Slashdot Mirror
North America Runs Out of IPv4 Addresses
DW100 writes: The American Registry for Internet Numbers (ARIN) has been forced to reject a request for more IPv4 addresses for the first time as its stock of remaining address reaches exhaustion. The lack of IPv4 addresses has led to renewed calls for the take-up of IPv6 addresses in order to start embracing the next era of the internet.
The sky is falling!
The sky is falling!
It hit me on the head! *OW! NOT THAT ONE!*
"Runs out".
Yeah. Okay. And how many companies are sitting on vast blocks that are only partially tapped?
This isn't so much an issue of lack (though at some point it'll become that).
It's an issue created by how assignment of address blocks was and is managed.
Chas - The one, the only.
THANK GOD!!!
Everyone I know just uses 127.0.0.1. What do we need all these new ones for?
Comcast Business, which only got me dynamic ipv6 a couple months ago, and still haven't gotten around to static allocations to match my static v4 allocation. Also, a lot of people's home routers. But mostly apathy.
Watch for Penguins, they eat Apples and throw rocks at Windows.
I'm only using 8 addresses out of my 192.168.1.1/24 class C block, I could probably be talked into auctioning off the other 240+ addresses. Call me, maybe?
these companies (which I'd love to name) missed the boat when IPv4 address costs (for sale) was highest and are actually waiting for this next "crisis" in hopes that they can get billions for Class A nets (these companies date back to "the beginning" and the use their Class A addresses for non-Internet facing internal addressing (that is they are wasting the addresses) simply because they lack the skills to change).
IBM has the technical know-how to stop using routable addresses internally, but their class A is part of their culture. I imagine the same is true for other class A holders.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Meh.
Whatever.
Never answer an anonymous letter. - Yogi Berra
My cell phone has been on IPv6 for years. Everything I have is ready for the conversion. What is holding it up?
There is a small interesting detail about IPv6 that is almost never mentioned. An IPv6 address counts 128 bits. Typically the "top" 64 bits are provided by your ISP and will be used to route the packets through the Internet. The 64 remaining LSb have to be unique within the subnet (typically a LAN), and usually these 64 bits are made from the MAC address of the interface linked to this IPv6 address (padded if 48 bits). That means for instance that knowing your IPv6 address, someone is likely to know also your MAC address (of the device used), that is usually the maker/configurator of the NIC (eg Apple, MS ...). And if the shop where you bought the device keep track of your MAC address - like Apple for instance - they may be able to identify you precisely, based on your IPv6 address (eg when you access their web site).
Slashdot, fix the reply notifications... You won't get away with it...
A lot of people rely on NAT for simple security and get scared when faced with IPV6's global addressing.
securing IPV6 networks is not so straight forward and often requires site specific approaches that are beyond a lot of home users or small businesses.
its a good thing to run firewalls on everything but its also pain.
I can see there being some crazy security breaches and much confusion during the changeover, as a tester every network product i've tested
has had a test plan for ipv6 that gets de-prioritised to the bottom because 'nobody is using ipv6 yet' and its hard to find people who know about it.
[site]
It's correct to use assigned addresses for internal hosts. The point is they're unique — you can set up a tunnel between any two organisations, or merge two networks, and not have to renumber things because both were using 10/8.
The cost to renumber and use their assignment more efficiently would be huge, similar to the cost to move to IPv6 but with little gain.
Get off my internet!
My cell phone has been on IPv6 for years. Everything I have is ready for the conversion. What is holding it up?
Suckage.
I recently disabled IPv6 on my router because too many sites were slow loading. It was particularly bad with Wikipedia, which usually just timed out after a few minutes. OTOH, IPv4 works fine for the same sites.
I don't know where the trouble is, Wikipedia or my ISP (U-Verse) or somewhere in between or some problem with my computer... but in its current state, I can't endorse switching.
All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
Start?
No, it wasn't. It was predicted that IANA would soon run out of blocks to hand out to the regional registries unless allocation policies were tightened up. They were tightened, but in spite of that, it ran out in 2011. IANA was last predicted to ruin out on July 5th this year. They almost made it.
For that reason, only Africa has addresses to hand out now, but that will be exhausted in just a couple years.
Good luck trying to scan an ipv6 range... /64, even scanning every host there for a single port would take a LONG time.
The smallest subnet is a
IPv6 works fine with VPN software, even ipsec was originally a part of ipv6 and cruftily backported to ipv4... Infact, you can use ipsec properly (ie end to end without kludges like l2tp) with ipv6. The problems published recently were due to short sighted vpn providers who completely ignore the existence of ipv6. If they provided dual stack connectivity over their vpn then there wouldn't have been a problem.
Bugs could still be found in ipv4 stacks too (and are still being found), on the other hand ipv6 is much newer and addresses some of the weaknesses of ipv4.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Every couple of weeks or so, I turn off V4 to see what happens. /. is one of the sites that I can't reach when I do.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
It wasn't crying wolf, at that time the growth was amazing and the policies for handing out IPs were much looser. They also didn't factor in for the facts that the policies would be changed and people would NAT NAT as Xzibit hadn't yet taught us about doing things while we're doing things. If NAT hadn't become so common we would have run out of IP addresses a very long time ago.
If they hadn't "cried wolf" then, I can only imagine how long ago we would have hit this point as we wouldn't have made adjustments to practices to push it into the future.
It's amazing how many morons will see that the rate at which a massive problem is coming is slower than anticipated and conclude that it's not a real problem. It's usually better to err on the side of caution and expedience as you rarely do things to quickly with regards to large problems.
They only managed token ring wraiths, though.
The real picture is that IP addresses are allocated hierarchically and there are multiple entities at all levels except the root, all of which run out separately.
IANA (the root of the tree, the people who allocate addresses to the regional registries) ran out of /8s in Feb 2011. The regional registries (there are five of them; these are the people that allocate addresses to ISP) have their allocated pools of /8s which ran out at different times: APNIC ran out in Apr 2011 (that's the story you linked), RIPE in 2012, LACNIC in 2014 and ARIN just now. (AFRINIC still has a few years to go, although they won't if everybody tries to get their addresses from there.)
Then there are the ISPs, who allocate addresses to their customers. ISPs will tell you that "we have plenty of addresses left" -- except the ones who don't -- but at some point all ISPs (or perhaps more importantly, your ISP) are going to move into the "don't" category.
And finally, ISP customers (i.e. you) allocate addresses to networks. Except you've probably never experienced this, because we've been short on v4 addresses for long enough that many ISPs don't (can't) give you enough IPs for your networks, and haven't for years and years. You probably grew up with this and consider it normal; it's not.
I don't know when you're going to go from "we seem to be trucking on just fine" to realizing that we have a problem -- I'd say we already do, since lots of people waste lots of time and money due to NAT, but perhaps for you it'll take your ISP giving you an RFC 1918 address on your upstream before you realize. Or maybe you have infinite time and money and don't mind the headaches caused by many layers of NAT and all the workarounds needed to deal with them, and you don't mind paying programmers to write workarounds into software, and you don't care about all the things we could've had if the internet had been up to providing them. But hopefully I've shed some light on the highly-complicated reality of "guy A allocates to guy B who allocates to guy C".
So every address at IBM is in a routable block? That's not only extravagant, it's blindingly insecure.
Yes, I'm sure that there are firewalls and routing tables that ignore attempts to address the internal 9.x.x.x addresses from the outside, but still, it would be so easy to screw that up. At least with private addressing, you have an entire extra layer of difficulty for people who want to get at your internal networks remotely and more importantly, it defaults to not being routable, even if accidentally exposed somehow.
Oh well. I'm sure IBM has it all under control. (Sells all IBM stock immediately). :)
My cell phone has been on IPv6 for years. Everything I have is ready for the conversion. What is holding it up?
Suckage.
I recently disabled IPv6 on my router because too many sites were slow loading. It was particularly bad with Wikipedia, which usually just timed out after a few minutes. OTOH, IPv4 works fine for the same sites.
I don't know where the trouble is, Wikipedia or my ISP (U-Verse) or somewhere in between or some problem with my computer... but in its current state, I can't endorse switching.
I actually see alot of this. Customers complaining about slow surf, and these days, that's one of two things - A. Capacity B. Bad IPv6 routing. Since v6 is preferred, if the v6 path is bad, it'll take awhile to time out before it falls back to ipv4, and looks alot like network latency.
A large part of the problem is that companies are defining AAAA DNS records without making sure that their upstream provider has actually gotten their v6 routing in shape, but even the ones that have done that doesn't help when the end user is connected to a network that isn't directly connected to their destination, and the end users provider doesn't have their v6 routing in shape.
The real holdup, however, are the end user networks. Most of them simply aren't built to be accessible over ipv6. It's possible for the ISP's to provide entirely transparent v6 connectivity to it's end users, but if the places they're trying to go isn't v6 capable, that engineering has gone to waste. It's still wise to do it, as a migration to v6 is inevitable, but it's hard to justify the money making it right.
Unfortunately, I suspect that most folks will simply try and use stopgap measures. Carrier grade NAT, transparent gateway proxying, etc.
Eventually there will come a point where someone smart will say 'you know, we're spending alot of time and effort and adding more points of failure to the network to try and keep this legacy connectivity alive. It will actually simplify operations if we just go ipv6 native'.
If you're smart, and you have the opportunity to build out a network in this time and place, you do it dual stacked, and treat ipv6 connectivity as seriously as you treat ipv4 connectivity.
If you think "routable" and "insecure" are synonyms, you're going to have a hell of a time with IPv6