Asia Runs Out of IPv4 Addresses

ZerXes writes "It seems that APNIC has just released the last block of IPv4 addresses and are now completely out, a lot faster then expected. Even though APNIC received 3 /8 blocks in February the high growth of mobile devices made the addresses run out even before the summer. 'From this day onwards, IPv6 is mandatory for building new Internet networks and services,' says APNIC Director General Paul Wilson."

So which is which?

[bogaboga]

"It seems that APNIC has just released the last block of IPv4 addresses and are now completely out, a lot faster then expected.

The headline says something to the effect that IP addresses are out yet the quoted line has the word 'seems', casting doubt as to whether the addresses are out for sure. What's really going on?

Re:So which is which?

[Zocalo]

APNIC is NOT out of IPv4 addresses. They are down to their last /8 - the one they got as one of the final five /8s being allocated to each of the RIRs. This puts them in the third and final stage of their IPv4 exhaustion plan, whereby they will only allocate a maximum of a single /22 to each network operator which is supposed to be used primarily to enable a transistion to IPv6 by supporting IPv4 to IPv6 gateways and hosts that just have to be on a native IPv4 address.

More information directly from APNIC here.

Re:So which is which?

A /22 is pretty much nothing, so what you're saying is that an ISP looking for addresses can get pretty much nothing from APNIC. Thus, they're basically out.

Re:So which is which?

[Richard+Dick+Head]

I wouldn't be surprised if some of those addresses were snuck off into corporate-land anyway, due to upcoming massive value increases.

The same situation happened in the United States when the phone service ran out of 1-800 toll-free business numbers. Nobody wanted the new 1-888 business numbers because they make you look like a fly-by-night, or scam operation. Not classy at all. Even today, over a decade after the fact, you'll notice that sales lines still tend to be given the preferred 1-800 slot, and the non-front-line items like technical support are given the black sheep format.

Its gonna be even worse since with IPV6 you're definitely going to lose customers in legacy land. Mark my words, the value of these spots will increase drastically in the coming months.

Re:So which is which?

[GPLHost-Thomas]

Since when exactly do we have to actually buy IPs from auction sites ? This isn't the way it works dude. APNIC is an association, which you buy a yearly subscription, and with the top boss being elected (elections just happened in fact). You have to show that you really use the IPs you need, and there's no such thing as monetizing the address space.

Re:So which is which?

[thegarbz]

Scarcity principle at work sure, but the internet routing doesn't work nicely when networks start getting hugely segregated. If you start having thousands of different random IPs assigned to a provider rather than thousands of consecutive ones it leads to routing table madness. This barrier will likely prevent the cost skyrocketing quite as much as you imagine.

Re:So which is which?

[arivanov]

http://www.apnic.net/publications/news/2011/final-8

They are not allocating ipv4 to anyone but new ISPs and for IPv6 transition purposes. You cannot get IPv4 if for normal use if you are an existing account holder. Even if you are eligible the most you get is 4 /24s.

Re:So which is which?

[LingNoi]

I love how decades later and faced with now total exhaustion people on slashdot are still claiming this isn't a problem. Cue the "we can simply use NAT" posts.

Re:So which is which?

[julesh]

A /22 is pretty much nothing, so what you're saying is that an ISP looking for addresses can get pretty much nothing from APNIC. Thus, they're basically out.

A /22 is probably enough for a moderate-sized ISP to run NAT for all of their customers. Which is the point: IPv4 addresses are being rationed to the point where end users won't be able to get them any more. That's not *quite* the same thing as being out. IPv6 transition won't be mandatory, as long as you can do everything you want to do from behind NAT (as most users can).

Re:So which is which?

[1s44c]

A /22 is pretty much nothing, so what you're saying is that an ISP looking for addresses can get pretty much nothing from APNIC. Thus, they're basically out.

A /22 is probably enough for a moderate-sized ISP to run NAT for all of their customers. Which is the point: IPv4 addresses are being rationed to the point where end users won't be able to get them any more. That's not *quite* the same thing as being out. IPv6 transition won't be mandatory, as long as you can do everything you want to do from behind NAT (as most users can).

NAT destroys the peer to peer nature of the network. It limits who can run servers of any type to those who are outside NAT.

Using NAT at the ISP level is basicly evil and should not be considered when we are going to need to deploy IPv6 anyway.

Re:So which is which?

[TheRaven64]

It's necessary. There are still a lot of IPv4-only servers out there (like, for example, slashdot.org). If you deploy a v6-only network, then your users can't connect to them. You need something like NAT64 to allow v6 users to participate in the Internet. It's not a permanent solution, but it's better than just letting them communicate with the 0.02% of Internet hosts that have native IPv6 support...

Re:So which is which?

[1s44c]

It's necessary. There are still a lot of IPv4-only servers out there (like, for example, slashdot.org). If you deploy a v6-only network, then your users can't connect to them. You need something like NAT64 to allow v6 users to participate in the Internet. It's not a permanent solution, but it's better than just letting them communicate with the 0.02% of Internet hosts that have native IPv6 support...

Slashdot doesn't need more IP addresses, it already have enough IPv4 addresses. In any case we would likely get a better signal to noise ratio if slashdor was IPv6 only.

Re:So which is which?

[1s44c]

It's a well known fact that asians only cheat, lie, and steal.

Asia covers a very large number of countries with very different world views and behavior. Saying they all behave the same is total nonsense.

I sugest you learn the difference between Indians, Chinese, Thai, Malays, and the other groups. I suggest your remark should be more targeted and better phrased.

Re:So which is which?

[Lennie]

First thing that will happen is RIPE, ARIN, AfriNIC and LACNIC will suddenly get more customers and people from Asia will just IP-addresses from an other RIR, after people will start to pay for transfer of IPv4-addresses from one ISP to an other.

Atleast RIPE and ARIN have a similair policy as APNIC, I think.

Re:So which is which?

[TheRaven64]

Did you read the comment that you replied to and quoted? I said that deploying a v6-only network is not going to work at present because things like Slashdot are only accessible via IPv4. I've no idea how you got from there to 'Slashdot needs more IP addresses'.

Re:So which is which?

[bytesex]

Yes, but it is something that the internet was *supposed* to be able to handle.

Re:So which is which?

[1s44c]

Did you read the comment that you replied to and quoted? I said that deploying a v6-only network is not going to work at present because things like Slashdot are only accessible via IPv4. I've no idea how you got from there to 'Slashdot needs more IP addresses'.

You said third parties can't deploy on IPv6 because slashdot uses IPv4. There is nothing to stop any current site using both IPv4 and IPv6. There is nothing to stop you gatewaying IPv4 websites for your new IPv6 network although it sucks compaired to all IPv6.

Either way NAT isn't a solution to anything that needs solving.

Re:So which is which?

[icebraining]

But until Slashdot does, you need IPv4 to access it, and NAT is the only solution. And you can replace Slashdot with millions of servers. Why is that hard to get?

I'm pretty sure new clients will prefer having NATed connection than no connection to IPv4-only servers.

Re:So which is which?

[scubamage]

You'd be surprised, that's how most carriers are implementing it. A lot of carriers use IPv6 to the home, and then everything behind that is IPv4.

Re:So which is which?

[davew]

NAT destroys the peer to peer nature of the network. It limits who can run servers of any type to those who are outside NAT.

Using NAT at the ISP level is basicly evil and should not be considered when we are going to need to deploy IPv6 anyway.

Cool! I agree.

Glad that's sorted.

So what do we do while we're waiting for everyone else to catch up on IPv6?

Re:So which is which?

[1s44c]

But until Slashdot does, you need IPv4 to access it, and NAT is the only solution. And you can replace Slashdot with millions of servers. Why is that hard to get?

Because it's untrue. NAT is not 'the only solution'.

Re:So which is which?

[skids]

I'd hate to be working helpdesk at a network equipment vendor during the next year or so -- a lot of those put-them-off-till-tomorrow address space consolidation projects are coming up against a hard wall.

Re:So which is which?

[petermgreen]

Using NAT at the ISP level is basicly evil and should not be considered

Unfortunately the fact that most people have adopted a "don't do anything until we have to" approach means that some form of NAT (possiblly with protocol translation) at the ISP level is pretty much inevitable.

The facts:
* IPv4 addresses have basically run out. From here on the only way you will get one in asia is to buy it off someone else or be in a special class of user. The same will happen in the rest of the world in the next year or so.
* Many customers are still using V4 only equipment (desktop PC operating systems have supported v6 for years but other stuff hasn't) and will be reluctant to replace it
* while some ISPs are growing quickly and will need to find a soloution right now others are not really growing much and have no pressing problem to solve.
* it is impractical to host multiple SSL websites with different owners on one IP while windows XP is still in widespread use.

To me these facts imply.
* new customers on many ISPs will not be able to have public v4 addresses
* eventually existing customers will also lose their public v4 addresses to free them up for more lucrative uses.
* those customers will still want to be able to use their existing equipment. At the most they can probablly be convinced to replace their broadband router but probablly not replace or significantly reconfigure (IIRC XP requires use of a command line to activate IPv6) the stuff behind it.

Realistically this results in three options ISPs must choose to tide them over between the time when they can't give every customer a public v4 address and the time that all websites offer IPv6 and all customer equipment supports ipv6 seamlessly. Afaict there are three soloutions in the running none of them pretty and all involving some form of NAT.

1: NAT464 (translate requests from v4 to v6 at the customers premisis and then back from v6 to v4 at the ISP) This option does have the advantage that it provides the most seamless transition to pure v6 but gatewaying v4 clients to v6 servers is about the ugliest type of NAT arround because of the need for statefull DNS translation. As such I would expect few ISPs to go down this route. New customer premisis equpment would also be needed.
2: NAT444: do v4 nat twice, once at the customers premisis and once at the ISP) This avoids the need for new customer premis equipment but double NAT can cause problems and there is also the issue of what address space to use (most ISPs going down this road seem to be using 10.0.0.0/8) and in particular the fact that afaict linux NAT and other common implementation are not designed to cope with both sides of a NAT using the same IP space so there is potential for conflicts. For some huge ISPs there are also problems with running out of space in 10.0.0.0/8 (comcast has this problem). Still i'd expect this to be the option most ISPs choose.
3: DS-LITE: The customer premisis equipment sends v4 packets with private addresses down a special tunnel to the ISP's NAT gateway. The NAT at the ISP looks at which tunnel a packet came down as well as it's private address so there is no need for NAT at the customer premisis (and hence no need for double NAT). IIRC comcast created this soloution because they couldn't easilly deploy soloution 2 due to 10.0.0.0/8 exhaustion in their internal networks. As with soloution 1 new customer premisis equipment will be needed but unlike soloution 1 there is no need to mess with DNS.

Whichever way an new or existing ISP choses to go they will need a pool of v4 IPs for the requests they translate (either from private v4 or from v6) to public v4 and that is why APNIC have set asside these addresses for new ISPs to avoid new ISPs being locked out of the market completely.

Re:So which is which?

[1s44c]

NAT destroys the peer to peer nature of the network. It limits who can run servers of any type to those who are outside NAT.

Using NAT at the ISP level is basicly evil and should not be considered when we are going to need to deploy IPv6 anyway.

Cool! I agree.

Glad that's sorted.

So what do we do while we're waiting for everyone else to catch up on IPv6?

Tell the other technical people that we have a network free from adverts and lamers..

Re:So which is which?

[icebraining]

So what are the other solutions to access an IPv4-only server without giving an IP (v4) to each client?

Re:So which is which?

[thegarbz]

Really? I thought the internet was never supposed to handle nor was designed to be a global system at all, not even a national one. The internet is a clusterfuck of standards that have changed and been made up as we've gone along. We have protocols that cause excessive latency and cause massive inefficiencies in the transferring of large amounts of information. Routing tables are volatile as all heck and have several times broken considerable parts of the internet such as youtube being routed to a blackhole in Pakistan, or 30% of the US traffic going through China's backbone. As they get larger they get much harder to manage, load up router resources and cause routing errors or inefficiencies.

The way I see it the internet can't handle the position it is in NOW, and even Wikipedia lists the growing routing table size as one of the biggest problems currently facing the internet.

Do Mobiles really need IPv4?

[neokushan]

This might have a really obvious answer, but is there any reason why mobiles necessarily need an IPv4 address? Surely they could get away with IPv6 and a bit of tunnelling. Hell, in the UK most mobiles share an IP anyway.

Re:Do Mobiles really need IPv4?

[CAIMLAS]

Yeah, giving mobile phones IPv6 addresses makes a lot of sense. A 'no brainer', maybe. All new 'embedded' type consumer devices should be IPv6 only, IMO. It completely avoids most of the problems associated with IPv6 on so-called legacy IPv4 networks:

* there are no legacy applications
* the likelihood of connecting, directly, with anything on IPv4 that does not support IPv6 is drastically lowered
* there is little to no legacy hardware to support.

Of course, this would require the handsets and other 'embedded' devices to actually support IPv6. I don't know if that's the case, yet.

Re:Do Mobiles really need IPv4?

[crow]

I'm very glad that my phone has a real IP address, so I can ssh into it. Thanks, Sprint.

That said, I wouldn't mind if it were IPv6, but I would be annoyed if it were through a NAT.

Re:Do Mobiles really need IPv4?

[Junta]

the likelihood of connecting, directly, with anything on IPv4 that does not support IPv6 is drastically lowered

I presume you mean that *provided* that the carrier does NAT64+DNS64 a mobile phone will be ok, not that a phone never needs to talk an IPv4 only server. With that clarification in place, I'd concur.

Re:Do Mobiles really need IPv4?

[John+Hasler]

If it was IPv6 it would not be through NAT.

Re:Do Mobiles really need IPv4?

[doublebackslash]

Sweet! You mean to say that all websites and application specific servers for mobile phones have been migrated to ipv6! Awesome!

Oh wait... hold on a second... Almost the entirety of the English speaking Internet still isn't on ipv6?

Whats that you say? Not even friggin' slashdot?

I wonder if THAT is why.

Now having said that: Every computer I'm an admin for is 100% ipv6 compatible and all of my servers have AAAA dns records alongside their A records. I've even got a nice little OSPFv3 infrastructure running. It isn't friggin rocket surgery, but everyone is dragging their ass on the ground like the problem will become someone else's, when in reality it will shortly become everyone's. All of my efforts are in vain so long as there is a dearth of IPv6 accessible content.

By the by, are you running IPv6?

Lastly: For everyone who says that it is "hard" for large network to migrate, and they they have to re-learn everything yadda yadda:

IPv6 is easier to work with on a large scale thanks to the simplified routing tables that it affords as well as the shotgun approach to address assignment. Every single link is a /64 at minimum (and maximum, given the number addresses in a /64) and the blocks can be handed out ham-fistedly because of the mind boggling size of the space. If they have hardware that does not support ipv6 then they should blame themselves. Large network operators have NO EXCUSE. They knew this was coming and their profit margins are wide enough that they could have thrown money at it.

Re:Do Mobiles really need IPv4?

[Gerald]

T-Mobile and Verizon are way ahead of you.

Re:Do Mobiles really need IPv4?

[ZorinLynx]

Enjoy it while it lasts.

Once Sprint runs out of address space they will HAVE to start putting users on NAT to service them. They will likely start putting new accounts behind NAT, leaving old accounts "grandfathered in". Users who NEED a real address (for NAT or certain services that need it) will likely have to sign up with an "enterprise" plan or something similar to get one.

That is what AT&T does; that's the difference between the "regular" and "enterprise" data plans. Regular = behind a NAT, enterprise = real IP. I think the cost difference between them is $20 a month.

Re:Do Mobiles really need IPv4?

[DarkJC]

They knew this was coming and their profit margins are wide enough that they could have thrown money at it.

That just won't do in todays "more profit every quarter" market. Won't somebody think of the shareholders!

Re:Do Mobiles really need IPv4?

[Idbar]

I had a lot of trouble with support to relaying using statefull DHCP servers which were required by the company I worked for. If all the important manufacturers are supporting this, then it shouldn't be a problem. Unluckily, I know at least that Juniper wasn't supporting this not too long ago, and I'm not sure Cisco. So it may not be a pain for infrastructure (ISP) or small companies that don't mind handling IPs using the stateless algorithm. But for some reason, some companies don't want to use that.

Re:Do Mobiles really need IPv4?

[doublebackslash]

Not that I doubt that management is intransigent for reasons that they hold dear BUT... what does the stateful DHCP service provide them in the IPv6 context? What excuse are they pulling out to "require" this. I'm interested in knowing.

Re:Do Mobiles really need IPv4?

[parlancex]

Really? All your switches and routers are IPv6 compatible? Does your organization shit money or something?

Re:Do Mobiles really need IPv4?

[Cimexus]

Ditto here. Vodafone Australia and my phone has a real publicly addressable IP. Wonder how much longer that can last though, considering Australia = APNIC, and they have just run out of addresses as per this article...

Re:Do Mobiles really need IPv4?

[WRX+SKy]

> the likelihood of connecting, directly, with anything on IPv4 that does not support IPv6 is drastically lowered. The parent's point was that a mobile device connects DIRECTLY to two things: * A home WiFi network (e.g. 192.168.x.x and a moot point) * The carrier's network... and all traffic relays through them on the way out to the interwebs You're trying to make the argument that mobile.espn.com has to be IPV6 because my mobile device talks to it... but you're forgetting that my traffic relays through the carrier. Assuming the carrier cuts over to IPV6 internally, it will be mobile (IPV6) to carrier (IPV6) to destination (???). No mobile device needs an IPV4 address because the carrier relay can handle the transition. Edit: screw the formatting... slashdot commenting sucks

Re:Do Mobiles really need IPv4?

[FoolishOwl]

My G2, running Android 2.2, seems to work fine on my dual-stack LAN, and prefers IPv6 over IPv4. So it looks like the potential is there.

Re:Do Mobiles really need IPv4?

[doublebackslash]

IPv6 operates above layer two. Switches of any kind whatsoever that *ahem* "support" ipv4 will also operate equally well with ipv6. Layer 3 "switches" not withstanding, of course. Those are more closely related to routers than standard layer two switches.

As far as routers go: no, we don't shit money. We know how to type. Specifically we know how to type into our router's configuration to turn on ipv6. IPv6 routers are magical beats carved out of unicorn ivory and powered by the souls of freshly deceased cobol programmers, they are commodity. As they should be a decade and more after ipv6 was ratified as a standard.

Granted, some of Cisco's muti gigabit scalable routers do, in fact, route in hardware to a degree and cannot support ipv6 in the fast path, but I don't actually know terribly much about that, I fear. Never had a need to run that sort of bandwidth.

Re:Do Mobiles really need IPv4?

[doublebackslash]

You are talking about carrier grade NAT64/44. For the bandwidth they handle this would be a significant investment in addition hardware to provide a translation mechanism for ipv6 -> ipv4. Money that will only be in addition to the cost of upgrading their hardware, firmware, and network layout to ultimately support ipv6 overall.

Your device does, in fact, have to communicate "directly" with the endpoint servers maintained by third parties in some fashion. Adding in an additional layer of translation solves nothing in the long term and only serves to absorb money for very short term gain. Such systems may be required due to what amounts to wanton incompetence or malicious intransigence of network operators who do not transition to ipv6 in a timely manner.

The morality of the situation, however, is an entirely different discussion from the technical one.

Re:Do Mobiles really need IPv4?

[LingNoi]

I have no idea whether Darwin (iOS)

OSX has had full support of IPv6 for a long time as well as in it's airport router too.

Re:Do Mobiles really need IPv4?

[xnpu]

Most Asian operators I'm aware off use the 10.x.x.x range and NAT this one or more times. Would be interested to know which operator is responsible for this higher-than-expected usage.

Re:Do Mobiles really need IPv4?

The problem I see isn't that its "hard" to migrate its that none of the hardware supports it properly. Consumer routers supporting ipv6 properly? None.

Even on the higher end devices support is pretty limited. It's not too bad on layer 3 devices but firewall support for ipv6 is pathetic.

Re:Do Mobiles really need IPv4?

[julesh]

Sweet! You mean to say that all websites and application specific servers for mobile phones have been migrated to ipv6! Awesome!

Why would you think this is necessary? Here's how it works:

1. Mobile device sends DNS request to ISP's IPv6 DNS servers for AAAA record.
2. DNS server does recursive lookup, doesn't find any records, sends request for A records instead.
3. DNS server receives response to A record and translates to an AAAA record containing ::ffff:0:[ipv4 address], returning it to device.
4. Mobile device connects to address returned, which is intercepted by ISP's routers which perform NAT for the device, connecting to the original IPv4 address.
5. Profit!

See... it is entirely possible for a mobile device to connect to public web sites and application servers that do not have IPv6 support, without that mobile device requiring an IPv4 address.

Re:Do Mobiles really need IPv4?

[GeniusDex]

Most mobile phones are, as far as i know, IPv6-ready. Symbian supports it, Android supports it (although i'm not sure if it's enabled), iOS supports it. I'm not sure about WinPhone 7 and BlackBerry.

Re:Do Mobiles really need IPv4?

[TheRaven64]

Web servers are largely irrelevant. Any protocol like HTTP, with the servers on v4 and the clients on v6, is easy to bridge using NAT64. The problem is the various other ad-hoc protocols that people use (especially things like multiplayer games), where the endpoints both need to be on v4, so you need to have two NATs with a v6 tunnel between them.

Re:Do Mobiles really need IPv4?

[Lennie]

A lot of mobile phone network operaters in the US are migrating to IPv6 with NAT64:

http://en.wikipedia.org/wiki/IPv6_transition_mechanisms#NAT64

And only handout IPv4 to users that request it (pay extra), why ? Because the manufacturers of network-hardware for mobile phone networks ask you to pay 2 times when you want IPv4 and IPv6. So the profit margin is all gone. So they'll eventually do anything to move most users over to IPv6 and translate that to IPv4 where needed.

Re:Do Mobiles really need IPv4?

[fredan]

I've even got a nice little OSPFv3 infrastructure running.

tell me, how's your ip6 address id doing in the OSPFv3 infrastructure? Oh, that's right, you are using ip4 addresses for that. FA!L

Re:Do Mobiles really need IPv4?

[rogueippacket]

Large network operators have NO EXCUSE. They knew this was coming and their profit margins are wide enough that they could have thrown money at it.

You're right - we don't have an excuse. But it is amazing how a project like IPv6 falls through the cracks when your business is profit-driven. Marketing can't dress IPv6 up for Joe Sixpack, Sales can't sell it to businesses who are not ready for it, Planning can't afford to justify ripping out every non-IPv6 piece of equipment in the network (from CPE to Core Router), and there is no hope in hell that the Support teams will be given extra money for training on something that is, through and through, an operating expense.
Also, don't forget, large providers are married to equipment vendors. Unless vendors like Alcatel, Cisco, Huawei, Juniper, Nokia, et al., guarantee and support all of their hardware for IPv6, adoption from service provider side will be extremely slow, and will likely only happen with new build. Service-provider NAT is more supported than IPv6 right now, and a lot less expensive to turn on.
Finally, economically speaking, there is more money for us in an IPv4 shortage, because we can charge you for one where we didn't have to before.

Re:Do Mobiles really need IPv4?

[j+h+woodyatt]

You're probably going to be surprised when you find out how many web applications fail comically, when their clients come from IPv6-only hosts through a NAT64+DNS64 gateway, because stupid web coders think clients have to have an IPv4 address to communicate with their server.

It's a non-trivial number. A lot of them are proprietary enterprise applications. My employers have a raft of them. People are beginning to notice that IPv6 transition isn't something can ignore for much longer.

Re:Do Mobiles really need IPv4?

[TheRaven64]

How do they fail? From the perspective of the server, the client is no different from any NAT'd IPv4 user.

Re:Do Mobiles really need IPv4?

[j+h+woodyatt]

Overly clever client-server application programmers using the client private IP address as a unique client identifier, formatting them on the wire with inet_ntop, and the server failing when it can't parse them. Stupidity like that.

Re:Do Mobiles really need IPv4?

[psyclone]

OSPFv3 is most certainly IPv6.

http://packetlife.net/blog/2008/sep/1/ipv6-and-ospfv3/

Re:Do Mobiles really need IPv4?

[compro01]

Winphone 7 does IPv6. I remember as there was issues with their implementation of fetching AAAA records causing problems on IPv4 networks with badly configured DNS servers.

Re:Do Mobiles really need IPv4?

[badkarmadayaccount]

Multiple virtual subnets, network boot? I'm talking out of my ass here.

Re:Do Mobiles really need IPv4?

[badkarmadayaccount]

Well, they'll have to set up a VPN for those web apps, if they insist on hiring idiots.

Dual Stacks..... forever...

[ObsessiveMathsFreak]

IPv4 addresses may be running out, but we can all look forward to supporting them forever in a second stack, running parallel to our IPv6 software, now and forever, for the rest of eternity, Amen.

Unless the entire world magically switches over to IPv6 all at once like the designers planned for. Hasn't happened yet though.

Re:Dual Stacks..... forever...

[bcmm]

IPv4 addresses may be running out, but we can all look forward to supporting them forever in a second stack, running parallel to our IPv6 software, now and forever, for the rest of eternity, Amen.

Like how browsers all still having to cope with both Gopher and HTTP? Like Gopher, IPv4 will fade out, slowly. At some point, new networks will see no need to have an IPv4 address just for the tiny minority of users who would need it.

I know the problem is of a much greater magnitude, but it still doesn't require an instantaneous switchover.

(Yes, I know Firefox only just dropped Gopher support.)

Re:Dual Stacks..... forever...

[pseudonomous]

Wasn't the whole point of IPv6 being essentially independent of IPv4 so that you COULD run dual stacks? Because it would be completely un-reasonable to be able to cut-over from one addressing protocol to another world wide in any reasonable fashion? So ... yes, dual stacks for the next 20 years on main-stream devices, maybe 70-80 years for niche needs sounds reasonable to me.

Re:Dual Stacks..... forever...

This will happen one day: when the major nodes/exchanges will no longer route IPv4 traffic. Let's call this day flag day.

Re:Dual Stacks..... forever...

[HangingChad]

I can't see the world magically switching over to anything voluntarily.

Re:Dual Stacks..... forever...

[Chemisor]

Gopher is not a good example. When a site already has an IPv4 address it has no incentive to offer it over IPv6 too, since v6 offers no technological benefit to the webhost. Conversely, a site that is only on IPv6 is not going to get any hits, so anyone that wants traffic needs an IPv4 address anyway. IPv4 is simply not going to go away because the people without an address are kicking up a fuss. I would guess that those people will be stuck in their own IPv6 world, while all the content worth viewing would still be on IPv4.

Re:Dual Stacks..... forever...

[cgenman]

If a website has an IPv4 address, it may want to maintain that. If it doesn't, and the IPv4 addresses have dried up, it may not be possible to get one (or at least, it may be royally expensive). Similarly, tunneling from IPv6 to IPv4 is still very imperfect, meaning that once new devices and connections are on IPv6, your incentive to serve IPv6 is to not tick off your new users (which are usually the most profitable).

I suspect we will hit a tipping point, where new devices and connections happen via IPv6, so content providers all dual-stack. IPv4 users will find themselves tunneling through an IPv6 world. Electronics have a 5 year lifespan anyway, so within half a decade IPv4 will have faded.

Really, it all depends on the pain. When does IPv4 not just run out, but get painfully expensive to acquire?

Re:Dual Stacks..... forever...

[petermgreen]

When does IPv4 not just run out, but get painfully expensive to acquire?

Indeed, at least in the west most home lusers still have public V4 IPs. I would expect ISPs to gradually reclaim those IPs for more lucrative customers and so it will be a while (possiblly a decade) before the shortage really bites on western ISPs.

It is over in the east that things are REALLY going to get hairy with so many new users coming online that I would expect IP values to dramatically rise. ISP level nat will help to an extent but there are limits on the ratios that can practially be used. I would expect them to try importing IPs but I don't know whether the IANA and the RIRs will let them get away with it.

Re:Dual Stacks..... forever...

[Cimexus]

FWIW I live in an APNIC country (and my ISP) is already 100% migrated to dual stack. If your router supports it, home lusers will get a native IPv6 connection out of the box right now. Mine doesn't but I'm replacing it next week with one that does (I'm upgrading for reasons other than IPv6, it's just a nice bonus).

So it seems to me that cause the addresses are running out quicker in APNIC land than elsewhere that the ISPs here are more on the ball when it comes to IPv6 migration. Not all of them, but the good ones at least.

Re:Dual Stacks..... forever...

[rs79]

In a world where there are still installations running WordStar under CP/M (there are) you will never see V4 go away. Not in your lifetime, not in your kids lifetime, not in their kids lifetime.

Re:Dual Stacks..... forever...

[xnpu]

It's a feature, but not enforceable. In fact there are content providers and users that already run dual-stack. They are enjoying the scenario you mention. The majority of providers however seems to wait until the last minute. This means they'll have more users than they have IPv4 addresses, hence these users cannot run dual-stack.

Re:Dual Stacks..... forever...

[omfgnosis]

Wah! I'm defensive about my privileges! Wah!

Re:Dual Stacks..... forever...

[Bengie]

Most PC Games, PS3 games, xBox game, Skype, and MSN voice chat require a public IP. You just don't realize it because nearly every router for the past decade supports uPNP which dynamically forwards ports for you. An ISP level NAT would not support uPNP and would break the above mentioned apps.

Unless an ISP wants every PS3/xBox/Skype user/PC-Gamer to be mass calling their tech support and asking why their internet is broken, they will continue to hand out public IPs.

Re:Dual Stacks..... forever...

[petermgreen]

Unless an ISP wants every PS3/xBox/Skype user/PC-Gamer to be mass calling their tech support and asking why their internet is broken, they will continue to hand out public IPs.

Sure they will until they are on the brink of running out and the RIRs refuse to supply them with more.

After that they will have to decide how to allocate the limited pool of IPs they have and given that they are buisnesses I would expect them to allocate them to where they will generate the most profit. To start with I would expect them to apply the "squeaky wheel" tactic and give back public IPs to those who bitch too much and are too smart to have the blame deflected. Eventually it may reach the point where if you want a public IP you have to pay for the privilage. Providers of internet based services will have to learn to adapt to a world where some proportion of their users are behind ISP level NAT.

I wouldn't expect them to make an instant cutover because there is no point, as you say it would put a huge load on tech support for no immediate gain. Instead I would expect IPs to be recovered a few hundred at a time as they are needed for more lucrative services.

Re:Dual Stacks..... forever...

[Erik+Hensema]

I don't think the first push to IPv6 will be on the web. I think I'll be on peer to peer protocols and gaming. People soon will start to notice that carrier grade nat will work mostly fine to connect to webservers. However, they'll also notice their VoIP will suck. The connection to the game server will lag on IPv4 via NAT.

To webservers, they'll notice they can't post to any popular bulletin boards. The external CGNAT IP is likely to be banned from posting due to some other customer on the same CGNAT posting abusive messages. They may not be able to submit their mail to their favorite SMTP server because of a DNSBL.

So, they'll want IPv6 to avoid the GCNAT. IPv6 to them will be the superior solution to connect to specific services on the internet. So, I think this will start the snowball effect. When more and more users are demanding IPv6 servers due to the limited CGNAT they're behind, more and more server operators will think the transition to IPv6 will be worthwhile.

So yes, we'll be on dual stack for a while. But the IPv6 internet will soon be superior due to CGNAT being cumbersome to the end user.

Re:Dual Stacks..... forever...

[Tacvek]

What can be done though is dual stack with Carrier grade NAT on IPV4.

The little problem with carrier grade NAT is that it breaks peer-to-peer connections. That should be overcome quickly enough by peers being addressable via IPv6.

The big problem with carrier grade NAT is that the number of ports limits the number of IPV4 connections that can be NATted behind a single public IPv4 address. If servers fail to switch over to being dual stack then this only delays the inevitable. However, if servers switch over, then traffic will travel via IPv6, and thus less traffic that needs to be NATted, making it possible to support more users behind each public IPv4 for the servers that are slow to become dual stack.

The key though is to start this early by setting up dual stack even on ISPs that don't yet need carrier grade NAT. This will help mitigate the problems caused by carrier grade NAT on IPv4, by making more machines IPv6 addressable. Any two IPv6 addressable machines would notice no change if one or both is switched to carrier grade NAT for IPv4.

Re:Dual Stacks..... forever...

[badkarmadayaccount]

Why does the GPP assume CG-NAT won't support UPnP?

Forward thinking at its best

[guard952]

At least now IPv6 is mandatory!

Wouldn't it have been better to make it mandatory years ago?

Re:Forward thinking at its best

[Mashiki]

Nah. ipv4 is enough for anybody. I mean how can we possibly ever run out? There's plenty of addresses....

Ah fuck.

Re:Forward thinking at its best

[ArundelCastle]

Also, eat your vegetables kid. Your colon will thank you when you're 60.

Re:Forward thinking at its best

[berashith]

just like the metric system

Re:Forward thinking at its best

[grcumb]

... And nothing of value was lo

Re:Forward thinking at its best

[Jeremi]

Wouldn't it have been better to make it mandatory years ago?

They wanted to do that, but they didn't have enough black helicopters to enforce it.

Re:NAT to the rescue

Yeah, let's transform internet to a television. Yay.

Re:NAT to the rescue

[clang_jangle]

Why? I already have an inet6 address. Anyone who bought hardware that doesn't do ipv6 in the past two years must not be a real geek.

geographic distribution

[sunderland56]

A glance at the master IANA table here seems to say that the USA got the majority of ipv4 addresses, even though today the majority of devices is elsewhere.

Re:geographic distribution

[yuriks]

Please fall over and die. You are the kind of 'engineer' that holds back all of humanity. There's no reason to not implement IPv6, and 'user unfriendly' may be the very worst excuse, since implementing IPv6 doesn't mean you can support IPv4 too.

Re:geographic distribution

[Macrat]

Please fall over and die. You are the kind of 'engineer' that holds back all of humanity. There's no reason to not implement IPv6, and 'user unfriendly' may be the very worst excuse, since implementing IPv6 doesn't mean you can support IPv4 too.

Exactly! IPv6 support should "just work" and be transparent to the user.

Re:geographic distribution

[yuriks]

If the user has to enter an IP address they will simply enter their quad notated IPv4 address like they always did. In case they are interfacing with an IPv6 network, well, not supporting IPv6 at all won't make that any easier now, will it? "You sound like a clueless :)"

Re:geographic distribution

[dakameleon]

Yeah, that's what tends to happen when you get there first. It's not like they were going to reserve addresses on a per-capita basis.

Re:geographic distribution

[jrumney]

Looking at that table, I can't help thinking that the /4 block reserved for "Future use" might come in handy about now. I know it will only last a few months, and there are probably some TCP/IP stacks around that will reject those reserved addresses, but if the future is ever going to come, it needs to come now.

Re:geographic distribution

[sirsnork]

Users very rarely have to enter IP addresses, and if they do, then either DNS or a Bonjour like service can easily be used instead.

Re:geographic distribution

[jd]

^get there first^own ICANN and enough critical infrastructure to demand whatever the hell they like, no questions asked, regardless of any actual needs

Re:geographic distribution

[PieSquared]

And why do they own ICANN, and most of the critical infrastructure? Because they got there first.

Re:geographic distribution

[jd]

Not really, X.25 networks had gone global (International Packet Switch Stream) at a time the Internet was still purely an American toy. The Internet became global because the rest of the world had got there first - hardware-wise, at least. All the early transatlantic links were IPSS lines re-purposed, as was all the early European Internet capability. The Americans got the software side first.

Since the modern Internet is a marriage between software and hardware, and not one or the other alone, the only fair conclusion is that it was a global invention with no nation being able to claim credit for being truly first.

Re:geographic distribution

[AK+Marc]

That's like claiming that the guy who invented the electric starter invented the automobile because they didn't really take off until they had starters.

That they had old hardware laying around that helped grow the Internet is irrelevant to the question of whether they "invented" or "created" it. If they used some telegraph cables for running the Internet you wouldn't be claiming that Bell invented the Internet, would you?

Re:geographic distribution

[FireFury03]

Looking at that table, I can't help thinking that the /4 block reserved for "Future use" might come in handy about now. I know it will only last a few months, and there are probably some TCP/IP stacks around that will reject those reserved addresses, but if the future is ever going to come, it needs to come now.

Various operating systems hard code the "future use" blocks as basically being unroutable, so they aren't going to save you now. And doing this was actually quite sane - no one knew what the "future use" blocks would be used for so treating them as plain old unicast would be nuts. For example, the multicast blocks require totally different routing semantics to unicast so there would be no reason to assume that "future use" protocols would be like unicast.

Rolling out services on the "future use" blocks has similar problems to rolling out services on IPv6 - very few end users are going to be able to see those blocks. If you're going to use addresses that require people to upgrade their network infrastructure, you may as well just switch directly to IPv6 and be done with it.

Re:geographic distribution

[TheRaven64]

Or do you suggest that all our users already have DNS services enabled for their local networks and just don't know about it?

Could be. When I SSH to machines on the local network, it now goes over IPv6, even though I didn't bother configuring anything. IPv6 addresses are advertised automatically by mDNS, along with IPv4 addresses, and the IPv6 one is tried first. I didn't even notice until it had been working for a few months.

If you're using getaddrinfo() to do the name lookup, then supporting IPv6 takes exactly 0 lines of code, although if you're allowing users to enter raw addresses then your UI may need some tweaks. If you're not using getaddrinfo(), then you obviously like doing extra work and probably shouldn't be allowed near networking code anyway...

Re:geographic distribution

[Isao]

I say we fix this oversight from 30 YEARS AGO by developing a new addressing scheme, compatible to an extent with the original, that can be overlaid on the network and distributed more evenly around the world. Oh, and make it bigger, too, so we don't revisit this problem for a while. Who's in?

Re:geographic distribution

[maxwell+demon]

Good for us, bad for them.

Not really. As the rest of the world moves to IPv6, the US will eventually have to follow even while having IPv4 addresses available, or it will lose accessibility to a growing part of the net. And the rest of the world will have a head start on IPv6, due to being forced to.

Re:geographic distribution

[_0xd0ad]

Various operating systems hard code the "future use" blocks as basically being unroutable, so they aren't going to save you now.

Yeah, too bad various operating systems can't be updated.

Seriously, if you're not at least running a fully-patched and updated version of Windows XP, you shouldn't be connected to the internet. Same goes for legacy versions of other operating systems.

Re:geographic distribution

[jd]

No, that doesn't work. You can't use a starter independently. You can use an X.25 network independently. In fact, X.25 had a lot of advantages over IPv4 - a better, more logical, addressing scheme and highly secure protocols. Combine the full X.400 and X.500 specs together and you've a system that the modern Internet is approaching and may actually achieve in the next 20 years. Internet 2 can be thought of as being the fast but stripped-down version, but despite Internet 2 software being mostly Open Source, I doubt any admin (including those using Slashdot) can name a regular Internet site that uses any of it.

If you want a car analogy, then X.25 is probably closer to picturing a 1880s battery-powered electric car (they did exist) being merged with an 1880s gasoline car to produce a fully-functional hybrid as good as any that exist today but over a century earlier. (It is infuriating in many ways that this did NOT happen with cars, and it is proof of the occasional value of government that when what was an upscaled DARPAnet merged with IPSS that they opted to take advantage of the strengths of both.)

Remember, X.25 routers included satellite links, the X.25 network used high-performance (for the time) land lines, the level of investment was infinitely greater than that put in by UUnet. (Or did you imagine they scrapped all those satellites and replace them with IP-aware ones?)

If Bell invented switchboards that could support routing IP traffic in real-time with only a basic firmware upgrade, and Bell had those switchboards on a global scale with lines that could carry Internet traffic for several continents, then damn right I'd call him a co-inventor. You notice that "co" bit? The bit you missed out with your feeble arguments, in perfect knowledge that I was talking about credit that was distributed and NOT given to one person or one group? Good. Remember it. Burn it into you brain if you have to.

Now, it just so happens Bell did not do that but the consortium managing IPSS did. They ARE therefore co-inventors. DARPAnet and UUnet would never have scaled globally - way too primitive, the engineers had no experience with massive, multinational delay-tolerant networks, the routing technologies needed just didn't exist in the States. This is not the mild improvement of replacing a hand crank with a shotgun starter or an electric starter. Using the example I gave, this would be like having a Prius no later than 1900. Which goes to demonstrate what happens when COMPETENT engineers don't treat others like dirt and grind their preferences into the ground. It is people like you who are to blame for cars being 100 years behind where QUALITY engineers would have been able to put them.

Your "Not Invented Here" attitude is not even archaic, historically scientists and engineers have always preferred to borrow from the best of the rest. It is an attitude that is incapable of success and incapable of admitting the success of others. It is an attitude that is corrosive, destroying original thought and creativity as it consumes observation and curiosity.

Re:geographic distribution

[AK+Marc]

Your "Not Invented Here" attitude is not even archaic, historically scientists and engineers have always preferred to borrow from the best of the rest. It is an attitude that is incapable of success and incapable of admitting the success of others.

Ah, so your argument really boils down to "because I'm anti-American, I want to come up with some lame excuses why the US didn't invent things." The Internet was invented solely by the US. The spread of the US invention may have been aided by a similar, but failed, network elsewhere in the world that was able to be cannibalized, but that existing inferior network had nothing to do with the invention of the Internet, only its spread.

So the question isn't why I'm technically accurate (in a manner you think is corrosive, so apparently you hate the truth if it somehow offends someone), but why you are so focused on trying to rewrite history.

Re:geographic distribution

[jd]

I'm not anti-American, I'm anti-claiming-what-isn't-yours, no matter who does the claiming.

I'm absolutely against fraudulant claims. I don't care who makes them. I don't care where they make them, when they make them, how they make them. If the claim isn't backed up by reality then the claim should be utterly rejected and the claimant with it.

The Americans invented the Internet Protocol, via DARPAnet. THAT was the sum total of their contribution. And I'd hardly call IPSS a "failed network" - it was supporting graphical hypertext, MMORGs and home users many, many years before the likes of AOL even existed. The X protocols were replaced by IETF protocols, but that's about it.

Now consider the Internet in America today. Could they replace one set of protocols with another, with such amazing ease, lack of complaint and lack of financial hardship? IPv6 in the home has the answer to that. No they cannot. What the IPSS were able to achieve, the US part of the Internet cannot do.

The IPSS is technically still there - X.400 and X.500 are still used, X.25 is still in place, the same satellites and same wiring is used to link machines together today as was used in the 80s, the companies that ran IPSS still exist. That's quite impressive for a "failure". All that has changed is an adoption of IETF RFCs. And the IETF isn't an American group, it's a global group.

If someone were to ask me if America invented IPv0 and IPv4, the answer would be a categorical YES. If they also asked if America invented the bulk of services and standards used on the Internet today, I'd also say yes.

Likewise, if someone asked me if CERN invented hypertext, I'd say that honour really was split between British Telecom and Ted Nielson. But if they asked me if CERN invented the WWW, I'd say yes. The two are not synonymous. If that pisses you off, you're an idiot. If A != B, then there is nothing you can do to make A = B. Your opinion doesn't change history or the definition of words in English.

If someone asked whether the computer was invented in America, or indeed in England, I'd say no. They BOTH deserve credit, von Neumann for his contribution and Alan Turing for his. I WILL NOT accept personal bias in such debates, equal contributions get equal credit and to hell with those who put extremist views above what actually happened.

Re:geographic distribution

[AK+Marc]

And I'd hardly call IPSS a "failed network"

I guess that's the sum of your "facts." Anything that you don't like, you disagree about. Even when the facts are obvious. Which is around, TCP/IP or X.25? So if they were competitors, we'd say that one failed and one succeeded. But no, using the word "failed" in regards to something you have an emotional attachment to is wrong, so you argue the facts are wrong because they make you feel bad. That's what you did last time, and I pointed it out. So that's what you did again this time. Rather than arguing facts to discuss, you argue that my tone makes you feel bad by telling you the truth in a manner you'd prefer not to hear it in.

I WILL NOT accept personal bias in such debates, equal contributions get equal credit and to hell with those who put extremist views above what actually happened.

You are the one inserting your personal bias greater than anyone else's in your definition of what you will and won't accept. My personal bias is the truth. Who did it and when? Of course, everyone knows that most inventions are not novel. Even the novel ones. How does that work? Because when the world is ready for such jumps, often many people have the same thoughts at the same time. It requires a mix of need and foundation. And that exists in multiple places at the same time in many cases. Like the invention of the computer or development of a global network of networks, or the development of automobiles, or radio/TV, many people in many places were doing the same things at the same time. If they didn't work together, then they can't be co-inventers. Whether they "deserve credit for their contribution" is irrelevant to who actually invented it. Your disgusting "lets accept everyone, even if they are wrong" attitude is polite to the point of being factually incorrect, all to satisfy your personal bias you assert has no place in such debates. You base all your points on your bias, then assert that no one else gets to have any bias. And, when someone like me steps in with facts and no bias, you assert bias in order to justify your incorrect personal opinion to avoid discussing the facts.

Re:geographic distribution

[GPLHost-Thomas]

This table also shows that some organization should give back some pool: if only IBM (/8), Xerox (/8), MIT (/8) and DOD (3x /8) where giving back half of there IP, that would give us nearly a year.

Then

[fswine]

GRAMMAR NAZI ALERT!

"a lot faster then expected"

Do people know the difference between then and than anymore?

Inappropriate use of your/you're there/their/they're then/than drives me nuts.

ZerXes, go back to digg.

Re:Then

[cafelatte]

I hate in the Twilight saga movie, Jacob Black says "I could care less what you think" instead of "I couldn't care less what you think" It's so lame for that to happen in a big blockbuster movie.

Re:Then

[godrik]

Well, I know the difference between 'then' and 'that'. But sometimes, you type one instead of the other one by mistake and you do not spot the mistake when you read it.

I just received some comments on a 40 pages document I wrote and there are a lot of such mistake. I know they were mistakes but when you read a document so many times you no longer see typos.

Of course, it's a different story if the same mistake is repeated hundreds of times per page. But it isn't the case here.

Re:Then

[Opyros]

a lot of such mistake

You just proved your own point! (Or, to get into the spirit of this thread: You just proved you're own point!)

Re:Then

[Yaa+101]

Obvious non native English speakers do not understand that "then" is a form of time and "than" is a form of consequence.

Still I think telling them to go away is quite arrogant since these speakers do make an effort to write English while most native English speakers make no effort at all learning ANY foreign language.

Oh yes, I am a native Dutch speaker.

Re:Then

[0olong]

He might be Dutch. They always make this mistake when writing in English, because in Dutch both 'then' and 'than' is written as 'dan' (i.e. in Dutch there's no syntactical distinction between the two). I bet they make this mistake so often on the internets that they're increasingly confusing native English speakers.

Re:Then

[thegarbz]

Well maybe he was right. I for one could care less what you think. I could because I care enough to post about it.

Disclaimer: I have not and nor ever will see the Twilight saga movie, so maybe he really couldn't care less, I'll never know because I really couldn't care less about the Twilight saga movie. :-)

Re:Then

[cras]

Obvious non native English speakers do not understand that "then" is a form of time and "than" is a form of consequence.

I'm pretty sure it's the native speakers who have the most trouble with this. Many foreign countries teach English primarily by reading and writing it. Then the than/then difference is obvious. It's only when you learn English by listening that you have trouble with this. I only started having these kind of accidents once I started thinking/speaking fluently in English (not just then/than, but things like file/fail).

Oh yes, I am a native Dutch speaker.

Maybe they teach you English differently down there than in Finland :)

Re:Then

[cras]

Oh, just read 0olong's comment. That explains it then. Only native english people and dutch have this problem. :)

Re:Then

[julesh]

Frankly, the character isn't supposed to be very well educated, so it seems quite likely that he would say that. Not sure what you're complaining about, exactly...?

BTW, I think your first sentence should start "I hate *that* in the Twilight...". Try excising the subordinate clauses, and you end up with with "I hate Jacob Black says something", which parses as "(I hate Jacob Black)[noun phrase] says[verb] something[direct object]". I don't think that's what you wanted to say.

Re:Then

[Corporate+Troll]

Actually we don't have that problem. I'm a native Dutch speaker and the mis-usage of then/than annoys the hell out of me. (Like college/collage, principle/principal, etc, etc, etc....) I've also heard that it's mostly native speakers who have this problem, as usually these pitfalls are pointed out and practiced when encountered in foreign language courses.

Re:Then

[MrNemesis]

Handy infographic:

http://theoatmeal.com/comics/misspelling

Re:Then

[_0xd0ad]

Perhaps, but then and than aren't really good examples of it. They have slightly different pronunciations.

Off the top of my head I can think of won/one, two/too/to, there/their, fore/four/for, eight/ate, heard/herd, new/knew, use/ewes, white/wight, real/reel, whet/wet, hour/our, know/no, when/win, tow/toe, red/read, reed/read... and that of course brings me to words that are spelled the same way but pronounced differently... read, wind, ...

And we like it this way.

Re:Then

[richlv]

i think editor should be the one responsible for that - submitter might have english as the second, third or whichever language.

what about the map?

[Life2Death]

http://xkcd.com/195/

Ask Ford for some?

Re:what about the map?

[Phs2501]

At the IPv4 burn rate of the last month, Ford's space would last only another 10 days. IPv4's done; stick a fork in it and start moving on.

Re:what about the map?

[John+Hasler]

Doesn't work that way. IP numbers are not UUIDs. They have to be hierarchical to keep the routing tables from becoming unmanageable. You can't just hand them out randomly.

Re:what about the map?

[petermgreen]

IPs aren't UUIDs as such but they aren't really that heirechical either. They are handed out by the RIRs in various size blocks and each of those blocks (and sometimes even sub-blocks of it) ends up in the global routing table. Very small providers will take a portion of one of their providers blocks but most bigger organisations will have their own block(s).

Running out of space in routing tables is a potential issue but at least so far the vendors have been able to keep up with routing table growth.

Re:NAT to the rescue

[fudoniten]

Whoops, kid, it looks like you're growing up! You're getting too big for your clothes. Don't worry, though, it's nothing a little surgery can't fix.

Well yes and no

[Sycraft-fu]

So no they don't need their own public IPv4 address and indeed I've never seen one that has one. However you do need IPv4 addresses to access stuff on the Internet. Regardless of if you do IPv4 NAT or if you do IPv6 with gateways to v4, you need the IPv4 addresses.

Re:NAT to the rescue

[andreyvul]

Neither my ISP nor my tomato routers support in6 :(
(dd had issues and openwrt was a PITA to set up)

You know what they say...

[yuriks]

4,294,967,296 ought to be enough for anybody.

I won't ever say that unless it involves physical things in numbers greater than the number of atoms in the universe. And damn, if we start making memory out of quarks I'll even be wrong there too...

Re:You know what they say...

[compro01]

18,446,744,073,709,551,616 really ought to be enough for anyone.

Re:You know what they say...

Good thing we have 340,282,366,920,938,463,463,374,607,431,768,211,456 then, just in case we discover a few more universes...

Re:NAT to the rescue

[xMrFishx]

And here I was, going to compare it to putting a band-aid over a bullet wound.

Re:NAT to the rescue

http://tomatousb.org/

Re:NAT to the rescue... NOT

"""Network Address Translation [wikipedia.org] could provide some relief I think...no?"""

No.

BACKGROUND:

NAT, in the way which can be used by ISPs to reduce the need for IP addresses, works by mapping multiple internal IP addresses to a external one (or groups of external ones). So say you have a one thousand computers you need to keep online and you have only 100 addresses. NAT will allow you to logically map those 100 addresses to the one thousand computers.

NAT is able to do this by connection tracking. The router keeps in memory what connections were created with what external IP address and then routes the data from the reply back to the original host. So say my browser opens up a socket on 192.168.1.129:59343 and connects to Google on "www.google.com:80". The NAT router opens up a connection on 208.32.20.1:78190, connects to 'www.google.com:80'. When the machine listening on 'www.google.com:80' sends information back to 208.32.20.1:78190. Any data received on 208.32.20.1:78190 then automatically gets forwarded to 192.168.1.129:59343, which then is received by my browser.

WHY NAT IS FULL OF FAIL:

The reason that NAT + IPv4 is not a substitute for IPv6 is because the number of sockets that a router can open and manage is less then 16bits. That is the socket numbering scheme is 16bit scheme, of which a substantial number of sockets are reserved for specific protocols. That is less then 60,000 possible connections can be made by a router with a single public IP address.

Each new connection made by a machine behind a new router requires a new socket established. Just by having 3 tabs on my browser right now I am using roughly 20 connections. Each connection is going to a ad provider, google, different slashdot.org servers, etc etc.

Say that a internet user is using about 50 active connections at any one time then that means that 1 public address can only support about 1200 concurrent users. But it will break down long before that. People using bittorrent may use 300 TCP connections, which means that you can only support a 100-200 users.

The other aspect of this is that there is not enough IPv4 addresses for internet routers. That is a new ISP will run out of IP addresses long before they are even finish building their infrastructure!!! There wouldn't be enough addresses to even setup NAT routers!

This is taken care of by 'Carrier Grade NAT'. Which is you use NAT firewalls for your NAT firewall.

So....
Internet ----> NAT firewall -----(TCP tunnelled over TCP) ----> NAT firewall ----> Your home NAT router ----> Your PC.

Ever wonder why your bittorrent connections turn to shit!?

For Asia users this is already not good enough. They have RUN OUT. They cannot use NAT to extend it any further... they are over and done with.

Why not just make sockets 32bit or 64bit? Because that's retarded when you have IPv6, that's why.

I am currently running a IPv6 /32 network for my PERSONAL HOME NETWORK. All these are real, public, IP addresses.
79,228,162,514,264,337,593,543,950,336 addresses and 4,294,967,296 sub networks.

A subnet for IPv6 is a /64 network. 18,446,744,073,709,551,616 addresses in a /64 subnet.

When IPv6 rolls around most people will end up getting a /48 network address. This is _only_ 1,208,925,819,614,629,174,706,176 addresses and 65,536 networks.

There are 281,474,976,710,656 /48 network addresses in total to give away. We will now only have to worry about IP address exhaustion when the human race becomes interstellar.

So, yeah, IPv4 luddites with their NAT savior complexes can go screw themselves. I want a efficient, open, and secure internet. NAT precludes this.

NAT

[nurb432]

I'm being serious here with this question: Why do people feel that EVERY new device needs a public address? 99.9% of mobile devices would be quite happy behind NAT. And, the vast majority of 'home' PC's would work behind NAT. Most corporate LANs are also sitting safely behind them.

Sure there are some exceptions, but most people really don't need unrestricted incoming connections.

Is wider use of NAT the 'answer'? Perhaps not, but it would extend use of v4 for decades..

Re:NAT

[Electricity+Likes+Me]

The vast majority of home PCs *are* behind a NAT. What the vast majority of home PCs are not going to work behind properly is a double NAT, and a trend towards that will fundamentally break the future development of a whole host of user-centric applications. You can more or less kiss the idea of peer-to-peer anything goodbye.

Re:NAT

[lanner]

You must be one of those people who wants the Internet to be like TV -- for "consumers" and "viewers" only.

For people, like me, who have to actually manage networks, NAT is one of the worst things that happened in networking that we still have to deal with. You end up with two sets of DNS for each company, public and private IP networks to manage, firewalls and routers doing additional processing that is wasting CPU and memory.

NAT also severely restricts the capabilities of what are possible on the Internet. It firmly gives control to those with public addresses (big companies) and takes it away from individual users.

Re:NAT

[bbn]

99.9% of mobile devices would be quite happy behind NAT.

No. Being behind NAT means the mobile device has to pull for messages. This means it will be slow at detecting new messages and it creates unnecessary traffic (expensive).

It also breaks the usual stuff - SIP (what, you don't want free internet calling just because it is a mobile device?). RTP (you don't want to watch video?).

In fact it seems there is perhaps more new inventive service that could be build on the open peer to peer network of IPv6 with mobile devices communicating directly with each other.

Before you go on the usual "but we have NAT hacks that allow some of that stuff to work anyway!", please learn a bit more about IPv6. It is more than just an extra long address field. For example there is something called Mobile IPv6 which could come in very handy for mobile devices. Also IPv6 multicasting is much improved - why, you could broadcast to the world directly from your camera phone.

Re:NAT

[Bacon+Bits]

NAT is a solution to address depletion in the same manner than increasing the debt cap is a solution to the US national deficit.

NAT, to a networking professional, is an abomination. It functions literally by breaking TCP/IP and lying to network neighbors. It functions by breaking the rules networks are designed and intended to play by, and overuse of NAT prevents any intelligence in routing and networking. Imagine if mailing addresses were limited in the same manner. Everything is a PO Box. Now imagine several layers of PO Boxes have to be traversed for anything to be delivered.

Moving to IPv6 is the right way to fix this. It's not easy, but it's the right way to do it.

Re:NAT

[Dwedit]

There are only 65536 ports, so you are limited to how many users you can stick behind NAT.

Re:NAT

[jd]

Address shortages are a very, very, very tiny, miniscule fraction of IPv6. If IPv6 was about address shortages, the IPng working group would have adopted TUBA.

You seem unwilling to even recognize any of the other features of IPv6:

• Built-in security
  Built-in device mobility
• Built-in network mobility
• Built-in multimedia support
• Extensible headers for dynamic protocol upgrades
• Auto-configuration
• Reduced latency
• Improved router reliability (partly due to simpler routing protocols)
• Native multicasting
• Native anycasting
• Superior QoS support

Don't even think of coming back with "but nobody uses these" - nobody was driving until the car was adopted either. Things have a habit of not being used when they're not available. When they are available, they are used. It's as simple as that.

Re:NAT

[Bengie]

IPv6 doesn't have a lot of IPs to have a crap ton of devices, it has a ton of IPs to allow better organization of networks. In one breath you talk about how bad IPv6, and in another your praise NAT. NAT isn't even a standard, it's a hack of a bandaid for the problems IPv4 has caused. Claiming NAT works fine is like claiming IE6 works fine, it's insecure and breaks stuff.

Even without the extra addresses, IPv6 is at worst as good as v4 and at best slightly better. The only thing the IP protocol is used for is routing to and from. All that is required is a destination and a source. If you look at a packet, there's not too much to it.

IPv6 is different in protocol mainly because there is such a large address space to work with. Most of the "rules" of IPv6 are to make a strict adherence to allow easier and predictable management. Just like how strictness seems annoying at first with Java, it also becomes a great way to generate clean code. Same difference.

IPv6 makes routing simpler, faster, and easier to manage. But omg, something different!

You claim its acceptance will be painful, yet I know many Network Admins and they love IPv6 so much more so than IPv4. Heck, the entire internet backbone already supports it and has supported it for almost 5 years now.

Re:NAT

[Garth+Smith]

Do you send pics or movies to friends from your phone? What about play multiplayer games with friends? Video chat? What about share music libraries? These are just the few things I could imagine. I'm sure there are many more applications I haven't thought of. These are also simple things that I've had problems with on my home computer because of heavy NATing. Don't curse my phone to the same fate!

Re:NAT

[Electricity+Likes+Me]

There are 6+ billion people in the world.

Fundamentally, individual users already cannot have real IP addresses.

Re:NAT

[Luscious868]

Address shortages are a very, very, very tiny, miniscule fraction of IPv6. If IPv6 was about address shortages, the IPng working group would have adopted TUBA.

You seem unwilling to even recognize any of the other features of IPv6:

• Built-in security Built-in device mobility
• Built-in network mobility
• Built-in multimedia support
• Extensible headers for dynamic protocol upgrades
• Auto-configuration
• Reduced latency
• Improved router reliability (partly due to simpler routing protocols)
• Native multicasting
• Native anycasting
• Superior QoS support

Don't even think of coming back with "but nobody uses these" - nobody was driving until the car was adopted either. Things have a habit of not being used when they're not available. When they are available, they are used. It's as simple as that.

You've made some very important points however I would submit to you that when you look at the advancement of technology, specifically that which has widespread adoption, one clear pattern emerges. Better rarely beats more convenient. VHS versus Betamax, Laser Disc versus VHS, low quality MP3's versus CD's in the early days of Napster and the list goes on and on. IPv6 is superior in every way shape and form yet moving to IPv6 is a giant pain compared to keeping and in some way expanding on IPv4 and NAT in some fashion. Moving from IPv4 and NAT to IPv6 is a giant undertaking while continuing with IPv4 and NAT plus piecemeal advancement in technology as need arises is much easier. Remember that necessity is the mother of invention. I'm not saying it's the best path and I'm not saying widespread IPv6 won't be the eventual outcome, I'm simply saying due to the widespread adoption of IPv4 and NAT and the inconvenience of moving to IPv6 the trend will be to stick with IPv4 and NAT for as long as it's humanely possible and just when we get to the point when we think it's no longer possible there's a very good chance somebody somewhere will figure out a way to prolong it and as long as that road is easier and more convenient than moving to IPv6 then that's the road where history teaches us we'll eventually end up walking down ... better technology be damned ...

Re:NAT

[gclef]

While I'm a fan of some of those arguments, a couple of them are horseshit. It would be good if the IPv6 fans stopped using the silly ones.

Built-in security: you're either referring to difficulty of scanning due to size (which few worms or attackers bother with anymore) or the notion of IPSec having its own header type (which is useless without a key distribution system). Neither is really worth writing home about.

Auto-configuration: Any actual operational network is going to need DHCPv6 anyway, so autoconf isn't a big draw. For example, any enterprise that wants to keep track of MAC->IP mappings is never going to use autoconf to assign addresses. Heck, if you just want DNS servers, you need DHCPv6. I really don't see why autoconf is a *good* thing. It's mostly just a pain in the ass if you want to do host configuration *right*, rather than the half-assed state that autoconf will leave you in.

native multicasting: this is available in IPv4 as well, and isn't used there either. Don't hold your breath assuming that multicast is going to amount to anything in IPv6.

Re:NAT

[ugen]

per 1 NATted IP address. But NAT does expand IPv4 address space by about 16 bit (say, 12 bit conservatively) which means that you could serve about 2^44 users or about 2E13. That would be 20,000,000,000,000 trillion users. Hopefully Earth human population isn't going to get into trillions for a little while.

Re:NAT

[ugen]

vast majority of home applications *already* work behind double NAT all the time, while you were typing this up.

Re:NAT

[shentino]

The problem with NATing one subset of devices that "doesn't need it" only puts ISPs in the position to dictate what devices "do" need it.

Even now, ISPs are using NAT as a backdoor to throttle P2P and choke home servers.

Re:NAT

[WaffleMonster]

I'm being serious here with this question: Why do people feel that EVERY new device needs a public address? 99.9% of mobile devices would be quite happy behind NAT. And, the vast majority of 'home' PC's would work behind NAT. Most corporate LANs are also sitting safely behind them.

Sure there are some exceptions, but most people really don't need unrestricted incoming connections.

Is wider use of NAT the 'answer'? Perhaps not, but it would extend use of v4 for decades..

When there are no more IPv4 addresses...there are no more addresses. At that point it is less about making sure every device has its own address and more about would you even get a single address for all your devices? Maybe this will never be an issue in your country but in the developing world it is a real concern.

NAT means end users can't all have the same opportunity to run their own servers or participate equally in peer2peer file sharing, voice (skype)..etc.

Again this won't effect *you* any time soon as a value judgement I would rather see the world move to an addressing system that ensures everyone on the planet equal access. You may not care or agree.. that is your right...

I hope to in decades IPv4 will have been relegated to history.

Re:NAT

[Luscious868]

Since when have "hack" solutions to extending the life and usefulness of outdated but widely implemented technology been a roadblock? The ideal solution to broadband access would have been fiber optic lines for all here in the US, somehow more broadband is delivered through existing telephone lines and via cable lines than direct fiber optic lines to consumers. Purely electric cars or cars that run on biodiesel, hydrogen or natural gas would be much better solutions to our addiction to oil, yet they get outsold in the consumer market by hack "hybrid" cars like the Prius by a rather large margin. Convenience, cost effectiveness, existing familiarity and entrenchment play a much larger role in which succeeding technology gets adopted on a widespread basis than you are banking on. It doesn't matter which technology is superior. It matters which technology gets the basics of the job done with the least cost and hassle. In this case, the job is getting more and more devices online and in this case the technology that can meet that goal with the least cost and hassle is some kind of modification of the technology behind IPv4 plus NAT. When you can design a system from scratch, of course you go with the best technology available. When you have to extend the life and usefulness of a preexisting system with widespread adoption and you don't have a monopoly that allows you to force change, you go with the solution that is the easiest, most convenient, most cost effective and most familiar to those involved. The easiest and most convenient technology generally always wins over the better but more troublesome to implement technology. Just ask Sony ....

Re:NAT

[Yaa+101]

Yes it does, safe from litigation.

Re:NAT

[Yaa+101]

You are forgetting enhanced litigation.

Re:NAT

[Oceanplexian]

The idea of breaking p2p centric applications might be considered a good thing for some people.

This also breaks VoIP, some internet video, and lots of other stuff. NAT is a terrible "solution" for users, but great for corporate profit margins.

Re:NAT

[WaffleMonster]

Bullshit.

I actually enable individual users to share their data, creating crowd-sourced systems.

1. Individual users have and will continue to have real IP addresses. Their toasters and refrigerators do not. Single IP address is sufficient for peer to peer communication, as countless products (that actually work) had shown.

No, absoultely incorrect. Out of IPs means OUT OF IPs... It means in some part of the world you may not even see a single address to run any servers of any kind... What you will get is a shared IP on a CGN with all incoming requests silently discarded by the ISP CGN... This will be reality for countless millions in the developing world in the next few years.

Re:NAT

[Zan+Lynx]

DNS on IPv6 autoconfigured networks is handled by well-known addresses. Give the v6 address fec0:0:0:ffff::1 to your DNS server as an alias. You can add :2 and :3 as well.

I set it up on my home network and a Windows 7 client works with it.

Re:NAT

[profplump]

If you use IPv6 autoconfig you don't need to "keep track" of MAC->IP mappings because the IP address is the MAC address, plus the well-known network prefix. DNS is also handled via autoconf by using well-known site-local address (fec0:0:0:ffff::1).

Re:NAT

[bemymonkey]

Mobile devices on cellular networks are *ALREADY* NATed. Chances are that any WiFi devices are also NATed by the router/DSL/Cable Modem combo that provides the actual connection to the Internet.

What you're describing is the additional NATing of home Internet connections, i.e. my DSL modem won't be getting a public IPv4 address any more... and that would suck. No FTP access, no Subsonic streaming, no VLC streaming, no RDP... most consumer connections are too slow in terms of upload speed to sustain the additional overhead of VPN or Hamachi type NAT-traversal VPN services for many of these applications, so basically, anyone who accesses their home network via DynDNS or a similar service would be fucked.

Re:NAT

[bemymonkey]

Are you sure? My mobile service provider (o2 Germany) NATs 3G connections, and SIP, push messaging/mail and, well anything else that has the phone as the client, works just fine.

It's when you want to run a private server of some kind that you're going to run into problems (VLC, Subsonic, FTP, HTTP etc.)... outgoing connections like you're talking about shouldn't be a problem...

Re:NAT

[omfgnosis]

281,474,976,710,656.

Re:NAT

[AK+Marc]

IPv4 has auto-configuration. It's not very good, and doesn't work for actually giving you a usable computer, but it was intended so that people setting up a LAN could do so without having a DHCP server. But in practice, people just use static addressing instead...

Re:NAT

[AK+Marc]

Since when have "hack" solutions to extending the life and usefulness of outdated but widely implemented technology been a roadblock?

Obviously you are new to computers. Had you been working with computers (not just playing games on them as a child, but using them) long enough ago, there is hardly a protocol that wasn't broken by NAT. Ever do a videoconference? Yup, broken by NAT. The TCP handshake reported the IP address of the host. The UDP call was sent to that address. What happens when your IP host is 192.168.1.100 and you are run through NAT and the public address is 169.254.254.2? That's right. The call is made over UDP to 192.168.1.100, which would never reach the intended host.

That's just one very real example where NAT broke working protocols. There were thousands more programs and protocols broken by NAT. Many still don't work right over it. It is a hack that presents very real roadblocks to proper operation of networks.

Re:NAT

[AK+Marc]

There are ISPs where users are being handled 10.x.x.x addresses and have no control over port forwarding. How do they "share" anything? No one could ever connect with them unless they connect out first. If everyone were served 10.x.x.x addresses, then "crowd-sourced systems" couldn't exist. At the very minimum, you'd have to have some tracker to which everyone connects, opening a socket back. Though even then, some NAT maps the outside IP as well such that P2P between two NAT'd users is completely impossible.

Re:NAT

[AK+Marc]

But we'd still be using NAT. If everyone were dynamically NATed, then no one could ever talk to anyone else. Yay NAT. It's a hack that was supposed to buy us a couple years. Instead, we have NAT defenders who speak like 100% NAT would actually be operational.

Re:NAT

[FireFury03]

NAT is the answer because that's what is being used.

Yeah, I'll just run a bunch of HTTPS servers behind a NAT... oh.. wait.

Re:NAT

[AK+Marc]

Most phones are NAT'd now without much issue. They, however, aren't treated like computers. Since NAT is expected, they are often proxied, rather than pure translation. That allows games to connect to the proxy and the proxy collects all the people together. Additionally, depending on the address space, NAT may not matter at all if everyone were on the same phone network.

Re:NAT

[SmilingBoy]

Reduced latency because the routers do not have to recalculate the checksum at every hop.

Re:NAT

[FireFury03]

This also breaks VoIP, some internet video, and lots of other stuff. NAT is a terrible "solution" for users, but great for corporate profit margins.

It doesn't "break" (the concept of) VoIP, it merely makes the implementation much more of a ball-ache. So I don't think using NAT to "break" VoIP is going to help the network operators, it will simply make it harder for them to support their users who phone up asking why their favourite VoIP application isn't working.

Re:NAT

[FireFury03]

SIP

The reliability of SIP through a NAT is a function of exactly what sort of NATs are involved all the way along the route. The STUN RFC explicitly states that STUN cannot be reliable through all NATs. Certain combinations of NAT simply won't work, and this is going to get much worse where you have multiple NATs along the route.

push messaging/mail

What people often call "push email" in the mobile environment is only "push" in the loosest possible sense - your mobile phone opens a TCP session and keeps it open for a long time. When an email arrives then a notification is pushed along this open TCP session (e.g. long-poll HTTP). The way this differs from true push services is that your phone has to periodically wake up and shove a keep-alive message over the TCP session in order to prevent the ISP's NAT from dropping it. This, of course, costs battery and reliability. In a true "push" environment, the remote server would connect directly to your phone without requiring any existing sessions to carry the data. The only time your phone would need to contact the server when idle is to inform the server of an IP address change (which should be pretty rare).

To my knowledge, the only true "push email" system in use on mobile networks is Blackberry, and that involves servers to be installed within the MNO's network, specifically because this allows communications between the server and the phone without going through a NAT.

Re:NAT

[bemymonkey]

The reliability of SIP through a NAT is a function of exactly what sort of NATs are involved all the way along the route. The STUN RFC explicitly states that STUN cannot be reliable through all NATs. Certain combinations of NAT simply won't work, and this is going to get much worse where you have multiple NATs along the route.

Interesting... why is it that systems like Skype always work, whereas something as fundamental as SIP is so problematic? My setup through pbxes.org works fine both through NATed home WiFi connections as well as over the mobile data network - but there's no STUN server involved here.

Direct connection to my SIP provider via mobile data (without PBXes.org) doesn't work, presumably for the reasons you mention - do you know what exactly causes the problem?

Would IPv6 really help in this case? Or is it also possible that the issue is caused by something other than NAS?

push messaging/mail

What people often call "push email" in the mobile environment is only "push" in the loosest possible sense - your mobile phone opens a TCP session and keeps it open for a long time. When an email arrives then a notification is pushed along this open TCP session (e.g. long-poll HTTP). The way this differs from true push services is that your phone has to periodically wake up and shove a keep-alive message over the TCP session in order to prevent the ISP's NAT from dropping it. This, of course, costs battery and reliability. In a true "push" environment, the remote server would connect directly to your phone without requiring any existing sessions to carry the data. The only time your phone would need to contact the server when idle is to inform the server of an IP address change (which should be pretty rare).

To my knowledge, the only true "push email" system in use on mobile networks is Blackberry, and that involves servers to be installed within the MNO's network, specifically because this allows communications between the server and the phone without going through a NAT.

The system uses next to 0 power, and messages arrive instantly - for my purposes, it's push messaging. :)

Re:NAT

[Bengie]

IPv4 vs IPv6 is less like VHS vs BetaMax and more like DvD vs BluRay. You don't really need BlueRay, but you know it's moving that way.

Re:NAT

[Arlet]

When your ISP only has IPv6, you won't be getting a public IPV4 address either. Since 99.9% of the world only has IPv4, you'll have the same problem.

Re:NAT

[FireFury03]

Interesting... why is it that systems like Skype always work, whereas something as fundamental as SIP is so problematic?

Because they were designed for use in different environments with different requirements.

SIP was designed to do call signalling over a well designed telco network. The actual call media (e.g. audio) is an entirely separate thing - you can use SIP as almost a direct ISUP replacement if you like (i.e. the media would be transported over switched circuits), or you can send the media over IP as well. Either way, it is designed to provide a telephony service in the most reliable and efficient way in a well designed network, and this is what makes it useful for the telcos. So, for example, if you're transporting the media over IP then it would be normal for the media to go directly between the endpoints.

Take, for example, a pair of roaming mobile phones belonging to Alice and Bob. Their home networks are both in the UK but Alice and Bob are both in Australia. Alice calls Bob. So Alice's SIP UA (in Australia) finds Bob's home network's SIP registration server (in the UK) (using DNS) and places a call to it. The registration server places a call to Bob's UA (in Australia). When Bob answers, his UA talks directly to Alice's UA. From here on in, all the signalling can be directly between the UAs and if the media is going over IP then that is directly between the 2 UAs too - i.e. very little bandwidth between Australia and the UK is needed since most of the communication is peer-to-peer.

Handling NAT, etc. is unnecessary because no one sane would put one on their network and that functionality just adds complexity. Since SIP is often used over the Internet these days, NAT traversal methods, such as STUN, are often employed. NAT traversal is, however, not reliable - there is no way to politely ask the NAT to do this for you, NAT traversal basically involves tricking the NAT into allowing your traffic, and is further complicated by the fact that NAT isn't done in a standard way so you have to cope with lots of different NAT systems in different ways.

On the other hand, Skype was designed to be used over the internet and work at all costs. The internet is generally not that well designed, especially users' home networks. There are NATs and misconfigured firewalls and all sorts. And Skype is designed to try and work through these. A lot of the time, Skype does NAT traversal and in these cases, SIP+RTP+STUN would have worked just as well. Where Skype has an advantage over SIP, is that where NAT traversal fails, it starts hijacking the connections of other Skype users (often without their knowledge) in order to proxy the traffic. There are, of course, reliability concerns with this since you don't know much about the stability of the connections you're proxying via, and the uneducated will often find their network bandwidth disappearing as they route everyone else's calls. Another trick that Skype uses is to shove calls over TCP streams, pretending to be web traffic. Anyone with a bit of knowledge of network protocols will tell you that using a protocol that employs mandatory head of line blocking (such as TCP) for realtime media (such as VoIP) is insane and liable to lead to reliability problems.

So in summary: In a situation where SIP+RTP+STUN works, Skype is probably going to work just as well although you need to be careful about accidentally letting it use your bandwidth to proxy everyone else's calls if that sort of thing bothers you, and the proprietary nature makes the security of the encryption questionable. In situations where SIP+RTP+STUN doesn't work then you may well get Skype to work, but it is going to employ methods that will reduce the reliability/quality of the call. There are 2 ways of looking at it - you may think "something is better than nothing" and decide that Skype is better, or you may think "if my network is broken, I want to know about it so I can fix it", in which case something like SIP (which simply

Re:NAT

[bemymonkey]

First of all, I'd like to thank you for this incredibly informative and extensive post.

It seems as though you're saying SIP wasn't designed to be shoehorned onto portable Linux based mini-computers and carried around with constant connectivity everywhere, no matter what network they're currently on. That makes me a little sad, as I love having a "landline" everywhere I go. What would you suggest for end users?

The issue with Skype is that the calls themselves require tons of CPU power on Android devices (my main area of focus for telephony of any kind), meaning that my girlfriend's G1 (and most other entry level Android devices, such as the WildFire) stutters like crazy on Skype calls... SIP via Sipdroid & PBXes.org on the other hand seems much less processor intensive.

Re:NAT

[FireFury03]

It seems as though you're saying SIP wasn't designed to be shoehorned onto portable Linux based mini-computers and carried around with constant connectivity everywhere, no matter what network they're currently on.

SIP is largely designed for telco networks (i.e. IMS, which is used on 3G networks uses SIP). Usually you'd have a server being the endpoint for a reasonable number of phones (accepting/making calls over the telco's IP network) and the connection between that server and the phone itself would be another protocol (such as GSM). So when you place a call using your GSM mobile phone, it would talk to the base station using the GSM protocols and the base station would then place a call over the network using SIP.

Of course, the logical conclusion (IMHO) is that in the end you do away with the extra protocols and just run a SIP UA on the handset itself. And there's nothing wrong with doing this - SIP works just fine on a sensibly configured network (that is, one where any two endpoints have globally reachable addresses without any NAT and with appropriately configured firewalls). What SIP *won't* do is pretend to be other protocols (such as HTTPS) in order to get around restrictive or misconfigured firewalls.

The separation of signalling and media has distinct advantages (e.g. they can be routed independently, putting the media over the lowest latency route, which is important for a high quality phone call and leaving the servers to just handle the signalling for call setup/teardown/etc.) But it also has distinct disadvantages (in a network without true end-to-end connectivity it is often nice to bundle the media and signalling into a single connection and let a globally reachable server forward all the traffic). I guess in hindsight, SIP should've been designed to accommodate both architectures (e.g. letting an endpoint set a flag that says "I'm behind a NAT, the media traffic must be encapsulated within this SIP session instead of delivered as a separate stream" would be nice).

The IAX2 protocol has a few features that I think would've been nice to see in SIP. Once of those features is the way it attempts to handle both types of architecture: when you set up a call, it starts off by having the server forward the traffic between the endpoints, but it also tries to negotiate a direct peer-to-peer connection at the same time. Once the endpoints have the peer-to-peer connection information, they start sending the media directly *at the same time* as sending it via the server. Once both endpoints are happy that they have a stable direct media stream they stop forwarding via the server. That is a pretty good approach to cover all bases and requires the user to do nothing because the system itself starts off with the safest approach and switches to a more appropriate method only after checking that method is working. Conversely, SIP does none of that checking - if something in the middle drops your RTP traffic then you simply get no sound (or 1-way sound).

That makes me a little sad, as I love having a "landline" everywhere I go. What would you suggest for end users?

I still think SIP is a sensible method, but you must be aware of its limitations. If you're on an un-NATted connection then you should have no problem anyway, if you're on a NATted connection then you should use STUN, but accept that wherever a NAT is involved you may not have complete reliability. Basically, NAT is a horrible kludge that causes lots of problems and needs to be removed from the internet ASAP :)

That said, I've rarely found my 3G connection reliable enough to do VoIP - it frequently drops packets.

SIP via Sipdroid & PBXes.org on the other hand seems much less processor intensive.

I also used to use Sipdroid (but connecting to my own Callweaver server) on my HTC Dream. But only over Wifi - as mentioned above, I never found 3G good enough. These days the wifi has gone foom on my phone so using it for SIP is no longer an option.

Re:NAT

[jd]

That and:

1) Packet headers in fields are easier to work with.

In IPv4, you have fields that are a single bit, a single nibble, a single byte, a word and a double word. Bit fields like priority/QoS are processed according to a value somewhere else. They are HORRIBLE to work with, the cost of actually digesting a header is HUGE!

In IPv6, most of this is cleaned out. Header entries that are never used aren't there. Those that are seldom used are defined as header extensions and aren't in the default structure. Everything else is a simple, easy-to-work-with size with a single meaning. So although the total header is larger, it doesn't matter. The cost of pulling the header into memory is insignificant compared to the cost of finding stuff in it. With IPv6, you pull in a word or a double word. This contains the data and nothing else, in the correct format, with no need to digest it. It is already in the right form.

2) Fragmentation in IPv4 is common, fragmentation in IPv6 is rare (which solves your objection, BTW)

In IPv4 or IPv6, if a packet is fragmented then a firewall or a proxy cannot do anything with the inbound packets until the system has all of them. The latter packets don't have the necessary information. This is a huge congestion issue.

With IPv4, you can't do a damn thing about it. With IPv6, each connection has an automatically adjusted MTU according to the largest packet that can pass through unfragmented. There are exceptions to this, but it can be considered the norm. This means packets won't be broken up, which means ALL packets can be processed and routed at the time of receiving them without the need to delay for reassembly.

3) Faster to perform routing

In IPv4, you have to search the router table for the best rule for a given connection. Router tables can have millions of entries, but if the router table is either tree-based or indexed-sequential then you only have to deal with around 20 steps for 2^20 entries.

In IPv6, you still have to search the router table but because of the way the addressing scheme works, you only ever have to compare 2 bytes of the address. This gives an effective router table size of 512, which means you can always find the right route in 9 steps. Less than half the number required for IPv4.

4) Less memory fragmentation

In IPv4, headers aren't properly aligned and that can lead to memory being either fragmented or never used. In the case of fragmentation, malloc will be more expensive than necessary. If you use a ring buffer for the headers, then you avoid fragmentation but it means you have to compare the bytes in the header with the bytes available in the buffer. Counting is also expensive. True, you can avoid this by treating everything as a byte stream and when you hit the field that says how many bytes there are read that many bytes minus the number already read. Byte streams are slooooow and expensive on a 32-bit or 64-bit architecture.

In IPv6, headers are properly aligned and leads to efficient packing and efficient queueing. If you pull an item off the queue, you can then push an item off the queue. Thus, you don't have to do byte counts, you simply need to record how many packets are on the queue. Because the header will always be an exact multiple of 32-bits in length (and almost always an exact multiple of 64-bits), you can use the entire width of the data bus, you can use native registers, etc. Just on usable bandwidth alone, you've quadrupled the best performance IPv4 headers can do.

5) Extensibility

In IPv4, the header contains everything it could ever need under any condition. Which means every device has to load the whole damn thing and digest the whole damn thing. This means that if the header does need extra information, tough. Nowhere to put it, unless you re-use an existing component and have all devices try to figure out what meaning that component has in the current context. (This has happened with the priority bits already.)

In IPv6, only core data is in the heade

Re:NAT

[marcosdumay]

"Better rarely beats more convenient."

Too bad NAT isn't more convenient from either the user (that will have some things simply not working) or the ISP (that will need to invest on equipment specifically for that, added to the equipment needed for IP).

Re:NAT

[Luscious868]

My friend, if you don't think the Internet is now a technology primarily dominated by consumers then you and I will have to agree to disagree. Smart phones are driving this and the smart phone market is now driven by consumers.

Re:NAT

[Luscious868]

This conversation, enabled by IPv4+NAT, would indicate otherwise....

Re:NAT

[Luscious868]

I would object on the grounds that BluRay will never be as accepted as either DVD or VHS because on-demand/streaming media is clearly the wave of the future. Why? It's more convenient ...

Re:NAT

[badkarmadayaccount]

SIP handles NAT fine. FTP is hardly used, and has workarounds. All in all, NAT is a descent stopgap, better than most used in the IT industry in years past.

Re:NAT

[badkarmadayaccount]

Check user agent, and tell XP users to use firefox. If they don't like it - they can take a hike.

Re:NAT

[FireFury03]

And that helps, how exactly? (other than losing a big chunk of your customer base and causing you to go out of business, of course).

Re:NAT

[AK+Marc]

You are arguing that because VoIP/videoconferencing was broken by NAT, then they updated the protocols to adapt to the hack that is NAT, that history somehow changed to make it so that NAT didn't break VoIP/videoconferencing? I'll have what he's smoking...

Re:NAT

[badkarmadayaccount]

XP has a broken SSL stack, but Firefox carries it's own.

Re:NAT

[FireFury03]

Still not clear on how this helps with running HTTPS sites behind a NAT...

Re:NAT

[badkarmadayaccount]

It would be helpful if you look at wikipedia, at least.

Re:NAT to the rescue

[geekpowa]

Why not? This is how the overwhelming majority of people interface with the internet anyway: content consumption. ipv6; by virtue of the reality of the fact we are not running it yet, appears to be a project failure in terms of it's stated goal to supercede ipv4. We could press ahead with it, or consider alternatives such as NAT.

Most folk I know who need an IP address fall into one of two categories:

• People who p2p fileshare. (Services like Skype and VOIP solve issue of NAT by having peer clients send comms via a intermediate node server)
• People who run webservers. I know hardly anyone who does this from their bedroom these days. Thanks to VPS, Amazon/Rackspace etc. Cost is next to nothing

The precise problem many folk here have with going to NAT I fail to fully grok. It will not limit how you can use the Internet; but it will modify the way certain types of problems are solved. Big deal; this is network protocol stuff, and working around problems (such as fact that TCP/IP is unicast, or HTTP is client/server send/receive) is par for the course. Maybe some people like their Internet 'pure' or something; me I try to take a more pragmatic approach. ipv6 transition I fear is going to be massively disruptive over a period of at least 2 years and it is going to cost us all alot of money. Maybe Utopia indeed awaits us on the the otherside, but having been promised Utopia many times on many different disruptive technology transition projects; I can't help but feel a little cynical

Re:NAT to the rescue

[andreyvul]

IPv6 is only in the 8MB images. I have 2 WRT54GLs, you insensitive clod!

APNIC Info

[ausrob]

Here's what we got from APNIC this morning: Dear APNIC community We are writing to inform you that as of Friday, 15 April 2011, the APNIC pool reached the Final /8 IPv4 address block, bringing us to Stage Three of IPv4 exhaustion in the Asia Pacific. For more information about Stage Three, please refer to: http://www.apnic.net/ipv4-exhaustion/stages Last /8 address policy: APNIC's objective during Stage Three is to provide IPv4 address space for new entrants to the market and for those deploying IPv6. ..but given how fast APNIC reached the final /8, you'd think it won't be long before they run out entirely.

I for one, welcome our new ipv6 overlords

[mrflash818]

"It is a moral imperative" -- Real Genius

Re:NAT to the rescue

[clang_jangle]

I bought a cheapo asus wireless router for about $30 on amazon a year ago (sorry, don't remember the model number and I'm not home right now). It does ipv6 just fine. I actually bought it to put the smaller dd-wrt image on, and that's what I did as soon as it arrived, but it seems the dd-wrt firmware makes the router's CPU run too hot and my connection would become unreliable. But with the stock firmware it does a fine job for a basic home router. I was tempted to keep dd-wrt and mod the thing for better cooling, but then I got lazy and settled for "good enough".

India: The NAT Nation Example

[cmholm]

I'm a bit surprised that the parent was modded off topic. The fact is that when they were first passing out brains IP blocks 'way back when, most of Asia weren't players in the internet game. I recall a briefing from the beginning of the century stating that most of India was running behind a massive NAT gateway.... and thus suggesting that most Asian nations would be moving to ipv6 earlier than the OECD out of necessity.

So, yeah, APNIC is likely very motivated to go ipv6. But, don't discount the allure of the cheap fix.

Asia first

[PPH]

They're the first to be forced into IPv6. So they'll be further along the learning curve. Welcome our new networking overlords indeed.

Re:Asia first

[jd]

Not only further along the learning curve, but further along in mass availability. Mass availability = low cost. Low cost = more attractive to customers. I thought America had learned (the hard way) what happens when you ship inferior, expensive products after their car industry collapsed and Japan pwned them. I also thought America had learned (the hard way) what happens when you start behind your competition after they were thrashed by the USSR in the early space race. Catching up was damn expensive.

But apparently not.

Re:Asia first

[PPH]

We learn from our mistakes so that when we make them again we'll recognize them.

Re:Asia first

[jd]

Someone mod the parent up. Better yet, get Slashcode to go back to supporting that +6 freak moderation state and then mod the parent up.

Re:Asia first

[bemymonkey]

Unfortunately, most Asian countries are still (far) behind the curve in terms of raw connection speed, so this likely won't be of much use.

My parents live in Bangkok (with the fastest DSL line available... I made sure of that), and Skyping with them from Germany is a bit of a chore unless it's audio-only. Teamviewer/RDP is also a bitch...

SK and Japan are obvious exceptions and don't count, IMO.

Re:NAT to the rescue

[compro01]

ipv6 transition I fear is going to be massively disruptive over a period of at least 2 years and it is going to cost us all alot of money

And NATing everything is not going to be disruptive and cost a lot of money?

Large scale NAT is a stopgap measure. It will simply delay exhaustion a few more years, maybe a decade. It is not a viable long term solution. Then once we're totally out of IPv4 space, we'll need to implement IPv6 or something similar anyway.

NAT or no NAT, IPv4 is no longer viable for widespread use.

Re:NAT to the rescue

[geekpowa]

And NATing everything is not going to be disruptive and cost a lot of money?

NAT is already here and in widespread use in every small office and multi device household; whereas ipv6 is not. To insist some sort of cost equivalence between the two projects; where option one involves hacking an existing framework to extend the network's reach, vs swapping in a brand new network on a global scale; is just staggeringly irrational. By all means, have your ipv6 if it is so precious to you, but when you break, in probability, the internet during the transition stage, which our civilization has now become heavily coupled to; be prepared to answer your critics.

NAT or no NAT, IPv4 is no longer viable for widespread use.

And so say the religious zealots. In all probability your ipv6 utopia will arrive; and in all probability, the disruption this transition I suspect will cause, will impact the viability and usefulness of the Internet for a number of years and it will become regular topic of discussion amongst general population and media.

Re:then != than

[Tarlus]

your != you're

Re:NAT to the rescue... NOT

[petermgreen]

That is less then 60,000 possible connections can be made by a router with a single public IP address.

That depends on how clever the NAT is. Technically each server you talk to doesn't know what ports you are using to talk to each other servers. So there is nothing stopping a nat using an internet side port to talk to multiple servers at the same time. Such a scheme will completely any protocol that tries to do "nat traversal" but it should keep the basics working at very high user:IP ratios.

Still I would expect IPv6 to seep in if only to try and reduce the load on the big nats.

Re:NAT to the rescue... NOT

[p.rican]

Brilliant explanation. Thank you for taking the time to write that up.

Security, Mobility, Configurability

[jd]

IPv4 is inherently insecure. IPv4 is inherently immobile. IPv4 is inherently non-extensible.

IPv6 is inherently secure. IPv6 is inherently mobile. IPv6 is inherently extensible.

Now, tell me which makes the most sense for mobile devices?

How do I...

[medv4380]

Turn running out of IP addresses into a drinking game?

Re:How do I...

[omfgnosis]

Drink. Really fast. And then drink faster.

Re:NAT to the rescue... NOT

[ekhben]

The other big issue with NATs is traversal. You can't run bittorrent at all unless most hosts on the internet can be directly reached; it relies on peers being directly addressable.

When the NAT is on your home gateway, you (or your software) can instruct it to forward certain ports to certain hosts inside the NAT. When the NAT is run by the ISP, shared by hundreds of users, you can't do that - contention for the well known ports makes it impossible.

But clever people have realised that a NAT will often redirect all connections on a particular port back to you if you open up just one connection on that port. So if you can find a willing host to report back what port you've just connected from, you can tell others to use that.

Which breaks if you try to be clever about using the full (host, port, port, host) tuple to identify each connection.

You also have a scalability issue if you try to shove thousands of users onto a single address; storing and searching the state table for hundreds of thousands of mappings requires hardware that hasn't been built yet.

So you want every machine to have a direct route?

[Marrow]

But many IP devices do not have built-in firewall, so you -still- want to run a border router firewall right? And if every machine is behind your border router, then those limitations are still going to apply. So you want to let certain traffic in to certain hosts. Some hosts are dmz, some hosts are very private, and some are in the middle. Its still a lot to manage. The only thing it solves is peer-to-peer communications right? But you are going to have to deal on a host by host and service by service basis which peer to peer protocols will be allowed in and wont be.
Maybe NAT makes some kind of peer-to-peer relationships impossible. But, I dont think that IPv6 will make anything easy. And I think its going to permanently piss people off at the Internet and those responsible for the new design.

where are the ISP's With IPV6 and routers / modems

[Joe+The+Dragon]

where are the ISP's With IPV6 and routers / modems?

how many have IPV6 some have it but only for revB so you have to re buy the router to get IPv6 and then it's up your ISP to have a IPV6 modem and IPV6 as well.

Re:NAT to the rescue

[Miamicanes]

One difference: today, you're NAT'ing a real public IP address with a router over which you have direct control and can forward ports at will. If the NAT is being done by your ISP, and you're stuck NAT'ing a NAT'ed private IP address whose public IP is totally under the control of your ISP, things become enormously more complicated.

On the other hand, insofar as mobile devices go, NAT is almost a moot point, anyway. As far as I know, every EVDO and UMTS mobile phone on earth is effectively firewalled by carriers who won't forward inbound traffic anyway, so mobile phones might as *well* be NAT'ed since having a public IP address does them no good, anyway.

Re:NAT to the rescue

[icebike]

As far as I know, every EVDO and UMTS mobile phone on earth is effectively firewalled by carriers who won't forward inbound traffic anyway, so mobile phones might as *well* be NAT'ed since having a public IP address does them no good, anyway.

Mobile Phones ARE NATed as far as I know. MY UMTS-ATT phone has a 10.11.x.x IP no matter where I am.

The non-forward of inbound traffic is pretty much a godsend if you ask me. I can't imagine the howl of protest for being forced to pay bandwidth charges for every script-kiddy trying to hack my phone. The Sleeping TCP socket trick used by various push services from Apple/Google/Exchange, et al, accomplishes what is needed in terms of inbound traffic.

Well of course

[Sycraft-fu]

The US invented the Internet. The Internet originally started as ARPANET a research network designed by DARPA, Defense Advanced Research Projects Agency, an agency of the US Department of Defense. It started out as a link between a few US research universities and institutes. TCP/IP was then developed by Robert Kahn and Vince Cerf, working for DARPA. DARPA liked it and funded the development of the software to implement it.

After that various other government entities created TCP/IP networks based around ARPANET like the Department of Energy, the National Science Foundation and so on. Those unified in to what become the Internet.

Now that is not to say it did not become a global endevour. Around the time the Internet came to be, CERN made their own TCP network, CERNET, and then they started looking to link up with the US Internet and did so around 1989. Also CERN of course developed the basis of the world wide web. However the Internet itself started in the US.

That's why IANA, the ultimate top level controller of Internet numbers, is based in the US. It was created there to manage things on ARPANET.

You have to remember that nobody who was designing this was thinking "Global communications system that links every computer, every phone, every TV, etc on the planet." Such a concept was really pretty unimaginable. This was just an effort to get an efficient, interoperable network for linking big institutions.

So when IPs first started being handed out it was done inefficently. If you were real big, you got a Class A (/8, 16 million), if you were moderately sized a Class B (/16, 65 thousand) if you were small you got a Class C (/24, 256). Companies like AT&T and IBM got entire Class As for themselves. Most of that went to US entities, since they were the only ones who could get on at the time. ARPANET and some of the other research networks like NSFNET that started all this were only for research institutions and public entities. So only universities, research labs (like SRI), the military, and companies involved in the research could get on and thus get addresses.

Yes, yes, all bad in hindsight but who knew the Internet would become what it has? It also is just how shit goes. You invent something, you get to have it your way.

Neil Degrasse Tyson calls it "naming rights" and shows how it happens when various cultures are on the top of their game R&D wise. The US invented the Internet, so they got to have things like .gov for their government sites. The US invented the telephone system so they get 1 as their country code. The British invented the post office so they don't have to put their country on stamps, everyone else does.

The Internet shows a lot of slant towards the US because it started there, and developed most fully there first. The US by far had (and still has) the most advanced Internet infrastructure. The invented it, they were there first and best, that is why it is theirs in many ways.

Re:Well of course

[rs79]

"That's why IANA, the ultimate top level controller of Internet numbers, is based in the US. It was created there to manage things on ARPANET."

You don't know what you're talking about. IANA wasn't "created", it's just a name Jon used for that particular task. A task done on contract for DARPA, later NSF. But Jon/IANA never had the authority you assert. Jon got frapped pretty hard by Ira Magaziner when Jon split the root (he put it back, real quick) and when IANA tried to declare what would happen with new tlds they were bitch slapped by the US government and put in their place as a subsidiary underneath ICANN but all accountable to the DoC and finally the US congress. Jon took over the task because it was natural for him to do so, there was no plan, no design and no "creation". That's pure fantasy.

IANA was an accounting function. But no real control once the USG woke up, around 96 or so.

Re:Well of course

[Xarius]

The US by far had (and still has) the most advanced Internet infrastructure. The invented it, they were there first and best, that is why it is theirs in many ways.

I sincerely doubt this, may have been true a decade ago.

Re:Well of course

[beat.bolli]

I'm sorry to rain on your parade, but you're wrong. The US-centric Internet as we have it is basically a case of Not Invented Here: http://www.hightechforum.org/the-internets-first-turning-point/ A lot of the basic research was a multi-national effort.

Just tried it

[ugen]

Since general /. consensus (and I underscore that it is /. and not any of the other engineers I deal with) is that "ipv6 just works", I trried it on my Mac.

ifconfig en0 does helpfully suggest that there is an ipv6 address assigned (and it is based on my computer's Mac, leaking my identity all over the net, with Linux iptables developers specifically refusing to hide it for religious reasons, but that's another story)
ok, easy - I'll just ping my own address then to begin with.
ping - oops, "cannot resolve, unknown host"
traceroute - same deal. clearly they don't recognize this as an IP address, and try to use it as a host name.

Hmm, may be Firefox?
Let's try that Google ipv6 address - http://[2001:4860:0:2001::68]/ (oh, that'll be fun to explain to users)
Here we go - "Firefox can't establish a connection to the server at [2001:4860:0:2001::68]."
Well, at least it knows that's an address, I think...

I think I'll try again in 10 years.

Re:Just tried it

[Zan+Lynx]

Some Linuxes/Unixes have unified ping and trace tools. Others have IPv6 versions such as ping6, traceroute6 or tracepath6. Try those.

For hiding your MAC address iptables is absolutely the wrong tool. You want IPv6 temporary addresses. See here: http://superuser.com/questions/243669/how-to-avoid-exposing-my-mac-address-when-using-ipv6

For a Mac you'd need to run this command: sysctl -w net.inet6.ip6.use_tempaddr=1

Re:Just tried it

[Altanar]

Are you using a router that supports IPv6?

Re:Just tried it

[profplump]

You can't use ping or traceroute on IPv6 addresses, and it has nothing to do with not recognizing the address -- both those tools use ICMP packets which are unique to IPv4. However there's a ping6 and a traceroute6 tool that do the same thing using ICMPv6 packets and are already installed on you Mac.

Also, you could just use .local, or whatever DNS records happen to be assigned to your machine (all machines are supposed to have host names in addition to their numbers, and on your Mac you get mdns automatically) which will resolve to both your IPv4 and IPv6 address and allow the program to choose whichever address family it likes.

Re:Just tried it

[julesh]

Let's try that Google ipv6 address - http://200148600200168/ (oh, that'll be fun to explain to users)

There's this invention called DNS which makes entering an ipv6 address unnecessary: http://ipv6.google.com/ is the url you want, although for me it resolves to 2a00:1450:8002::68, so maybe the address you have is wrong?

(edit: I do note that it seems slashdot isn't IPv6-address-URL compatible, which is annoying.)

Re:Just tried it

[Permutation+Citizen]

It's because it is much simpler than you assume.

I have just toggled "IPv6" checkbox on my ISP account. Then I went to http://www.kame.net/ and the turtle was dancing. Done.

Re:Just tried it

[marcosdumay]

Tough luck. I guess you'll try it again in a year or two.

Re:NAT to the rescue... NOT

[Professor_UNIX]

And you think the ISPs care about your ability to run Bittorrent? I assure you the vast majority of them wish that protocol had never been invented. :-)

Re:NAT to the rescue

[JWSmythe]

    I see the same thing on Sprint/Boost's CDMA network.

    I can't find the IP of my device, but going out to the real world via http, I see the IP of a proxy, and a HTTP_VIA header, with an invalid hostname (no TLD), and it reports to be "Squid/2.7.STABLE7" (hey guys, time to upgrade).

    NAT, I'm ok with. Proxying my connections, I don't like as much. Well, since I get gateway timeouts on a fairly regular basis, they need to work on their infrastructure a bit. NAT is much easier on the network than proxying, although I'm sure it saves them a few bucks on their uplink bandwidth.

    The people whining about "oh my public IP" are the edge cases, or they're just repeating the same old BS. How many people really need public IPs? I'd bet if the major ISPs gave out public IPs on request (not even charging money), the majority of users wouldn't bother nor know the difference of having a private IP.

   

Re:So you want every machine to have a direct rout

[thegarbz]

Do many devices need a built in firewall?

Your border router example is good, as a stateful firewall is very similar to a NAT system, and the latter implies the former anyway. However why should I put my TV behind a firewall? So a hacker gains access and displays a goatse image on it. I may even get a laugh out of it. My computer on the other hand does have a firewall since there is sensitive information on it. My mobile phone ... haven't a clue, but I'm guessing that the vast majority of mobile devices out there do not have firewalls either and run just fine.

It seems direct attacks are likely to occur on large networks. Computers are a great target due to their many attack vectors and usually associated bandwidth, but most of the consumer computers out there have a basic firewall in place. It doesn't seem to do much if anything at all as by a long shot the vast majority of attacks are social or occur in an authenticated way, i.e. user clicking on .scr file because they are stupid, or user typing their credit card number into www.palpay.com/accountreset. Against this a firewall is absolutely useless.

Re:NAT to the rescue

[icebike]

I can't find the IP

Try dialing *#*#4636#*#* then select Phone Info, and it will probably be listed in there.

Re:where are the ISP's With IPV6 and routers / mod

[goonerw]

Already out there and have been for years. They sell IPv6-capable modems too.

One of their biggest issues was dealing with a "prominent NA router vendor starting with C" where their LNSs and other hardware would fail spectacularly running certain common dual-stack configurations. It took them years to develop a stable patch for it.

Re:NAT to the rescue

[rs79]

"NAT or no NAT, IPv4 is no longer viable for widespread use."

Of V4, V6 and NAT, then only V4 is viable for widespread use. The others are islands with limited connectivity into the V4 core.

Between v4 and the insanity that is v6, there are still lots of options.

Re:NAT to the rescue

[LingNoi]

people who p2p fileshare. (Services like Skype and VOIP solve issue of NAT by having peer clients send comms via a intermediate node server)

and how does the intermediate node server work if it's also under NAT?

People who run webservers. I know hardly anyone who does this from their bedroom these days. Thanks to VPS, Amazon/Rackspace etc. Cost is next to nothing

Awesome, so only the big boys get to play on the internet. That's not a horrible monopoly or anything..

Re:NAT to the rescue

[JWSmythe]

You know, I hate it when I'm wrong. But..... Through the Blackberry Diagnostic Report, voila, a public IP. I also have ICMP enabled (it's the 6th line of the report), but this IP isn't pingable either. So they give us a public IP, and then push our web browsing through a proxy? I wonder how many middle-managements a day it takes to come up with some of these ideas.

    [sarcasm]Anyways, they're only sitting on a /10. It's not a big waste of resources or anything. [/sarcasm]

$whois 184.211.xxx.xxx

# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=184.211.xxx.xxx?showDetails=true&showARIN=false
#

NetRange: 184.192.0.0 - 184.255.255.255
CIDR: 184.192.0.0/10
OriginAS:
NetName: SPRINT-WIRELESS
NetHandle: NET-184-192-0-0-1
Parent: NET-184-0-0-0-0
NetType: Direct Allocation

Re:NAT to the rescue

[julesh]

Why? I already have an inet6 address

Lucky you. My ISP won't even be trialling IPv6 until June. A proper rollout is unlikely to happen this year, from all I can gather. My understanding is that this is likely to be the case for most UK ISPs, as BT didn't finish implementing the infrastructure until quite recently (amazingly, the designs for a network upgrade they called "21st century network" didn't originally include IPv6 support...).

And I don't consider tunnelling to be an appropriate answer. Even the most local tunnel providers I can find add an extra 4 or 5 hops to my packet routes, resulting in a 50%+ increase in latency to many sites. IPv6 will only be useful when I'm using it natively, directly to my ISP's routers. Which isn't going to happen any time soon.

Re:So you want every machine to have a direct rout

[GWRedDragon]

Of course, a firewall is merely a way of restricting certain services to a local network only. This does not apply to many appliance-type devices; usually they expose no services and instead only connect to services on other machines.

The only case where a firewall would have any meaning for these devices is if their core IP stack contained an exploitable bug. This kind of thing, however, has happened in the past. If you make every toaster individually addressable (no firewall), then every toaster is going to also need some method of updating the protocol stack in case a bug like this is discovered. Making only primary devices such as computers and routers externally addressable simplifies the problem, since these devices tend to already have an update method in place to deal with known exploits.

Also, even though your TV may not have an auto-update mechanism, it is likely it is running a somewhat complex OS if it is connected to the Internet. This means that if you don't care and allow TVs to be owned, they will present a large attack threat to everyone else by being added to botnets.

Re:NAT to the rescue... NOT

[AK+Marc]

Unfortunately it's wrong in some places. Like listing the limitations based on the use of bittorrent. Bittorrent won't work if everyone in the swarm is NAT'd. NAT was the poor man's firewall for years because it hides the hosts. P2P can't work if everyone is hidden. There are some tricks that may work, but generally the actual number of people per address is higher than he indicated.

Additionally, if you read the article, they report that they are allowing 1000 addresses to new ISPs. If you can't set up a NAT-based ISP with 1000 addresses, then you shouldn't be setting up an ISP at all. You won't run out of addresses. In fact, there's nothing (other than violating the RFCs, which are as optional as the pirate laws) which would prevent you from setting up an entire ISP with millions of customers using one and only one public IP assigned to your equipment (the rest given RFC 1918 addresses). And even then, most often when you uplink you get the IP address from the carrier you uplink with. That leaves you with 1024 addresses to use for NAT (well, 1022 or less, depending on subnetting).

As such, his idealized 1200 per IP is probably closer to reality than his 100-200 number expecting everyone will be running P2P. So with 100 per IP, the worst case, they'll be able to handle 100,000 users. With the more realistic 1200, there can be more than a million users. They have more than 16k of those to give out, for a total amount of support with nat of 20 billion users. Oh, and if the worst-case 100 is used, that's still more than a billion people that could be supported on what's left there.

So yes, they are out, but it isn't the crisis of collapse yet.

Get some addresses back from the spammers!

[ArsenneLupin]

APNIC networks are rife with spammers and bots. Our logs are full of APNIC addresses who try to brute ssh password, or try to find vulnerabilities in Web applications.

So why does APNIC not confiscate these lowlifes' addresses, and hand them out to honest customers? If they're reactive enough in doing so, the addresses might actually not yet be "burned" (on blacklists), and still usable...

Re:So you want every machine to have a direct rout

[thegarbz]

I suppose but you could use the Apple defense here. Unless Microsoft of some major vendor comes and starts writing a standard system for toasters and TVs would someone bother finding a way to attack the device? I mean even already we have a LOT of portable devices running on some form of Windows CE, yet there are no serious documented cases of exploits in the wild. Even the so called "crisis" Nokia phones were experiencing in the past with SMSes that could brick devices, and bluetooth viruses that would infect everyone on a subway ... didn't. These potentially had a huge impact yet disappeared into the ether.

The other potential form of security by obscurity is the fact that each IPv6 block is allocated a /64. This makes network scanning virtually impossible, meaning that it is quite likely my toaster would have to go out looking for a virus, in which case the social angle again could be played to bypass everything.

Re:NAT to the rescue... NOT

[M8e]

Such a scheme will completely any protocol that tries to do "nat traversal" but it should keep the basics working at very high user:IP ratios.

At least they know what they are doing. It would be worse if they accidentally any protocol that tries to do "nat traversal".

Bullshit.

[RichiH]

Bullshit.

They are not out. They have a /8 remaining. Yes, a /22 is not a lot, but this will ensure that APNIC will not run out for the next few years (unless people start registering LIRs like crazy).

As all the large players have gotten their large allocations already, they will not run out themselves that quickly, either.

This still means that IPv6 must be deployed yesteryear, but APNIC has not, and will not, run out of IPv4 any time soon. They will just not hand it out like candy any more.

Re:Bullshit.

[definate]

Read the APNIC article on it. Yes they have a /8 remaining, and this /8 will last for fucking ages. Why? Because they are going to be rationed out. To ensure that ISP's can provide IPv4 to IPv6 tunnels and so that these aren't centralized with a few providers.

Ergo, they are out, in the old sense. Just because they are there, doesn't mean you can get them. Each network is limited to 1, /22.

I don't know about you, but given your ability to get them is greatly reduced, they are out effectively out. As my ISP (I live in Australia) will no longer be able to obtain more IPv4's (after their last lot that is).

Re:Bullshit.

[Morgor]

I call bullshit on your bullshit.

APNIC is the fastest growing RIR out there, with developing markets like China and India burning IP addresses like crazy. These markets will grow beyond what we have seen already, simply because more people are getting internet access daily.

Sure, you can do carrier-grade NAT, Large Scale NAT and whatever the appropriate name of ISP-level NAT is these days, but for a market of the size of China, a /22 only gets you so far.

According to data from the CNNIC - China Network Information Center - the number of broadband users in China is currently around 457 million. In very round numbers, that gives us only a third of the entire population, and with a growth of 48% per year, it's very obvious why a /22 doesn't last very long at all.

Before you even mention it, the /22 is per LIR, but there are not that many LIRs in China due central government control.

Online business in China is striving too, and you just can't build up a website without routable addresses.

Re: Bullshit.

[RichiH]

Then we simply disagree on what "out" means. As long as they still have a lot of IPv4, they are not out, in my book.

In your book, they are.

That's about it.

Either way, IPv6 is the way to go and I am happy that this will happen soonish (ha. ha.)

Re: Bullshit.

[definate]

Yeah, while I hate being the part of the internet to first go through the crunch (though I've seen this coming for years), I am happy that IPv6 is finally going to be pushed through. Now that the Great Address Space Crunch is here!

I don't like your definition of out, since that's like saying "There's food in this cage, you can't eat it, but you're not out of food". To the hungry person, their effective quantity of available food, is nothing. Additionally, if we then implement APNIC's policy "Okay, it's not that you can't eat it. But we're going to give a tiny portion, to a few people, every now and then, such that this food may last an amazingly long time". By your measure, IPv4 may never run out. Sure, we can't get any more addresses, but there are addresses there, so, we're not out... right?

Their policy is to keep these allocations small, to provide for IPv4 to IPv6 services, so they are rationed out, this means that, IPv4 may NEVER run out, because by the time they go to allocate the last /22, which might be quite a long time from now (due to how slow this pool will drop), then IPv6 may be implemented and demand for IPv4 may dwindle.

But by your measure, we're not out. Sure, we're starving, but we're not out of food, it's just in that cage over there.

Re: Bullshit.

[RichiH]

Maybe this comes from the fact that, coming from an ISP background, I am focusing on APNIC while you are focusing on Asia-Pacific as a whole.

I agree that IPv4 is running out fast, but it's not out yet. And it will never truly be as v6 will have replaced it by that time.

Re:Bullshit.

[RichiH]

> Before you even mention it, the /22 is per LIR, but there are not that many LIRs in China due central government control.

If the gov thinks allowing sub-LIRs will get them more /22, they will allow them in no time at all.

They are very aware of the need to go v6 though.

Still, my point remains: While we truly reached the birthing pain stage now, APNIC will not run out any time soon.

Re:Bullshit.

[Morgor]

Well, if by "run out" you mean have no addresses left at all, you are correct. Subdividing the number of LIRs by the number of possible /22 in the remaining /8, they will not run out, but once you get your final /22, there are no more IPv4 addresses to get. The remaining addresses are yet to have their purpose declared, and I cannot imagine that they will be allocated in any way resembling current address policies. Within RIPE policy, the remaining addresses in the final /8 are reserved for unforeseen events, whatever that may be...

Re:Bullshit.

[RichiH]

> Within RIPE policy, the remaining addresses in the final /8 are reserved for unforeseen events, whatever that may be...

No. A last /16 will be kept from the last /8. As soon as all /22 from that /8 are gone, the last /16 will be allocated as well. Unless it's been claimed for something else, first.

Re:then != than

[MichaelSmith]

Least of our problems.

Re:NAT to the rescue

[lxs]

You sound like a telephone operator in 1994. Those crazy kids with their modems!

Re:NAT to the rescue... NOT

[lxs]

For many consumers P2P filesharing is the reason why they want a > 20Mb/s connection. It's what sells premium packages, even if ISPs will never admit it.

FUCK ME! YOU SERIOUS?

[definate]

Fuck me! You serious? This post. Again?

You've either never read Slashdot before, and you didn't read the other posts of THIS EXACT SAME QUESTION, or you're an idiot.

Please, please, please. Stop asking this question. I've read so many responses to this, I'm almost an expert on low level routing protocols, completely against my will.

Re:NAT to the rescue

[wooptoo]

NAT is an ugly hack. IPv6 will finally shred it.

Content providers are the key

[Mazzie]

If they get a few big guys like Google and Yahoo to favor IPv6 hosted content over IPv4 when it comes to page rank, I think you would see a mad scramble to IPv6 with customers placing a crushing amount of pressure on their providers to get them a presence on IPv6. Not sure if I understand it right, but I *think* its not too difficult to serve content on both address spaces simultaneously?

Re:NAT to the rescue

[evanism]

a lot of those crazy kids are reading this now. This particular crazy kid has tried to implement into a large company and the effort involved (IT, management, outside vendors, etc) was so enormous I have now withdrawn from active network management. It will be an absolute Shit Storm.

Why do mobile devices need live addresses?

[EmagGeek]

Seriously, every cell phone and IP-enabled kitchen appliance out there does not need a live IP address...

It says so right on the front of the guide...

[regular_guy]

DON'T APNIC! Incredibly lame, I know...

Re:then != than

[Curmudgeon420]

your != you're

Conforms to the rule that grammar flames always contain grammatical errors.

Re:then != than

[gnarfel]

Yeah, my Pentium says the same thing.

Re:NAT to the rescue

[bernywork]

Said it before, say it again, you need to switch in hardware, not software.

The 6500 Supervisor 720 with MSFC 3 will do 225Mpps (Not enough) as opposed to the 450Mpps that it will do in IPv4 and the other thing that will do it in the Cisco space is the 4948-E which has only just come out. (Not a bad access switch BTW)

The only thing that would have the throughput that they need would be a Juniper 8216, while this has been around for 3 or 4 years, this wasn't available nor a proven tech when 21cn was in it's design phase.

So for all these people who say 'amazingly, the designs for a network upgrade they called "21st century network" didn't originally include IPv6 support...' it only takes a few seconds thought to realise that designing a network that large requires proven technology and takes a LONG time to design and think through.

So running with the assumption that their chief designers aren't complete idiots (And knowing a few people who work for BT doing design work, I would find it difficult to imagine their chief designers being morons) you would have to consider the idea that I'm sure that they considered it important, but there wasn't a proven technology to run with on day 1 to integrate into the network. The only option you really have at that point is when you are in negotiations later with the vendor of choice that you ensure that their later platforms which you use in their network will have the ability to support IPv6.

So stick your nose up at the network all you want, you design a network and put your job on the line for it and see whether you push for IPv6 on unproven tech or not....

China will never run out of IPv4 addresses

[cheer_xiao]

Come on, NAT is so widespread in China that you will not be surprised when you find you're actually four NATs away from the "Internet". The argument that NAT is a performance problem is completely bullshit in China. For the uninformed: the number of IPv4 addresses allocated to China is less than that of, say, UC Bekerley. You can barely satisfy half the netizens in Beijing with so many addresses.

Re:NAT to the rescue

[bernywork]

Oh, and let's add in accounting of IPv6, management of associated devices, tech support, billing hassles and every other problem that they are going to have to face....

Re:NAT to the rescue

[marcosdumay]

Let me extend your list a bit...

3 - People that play games online (but not online games).

4 - People that want those intermediate nodes to be available for VoIP.

5 - People that use virtual LANs.

6 - People that use remote access (for support or for working).

I'm sure the list is way longer than that. Oh, and on that #1 there will be all people that have software that updates by P2P or use P2P for remote access control (way to break DRM). You know, you don't have to run bittorrent yourself to use the protocol. Numbers 3 and 4 are probably the majority of the users at the developed countries, and a big share on the developing ones. Number 5 and 6 are the majority of corporation users anywhere.

One word: DirectJet

[Marrow]

You probably don't want your printers to be on a public address unless you like adverts. :)