North America Runs Out of IPv4 Addresses

DW100 writes: The American Registry for Internet Numbers (ARIN) has been forced to reject a request for more IPv4 addresses for the first time as its stock of remaining address reaches exhaustion. The lack of IPv4 addresses has led to renewed calls for the take-up of IPv6 addresses in order to start embracing the next era of the internet.

People are scared of IPV6

[amias]

A lot of people rely on NAT for simple security and get scared when faced with IPV6's global addressing.
securing IPV6 networks is not so straight forward and often requires site specific approaches that are beyond a lot of home users or small businesses.

its a good thing to run firewalls on everything but its also pain.

I can see there being some crazy security breaches and much confusion during the changeover, as a tester every network product i've tested
has had a test plan for ipv6 that gets de-prioritised to the bottom because 'nobody is using ipv6 yet' and its hard to find people who know about it.

Re:People are scared of IPV6

[Bert64]

All the routers i've seen implement statefull filtering on ipv6 and allow all outbound and no inbound (except traffic related to an outbound connection) by default, which is functionally identical to their ipv4 nat implementation.

Re:Privacy?

[kc9jud]

...and usually these 64 bits are made from the MAC address of the interface linked to this IPv6 address (padded if 48 bits).

I think what you're looking for is RFC 4941, Privacy Extensions for Stateless Address Autoconfiguration in IPv6:

This document describes an extension to IPv6 stateless address autoconfiguration for interfaces whose interface identifier is derived from an IEEE identifier. Use of the extension causes nodes to generate global scope addresses from interface identifiers that change over time, even in cases where the interface contains an embedded IEEE identifier. Changing the interface identifier (and the global scope addresses generated from it) over time makes it more difficult for eavesdroppers and other information collectors to identify when different addresses used in different transactions actually correspond to the same node.

Re:Wasn't this originally predicted

[sjames]

No, it wasn't. It was predicted that IANA would soon run out of blocks to hand out to the regional registries unless allocation policies were tightened up. They were tightened, but in spite of that, it ran out in 2011. IANA was last predicted to ruin out on July 5th this year. They almost made it.

For that reason, only Africa has addresses to hand out now, but that will be exhausted in just a couple years.

Re:It's the end of the world as we know it!

Yeah. Okay. And how many companies are sitting on vast blocks that are only partially tapped?

Almost none, except for companies that have been grandfathered in from the beginning of the Internet. ICANN cannot legally touch those. It would cost those companies a lot of man hours to remove those IPs, potentially months, and even after those months of work, the number of IPs returned would only last a few weeks.

The only way to efficiently make use of the IP addresses is to be less wasteful, which means smaller subnets, which means more routes. We're already bumping up against the limit for the number of routes core routers can handle. The whole point of large wasteful blocks is to make management and routing more efficient.

You propose to fix a problem by making other worse problems.

Re:It won't work that way

Frankly, I'm surprised that ARIN didn't foresee this ages ago

They did, we've been hearing the sky is falling for almost 10 years now.

Re:Cell phone uses IPv6

[Drakonblayde]

My cell phone has been on IPv6 for years. Everything I have is ready for the conversion. What is holding it up?

Suckage.

I recently disabled IPv6 on my router because too many sites were slow loading. It was particularly bad with Wikipedia, which usually just timed out after a few minutes. OTOH, IPv4 works fine for the same sites.

I don't know where the trouble is, Wikipedia or my ISP (U-Verse) or somewhere in between or some problem with my computer... but in its current state, I can't endorse switching.

I actually see alot of this. Customers complaining about slow surf, and these days, that's one of two things - A. Capacity B. Bad IPv6 routing. Since v6 is preferred, if the v6 path is bad, it'll take awhile to time out before it falls back to ipv4, and looks alot like network latency.

A large part of the problem is that companies are defining AAAA DNS records without making sure that their upstream provider has actually gotten their v6 routing in shape, but even the ones that have done that doesn't help when the end user is connected to a network that isn't directly connected to their destination, and the end users provider doesn't have their v6 routing in shape.

The real holdup, however, are the end user networks. Most of them simply aren't built to be accessible over ipv6. It's possible for the ISP's to provide entirely transparent v6 connectivity to it's end users, but if the places they're trying to go isn't v6 capable, that engineering has gone to waste. It's still wise to do it, as a migration to v6 is inevitable, but it's hard to justify the money making it right.

Unfortunately, I suspect that most folks will simply try and use stopgap measures. Carrier grade NAT, transparent gateway proxying, etc.

Eventually there will come a point where someone smart will say 'you know, we're spending alot of time and effort and adding more points of failure to the network to try and keep this legacy connectivity alive. It will actually simplify operations if we just go ipv6 native'.

If you're smart, and you have the opportunity to build out a network in this time and place, you do it dual stacked, and treat ipv6 connectivity as seriously as you treat ipv4 connectivity.