Slashdot Mirror
UK's 'Unallocated' IPv4 Block Actually In Use, Not For Sale
jimboh2k writes "The UK may have 16.9 million 'unused' IPv4 addresses but according to the department that owns them, they're not for sale. The Department of Work and Pensions says it would be too expensive to reallocate those addresses and, even if it did, it would not stave off IPv4 address exhaustion by much."
The addresses in question are being used for a new internal government network. Of course, why that project wasn't built using IPv6...
Changing the contract will cost them at least 20% more than the current overrun.
What's so difficult about switching to IPv6 ? I mean where the cost really is ? It is not like I have to buy all of my hardware again, it is mostly a software issue right ?
To me that means they should all be 10.x.x.x, and some IT workers are completely and totally incompetent.
Well some old dinosaur US companies or even universities own a full Class A.... do you think they need the address space more than a government ?
IBM CSC Dupont MIT Ford Apple USPS... etc.
see the list at : http://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks
The biggest cost is that getting a sixxs tunnel is a royal pain in the ass as you not only need to set up a linkedin account but write a nice long essay about why you want it. How many people are going to go to that much trouble just to switch to ipv6?
Obviously you haven't heard of 4in6, though a Dual stack approach (using 10/8) would be more convenient.
Well duh, they had a bunch of IPv4 addresses they could use, why not use 'em and save a bunch of hassle?
Company 1 says, "Well, I won't give back my unused addresses because it's not like a few /16s would make much of a difference." /16s would make much of a difference." /16s would make much of a difference." /16s would make much of a difference." /16s would make much of a difference."
...
... /16s would make much of a difference."
... /8s forever wasted because nobody looks beyond their own impact at the big picture. See also: Carbon emissions, littering, everyone else taking the bus, etc.
Company 2 says, "Well, I won't give back my unused addresses because it's not like a few
Company 3 says, "Well, I won't give back my unused addresses because it's not like a few
Company 4 says, "Well, I won't give back my unused addresses because it's not like a few
Company 5 says, "Well, I won't give back my unused addresses because it's not like a few
And 250 companies later
Company 255 says "Well, I won't give back my unused addresses because it's not like a few
And there you have it. A couple
Reminds me of the switch over from Analogue to Digital TV transmission.
Of course most home users are already setup either directly or via their ISP. It'll be businesses with these $50,000 network equipment that wont want to move over due to the cost of buying new HW when they just got through paying off the old stuff.
The UK may have 16.9 million 'unused' IPv4 addresses but according to the department that owns them, they're not for sale.
Of course they're not for sale, no one in the department would get any benefit from selling them, and it would be more work if they did. Once the lobbyists get wind of this, someone higher up will get a campaign donation, and the block could be sold.
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
Sell the block for a billion or whatever it's worth, and use the money to build an IPv6 backbone for UK government services. That in turn would free up more blocks which they could continue to sell and continue to fund the transition with. Or they could sit on them and do nothing until the world switches to IPv6 and there is a glut of IPv4 addresses that nobody is interested in buying.
it's the only way to solve this problem.
Maybe the mandate can be sold to manufacturers first as an economic stimulus: think of all the new equipment that will be need to be built and all the old computers grandma still uses that will be replaced because they can't figure out how to run the windows update that force retires IPv4 and requires a trip into the control panel.
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
If you want a free v6 tunnel there are less elitist providers than sixxs. gogo6 (aka freenet6) even offer unauthenticated tunnels for individual machines* so you can just install their software and go.
Still I consider such tunnels as a tool for those who are interested in developing/testing IPv6 and maybe as a stopgap measure for a subset of end users who really need to reach v6 servers. If you are serious about v6 then you should be using a v6 capable ISP.
*If you want a prefix you have to create an account and authenticate to it but afaict creating an account with them is no big deal.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Is sir unaware of what subnet masks and VLANs are for?
Hail Eris, full of mischief...
E pluribus sanguinem
I called that one, right here! :p
Unless all systems attached are on the same subnet... And that plays hell with routing, causes congestion... There are reasons the 10.x is non-routed. It was aimed at large local networks - like a node cluster. Sucks when you have to go past a router. That requires routable numbers.
BS you can route subnets of 10.x on your private networks just fine. You just can't advertise them on the public internet.
The real problem comes when you are trying to link together a load of sites that are already using some part (or even all, it's a class A block so the default netmask is 255.0.0.0) of 10.0.0.0/8 for their local private network. It is likely that some users will need access to both the national network and existing local private networks. So if you use private IPs for your network you are stuck either trying to find a subset of 10.x that none of the sites are using (can work but there is no gaurantee there will be any such space and it's a problem if you want to add more sites later). Renumbering machines unrelated to your network at various sites so they don't clash with your network or using some horrible NAT hacks.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
2**24 = 16777216 so where did the extra ~130k IP addresses come from?
I'm still not convinced there was any benefit to the digital switchover for TV. The picture quality is worse in many cases, and the extra channels are nothing I couldn't get over satellite/cable anyway.
Obvious? What's so obvious about it? If it was obvious, people would have switched by now.
But since people don't perceive it as better, or worth their time and money, they don't do it. Hell, you could say it's "obvious" that companies have yet to find a good enough reason to switch to it, which is why they're staying away in droves.
Frankly, I can't see companies doing away with NAT. Why the hell would I want my internal machines globally addressable? That always sounds like a stupid thing to me.
You act like it's so obvious, then fine Mr. Smarty Pants ... give me ten compelling reasons I could go to management to get funding for a project to do this. All reasons which are cool from a nerdy perspective but which don't translate into a business reason will be deemed irrelevant, as they clearly have to date which is why companies aren't doing it.
I really would love to hear your reasons. Because to date, I've always looked at it as "yeah, sounds cool, but what's in it for me?".
And I haven't really had a satisfactory answer yet. The most I ever get is people whinging about how evil NAT is -- which is mostly just geekery as far as I can tell.
Lost at C:>. Found at C.
Except it's not really a problem which is why no one is particularly rushing to fix it.
Quit wanting the government to force other to do what you think is best. It's antisocial.
or: the television networks switching over to HDTV from analog.
grow up.
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
sixxs dont require a linkedin account (or something changed since i created mine and several friends accounts)
all you need is to say you want to test ipv6 on your home computer (or home network) and put your real info (name, email, etc)... that isnt much different from registering on any website.
Requiring real info is normal, as you will access the internet with their connections, its normal they want real info to contact you or to redirect any police request if you want to use their network for illegal activities
Higuita
It's not difficult any more. Nearly anything worth running has IPv6 support built in.
Nope. It's a man-hours issue. Time is money; if you have people doing things (like reconfiguring networks that run fine on RFC1918 IPv4 address blocks) you have to pay them. Businesses that spend money on IPv6 conversions that aren't necessary are wasting money that could be better spent increasing profitability. There is no ROI on IPv6 for most businesses, only telcos and ISPs can get any return out of it. So nobody else cares.
If you're a startup building out a new network from scratch, you might bother with IPv6. But probably not even then, since you'll have to pay more for techs who are capable of doing it as fast and reliably as IPv4.
Large enterprises rarely permit change for change's sake. There has to be a compelling business advantage or the resources will be better used elsewhere. For example, if your ISP offered IPv6 at a discount over IPv4, then you'd light it up at your edge routers.
it is obvious
what is lacking is the existence of an authority to force the obvious change to happen. because centralized force is the only way to save us from bedlam and a hacky address space and NAT everywhere (not just within organizations, but across the internet address space, turning it into fiefdoms)
the problem some minds have with problems like this is they see only costs on one side of the equation, and in the shorterm
the costs of mandating the change: sudden, large, and then gone forever
the costs of doing nothing: small, accumulative, accelerating forever to a permanent hobbling tax on the network's functions
first lesson: no choice has zero cost. so the choice is not between cost and no cost, but between the quality and quantity of cost. some minds don't grasps this, and only balk at the idea of any sort of cost
second lesson: looking at the problem shortterm and longterm. shortterm, the obvious answer is to do nothing. longterm, the obvious answer is to mandate the switch. there are many many examples from real life and politics, where the shortterm thinking dominates the longterm thinking and we all suffer for that. it's called kicking the can down the road. let someone else deal with the problem, even as the problem grows
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
if you don't understand why running out of IPv4 address space is a real and genuine problem, you shouldn't be posting on this particular website
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Tell you what, to save your poor old eyes the trouble, we'll ban all further publication of IPv4 related articles. Wouldn't want you climbing the embassy walls or anything, and certainly not in New York! And we can use asset forfeiture laws to raid every home and business and remove their obsolete routers. All other non-compliance will be met with indefinite detention. How's that? Happy?
“He’s not deformed, he’s just drunk!”
I'll take care of re-addressing into a /16 and we'll spit the proceeds of the /8 50/50, OK?
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
no, i'm not happy, because you go to absurd thoughts. think about the switch from analog TV to HDTV. it was mandated, forced, on industry and individuals, to great expense, and led to a much better standard. and it was accomplished without concentration camps or secret police or whatever other absurd analogy you want to make, dumbass
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
The addresses in question are being used for a new internal government network. Of course, why that project wasn't built using IPv6...
doesn't make sense. First of all, there is nothing indicating that IPv6 was not considered. But even if it was, it still makes sense to dual-stack them. Like I suggested in the previous thread on this story, even if they distribute it, they should do it to those already planning for IPv6. In other words, IPv4 addresses should only be sold to those willing to go IPv6 as well
For those that remember the days before NAT was prevalent, this is what way IP addresses were supposed to be used.
Competition Good, Monopoly Bad.
Easy to do with TV, as all that was required was letting the license expire and not renewing it. It doesn't work that way with the internet. Fortunately, maybe not for you, a license isn't required to operate on the network. So... your absurd idea can only be met with an absurd reply. Please, don't expect me to take you seriously...
“He’s not deformed, he’s just drunk!”
Why are they using public IPs for an internal network. Thats kinda retarded.
Because it's connected to other networks to which they have no control over the addressing? How do you connect two networks both using, say, 10.1.0.0/16 without a horrible NAT mess? (In reality it's often worse with companies finding ways to allocate most of 10.0.0.0/8 into a horrible mess for only a few thousand hosts). People need to stop thinking about it from an Internet-only perspective and think about private links between networks and it will become clear why many organizations need to use globally unique addressing on their networks.
Take IBM as an example... When you outsource with IBM you often establish a tunnel with them. Using the 9.x network ensures their network doesn't overlap with any of their customers. If they were using 10.x.whatever it would be a horrible two-way NAT nightmare. At least this way the worst case is a one way NAT with a customer using RFC1918 space--but if the customer uses globally unique addresses everything can be accessed directly AND FIREWALLED APPROPRIATELY.
When you think of GE, Ford, Du-Pont, etc they would all have had at one point large military contracts and trust me they couldn't successfully tunnel with the DoD using a mess of overlapping RFC1918 address space.
(and stop panicking about security... firewalls (including stateful) work exactly the same way with and without NAT). GE has their whole 3/8 block advertised and they're not carrying any extra risk just because a workstation or server has the same IP both on and off the Internet.
you don't appreciate or acknowledge the cost of a balkanized, NATted, hacky internet address space?
you are so allergic to a mandated switch you don't appreciate the benefits?
why do we have to deal with spastic hysterics like you on commonsense questions?
we're talking about a prudent obvious solution to a real problem, and you have to start WHARGARBBBLing about raids and detention like a paranoid schizophrenic moron
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
third lesson: sorry, but all I hear is screeching weasel, dial it back a little
For starters, WTF is wrong with NAT? I keep seeing people say this, and it mostly amounts to apoplectic bitching about how evil it is without anything coherent behind it.
You say it's obvious, and that there are good solid reasons why people should choose it -- and then you utterly fail to explain your case.
As I said, if I put you in a room with management to make your case as to why, you'd fail utterly. If you can't make your case here to people who would like to hear your reasoning, then I think you've kind of proven my point that to management this is anything but obvious, and the supposed benefits are so nebulous as to be meaningless.
Why, for instance, would NOT using NAT be better? Would my network be faster or better or more secure?
All I hear from you is "because centralized force is the only way to make people agree with me". Which, I gotta say, isn't helping your case any.
Lost at C:>. Found at C.
Pfft.. the pipe should be transparent to whatever I hook up to it. You're nuts.. trying to be the little general... I gotta laugh
“He’s not deformed, he’s just drunk!”
I think what people have forgotten here is quite how old the internet is, for how long the British have been involved in it, and how tightly integrated into British government it has been for a long, long time.
I'm sure Slashdotters don't need a history lesson on the origins on the internet; as a cold war military network designed to re-route traffic in the event of a nuclear strike on what would otherwise be single points of failure. What readers might need a reminder on, is the UK aspect of this early history.
Whilst the internet began as a US-only operation, within only a handful of years this had spread to the US' closest NATO ally, the British. Given that even us Brits cheerfully admit that, from a NATO perspective, our island is essentially a 700-mile long aircraft carrier in the North Atlantic that can never be sunk, the involvement of the UK in the early days of the internet should come as no surprise. It's also well known that both American and British universities got in on the act fairly quickly, initially from the perspective of military research; most British universities were either directly addressable or a short hop through a gateway from the internet by the early 1980s. Other close NATO allies, notably the Canadians, ditto.
What's not so well understood is that, as absolutely certain first exchange targets, the British had an extremely highly developed government continuity strategy for nuclear war. Some parts of this have come to minor public attention in the form of amusingly retro nuclear bunkers that have been re-purposed as museums, archives or modern telecoms junction points (look up the codenames Guardian, Anchor and Kingsway) with varying degrees of practicality. There are some very chilling bits like the "Protect and Survive" videos (now on Youtube) that frankly still scare me silly and we'd all rather forget. Further, there other parts such as the RSG Regional Seats of Government which remains partially, or perhaps even largely, obscured by national secrecy (and probably rightly so).
This stuff was set-and-forget, it's original design brief was that you wouldn't be able to call the IT department if the IT department had been killed in the first strike, it had to work and remain working without significant intervention.
Understand that concept - understand that the internet has been at the heart of the most serious British government infrastructure for around 40 years - and you begin to understand why /8 IPV4 address blocks have been, often literally, hard-wired in to the British government. This network was the network we would rely on, to survive. It was the one thing the British government could depend upon. It was the one thing which, when planning IT infrastructure, the government could be absolutely certain about.
Having that level of certainty allowed us to build other infrastructure around it, such as the PSN Public Services Network,
To those arguing that it's just a bunch of router reconfigurations... this is not your piddling little /24 home office network. Nor is it simply a bunch of VPNs linking regional offices over a few leased lines. This is not even one IT-savvy megacorporation like IBM. This is a nuclear-war-proof combined civilian and military network which over 40 years has been integrated into every government department and every local government office in a country of 70 million people. It's in the job centres, the benefits offices, the local tax offices, the post offices, the village doctors' offices. It's throughout public service departments which are staffed by people who, on the whole, are pretty good civil servants but who don't actually have a reason to need to know how it all hangs together, and in the vast majority weren't around when it was plumbed in.
Would this cost more than the value of the address space to reconfigure to 10.x.x.x or IPV6? Crikey, yes, Ten times yes. Magnitudes of scale yes.
Andrew Oakley - www.aoakley.com
On the other hand, the government could simply start putting their own sites on ipv6 only... Anyone wishing to work with the government, to pay their taxes online, to win government contracts etc, would need to use ipv6. The US already does that to a small extent in that any equipment they procure must support v6, although they don't actually use it.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
... They do not need top end internet addresses.
And 17 million of them?
Why does the government even have that many computers, and why does it sound like this is just one small subnetwork?
Troll is not a replacement for I disagree.
the pipe won't be transparent, idiot, if it's NATted to high hell and balkanized because the name space is clogged out
and i'm a little general because i recognize the only way forward is to mandate the change
such fucking idiots on this site
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
such fucking idiots on this site
Really man!
“He’s not deformed, he’s just drunk!”
IPv6 will prevail when running v4 becomes more expensive than deploying v6.
Long term something else may have replaced ipv6 - y'know, something actually massively better - not Blu-Ray better.
Companies which wait longer skip over an intermediate layer of pain in that case. Lucky for them.
he US already does that to a small extent in that any equipment they procure must support v6...
That would be the way to do it.. Simply make it impossible to live without. All 'mandates' are kept within the government itself. Everybody will hop on-board as the equipment becomes more common and the old stuff wears out. Then you're gonna wake up and find your connection on IPv6.
“He’s not deformed, he’s just drunk!”
The underlying message should come across as: 'These extra ipv4 addresses are going to be used in a government project to spy on all the internet users of the UK.' Get real.
i'm not here to win over someone to a point of view. IPv4 name space is running out. IPv6 has to be mandated to fix the problem. there's nothing to win over or convince someone of. you either understand the fucking obvious or you are a fucking moron
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
This is slashdot, everybody already knows to use Hurricate Electric.
Stop making shit up.
“He’s not deformed, he’s just drunk!”
Why, for instance, would NOT using NAT be better? Would my network be faster or better or more secure?
http://en.wikipedia.org/wiki/Network_address_translation#Drawbacks
LOL, from your own link:
So, NAT is bad because it could delay the deployment of IPv6 because it staves off the problem of running out of address space which would drive people to IPv6. Gotcha. In this case, I'm not sure I agree with the esteemed messrs Peterson and Davie who are attributed with that quote.
And, for most corporations, that "Services that require the initiation of TCP connections from the outside network, or stateless protocols such as those using UDP, can be disrupted" is probably a bonus.
People don't want TCP connections initiated from outside of the firewall. That's why they have a firewall.
So, I concede that in the opinion of some people, NAT wrecks the entire internet ... and will add that in the opinion of other people, it doesn't.
Lost at C:>. Found at C.
Imagine that: individuals (which means corporations to some people) FORCED (I said forced, yes) by government (yes, this is ok, you free market fundamentalist freaks) to sacrifice for the benefit of society.
You should check your six. I can almost see a Brutus sneaking up on you from here. What a tyrant you'd have made. What a massive sense of entitlement you have.
There are plenty of far bigger problems out there than ipv4 -> ipv6, but you think it's appropriate to sic the government on this?!?
You big gov't types are all the same. You just see that gov't power can get the job done. You completely ignore the massive cost the mandated disruption is going to cost us. Left alone, plenty of small problems will be handled by those who are slow to transition, and they'll handle them when they have to in the way they can at that time.
Mandated, it's a massive problem for everyone simultaneously. Thanks a FUCK of a lot. You just made an irritating problem a disaster.
Say hi to Brutus for me. Sic semper tyrannis!
"Tongue tied and twisted, just an Earth bound misfit
you either understand the fucking obvious or you are a fucking moron
If you weren't so quick to sling insults at anyone who's disagreeing with you, we might think better of your argument.
IPv4 name space is running out.
So? Please list all the Earth shattering disasters looming in all of our futures every minute this isn't fixed.
IPv6 has to be mandated to fix the problem.
Why? Prove it, please. While you're at it, would you please describe what business you're in and what you do there? I'm just wondering what sacred cows you worship. Follow the money, you know?
"Tongue tied and twisted, just an Earth bound misfit
That wasn't the only drawback.
Yup, my employer went through a merger and no doubt getting the networks merged went as quickly as it did because one of the companies involved had a class A (yup, one of THOSE companies). Every printer, PC, and whatever in the company had a globally routable IP address - and yet they were all NATed as far as the internet was concerned. :)
If you're going to grab networks that aren't BGP Advertised, take them all:
7/8 (ARIN)
9/8 (IBM)
11/8 (US Defense)
19/8 (Ford Motor Company)
21/8 (US Defense)
22/8 (US Defense)
25/8 (UK Defense)
26/8 (US Defense)
28/8 (US Defense)
29/8 (US Defense)
30/8 (US Defense)
31/8 (RIPE)
45/8 (Prudential Securities)
102/8 (AFINIC)
104/8 (ARIN)
179/8 (LACNIC)
191/8 (LACNIC)
and when are we going to do someting with 240/4? How many proposals have to be unfulfilled to use this resource when the resource is scarce? (I know, it'll take a while for some vendors to support this)
ARIN, RIPE, AFINIC and LACNIC are all Internet Registries. They are the bodies that hand out addresses to companies and individuals. Or were you looking to generate a Perpetual Assignment Process:-)
As for 240/4 it really can't be made usable on a global scale. To many machines can't talk to it. One could use it between consenting machines in a limited way. e.g. between the CPE and a CGN.
sixxs dont require a linkedin account (or something changed since i created mine and several friends accounts)
Indeed SixXS never required a LinkedIn/XING/etc account.
Those links where only requested at the time so that one would get extra credits (ISK) donated to the person when they signed up, they got the credits because they proved a little bit more that they where real (as we, that is SixXS, could check the trust-graph in those websites) and more importantly as the people who did that actually read the signup page, which is something a lot of people clearly do not do even with colorful indicators.
This solved a small catch-22 with people who got flashy new IPv6 enabled routers (read: AVM Fritz!Box at the time) and thus for whom a tunnel alone was not enough. As since the beginning of 2012 the new sixxsd v4 software was deployed, this was not needed anymore as one then automatically has a routed /64 next to the tunnel space.
http://unfix.org
There are actually only few out of the 30.000+ people who signed up with a proper essay, and the ones that did always earn quite a few extra credits for when they actually do write something more than just "I need IPv6".
If you where not able to get a SixXS account you likely just did not read the text on the signup page, most likely then proceeded by providing garbage details which is definitely not accepted and any such request simply gets rejected.
But if you are unable or willing to read the signup page, most likely you won't get IPv6 working either as you'll be doing all kinds of things that will break the configuration, thus reading is essential.
We (SixXS) have tried to make it as easy as possible by bringing AICCU into the world and working together with various vendors though so that they support IPv6 tunnels out of the box, but even then some problems need reading for a bit to get them resolved. Thus if you can't read at signup you likely won't pass for the rest either.
http://unfix.org
If you're going to grab networks that aren't BGP Advertised
Which would be a really stupid idea. Do you think the likes of IBM would renumber their whole internal network. Or do you think it's more likely that people who got allocated addesses from 9/8 would simply be inaccessible to anyone at IBM.
and when are we going to do someting with 240/4? How many proposals have to be unfulfilled to use this resource when the resource is scarce? (I know, it'll take a while for some vendors to support this)
The compability issues prevent them being meaningfully used to expand global v4 space. Use on large private intranets has been proposed but frankly there are only a handful of such networks in the world and making sure everything supports class E addresses sounds only marginally less painful than making sure everything supports IPv6.
More generally I can't help but feel that trying to add a few percent to the public v4 address space is fiddling round the edges that won't really change anything other than perhaps adding a few more months before people have to accept that v4 space is no longer going to be nearly free and easy to get.
Due to the upfront costs and lack of any immediate benefit it has become clear that the orderly transition from v4 only with a public IP per customer to dual stack with a public v4 IP and public v6 block per customer to v6 only is not going to happen and marginally enlarging the address space is not going to change that. The only option left is for growing ISPs to deploy some mechanism* so that their least valuable customers can access resources on the v4 internet while using less than one v4 address per customer. Hopefully most of them will also offer users public v6 IPs but i'm not holding my breath.
* Be it conventional v4 NAT, DS-LITE, NAT64, port range based IP sharing, proxies or whatever.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register