from my peers should I proxy through a 3rd party? Should I use a ridiculous hack like upnp to beg the nat device for a forward? What happens when we're all behind default drop inbound firewalls w/ a nat'd address generously provided by our ISP? Suddenly and even though you have an internet connection and I have an internet connection we can no longer communicate directly with each other? Do you not see this as a problem? Is this still a protocol issue?
No. IPv4 specifies that the host portion of the address with all-0's is the network address, and the all-1's address is the broadcast address for that subnet. If you assign these to an actual host, you will break things very badly. Since a /31 would contain only address 0 and 1, it has no addresses that can be assigned to a host. The /30 subnet is the smallest block that can be given out.
Not a typewriter
or perhaps, demanding higher prices from those customers who refuse to be NATed ...or perhaps just refusing to assign public addresses to anybody. "Don't like it? Tough. Call your congressman."
jhw
OSX 10.5 supports ipv6 just fine, so did 10.4, not sure what version introduced V6 support...
XP also supports ipv6, although it's not installed by default and you can't use v6 exclusively.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
They spent HOW long advertising those free-or-highly-subsidized digital converter boxes and people still threw away perfectly functional TVs?
Regardless, no. Both WinXP (unless you're seriously out of date on your software updates) and OS X 10.5 support IPv6 just fine. Of course that's separate from hundreds of badly-coded apps that somehow shoehorned themselves into the IPv4 stack, but that's hardly OS-dependant.
How are sites slashdotted when nobody reads TFAs?
I want IPv4 to run out. The sooner the better. When Y2K was about to come around, all the businesses who had old code some of it from the '60s, started hiring programmers like crazy. They needed to convert all the dates from two digit year to 4 digits. A massive effort but still only a very small amount of the total codebase that was out there needed to be modified.
Fast forward to 2010, 4-byte IPv4 address running out. A new protocol exists but much of the old software and networks cannot use them. The only solution is to hire a massive number of programmers and rewrite the software..
Think of this, every piece of software on every computer that accesses the internet, has to be rewritten. How big is that codebase? A lot larger than Y2K. I can see this pulling in programmer after programmer like some huge vortex, in a race to be done before last address is given out..
You see why I welcome the new of IPv4. The end of the recession in the tech industry and plethora of new job.
I think the number of IPv6 addresses is supposed to allocate something like 2^34 IPs per atom in the universe, or some equally absurdly large number. I think we'll be OK for a while if that's actually the case.
From Wikipedia:
The very large IPv6 address space supports a total of 2^128 (about 3.4×103^8) addresses—or approximately 5×10^28 (roughly 2^95) addresses for each of the roughly 6.8 billion (6.8×10^9) people alive in 2010.[13] In another perspective, this is the same number of IP addresses per person as the number of atoms in a metric ton of carbon.
How are sites slashdotted when nobody reads TFAs?
Not quite. I have a router that does NAT. I leave UPnP turned on, and I trust my security.
A NAT makes quite a good firewall against outside attacks (port scans and the like). Leaving UPnP tuned on means that you trust what is inside your own network -- you do not currently have any worms/rootkits/malware, and you are not going to visit sites that host that sort of thing. It works great for me! No having to manually open up ports to use a torrent client to get the latest Ubuntu.
Yes, some "trusted" sites may get compromised and I could get a "drive-by" malware install. But that has not happened yet.
"-1 Troll" is the apparently the same as "-1 I disagree with you."
Stop! Seriously, just stop. Nothing you can ever say or do will change human nature. Collectively, we are a bunch of procrastinating re-active MFers.
Some friendly advice. Let it happen. Plan on how to pick up the pieces, not how to prevent the fall. Trust me. The sooner you come to terms with reality, the better you'll sleep. I know I do.
Life is not for the lazy.
Certainly all those who use bittorrent, and/or run their own webserver and/or mailserver.
Privacy begins with
Those who use xbox live or playstation network as well (yay for p2p game serving)
We hear plenty of people acting as if we can duct tape IPv4 for ever and plug their ears at the shear mention of IPv6. The truth is instead of spending energy trying to hold afloat a sinking ship, it may be time to start putting the gang-plank out to that shiny new boat that can take us the rest of the way. It doesn't make sense to wait for the boat to be sunk before jumping ship, since you will find yourself having deal with bigger issues. Then again overpopulation and lack of natural resources may have started world war three in a few years, so none of this is worth worrying about ;)
For those of you that have already decided that its time to make the move, what steps have you put in place to ensure you get to IPv6 in one piece.
BTW Akamai is already working on upgrading its network to support IPv6 and have a target date of 2011. The admit that its going to be a tough challenge, but at least they have recognised it makes sense to start moving now, rather than later.
Jumpstart the tartan drive.