Slashdot Mirror
Last Days For Central IPv4 Address Pool
jibjibjib writes "According to projections by APNIC Chief Scientist Geoff Huston, IANA's central IPv4 address pool is expected to run out any day now, leaving the internet with a very limited remaining supply of addresses. APNIC will probably request two /8s (33 million addresses) within the next few weeks. This will leave five /8s available, which will be immediately distributed to the five Regional Internet Registries in accordance with IANA policy. It's expected that APNIC's own address pool will run low during 2011, making ISPs and businesses in the Asia-Pacific region the first to feel the effects of IPv4 exhaustion. The long-term solution to IP address exhaustion is provided by IPv6, the next version of the Internet Protocol. IPv6 has been an internet standard for over a decade, but is still unsupported on many networks and makes up an almost negligible fraction of Internet traffic. Unless ISPs dramatically accelerate the pace of IPv6 deployment, users in some regions will be stuck on IPv4-only connections while ISPs in other regions run out of public IPv4 addresses, leading to a fragmented Internet without the universal connectivity we've previously taken for granted."
I'm running IPv6 via tunnels since 2001. I'm running native IPv6 since my ISP did their first try-out via ADSL.
Come on guys, it is not that difficult. Why is slashdot.org still not accessible via IPv6?
bash$
Business organizations, like politicians, are usually extraordinarily risk-averse. This touches both in many ways, across many countries. As a result, there won't be any serious pushes into IPv6 until organizations can clearly quantify the damages that will be done from dragging their feet further. Only a small percentage of organizations will fully commit to IPv6 until the guaranteed costs of waiting exceeds the projected costs of moving forward.
Nobody should have expected anything different once the internet became controlled predominantly by public political and private business interests.
It's called "tunneling." If you're playing those on a modern system capable of IPv6, the system can make the game see an IPv4 connection. It doesn't have to know the IPv4 connection is wrapped inside a v6 connection.
People never do things en-masse because they thought it's a good idea. They do them because they're out of other options. No surprise there.
Experiments and other stuff
Most isp's don't give out ip6 addresses
Most home routers don't handle ip6 (apple is a notable exception here)
This is going to be a bit ugly for a while.
There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
We know already. Just about everyone on slashdot has setup IPv6 at home, and most likely given up on it later as there is little to access on it.
Until we pressure the ISP's to give everyone native IPv6 this thing isn't going to go anywhere. If the ISP's lead the big retailers will follow, other sites will follow them. The very last thing anyone wants is ISP level NAT but that is exactly what we are going to see if we don't fix the current mess.
*points above*
That was the entire point of my post. You can give the game its own little network world. It sees IPv4, and the host does the translation to and from. When configured correctly, as with any app that no longer conforms to current technology standards, the app has its own little bubble where everything works as expected even though the rest of the world has moved on.
Next thing you tell me you can't own domain names or email addresses either? Of course you can't own numbers, but you can own IPv4 addresses
You can't own an IPv4 address. That's been the policy for over a decade.
And no, you can't own a domain name either. If you don't pay the renewal fee, and anyone can register it after it lapses - so you're just licensing or leasing it.
And since email addresses are connected to domain names, you don't own them either.
If so, then people could have been upgrading to IPv6 over the last 10 years as opportunities arose (ie as old equipment needed replacing they'd have replaced with the IPv6 option) and still have been able to see the IPv4 world. As more w/s moved to IPv6 only there would be a compelling reason for more people to follow suit
Once all traffic was using IPv6 there could be an update to free up those first 'n' address for use in IPv6, though there's so many addresses that might not be required for quite some time, so the natural upgrading of equipment would see them made available over the next 5 or 10 years without needing any big splash upgrades.
Or am I completely missing something that would have made this impossible?
Eclectic beats from Leeds, UK
handmadehands.co.uk
It's the apocalypse! Aaaaaaaah! We're doooooooomed! Now I've got that out of my system, get your arses in gear, ISPs and site owners. We're counting on you. We know you can do it.
There's a very simple solution to this. We should be renting IP addresses, not handing them out. Make publicly routable IP addresses cost $1 a month. Many class A owners would be dying to give back address space that they aren't using. Isn't that the answer to a limited supply of anything? Set a value to them so they aren't wasted.
You're overlooking that an IPv4 only host can't RESPOND to an IPv6 address. Instead you get IP6to4 NAT, which has to be a service provided by someone, that connects the IPv6 network to the IPv4 network, so the IPv4 destination sees the request originating from an IPv4 address.
it won't see an IPv6 address 'string'. That's the whole point.
NAT has been a solved problem for over a decade. an IPv4 network NATted behind an IPv6 network is not hard.
You do realize that the ISPs would be the ones doing the prioritizing, right?
I don't use "can" to mean "may" I use it as "it would not be impossible."
Ownership of domain names is good enough to call it that for economic purposes... You have full control over what happens to it, what DNS records are kept with it, who to trade it with, for all intents/purposes you own it.
Again, you're factually wrong. As I pointed out, you cannot, contrary to your original assertion, own an IP address. Ditto with a domain name. You only lease/license them.
If you stop paying your car license plates, you still own your car - you just can't drive it on public roads. You stop paying your domain registration, you lose it. Same thing with "ownership" or an IP address or domain.
ARIN reserves the right to revoke IP address allocations at any time and without prior notice. So much for your "ownership" theory.
Wrapping IPV4 ain't the problem, it is the elephants in the room that have been allowed to grow too massive and are gonna be hell to deal with, if they even can on a timely basis.
One elephant in the room is the MASSIVE amount of eWaste that is gonna be generated. Hell a good 90% of the under $100 routers being sold right now don't support IPV6, and that don't count all of the routers, switches, cable and DSL modems, etc that are simply not gonna work with IPV6 and gonna have to be shitcanned. Imagine a good 85% of all the home routers thrown in the garbage at the same time, along with probably 50% or more of the cable and DSL modems. That is a serious amount of garbage that is gonna be hitting the landfills all at once.
The other elephant is thanks to corps lowballing IT for years there has been a SERIOUS brain drain with very few going into IT so you have a ton of older workers who aren't up to speed and are gonna be expected to get fluent with a totally new way of networking in...oh right about now. Thanks to the shitty hours and constantly being expected to do ever more with ever less resources many of the good IT guys I knew have already left or are looking to get out, so what you have left in many of the flyover states is the bottom of the IT barrel and problems that would take an hour or two at most with IPV4 will end up taking days or weeks with IPV6 simply because the guys you have left are old, don't have the skills, haven't kept up, and have based their troubleshooting steps on tools and techniques that simply don't work anymore.
So anyway you look at it IPV6 is gonna be a serious clusterfuck. The idiot that made IPV6 without designing backwards compatibility really needs to be shot because instead of a slow ramp up we are gonna end up in a "ZOMG we are fucked! SWITCH IT NOW!" kind of situation and we simply don't have the manpower or skillsets required to do a countrywide or even a regional switchover ATM. All the years of corporations lowballing their IT and the ISPs paying crappy money for managers and IT staff is gonna come back and bite them in the ass, and bite them HARD. Between the eWaste, the lack of manpower with the relevant skillsets, the massive understaffing at most ISPs compared to the job at hand, it is just gonna be a giant fucking mess.
ACs don't waste your time replying, your posts are never seen by me.
At least a good amount of them can be refitted for IPv6 due to installing OpenWRT or DD-WRT or any of the other distributions out there. Maybe it's a business opportunity, flashing home routers to use one of those and reconfigure them to the initial settings afterwards?
If you think NAT and DHCP solve the myriad problems associated with IPv4, you're not qualified to be speaking on the subject.
Periodically they announce "Oh Noes! We are about to run out of IPv4 space any minute now!
No they don't. What has been said over and over again is that we will run out of IPv4 address space and the "when" hasn't really moved much, it's just that every time the warning come up the "32 bits is just fine besides I don't understand this new-fangled eye-pee-vee-SIX thing and new things scare me, also, we locked ourselves into IPv4-only network gear because we're idiots who don't really know what we're doing"-crowd start screaming that those trying to get IPv6 adoption going are just alarmists.
Unless you have no understanding of networking (or you're an ISP) you really really really don't want ISP-wide NAT.
Greylisting is to SMTP as NAT is to IPv4
You can't own an IPv4 address. That's been the policy for over a decade.
The policy of the organization that OWNS them.
The problem is that the central orgs that assign IP address spaces reserve the right to revoke them at any time, for any reason (or no reason). So unless you're IANA or APNIC or RIPE or one of the other regional authorities, forget it.
Also, even they don't "own" the numbers - they just administer them. Nobody "owns" them. You can't "own" a number.
There's nothing to stop you from creating your own network, and using the same set of 4 billion numbers.
There's nothing to stop me from setting up a lilypad of wireless networked machines using the same set of numbers, running my own DNS server, and serving up my own domain system to whoever adds those servers to their /etc/resolv.conf file. Since it wouldn't be "The" Internet, just an "internet", it would be a good way for municipalities to neatly sidestep the incumbents attacks on municipal free access. Let individuals provide the gateways to the "real" internet.
What I don't get is why the people who came up with IPv6 didn't make the upgrade path easier? Obviously I'm missing something, but what if (for the sake of argument) they had decided that the first 'n' IPv6 addresses would correspond to the complete set of IPv4 addresses, and all IPv6 routers, etc, would understand that one of the first IPv6 addresses meant 'route the traffic to the corresponding IPv4 address'. Could that have been done?
This is the way it is. The first 4 billion IPv6 addresses maps to the entire IPv4 address space.
If so, then people could have been upgrading to IPv6 over the last 10 years as opportunities arose (ie as old equipment needed replacing they'd have replaced with the IPv6 option) and still have been able to see the IPv4 world. As more w/s moved to IPv6 only there would be a compelling reason for more people to follow suit ...
People could have been doing that but they didn't. So here we are.
Or am I completely missing something that would have made this impossible?
Yes, just mapping between IPv4 and IPv6 using this mechanism does not make it possible for your old IPv4 host to communicate with a IPv6 host using an address outside the 4 billion address space supported by IPv4. So what you describe is not actually backwards compability.
The real compability is called "dual stack" meaning all IPv6 hosts also have IPv4. As we are running out of IPv4 this might be using NAT to conserve addresses. People have been doing dual stack for a decade now, but just not enough. It is said about 0.5% of the traffic is on IPv6.
Your ISP was supposed to give you an IPv6 address along with your IPv4 address 10 years ago. But they didn't.
Your OS provider was supposed to make your OS support dual stack 10 years ago. They actually did.
Your router provider was supposed to make your router dual stack capable 10 years ago. They didn't.
Your software provider was supposed to implement dual stack support 10 years ago. To a large extend they did, but some programs are still lacking here.
IPv6 is great, but they could have solved the problem far more elegantly 10 years ago.
Add two octets to the front of v4. Solved after a firmware flash.
Any existing IP becomes 1.0.x.x.x.x
If a router encounters a x.x.x.x address, it just appends 1.0 to the front.
The old internet and the new internet would have run side by side - for the most part working fine until everyone had updated their firmware.
Sure, it's not the engineering solution v6 is, but it would have been in use long ago.
They did this. Except they added 12 octets in front of v4 and mapped existing v4 addresses to 0.0.0.0.0.0.0.0.0.0.0.0.x.x.x.x.
And the old and new internet runs side by side currently and we are just waiting for everyone to update their firmware.
OK. We run out of IPv4 addresses. So what? It's not like the 4 billion existing addresses are going to suddenly evaporate. Everything will continue to work just fine, and if you're late to the party, well, it sucks to be you.
Just put up a sign "The Internet is full, go home."
What I don't get is why the people who came up with IPv6 didn't make the upgrade path easier?
Because it was a hard problem to shoehorn more addresses into 32 bits. Instead of doing that they choose a 10+ year transition strategy where IPv6 could run along side IPv4. For over the last 10 years they have been saying this day is coming. Microsoft listened (XP supports IPv6), Apple listened, the Linux and *BSD developers listened as did Sun, HP, SGI. Just about any end user general purpose computer shipped in the last 10 years has supported IPv6. The big router vendors support IPv6 though it took a few years for support to make it to the silicon they have been able to move IPv6 packets for a around a decade now.
What hasn't been available is home CPE equipment and ISP's willing to offer native IPv6 connections and it is not like they didn't know this day was coming. Go read the NANOG archives.
This day was supposed to be a non-event. Most of the traffic was supposed to be on the IPv6 network by now.
The products we ship have supported IPv6 for over a decade now.
I've had IPv6 at home via. a tunnel to HE.NET for 7+ years now.
Please back that statement up with some sort of evidence. I have worked for ISPs and have never heard of any such policy.
Rationing IPv4 would be like rationing currency. Since you're schooled in economics, consider what would happen if a country's Mint decided that only 2 billion units of currency would ever be minted (say because they ran out of serial numbers). The country could function, but with a pointlessly crippled economy.
I'm surprised anyone who is clearly schooled in economics (but perhaps not of IT) would not see this obvious correlation and basically identical consequences of rationing what is ultimately just a technical detail of a critical transactions mechanism.
Fortunately, IPv4 addresses will actually DECREASE in "value" as IPv6 takes hold: they'll be like that pile of francs and d.marks and lira you've somehow still got in the bottom of your travel case (hey, maybe 7.7.7.7 will become a collector's item...)
An easy way to promote IPv6 would be if it were know or assumed that Google assigns higher pagerank to sites using IPv6 addresses. Then it would be something that customers of hosting companies would insist on, at least.
see a Text Widget
It is actually mapped to both ::/96 and ::ffff:0/96 with the first option being depricated now, se historical notes on the ipv6 address page on wikipedia.
In practice neither is very useful except in a program that wants to use one data structure to store both v4 and v6 addresses.
There is a list here of IPv6 capable routers:
http://www.sixxs.net/wiki/Routers
The list is by no means complete, so if you are aware of others then be sure to add it the list (you will need to register for a Sixxs account).
BTW At this point, if your ISP does not provide IPv6 support then you can try out 6to4 or Teredo. Myself I am currently using 6to4, since this is support by the Apple Airport Extreme, and all the devices on my network have an IPv6 address this way.
Jumpstart the tartan drive.
Put a squid proxy on a host with both 6 and 4 connectivity.
Do daemons dream of electric sleep()?
I'm a layman at the logistics of what this means, but this guy's talk at DEFCON made sense to me http://www.youtube.com/watch?v=2clTKh2vFAE
The "CS People" came up with the solution over 15 years ago. In fact, IP6 is a sucky, stripped down half-assed implementation of that really cool solution. Be sure to let the masses know it was power and money grubbing incompetent executive and managerial wankers who repeatedly delayed execution of the solution.
Problem was it greated more work without benefit.
Of course it did! It's a major infrastructure change! It's not like we were "upgrading the internet" to make it run faster. The entire issue was that our current addressing infrastructure was inadequate. It's like saying, "this road doesn't go to the housing development that they're building up the road - we should make it longer", then complaining that the existing drivers didn't see any benefit. Everyone on the internet right now is fine - it's everyone who's not that this will benefit. So of course it's work without benefit for those of us here now!
Velociraptor = Distiraptor / Timeraptor
In fact, the opposite will become true soon (once a RIR gets close to exhaustion, i.e. only one /8 block left) in a number of regions: You only get IPv4 addresses if you also take IPv6 addresses.
It should be sort of obvious, but "ownership" is an institution that only holds practical meaning in the presence of government to define what is ownable, the limits if ownability, and to protect the rights of owners with police force.
Don't blame me, I voted for Baltar.
The cost to switch to IPv6 is not flipping a switch. It will cost trillions upon trillions of dollars globally to migrate. Selling investments like that in the middle of a global recession is not small potatoes
People on slahsdot talk about IPv6 migration like it is simple - it is NOT. There are a lot more devices than your local router, and a lot more pieces of software then your desktop OS, that have to support IPv6 before it can be migrated. Companies have decades worth of software with hundreds upon hundreds of millions of lines of code, all assuming an IP is 4 bytes.
The IPv6 switchover makes the Y2k thing look like small potatoes, namely because the IP stack is a much more integral piece of functionality in a lot of software than the absolute date ever was - that and you have a lot more to switch over today than you did in 1999.
....simply because the guys you have left are old, don't have the skills, haven't kept up, and have based their troubleshooting steps on tools and techniques that simply don't work anymore....
You know something, kid? I look forward to the time when you're 'old.'
Oh, and by the way? I don't care if you're smart enough to give Robert Metcalfe a run for his money and young enough to still be sucking on your thumb: With an attitude like yours, don't come around here looking for a job.
Regards;
OK supergenius, just exactly what is your cunning plan for a backward compatible protocol that both expands the address space and is backward compatible?
Other than dual stack that is. I'm running dual stack right now. I have perfectly good access to v4 only services through v4 and I have access to v6 only services through v6. Where's the problem? We've had over a decade to switch gracefully and a zillion piss on fires managers are all busy waiting for it to become an emergency before they allow anyone to even consider doing anything about it.
Perhaps we're better off if the corps that have been killing the field of IT for years finally sink into the slime never to be seen again.
What I don't get is why the people who came up with IPv6 didn't make the upgrade path easier? Obviously I'm missing something, but what if (for the sake of argument) they had decided that the first 'n' IPv6 addresses would correspond to the complete set of IPv4 addresses, and all IPv6 routers, etc, would understand that one of the first IPv6 addresses meant 'route the traffic to the corresponding IPv4 address'. Could that have been done?
I have a question that may resolve your question: After there are no more IPv4 addresses and someone with an IPv6 only address wants to access the IPv4 network.. what address does the IPv4 network see so it can send a response? It can't be IPv4 because their all in use and it can't be IPv6 because IPv4 does not understand IPv6.
Various NAT(4|6)+DNS protocols magically allow IPv6 to access IPv4 content using a fixed IPv6 prefix followed by the IPv4 address. It is essentially the scheme you describe with a mapping except using NAT to answer the question above: The IPv4 address that the IPv4 network sees and communicates with is a central NAT device on the ISP network.
Several nextgen mobile systems are actually more than a year into deploying exactly this (IPv6 ONLY) to many tens of millions of handsets around the world. The translation works for the most part with a few exceptions such as web sites which embed URLs containing real IP Addresses rather than DNS hostnames. There are also problems with protocols embedding IP Addresses (L2TP, FTP, SIP..etc) but for the most part for simple web browsing..etc it works.
Obviously not an ideal or long-term solution. Hopefully this gives content companies including slashdot have an incentive start caring about native IPv6 reachability.
They seem to index some IPv6 sites. I Google searched for "site:ipv6.beijing2008.cn" which you can verify to be an IPv6 only site. The result seems very sparse though.
I once had a signature.
Evidence....I worked for Netcom in their operations group, and that was one of the reasons for not getting an IPv6 block from what I heard at the time.
The cost to switch to IPv6 is not flipping a switch. It will cost trillions upon trillions of dollars globally to migrate. Selling investments like that in the middle of a global recession is not small potatoes
Wait.. when would you prefer doing it? Wait until the labor market is tight again? If it's going to take the efforts of thousands of people to make it happen, wouldn't it be best to do it when labor is cheap?
Can you be Even More Awesome?!