Slashdot Mirror
Free IPv4 Pool Now Down To Seven /8s
Zocalo writes "For those of you keeping score, ICANN just allocated another four /8 IPv4 blocks; 23/8 and 100/8 to ARIN, 5/8 and 37/8 to RIPE, leaving just seven /8s unassigned. In effect however, this means that there are now just two /8s available before the entire pool will be assigned due to an arrangement whereby the five Regional Internet Registries would each automatically receive one of the final five /8s once that threshold was met. The IPv4 Address Report counter at Potaroo.net is pending an update and still saying 96 days, but it's now starting to look doubtful that we're going to even make it to January."
So, I keep hearing all this news about them running low... What happens when we run out?
-Taylor
Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
... since the unexpected end of the century in '99.
(What is actually surprising is that the internet still hasn't widely adopted IP6, and ISPs are now turning to ludicrous measures - NAT - to keep avoiding what makes sense.)
where is ATT and comcast with IPV6?
And have to push new TCP/IP stacks for most operating systems to get them to understand that that is now viable space. This would be effort better spent on just going IPv6.
Here is a good blog post on why this wouldn't work: http://packetlife.net/blog/2010/oct/14/ipv4-exhaustion-what-about-class-e-addresses/
Remember before Y2k almost all computer manufacturers placed "Y2k Compliant" or "Y2k Ready" logos on everything from bare computer cases to speakers? Well I cant wait for my "IPv6 Ready" USB keyboard...
How will I ever be able to use my twittering armchair fart detector?
Well, you'll have to choose between a NAT twittering armchair fart detector and an IPv6 twittering armchair fart detector!
Does anybody wanna buy an......eight? http://www.youtube.com/watch?v=rfelvI_ikf4
Whens slashdot going to go ipv6?
Because I'm on it right now yet I see no AAAA record. Pretty much anyone on Comcast can get a 6rd address at the drop of a hat; native dual stack is coming. Other providers will have to get on the bandwagon soon I gather. Whine endless about the end of ipv4 after you've already made arrangements to join the modern age.
If we are to do that then the address field of the packet header should be a null-terminated string, not a fixed or limited size.
Note that if you embed the length in the header you have to decide how wide the length field is, which then limits the string length. Though I'll accept arguments to the effect that an 18e18-character address should be enough for anyone.
Will everyone using Hamachi be unable to reach whoever gets a 5/8 address?
I'm frankly terrified that the "solution" to this is not to fix the underlying issue, but instead to layer work-arounds on it.
Not to mention, unless I'm much mistaken a NAT can support 65536 connections at maximum (number of valid ports for outgoing connections). A /8 network might be okay, but putting a larger network behind NAT isn't going to help, and you can't layer them (because you still need a port free for the connection). We're going to run out, NAT just delays the inevitable by layering a giant administrative headache on the top.
what needs "public" IPs?
Anything that wants to participate in the peer-to-peer internet as a peer.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
And every router. In every office. And every home.
And who knows how many routers would have those addresses hardcoded in hardware.
It's probably just as easy to go IPv6, when you consider the hassles and testing.
Be relentless!
I can announce and route down to a /32. It's up to my peers to accept that announcement. Some may and some may not. It depends upon politics, payment, router memory and BOFH whim.
A /24 is commonly the longest network accepted for re-announcement, but that is not a hard rule.
-- I have a private email server in my basement.
They did not bother, because they thought if there was a freaking decade to roll it out, that would be plenty of time.
Go green: turn off your refrigerator.
Well, that was very helpful, and thank you for your enlightened and useful response!
The whole thing is a lesson in waste and inefficiency.
Every business that I have ever known, or been involved with its network, was delivered anywhere from 4-32 IP addresses on their T1 lines. Just recently I setup a new business cablemodem connection and they just gave me ,without me asking, 8 IP addresses.
What the heck do I need 8 IP addresses for at a branch office? I don't really know of any businesses that really need a static IP address, much less multiple ones to host multiple publicly addressable servers. Everyone is either using the "cloud" or hosted services at a colo.
Demand is going to change things quite quickly. I expect that the first T1 line that is held up because there is no IP address for it is going to start things rolling. NAT is not a perfect solution and I sincerely doubt a company paying $500+ a month for a T1 is going to settle for being treated that way. Certainly not the IT staff.
Most guys I know are quite reasonable. If any ISP came to me and asked to reduce me down to 1 or 2 IP addresses per branch office or connection I would readily agree.
Now in the colo... that is another matter entirely. Some places I work with actually use a couple hundred different IP addresses for legitimate reasons.
It's all waste. IP address reclamation will get us back at least 40% of the address space.
3ffe:1900:4545:3:200:f8ff:fe21:67cf
That would be 63.254.25.0.69.69.0.3.2.0.248.255.254.33.103.207 using your scheme which is horrible. Is also leaves out the most useful compression feature, so you can write 3ffe:1900::/32 instead of 63.254.25.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0/32. Just counting out the correct numbers of .0 is horrible.
Practical real life IPv6 addresses often use compression: ipv6.l.google.com has IPv6 address 2a00:1450:8005::63, ipv6.myip.dk has IPv6 address 2001:470:27:f9::2, ipv6.net has IPv6 address 2a00:1188:5:2::8. If you care about your address you can make it short, since the last 64 bits is yours to decide.
Actually it does support TLS, it just doesn't support SNI. Or actually IE and Safari only, because they use the windows library. Firefox and Chrome use the library first developed at Netscape and Opera uses OpenSSL.
But as SNI is the part that adds 'Namebased virtual hosts' to TLS, the result is the same as you mentioned. Everything that wants to use a certificate still needs it's own IPv4-address (and/or IPv6 address) for now.
New things are always on the horizon
NAT can be implemented a huge number of ways.
On small class C networks, especially when using consumer grade equipment, it's very common to put the entire network behind a single external IP address. Each outgoing connection is assigned a port on the NAT box. Network utilization on a class C should never be so great as to exhaust the number of available ports. This is many to one NAT.
For larger corporate networks, it's common to use a pool of IP addresses on a more advanced router. Because each IP address has it's own pool of available ports, many more connections are available.
Finally, it's possible to abhor the use of port mapping, and simply assign an IP address to each client host that connects through the router, and simply redirect all traffic back to the client that initiated the first connection. Since each client has an entire IP, all traffic to that IP would be redirected back to the client, with a 1 to 1 port map. This would essentially permit any protocol to work through the NAT box, including active FTP and some of the other PITA protocols This approach also means that you only have to have enough IPs to support your active users, instead of every user on your network.
With that said, it's been a long time since I was building firewalls, so some of my terminology may be off, or incorrect. Hopefully someone can clarify any mistakes I've made.
IP address reclamation will get us back at least 40% of the address space.
But not necessaries usable addresses on routable boundaries.
-- I have a private email server in my basement.
Just tacking on more numbers becomes a problem because IPv6 addresses are 128 bits long and not 32 bits like IPv4. 1.1.209.85.255.147 is only a 48 bit number. An example of a 128 bit IP address in decimal would be 209.85.255.147.236.152.95.220.51.119.152.21.201.103.118.1 Having to use up to 64 digits to describe one address is not efficient, even if using only numbers are easier to say or remember than alphanumeric hex.
How long before I can get the address 255.255.255.255? I wanna set up a website called 'endoftheinternet.com'!
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
IPv6 solves problems beyond just the raw number of bits for addressing.
In your example, 48 bits isn't enough space--in a few years we would be doing another next-gen IP, after implementing IPng as the CTOs start panicking. I don't want to deploy a new Internet every two decades, I'd rather get past the flaws in IPv4 once for my lifetime and start thinking about Y2038.
Convention is meant to be broken. But perhaps you ignore that we're speaking about bits, not decimal data. The subnet mask FFFFFF00 I see in ifconfig has the same meaning as /24 or 1111-1111 1111-1111 1111-1111 0000-0000 and we all know that because we're smart enough to read slashdot.
Decimal address can used all you like in IPv6. If you like 208.80.11.254, address your host as 2620:0:c0:1:208:80:11:254 and be happy; meanwhile I'd rather use stateless autoconfiguration or a simple address like n:n:n:1::53 for my nameserver.
Adoption could be less painless if you weren't citing address space that was deprecated and removed from the Internet five years ago. How is the 6bone keeping its memory alive for so long? Use 2001:db8:: for examples, or at least start an address with operational space like 2610. RIP 3ffe, 6/6/6.
Not to mention, unless I'm much mistaken a NAT can support 65536 connections at maximum (number of valid ports for outgoing connections).
I believe that with TCP the limit is 65536 concurrent connections to one host and port. In other words, you can use the same source port for two concurrent, outgoing connections at the same time as long as the destination is different. (This is similar to the principle of how more than one connection to a single port on a server work without problems as long as the client host/ip combination is different.)
It will, ARIN will start handing out /28's. You think routers are choking on routes now, just wait. Edge networks that are multihomed will be ok, you can drop large swaths of announcements and still get plenty of diversity; in the core however....gonna suck for them. Or not...we'll see how it goes.
https://www.arin.net/policy/nrpm.html#four10
er, I have several publicly routable /29 blocks at several clients. Care to clarify your statement? As posted, it is misleading at best.
Sounds like something ISPs actually wouldn't mind obstructing.
Why is IPv6 not based on MAC adresses? I've never understood this. Every piece of electronics capable of connecting to a network has at least one unique hardware id already. Why do we need a new one? Is there are reason not to just use this number? Or have I misunderstood, and this actually IS the plan.
The colons and hex are for typing it in. It stored in 16 bytes on disk, just like ipv4 addresses are stored in 4 bytes currently. There are lots of ways of representing a v6 address, though, just like there are lots of ways of representing a v4 address (hex, being among them, iirc, and for a while firefox would let you type in the unsigned integer that the 4 bytes represent and would translate that directly.)
The rest of us will just use a lookup service to map an easily remembered string to the v6 numerical address. At the moment, though, I'm not sure I cann think of an analogous service for ipv4, but I'm sure someone's doing it.
Can you be Even More Awesome?!
No, there is no such limitation. You are mistaken. Connections can be matched based on both a port and a remote destination, so the same mapped port could be used for multiple connections.
What you wanted to say is that NAT is limited to 65535 unique host mappings (i.e. that many IP's hidden behind one IP). Well, if we can extend IPv4 number of hosts that many times, we should be good for a few thousand years :)
Not true at all. It is possible to establish a direct peer to peer connection between two hosts which are *both* behind NAT. You do need a "rendezvous" server to bounce a few packets - that's not hard to do, and can be easily accommodated as part of any other P2P infrastructure (or even outside of it).
In fact, running P2P in that manner would significantly increase privacy of its participants because to anyone outside a given network there will no longer be a visible single mapping of IP to a "person" (or household etc).
A curious key thing I fail to understand about this issue is why the ip4/ip6 issue encourages people to act so rudely towards other professionals who demonstrate at least some grasp of the underlying issue.
I think you ask a reasonable question, the question in my mind similar to yours: the transition from ip4/ip6 appears to be hard and this is a factor in it's slow adoption so what prevented the design a more gentler protocol that provided a smoother/simpler transition; particularly given our heavy reliance on this network in so many facets of our civilization?
As a programmer that does alot of network type stuff close to the metal, frequently designing my own OSI 7 protocols, I understand ip4 and higher layers very well, better than most IT professionals; but certainly not as well as a carrier network engineer. I know little about IP6 other than than regular reports about it's high barrier to entry and the inherent complexity associated with the change over. Maybe I need to make time and learn more about it now; but life is busy and other things compete for my time.
But to such questions can always be counted on being treated rudely by ip6 zealots. Just like the ruby programming language, I am keen to learn more when I get the spare time, and I dabble when I can, but in some ways disinclined given how rude and obnoxious the community advocating it can be.
Honestly, by reading your first two bullet points I really thought your post was a good joke. But when I consider the entirety of what you've written, there is a distinct possibility that it may be instead a sad story.
I doubt that, there'd be no reason for anyone to write it up to not understand 240*
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
FTFY
What is the difference for IPv6 ?
Their currently is one IPv6-DNS-blocklist, they use something like: 5 bad IP's in one /64, block the whole /64, 5 bad /64 block the whole /48. Or some system like that.
Or do you mean their isn't enough tooling yet ?
New things are always on the horizon
You complain that IPv6 people are rude to you, but bring this little gem to the table:
The truth is you do need to make time and learn more about it now. Really, if you've grasped IPv4 you will grasp IPv6 too. Spend a couple evenings with an Oreilly book and you will be fine.
Lots and lots of documentation on that. Google for "nat" and "rendezvous".
Here is a first random link I came up with: http://www.brynosaurus.com/pub/net/p2pnat/
Basically, rendezvous server (a host with "real" IP out there) punches a "hole" in each NAT for and on behalf of the respective counterparty. Once it made those "holes", parties communicate directly. Done.
It would probably on buy a few more years to reclaim these addresses and chop them up, but surely the problem is just poor usage as opposed to exhaustion.
*SLAP*
Seriously, we've already done this. Repeatedly. At no point has the actual transition started happening, even with all the 'extra time' given it.
Attempting to figure out a way to get more time will not actually solve the problem at all.
At the very least, we need IPv4 to blow up first, so the transition actually starts. After that point, if need be, we can start looking for more IPs to use during the transition.
But first, we actually have to start.
I got new ISP service in August. I got a router with it. This router does not do IPv6. In August. 2010.
The problem isn't 'lack of time', the problem is LACK OF STARTING.
If corporations are people, aren't stockholders guilty of slavery?
Not to mention, unless I'm much mistaken a NAT can support 65536 connections at maximum
This is not true, at least for TCP connections. While many implementations might have this limit for simplicity sake, there is no actual reason why you can't use the same local port for different destinations, e.g. TCP port 1000 could have active connections to www.slashdot.org on port 80 and to www.microsft.com on port 80 and there is sufficient information in each packet to work out which of those two connections each packet belongs to. You see this type of multiplexing in reverse on servers where port 80 might have thousands of connections to it active at once.
> I agree that the MAC address based network address is
> scary but I wonder how much of a signature they already
> have from other properties of my computer.. I wonder
> how long before the IPv6 address is used to try and
> prove that it was a specific computer that generated
> some traffic.
Here's a computer-user IQ test. Question "what is your MAC address?"
* Typical user... I don't got a Mac, I got a Winders PC.
* Competent user... checks his network config and supplies answer.
* l33t h@x0r d00d... what do you want it to be?
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user