NRO Warns They Are On Final IPv4 Address Blocks

eldavojohn writes "According to the Number Resources Organization, they will have issued their final twelve IPv4 blocks in a few months. Each block is 16 million addresses and represents 1/256th of the total addresses issued. We are now down to 12 blocks left in the global pool for issuing to Regional Internet Registries, who will then assign the last addresses that will run out sometime later in 2011. The pool of free addresses works out to be less than half of where we were in January. The new numbers from the NRO indicate estimated global pool IP address exhaustion in a few months, a year earlier than they estimated at the beginning of 2010."

Someone help me out here

[Pojut]

I've heard "we'll run out of addresses in one more year" for the last...well, for certain the last 5 years, but possibly longer.

When will this actually happen?

Re:Someone help me out here

When it gets expensive to continue using IPv4, which may not be until well after we "run out."
 
You're not seeing some magic IP address fairy making them last longer, you're seeing armies of senior IT pros working until after dark trying to sort this all out and deal with things because the pointy-haired bosses on top have been seeing that IPv4 is 'good enough.' As long as IPv4 looks easier and cheaper on paper than IPv6, that's what we'll be using.

Re:Someone help me out here

[zbobet2012]

Yes ... and no. We WILL run out of IPV4 adresses but you are very likely to see large scale NAT (Network Adress Translation) for awhile before an eventual transition to IPV6.

Re:Someone help me out here

[alvieboy]

Well, NAT saved us from a certain doom, and also provides extra security (might act as a firewall).

I don't see IPv6 deployed 100% any time soon. Increasing the number NATed Internet users might be the only feasible solution, at least in short term.

Álvaro

Re:Someone help me out here

[spyked]

I hope this won't be the case. Sounds like a real nightmare to me.

(If anyone is wondering why, Tanenbaum dixit: "NAT violates the most fundamental rule of protocol layering: layer k may not make any assumptions about what layer k + 1 has put into the payload [...]", and that's only the tip of the iceberg)

Re:Someone help me out here

[lyml]

You are misstaken, notable predictions have predicted the following:

May 21, 2007: ARIN predicts sometime in 2010
June 20, 2007: LACNIC sets final date to januari 1, 2011
June 26, 2007: APNIC sets the date to sometime in 2010
April 15, 2009: ARIN says sometime before 2011


So for the last 3-4 years there has been a fairly good estimate on when they are supposed to run out.

Re:Someone help me out here

Less than one year (12 months)
For sure before the end of next year, but probably not by the end of this year.

My bet is in Feb or March of 2011.

Keep in mind, despite having 12 /8 blocks left, that really means 6.

Once there are only 6 blocks left, whoever purchases #6 has ended the game, because the remaining 5 left are automatically to be given to the other world registries at that same moment.
So in reality those last 6 blocks will all go at the same time.

So 6 more /8 purchases and we will be out of space.

They just sold off 12 /8's in the past few months, so it will take half of 'a few months' at the same rate, even though I suspect it will go faster now that there is a crunch for it.

Re:Someone help me out here

[DeadBeef]

Whoever was telling you that we were going to run out in one year five years ago was probably smoking methamphetamines at the time.

The IANA free pool will run out next year, probably before mid year.

The point at which you can't actually receive any more addresses won't come until the RIRs exhaust the blocks that they have received from IANA which might not be for another year after that.

Re:Someone help me out here

[gmuslera]

Will be siites and services with only ipv6 addresses, that won't be able to be accessed from ipv4

Re:Someone help me out here

[Todd+Knarr]

You don't want that question answered. Just like when a car's headed for a sheer cliff, you don't want to know exactly when it'll go over it. You want to avoid ever having to have that question answered.

The reason the day of recekoning's been being pushed back is because the IT techies, even as they've been warning of the inevitable cliff, have also been doing everything they can to push the deadline back. They know there's going to inevitably be problems making the switchover to IPv6, and they're trying to buy as much time as possible so we'll have time to fix any glitches, but sooner or later they're going to run out of ideas and tricks and the deadline's not going to move anymore. Ideally by that point it shouldn't matter because we've taken the warning and done what's needed to avoid the cliff entirely. But if everyone keeps assuming that, just because the deadline's been pushed back once, it'll keep being pushed back indefinitely, well, suddenly going into free-fall as the car's wheels pass over the cliff-edge is not a good feeling.

You want really impressive examples? Look back to the big fireball over Cape Canaveral that a few seconds before was STS-51-L (Challenger), or the big fireball over Texas that a few minutes before was STS-107 (Columbia). Challenger blew up because the managers at NASA knew the O-rings were eroding and would sooner or later be breached, and they brushed this off with "Well, it hasn't happened yet so it won't happen ever.". Columbia disintegrated during re-entry because managers at NASA knew pieces of heavy foam insulation were striking the leading edges of the wings during launch and sooner or later one of those strikes would fatally damage the heat-resistant panels, and they brushed this off with "Well, it hasn't happened yet so it won't happen ever.". When we run out of IPv4 addresses the results won't be quite so pyrotechnic, but if we keep saying "Well, it hasn't happened yet so it won't happen ever." we will end up regretting it.

Re:Someone help me out here

[ADRA]

Yes, and the reason why NAT routers have to do that is because of broken protocols that depend of the incorrect assumption that two hosts have unlimited unfettered universally synchronous connections to one another. They don't, and any modern protocol designer should be writing protocols that understand this principle. Even without NAT, you still have inbound connection blocking from firewalls, so there should be no good reason why someone should run into firewall/NAT issues beyond simply ignorance.

Re:Someone help me out here

[nyet]

> Well, NAT saved us from a certain doom, and also provides extra security

NAT is a horrible hack. It might be a good solution for some things, but to fix the addressable space option, it is a disaster.

Talk about an almost entirely useless "broadcast" only Internet. Is that what you want?

> (might act as a firewall).

Even worse. I don't even want to begin to explain to you why you are wrong about this. The broad adoption of UPNP makes the idea that NAT provides you with a useful firewall complete idiocy....

If you want a firewall, make a firewall. Do not rely on NAT. Ever.

Re:Someone help me out here

[ADRA]

The more likely scenario being that consumer end-points (vs. commercial end points) will be moved over to v6 first and they just won't be given an v4 route any longer. If a consumer types into a v4 address, they'll be translated (through DNS, or nat) to an appropriate v6 address end-point if one exists.

Consumer
V4 (private)
V6 (public)

ISP
V4 (consumer private->NAT)
V4 (NAT concentrator)
V6 (bridge)

Provider
V4 (end point)
V6 (end point)

So a V4 request would be Consumer->ISPv4(private)-NAT->ISPv4(public)->Provider while V6 would be Consumer->ISPv6->Provider

Re:Someone help me out here

[Merpy]

What exactly is supposed to happen? Does it mean that new devices can't hook to the internet - or does something happen to everything that's currently running?

Re:Someone help me out here

[powerlord]

> (might act as a firewall).

Even worse. I don't even want to begin to explain to you why you are wrong about this. The broad adoption of UPNP makes the idea that NAT provides you with a useful firewall complete idiocy....

In all fairness, almost all routers I've seen can disable UPnP with one checkbox.

If you know anything about Networks, you're either you're using NAT because you are forced to, in which case UPnP setting up automatic routes helps KEEP a NAT space from being "broadcast only", or you're using NAT because you have to and are also using it to control access, in which case you've already disabled UPnP and define your own explicit port forwarding to static internal addresses.

Then there is the third choice of "Don't know what NAT or UPnP are" (which covers most people on the Internet). They probably ARE less secure behind NAT routers with the belief that they are "safe", but they are certainly more secure then if they had just plugged directly into the broadband connection with their unpatched Win98/WinXP/Win-DuJour/OSX/Linux machine.

Re:Someone help me out here

[Daniel+Phillips]

I don't see IPv6 deployed 100% any time soon.

Or even 1%.

Re:Someone help me out here

[commodore64_love]

I liked my pointy-haired boss from three years ago.
He was always on business travel.

So does the switch to IPv6 mean I have to throw-out my old Windows XP and Mac OS 10.5 computers? Like many people threw-away their old analog TV sets on June 12 (DTV switchover)? Maybe I better sell them on ebay, so some other sucker gets stuck with the problem. Mu-ha-ha-ha-ha. ;-)

Re:Someone help me out here

[hardburn]

Mobile networks are having to give out public IP address to smart phones, but NAT them such that they can assign the same public address to multiple phones.

People only think NAT works because they're largely shielded from the nightmare it creates.

Re:Someone help me out here

[hardburn]

Make it 16 octets instead.

Re:Someone help me out here

[grub]

Really? I kept hearing "We'll run out of IPv4 addresses in five years" about four years ago, and so forth.

I've been hearing about the end of IPv4 space since my very first ISP handed me XXIV.XII.CXXIV.VI via DHCP

Re:Someone help me out here

[entrigant]

So let me get this straight.. In the beginning we had a very simple very open design. Any host can talk to any other host on any port. Then, over the years bouts of paranoia, fear, and idiocy have created default drop firewalls and nat devices that fundamentally break the open nature of the internet, protocols that rely on that nature break when presented with that stupidity, and somehow it's the fault of the protocol designer?

How would you suggest we operate? Instead of using my internet connection to accept connections from my peers should I proxy through a 3rd party? Should I use a ridiculous hack like upnp to beg the nat device for a forward? What happens when we're all behind default drop inbound firewalls w/ a nat'd address generously provided by our ISP? Suddenly and even though you have an internet connection and I have an internet connection we can no longer communicate directly with each other? Do you not see this as a problem? Is this still a protocol issue?

Re:Someone help me out here

[Aquina]

I fully agree with that statement altought address space is really exhausted. Luckily ranges are also sold and bought by new customers. What I think is more interestng is that some organizations, schools and universities hold large spaces and actually don't require them. My company holds about 100.00 IPs which is enough. Nevertheless we're going to migrate *everything* to IPv6 since this can actually be sold and we want to be the first ones to register large amounts of address space. Oh and by the way... IPv6 space won't last forever -- trust me!

Re:Someone help me out here

[j+h+woodyatt]

Should I use a ridiculous hack like upnp to beg the nat device for a forward?

The large-scale NAT that ISPs are deploying now do not implement any kind of port forwarding, so you can just forget all about that now.

Re:Someone help me out here

[Hylandr]

NAT-ing will only get us so far. In order to route to one private network to another the address must either be bridged and on the same subnet, or not bridged on a separate subnet. 10.0.0.0/8 networks will live a little longer than 192.168.0.0/16, but not by much. ISP A Natting all their customers to 10.10.1.0/24 and ISP B Natting all their customers to 10.10.1.0/24, nobody from ISP A will be able to talk to ISB B unless they create an explicit bridge between themselves. The potential for a abuse and misunderstanding of this is going to be rife.

Too much NAT and it's going to be much more than a PITA.

- Dan.

Re:Someone help me out here

[ADRA]

Um, outside of academia, this has always and will continue to always be a problem. There will always be firewalls blocking corporate users from doing stupid things, and ISP's blocking exploitable ports, and QOS based restrictions for arbitrary nastiness. That is not something anyone can magically wipe away over night. I can't blame people writing protocols in the 70's and 80's for the open nature of what was probably a completely open internet. That internet doesn't exist anymore, will never exist again. To hope or assume otherwise just invites failure.

You can either be an optimist and hope the problem goes away (it won't), or you can be a pragmatist and use the best tools possible to get the job done.

Re:Someone help me out here

[Hylandr]

Addendum - This scenario will mainly affect VPN's in the short term.

Re:Someone help me out here

[Bert64]

OSX 10.5 supports ipv6 just fine, so did 10.4, not sure what version introduced V6 support...
XP also supports ipv6, although it's not installed by default and you can't use v6 exclusively.

Re:Someone help me out here

[Firehed]

They spent HOW long advertising those free-or-highly-subsidized digital converter boxes and people still threw away perfectly functional TVs?

Regardless, no. Both WinXP (unless you're seriously out of date on your software updates) and OS X 10.5 support IPv6 just fine. Of course that's separate from hundreds of badly-coded apps that somehow shoehorned themselves into the IPv4 stack, but that's hardly OS-dependant.

Re:Someone help me out here

[GreyLurk]

Actually, it's almost the reverse problem... New devices (mostly) universally support IPv6, which has plenty of unallocated IP Space (we can allocate 200 quadrillion IPv6 addresses per square inch of land on the planet) popular and actively maintained services either have already, or will soon move over to providing services on an IPv6 address. ICANN has already switched over their root DNS Servers to resolve IPv6, and most larger ISPs are following suit. So, if you've got a new device on an ISP who has updated their DNS servers to work with IPv6, and you're accessing a popular website that has been updated to IPv6, you might already be using IPv6 and never notice the difference.

There's a lot of ifs in that statement though. Plus there's a pile of legacy OSes and TCP/IP stacks that won't work with IPv6, so while you might be able to access Amazon, Google, and Facebook, it may be that your corporate payroll system is run off an old Windows NT4 system, which isn't IPv6 capable, so your whole corporate network is held up on the IPv6 migration because that NT4 system isn't IPv6 capable, and the payroll system isn't compatible with Windows Server 2008.

Plus, even some modern equipment/software from low-price vendors is lacking IPv6 support, because it hasn't been cost-effective to add it. Current versions of Windows, Linux, MacOS, Android, and iOS all support IPv6, but the custom software stack in the Avaya IP-based phone on my desk probably doesn't. Nor does the $20 ZyXEL WiFi gateway that I picked up 2 years ago off the cheap shelf at Frys

Re:Someone help me out here

[Lost+Race]

It means ISPs can't get new IPv4 address allocations to assign to new customers. They'll have to reduce their address demands somehow, by reclaiming extra static addresses from customers who have "too many", reusing addresses more quickly in dynamic pools, and perhaps using some sort of ISP-scale NAT. Businesses will have a very hard time getting new static IPv4 addresses from now on ... they will become very very expensive until IPv4 can be deprecated, which will take at least five years.

Re:Someone help me out here

[ion.simon.c]

How long do you give it until ipv6 address space exhaustion?

Re:Someone help me out here

[ion.simon.c]

Was that in the great state of Illinios, or did Comcast gobble up the ISP that owned that block and move it elsewhere?

Re:Someone help me out here

[masshuu]

42 years

Re:Someone help me out here

[cjb658]

Unfortunately, I think you are right. 95% of home users won't notice, and so anyone who is currently set up with a dynamic IP address will be NATed.

They'll probably start with the most basic tiers and work their way up, until it becomes so much of a PITA that IPv6 is easier.

Re:Someone help me out here

[icannotthinkofaname]

When will this actually happen?

At the rate we're going and projected to be going, probably around the time we run out of oil.

Re:Someone help me out here

[harrkev]

Not quite. I have a router that does NAT. I leave UPnP turned on, and I trust my security.

A NAT makes quite a good firewall against outside attacks (port scans and the like). Leaving UPnP tuned on means that you trust what is inside your own network -- you do not currently have any worms/rootkits/malware, and you are not going to visit sites that host that sort of thing. It works great for me! No having to manually open up ports to use a torrent client to get the latest Ubuntu.

Yes, some "trusted" sites may get compromised and I could get a "drive-by" malware install. But that has not happened yet.

Re:Someone help me out here

But this is only ALLOCATION, not USAGE.

Its like how companies always report that they "shipped" X number of product, when in reality only Y number was purchased... In this case, X number addresses have been allocated to various organizations around the world whereas they have actually only used Y number of addresses. ISPs and data center pre-allocation their IP resources before they are even consumed.

Re:Someone help me out here

[DigiShaman]

Stop! Seriously, just stop. Nothing you can ever say or do will change human nature. Collectively, we are a bunch of procrastinating re-active MFers.

Some friendly advice. Let it happen. Plan on how to pick up the pieces, not how to prevent the fall. Trust me. The sooner you come to terms with reality, the better you'll sleep. I know I do.

Re:Someone help me out here

[petermgreen]

In the near future i'd expect any service of importance to be able to get a public IPv4 ip even if that means recovering it from a less lucrative customer.

So I predict the first affect of the runout will be that you will have to pay extra if you want a public IPV4 IP (rather than a natted one) from your DSL/cable ISP.

The better ISPs will hopefully offer end users IPv6 at no extra cost but I bet many won't bother to offer it and even when they do offer it I bet takeup will be low.

Re:Someone help me out here

[petermgreen]

Another gotcha you missed is that applications and higher level protocols will often have to be upgraded to support IPV6. Virtually anywhere IP addresses are handled in binary form will need changing.

Re:Someone help me out here

[dkone]

Are you seriously comparing not being able to view your facebook page with killing your family by driving over a cliff?

Re:Someone help me out here

[dkone]

In a way it kind of reminds me of the artificial scarcity created by the .com TLD.

Re:Someone help me out here

[Tanktalus]

So let me get this straight.. In the beginning we had a very simple very open design. Any host can talk to any other host on any port. Then, over the years bouts of paranoia, fear, and idiocy have created default drop firewalls and nat devices that fundamentally break the open nature of the internet, protocols that rely on that nature break when presented with that stupidity, and somehow it's the fault of the protocol designer?

Well, no. You got the beginning part right. However, the reasons for NAT are off.

It's more like years of:

• Worms and trojans (one of the easiest ways to keep someone from rooting a box not necessarily under your control is to simply block the port from a firewall - not perfect, but gets many of the easy problems out of the way)
• Functionality demanded by computer-unsavvy users (think: professors outside comp-sci/engineering who want to use insecure software)
• ISPs providing few IP addresses, partly due to scarcity, partly because they like control, and sometimes due to limitations such as dial-up (a NAT router hooked up to a modem can service your entire network, my cable co only offers two IP addresses per user, and I have 4 computers plus a WDTV network device, easier to just NAT than try to get more IP addresses)

Besides all that, assuming that you can abuse ports/connections willy-nilly is overly optimistic, even on an open network. Growth will mean more users on a box (so your 20 ports being used can multiple by 200 users, and starts to add up). As well as more inter-network connections (more users from your uni dealing with users at another uni, across the state, country, continent, or even world), and thus bottlenecks. Reducing your traffic can be very important here.

It turns out that NAT devices share many problems with other aspects of our modern internet, even exacerbating some otherwise-existing issues. It's not idiocy. There is much malice here, but not on the part of NAT engineers/devs.

Personally, I'll likely continue using a NAT device even after the entire world is IPv6, though I'll obviously have to find an IPv6 NAT router, if only to provide a relatively trivial-to-set-up firewall between my TCP/IP printer and WDTV device, neither of which I can otherwise control too easily from prying hackers, and said hackers. I don't want some nimwit in Nigeria to start printing their 419 scams directly to my printer. And I don't know what vulnerabilities are in the WDTV device, I don't trust it much, so, again, keeping it away from inbound connections is probably a good thing.

I could set this all up with a real firewall instead. But NAT provides it simply enough, and UPnP is, well, universal enough to make it easy to configure.

Re:Someone help me out here

[lennier]

Trust me. The sooner you come to terms with reality, the better you'll sleep. I know I do.

Mmmm, apocalypse dreams.

They're explodey!

Re:Someone help me out here

[wadeal]

Why does your PC have to even support IPv6? The user at no point even has to know what IPv6 is. All that needs it is from the ISP to your router, then just use IPv4 inside your network right?

Re:Someone help me out here

[DarkXale]

Because your computer is responsible for creating the 'package' that is sent across networks. Your router doesn't actually do anything with the data; it just moves it around (and if a NAT, does NAT things). Your computer needs to be able to stamp an IPv6 address on a package in order to send it to an IPv6 computer.

Re:Someone help me out here

[sh3p]

You are essentially describing "NAT". There is no "NAT" in ipv6.

Re:Someone help me out here

[cheater512]

That sounds fine from a incoming point of view, but how on earth will your computer send a packet to a IPv6 host? The host wouldnt have a IPv4 address so it wouldnt get anywhere.

Re:Someone help me out here

[cheater512]

Yeah once we give every atom on earth a IPv6 address, there wont be too many left over. :p

Re:Someone help me out here

[spasm]

We, like a few million other Americans, used the switch as an excuse to dump our bulky plastic box full of lead and other problematic chemicals on the neighbor's lawn and 'upgrade' to an almost-equally chemical-stuffed flatscreen. Fortunately various impoverished nations are willing to receive shiploads of that shit and poison their poorest citizens scraping a few of the more expensive metals out of the mess of abandoned first world electronic gee-gaws.

Hah, fooled you. We lived in an inner-city area. No lawns.

Re:Someone help me out here

[pookemon]

Ummmmmmmmmmmm now.

No....... now.

I give up.

Re:Someone help me out here

[VanGarrett]

Do you remember, back in 1990 or so, when a 1GB hard drive was unfathomably big, and how would we ever fill it, then just 10 years later, in 2000, 1GB was hardly enough to contain a popular operating system?

I would still include support for NAT, private addressing, and other address-saving features developed for IPv4. 18,446,744,073,709,551,616 seems like an apparently inexhaustible number of addresses, but who knows what else we'll find to add connectivity to? How quickly would those addresses disappear, if swarms of nano-machines become common personal appliances? If we've already worked out functioning methods to stretch out the supply, then it's probably good if we go ahead and keep them handy, if only to save us some work, further down the road.

Re:Someone help me out here

[garry_g]

Whoever was telling you that we were going to run out in one year five years ago was probably smoking methamphetamines at the time.

Actually, the counter-measures of the Registries have extended the period by quite a bit ... assignment windows have been constantly reduced, and are going to be further reduced, and attempts and retrieving unused address space for redistribution have been initiated (e.g., RIPE started charging for IP assignments, thereby ensuring that now-defunct companies' and individuals' addresses could be recovered ... you don't pay, you lose your IPs). Anyway, with the now _really_ nearing exhaustion I'm guessing the run on available IPv4 addresses will still increase ... so, better not bet on those last 12 /8s (or rather 6 as someone else already pointed out, with the final /8s being distributed among the RIRs) really lasting half a year yet ...

Yeah, no more IPv4 bogon list! :) (well, apart from the reserved/unusable IPs that is)

Re:Someone help me out here

[TheRaven64]

If every person in the world had a personal network the size of the Internet, and every machine on it was routable, then IPv6 would still be doing sparse addressing - we'd have used approximately the square root of the possible IPv6 addresses.

Re:Someone help me out here

[TheTurtlesMoves]

NAT does not provide any security and is *not* a firewall. In fact it breaks security, things like IPSec struggle with NAT and make VPN hard to get right. IPv6 removes the need for NAT, but not firewalls. If you want dynamic IPv6 numbers, they have them too.

Seriously NAT provides no security. Otherwise hole punching wouldn't work.

Many people get confused because a lot of routers have NAT and firewall functions.

Re:Someone help me out here

[rdebath]

IPv4 addresses would have run out years ago if it hadn't been for more aggressive allocation policies ( you snooze you lose) and LOTS of NAT devices on the current internet.

There are currently well over 5 billion devices connected to the internet and it's still growing exponentially with all the smartphones being the most recent jump.

Re:Someone help me out here

[Todd+Knarr]

It probably won't be not being able to read your Facebook page. It'll more likely be that one day your Internet connection stops working because your ISP doesn't have enough IPv4 addresses to give one to every subscriber, they can't get any more netblocks, and you happened to be the guy whose computer was turned off when someone else wanted the last free address. Or your company suddenly can't submit it's payroll because the company that processes their payroll started providing IPv6 address resolution and, while your company's machines understand it quite well, the corporate firewall and filtering appliance doesn't and isn't capable of passing the traffic through. And it may very well be comparable to driving your family's car over a cliff with them in it when payday arrives, you need to write that rent check and the paycheck deposit isn't in your checking account and Payroll can't tell you when they'll be able to fix the problem. Note that this isn't theoretical, there've already been problems with Web sites who started providing AAAA records becoming intermittently or permanently inaccessible to people whose machines understand IPv6 but whose ISPs don't yet support it. The software's fully capable of falling back to IPv4 when IPv6 isn't available, but treated the case where IPv6 was available but didn't work as a network failure.

Re:Someone help me out here

[rdebath]

18,446,744,073,709,551,616 seems like an apparently inexhaustible number of addresses, but who knows what else we'll find to add connectivity to?

That's what the IPv6 people thought, so IPv6 has 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses, to get to that limit before IP timeouts you need faster than light communications.

NAT in IPv6 is only of any use when connecting from an IPv6 only host to an IPv4 only host and in that case it's supposed to belong to the IPv4 network.

Re:Someone help me out here

[jez9999]

Talk about an almost entirely useless "broadcast" only Internet. Is that what you want?

Hmm. Perhaps the MPAA and the like are lobbying against IPv6. :-)

Re:Someone help me out here

[Athanasius]

ISP A Natting all their customers to 10.10.1.0/24 and ISP B Natting all their customers to 10.10.1.0/24, nobody from ISP A will be able to talk to ISB B unless they create an explicit bridge between themselves.

Errr, how do you figure that ?

ISP A client on 10.10.1.1 gets NAT'd to, let's say 23.34.45.5
ISP B client on 10.10.1.1 gets NAT'd to, let's say 12.23.45.7

Where's the problem ? Each NAT'd client is only going to see the already-NAT'd IP of the other.

But I agree NAT should not be considered a solution to this at all. It's a horrible hack to get around not being able to just give every ISP customer a big-enough IPv4 sub-net of their own. The MAC-based IPv6 addresses (or if you prefer the 'private' addresses, but they won't buy a home user much given they're still identified by a /64) and relying on Router Advertisements makes this a non-issue for IPv6 (it's effectively like just using DHCP on IPv4 from your DSL/Cable router is now).

Re:Someone help me out here

[RichiH]

At the current rate? Never.

At laughably accelerated pace? Never.

If we really want to? One day after a new & deliberate assignment policy to make just this happen.

But seriously, the most aggressive projections (as of today, I know, I know) say: Never.

Re:Someone help me out here

[Crudely_Indecent]

XP supports IPv6 as well.

Re:Someone help me out here

[Xeleema]

Are you seriously comparing not being able to view your facebook page with killing your family by driving over a cliff? Depends on how fascinated they are with the likes of the "Jersey Shore".

Re:Someone help me out here

[marcosdumay]

That's funny, I've not being reading the same news of yours. The first time I remember reading about IPv6, I was at undergrad, and IPv4 addresses were expected to end by somewhen near 2020. Then, already on this milenium, I've heard about 2015, later about 2012. That last prediction lasted up to today, that the news is that it will end in 2011.

I've never seen people postponing a date.

Re:Someone help me out here

[marcosdumay]

Of course the IPv4 address set was expected to never exaust either, so, while I understand that we really mean "never" this time, you'll get a hard time telling that to lay-people.

Re:Someone help me out here

[PRMan]

Yes. When you ask your ISP for a new IPv4 address, they'll say, "We don't have any."

Re:Someone help me out here

[numbski]

Perhaps, but as a small ISP in 2006, I couldn't even *get* an allocation of IPv6 addresses. I wanted them, but they wouldn't assign any to someone as small as myself, so I had to go back to my upstream provider and ask. They didn't support IPv6, had to use IPv4. Tried to switch to a provider that did....no one did.

It's just plain insanity. We're in for a future of NAT behind NAT. :(

Re:Someone help me out here

[numbski]

NAT needs to die. DIEDIEDIEDIEDIEDIE

You can firewall using publically accessible addresses. Why on earth do you need to make yourself unroutable, then have to throw an unstandardized hack in between and hope that traffic flows?

Re:Someone help me out here

[numbski]

Use a firewall, use public addresses. Leave NAT at the curb and say goodbye to UPnP.

Re:Someone help me out here

[numbski]

Other replies to you addressed your question, but there's a point here that no one is bringing up, and that's the point of blacklist space. There are IP blocks out there that may be re-assigned, but no one wants because they're on blacklists of various types all over the world. I'm wondering how that winds up shaking out. We're going to eventually have to get people to re-use those blocks.

I'd switch to IPv6 in a heartbeat - if my ISP would support it.

Re:Someone help me out here

[harrkev]

Kind of hard at home when your ISP only gives you one single IP address.

Now, you might have a point when IPv6 is actually used and IP addresses are almost free.

Re:Someone help me out here

[IshmaelDS]

Hopefully not as that will destroy the whole point of the internet. If we are in NAT behind NAT we can no longer have a true peer to peer internet. It will become a publishers dream and the freedom folks nightmare. :( Regardless of what OS your running on I would imagine that the easiest way to continue the way we have been is for there to be home routers that work in IPV6 on the net but IPV4 in the LAN. Not being a network guru I'm not sure how easy that would be to make.

Re:Someone help me out here

[toddestan]

Actually, Windows XP can't do DNS lookups over IPv6, so you need at least some IPv4 connectivity for XP to work. I don't expect Microsoft to fix this either (other than telling you to buy Vista/7 which does work properly).

Re:Someone help me out here

[StarsAreAlsoFire]

My grandparents bought a wireless router. They put it between their PC and the comcast connection. My grandparents then ran XP for MONTHS without getting a virus.

NAT and NAT alone prevented the infection of their PC. It sure as hell wasn't patch Tuesday.

Now, I despise NAT. And Linksys could EASILY have provided and/or enabled real security features on their routers by default (like, say, passwords). But to claim that NAT provides no benefit to security is just plain false. It's like claiming that wearing camouflage is pointless in battle, because it won't protect you when you get shot.

Re:Someone help me out here

[TheTurtlesMoves]

They got lucky. How many other stores when completely the other way. NAT does not provide "camouflage" to your home network any more than a publicly known password provides security.

Re:Someone help me out here

[petermgreen]

if the application cares .. then the app is written wrong ..
BULLSHIT!

If you were writing on windows in the NT4 era (not sure about on linux but I beleive the situation is similar) there wasn't really any choice. Getaddrinfo didn't exist yet (it was added as part of the IPV6 technology preview for 2K and then moved to a different dll in XP) so to turn a hostname into an address you had to use gethostbyname which returned the IP address as a 32-bit int. The app then had to place that address into a structure and pass it back to sockets implementation to make the connection.

Apps that use gethostbyname (e.g. basically anything written pre-XP and probably quite a few written post-XP due to inertia) are simply not going to work with IPV6 until they are adapted to use the modern equivalents (and if you care about support for older operating systems to fall back to the old functions if the newer equivalents are unavailable).

Plus many application level protocols need to pass around addresses (say to redirect a client to another server) some protocols pass addresses in text form but many use binary for efficiancy or use text forms other than the standard dotted quad. Even little things can cause problems for example some systems (ircd.conf springs to mind) used colons as seperators in the application level format which clashes with IPV6's use of colons to seperate 16-bit blocks of the address.

Assumptions about the size and format of IP addresses permeate though the whole internet protocol stack. Maybe things shouldn't have been designed that way but it's hardly the application developers fault.

2012, the year of IPv6 support?

[powerlord]

Well, once the large blocks are used up, there will finally be an impact on ISPs/Businesses to start migrating to IPv6. .... right?

Re:2012, the year of IPv6 support?

[betterunixthanunix]

I would not count on it. ISPs are increasingly consumption-oriented services; I would guess that instead of deploying IPv6, we will start to see ISPs offer lower prices for customers who agree to be NATed (or perhaps, demanding higher prices from those customers who refuse to be NATed).

Maybe there is some hope at the universities, though...

Re:2012, the year of IPv6 support?

[moosesocks]

Or they could start buying them off of IBM, MIT, GE, Apple, Ford, Boeing, or any of the other companies who have at least 16.7 million addresses allocated to them.

Re:2012, the year of IPv6 support?

[characterZer0]

How many customers would even notice if they got placed behind a NAT?

Re:2012, the year of IPv6 support?

[xororand]

Pretty much. The largest german consumer ISP recently announced its plan to enable an IPv4/IPv6 dual-stack on all DSL connections by the end of 2011. Source in German.
Several server hosters already implemented IPv6 during the last few months.

It's really overdue. All mobile ISPs that I've seen so far only offer NAT'ed Internet access. Horrible.

Re:2012, the year of IPv6 support?

[betterunixthanunix]

It is tempting to say, "not many," given the number who are already behind NATs that they installed on their own. However, anyone who configured SSH will certainly notice, which is not necessarily as low a number as you might think...

Re:2012, the year of IPv6 support?

[j+h+woodyatt]

What makes you think they would want to sell into what is obviously about to become a marketplace shocked by sudden scarcity? What, were you planning to slap them with a punitive "windfall asset" tax or something if they don't give up their legacy address grants? I can't WAIT to see the reaction *that* RFC.

Re:2012, the year of IPv6 support?

[RotateLeftByte]

I wish my ISP was as enlightened as this German one and they are one of the biggest in the UK as well and as recently as last March they had no plans to migrate to IPv6.

One thing holding it back from the Consumers is the lack of Comsumer ADSL Modem/routers that support it. AFAIK, the Draytek Vigor series is about the only ones that do it. Sigh

Re:2012, the year of IPv6 support?

[afidel]

Especially IBM and GE, they both could probably use them to provide "cloud" services with real IPv4 addresses to bring in major additional revenue.

Re:2012, the year of IPv6 support?

[j+h+woodyatt]

or perhaps, demanding higher prices from those customers who refuse to be NATed ...or perhaps just refusing to assign public addresses to anybody. "Don't like it? Tough. Call your congressman."

Re:2012, the year of IPv6 support?

[afidel]

Here's a decent list of SOHO routers with IPv6 support.

Re:2012, the year of IPv6 support?

[foniksonik]

When v6 rolls out those scarce v4 ips will be worthless.

Re:2012, the year of IPv6 support?

[j+h+woodyatt]

If I had a dollar for every time I've been proven wrong after saying exactly that, it would make my preparations for retirement a lot easier.

Re:2012, the year of IPv6 support?

[JumpDrive]

Yeah right, they'll offer lower prices. :-P
I think they've known all along that they will raise prices and as soon as the media starts bombarding everyone with a crisis, they will roll out new more expensive services.
Meanwhile PR departments from a number of major ISP's will go on and on as to why IPv6 is not feasible.

Re:2012, the year of IPv6 support?

[greylion3]

Certainly all those who use bittorrent, and/or run their own webserver and/or mailserver.

Re:2012, the year of IPv6 support?

[DigiShaman]

Many. But mainly those that VPN from home. Chances are, they're already behind a router which NATs already. Anyone will tell you that you can't NAT NAT and expect a trouble free VPN and FTP connection back to the corporate office.

Re:2012, the year of IPv6 support?

[MrNemesis]

we will start to see ISPs offer lower prices for customers who agree to be NATed (or perhaps, demanding higher prices from those customers who refuse to be NATed)

Ha! Someone is optimistic. Call me cynical (you might as well, it's my middle name) but I expect to see ISP's saying "but we have to put up prices! We've run out of internets!" and then NAT everyone anyway. Bonus points to the first ISP who starts selling off /8's once they've implemented NAT on all their non-business customers.

Re:2012, the year of IPv6 support?

[Tacticus.v1]

Those who use xbox live or playstation network as well (yay for p2p game serving)

Re:2012, the year of IPv6 support?

[volcan0]

I though that to be able to retain your address space you need to prove to you are actually using it. At least as far as ARIN is concerned.

Re:2012, the year of IPv6 support?

[ekhben]

Eh, not really. IPv4 will be gone. If you are an ISP, and you pursue Carrier Grade NAT (CGN) as your solution, you growth limit yourself. It's equivalent to fixing your available bandwidth permanently - you can't add more customers past a certain point without significantly degrading performance for all customers. In a few years, you'll need to deploy IPv6 anyway; your customers will pay a price for the capital cost of your CGN gear, then your customers will pay a further price for the capital cost of your v6 gear.

If you're only concerned about web+mail, deploy dual stack lite. Browsers and mail clients do IPv6 transparently already. CPE devices support v6 out of the box at the sub-$100 price range (Netcomm, Billion, and, uh, the one used in the big v6 trial by xs4all in the Netherlands). Going DS-Lite means that as more software supports v6, and more services appear on v6, the pressure on your public v4 addresses drops over time. You can sustain DS-Lite throughout transition. The capital cost is similar to CGN, and the ongoing expenses of v6 are generally covered by your existing v4 expenses (ie, bits you pay going over a v6 session are bits you no longer pay for over your v4, and if your upstream is charging you more for v6 it's time to go provider independent!)

Some of the services that don't work over CGN include, by the way, XBox Live, BitTorrent, many network games, and most VOIP solutions. Some services do work over CGN, but rely on a reasonable proportion of Internet users having a public address to do so, and thus aren't long term viable: Skype, some of the smarter BitTorrent clients that do hole punching. Some services rely on emerging protocols for dealing with CGNs, like FaceTime: ICE, STUN, and TURN.

You can get a taste for life under a CGN by configuring your home NAT device to ignore uPnP requests, and disabling any manual forwarding settings.

Also, the summary is full of shit regarding the changing estimation. The linked articles are pretty clear that it's still early 2011. Available metrics (http://www.potaroo.net/tools/ipv4/ is one of the best) show a pretty unchanging date; that link, in fact, includes a few graphs down the bottom showing the change in predicted date over time. If you're an ISP, you've got a reasonably reliable date to plan around, and it should see you unrestricted on your IPv4 clear through to 2012, plenty of time to get ipv6 upstream (typically free or very cheap, when taken alongside your v4) and implement dual stack in your core.

Re:2012, the year of IPv6 support?

[Macrat]

One thing holding it back from the Consumers is the lack of Comsumer ADSL Modem/routers that support it. AFAIK, the Draytek Vigor series is about the only ones that do it. Sigh

Doesn't seem to be holding back the customers on Comcast who are on the early v6 rollout.

Re:2012, the year of IPv6 support?

[(Score.5,+Interestin]

Well, once the large blocks are used up, there will finally be an impact on ISPs/Businesses to start migrating to IPv6. .... right?

Definitely. I can just see it now, in a year's time I'll be signing into my account from my corporate Linux desktop over a DNSSEC-authenticated IPv6 connection, using my smart card with its X.509 citizen certificate to authenticate myself. I'd like to write more, but my monorail is coming...

Re:2012, the year of IPv6 support?

[LingNoi]

and why would they do something like that if they can't even get an IPv4 allocation in the first place?

Re:2012, the year of IPv6 support?

[LingNoi]

If they start being sold ARIN would simply take them back. The companies requesting the IPs don't own them hence there is nothing to sell.

Re:2012, the year of IPv6 support?

[compro01]

Those /8s were assigned before ARIN even existed. They were given out directly by IANA, so ARIN has nothing on them. Also, AFAIK, IANA did not attach any strings to those assignments, so they can't demand them back either unless they want to try it in court, which would be futile, as we'd be long past exhaustion by the time a case would be decided, never mind the IPs actually being freed for use.

Re:2012, the year of IPv6 support?

[Antique+Geekmeister]

There certainly is: owners of such /8 address ranges can host the DNS for clients desperate for address space, and provide quite a bit of revenue to help recover their IT costs for maintaining their original infrastructure this long.

Re:2012, the year of IPv6 support?

[compro01]

ARIN can't do any such thing, at least not without a legal battle. Those blocks were assigned directly from IANA before ARIN or any of the other RIRs even existed, so ARIN's policies don't matter, and IANA didn't have any policies on this at the time either.

Re:2012, the year of IPv6 support?

[Athanasius]

Is this allowed by the agreements between such block holders and their respective RIR ? I realise ISPs effectively do this all the time with static IP/network customers, but on the other hand that wouldn't be a portable IP range. In fact I can see network engineers saying "no way!" due to the inevitable increase in router table sizes from all the extra subnetting. I believe one goal of IPv6 was to try and have fewer global routeing entries.

Re:2012, the year of IPv6 support?

[marcosdumay]

The vocal minority that uses VoIP or torrent.

Re:2012, the year of IPv6 support?

[numbski]

Nope, then we start NAT'ing behind NAT's.

Re:2012, the year of IPv6 support?

[gh0st1nth3mach1n3]

Sure, ISPs *can* start using various techniques to preserve what IPv4 address space they have for their clients, but that's only half of the puzzle. When the IPv4 addresses are gone, new sites and services will be coming on-line with IPv6 only. Once that starts happening, ISPs are going to be getting increasing complaints from their customers asking "Why can't I reach this site/service?" The question of whether there is full Internet access or only legacy Internet access will become a key factor for choosing an ISP. This may not be the case immediately, but it will become so fairly quickly.

Re:How about a revoke?

[j+h+woodyatt]

I'd like to see you try.

How do I make money on this?

[snsh]

I want to make milk this IPV4 bubble before it pops. Someone out there must be stockpiling and securitizing addresses. Is there a fund or trust out there?

Re:How do I make money on this?

[j+h+woodyatt]

Easy there, speedy... first, you're going to need an OTC market.

Re:How do I make money on this?

Get a patent on allowing IP addresses from 256.x.x.x -> 999.x.x.x

Re:How do I make money on this?

[bk2204]

Most (if not all) RIRs require some sort of demonstration of need. If you ask for a /16, you're going to need to show that you really need all those addresses. If you don't, they won't hand them out. So it's unlikely that anyone is going to be able to stockpile addresses.

And what about claiming IPs back?

[VincenzoRomano]

There's no claim of unused IPs back to LIR. I bet that there's a lartgw number of IPv4 blocks actually unused or overbooked.
As a network admin I've never seen a real check about IP usage for customers without ASs.
This looks like the garbage problem. One side is the production, one is the disposal.
You cannot solve this kind of problem by just lookin gat one of the two sides.

Re:And what about claiming IPs back?

[jimicus]

It has been discussed already - if the class As that were allocated to corporates back when anybody with the money could buy a class A regardless of need were reclaimed, it wouldn't provide more than a few months of extra capacity.

Re:And what about claiming IPs back?

[snakegriffin]

Forget about the unused IPs, just start taking poorly-used ones back. Celeb blogs could be the first to go.

Re:And what about claiming IPs back?

[Howitzer86]

My university has a unique ip address for each and every ethernet outlet on campus.

Re:And what about claiming IPs back?

[hardburn]

I currently run a business-class DSL connection with a block of 5 static IPs. I only use two. So, one may ask if there's any way to reclaim the other three.

The answer is quite simply no. There are technical reasons why you can't assign IPv4 addresses in blocks less than 5 but more than 1. Nor is there any clear way I could share the extra addresses with someone else. The other three addresses are simply lost. Multiply that by hundreds of thousands, perhaps millions, of similar installations at ISPs and colos, and then you see why this is a problem that goes way beyond those misappropriated /8's.

Re:And what about claiming IPs back?

[xororand]

and that is how the Internet should be, true peer-to-peer communication, more decentralized than it is now.

Re:And what about claiming IPs back?

[petermgreen]

I currently run a business-class DSL connection with a block of 5 static IPs. I only use two.
It's worse than that, your block has five usable IPs but (assuming it's a normal /29) it also has three other IPs in it that are essentially wasted (subnet, broadcast, and gateway).

So, one may ask if there's any way to reclaim the other three.
Sure there is, switch you from a dedicated subnet to a bridged or proxy arp based system fronting onto a large subnet.

Re:And what about claiming IPs back?

[rdebath]

It's quite possible to run multiple pppoe connections across one DSL line each pppoe connection could then be assigned a single IP address. It's a bit of a pain to setup on windows though. Better for Windows (or DSL using pppoa) would be to make your default address a NAT address and give you two VPN/tunnel connections to a server on their network. Of course, this is still much more of a pain than just routing IP addresses as they do now. AND they would have to provide a reliable VPN endpoint server.

But, as a matter of fact, you've been assigned NINE IPs, not just five, which can all be used.

First there's the single that's normally assigned to the public IP of your router. If terminate the pppoe link on your grown up router your can use that as the public IP for your NAT machines. Then you just use tunnels, proxy ARP or pptp links to assign all the other eight; including the two that are officially broadcast and the one normally assigned to the inside port of your router.

Again Windows can get a little tetchy with some of the IPs (with some tunnel types) but Unix machines usually have no problems as they don't put pointopoint links into a different class.

Re:And what about claiming IPs back?

[numbski]

Well, it's a catch-22 situation. When I was rolling out my last data center, the business plan had us networking our data center, *and* separate address space for remote clients. I got our AS assigned, but fact is, I couldn't get an allotment because I couldn't "prove" use. Of course I couldn't, we were deploying the system! Our upstream wouldn't give us the address space, because they couldn't prove our use. So....WTF? Tried to get IPv6 allotment, couldn't prove use, won't give it to me. Upstream didn't support it. Etc, etc, etc.

Top down, this is a MESS.

Re:How about a revoke?

[Gerald]

Yes! Let's revoke blocks from AT&T and Level 3! Then we can hand out addresses to everyone that suddenly and mysteriously lost connectivity.

Again?...

[goobenet]

They've been crying wolf for a decade about this. If they'd stop issuing 16 MILLION ip addresses to companies with no viable reason for offices to not use private/NAT addresses, this wouldn't be an issue. How about talking to some of those original companies that got issued /8's? HP now has 2(!!!) /8's in their control. (DEC/Compaq's and their own initial allocation) I doubt a company (even HP) can justify 32 million IPs. Or how about the US DoD? 7(!!!!!) /8's in their control. I find it hard to believe that even the government, who is all about conservation of resources you know, wouldn't be able to use a few different 10.0.0.0/8 networks globally and such. :) (c'mon 112 MILLION ip addresses just for the DoD?! LEARN2NAT ALREADY! Individual missiles do NOT need a public IP address!)

Re:Again?...

[Frosty+Piss]

This is the truth. There are many many many companies who have been issued HUGE blocks that they don't and can not possibly use. If all the WASTED blocks were recouvered, IPv4 would not be nearly as close as it (not really) is to being "full".

Re:Again?...

[CyprusBlue113]

And yet none of those would make more than a dent.

They're allocating /8s, even the addition of several /8s would only extend the time frame by a few to several months, compared to the siginifigant effort required to reclaim them.

Re:Again?...

[gclef]

To build on this post, we've gone through 14 /8s just since January of 2010. Reclaiming a /8 would buy not even a month, and it would take more than a month to reclaim it.

Reclamation is wasted effort. Implement IPv6.

Re:Again?...

i hope we don't recover any of those blocks, recovering those blocks is just going to push back the problem by several months instead of solving it by going to IPv6

Re:Again?...

[hardburn]

This has been debunked so many times, in this thread and others, that I'm fully in favor of banning anyone who mentions it ever again.

Re:Again?...

[JumpDrive]

ip addresses for conventional warheads are reallocated upon detonation. The same would happen for nuclear warheads.
It's important to have SSH access in case of malfunction, so NAT'ing a device is not recommended. It's in the manual.

Re:Again?...

[AaronW]

This sounds like a previous employer of mine. They have a couple hundred employees at most and have an entire class B. They could easily NAT their entire network since they use very few public IP addresses for services and use public IP addresses internally behind a firewall. I think they also have one or two class Cs as well only because they've been around for so long.

Re:Again?...

[thegarbz]

LEARN2NAT ALREADY!

Why should we need to? Bandaid solutions sink infrastructure in the long term. I see this in every industry because it's my job to look at the bandaids, and when I do more often than not I see gangrene underneath. Let me guess? You're a manager who moves into a job, proposes these wonderful "solutions" and then moves on before any of your disaster projects has come back to bite you in the arse? The world would be a lot more sensible if people were forced to stay in the same job. There'd be less bandaids.

Re:Again?...

[maestroX]

And yet none of those would make more than a dent.

So untrue.
If we would reclaim the ips of all porn sites and store the media centralized, say like 127.0.0.1, then we would have nothing to worry about ip shortage.
Or the internet whatsoever.

Re:Again?...

[volcan0]

Is there really that many new companies / ISP requiring /8's ? The only reasons so many of them are being allocated is because the people with the money see an opportunity to make more money. Have we been really allocating 1.5 /8 per month for the past 4-5 years ? We would have run out LONG time ago. No, they see a shortage, everybody runs for it.

Re:Again?...

[hardburn]

We wouldn't be giving them out as /8's, though. Those networks are what used to be called "Class A", which was a term that was part of a standard for allocating addresses that was designed for a much smaller Internet. If one of those /8's were reclaimed, it'd be reassigned in smaller chunks and, yes, we would go through it in about 1.5 months.

Re:Again?...

[uolamer]

Years ago I had a single T1 line. I truly needed about 20 IPs, I could have done it on 2 or 3 if I had to. I ended up getting 3 Class C (/24s). A few weeks into using it, they realized they assigned me IPs they intended for use in Dallas area instead of Houston area. So they gave me 3 more to move to. I never moved and just kept all 6. I sort of did make use of all my IPs, but I never should have been assigned that many... (i do not have these anymore)

I think the ISPs have enough IPs left over to make it for a while. In many cases a server doesnt need an external IP, neither does a normal user, but having one is nice.

Re:Again?...

[fyngyrz]

I fully expect a French riot over this.

Oh, no. You underestimate the creativity of the French. They'll simply implement a V6 to V4 translation mode called "retreat", huck a cow at the filthy English k-nig-its, and call it a day. In the meantime, US users who could barely count to 255 as it was, will be absolutely buffaloed by IPV6, and the infrastructure will fall apart. Then the French step back in, collude with the English to open a filthy cheese shop in which you can order any block size you like, although it won't be available, and then you'll have to go to the ministry of silly walks, who will (eventually) send you down the hall to Abuse, and thence to Argument. It'll all be resolved by random numbers assigned via confuse-a-cat, and everyone will get free condoms. Because the parrot is dead, you see.

Assignment is/was the problem

[GodfatherofSoul]

I work for a small company that at most has had 14 full-time employees that started back in the mid 90s. My boss had full class-C block back in the day which worked out to about 20 IPs per employee. He surrendered it years ago, though.

Re:Assignment is/was the problem

[vlm]

I work for a small company that at most has had 14 full-time employees that started back in the mid 90s. My boss had full class-C block back in the day which worked out to about 20 IPs per employee. He surrendered it years ago, though.

Twenty servers per admin isn't very impressive, even by Windows standards... Yes I understand that all 14 employees probably were not admins, but...

Assignment efficiency

[ADRA]

I worked for a company that had a /8 and may have been using at most /20 worth of them....

Re:Assignment efficiency

[JSBiff]

Yeah, this gets posted EVERY TIME there's an article about IPv4 address exhaustion, and every time the answer is the same - increasing assignment efficiency will at most buy us a few months, perhaps a year or two, of time. It doesn't solve the problem, only postpones it a little longer.

In truth, when the addresses are exhausted, I expect all the holders of /8's to start auctioning off their unused allotments to the highest bidder. There's a reason none (or most) of them have not given addresses back voluntarily - they are about to become a very scarce, very valuable commodity for trade. Those companies who got in early and got a Class A will make maybe hundreds of millions or even billions of dollars auctioning off the addresses. When companies who have IPv4 address blocks are going into bankruptcy or up for sale, the value of their allotments will start to be accounted for as assets.

Which, I think, is one reason that some tech companies are not pushing harder for IPv6 adoption - they stand to make a lot of money off of artificial scarcity.

Re:Assignment efficiency

[vlm]

There is a small hole in that business model... combine:

will at most buy us a few months, perhaps a year or two, of time.

Those companies who got in early and got a Class A will make maybe hundreds of millions or even billions of dollars auctioning off the addresses.

Knowing that quote 1 is a vast exaggeration, probably turn out to be weeks to perhaps months, I'm guessing that it would be hard for the buyers to invest "billions" for weeks of service before they become worthless since everyone will have to go to IPv6

Re:Assignment efficiency

[JSBiff]

I hope I'm wrong, but I've come to the conclusion there will be no quick transition to IPv6. When the last blocks get allocated, I think we'll enter a period of several years at least where IPv6 is *starting* to get rolled out, but is not rolled out yet, and companies who desperately need public IP addresses for their servers will pay thousands of dollars to buy IPv4 addresses from the hoarders. It's not like the Internet will suddenly end when IP address exhaustion is reached, it will just become much harder to get a public IP for servers or for making your home computer accessible to the outside world.

Carrier Grade NAT will probably start to be used by large ISPs, further extending the life of IPv4 by making it so that instead of getting 1 public IP address for your home/small business network, you now get zero public IP addresses for your home/SB network. Through stuff like that, millions of IP addresses will be 'reclaimed' and made available. . . at a price.

The increased price *will* give an incentive, finally, to companies and people to start adopting IPv6, but we're going to go through an expensive transitional period for some period of time while that happens.

The sad thing is, I'm ready to use IPv6 today (and am using it a little through a tunnel broker), but there's no indication from my ISP that they ever have any plan to turn on IPv6 in their routers. The only U.S. ISPs I've heard of who are planning to test IPv6 are Comcast and Earthlink.

Re:Assignment efficiency

[sjames]

The thing is, they will become completely worthless shortly afterward. You can only bid the last bottle of water up so high when there's a huge crystal clear lake just a short hike away.

Re:Assignment efficiency

[ADRA]

Um, assuming my numbers are correct (which was subjective given the size of the company), we're talking about an allocation of 0.000244140625 of the assigned block. You're telling me that even with a portion of that ratio being recycled we can't squeeze out several years worth of IP assignments?

Additionally, another solution would be to start issuing /25, or /26's instead of 24's because I know of plenty of companies that use them have only used maybe 3-4 of them for various things with the rest of them left unused.

Re:Assignment efficiency

[ADRA]

Sorry, before someone else jumps down my throat about how BGP would blow up due to increased routing fragmentation, I mean that BGP routed traffic remains on /24 increments but that ISP's who are internally routing amongst data centers / etc.. internally segment on the smaller increments for their own hosted IP's blocks so that subscribers using ISP/provider blocks aren't being wasted carelessly.

Re:Assignment efficiency

[JSBiff]

They expect to allocate all 6 /8 blocks available to them for allocation by sometime next year. 6 of them. So, let's say there's 6 more blocks worth of 'reclaimable' addresses - at the present rate of demand/consumption, you would also expect them to run out in less than a year, yes? Even if there were 10 or 12 blocks of reclaimable addresses, again, that only delays the inevitable - there's simply not enough addresses to keep up, indefinitely into the future, with the growth in demand around the world.

IPv6 on the other hand, gives you 128-bits of address space. It's pretty inconceivable that 128-bits will be exhausted in any foreseeable timeframe. 128 bits is a really astronomically (literally) huge number.

Re:Assignment efficiency

[stevelinton]

It's pretty inconceivable that 128-bits will be exhausted in any foreseeable timeframe. 128 bits is a really astronomically (literally) huge number.

It seemed inconceivable that IPv4 would run out, or that 640K wouldn't be enough (well maybe not that one). I'm curious -- can anyone see a way that IPv6 address space could run out in (say) 50-100 years?
It really does seem inconceivable to me, but I have learnt to be very skeptical about this feeling.

Re:Assignment efficiency

From what I've read, the internet back-bone is ready for IPv6, it's just the ISPs that need to start using it.

I know my ISP is handing out IPv6 addresses. Charter Comm. They do get routed to a broker, but if I do a tracert ipv6.google.com I get several hop responses from my ISP with valid public IPv6 addresses before going to a broker, then google.

I even get a DNS name a long with my IPv6 IP. Bit Torrent even starts using IPv6 when I hook up this way. Yay for no port forwarding!

The best part is I don't even need to setup anything. A 100% fresh Win7 install, plug into my cable modem, and IPv6.Google.com works instantly.

Alas, I can't use it though. My ISP still limits my cable modem to only respond to the first MAC address it picks up on the network. Once I get DD-WRT on my Netgear 3700(it's still very buggy), I will let my router talk to the modem and my router can handle IPv6 on my network.

Re:Assignment efficiency

[Firehed]

I think the number of IPv6 addresses is supposed to allocate something like 2^34 IPs per atom in the universe, or some equally absurdly large number. I think we'll be OK for a while if that's actually the case.

From Wikipedia:

The very large IPv6 address space supports a total of 2^128 (about 3.4×103^8) addresses—or approximately 5×10^28 (roughly 2^95) addresses for each of the roughly 6.8 billion (6.8×10^9) people alive in 2010.[13] In another perspective, this is the same number of IP addresses per person as the number of atoms in a metric ton of carbon.

Re:Assignment efficiency

[Firehed]

Gah, that should be 3.4x10^38, not 3.4x103^8. But you get the idea. Maybe once we get IPv6 deployed, we can work on getting superscript text to stay as such on the clipboard.

Re:Assignment efficiency

[slater.jay]

It's 2^95 addresses per person alive in 2010. Wikipedia says that's the same number of addresses per person as the number of carbon atoms in a 1000kg block.

Re:Assignment efficiency

[JSBiff]

It only seemed inconceivable that IPv4 would run out because it was never expected to be used by pretty much everybody - it was originally thought the Internet would only be used in some government labs, military faclities, academia, and a few defense contractors. For the scope of that particular problem, 32 bits was conceivably "enough". However, the Internet grew out of that "scope" and become a globally available common communications system. Suddenly the old scope was no longer sufficient, so the IETF *foresaw* the problem 15 years ago that the 32-bit space was no longer sufficient.

So, we now have to decide what the new theoretical scope might be, right? But since the Internet already grew rapidly out of the first scope, what's to say any new scope is 'sufficient'. Well, look at it this way: 2^32 is approximately 4 Billion. Number of people on earth is approx 6 or 7 Billion - expected to grow to about 10 Billion in a couple decades. Now, not everyone necessarily needs their own IP address, but if you have *enough*, it's desirable to give an IP address to everyone (and, here come the people saying that using NAT increases security, so it's bad to give people public IP addresses, even though in reality a firewall with a default-deny inbound policy provides the exact same level of protection as NAT, while still allowing you the *option* of allowing traffic in if you choose - which for different types of applications, like games, VoIP/Video calling, direct file transfer between users, etc. can be very useful).

Of course, not all 6 or 7 Billion people can afford computer/electronics which would need an IP address. But, on the other hand, many people 'consume' more than one IP address - I have a computer at work, a computer at home, and a cell phone - that's potentially 3 addresses for just me; I might want to setup a home media player/DVR, which might need an additional IP address, and maybe I want to setup my own file server for sharing photos, videos, etc with friends and family. In addition to the addresses needed for users, you also need additional addresses for servers. Some servers will need a bunch of IP addresses because they are serving multiple domain names (that is, they are pretending to be a lot more servers than they are).

Well, we can't say for sure, but having somewhere around 20-30 Billion addresses available seems like it would be 'enough' *for now*, but as you ask, if you increased to 20 or 30 Billion, how do you know you wouldn't "run out in (say) 50-100 years".

So, the IPv6 people didn't increase the number space to 20 or 30 Billion. Every time you add one more bit, you *double* the address space. So, they started with approx 4 Billion, and they *doubled* it 96 times.

2^128 is approximately 340,000,000,000,000,000,000,000,000,000,000,000,000 (that is, 3.4 * 10^38). addresses. To give you some perspective, let's say that we invented a Faster-Than-Light ship, and began a great age of Galactic Expansion. Further, we somehow developed Faster-Than-Light communications, and wanted to connect all the planets in the Milky Way to the Intra-Galactic-Net. Wikipedia gives an estimated range of 100 - 400 Billion stars in the Milky Way. Let's use the *worst case* scenario, and say that we have 400 Billion. Further, let's say that there is an average of 1 habitable planet per star (which is likely grossly over-estimating the number of planets), so we say there are 400 Billion habitable planets in the Milky Way. That would give us about 850,705,917,302,346,158,658,436,518 (that is, about 8.5 * 10^26) IPv6 addresses *per Planet*. Which means that, really, we have enough IP addresses, probably to colonize hundreds or thousands of galaxies.

Are you *really* still worried about us running out of IPv6 address space? In what application could you possibly propose we do run out? Individually addressing atoms? Addressing photons?

If you wanted to be nit-picky, you could say that 64-bits of each 128-bit address is reserved for individual hosts - that the IPv6 specification isn't r

Re:Assignment efficiency

[suutar]

Well, let's see. The Earth masses about 6.4e23kg, or roughly 2^89 grams. Assume half the IPv6 range gets 'wasted' on multicast, lost addresses, multiple assigments, whathaveyou, so there's enough addresses for 2^127 entities. That means 2^38 addresses per gram of matter on/in Earth. Basically, every gram of matter on Earth gets 64 entire IPv4 address spaces. (I'm sure it's really more complicated than that, but the point is there's a _lot_ of addresses.)

I can't think of any way to use up that many addresses in a short enough timeframe for the prediction to be meaningful; how mankind uses the internet will have changed drastically (several times) before that gets used up.

Re:Assignment efficiency

[alexhs]

can anyone see a way that IPv6 address space could run out in (say) 50-100 years?

Hardly conceivable. The worse I can get is by imagining exponentially reproducing nanobots (and enough resources to sustain that growth).

Some estimations are giving 10^11 neurons in a human brain. Roughly 2^37. Let's say there will be 17*10^9 human in 100 years: 2^34. That's 2^71 human neurons...

If you imagine a constant allocation rate to fill 2^128 addresses in 100 years, that would be 10^23 addresses allocated each microsecond (2^128/(100*365.25*24*3600*10^6)).

IMHO, there is definitely some margin.

Re:Assignment efficiency

[stevelinton]

3/4 x 10^38 addresses is only enough to address the atoms in about 10^15kg of material -- hardly anything at all, really. Slightly less unrealistically, if we made IP-addressible robots the size and mass of a smallish bacterium (1 pg), that is enough addresses for 10^23 kg or about 1% of the mass of the Earth. Doesn't seem unreasonable that we could need more addresses than that, although probably not within 100 years.

Another scenario I can imagine is addressing points in space-time, in the context of route this message to whatever is there at that time. If we wanted to handle a cylinder reaching out to the orbit of Pluto and 1AU high, at say 1 second time resolution for 100 years and 1m spacial resolution, we'd need at least 160 address bits.

I conclude that IPv6 designers are being shortsighted and we will go through all this again, quite possibly in my lifetime. Why couldn't they use (say) 1024 address bits and simply declare a short packet format in which the last 896 bits are implied as zeroes?

Re:Assignment efficiency

[julesh]

The very large IPv6 address space supports a total of 2^128 (about 3.4×103^8) addresses--or approximately 5×10^28 (roughly 2^95) addresses for each of the roughly 6.8 billion (6.8×10^9) people alive in 2010.[13] In another perspective, this is the same number of IP addresses per person as the number of atoms in a metric ton of carbon.

Apples are better than oranges; they're whiter.

IPv6 doesn't provide 2^128 independently routable addresses. The design of the system is such that routing decisions may only be made on the first 64 bits of address, the remaining 64 bits being reserved for local network addressing. This means there are only 2^64 allocatable addresses (as all allocations have to be at least /64 allocations). Now, admittedly, that's still about 10^9 allocations per person, but it's nothing like the number of allocations suggested by the paragraph you quote.

Re:Assignment efficiency

[stevelinton]

IPv6 doesn't provide 2^128 independently routable addresses. The design of the system is such that routing decisions may only be made on the first 64 bits of address, the remaining 64 bits being reserved for local network addressing.

Something similar was true of the original IPv4 spec, but the limitation was circumvented by changes to routing protocols. Could something similar be done with IPv6 if necessary?

Re:Assignment efficiency

[anarxia]

One of the main reasons companies get /24 is to allow them to have redundant links to the internet. How can multiple ISPs advertise a /25 without affecting other customers on the same /24?

Re:Assignment efficiency

[ion.simon.c]

As of two months ago, Comcast's IPv6 trial program had yet to begin in northern Alabama.

Food for thought.

Re:Assignment efficiency

[Trolan]

Certainly. There's nothing that mandates a /64 allocation for routing. That's convention to keep from blowing up routing tables, same as not taking BGP announcements for longer than /24s. You can subnet down to the /128 if you really want in v6 and routing will continue to work. You just will have a larger table, and won't be able to use RA/SLAAC for host assignments where statics don't matter.

Re:Assignment efficiency

[JSBiff]

Oh, I agree - it's crappy, and it's still gonna happen, and it's going to break all kind of applications that really benefit from direct connections - for example, I think when a bunch of large ISP's around the world all start shifting their customers to Carrier-NAT, that Skype is going to sink like the Titanic, because there simply won't be enough 'supernodes' (or whatever they call people who actually have in-bound connectivity and high bandwidth) to proxy the traffic for everyone behind a NAT anymore - I think there were probably a lot of Skype users like myself who setup port-forwarding for the Skype inbound port on at least one computer on their network, to mostly carry the burden before, but now I won't even be able to participate in Skype like that any longer, and neither will hundreds of thousands of other users who previously had in-bound connectivity.

Well, I at least have IPv6 through a tunnel, currently - but I'm not sure that will even continue to work when there are two levels of NAT which must be traversed. If my local ISPs offer IPv6. . . well, I'll switch to whoever offers it first, if I no longer have at least one IPv4.

Re:Assignment efficiency

[JSBiff]

Oh, BS. Not that many people actually *want* a pure electric car (I'm sure if the car makers thought there was a mass market today, they'd mass market a vehicle). I like the Volt concept, though - electric drive, electric range of 40 or more miles, then a gasoline generator to provide electricity to keep you running after that. The electric will work for most of your driving, but you can drive further when you want to.

(Aside: if by pure electric car, you actually mean roads with an electrified rail or overhead catenary for powering the cars [such as they use for electric trains], that could perhaps work, but nobody I hear talking about 'pure electric' cars seems to be indicating we should electrify the road network in the U.S. - I've always thought that concept sounded a bit dangerous, and hard to make work if you have multiple lanes of traffic, such as on an Interstate).

The problem is, even the *very best* battery technology today kind of sucks for vehicular use - low energy storage per pound (or volume) of battery, and it takes a long time (relatively speaking) to recharge. So, there really are some actual technology problems.

Also, why should we mass manufacture electric vehicles today? Right now, most of our electricity is produced by burning coal with, I believe, Nuclear second, and nat. gas. and oil kicking in a small bit, Hydro kicking in another small bit (in some areas it's much larger - like Las Vegas, but nationally, hydro doesn't account for much - I think it's like 2% or 5% of U.S. generation. Wind and Solar are starting to ramp up, but at the moment, they provide only a tiny fraction of our electric power.

Which means, basically, 'electric cars' today would be primarly powered by coal. Is burning lots of coal better than burning lots of oil? I suppose the argument could be made that since we have lots of coal in the U.S., if you don't care about carbon, toxic coal ash, or the radioactivity released by coal ash into the air every day (hint: it's much greater than the released radiactivity from operating nuclear plants), then perhaps using American coal instead of foreign oil is a good idea.

I'd rather see us building up more nuclear, hydro, wind, and solar to power those electric cars. Also, if we can make some breakthroughs in battery technology so they can hold more and/or charge faster, that would help a lot. That said, there is a place for trying to build up the electric car industry, in parallel with clean electric sources - but I don't see a 10 to 20 year 'ramp up' of electric car production being out-of-line with a parallel ramp-up in non-fossil electric power generation.

Re:Assignment efficiency

[paul248]

The raw 2**128 number sounds impressive, but it's mostly meaningless, since each customer is assigned somewhere between 2**64 and 2**80 addresses. In practice, IPv6 supports maybe 64K times as many users, but each user can now have an ~unlimited number of devices.

Re:Assignment efficiency

[rdebath]

Bin there, done that, or haven't you noticed that nearly all ISPs offer /29 assignments (normally 5 available addresses) for small business customers.

Ask politely and there's a very good chance that they'll give you larger assignments too; for a fee.

Re:Assignment efficiency

[xenobyte]

How about 15.0.0.0/8 and 16.0.0.0/8 - Both assigned to HP (Hewlett Packard)...

That's 33.5 million IPs for a single company... Kind of a huge waste, right?

Re:Assignment efficiency

[Bengie]

HP probably got both of those grandfathered into the current system back before people knew about the internet.

HP could give back those blocks, but they wouldn't get anything for them.

Who cares about IPv4 anyway. Most anything sucks during a transition, but we'll get there. Why keep holding back a new better system for an old familiar system?

It's like owning a P4 1.3ghz computer, and buying a brand new 3.6ghz 6 core i7 with an SSD, but you don't want to use your new computer because you'll have to spend a few days transferring your files over and reconfiguring your settings.

Just rip off the band-aid and get it over with.

I bet 2 years after IPv6 his main stream, the same people who held back IPv6 will be like.. Wow IPv4 sucked.

Humbug!

[Fuzzums]

It will pass silently. Just like the Millennium Bug.

Re:Humbug!

If you think the "Millennium Bug" passed silently, it's a safe bet that you weren't working in the industry at the time.

Re:Humbug!

[jellomizer]

About 75 for me.

Temporary Fix

[Kenshin]

That's the same mentality as pawning the stuff in your house because your unemployment insurance is about to run out, rather than putting yourself to work and getting a job.

What happens when you run out of IP blocks to reclaim? (Please don't say NAT.)

Re:How about a revoke?

[Gerald]

Believe it or not, people have suggested that very thing on Slashdot before.

Re:How about a revoke?

[gclef]

Why do we have to have this conversation every single time the issue comes up? gods...

We have allocated 14 /8 networks since January of 2010 (source: http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt )....meaning we go through about 1.5 /8s every month. Reclaiming a /8 will take more than a couple weeks, so the simple fact is that reclamation isn't worth the effort: we would burn through several /8s in the time it would take us to reclaim one of them.

Cue the Ostriches

[sjames]

We will just NAT the NATed NATed NeTed NAT and run the entire internet on a single IP address TRA-LA!

Then there's the free market cool-aid crowd who can't see why bidding wars driving the price of a single IP into the thousands a year is a big deal.

Next up, the "It's so HAAAAAAAAaaaaaRRRRRRRRrrrd!" crowd who don't understand why they should burn their geek card for saying that. That and their close relatives who still haven't realized that very simple firewall rules grant 100% of the security NAT does.

Re:Cue the Ostriches

[j+h+woodyatt]

Probably around the same time we stop pretending that a toothless regulatory agency staffed via a revolving door to the regulated industry is functionally equivalent to a Stalinist command and control economy.

Re:Cue the Ostriches

[definate]

Hi there, free market cool-aid guy here. I recommend you try it, it tastes delicious.

Anyhow, we've essentially got a "free" market in this instance, in that there's no governing body which can say "You must implement it". I believe that when it comes down to it, you'll see rapid late stage adoption of IPv6. Just like with digital television, except they won't be able to push back the deadlines, except through dodgy mechanisms.

If however the price for addresses does rise, very quickly you'd see a huge incentive to switch to IPv6. The IPv6 compliant ISP's would be able to offer you a far better service, for a far lower cost, and they can perhaps sell their IPv4 addresses on to stupid/poor ISP's who can't.

Imagine if the price of a single address was thousands a year, how much of an incentive would that be to switch to IPv6? I reckon it would be a huge incentive.

Re:Cue the Ostriches

[sjames]

You're not quite drinking the high-test cool-aid since you seem to believe that a transition will/must take place at some point. The true believers seem to think vast swaths of previously unused v4 addresses will magically appear to delay the exhaustion for years.

If an individual entity could just switch and not suffer for it, I would agree with you.

The problem is that unless both sides of the connection switch, no connection happens. I would actually appreciate it if there WAS a regulatory body that said On May 1st at 0:00 GMT the core routers MUST block all v4 traffic.

That would get the cutover to happen once and for all and would avoid punishing those who are ready by unambiguously putting blame for failures on the laggards. Perhaps starting in January introduce an artificially high latency on v4 traffic to let people know it's really going to happen.

Otherwise we get a situation where people are afraid to deploy a v6 only web server for fear of a large number of viewers being unable to reach it because of a slug-like ISP or 3. They then get to pay wayyyyyy too much money. It's like a stupidity tax where one party creates the liability for others.

That happens because while some organizations have just about what they currently need, some ISPs have an embarrassment of allocated but not yet used IPs.They won't feel the pressure of the pure platinum $1000/year IPs for quite a while without external forces acting on them.

Had the DTV switchover been handled by "the market", most stations would probably still be either simulcast or analog only.

Re:Cue the Ostriches

[definate]

Yeah, I don't see a way that IPv6 won't be adopted. It's absurd to think more will magically appear, and they probably don't rationalize it as magic, but some other inappropriate way. Though, perhaps they do believe in magic? A lot of free market people are religious.

Well, given that there are transition strategies, it's not simply an all or none proposition for those who implement it. Those who don't won't be able to access some resources. Those who do, will be able to access more resources. So, if we saw it as a game, those who switch (given relatively low costs) will not suffer.

Additionally as more of those people switch, the greater the incentive for the others to switch.

Now, if you mean suffer as in "my business is effected by his business", then yes, there will be suffering for those who implement, but also for those who don't.

All in all, we won't know whether its better to force a switch over, or to let the market handle it, since that requires us to have some objective measure of the total loss/gain from both strategies, and most of the problems are the indirect problems.

However, there is a market based solution to a switch over, it doesn't need a regulatory body. Given maintaining IPv4 equipment/server/etc, is costly as it could be re-purposed (opportunity costs)/is a waste of power/data or similar, we could see the internet backbones setting their own dates for when they will no longer support IPv4. This could be done by all of them getting together to discuss some formal schedule, or by them developing their own schedules based on when enough of their customers support it, or similar criteria.

Also remember that as adoption happens, you'll probably find a sort of cascade effect will happen. The end consumer has little investment in this tech, and so they will switch first (after the ISP's of course). Then businesses who want to pursue these customers will come next, and then businesses who want to support those customers, and so on. Until such point that everyone is switched over. So, at the moment we're in the "beginning" phase, where consumers and ISP's are beginning to switch over, the more than happens here, the more the rest of it will accelerate.

While some ISP's have allocated but not yet used addresses, these ISP's given they resist the change, will just be shooting their customers in the foot, and making their competitors look better. Though, I can see an argument that people might flock to those ISP's, because "they offer IPv4" but with the rate of adoption, that's going to happen really quick, and given they do run to that ISP, they'll inevitably have to raise their prices, and we're then back to our original situation.

Granted, it's gonna be messy. Any change over, of such giant infrastructure is going to be messy. Nobody will be able to force the stupid to play nice, especially when they've got deluded ideas of magical address spaces. All we can do, is push for change in the organizations that we can influence (our ISPs, mail providers, etc), and look to limit our personal problems.

I come from the land down under, where there's rain and thunder, and a television oligopoly. In this case, I believe there are several actors in the market. The current overlords who benefit by not changing, the up and comers who want change (DTV), and the government. While the current overlords certainly did not want change, as it would open up their nice comfy protected market, their mechanism of action was by using the regulatory body. After the up and comers gained enough traction, the regulatory body had to capitulate, though it still remains a relative oligopoly.

There's countless times where regulatory bodies have worked both for and against change, so we shouldn't assume that a regulatory body, which would need to be global, and could possibly result in further bad regulation, such as of piracy, and identification; would be a particularly good way for us to go.

Just remember, these are extremely complicated systems, not the IPv6, but the humans who use it.

Re:Cue the Ostriches

[sjames]

Alas, the same equipment that routes v6 will also route v4 at no extra cost (except a few configuration lines), so there's little incentive but the cost of IP addresses to push the decision.

I am seriously considering putting up a "your ISP is a lame duck" website people can point to in their A records if they want to run a v6 only server.

In the case of the internet, there is already a regulatory body. ARIN could announce that they will terminate all IPv4 allocations on a given date.

Remember, it's not the ISPs that are most pressed to shift, it's the small website operator who will most likely find themselves in need of IPs they can't afford first.

Re:Cue the Ostriches

[definate]

Yeah. LOL I like the idea of this site. Especially if it has easy code for web admins to attach to their site. Name and shame the ISP's.

Perhaps create a log of what ISP's and how many customers of their have been affected (sent to your site).

If this can be done in a non-destructive way, eg, by pointing to some javascript on your site, which loads a pop-up window if they are a lame duck, I could see more and more sites using it. Especially as it becomes more critical.

Good idea! Do it!

Re:Easy solution

[silas_moeckel]

Actually there are plenty of places where a /30 is used where they could go address less and use a loop back IP only so that gear goes from a /30 per point to point interface to a /32 for the whole box. In any event it's just wasted time we can not reclaim things fast enough to matter just move on to IPv6 and be done with it.

I have a class b, and it's not being used

I know of a class B address block that is sitting unused. It's a weird dispute - company A received it (I was sysadm then @Company A) However, company A split into two - Company B and Company A. Company B claimed the address block as part of their assets, so I let it go (company A was later bought by company C which was then aquired by company D which encouraged most of A and C to find other opportunities.) A few years after the split - company B closed.

A few years (say, about 10) I start snooping around the net, and lo and behold - my original class B addy space has gone untouched! As it turns out, I now work for Company G, and company B's corp lawyer also works for company G, so I shot him a note. He said two things: 1) Company B still claims it as an asset 2) If I aid him in selling it, I'll get a percentage. Also, I read this as: if I upset the apple cart, my butt will be lawyer grass.

Sooooo... Kind slashdotters - help me make things right. My reading, is that the right thing to do is to contact the number gods, and let them know this addy space is idle. However, as someone who has a keen interest in preserving my own butt, I'd don't want to upset the apple card (see above.)

Comments?

Re:I have a class b, and it's not being used

[greylion3]

Like the AC said, it won't matter much, if any.
The proper thing to do, like your moral compass told you, is to contact some address registry about it
- but it probably won't be worth their time to reallocate a /16, so chances are they won't do anything about it.

If you want to help that lawyer sell it, and make a few bucks, go for it.

Otherwise, just forget about it. I would.

Re:How about a revoke?

[DeadBeef]

We use up almost 2 /8's every month.

You could go through every one of those and fight the massive legal battle to get them all back ( probably taking us well beyond the date when we are out anyway ), and you have only bought a year or two.

Save yourself the trouble and deploy IPv6, instead of making lawyers rich and then deploying IPv6.

Re:Easy solution

[hardburn]

No. IPv4 specifies that the host portion of the address with all-0's is the network address, and the all-1's address is the broadcast address for that subnet. If you assign these to an actual host, you will break things very badly. Since a /31 would contain only address 0 and 1, it has no addresses that can be assigned to a host. The /30 subnet is the smallest block that can be given out.

Re:How about the DoD gives some blocks back?

[DeadBeef]

We have assigned 14 /8's _this year_ so far, so if you magically get all of those back, you don't even get a years delay. I guess when you say 'That's a LOT of unused IP's' the missing information is that 'We go through a LOT of IP's'.

Spend that effort and money on deploying IPv6 instead.

So what?

[WillAffleckUW]

Seriously, we've had IPv6 stacks and routing on all the major OS and trunk lines since 2000.

So why should we care?

Move to IPv6 already.

It's like people complaining because SUVs are now outlawed due to low mpg, but there are cheap hybrids and cars that get 36 mpg on the market for the past ten years.

Re:So what?

[rbarreira]

The home routers and modems don't support IPv6. Mine certainly doesn't, even though I got it quite recently from the phone company.

Re:So what?

[WillAffleckUW]

yes they do. We've had routers that support this since 2005, at least anywhere except the boonies.

Let the farmers run on IPv4 while those of us in the city run on the more secure IPv6. That will keep the Chinese Army botnets out too.

Re:So what?

[LingNoi]

China already uses IPv6 and they're doing it to land grab the best addresses.

http://en.wikipedia.org/wiki/China_Next_Generation_Internet

I, for one, welcome our new IPv6 overlords

[byteherder]

I want IPv4 to run out. The sooner the better. When Y2K was about to come around, all the businesses who had old code some of it from the '60s, started hiring programmers like crazy. They needed to convert all the dates from two digit year to 4 digits. A massive effort but still only a very small amount of the total codebase that was out there needed to be modified.

Fast forward to 2010, 4-byte IPv4 address running out. A new protocol exists but much of the old software and networks cannot use them. The only solution is to hire a massive number of programmers and rewrite the software..

Think of this, every piece of software on every computer that accesses the internet, has to be rewritten. How big is that codebase? A lot larger than Y2K. I can see this pulling in programmer after programmer like some huge vortex, in a race to be done before last address is given out..

You see why I welcome the new of IPv4. The end of the recession in the tech industry and plethora of new job.

Re:I, for one, welcome our new IPv6 overlords

[rolando2424]

The only solution is to outsource a massive number of programmers and rewrite the software..

FTFY?

Re:I, for one, welcome our new IPv6 overlords

[maestroX]

You see why I welcome the new of IPv4. The end of the recession in the tech industry and plethora of new job

I pray I saw what is 'COBOL's Last Gleaming' around Y2K. (http://en.wikipedia.org/wiki/Kobol%27s_Last_Gleaming)

Re:I, for one, welcome our new IPv6 overlords

[drinkypoo]

Think of this, every piece of software on every computer that accesses the internet, has to be rewritten.

Most of the most important software has been adapted to IPv6 already. For other items there's proxies implementing 4-to-6 gateways.

Still, there will be some work :)

Re:Cue the Ostriches (Fixed it)

[JumpDrive]

Probably around the same time we stop pretending that a toothless regulatory agency staffed via a revolving door to the regulated industry provides any regulation or safe guards to the public.

US IPv6

[Anomalyst]

ARIN has made small IPv6 address acquisition expensive and complicated.
Two things really need to happen. Large providers need to be forced to offer IPv6 to the doorstep.
In order to prevent the fiber rip-off perpetuated on the American people, any monetary reimbursement to be made only after the fact, but the claim and the validation (by trusted 3rd party or gubmint) of completion should be streamlined (under 90 days).
The U.S. gubmint needs to claim, finance (or declare eminent domain on) the allocation of a sufficiently large IPv6 block to allow ANY existing or future public facing connection to claim a /64 for a modest ONE-TIME (under $50) fee, the fee would go into a pool used to assist in the reimbursement of the government and commercial resources used. Heck, use the US Postal Service to make the assignment of a /64 to every square meter orf our territories. River, mountain whatever, doesn't matter, grid it all up and make an assignment and you have almost eliminated BGP fragmentation concerns.
If an entity needs something bigger, go beg ARIN for a independent allocation.

The Department of Education is almost entirely IPvf6 internally.
But no one in the DoE or any other gubmint department has taken the initiative to acquire a large enough IPv6 allocation to provide a /64 for every building in every school district.
Start with the easy part and get the internal networks renumbered while the public infrastructure transitions.
Connection s should have a default standard ACL for inbound and outbound ports in the upstream router. If you need "special" port access, you have to request it. Since you are already doing a transition, limit port 20 connections to the providers server and "teergrube" (rate limit) the number of connections to 1 per minute.

Problem solved! ;)

Re:US IPv6

[ZESTA]

This is either a poorly worded joke, or you have absolutely no clue how network routing works.

Most people will not be going to ARIN for an assignment, they will get addresses from their ISP, just like with IPv4.

For those of us who need to be multi-homed, the one-time fee we pay to ARIN for the allocation is not significant enough for it to be a concern at all. For ISPs, it is essentially free, as you only pay for the larger of the IPv4 or IPv6 fee.

Also, because of multi-homing, and large entities with multiple locations, you cannot attach IP addresses to any physical location.

Re:How about a revoke?

[fast+turtle]

We use up almost 2 /8's every month.

Don't you mean 1/4 every month? Remember! Always simplify your fractions.

Re:Easy solution

[Trolan]

RFC3021

Re:Easy solution

[hardburn]

That's for point-to-point links. It doesn't work for 2 hosts plus a gateway.

Re:Easy solution

[petermgreen]

The trick to get arround that is proxy arp. So the end systens think they are on (say) a /24 but all addresses that client doesn't own are picked up by the router and sent to their real owner.

In this way you can allocate any number of IPs to each client and you can share one subnet,broadcast and gateway address between many clients.

Re:Gotta love these senseless, yet modded up, post

[hardburn]

Oh wow, oh wow. I've had this account for over 10 years. I have no other Slashdot login. I hit the karama cap years ago and just don't care anymore. My only self-interest in this is that I've had to deal with NAT problems for a long time (like trying to get two people to play C&C: Generals behind the same gateway at the same time) and want it dead.

If you want proof, go here or here or here or here or here. Or go look at my posting history, where for some reason, I'm using this shrill account to troll a teabagger. (And yes, I very much am trolling there, and pretty much admit to it in the thread. Like I said, I don't care about karama.)

What are you doing to get on the IPv6 train?

[Midnight+Thunder]

We hear plenty of people acting as if we can duct tape IPv4 for ever and plug their ears at the shear mention of IPv6. The truth is instead of spending energy trying to hold afloat a sinking ship, it may be time to start putting the gang-plank out to that shiny new boat that can take us the rest of the way. It doesn't make sense to wait for the boat to be sunk before jumping ship, since you will find yourself having deal with bigger issues. Then again overpopulation and lack of natural resources may have started world war three in a few years, so none of this is worth worrying about ;)

For those of you that have already decided that its time to make the move, what steps have you put in place to ensure you get to IPv6 in one piece.

BTW Akamai is already working on upgrading its network to support IPv6 and have a target date of 2011. The admit that its going to be a tough challenge, but at least they have recognised it makes sense to start moving now, rather than later.

Re:What are you doing to get on the IPv6 train?

[Deorus]

You will only have made a move once you completely disconnect yourself from IPv4, everything else is irrelevant. IPv6 networks tend to be neglected because they aren't considered "production" networks, all the serious business runs on IPv4, and migrating everything costs money.

I predict that long before the address space is exhausted we will continue to use IPv4 primarily because everyone is getting used to having a NAT already and that's an easier solution.

Re:What are you doing to get on the IPv6 train?

[i41Overlord]

The truth is instead of spending energy trying to hold afloat a sinking ship, it may be time to start putting the gang-plank out to that shiny new boat that can take us the rest of the way.

But what if we used 1/2 the money to turn that old boat into a submarine? Then instead of "sinking", it would be utilizing a new feature.

Re:What are you doing to get on the IPv6 train?

[rdnetto]

What are you doing to get on the IPv6 train?

Nothing, for the simple reason that it isn't necessary yet. The larger your network is, the longer it will take to transition over, so as a result you have to start earlier. But this means that very small networks (e.g. those owned by individuals) can be transferred over in a very short period of time (probably a weekend, a week tops). And that's for some kind of tunnelling; if your ISP supports IPv6 natively most people wouldn't even notice the transition.
The only people who need to be worry about the transition are those in charge of large networks or designing new ones. Everyone on the smaller end of the scale has plenty of time.

Re:What are you doing to get on the IPv6 train?

[Midnight+Thunder]

That is true, for the most part. Also those home users having a modem/router solution provided by their ISP should see this fairly transparently, though people with their own router will need to contact the manufacturer or get a new one. Also, people with software firewalls will need to get the upgraded version with IPv6 support.

At the same time, I take the stance that as an IT professional it useful to at least have a basic understanding of IPv6, just so any TCP/IP applications I may be developing support it already.

Re:What are you doing to get on the IPv6 train?

[rdnetto]

At the same time, I take the stance that as an IT professional it useful to at least have a basic understanding of IPv6, just so any TCP/IP applications I may be developing support it already.

I've heard it mentioned several times recently how the /. demographic is changing - from geeks/enthusiasts to professionals. Articles with technical depth are increasingly rare these days, since there aren't as many people around who actually understand them or even find them interesting. A natural consequence of all the people moving into the IT industry just before the dot com crash, I suppose.
I suppose this is another one of the signs of that.

Re:What are you doing to get on the IPv6 train?

[rdnetto]

...and I just realised that your UID is an order of magnitude less than mine.
Forget everything I said.

Re:Easy solution

[houghi]

That is exactly what I thought made it funny. Apparently only one person got the joke. Oh well.

...the scoundrels! How dare they?!

[h00manist]

Off with their heads!

Re:How about a revoke?

[gringer]

Don't you mean 1/4 every month? Remember! Always simplify your fractions.

It's 1 /7 every month. Computer maths is a little stranger than normal maths.

Re:IPv4 exhaustion=end of the world. We need a her

[sl3xd]

Bruce is behind a NAT device, which is why news of the disaster is never routed to him.

Why not do multi-level branching?

[Khyber]

Hear me out, I'll keep it tl;dr.

Start at 0.0.0.*, these are the bare-root DNS servers, 256 in total.
From those, you have the next level. Repeat until you get to 1.0.0.* and that becomes a NEW bare-root DNS zone.

And from there, you repeat this structure, like a downwards-branching model, very similar to a genetic tree.

This should (assuming a robust enough NAT with a large enough address space,) to allow the IPv4 internet space to last another few millennia, assuming optimal organization and assigning of address space at each level.

Of course, IPv6 was probably designed to do what I propose with fewer digits involved in the address, but hey, eventually it will hit its own limit and either my solution will end up being the optimal one or we design yet another new networking address space.

Re:Why not do multi-level branching?

[LingNoi]

So what happens to all the companies that have already spent thousands of dollars to get an IPv4 block get their addresses taken away from them?

How would you deal with all the internet sites that are now completely unroutable?

If both sides are NATd how would you communicate?

How would you get around the port restriction of NAT? You're assuming 1 ip == 1 computer.

Why would to waste time coming up with some contrived solution that takes much longer and is less supported then simply switching to IPv6 without problems?

Re:Why not do multi-level branching?

[Khyber]

I run QUINTUPLE NAT on my network, I have *ZERO* issues with multi-computer communications.

Guess what happens when everyone moves to IPv6? They're going to lose their IPv4 ANYWAYS so you might as well re-structure the whole thing if you aren't switching over to IPv6.

I built the network that my business runs upon. It's faster than most business websites (at least in my field of business,) and stable as can be.

Been building networks since token rings, friend.

Re:Why not do multi-level branching?

[LingNoi]

Guess what happens when everyone moves to IPv6? They're going to lose their IPv4 ANYWAYS

Actually that's not true. When everyone moves to IPv6 they'll still be able to contact everyone on IPv4 via a dual IP stack implementation which is backward compatible by design and is supported by most supported operating systems including Windows.

Even if that option isn't available IPv4 and IPv6 are forward and backward compatible via a tunnelling as well.

I run QUINTUPLE NAT on my network, I have *ZERO* issues with multi-computer communications.

Good for you but that is on YOUR network. Re-read what I said,

"If both sides are NATd how would you communicate?"

Your implementation still works because the server you're attempting to connect to isn't behind a NAT as well. Hence why your "lets NAT the internet" idea is never going to work.

Even so simply addressing one of my points while ignoring the others doesn't make your idea any more viable.

Been building networks since token rings, friend.

No one cares about how long you've been in the industry. Slashdot isn't a business where you can flash your experience badge and have everyone submit to your superior "knowledge".

I suggest you drop the attitude and learn something about your job because it's pretty clear that if you don't soon you're going to be made obsolete, friend.

Re:Why not do multi-level branching?

[Khyber]

Sorry, my industry has taken what you consider to be "top of the line" and discarded it as useless and obsolete for our purposes.

My personal connection is behind two layers of NAT. I have ZERO connectivity issues with my business site and network from home, without needing a VPN.

My site has taken a redditing, 4chan DDoS and slashdotting all on the same day, and stood up, most websites will never have the capability to claim that. And it was all due to my network construstion.

While you think I'm going to be obsolete, I'm busy producing full crops without requiring light for photosynthesis. I can grasp and understand systems and their processes far faster than you could possibly imagine, and streamline the entire thing.

And that is why I have my job as a research director.

Enjoy being obsolete before the technology even comes out.

Re:Why not do multi-level branching?

[LingNoi]

My personal connection is behind two layers of NAT. I have ZERO connectivity issues with my business site and network from home, without needing a VPN.

How nice for you. What is your point in relation to my original statements that NATing the internet wouldn't work?

My site has taken a redditing, 4chan DDoS and slashdotting all on the same day, and stood up, most websites will never have the capability to claim that.

You mean this? A journal entry doesn't classify as a "slashdotting".

Do you really expect me to be impressed by 6 static content pages with a shopping cart redirecting to a third party payment system? It's laughable that you consider this noteworthy.

I even checked out your other claims, such as Reddit (which you submitted yourself). Wow, how did you stem the tide with those 4 upvotes and 23 comments?! (11 of them being from yourself and the others criticising your website)

The 4chan DDoS I'm guessing you just made up since it makes no sense at all for anonymous to go after you.

None of this information you've posted makes you impressive or knowledgeable about networking. You are simply a fraud who figured no one would call you out of your bullshit. Stop trying to pretend to be something you're not.

Anyway this is besides the point. What has anything you replied with got to do with my or your original comment? Nothing, I think this pretty much shows you're wrong when you can't even back up your original statements and instead simply go completely off topic.

While you think I'm going to be obsolete, I'm busy producing full crops without requiring light for photosynthesis. I can grasp and understand systems and their processes far faster than you could possibly imagine, and streamline the entire thing.

All of which has nothing to do with networking. I'm happy you've decided to switch jobs. IT was obviously not your strong suit.

Hopefully you'll also fix your attitude problem, lying and inability to actually stay on topic. Oh wait, you're just making slashverts my bad. Keep trolling.

Oh and by the way, you're only 28 years old and you think you're old hat?

And that is why I have my job as a research director.

Ofcourse you are Mr. Research Director (turn off your sound folks).

We need home router vendors to move on this

[jonwil]

We need the vendors like Linksys, Belkin, Apple, Netgear, Motorola and others who make the home routers, cable/ADSL modems and modem/router combos to start supporting IPv6.

And we need ISPs to start supporting IPv6 too.

Re:We need home router vendors to move on this

[Abcd1234]

We need the vendors like Linksys, Belkin, Apple, Netgear, Motorola and others who make the home routers, cable/ADSL modems and modem/router combos to start supporting IPv6.

When the heck did you last survey the industry? 2001? These devices already exist. Heck, I bought an $80 consumer-grade 802.11n router that does IPv6 out of the box. And Apple's Airport has supported v6 for years. Even my freakin' iPod Touch supports IPv6 out of the box.

Re:Simple mass fix do this

[Anti+Cheat]

Phase 1 for IPv6 changeover.
First, Just tell the boos that the internet is full unless you buy more. Explain that in order to buy more internet you need the ipv6 extension equipment.
Only tell this in confidence to the highest ranking person wherever you work. This Especially includes those people working at ISP's or other large carriers as they have been feeding their customers with bullshit for years.

Phase 2 or deux
Begin a spam rumor on as many social networking sites as possible. Perhaps even hang out at places that sell $200 monsters HDMI cables...cough...BestBuy.
Simply Tell people that when shopping for a service provider or device, No matter what kind as it really doesn't matter. Tell them that they should ask for, neh demand IPv6 service or built into their watcha-ma-call-it. Anything less and their internet/cell/icpad/pod won't work to it's best. If it isn't ipv6 then internet will have fewer colours, calls will be slow, or sound won't be as clear and pages won't scroll properly and besides ipv4 is old school obsolete crap.

Phase 1-2 is the master plan to get ipv6 adopted. Then everyone can have one number. Doesn't matter what number it is, but everyone can have one.

Re:Gotta love these senseless, yet modded up, post

[LingNoi]

Nice troll. How about you read all the other comments before claiming the GP is offering no proof and launching into a some shit fit.

and as usual it's from an anonymous coward..

Re:Corporate (ab)use of IP ranges

[compro01]

There's not a whole lot of wasted space left. The only reason we've gotten this far is gratuitous use of NAT. Without NAT, we'd have been out of addresses around 2003.

RIPE has been trying to reclaim space and tighten the requirements to get address space, but it's largely pointless and isn't slowing exhaustion down to any relevant degree.

Reclaiming a /16 will delay exhaustion by about 2 hours, so you'd need to reclaim a lot of those to make any difference at all.

Yes, there are some /8s held by the DOD and various companies. Recovering those would be a legal mess, if it's even possible (those blocks were assigned by IANA before the RIRs existed and were assigned without conditions, so it's not clear if anyone even has the authority to reclaim those addresses, never mind how long it would take until those blocks are really to be reassigned), and it would only delay things by about 18 months, then we're back where we are now, and unless you have a hell of a lot more optimism than me, you know that companies and ISPs will sit on their hands for those 18 months rather than work to implement IPv6 networks.

The have and the have nots

[niftymitch]

When we run out the world will not break. The internet will stop growing for a while.

There will be those that have ipv4 addresses and those that do not.

Those on the outside and having only ipv6 connectivity will be limited by the rate of adoption on the client side. There will be glitches as ipv6 traffic traverses ipv4 links and gateways.