Slashdot Mirror
North America Runs Out of IPv4 Addresses
DW100 writes: The American Registry for Internet Numbers (ARIN) has been forced to reject a request for more IPv4 addresses for the first time as its stock of remaining address reaches exhaustion. The lack of IPv4 addresses has led to renewed calls for the take-up of IPv6 addresses in order to start embracing the next era of the internet.
The sky is falling!
The sky is falling!
It hit me on the head! *OW! NOT THAT ONE!*
"Runs out".
Yeah. Okay. And how many companies are sitting on vast blocks that are only partially tapped?
This isn't so much an issue of lack (though at some point it'll become that).
It's an issue created by how assignment of address blocks was and is managed.
Chas - The one, the only.
THANK GOD!!!
for something like 2002?
as its stock of reamining address reaches exhaustion.
Perhaps they should stop using the reamining stock and switch to the remaning list. If there aren't any there, they can go to the reimaging stock.
EMBARCE! EXTNED! EXTNIGUISH!
My cell phone has been on IPv6 for years. Everything I have is ready for the conversion. What is holding it up?
on fucking it up so badly.
Everyone I know just uses 127.0.0.1. What do we need all these new ones for?
Wow, if only some major provider of computing resources could somehow pool them and resell access, and support IPv6 at the same time. I bet that would drive adoption. Oh well, it was a dream. Still can't use it on Amazon (excluding the worthless-to-me ELB).
. Define sqrt(x) as something really evil like (x / rand()), and bury it deep. Watch your coworkers go nuts.
Hey, maybe this is a Serious Thing.
It's tough to tell, though, as we've been OMG RUNNING OUT OF IPv4 ADDRESSES REAL SOON NOW for the past decade and a half, give or take.
Obliteracy: Words with explosions
There are a few large companies in the USA that refused to relinquish large Class A blocks, shoot even to sell them... these companies (which I'd love to name) missed the boat when IPv4 address costs (for sale) was highest and are actually waiting for this next "crisis" in hopes that they can get billions for Class A nets (these companies date back to "the beginning" and the use their Class A addresses for non-Internet facing internal addressing (that is they are wasting the addresses) simply because they lack the skills to change). With that said, you may have to pay 100's of billions just because they lack the ability to change effectively. It's actually very sad.
I'm only using 8 addresses out of my 192.168.1.1/24 class C block, I could probably be talked into auctioning off the other 240+ addresses. Call me, maybe?
I don't know, man. Every year there seems to be some kind of "Oh my god, last IPv4 addresses allocated!!" story in Slashdot. For example, this one from 2011.
Despite that, we seem to be trucking on just fine. What's the real picture of the situation?
Maybe after twenty years, companies will get around to fully supporting IPv6.
(That, or they'll start abusing the shit out of NAT.)
Problem is that IPv6 stack security still isn't that proven:
First, an attacker can easily find your network topology (i.e. which segment is what) with IPv6. IPv4, NAT is not in itself security, but it at least places a curtain in the front window, so someone can't just run a nmap and know what insecure devices are where.
Second, IPv6 doesn't do well with VPN software.
Third, the bugs like teardrop/land/smurf/etc. have yet to be found. Who knows... a malformed packet might be able to take out a good chunk of fabric, and with IoT devices that are likely not updatable, they would easily be a target.
My cell phone has been on IPv6 for years. Everything I have is ready for the conversion. What is holding it up?
There is a small interesting detail about IPv6 that is almost never mentioned. An IPv6 address counts 128 bits. Typically the "top" 64 bits are provided by your ISP and will be used to route the packets through the Internet. The 64 remaining LSb have to be unique within the subnet (typically a LAN), and usually these 64 bits are made from the MAC address of the interface linked to this IPv6 address (padded if 48 bits). That means for instance that knowing your IPv6 address, someone is likely to know also your MAC address (of the device used), that is usually the maker/configurator of the NIC (eg Apple, MS ...). And if the shop where you bought the device keep track of your MAC address - like Apple for instance - they may be able to identify you precisely, based on your IPv6 address (eg when you access their web site).
Slashdot, fix the reply notifications... You won't get away with it...
A lot of people rely on NAT for simple security and get scared when faced with IPV6's global addressing.
securing IPV6 networks is not so straight forward and often requires site specific approaches that are beyond a lot of home users or small businesses.
its a good thing to run firewalls on everything but its also pain.
I can see there being some crazy security breaches and much confusion during the changeover, as a tester every network product i've tested
has had a test plan for ipv6 that gets de-prioritised to the bottom because 'nobody is using ipv6 yet' and its hard to find people who know about it.
[site]
Get off my internet!
Seriously, the only way that we are going to move to ipv6 is when being denied ipv4. The good news is that most are ready. Ideally, a large isp will decide to drop the ipv4 section and see how it goes.
I prefer the "u" in honour as it seems to be missing these days.
As usual, US can get unused resources [ IPs ] from where there's a lot available. E.g. from Iraq.
Slashdot, fix the reply notifications... You won't get away with it...
We should use GPS coordinates for IP addresses. A adjustment for altitude will be necessary for highrise buildings and subterranean addresses.
I've got plenty of unused numbers in my 10.x.x.x range.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
THEY don't want IPv6 implemented, because IPv6 easily ensures that everyone and their evil twin can have a fully-accessible IP address, allowing them to directly communicate with each other without paying extra rent to the ISP for a "server" or "special" (routable) IPv4 address.
If users' systems can directly communicate with each other, there's far less need for centralized sites for everything where it can be controlled (for example, YouTube for video). Deep packet inspection is an option to spy on people looking for copyright trespassers or subversives, but with encryption becoming more readily available, that gets harder, too.
When anybody who wants to can set up (or even buy "canned") a media appliance running something like "MediaGoblin" to share audio, video, text, photos, etc., or VoIP servers like Mumble or various WebRTC-based systems for conferences and "phone calls" and other audio, servers for federated instant-messaging systems or "social media" platforms, etc. etc., and just assign those systems one of the overflowing bucket of publically-routable IPv6 addresses that everyone can have, it'll remove a huge amount of control that big media and telecommunications corporations (and governments) currently have. They don't want that.
Don't try to tell me it's not true, I can hear 'em talking about it on the radios the CIA implanted in my teeth.
But, seriously, my lazy, cheap, asshat phone company can't/won't give me more than one publically-accessible static IP address, probably really because of the ancient crappy DSL modem/router they force us to use and not being willing to have their executives skip lunch for one or two days to pay for the infrastructure upgrades.
Note that this doesn't necessarily mean it's not a secret conspiracy on a global scale overall, though...
Hacker Public Radio is our Friend
change your Mac address every so often.
I prefer the "u" in honour as it seems to be missing these days.
The way it MIGHT work is that ARIN would take the 3 block and in a controlled manner that won't break anything convert it into a bunch of /9 through /16 or even smaller blocks based on what GE is currently using. It would give GE a short period of time - maybe 30-90 days - to justify why it should be able to keep the blocks it is not currently using. If they give a good reason, they keep them. If they give no reason ("we have plans to use them in the next year, we'll show them to you if you sign an NDA" would be a good reason), they lose them. If they give a lame reason then it goes to some dispute resolution, effectively allowing GE to keep them for the duration of the dispute process.
Frankly, I'm surprised that ARIN didn't foresee this ages ago and ORDER anyone with a block bigger than, say, /12, to attempt to split up their address range, consolidate if practical, and return any unused blocks that were /16 or bigger. If this had been done, say, 10 years ago the process could have been be repeated 5 years ago but with the order applying to anyone with a range bigger than /16 to split, consolidate, and return any /25 or larger unused block. A year ago the same order could go out to everyone with a block bigger than /24 with an order for them to return all unused /24 blocks. I don't know if it's feasible for blocks smaller than a /24 to be handled by ARIN, but if it is, then they should start requesting those ultra-small blocks as well.
Oh well.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Many privacy-conscious people do not want IPv6.
If the FTC made a ruling that advertising "Internet access" was deceptive advertising if full IPv6 support was not part of the package, it would probably push change in the right direction.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
It seems like there might be space here for some quick-witted fellow to make a few shiny pennies.
It would appear that, given the way IPV6 is "supported", that anyone with an IPV4 address in the future might be able to get some preferential treatment.
It may even be that people/companies with IPV4 addresses might have better service.
Hmmm.
Every couple of weeks or so, I turn off V4 to see what happens. /. is one of the sites that I can't reach when I do.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Look at the massive amount of IPs that Amazon and Microsoft use for their cloud solutions. If AWS actually supported IPv6 properly, people could start migrating. Last I checked, Amazon didn't even offer IPv6 as an option for their DNS services.
ISPs are starting to move on IPv6, and now we need the big hosting companies to step up. Today, that's mostly cloud providers.
MidnightBSD: The BSD for Everyone
We seen this coming long ago, we did a lot of work to make sure we were IPv6 Ready, Check it out on http://www.freeswitch.org/
A list of companies still holding an entire /8 block, culled from the Wikipedia article List of assigned /8 IPv4 address blocks and verified against https://www.arin.net/ and https://apps.db.ripe.net/searc... on 7/2/2015:
3 - General Electric
4 - Level 3*
8 - Level 3*
9 - IBM (partially *)
12 - AT&T Services*
15 - Hewlett-Packard
16 - Hewlett-Packard (inherited from Digital Equipment Corporation via Compaq)
17 - Apple
18 - MIT**
19 - Ford
20 - Computer Sciences Corporation
32 - AT&T*
34 - Halliburton
38 - PSINet*
44 - Amateur Radio Digital Communications***
48 - Prudential Securities
53 - Daimler AG (via RIPE)
This list does not include military, postal, or other government entities.
* Network service provider
** Educational institution
** Special-use, mostly unreachable, see Wikipedia's article on AMPRNet for details
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
CNN breaking news: POTUS has announced the US Armed Forces, acting under orders given by him as C-in-C, have entered and liberated the Despotate of Ungabunganistan, because the small central asian nation was suspected of hiding large caches of IPv4 addresses (correction: large caches of WMD) and its opressed population was badly in need of democracy. Russia has strongly condemned the "latest imperialist invasion" and initiated an emergecy session of the UN Security Council, which will convene later today to discuss the conflict. In a taped sermon leaked on Youtube, the ISIS leadership is woving to video-decapitate 4 "crusaders" in retaliation for each IPv4 address taken from the muslim people of Ungabunganistan. Meanwhile, Wikileaks has disclosed more secret Snowden cables, showing the Pentagon's plan to invade Ungabunganistan was already part of the NSA's draft IPv4 design back in 1975.
Now that would be the real end of the world, if ICANN gets yanked from the US's control and is put under some global authority like the UN. I wouldn't be surprised to see entire IP blocks pulled from established companies without warning, just out of spite.
I also wouldn't be surprised to see sites that are not popular or are not politically correct have their IP blocks reassigned as well, be it Charlie Hebdo, Falun Gong, Kurdish sites, anything that isn't approved by some cleric or government official.
People bash the US, but this is one area where the US is doing a decent job -- keeping the Net's core structure going.
> Trying to get companies with big internet presence to return their allocated blocks to the (ARIN)-pool would take for too much time and effort
That's not true. POTUS FDR forced all to fire-sell all their gold to the feds at rock bottom prices, by simply signing an executive order and backing it up with the armed forces. BHO could similarly order all persons, natural or legal, to immediately sell all their /8s or anything to the FTC, for peas and pennies, by simply signing an executive order and backing it up with military might. The looted IPv4 cache could be placed alongside FDR's gold in the Fort Knox national datagram reservoir.
China only needs 1 ip address at the outside of it's firewall that connects to the rest of the world.
Fuck em...
I can't see that detail in the article or the ARIN announcement. It's a bigger deal if no one can get a /22, but then again if the request was for a /9 that might be a much bigger group of people about to go behind Carrier-Grade NAT.
note: I have at least one, possibly two other, Slashdot accounts because OpenID creds can't be merged with an older acco
“By giving each device a unique IP address, the next generation of internet-based technology is made possible. The ongoing proliferation of internet-connected devices and driverless cars cannot happen without IPv6,”
We must eliminate the chances of IPv6 to spread. It's the only way to be sure the IoT never happens (well, that and nuke it from orbit, but I kinda live here).
but it feels like we have "run out of ip addresses" and "rejected requests", "for the first time", at least 10 times already in the past year. and yet here we sit, still on on our v4 backbone. plus, are we really out of them? can't we just steal the like 4mil IBM (or whoever) has that they don't even need?
Can I sell mine on eBay?
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Apple's got you covered. According to their Plan For World Domination you are supposed to replace your Apple hardware every time a they come up with a new product or model.
Security through consumerism. Then you have to buy new connectors and cases and a new desk or outfit to go with your new shiny. Thus, it helps with the local and global economy and even generates more traffic on the Internet (all of those rantings on various support boards and all of those lovely adverts). Given Apple's push towards recyclable packaging products, it helps those companies as well.
What's not to like?
Faster! Faster! Faster would be better!
LOL.
Yeah, oddly, they are not the only ones with that same plan.
I prefer the "u" in honour as it seems to be missing these days.
We now have to look at bringing down the IPv4 network. Perhaps in 10 years time they will begin with a plan in the following 10 years to begin turning off the IPv4 network.
I would suggest that a better first step would be to require that organizations prove that their allocations are in reasonable use. That the use is justifiable in light of the availability technologies like NAT and named based virtual hosting.
"GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"
Some of us residential customers have legacy hardware and legacy software. It's not as simple as upgrading. (My firmware for my Skype phone isn't being updated anymore to my knowledge.) New computers aren't free. Some software may be stuck using IPv4 even if we'd like to use IPv6. All it really takes is just one thing to require us to still need IPv4.
I don't know if it will solve anything, but I'd like to see all newer cell phones to require IPv6 capability (even if that means also having IPv4 at a backup).
I'd hope that as more people move to IPv6, the IPv4 space gets cleared up for those of us who need it. I also suspect that the y2k38 problem will force older machines to "upgrade" with the result of IPv6 capability.
The real solution would be a time machine to go back in time and convince them to go with a larger address space, whether that be what's currently IPv6, or maybe something else, like eight octets.
What we need is for someone to go back and time and convince them to go with a bigger address space. I would propose eight octets if I'm using that term correctly.
Instead of 1.2.3.4, we'd have 1.2.3.4.5.6.7.8. However, that last one would be given out in chunks of 256 to end users.
Starting off with 128 since it's an easy enough number to remember.
128.region.3.4.5.6.7.*
For regions, I pretty much mean country.
I have allocated you the following IPv6 address for use with your RV:
bad:feed::1
Please use it wisely.
In terms of what to use with your satellite link, have you considered asking your satellite link provider? Just a thought.
This a non-problem. Just charge a dollar per IP per year. Watch the IP blocks be returned quickly.
With so many addresses in use, the money should accumulate quickly. Pretty soon, there will be enough money to design a new IPV6NG that can actually work (as opposed to IPV6 does cannot be deployed).
For people who think IPV6 is the solution - it is an empirically observed fact that IPV6 has not been successfully deployed in any scale in several generations technology.
So many people will lose their jobs because they don't have degrees with this experience....
The IETF knew that this was to small for the longer term, but the efficiency argument won out. (this was back at a time when a 1Mz mainfraim with 16Megabytes of ram could be timeshared to over 100 users). They figured that by the time the 32 bit address space was saturated, that the replacement protocol with a REAL address space (IP6) would be easier on the computers of the day and there would be lots of time to get it up and running (turns out to have been over 30 years).
What they didn't plan for was that the 'Net would be effectively in the control of business majors and bean counters and that IP6 adoption would be at the whim of financial considerations and a 'you first' attitude. Now IP6 adoption is waiting for a 'killer app' that is on an IP6-only server ... or for Google to announce that they'll give preferential listing to sites that are IP6 capable.
OS Software is like love: The best way to make it grow is to give it away.
This is the RFC that handled three reserved IP4 address blocks 10.X.X.X which Goggle uses or any large organization is able to use; one for semi large companies can use; as well as the 192.168.x.x a small group of users are to use, and most of us are familiar with. https://tools.ietf.org/html/rf... I've read it many times in the past for those reserved blocks. Now can't make sense of it, it's grown by many many pages.
At least the HOSTS file is safe (I think) "0.0.0.0 is an obsolete form of the limited broadcast address".
A Router setup, I'll wait and see:
"A router MUST allow a metric to be assigned to a static route for
each routing domain that it supports. Each such metric MUST be
explicitly assigned to a specific routing domain. For example:
route 10.0.0.0/8 via 192.0.2.3 rip metric 3
route 10.21.0.0/16 via 192.0.2.4 ospf inter-area metric 27
route 10.22.0.0/16 via 192.0.2.5 egp 123 metric 99"
And against all advice: "A router MUST support ICMP".
... spammers start using it.
now we need to go OSS in diesel cars
"I just reply to you when I see you spamming Slashdot with your nonsense"- by dave420 (699308) on Friday June 19, 2015 @10:31AM (#49945047)
Why'd you agree w/ my points on hosts then? Quoting you:
"I'm not denying all those things" - by dave420 (699308) on Wednesday September 17, 2014 @11:39AM (#47927435) FROM -> http://yro.slashdot.org/commen...
Of course not: It's impossible to dispute HOSTS FILES superiority to other methods!
Since my points in favor of hosts SINGLE FILE native kernelmode faster part show hosts doing more w/ less vs. so-called 'competitors' many part messagepassing + cpu/ram use overheads laden slower usermode FAR MORE COMPLEX 'solutions' doing less than hosts do for more security, speed, reliability, + anonymity!
I make creating a superior more efficient solution EASIER!
(That's more than a mere trolling stalking harassing "ne'er-do-well" like yourself could *EVER* manage).
---
"I'm simply pointing out that it takes an AdBlocker to block your spamming"- by dave420 (699308) on Friday June 19, 2015 @10:31AM (#49945047)
I bother you? Then WHY DON'T YOU DO IT & use 'em? Answer that!
(You stalk/harass me instead!)
OBVIOUSLY you don't & you're a "ne'er-do-well" troll & you have "other motivations" (next):
---
* QUESTION:
DO YOU WORK FOR AN ADVERTISING FIRM, or ARE YOU A WEBMASTER/WEBCODER http://slashdot.org/comments.p... , or a MALWARE MAKER, or ARE YOU AFFILIATED WITH 1 OF MY COMPETITORS?
Answer it!
As per your usual you'll avoid every question, or lie & You've been EXPOSED in your "motives" in the last link just above, lol!
APK
P.S.=> See Dave420 the "pot puffing clown" SQUIRM - evasions galore will ensue (as well as effete downmods via sockpuppets to *try* vainly "hide it" -> http://slashdot.org/comments.p... )... apk
There are actually several millions of unused IP#. Why are these not recalled?
Using private addressing is like living in a building with only one entrance and hoping the bad guys won't get through that entrance.
Having a firewalled public address is like living in a building with only one (or more - all under your control) entrance and hoping nobody accidentally creates a second entrance that you are unaware of/don't control.
The comment about "security in depth" is well-taken.
A hybrid method - which might actually be in IPv6 (I haven't read all of the relevant standards documents) would be to specifically declare certain IPv6 addresses or ranges as "private," and routers not specifically configured to handle those addresses would be required to drop those packets. In other words, if IPv9 had such a standard (it does not) and I owned 9.0.0.0/8 and I declared all addresses other than those ending in .1 to be private, and I didn't configure any non-9.0.0.0/8 routers to specifically handle 9.0.0.0/8 traffic, any traffic not routed through a 9.0.0.0/8 firewall ending in .1 (and having its "public" IP masqueraded into an address ending in .1 in the process) would be dropped by the first standards-compliant non-9.0.0.0 router that it encountered. This way, if an employee intentionally or accidentally connected a machine to both a 9.0.0.0/8 network and another network at the same time and the machine started routing traffic (which shouldn't happen if my internal network isn't broken in some other fashion), the first upstream router of the external network would say "woah boy, I can't handle that traffic, *DROP*. Defense in depth.
Granted, this would not stop a rogue employee who knew what he was doing from setting up a firewall that did its own address translation. This scheme provides some security, it is not intended to protect against all adversaries. It also has most of the other weaknesses of NAT, including client-based vulnerabilities where an internal machine is p0wned and has relatively-free run of the network (well, as free as if the network were entirely publicly-addressable/publicly-accessible).
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Are you saying that you use addresses that are assigned by ARIN or a similar authority to NCR, but as far as the Internet is concerned, the address are in a range that not in use ("no route to host")?
You are one mis-configured BGP announcement away from that statement becoming false. I hope you are practicing "defense in depth."
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Just do it and stop talking about it.
I know a university that has an entire class B block and they claim that they need them because they pass them out to anyone connecting to wifi on campus. In reality they could get by with maybe 20 addresses, at most.
Yup, connect your laptop on campus and you have an internet routable address.
There is lots of address waste.
Similar to global warming, deniers have had their heads in the sand too, too long, and they are now getting kicked in the butt.
Hurricane Electric says that as of today, APNIC has ~ 11 Million IP addresses. Am I missing something?