Protect Your Pre-1997 IP Address

CWmike writes "With IPv4 space running out any day now, is your legacy IP address space safe? Marc Lindsey writes that if your company obtained its IP address space before 1997, you have probably received several letters from the American Registry for Internet Numbers encouraging you to enter into a contractual agreement to protect the IP address. But should you sign it? Be careful — there are several issues you should consider before signing up for this, writes Lindsey, who offers a deeper look at the issue."

Printable

Save some time, 4 pages is silly given the content.

Printable Version.

Re:Printable

[Lord+Lode]

That link times out for me. It must have lost its IP address!

Seriously?

[DarkKnightRadick]

There is nothing special about IPv4. Upgrade your systems to IPv6 already, folks. It's been around for what? 10 years now? Give me a break.

Re:Seriously?

Upgrade your systems to IPv6 already, folks.

Yeah, just like that. ISPs should replace millions of dollars worth of high end network equipment, find sensible IPv6 transit providers and re-negotiate their peering arrangements (whom may not want to peer with IPv6), then allocate and assign IPv6 addresses to every single IP endpoint on their entire network and then spend a couple of million more replacing end-user network equipment that almost certainly doesn't support IPv6, then await the massive flood of complaints from users who have additional non-IPv6 equipment behind their router which no longer works E.g. almost every consumer VoIP phone every shat out by the lowest bidder.

That's just for a small ISP.

The major force holding back IPv6 deployment is shitty consumer hardware that doesn't "do" IPv6, and shitty network hardware vendors who charge an arm and a leg for IPv6 capable routers etc. (coupled with the fact that people have already invested a lot of money on non-IPv6 hardware anyway). It's not like the ISPs are doing it just to piss you off.

Re:Seriously?

[kantos]

I talked to the IT department at my company recently about this... all of our infrastructure supports IPv6... only one little bit that doesn't... our upstream provider... so until ViaWest gets their act together... we won't have IPv6.

Re:Seriously?

[TheRaven64]

Yeah, just like that. ISPs should replace millions of dollars worth of high end network equipment

ISPs replace millions of dollars worth of high end network equipment every year. Capacity grows fast enough that anything more than a few years old is so laughably obsolete it's not worth maintaining. Anyone who's been buying equipment for an ISP and not mandating IPv6 compatibility for the last ten years really shouldn't still have a job.

Re:Seriously?

[franciscohs]

I'm sorry to have to say this to you like this, but you have no idea what you're talking about. Did you think about the infrastructure where you connect all those PC's?. Take Cisco in the Datacenter for example, current status is:

Routers and switches support IPv6 (excluding Nexus 1000V)
Firewalls (ASA) support IPv6
Firewall Service Modules (Cisco's Datacenter firewall solution) don't support IPv6 in transparent mode, don't support failover in IPv6, don't support IPv6 on hardware (which make them useless for real traffic)
Load Balancers (ACE), no support
WAN optimization, no support
Ironport, no support

etc.

And even if this support comes, in most cases it's not just a simple software update, you have to update the hardware and you're talking 10's of thousands of dollars for each. So believe me, it's not that easy, even with the will and the money, in some cases there is no even offering from the vendors at this point, which is shameful.

Re:Seriously?

[Splab]

We do?

Actually no we don't, because customers (that would be you) aren't willing to pay the actual cost of equipment. Upgrades are something that happens when the old stuff is dead or 5 years has passed (the time it takes to write it off), whichever comes first.

Re:Seriously?

[anegg]

Before you make the upgrade from IPv4 to IPv6 across your network, you will want to make sure that your network equipment can maintain its advertised speeds handling IP v6 traffic. For example, routing equipment and security devices may have had hardware optimizations that work with IPv4 protocol traffic but not IPv6. If your network equipment doesn't support IPv6 traffic at those devices rated performance levels, you will need to analyze your performance needs and equipment upgrade options prior to upgrading your network protocol from IPv4 to IPv6.

Re:Seriously?

[Chemisor]

IPv4 is not going anywhere, even if IPv6 is adopted by the ISPs. There is plenty of hardware around that does not support v6 addressing, like network printers and most current home broadband routers. Just like companies hoard IE6 because their stuff doesn't work without it, so will they keep intranets on IPv4 no matter how much IPv6 propaganda is flung at them. Personally, like most normal people, I have no interest in having any IPv6 on my home network. It is much easier for the ISP to provide a 6to4 gateway and let all the users keep pretending they have an IPv4 address even though it's really IPv6.

Re:Seriously?

[bell.colin]

It's not just Hardware you also have application software with limits, I support several at work that were purchased/developed in the last two year that require connection to a server running a background service.

The field for the server "REQUIRES" a x.x.x.x IP format (won't even except a host-name) and won't work any other way, some of this software is required by state law so it can't be replace with another product. (we have to wait for the lazy software devs at the company to change it)

I hate cheap-ass devs who still write software using their dusty copy of VisualBasic 4,5, or 6 and sell it to our users today for $50K.

Re:Seriously?

[TheCarp]

Which is fine. If I cared (I have been debating it) I could probably get my home internal network doing internal IPv6 and connected out via a tunnel this weekend (if I didn't already have some other things to do, like clean out the room that is to become the new office).

Might be able to do it at a small business, in a few days to weeks, if things were otherwise slow.

Try it on a large multi-site network that runs continuously. Coordinating changes between multiple groups, with varying level of skill and network clue, and varying responsibilities, all while everyone is doing their normal day job.

Shit, its going to take you two years of meetings just to explain to mid level managers why they need to get the high level managers on board so they can make all the little fiefdoms work together on something that isn't directly of interest to any of them, but yours.

Of course, its only two years because I figure its about that long before the high level manager hears some BS about someone else who did IpV6 and then asks the mid level managers that you have been battering for years about why they aren't doing it when these other people are.

Re:Seriously?

[leenks]

Most enterprise "LAN" switches are protocol aware, however. Ever heard of a VLAN? QoS?

More to the point, routers are protocol aware and I'd wager that most are not IPv6 capable, and if they are, they are not part of an IPv6 enabled environment (which might require considerable expense to make it IPv6 enabled, or at least a lot of planning).

Re:Seriously?

[Tony+Hoyle]

The world is consuming a /8 - 16 million addresses - roughly every 3 weeks.

Your piddling 65k addresses for a class B? 2 hours, tops.

Re:Seriously?

[hjf]

ooops... only #2 is TRUE! #1 and #3 are false.

Re:Seriously?

[DarkKnightRadick]

How about not losing their Internet connectivity? Seems like a pretty direct benefit to me.

Re:Seriously?

[NJRoadfan]

The Actiontec MI424WR that Verizon has been deploying for Fios service completely lacks IPv6 support. I'm sure its just a firmware update, but it is kinda silly to leave out IPv6 support. When Verizon built the fiber network, it should have been IPv6 from the start.

Re:Seriously?

[sjames]

Set up a 6to4 gateway somewhere and you can at least get a pilot program going to make sure everything's ready. Then pester your provider.

Re:the internet a fuedal domain

[siride]

Yes, superficially, hierarchies look like other hierarchies.

Why?

[froggymana]

Why would it matter if you have the same IP address you've had for several years? Whats wrong with switching to a different one?

Re:Why?

[isorox]

Why would it matter if you have the same IP address you've had for several years? Whats wrong with switching to a different one?

Ask wikileaks. We're entering a world where you can't rely on DNS.

Re:Why?

[kthreadd]

Why would it matter if you have the same phone number you've had for several years? What's wrong with switching to a different one?

Re:Why?

[TheRaven64]

Not the same. My phone number is published, my IP address isn't. I've moved IP addresses for my server four times in the last year. I set the DNS TTL to a few seconds, wait for old caches to expire, update it to the new address, and then reset the TTL to a longer value. No on notices.

I just moved to a new mobile phone company too. My SIM ID, which is used to uniquely identify my phone on the network, changed. My phone number was moved across. The phone number is just an entry in a database that maps to a SIM ID, just as DNS maps to IP addresses (actually, DNS can map to all sorts of other things, including geospacial coordinates and telephone numbers).

That's why we have these layers of indirection - so the low-level ones can be changed easily.

Re:Why?

[icsx]

Somewhere, just now a blog stating someone's personal opinions about certain government/people/religion/whatever, running on certain domain was directed to bitspace. You still think it can't happen to average person? You grow up.

Re:Why?

[isorox]

Yeah like what happened to them is really likely to happen to the average person. Grow up.

In the mean time, facebook and twitter are banned from China (at least the hotel I was in last month), with the only technical means being a forged DNS entry. The BBC is currently banned because of the Peace prize coverage, I assume the same mechanism. DNS is the weakest link in the internet, and you might not even notice it.

Fast?

[Suki+I]

There are plenty of pieces of hardware that dont support IPv4. Unless you upgrade the hardware to a dual stack configuration. Routers, switches, etc arnt cheap.

Just because the OS supports it, doesnt mean its going to be easy or cheap.

So, fast is not out of the question? ;)

Re:the internet a fuedal domain

[John+Hasler]

It is superficially similar to a simplified approximation of the feudal land-granting system.

Bankrupt companies?

[sunderland56]

So, where does the letter go for all of those bankrupt companies? Silicon Valley post offices must have a large pile of undeliverable ones.

Maybe that's the final legacy of dead startups: their IPV4 address block is worth more than the company ever was.

I got one

[bbn]

I just checked. My 1994 class C is still allocated to me. I have no idea how to regain control over it though as every single contact detail, except my name, is outdated by 15 years.

It was never used on the public internet. But back then they said you should get one for your local lan. This was before everyone started doing 192.168.x.y. So I applied for a class C and got it.

Even if I did manage to get RIPE to correct the contact details, I do not know any ISP who would advertize it for me. So this class C is part of the dead IPv4 space that will probably never get used.

Re:I got one

[Spazmania]

IANAL, but here's some perspective from someone who has been in the thick of the ARIN policy process for the last few years:

First, you're talking about RIPE (european IP addresses) while the article is about the registration services process at ARIN (north american IP addresses).

Had you been talking about ARIN, this is frankly the kind of thing where you'll want to sign the LRSA and soon. ARIN will work with you to nail down the details and confirm the registration but they'll want to normalize their relationship with you via a signed contract first. I think they'll still update if you come to them with ironclad documentation, but if you had ironclad documentation you'd have been the kind of person who kept the registration up to date to begin with.

For those who are still contactable via at least the email address published on the registration, now is not the time to sign the LRSA. ARIN claims you have more rights under the LRSA than under the regular RSA but on close examination the claim doesn't really hold up. It's a standard adhesion contract in which the powerful party has reserved the rights to themselves.

That having been said, keep tabs on proposed ARIN policy every 6 months or so. ARIN probably won't seek the legal liability from trying to seize legacy registrations that are obviously in use, but the situation could change.

If you are in the situation where your contact details are dead, I personally think you SHOULD sign the LRSA and normalize things with ARIN. A /24 is going to be worth at least $1000 within 12 months, and probably a lot more. IPv6 won't deploy fast enough, the IPv4 free pool will be gone by mid year and the only source of new IPv4 addresses will be folks who are willing to sell.

On the other side, the unrouted dead registrations without valid contacts are very likely to evaporate in the next 24 months. The ARIN policies for this sort of reclamation aren't in place yet, but mark my words: they will be.

Re:I got one

[Tony+Hoyle]

"But what's going to happen? Will IANA stop giving out numbers and say, "sorry, nothing we can do. No more numbers."

Yes. Quite possibly in less than a month.

When we're down to 5 /8's they're distributed to the RIRs automatically and IANA shuts down its ipv4 operations forever.

The RIRs then have until their v4 pool runs dry - they won't get any more - which may be quite quick for some (like apnic) and slower for others.

After that it's down to what ISPs have - they'll probably ramp up their prices for v4 an instigate such horrors as carrier grade NAT, just to stretch it out, but it's just postponing the inevitable.

And yeah, potentially this is bigger than y2k and the great unwashe don't even know it's happening - even though it *will* affect them.

Re:I got one

[Surt]

With y2k, there was significant worry that existing infrastructure would cease to function. With this, it's mostly a threat of new services not being able to get started. Slowing growth is much less worrisome than an immediate reversal of 50 years of progress.

Re:the internet a fuedal domain

[ColdWetDog]

Help! Help!

I'm being repressed!

Ya not so much actually

[Sycraft-fu]

I work at a university which is an ISP, as most universities are. We are still using Cisco 6500s from about 10 years ago, and will continue to use those 6500s for some time. They are actually upgrading a few of the core routers soon, but basically only because the central network guys want new toys to play with, the 6500s work fine. Despite the massive increase in campus bandwidth, those 6500s work just fine. We'd probably have to move to something bigger than 10gbit connections to buildings (which we are actually just moving to now) before they wouldn't.

Now the 6500s are flexible platforms, and you can buy new supervisors to do IPv6. We actually did this a couple years ago... At a cost of about $10,000,000. That is just to serve the 50,000ish users on campus. Also that is only the big core equipment. The edge equipment didn't have to be upgraded since it is all switched at that point.

This idea that ISPs just trash tons of high end equipment every year is stupid. High end stuff doesn't get replaced until it is necessary, and that can be a long, long time. If you want them to buy all new hardware yearly, well then be prepared for your bill to go way up.

Also, that isn't the only problem. IPv6 support is not good at all in the home. A lot of routers don't support IPv6. I bought a Linksys router/WAP about a year ago, one of the N ones even, no IPv6 support. So if my ISP went all v6 I'd have to rebuy it and you know people would be mad about that. Even computers are problematic. There's a lot of XP systems out there and it has no IPv6 support. Sure it can be installed, you really thing a non-technical user can handle that?

Before IPv6 is feasible we not only need more ISP upgrades, we need more upgrades at home. Also, we really aren't going to need a good 4-to-6 setup. We need some way in the home that old devices that don't support v6 and can't be upgraded can get a v4 address that can then be routed transparently through the connection's v6 address. If that exists, I've not seen it.

It is a complex issue, and hence not something that will get solved quickly. I don't think we'll really start seeing IPv6 adoption in a big way for several more years. Once device support is far more wide spread, and more network equipment has been upgraded, it'll be more feasible. Also, when IPv4 really DOES start to deplete, and by that I mean companies start to run out of addresses not just that the top level assignments are gone, then there'll be pressure to make it happen.

People forget that the "running out" that is spoken of isn't that all addresses will be gone. It is that all available high level blocks will be allocated to regional registrars. They will still have space to allocate, and even when they run out most ISPs will still have space to allocate. It is when the ISPs start running out, that is when we are ACTUALLY running out of IPv4 space in a meaningful way, and there'll be pressure to move to something larger.

Re:Home Router Support exists

[zach_the_lizard]

IIRC, DD-WRT removed ipv6 support in some builds so they could cram in other features like...RIPv2. My Linksys router has no v6 support with DDWRT.

Re:who cares

[UncleFluffy]

w/out Javascript and w/out Flash, the web would be a much more useful (and usable) place.