Slashdot Mirror
North America Runs Out of IPv4 Addresses
DW100 writes: The American Registry for Internet Numbers (ARIN) has been forced to reject a request for more IPv4 addresses for the first time as its stock of remaining address reaches exhaustion. The lack of IPv4 addresses has led to renewed calls for the take-up of IPv6 addresses in order to start embracing the next era of the internet.
The sky is falling!
The sky is falling!
It hit me on the head! *OW! NOT THAT ONE!*
"Runs out".
Yeah. Okay. And how many companies are sitting on vast blocks that are only partially tapped?
This isn't so much an issue of lack (though at some point it'll become that).
It's an issue created by how assignment of address blocks was and is managed.
Chas - The one, the only.
THANK GOD!!!
EMBARCE! EXTNED! EXTNIGUISH!
Everyone I know just uses 127.0.0.1. What do we need all these new ones for?
Comcast Business, which only got me dynamic ipv6 a couple months ago, and still haven't gotten around to static allocations to match my static v4 allocation. Also, a lot of people's home routers. But mostly apathy.
Watch for Penguins, they eat Apples and throw rocks at Windows.
I'm only using 8 addresses out of my 192.168.1.1/24 class C block, I could probably be talked into auctioning off the other 240+ addresses. Call me, maybe?
Maybe after twenty years, companies will get around to fully supporting IPv6.
(That, or they'll start abusing the shit out of NAT.)
these companies (which I'd love to name) missed the boat when IPv4 address costs (for sale) was highest and are actually waiting for this next "crisis" in hopes that they can get billions for Class A nets (these companies date back to "the beginning" and the use their Class A addresses for non-Internet facing internal addressing (that is they are wasting the addresses) simply because they lack the skills to change).
IBM has the technical know-how to stop using routable addresses internally, but their class A is part of their culture. I imagine the same is true for other class A holders.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Meh.
Whatever.
Never answer an anonymous letter. - Yogi Berra
My cell phone has been on IPv6 for years. Everything I have is ready for the conversion. What is holding it up?
There is a small interesting detail about IPv6 that is almost never mentioned. An IPv6 address counts 128 bits. Typically the "top" 64 bits are provided by your ISP and will be used to route the packets through the Internet. The 64 remaining LSb have to be unique within the subnet (typically a LAN), and usually these 64 bits are made from the MAC address of the interface linked to this IPv6 address (padded if 48 bits). That means for instance that knowing your IPv6 address, someone is likely to know also your MAC address (of the device used), that is usually the maker/configurator of the NIC (eg Apple, MS ...). And if the shop where you bought the device keep track of your MAC address - like Apple for instance - they may be able to identify you precisely, based on your IPv6 address (eg when you access their web site).
Slashdot, fix the reply notifications... You won't get away with it...
A lot of people rely on NAT for simple security and get scared when faced with IPV6's global addressing.
securing IPV6 networks is not so straight forward and often requires site specific approaches that are beyond a lot of home users or small businesses.
its a good thing to run firewalls on everything but its also pain.
I can see there being some crazy security breaches and much confusion during the changeover, as a tester every network product i've tested
has had a test plan for ipv6 that gets de-prioritised to the bottom because 'nobody is using ipv6 yet' and its hard to find people who know about it.
[site]
It's correct to use assigned addresses for internal hosts. The point is they're unique — you can set up a tunnel between any two organisations, or merge two networks, and not have to renumber things because both were using 10/8.
The cost to renumber and use their assignment more efficiently would be huge, similar to the cost to move to IPv6 but with little gain.
Get off my internet!
My cell phone has been on IPv6 for years. Everything I have is ready for the conversion. What is holding it up?
Suckage.
I recently disabled IPv6 on my router because too many sites were slow loading. It was particularly bad with Wikipedia, which usually just timed out after a few minutes. OTOH, IPv4 works fine for the same sites.
I don't know where the trouble is, Wikipedia or my ISP (U-Verse) or somewhere in between or some problem with my computer... but in its current state, I can't endorse switching.
All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
No, it wasn't. It was predicted that IANA would soon run out of blocks to hand out to the regional registries unless allocation policies were tightened up. They were tightened, but in spite of that, it ran out in 2011. IANA was last predicted to ruin out on July 5th this year. They almost made it.
For that reason, only Africa has addresses to hand out now, but that will be exhausted in just a couple years.
Good luck trying to scan an ipv6 range... /64, even scanning every host there for a single port would take a LONG time.
The smallest subnet is a
IPv6 works fine with VPN software, even ipsec was originally a part of ipv6 and cruftily backported to ipv4... Infact, you can use ipsec properly (ie end to end without kludges like l2tp) with ipv6. The problems published recently were due to short sighted vpn providers who completely ignore the existence of ipv6. If they provided dual stack connectivity over their vpn then there wouldn't have been a problem.
Bugs could still be found in ipv4 stacks too (and are still being found), on the other hand ipv6 is much newer and addresses some of the weaknesses of ipv4.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Poppycock. Best thing is for these companies, such as att, to keep holding them. We need to move off ipv4. Now, we have more and more incentives to do so.
I prefer the "u" in honour as it seems to be missing these days.
Are you saying that IPv6 address can not be placed behind a firewall? Just because it's a publicly addressable block doesn't mean it can't be firewalled off. There are entire companies running on 'real' ipv4 addresses right now that can't just be nmaped because they are secured with a firewall. NAT is not required to create that curtain, proper network security (firewall, acls, gateways, routing, etc) is.
The rest of it, well i'm not expert so I can't comment.
But why can't we just get major ISPs to start handing out ipv6 addresses for external communication and just use ipv6 to ipv4 nat technology internally?
The way it MIGHT work is that ARIN would take the 3 block and in a controlled manner that won't break anything convert it into a bunch of /9 through /16 or even smaller blocks based on what GE is currently using. It would give GE a short period of time - maybe 30-90 days - to justify why it should be able to keep the blocks it is not currently using. If they give a good reason, they keep them. If they give no reason ("we have plans to use them in the next year, we'll show them to you if you sign an NDA" would be a good reason), they lose them. If they give a lame reason then it goes to some dispute resolution, effectively allowing GE to keep them for the duration of the dispute process.
Frankly, I'm surprised that ARIN didn't foresee this ages ago and ORDER anyone with a block bigger than, say, /12, to attempt to split up their address range, consolidate if practical, and return any unused blocks that were /16 or bigger. If this had been done, say, 10 years ago the process could have been be repeated 5 years ago but with the order applying to anyone with a range bigger than /16 to split, consolidate, and return any /25 or larger unused block. A year ago the same order could go out to everyone with a block bigger than /24 with an order for them to return all unused /24 blocks. I don't know if it's feasible for blocks smaller than a /24 to be handled by ARIN, but if it is, then they should start requesting those ultra-small blocks as well.
Oh well.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
So you mean that, soon, Microsoft will have purchased a lot of useless IPv4 addresses while everybody will have moved to IPv6...
Slashdot, fix the reply notifications... You won't get away with it...
Gentlemen... Gentlemen.... We can all share!
Every couple of weeks or so, I turn off V4 to see what happens. /. is one of the sites that I can't reach when I do.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
If it is any consolation, we are usually bitching about how the 9 is slow....
Never answer an anonymous letter. - Yogi Berra
It wasn't crying wolf, at that time the growth was amazing and the policies for handing out IPs were much looser. They also didn't factor in for the facts that the policies would be changed and people would NAT NAT as Xzibit hadn't yet taught us about doing things while we're doing things. If NAT hadn't become so common we would have run out of IP addresses a very long time ago.
If they hadn't "cried wolf" then, I can only imagine how long ago we would have hit this point as we wouldn't have made adjustments to practices to push it into the future.
It's amazing how many morons will see that the rate at which a massive problem is coming is slower than anticipated and conclude that it's not a real problem. It's usually better to err on the side of caution and expedience as you rarely do things to quickly with regards to large problems.
That was IANA running out of blocks to hand out to the RIRs such as ARIN.
Now, since it can't get any more, ARIN has also run out. The remainder are held by corporations and individuals and they have no obligation to hand them over.
Look at the massive amount of IPs that Amazon and Microsoft use for their cloud solutions. If AWS actually supported IPv6 properly, people could start migrating. Last I checked, Amazon didn't even offer IPv6 as an option for their DNS services.
ISPs are starting to move on IPv6, and now we need the big hosting companies to step up. Today, that's mostly cloud providers.
MidnightBSD: The BSD for Everyone
They only managed token ring wraiths, though.
No that broke the internet 20 years ago, lets not go back. Major firewalls have no ability to NAT ipv6.
No sir I dont like it.
The real picture is that IP addresses are allocated hierarchically and there are multiple entities at all levels except the root, all of which run out separately.
IANA (the root of the tree, the people who allocate addresses to the regional registries) ran out of /8s in Feb 2011. The regional registries (there are five of them; these are the people that allocate addresses to ISP) have their allocated pools of /8s which ran out at different times: APNIC ran out in Apr 2011 (that's the story you linked), RIPE in 2012, LACNIC in 2014 and ARIN just now. (AFRINIC still has a few years to go, although they won't if everybody tries to get their addresses from there.)
Then there are the ISPs, who allocate addresses to their customers. ISPs will tell you that "we have plenty of addresses left" -- except the ones who don't -- but at some point all ISPs (or perhaps more importantly, your ISP) are going to move into the "don't" category.
And finally, ISP customers (i.e. you) allocate addresses to networks. Except you've probably never experienced this, because we've been short on v4 addresses for long enough that many ISPs don't (can't) give you enough IPs for your networks, and haven't for years and years. You probably grew up with this and consider it normal; it's not.
I don't know when you're going to go from "we seem to be trucking on just fine" to realizing that we have a problem -- I'd say we already do, since lots of people waste lots of time and money due to NAT, but perhaps for you it'll take your ISP giving you an RFC 1918 address on your upstream before you realize. Or maybe you have infinite time and money and don't mind the headaches caused by many layers of NAT and all the workarounds needed to deal with them, and you don't mind paying programmers to write workarounds into software, and you don't care about all the things we could've had if the internet had been up to providing them. But hopefully I've shed some light on the highly-complicated reality of "guy A allocates to guy B who allocates to guy C".
Same with Comcast. I tried for a years actually, but some things were too slow. Ubuntu and Debian repos in particular were painfully slow, even on my VMs on linode, digital ocean, and prgmr. I ended up having the servers force IPv4 for them when their IPv6 servers went down for days. Speed and latency on IPv6 have gotten much worse over the last couple years in my experience.
Also, it appears Android doesn't play nice with IPv6. It basically silently drops the connection eventually (I'm guessing it stops listening for the RA broadcasts), and push notifications fail. Happens on Samsung devices and my Nexus 6. So it's reliable either push notifications and low latency site loading, or use IPv6. I finally bit the bullet and disabled IPv6 on the router and all my issues went away.
It's even better than IPv4 with NAT since it will actually rotate in new random IP addresses every so often (every hour or so). That means that your source IP will change over time which makes tracking harder.
My cell phone has been on IPv6 for years. Everything I have is ready for the conversion. What is holding it up?
Suckage.
I recently disabled IPv6 on my router because too many sites were slow loading. It was particularly bad with Wikipedia, which usually just timed out after a few minutes. OTOH, IPv4 works fine for the same sites.
I don't know where the trouble is, Wikipedia or my ISP (U-Verse) or somewhere in between or some problem with my computer... but in its current state, I can't endorse switching.
I actually see alot of this. Customers complaining about slow surf, and these days, that's one of two things - A. Capacity B. Bad IPv6 routing. Since v6 is preferred, if the v6 path is bad, it'll take awhile to time out before it falls back to ipv4, and looks alot like network latency.
A large part of the problem is that companies are defining AAAA DNS records without making sure that their upstream provider has actually gotten their v6 routing in shape, but even the ones that have done that doesn't help when the end user is connected to a network that isn't directly connected to their destination, and the end users provider doesn't have their v6 routing in shape.
The real holdup, however, are the end user networks. Most of them simply aren't built to be accessible over ipv6. It's possible for the ISP's to provide entirely transparent v6 connectivity to it's end users, but if the places they're trying to go isn't v6 capable, that engineering has gone to waste. It's still wise to do it, as a migration to v6 is inevitable, but it's hard to justify the money making it right.
Unfortunately, I suspect that most folks will simply try and use stopgap measures. Carrier grade NAT, transparent gateway proxying, etc.
Eventually there will come a point where someone smart will say 'you know, we're spending alot of time and effort and adding more points of failure to the network to try and keep this legacy connectivity alive. It will actually simplify operations if we just go ipv6 native'.
If you're smart, and you have the opportunity to build out a network in this time and place, you do it dual stacked, and treat ipv6 connectivity as seriously as you treat ipv4 connectivity.