IP Address Shortage

webslacker wrote in to send us a news.com story that talks about the upcoming IP Address Shortage. Talks about IPv6 and other related topics. Nothing phenomonal, but its interesting... how many class C's do we have left anyway?

Only 10% of the IP addresses are used?

Hi!

I read an article in a magazine where the author wrote that only 10% of all available ip addresses are used, and that they would last another ten years.

//Ludde

Re:Only 10% of the IP addresses are used?

Lots of people are now granted CIDR blocks
instead of Class A/B/C networks, as has been
pointed out. But the problems of classed IP
addresses still persists because there is a
lot of archaic hardware running older networks.
I know people still using "the big tan CISCOs".
Moreover a good portion of IP subnets are being
administered by someone who either doesn't know
what they are doing, is too lazy to do it right,
or is too overworked to waste time "cleaning up".

Re:Only 10% of the IP addresses are used?

The way I heard it, router memory is a big bottleneck. Most ISPs want to be multihomed (because most backbone providers suck, and relying on just one would be dumb), so each major router is serving a fairly random collection of networks. Those networks can't be divided too finely or the memory and horsepower to remember all your peers' routes are overwhelming. IIRC Sprint won't directly serve a network smaller than /21 (8 continuous class Cs) for this reason.

Re:Only 10% of the IP addresses are used?

> In fact, that is EXACTLY the problem. There are
> really only 3 levels of address allocation --
> class C (2**8 addresses), class B (2**16
> addresses) and class A (2**24 addresses)

Classed addressing was replaced in 94/95 with CIDR (Classless Inter-Domain Routing) None of this is relevant/correct now.

-- Britt

Re:Only 10% of the IP addresses are used?

[ShadowBlade]

That may be true, but since the addresses are allocated in blocks (classes), the address space is sparse. If somebody has a class C block (256 addresses), and they only have 10 machines, the rest of the IP addresses in that block are wasted. The problem gets worse when you look at class A and B blocks. Most companies can get by using the private IP address blocks (ie, 10.x.x.x) and only assigning other IP addresses to machines that really need to have an external presence on the internet. Then just have the firewall do IP masquerading. This is IMHO a worse waste of IP addresses, as these addresses are truly unused on the internet.

Re:Only 10% of the IP addresses are used?

[jtn]

No, "classful" thinking isn't used anymore. Nobody cares about the old classful boundries anymore. The seperation between the network bits and host bits in a 32-bit IP address can be shifted up and down, between the first and last bits.

Re:Only 10% of the IP addresses are used?

[xyzzy]

I think you'll find that a lot of ISPs still deal out addresses out of THEIR pool in blocks that still largely resemble these old blocks. And the point remains: Many organizations are allocated vastly more address space than they utilize. Each extra bit in your block, whether it's on an octet boundary or not, doubles your space.

Also, the orgs that have the large class As were given them waaaaayyy back before CIDR.....

Re:Only 10% of the IP addresses are used?

[xyzzy]

In fact, that is EXACTLY the problem. There are really only 3 levels of address allocation -- class C (2**8 addresses), class B (2**16 addresses) and class A (2**24 addresses) (or so).

Way back when, most companies would just grab a class B, thinking "gee, I'll probably have more than 256 machines, the class B will give me room to grow". Of course, they only have maybe 1024 machines, so most of their address space ends up empty.

This has GOT to be the case with Ford, Eli Lilly, Merck, Mercedes Benz, and Prudential. I say we revoke their class As!

Re:Only 10% of the IP addresses are used?

[Gid1]

You'll also find that most of the big commercial class 'A' users have slapped up big firewalls and proxies anyway, so NATting the lot of them would not reduce their functionality.

Revoke the whole lot of them, if you ask me, and then let them deal with it.

I may be wrong, but I seem to remember that some of the authors of those RFCs and documents which discusses CIDR as an approach to solving the shortage were from Class-B users themselves.

Re:Only 10% of the IP addresses are used?

[Jburkholder]

Right! Its the same with NPA's (area codes) - Nxx ranges, the 3 digits after the area code, are handed out to individual carriers with the associated 10,000 line numbers (NPA-NXX-nnnn).

This was fine when you only had one Phone Company. Now you have cell, pager, competitive local carriers, cable companies, etc that all want blocks of access lines, which are handed out in 10,000 chunks because of the 'adressing scheme'.

Never mind that some of these companies never sign up more than 500 customers, that whole 10,000 block is unavailable for use by anyone else. When you run out of nxx es, you add another npa, the total saturation of access numbers in the old area code may only be 40%, but you are out of new nxx ranges to assign.

What to do?

a) make the address scheme have more/bigger nodes? How bout a 4 digit area code, a 4 digit nxx and a 5 digit line number? No thanks. Or, add a region code that corresponds to the Bell service areas that is prepended to the NPA? Yuk. Now you gotta change all the switching infrastructure and customer terminals (pagers, cellphones, kitchen phones) to handle this.

b) You break the adressing scheme to sub-divide the 10,000 ranges through a proposal called 'pooling'. You hand numbers out in, say, 1000 chunks instead of 10,000. Now, you have some changes in the network, but this is largely software. End-user terminals are still able to use the 10-digit number.

There must be a very valid technical reason why this can't be applied to the IP network or someone much smarter than me would have come up with the idea long before now!

Sure the class-A node points to its owner, you say? So does the nxx in today's phone network. The guys with the bell-shaped heads (hey, I'm one!) are working on figuring out how to break this rule. Yes, its a massive undertaking, but a lot better than some of the alternatives (sorry, you can't have a phone number for your toaster, we're all out of numbers!)

Re:Only 10% of the IP addresses are used?

[BIFFSTER]

Uh, this is bullshit, and has been so for the past coupla years.

CIDR lets you allocate along bit boundaries; the modern notation for a class of addresses is 1.2.3.4/5, where 5 is the number of bits in the bitmask. 8 is equiv to class A, 16 to B, and 24 to C.

We're not in danger of running out anytime soon, but we'll have to adopt IPv6 if we want internet toasters to be commonplace. (Then we'll get to look forward to "somebody hax0r3d my refrigerator, man!"

BIFFSTER, network perfesshunal

Re:Only 10% of the IP addresses are used?

[Trojan]

Besides the unused empty space of which there is a lot: even if you are somehow able to use all of that, 10% used space now means there's only room for 3 doublings, and do you really think the internet will only double in size 3 times over the next 10 years?

No kidding

Who WANTS to have their fridge on the Internet??? Just what I want, somebody hacking my fridge and defrosting all my frozen food. Blah. ;-) Setup NAT behind a firewall and you are all set.

IPv6

Does IPv6 use 32-bit port numbers, or 16-bit as in the current version of the IP protocol?

/Ludde

Re:IPv6

Um, IPv4 uses 32-bit addresses, not 16. Furthermore, IPv6 uses 128-bit addresses.

Re:IPv6

I was talking about port numbers, not ip addresses.
/Ludde

Re:IPv6

Yes, I noticed after replying. Sorry.

Re:IPv6

[cnvogel]

Connections are limited by distinct quads of
remaddr,remport,locaddr,locport, so this will be 2^96 simultaneous connections...

Re:IPv6

[Cid+Highwind]

hopefully 32 bits, I'm getting sick of being limited to a paltry 64,000 simultaneous connections!

How many class C's left?

Yeah. We're running kind of low. My dorm only has 200-some-off class C's left (my dorm has a class B, of which it uses 2 class Cs; my school has a class A).

It's not really a matter of IP-number shortage. It's more inefficent allocation.

Either way, IPv6 sucks. My school goes from being 18.* to 0.18.*. We gain IPs, but loose IP-share.

Re:How many class C's left?

[Fastolfe]

I don't understand the "18.*" to "0.18.*".. and yes, of course the percentage of global address space assigned to a particular entity will go down when the total number of global addresses goes up. IPv6 sucks because of that?

Did I miss something?

Re:Protocols

it can become confusing if you don't centralize the management of this resource internally.

That's what DCHP servers are for! It's amazing how many people are getting upset about problems that were solved by the internet community years ago...

Re:Internal numbering?

You can still remote control them, if you set up an explicit port map in your gateway/firewall/whatever...

So really, the only thing you can't do if your using NAT or IP Masquerading is ping from outside the firewall, which is a big "who cares?" in my book...

Lets hear something new

This spiel has been propagated over and over again for the past several years. The fact of the matter is that there is really no shortage of addresses out there. Its used as a tactic to try to scare people into adopting IPv6 now rather than later.

I run a web hosting business. While I do a lot of virtual hosting on shared IP's, I do have need of real IP addresses. UUNet is pretty good about giving out class C's. The guy I spoke to at UUNet said "Sure, we can give you more /24's. We have tons of them. You just need to prove that you are using 50% of your current capacity to receive more".

Don't believe all of the hype...

Re:Fire Insurance, Fire Detector, Firewall

If you need to get at something from outside your house just use IP masquerading and port forwarding..still a lot better than each gadget having its own IP address..

Daniel

Re:Address classes have been gone for a while...

Oh yeah, the other thing that CIDR does is to help shrink the size of the routing tables. Right now they are around 50,000 entries, which is pretty much filling up the caches on most of the core routers (this according to research friends w/ grants from Sprint Nortel etc...) As long as CIDR gets used correctly this shouldn't be a problem...

And thus we should be ok for IPs for the time being.

-- Britt ( britt@bolen.com )

Re:Address classes have been gone for a while...

Right, I just wanted to point out that these things are not fixed at /24 or /16 now either, they can be any length you want.

I'm currently sitting on a /16 140.247.*.*

-- Britt

notation

18.* means class A beginning with 18. 0.18.* is the IPv6 equivalent of a class B starting with 0.18. Generally * means "anything/everything."

The sucking part was a joke. There was just some coolness factor with controlling 1/255th of the Internet that we loose.

Re:notation

Yeah. I should be more clear when I'm kidding I guess. We do have 18.* right now. When IPv6 rolls around, we'll have 1/65535th of the IP space. I should get more sleep before posting.

Re:notation

[Fastolfe]

I'm aware of what * is, but how is 0.18 network an IPv6 equivalent to the IPv4 18 network?

The 18 class A represented in IPv6 would look like 0:0:0:0:0:0:18.x.y.z (or ::18.x.y.z) or 0:0:0:0:0:ffff:18.x.y.z (or ::ffff:18.x.y.z), but chances are, your school's "new" IPv6 assignment will probably be a "real" IPv6 assignment and won't start with 0.18 or look like the IPv4-embedded addresses above.

Or were you just picking random numbers here? I'm getting the feeling that I'm taking what you said a bit more seriously than you meant it. Heh. If so, I apologize. I guess I'm just confused.

But yah, I sympathize with you losing your 1/255 status. :)

Re:This again?

This could be even better than the Y2K bug or the 2038 Unix "doomsday"

Registries = liars

ARIN and the other registries have thrown around several deadlines for when they're going to start offerring IPv6 addresses.

When asked specific questions about what the hold-ups are and whether you all are really ready, the registries people have always painted a picture of roses and tulips. Of course ARIN is ready! Of course the software is *perfect*. Of course all the bugs are worked out. Flat-out lies.

And dates have come and gone, with no addresses assigned.

But think about this for a minute: Okay, so the registries have assigned no addresses, and the community has assigned a bunch of addresses. The registries don't have any control over the routing, and the community has control over the routing. Hmm. I see a solution. Just ignore the registries altogether!

Re:Registries = liars

[shani]

As I understand it, Jon Postel came to Kim Hubbard (president of ARIN) last summer, and told her that ARIN needs to be ready to allocate IPv6 addresses ASAP.

When I started working at ARIN on 1998-11-23, there were no software requirements, no specs, nothing. Nada. Since then, one other engineer and myself have put together the software to process templates and update our database, provide IPv6 WHOIS functionality, and tools for the IP analysts to interact with the database directly.

As far as I know, no hard dates were ever given out. The biggest hold-up has always been, and continues to be, the IPv6 initial allocation policy. If you notice the complaints about the Class A's having been given out in the early days of IPv4, you may understand that getting allocation policy right actually is important!

Nevertheless, the message from the community has come through loud and clear at the RIPE meeting last week, for instance: "We don't care! Give me address space NOW!!!" So that's what's happening. Ready or not, here it comes.

Oh, a final FYI. There does need to be agreement on routing somewhere. Whether that's through a commercial entity, a government, or an entity like ARIN doesn't matter I suppose. But consider the implications of those three options, and maybe you'll see that we don't do such a bad job after all.

Shane Kerr
Software Engineer
ARIN

IPs are low, allright

There are so few IPs available that ISPs cannot request additional IP addresses unless they can prove that less then %5 of their existing IPs are in use.

I can't wait till we all finally get 64-bit IP addresses.

...and this electron is 207.233.192.121.46.95.201.142...
...and this electron is 207.233.192.121.46.95.201.143...
...and this electron is 207.233.192.121.46.95.201.144...

Re:IPs are low, allright

[gavinhall]

Posted by !ErrorBookmarkNotDefined:

64? IPv6 gets you 128 bits.

-----------------------------
Computers are useless. They can only give answers.

Re:Fire Insurance, Fire Detector, Firewall

Simple. Imagine how cool it would be to hear your toaster say, "You've got mail!" And maybe I wanna web surf while I raid the fridge. :)

Of course, houses would likely be run on a proxy instead of something like static IPs or DHCP. So the arguement about house IPs doesn't hold much water.

Re:Internal numbering?

In the fridge example, my grocery supplier may check the number of eggs I have left to see whether a new shipment needs to be sent out. I may have given permission for my personal trainer, physician, or dietician to check my food consumption or to check the brands of food I'm buying. An ambulance that is rushing me to the hospital may be given permission by my wife to check the contents of the refrigerator cross check that with my medical records, to see if there was any chance of me having an allergic reaction. (If, for example, I were allergic to strawberry jam, they could ask the toaster if any toast had been made in the last 30 minutes.) Through some form of permission marketing I might allow an infomediary to check the contents of my refrigerator in order to use the information to leverage lower prices direct from the manufacturer through pooling. The cooking class I'm taking (or the gourmet web site I am visiting) could find out what ingredients are missing from the dinner I just pieced together through either the days curriculum or some sort of gourmet meal builder. The cleaning company (maid) that I use, could check to see if anything was going bad. If my wife were working late, she could check the contents of the refrigerator and relay to me something that I could cook for myself.

In short, there is a HELL OF A LOT of things that you could do if your refrigerator had some well known API that was internet accessible. And this is only the refrigerator (with one guest appearance by the toaster)! Don't even get me started about electric blankets, toilets, toothbrushes, or lawnmowers....


(Also keep in mind that I limited my discussion to only things that required the appliance to be reachable from the outside in. Which normally requires a single well known IP address.)

Re:There IS a shortage (and some info on IPv6)

Okay, so here's a puzzle for you all to assemble.

1. There's only so much address space to go around
2. Being on the Internet requires address space
(maybe not much, but some)
3. The US considers the ability of customers (both
business and end users) to get on the 'net as
a critical thing to be defended
4. The US government has heavy-handedly been
setting up these new "independent" orgs to
control resources like address space
5. The US government has had a lot of say in what
humans lead such orgs
6. Non US countries are finding that they can't
get resources like addresses, while people in
the US and US ISPs abroad don't have much
trouble.

Re:FreeS/WAN does IPsec fine through firewalls

You can use IPsec to connect two private nets together, if the IPsec tunnel is direct and not mucked with. If there's a NAT in the middle, there are basically two possibilities: either it won't work, or it'll work because your software has a common implementation flaw that lets it be attacked.

The problem with NAT and IPsec is that NAT changes addresses and IPsec has to verify that addresses weren't changed.

Problems Induced by Number Authorities

(not directly related to IP shortage, but very instructional with regard to politics and facts)

Here in the land of the Rising Sun the National Number Authority is really just a stooge of the government (which, in turn, is really just a front for NTT).

Anybody doing caller-pay or MPT bandwidth schedule pricing of internet access has NO PROBLEM getting as many IP addresses as they want.

Anyone with flat-rate pricing of internet access is told that there are not enough IP addresses for them.

Evidence? A telecommunication company (KDD) recently partnered with a cable service provider and spun up cable modem service. Because the Japanese interface to APNIC wouldn't cough up the IP addresses, the veture was forced to use an entirely private IP address network. Second point, the domain name for the cable modem venture was initially domained under KDD. NTT protested to the JPNIC and the MPT!!!! KDD eventually was *FORCED* to change their domain name in mid deployment.

We're talking a teir 1 provider here, not some piss-ant ISP. That's how fscked-up the Japanese internet is. Flat rate *IS* comming to Japan (I keep hearing rumors of wireless flat rate at that!) and NTT had better wake up and smell the coffee, or it's going fall hard when its' time comes.

I understand that the Singapore and China APNIC interface elements are just as screwed up. When are these screwballs in high places going to learn that the Internet isn't entirely Top-Down??

Question: is ipv6 "plug and play".

Can I just walk up to an enternet tap, plug in a computer (next gen capable), assign a next gen ip address and have it work with everybody? Do these new ip addresses only work with each other on their own subnet? Can old ip addressed machines talk with next gen machines?

Re:Question: is ipv6 "plug and play".

IPv6 for clients is plug and pray. You can just drop an IPv6 client on a properly set up IPv6 network and that IPv6 part will just work.

However, first this requires a properly set up IPv6 network. Second, this does not account for other Internet protocols that are most definitely not plug and play at the moment. For example, finding your DNS server, your file server, your mail server, etc., is not yet plug and play. There are protocols to do it, but they're not really deployed.

Re:Question: is ipv6 "plug and play".

[jd]

1. Yes. Actually, the net will assign you the address. The prefix is the prefix for the router at that level, the remainder is the MAC address of your ethernet card. Because of this, you are guaranteed an AUTOMATIC, UNIQUE IP number, wherever you are connected. It'll also find your router, and any other service that can be located by an anycast.

2. Yes, it will work with everybody. See above.

3. They will work with each other, and are routable onto other subnets.

4. An old IP-addressed machine with a dual-stack can talk directly to a next-gen machine, using IPv6. If it only has an old IPv4-only stack, you need a proxy to relabel the packets. Those exist and aren't a problem.

5. One extra point - IPv6 supports Mobile IP and re-addressing. If your computer moves from one router to another WHILST ACTIVE, the new address will be calculated and packets forwarded to it, automatically, during the transition.

ARIN Phantom Menace

This is such BS that there is a shortage. They should be out scaling tickets to the Phantom Menace instead.

Anyone noticed how the US DoD got two class A's last year? As if they don't already have enough space. Yup check it, 214/8 and 215/8. Though I can't blame ARIN for that, IANA did that job.

I am glad I conned NSI into giving me /23 back in '95, and an ASN number as well.

Re:ARIN Phantom Menace

[shani]

What th'!?!? Maybe Al Gore went to IANA with a Secret Service agent and assured the IANA that either two /8's or their brains would be entered in the WHOIS database.

Seriously though, if you look at the curves of IP usage and routing table growth from 1993 or 1994, you'll see that the exponential growth was curbed, even though the Internet has grown significantly since then. That's not an accident.

From my personal point of view, I do get aggrevated that I can't get a static IP from my provider, though. IPv6, take me away!

Re:ARIN Phantom Menace

[smiker]

Anyone noticed how the US DoD got two class A's last year? As if they don't already have enough space. Yup check it, 214/8 and 215/8. Though I can't blame ARIN for that, IANA did that job.

Would it be connected with Joint Technical Command returning 049/8 and 050/8 at the same time. Sounds like they are reorgansing on a better scale. Ho hum.

Re:There is no IP address shortage

I know it's possible, but like you, I have no idea how to do it.

So who has 6.6.6.6? :)

How does one find out who an address or range of addresses is currently allocated to?

Re:So who has 6.6.6.6? :)

[Yiango]

http://www.arin.net/cgi-bin/arinwhois.pl

Army Information Systems Center (NET-YPG-NET)
USAISC, Yuma Proving Ground
Yuma, AZ 85365-9102
US

Netname: YUMA-NET
Netblock: 6.0.0.0 - 6.255.255.255
Maintainer: DNIC

Coordinator:
Cremer, Jeff (JC1306-ARIN) jcremer@YUMA-EMH1.ARMY.MIL
520-328-3443

Record last updated on 26-Sep-98.
Database last updated on 12-May-99 16:14:37 EDT.

Re:So who has 6.6.6.6? :)

[EEEthan]

DAMN! That is pretty evil...

There are lots of IPv6 implementations

There are many more than 3 independent implementations of IPv6. Offhand, I can think of INRIA, KAME, Sun, Mentat, Microsoft Research, Digital/Compaq, IBM, NRL, Cisco, Telebit...

See http://www.ipv6.org for more info.

Re:Y'all must be sysadmins

They don't set themselves up? Perhaps you could grasp the concept of DHCP servers assigning IP addresses in a private IP address spaces (e.g. 10.0.0.0/8) and automatically IP masq'ing addresses in that space? I sure hope so, because that's exactly how we have it set up at work. I haven't touched our IP masquerading setup in two years.

CrackTV

coming soon, to a network near you.

Will require next generation UDP and TCP

Correct. Since the port numbers are at the UDP/TCP level, it will require a next generation UDP and TCP effort to increase the port number space.

Whether or not to revise TCP is an often debated topic in IETF circles. It has undergone a lot of hacky improvements over the years done via options (SACK, large fat pipes, etc) and has some other pieces that were never thought out or implementated properly (like the urgent data pointer). So it could be better. On the other hand, it still seems to do the job.

Re:Classful naming

> Isn't that better than saying "two class C's"?

Not especially, no.

Naw, they're not running out..

I used to work for a large ISP, who had switched upstream providers twice in the last three years. Those providers combined have 50 Class C's assigned to us (according to the ARIN registry), even though we're not using 'em.

You'd figure that they'd unassign them from us so that they could "sell" them to some other company (for a decent coin, too!) but for some reason, they haven't.

Re:But they charge for static IPs!

ISP's aren't charging for numbers, they're charging for the extra resources it takes to be able to route your packets to those numbers no matter where on their network you're plugged in. It takes a small sliver of memory and horsepower for the routers on your ISP's network to be able to do that. Multiply your one address and the route to it by a few hundred thousand customers and your ISP has a nightmare on its hands as their routing tables swell to eight or ten times the size they are now and get updated everytime someone connects. If your ISP is big enough to be spread across multiple ASes and you want to be able to connect inside any of them, you have the same problem propogated to every router on the 'net, not just those in a single AS.

IPv6 has mechanisms in it to handle the problem of address mobility that nobody was thinking of way back when they pulled the plug on NCP. But I'm sure there will be other things that will be just as much fun...

A.C.

Yup its MIT final soon

Hey yeah, we have finals next week so stop reading slashdot and go study!

Re:Yup its MIT final soon

I think this is the point of /.

Final studying avoidance, and news for nerds.

ips are wasted

... I know because I have a personal class B (18.205.*.*) My school has a class A, and each living group gets a class B. My living group probably has 50 ips used up of about 60,000 that we have. I own 1/60,000 of the _WORLD'S_ ip addresses. If this isn't waste, what is?

Re:ips are wasted

[djwolf]

yeah for 18.217.x.x, i remember finding at some point that we have more ips than most country domains...

ISLAGIATT

ISLAGIATT - "It seemed like a good idea at the time."

I fear that address "classes" will be part of net nomenclature for a looooong time.

Re:This again?

Actually that shouldn't be too terribly hard to do. Mainly it consists of changing the names of certain function calls in most cases. The bigger problem would be writing the app to support both IPv4 and IPv6. Of course all this is directly related to the fact that you have to have it supported by the OS. I say we switch over now and just screw all the windows and mac users ;P Seriously though I wonder how much of the holdup to implementing IPv6 right now is due to windows not being ready for it yet?

Ummm... no.

NATs are bad. They break end-to-end rules, the break IPsec, they cause administrative nightmares.

Negative.

NAT (and port translation proxying, a la masq) is good. The hell I want my internal addresses routable from you.

End-to-end-ness is overrated.

IPsec is already broken, and since it can't tunnel across existing commonplace security mechanisms, it's broken by design.

And administration doesn't seem to be such a big deal to me, maybe you need better tools.

IPv6 implies a level of object addressability that is, frankly, scary to anyone who has an iota of sense. You'll pry my non-routable addresses from my cold, dead hands.

Re:Ummm... no.

Firewalling is valuable if you insist on running crippled boxes, but to make a route *impossible* (rather than merely unusable, by rejecting packets) means you can't change your mind. Just Say No to crippled 48-bit addresses with random expiration and no name service.

Re:Ummm... no.

"IPsec is already broken, and since it can't tunnel across existing commonplace security mechanisms, it's broken by design. "

-----

Please don't tell my firewalls that. I have 2 10.x subnets IP-Masqed and firewalled into nothingness that are linked via IPSec. Now from either network I can connect directly to the other transparently. I'm using Free S/WAN on RH Linux. Works like a charm.

It may not work from behined the IP-Masq gateway, I have it running on the gateway itself. It seemed like a good way to do it since I'm connecting the subnets, so what better place? If you really need it to work from behined the firewall port-forwarding should do the trick.

Re:This is not an issue

How the heck do you "squeeze" more digits into a 16 bit register?

graphical description of address space usage

See http://www.caida.org/IPv4space for Aug of last year.

(hope they don't get slashdotted :-))

-drc

Re:Reselling?

If I can't even set my VCR from work, what's the point of having a home network at all? "Anyone with a cable into my house is god, everyone else is scum" is a pretty pathetic form of authentication. NAT is just a necessary evil when subnets aren't readily available from ISPs.

My remote will have an IP address???

"It's going to come to the point where your TV remote is speaking IP to your TV, and they'll each need an IP address," said Paul Vixie, an architect of the Net's address system. Under such a scenario, a typical household could have more than 250 IP addresses, he added.

Okay, I will eventually have a 256 appliance network in my household. It will be run like this:

1. Every appliance will have a unique network address (whether it be internet protocal or not)
2. Every appliance will be connected to both each other and a central control unit.
3. The central control unit will not be my personal computer (which will be connected to the internet and thus have an IP address).
4. Each appliance will NOT need a publically registered IP address, and thus will not take up one more Class C (excuse me, /24) network.

My point is, just because the appliances are on an internet does not mean that they are on the Internet.

Tim

USGOV = Biggest IP black hole

I've worked for the Gov for 9 years and can attest that we are the horribly wasteful when it comes to IP space.

You have a W95 machine, wouldn't know a static IP if it bit you on the nose, don't operate a single server, use a propietary mail system (banyan), but would sure like to browse the web: here's a static IP address. Oh, you have 30 more people in your office just like you. Here's a class C subnet.


The cost to you? Why free of course!

Re:Y'all must be sysadmins

Just make a distribution of Linux that is allready set up! I could tar my firewall and give it to most anyone and they could use if out of the box. My firewall is a 386/25 with 8M RAM and 420M HD. Nothing special. You can probably get one for free if you look about a bit. 2 NIC cards and a hub round out the network. Then tell them to set thier computers to use "DHCP".

Hmm... DNS.. little problem there. IP-Masq can route DNS traffic though, so just have a web-based admin tool installed that they can connect to with the first PC they install on the network and set the DNS address thier ISP provides. Now you have a functional router/NAT gateway, and new PCs get auto-configured.

Even better, stick that in a small, sealed package and sell it to end users. So the "UNIX box" becomes "That little black box in the corner". :) They don't know what it is, they don't care. It sends thier traffic arround the internet and they are happy.

I have my own /24...

My house it's own /24 (Class C for you old timers) that I registered over 5 years ago. It is provider independent space...

Re:I have my own /24...

No, there are no problems. My /24 is below 206.x.x.x, where the filtering begins.

Anyone with a pre-1995 (or so) class C is fine.

Re:I have my own /24...

[garver]

I'm curious, do you have problems getting to certain sites? I thought some backbone companies, I'm sure Sprint did, dropped any routes smaller than a /20 or /19 to keep their routers from puking. The result is that if you have a /24, it needs to be part of your ISPs block and hence not provider independent.

I know independent /24's were common 5 years ago, but I thought ARIN wouldn't give anything less than a /20 today and you have to really justify that you need it. If this /24 is working for you, I really would like to know.

Re:*SHOCK*

Most of the gov sites are probably using NAT and behind firewalls

Re:There is no IP address shortage

I've been watching, and I've never seen an on-topic or even interesting comment at -1. (These, of course, are off topic.)

Re: Just How Many addresses does IPv6 have ?

IPv6 is 64bit isn't it? That means the absolute maximum is 18,446,744,073,709,551,616 (ie. lots), as opposed to the current 4,294,967,296 maximum.

Re:And then....

Personally I think it's stupid to restrict net machines.. there's no reason everyone in the world shouldn't be able to get at least 1000 IP addresses for their own personal use. We're in this mentality now of dialing up, getting some dynamic IP and browsing the web. That doesn't give you much of a permanent address once you (hopefully) eventually get a permanent internet connection that is up 24/7. Everyone should have high speed dedicated access to their home at an affordable ($50/month) rate. We need to wire the world! Bring on IPV6!

Re:And then....

t'll get even worse when more people hook refrigerators and crap up to the Net

It shouldn't... all "internet appliances" can connect through a single gateway using NAT or IP Masquerading, meaning you're still only using 1 IP address per household...

Address classes have been gone for a while...

From what I understand classes are a thing of the past and have been replaced by CIDR (Classless Inter-Domain Routing) which uses a longest prefix matching system. This is how people like MediaOne have their IPs in the Old Class A land and such but don't have the whole thing.

According to the CIDR FAQ It has been in use since 94/95.

We've been running out of IPs for years, this is ancient news.

-- Britt

Re:Address classes have been gone for a while...

[scoof]

We might not use classes, but it's haelluva lot easier to say a C or B class than a /24 or a /16

Some numbers

This old info is from a RFC:


The Class A portion of the number space represents
50% of the total IP host addresses; Class B is 25%
of the total; Class C is approximately 12% of the
total.

Total Allocated (1993)
Class A 126 38%
Class B 16383 45%
Class C 2097151 2%



I don't know what the current numbers are, but 50% of the total
address spaces is still unassigned. Most in the Class A.

Address Block Registry - Purpose Date
--------------- --------------------------------------- ------
000/8 IANA - Reserved Sep 81
001/8 IANA - Reserved Sep 81
002/8 IANA - Reserved Sep 81
005/8 IANA - Reserved Jul 95
007/8 IANA - Reserved Apr 95
023/8 IANA - Reserved Jul 95
027/8 IANA - Reserved Apr 95
037/8 IANA - Reserved Apr 95
039/8 IANA - Reserved Apr 95
041/8 IANA - Reserved May 95
042/8 IANA - Reserved Jul 95
058/8 IANA - Reserved Sep 81
059/8 IANA - Reserved Sep 81
060/8 IANA - Reserved Sep 81
064-095/8 IANA - Reserved Sep 81
096-126/8 IANA - Reserved Sep 81
127/8 IANA - Reserved Sep 81
197/8 IANA - Reserved May 93
213/8 IANA - Reserved Sep 81
217/8 IANA - Reserved Sep 81
218-223/8 IANA - Reserved Sep 81
240-255/8 IANA - Reserved Sep 81

A Dylan language hacker.

CIDR

er, there are no class A's B's or C's anymore. Read up on CIDR.

Re:CIDR

[Pascal+Q.+Porcupine]

Well, these days, 'class A' means /8, 'class B' means /16, and 'class C' means /24. It's a lot more convenient, IMO, to still refer to those common denominations as such.
---
"'Is not a quine' is not a quine" is a quine.

Re:CIDR

[BuzCory]

So, where's the spec? How 'bout a URI, someone.

While we are at it, how 'bout a URI (or RFC #) for IPv6?

But they charge for static IPs!

Everyone here seems to think that there is no shortage. Are you all at school with a full university 24-bit mask or something?

Take a look at any local computer paper and note what ISPs are charging for static IPs. They are charging for NUMBERS folks!

Look, dynamic IP assignment for dial-up PPP is broken. Everyone with a $20 AOL account should be given an IP address, and use that address when they dial in. Why don't ISPs do this? Because there aren't enough addresses. To this day it pisses me off that internet phone applications have to go through a server to know whether you are online because my IP address changes every time I dial up.

Wake up and smell the IPV6.

Ken

Y'all must be sysadmins

Firewalls and NAT translators don't set themselves up, you know. And NAT requires you to jump through hoops to access a server on the inside from anywhere on the outside.

Re:Y'all must be sysadmins

[IntlHarvester]

Remember the thread is about home networking. To me, it seems that setting up the numerous services (NAT, DHCP, DNS, etc) to support a simple home network is way overkill. When you look at the Netwinder (which automates all of this), you're getting a full blown computer with full blown unix, which is a pretty complex system for your toaster.

I hesitate to suggest this, but NetBEUI seems to be a better fit for home networking. Fast (for 1Mbps lines), auto-configuring (no unix box in the corner) and non-routable (more secure). A simple box could connect with the Internet and transmit messages from TOASTER0123 to tracking.wonderbread.com or wherever. This box of course would need some intelligence to know how to handle messages, but I'm sure it could be worked out.
--

NATs are evil

NATs are bad. They break end-to-end rules, the break IPsec, they cause administrative nightmares.

A better world will be IPv6 everywhere, with IPsec everywhere.

There is no IP address shortage

I have about 17 million addresses available for my own personal use. 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, 192.168.0.0-192.168.255.255. With things such as NAT/IP masquerading/firewalling, which everybody should be using for security's sake, there is not an IP address shortage.

Re:There is no IP address shortage

[Jon_S]

Which router are you using? My Netgear allows up to eight ports to be forwarded to separate boxes. And this is on top of the forwarding for things like Quake (haven't tried) and Real Audio (works great).

Re:There is no IP address shortage

[LordStrange]

I've been using NAT with my ISDN router at home for months and it is indeed cool. I assumed it would be the source of endless problems but everything works great! Even Quake!

Everything except that I can't easily connect to one of my home machines from the world beyond the router. (or maybe you can and I just haven't been bright enough to figure it out!)

Re:There is no IP address shortage

[journey-]

Well, what you have to do is assign Ports on the box doing Nat to connect to other internal box's, like say your external ip 123.456.789.101, someone connects to port 21, instead of taking the connection itself, it would forward it to another machine on the internal side of your network, lets say 10.1.1.5, now
This isn't limited either, port 50 on your external machine can easily point to say, port 80 on your internal machine, or anything you want.
The possibilities are endless
Jrny

IPv6 Has Non-Routable Addresses

[Gleef]

Anonymous Coward wrote:

IPv6 implies a level of object addressability that is, frankly, scary to anyone who has an iota of sense. You'll pry my non-routable addresses from my cold, dead hands.


According to the IPv6 Addressing Architecture ( RFC2373) section 2.5.8, there are plenty of non-routable IPv6 addresses. They're called "link-local" and "site-local" addresses, and each group has more addresses in it than the entire IPv4 address space.

This again?

[Gleef]

I remember this scare came up two or three years ago. Bob Metcalfe (of Ethernet and 3Com fame) was the one really pushing the issue then. Disaster didn't happen then, and the situation isn't critical now. There are still lots of class C's available for the near future, and if they disappear quicker than expected, there are some almost empty class A's and B's that could be subdivided. Nobody really needs a class A anyway.

This won't last us indefinately, if we get 250 real IP addresses per household we would run out. On the other hand, the only sane way to give every gadget, appliance, outlet and lightswitch in a house its own IP address is to use the 10.0.0.0/8 network, so it's not an issue for the rest of the world. IPv6 is still the best long term solution (just like it was 2-3 years ago). What's the hold up? It works, all decent OS's support it natively, when are the backbone providers going to start swithching, and encouraging their clients to switch?

Re:This again?

[jd]

Actually, the address space isn't the problem. It's the assumption made, by many flavous of unix, on the size of the total structure. IPv6 overflows the typical value.

Re:This again?

[GPB]

There is more to it than the problems you listed above. Just about every current network application we know now would break because IPv4 addresses are stored in a 32bit register, while IPv6 addresses will be much bigger than 32 bits.

Even simple programs such as 'telnet' and 'ftp' would need to be rewritten for bigger address space. Neat huh?

Re:This again?

[_Stryker]

I guess this all depends on your definition of "support". There is still a lot of work to be done to get full support fo IPv6!
---

Re:This again?

[Zoltar]

I'm wondering how we are going to make the switch from IPv4 to IPv6. It seem like it could be a real nightmare, lots of people mucking around in old code to try to get it up to the new standards. Lots of Web/Internet stuff blowing up. I also wonder how many people are writing their code today to work with both(as they should), or are they still sticking to just code for IPv4.

I know that Linux / Unix has IPv6 support in the BSD4.x socket stuff but I'm wondering if the boys from Redmond have it together with the whole winsock mess.

Hmmm...how can we bilk the general public out of their hard earned greenbacks with an IPv6 scare.:)

Are you IPv6 comliant?

Re:This again?

[acarey]

I know that Linux / Unix has IPv6 support in the BSD4.x socket stuff but I'm wondering if the boys from Redmond have it together with the whole winsock mess.

I think "the boys from Redmond" :) are working on it... you can download an alpha IPv6 stack for Windows NT 4.0 from their research site.

Cheers
Alastair

Re:This again?

[Trojan]

Let's make the transition on January 1, 2000. Everything would stop working as is expected. It would make a lot of people very happy.

Re:This again?

[hqm]

It's all because people have been programming
in C. If there were a real programming language
instead of glorified assembly language, then
IP address structures would be properly
abstracted.
In fact, the BSD sockets API sort of abstracted
the address structures, but a recompile won't
work because everyone is sloppy about using
32 bit ints all over the place.

The real pain of the IP address crunch felt today

[Russ+Steffen]

This morning actually.

It seems that the IP address situation is prompting many of the large Fortune-500 type companies to renumber their networks with 10.0.0.0 or other reserved network numbers, and employ proxies and/or NAT. That's all fine and good for them, but makes my life hell. The company I work for does, among other things, software maintentance. For our large customers, this usually means mainaining a frame relay or other semi-permanent connection into their networks. One of our customers just converted their network over to 10.0.0.0 numbers a few weeks ago, and this morning another customer notified me that they would be doing the same in a few weeks. I now get to try to manage access to two different networks with the same IP addresses.

Re:The real pain of the IP address crunch felt tod

[Russ+Steffen]

I don't have any control over it. Both customers are Fortune 50 companies with huge nation-wide internal networks. The both indepently decided to renumber their networks with 10.0.0.0 addresses. The first company is using over 50% of the 10.0.0.0 network.

Bleh..

[Wakko+Warner]

They're still teaching us in school that class A addresses go up to 129.*, class Bs go up to 198 or whatnot, and class Cs begin above that. (This is going by the first three significant bits of the bitwise notation of the IP address.)

Things change too fast.

- A.P.
--

"One World, One Web, One Program" - Microsoft Promotional Ad

Internal numbering?

[drwiii]

I've been seeing alot of talk about "everyone's fridge and toaster needing an IP address".. Wouldn't it make more sense to use internal, non-routable IPs for that sort of thing?

Aside from the thrill of being able to ping your toaster from work/school, I don't see of what use an Internet IP would be for things as worthless as household appliances. Most uses of these devices require human interaction (toaster, fridge, etc.), so remote control of them shouldn't be a big priority.

Besides, I don't fancy the idea of my vacuum cleaner sucking in its own ethernet cable and bursting into flames.

Re:Internal numbering?

[jd]

Let's change the idea of fridges and tea cosies, to something useful. Say, books. You have N books, in your house, probably scattered around. Some library books in there, too, no doubt. And some of your SO's. And some a friend dropped off for you to read, one night. And one the dog brought in, thinking it was a new, square kind of bone.

That's a lot of books and owners to connect together, and keep track of.

Then, there's the contents of your SO's pocket book. You expect your SO to know what's in there? Or what isn't in there? Or where those things which should be in there but aren't are?

The ability to tag each object, ROUTABLY, and be able to traceroute those objects to establish roughly where they are and who's they are, would be a VERY valuable tool.

Also beats the Ultra Violet marker pens for marking your brand-new, expensive electronics against thieves.

("Help! Help! My $300,000 video recorder, with a borrowed tape from a friend was stolen!"
"What're their FQDN's?" "vidrec.myhouse.org" and "ripoff.localvids.com"
"Ok, we're following them with Mobile IP. They're on the main road, going north. UGH! That one's eating a garlic sandwich! I can't believe someone would bite into that address range.")

Being able to track things through routable addressing is a VERY powerful tool.

Re:Internal numbering?

[Xenu]

NAT is a kludge. The sooner it goes away, the better. I want a reasonable number, say 16..256, of static, routable IP addresses. IPV4 must die.

Re:Internal numbering?

[journey-]

Since when did accessing something from the
outside to the inside require an individual
IP address? I have 3 Citrix boxs, 2 ftp servers,
and a web server in 5 different machines, running
on a single IP at work, the same principle could
be applied here...you access the port assigned
to that particular applience, say port 10000 for TV's
if you have more than 1 TV, when you access port 10000
it would give you a list of TV's, and you could choose one,
that way all your TV's are still on 10000, and they can have an internal(10.) address, instead of a real one

Re:Internal numbering?

[Trojan]

You don't understand. Big Brother needs to be implemented. Internal numbering won't do.

Re:Fire Insurance, Fire Detector, Firewall

[smcd]

It's more secure. You don't need a firewall for each machine.

I think you're missing the main problem...

[gavinhall]

Posted by TikTac:

The main problem is that with such a distribution of IP addresses, the routers are having to keep more routes in memory. We're not really near running out of numbers, but if we have to assign two (or more) numerically unrelated blocks of IP addresses to a location, we aren't using the addresses efficiently, and the routers are going to bog down more and more with many routes going to the same place.

To summarize: We have a sufficient quantity of IP addresses for the near future. The problem we are encountering is that routers operate more efficiently if the IP addresses are under-utilized.
That is why we need IPv6 and it's insane number of IP addresses. If we can assign IP's without regard to efficiency of quantity, we can more easily aggregate routes efficiently, reducing maybe 12 routes into one route to a honkin huge set of IP's (which still would be less than a fraction of a percent of the available set of IP's)

ARIN

[spacey]

I think ARIN doesn't hand out class C's anymore, only /19's or larger blocks after you prove you can route them and that you have the userbase to populate that /19. Otherwise you have to get a network from your upstream provider.

-Peter

Re:ARIN

[shani]

ARIN's policy is now to assign /20 or larger blocks.

Re:ARIN

[shani]

There is no requirement to be dual-homed (actually dual-homed networks are a sticky widget that hose up routing tables, and haven't been addressed at all in IPv6) to receive address space. There are different guidelines for ISP's and other organizations (or individuals). The intent it to allocate space to organizations that will actually use it.

Re:ARIN

[Izaak]

ARIN's policy is now to assign /20 or larger blocks.

And last I checked they also now require that you be dual homed to the backbone (i.e. a major player). I'm glad I snapped up my /22 when I did. :-)

Thad

Re:Protocols

[spacey]

That's what ip masquerading and NAT's are for - however there are still problems with this approach, especially in larger organizations that have to coordinate this for themselves. Using RFC 1918 space you can do well in a centrally managed organization, but it can become confusing if you don't centralize the management of this resource internally.

It also sucks if you use rfc1918 space for your wan interfaces - it confuses traceroutes a *lot* if they return identical numbering for interfaces on routers for 2 (or more) different ISP's!

-Peter

The complete list of Class A's

[Smack]

The article gives a partial list of the class A allocation holders. The full list is available here: http://staff.elmail.co.uk/~liam/t ech/class-a.html. For some reason, the two lists don't quite match up -- for instance, where's IBM?

(This link was blatantly stolen from Scripting News, but I figured it should be seen)

"Big Entities Stash Net Adresses"

[Smack]

Here's an old (last summer) article that explains the whole class A fiasco: http://www.zdnet.com/intweek/daily/ 980622a.html

Basically, we aren't really going to run out of addresses anytime soon, as long as someone forces companies like Halliburton to use the right address space for their 30k hosts.

(link cross-polinated from Scripting News - www.scripting.com)

Re:Protocols

[jkovach]

It would be soooo nice in sense of security, to have a unique phone number allocated to your house. A thing most maniacs and serial killers who are able enough to use the reverse phone lookup on www.anywho.com would love for sure.

IPv6 never going to happen

[heroine]

What do you do when your real estate in Aspen Colorado is worth $5 million? Create more real estate like yours to lower the price? No way. I guarantee we're going to be living with IPv4 for a long long time. Academics and charities don't run the internet, suits and ISP's do, and they're going to charge you to the grave for static IP's for as long as possible.

Re:Don't forget the class E addresses

[Fastolfe]

Reasons like this are precisely why there isn't an immediate "IP crisis." Unless we move towards IPv6, however, global IP addresses will become scarce in the future. There still won't be much of a crisis (providers will work around it by using private addresses and NAT surely, like you say), but using "real" IP's is so much more of a "real" solution.

For that, IPv6 is the way to go.

Re:Protocols

[Fastolfe]

For your first idea, you assume every household will have a computer to do this "figuring out devices." That won't always be the case. In theory, you should be able to use an IP-enabled remote and an IP-enable television together (and from the Internet via an IP-enabled telephone or other network access point, for example) without having to rely on a *computer* to do the "figuring out". Once we start moving away from the PC and more towards the Internet-enabled appliances, where does this computer fit in?

With respect to your second idea, using "TCP/IP" with a single "household" IP and using port numbers to differentiate between devices: What if someone had a really big house? (Granted, 64k of ports is probably plenty, but you never know...) What if we're talking about a company, where 64k ports might not be enough? What if some of those ports were needed for outbound connections? Do we then start assigning a second or third IP for these types of devices?

What if a single device had several services? Use a separate port for each service? Would there be standard ports for things like TV, VCR, Pool, Telephone, etc? What if you had multiple TV's? Things could get very confusing here, but there are probably ways to classify and place these mappings in some sort of standard directory.

Also (and this might clarify some confusion for you, or you may have meant this and are just using wrong terminology), we're not necessarily saying devices need to be able to communicate via *TCP*.. just IP. We can build any other protocols or use existing protocols as needed for the devices themselves...

Nope

[Fastolfe]

Both IPv4 and IPv6 will use 16-bit port numbers.

Re:Fire Insurance, Fire Detector, Firewall

[Fastolfe]

Why do you think this is better? It simply adds a layer of complexity and the requirement for a machine or device performing the address translations.

Re:Fire Insurance, Fire Detector, Firewall

[Fastolfe]

It's only more secure if you're talking about each device being equivalent in flexibility and power as a PC. And while you don't necessarily need a firewall for each machine, you *will* need something doing the NAT translations between your private home network and the outside world.

When people say refrigerators and televisions will have an IP address, they don't mean that these devices will be *capable* of being broken into. You can work up a very simple network device that simply reports temperature information or allows the user to change the TV channel without allowing a criminal to insert some sort of virus into the system or program your microwave oven to explode.

Simple devices will have simple network services provided by simple programming.

And in response to the idea that people can just use port forwarding or some similar technology to get around the restrictions imposed by NAT, remember that these devices are *appliances* and won't necessarily be running in the home of a computer person. Not everyone is a network administrator.

Re:Fire Insurance, Fire Detector, Firewall

[Fastolfe]

Good points, but you're going to have to have Magnavox software (or perhaps some generic "scheduling" software if we can abstract these devices enough) one way or the other. Either it's running on a PC or it's running as a CGI or Servlet applet on your "WWW-enabled automation server."

However, using NAT like this precludes the possibility of me being able to easily do things like:

* IP-based telephone calls to a specific phone in someone else's house
* *Forwarding* IP-based telephone calls to the nearest telephone in whatever building I'm currently in
* Reception/sending of video images from one specific camera to a specific display unit in another location
* Easy collection of thermostat temperatures for apartment buildings with central A/C / heat.
* Sending text-based messages to specific devices in another building

etc.

Granted, there can be ways of setting up proxies or the like in conjunction with your NAT setup, but we'd effectively need to build another entire layer of software to make devices work transparently.

Re:implementing IPv6

[Fastolfe]

To the best of my knowledge, there shouldn't be much in the way of "critical" nodes that need to be upgraded. IPv6 routers will (for now) be capable of doing both IPv4 and IPv6 (since the version number is stored in the IP packet, it's pretty trivial to decide how to handle it). Over an IPv6 Internet, your old IPv4 addresses (munged up a bit to make them IPv6-compatible) will still work over IPv6 networks. I also don't know why you can't have IPv4 hosts and IPv6 hosts talking to each other on the same ethernet segment, so long as there's a router capable of speaking both protocols.

Maybe I'm just being naïve. *shrug* It just seems to me that once we have IPv6-capable routers, we can migrate everything else at our own individual pace. Once that's all done, we just drop our IPv4 addresses in favor of our IPv6 addresses...

Re:Fire Insurance, Fire Detector, Firewall

[Fastolfe]

I don't think the emphasis is on putting these devices on the global Internet; it's on allowing these devices to communicate between one another via IP.

And if it already speaks IP, why not let them communicate over the Internet as needed while we're at it?

10.x.x.x addresses seem like a good idea (my network at home uses this), but what if you wanted to check your answering machine messages from a neighbor's house? What if you wanted to record the game that comes on in 20 minutes? I'm probably only pointing out some of the lesser reasons why these devices might need a "real" IP, but IMO they're enough. :)

Re:The scarcity is still just "approaching"

[Fastolfe]

Where is IPv6 hard to implement?

The transition from IPv4 -> IPv6 should be totally transparent. Things like TCP and UDP should work under IP with no problems at all, since they don't themselves deal with things like IP addresses or quality-of-service.

IPv6 was designed from the drawing board to be an easy upgrade. IPv4-compatible address space was built-in, and the protocol itself is meant to allow hosts to inter-communicate between IPv4 and IPv6 hosts on mixed networks.

A "funky" (even if simple) multi-level proxy system as you say is simply a rather nasty band-aid. While something like this may work, it introduces a tremendous amount of complexity. You'd still need to have things like web servers, e-mail gateways, etc., on globally visible IP's, and there are useful reasons to have individual PC's visible as well. Behind NAT, you lose a lot of usefulness out of Internet hosts. If such usefulness isn't a factor (such as on networks where the machines are already firewalled into next-to-nothingness), this is probably fine, and using private addresses with NAT is acceptable (and even desirable).

The scarcity is still just "approaching"

[Chexum]

IPv6 is a nice thing to overcome this limitation, but it's a different protocol, and hard to implement at places; IPv4 and the rest of the infrastructure layered on it is almost fatally entrenched. I'm still not sure whether switching to IPv6 is easier than to come up with a funky (but simple!) multi-level proxy system. I better hurry to come up with it :)

On the other hand, the hording of IP ranges is really enormous, I think no company of any size (well, except those who provide access for end-users) should use anything more than a handful externally visible IP addresses, 256 (a class C) at most. Not just the grandfathered class A owners mentioned in the article are grossly unused, there are many class C and even class B ranges which are unreachable except for a router. Big corporate networks don't want you to reach them, you know...

But unless everything is at least as accessable as today, no proxy systems should be forced to the customers, IMHO.

Re:The scarcity is still just "approaching"

[BIFFSTER]

"Where is IPv6 hard to implement?" The fact that only recently have some of the core APIs been ratified by the IETF should give some sort of indication, for one. :) There's still quite a bit to do.

There are at least three independent implementations of IPv6: Sun's, INRIA, and... hell. can't remember offhand.

If you're interested in more info on IPv6, check out Sun's site, and the IETF ipng working group info page

implementing IPv6

[Chexum]

Where is IPv6 hard to implement?

Making "my" DIY Linux box speak IPv6 is easy; converting some real applications to let it use it fully is workable too, but there are so many places out there that I'm simply scared :) Lot of cable modems, lot of printers, lot of routers, leaf hosts with Win 3.1, MacOS, Amiga, and the uncountable rest with hard to upgrade software/firmware. Agreed, it's only the core what's really need to be upgraded, for example, LAN printers, and most end hosts will do fine with IPv4. I also know the measures taken to have IPv4-IPv6 networks to talk together; but it sometimes sounds hopelessly tedious to me.

Although, the biggest mental obstacle was that getting IPv6 networks was quite of limited to experimental educational usage, I'm glad it's just a few days and it's more available.

The proxy system: sounds much funkier than I imagine, but I just didn't have the time to even mentally design it correctly; I still think it could be easy, but let's drop it :)

The Options

[jd]

1) Do as people are doing, and splitting & scattering the various addresses all over the planet. This increases the amount you need to hold in a router, and the average search time for a path. But, if you enjoy router-induced lag, that's no big deal. :)

2) Use IPv6 and solve every problem on the net today.

Re:Have you read the specs?

[jd]

Proxy server.

You have an IPv4/IPv6 dual-stack machine accepting connections for a non-existant IPv4 address. The packet is re-written in IPv6 notation and forwarded to the -real- IPv6 machine.

IPv6 Addresses

[jd]

YOU CAN HAVE AN OFFICIALLY REGISTERED IPv6 ADDRESS, TODAY!!!

It's called the 6Bone, and ALL you need to is contact the nearest 6Bone provider and ask for a name.

Addresses on IPv6 are NEVER allocated by humans, they are GENERATED. THAT is why nobody can hand them out. ALL you can have is one or two bytes allocated by the person one hop up in the heirarchy.

EVERYTHING BEFORE is pre-generated and no authority can change that. EVERYTHING AFTER is generated by your computer, according to the specs on how the number is generated.

Re:Have you read the specs?

[jd]

You're quite right. The main reason, though, for using a proxy, rather than a dual-stack, is that IPv4 has no prioritisation (IPv6 does) and few stacks are mobile (IPv6 is). To be able to reliably sustain communication and maximise the use of the network, you need to keep the IPv4 traffic in it's own island.

IPv6 URLs

[jd]

The central archive on all things 6ish (well, other than Portmeirion) is:

www.6bone.net

Does it matter how many IPv4 addresses are left?

[jd]

No! NAT is USELESS when you split beyond a certain point.

If two logically adjacent addresses do NOT belong to logically adjacent physical ports, you MUST store a router entry for each.

I don't CARE whether people think routing is "broken" or not. If you cannot generalise where to send data, at ANY level, then you must store EACH AND EVERY addresss and where it is. This leads to HUGE, UNWEILDY search tables, a VERY HIGH probability of corruption, and UNNECESSARY LAG.

eg: Let's take two possibilities.

1. You're using IPv4 and NAT. No ordering on the addresses. You have to search an average of ((2^8)^4 - reserved addresses)/2 to figure out which line to send data to.
   This happens, in real life - there are plenty of companies that loan out dedicated terminals to their databases, with a company IP address, rather than an address of a machine local to where it's being sited. That address needs to be added to EVERY router between the two sites.
   
2. You're using IPv6. Your router table has 16 entries in it, most of the time, and have UP TO 32 entries, allowing for router mobility. That's it.

Tell me which is more efficient and less laggy.

Re:Do Both...

[jd]

Don't need it. IPv6 supports the notation ::(IPv4), which gives you "virtual" IPv4 addresses. Smart mapping, from there, is a doddle, and was designed that way, for that reason.

The reverse mapping (IPv6 addresses out of IPv4 ones) is slightly trickier, but certainly possible. Multihome a gateway, then have it route out the packets over the IPv6 segment of the network, with the address according to the IPv6 mapping of the name the gateway was called by. The translation becomes invisible and transparent to all parties.

EASY solution!

[jd]

This is how to get the world to port to IPv6, in three days or less, all stacks tuned and humming.

1. Pay AOL to convert their stack to IPv6-only, and convert their software to only support IPv6.
   
2. Set up all AOL services and servers to use IPv6 only.
   
3. Set up a gateway at AOL, to gate IPv6 packets onto and off the IPv4-based backbone.
   

Result? For a competitor to get a product to work with AOL, it would HAVE to be IPv6 aware.

AOL's users would be utterly oblivious to the change - AOL's software would work the same and look the same, and they'd have access to exactly the same off-site systems, in the same way.

BUT, because it would be an IPv6 stack and an IPv6 service, any 3rd-party product would have to have IPv6 support. And, given the number of direct users of AOL, it would have to have IPv6 support by yesterday, or risk being squelched.

Re:charge for IP, !4 domain name, money -> IPv6

[shani]

Network Solutions no longer allocates IP space. This function has been handled in Europe by RIPE-NCC for something like 8 years, and in America by ARIN for the last 18 months. Both companies are not-for-profit, as is APNIC, the Asian-Pacific flavor.

NSI never charged for IP allocation. Actually, the IP allocation was funded by the domain registration fees, which prevented them from paying much attention to it.

U.S. Conspiracy

[shani]

Addresses in Europe are allocated by RIPE-NCC, not ARIN. If anything, RIPE's policies are less restrictive than ARIN's. Addresses in the Pacific Rim are allocated by APNIC. APNIC's policies are actually fairly close to ARIN's.

All of these regional registries are open membership organizations, with public forums for comments and input. If you don't like it - join up! It's certainly not America using all the IP space by itself!

I suspect the problem in most cases is with the policies of the communication infrastructure (government and private) of the countries involved. Check it out before looking for the easy conspiracy theory.

IPv4 shortage, private addresses, and IPv6

[shani]

For those who suggest that using private addresses with NAT will handle the IPv4 number shortage, I would remind them that numerous IP features depend on end-to-end addresses. These include congestion control, and more importantly, IPSEC. Please see the following draft-RFC:

Internet Transparency

It's a pretty good read. Anyway, ARIN should be offering IPv6 addresses the 17th (next Monday) unless politics and policy get in the way. The registration folks are testing my code today. :)

Make sure your ISP is ready! And don't settle for a /128!

Shane Kerr
Software Engineer
ARIN

Re:IPv4 shortage, private addresses, and IPv6

[birchallr]

That *was* a good read.

However I think NAT & port translation is here to stay.

Now that Win98 SE includes a NAT service, everybody & their dog can easily share an Internet connection with their private network, without having to crack a HOWTO...

All we really care about is if the end-to-end connection is transparent to Quake3A! : )

Classful naming

[shani]

This is a plea, from me personally, and also from me as an employee of ARIN.

Please stop using classful naming. Class A, B, and C really don't have much meaning these days. Use CIDR - it's more specific and just all-around better.

$0.10 Tutorial:

Class A is a /8 (e.g. 10.0.0.0/8)
Class B is a /16 (e.g. 192.168.0.0/16)
Class C is a /24 (e.g. 192.149.252.0/24)
Single IP is a /32 (e.g. 206.170.14.74/32)

There you go. I'm sure you can figure out how other networks are specified. For instance, the network slashdot is on is a /23:

206.170.14.0/23

Isn't that better than saying "two class C's"?

Re:Classful naming

[scoof]

I still use the classfulnaming, specifically because there's no good way to say /24 in Danish For those interested the's a complete guide to subnets at http://www.ripe.net/lir/services/subnet s.html

Re:Classful naming

[rhdwdg]

It's both more specific and less specific. Your own example 192.168.0.0/16 is a /16 but not a class B. There is still no lack of firmware out there that can't either can't think in classless terms or that default to classful thinking. Fortunately the latest releases are almost all OK and have been for some time.

The remaining class C space could run out around the end of the year and it will be a problem. I would, if I were dictator of ARIN, cut the 'they're not fees' line and charge triple for netblocks from the remaining class C space versus class A space. Modern equipment will be fine and older equipment moving into new addresses can still get real class C networks.

That and figure this: in a few years we will have routers many times as powerful as those we have today but the same final limit on IPV4 addresses. If we could approach 100% efficient usage of the IPV4 address space we could buy a valuble year in IPV6 deployment. Fantasy-benevolent-dictator-rhdwdg would shift policies in that direction. But this is the wrong thread for that thought.

Fire Insurance, Fire Detector, Firewall

[Sabalon]

Why would I want my TV, toaster, or fridge on the Internet?

Perhaps the next thing that needs to be done is to install a firewall in each house. That way each house can have 10.x.x.x for their IP numbers. 16 million should be enough IP's for any house :)

Re:Fire Insurance, Fire Detector, Firewall

[travisd]

I think that the likely scenario for the wried house will be that you have a central access point for all such services - acting like a firewall and also providing a common entry point for controlling all of these services. After all, if I want to program my Magnavox VCR when I'm at the neighbors house why should I have to go out and download the magnavox specific software and install in on their PC first. Instead, I'm going to connect to my house's WWW enabled automation server (which only needs a single routable address) and do everything thru there. This is what's going to be actually controlling everything anyway... Why waste the money to build an interface and such into every single light switch - they're all just going to run SSMP (simple switc managemt protocol) and let the centreal controller handle the schduling and nasy stuff like interfacing with us humans.

Re: Just How Many addresses does IPv6 have ?

[mattdm]

There's no straight answer, because different schemes to divide up the namespace cause waste. (Just like giving someone a class A in the old days caused waste.) But there's a lot more to go around -- the addresses are four times longer (not bigger, longer). I calculated once -- using a conservative estimate of the namespace -- that you could divide the earth into 1-meter squares and assign each square an IP address, and then travelling back in time reassign each square every second 'till you reached the formation of the earth several billion years ago, and still not run out. So it's a lot. We're not making the same mistake twice.

--

Re:IP port numbers

[Mark+Edgar]

Actually, IP doesn't have port numbers. Port numbers are at the TCP and UDP level.

Re:And then....

[mikpos]

You'd have to explain to me why you can't telnet into your masquerade box. If you can't telnet in, your machine is down; if your machine is down, you probably wouldn't have been able to ping the fridge anyway.

But one of the nice things about IPv6 is it has scopes. No longer are there just "the Internet" and private networks, but there is a hierarchy of networks. I should reread the specs so I can remember what I'm talking about, but I thought it was a pretty good idea.

Huh?

[mikpos]

How many people have cable modem or *DSL lines now? All you're doing is getting a unique IP address for your house. I haven't heard any great uproar about this so far, though.

Re:Huh?

[Azog]

ummm, actually those high-speed providers (at least where I live) won't give you a unique IP address. They use DHCP (?) at least partly because they don't want to undercut their expensive T1/T3 business-oriented services which DO give unique IP addresses.

Re:Have you read the specs?

[mikpos]

Well if it's just going to a non-existant IPv4 address, then it's effectively like having an IPv4 address. In which case what you're talking about is useless, since you could just have an interface having both an IPv4 and IPv6 address.

Once all it becomes impractical to route to new IPv4 addresses (or we run out of them), then you'll have IPv6 machines with no legitimate IPv4 addresses, and people stuck on IPv4 clients or backbones will have some problems.

Have you read the specs?

[mikpos]

Perhaps this is why they're taking so long testing it. Theoretically, routers, servers, clients, hosts, whatever, that are running on 100% Satanic IPv4 should never have to switch over to IPv6. There have been provisions put into IPv6 to allow IPv6 routers to route to IPv4 routers, and for IPv6 clients to connect to IPv4 servers.

Unfortunately, the reverse isn't quite true. i.e. if you're a server without an IPv4 address (you only have an IPv6 address), then IPv4 hosts will not be able to contact you AFAIK.

People should probably not count on never upgrading, though. I don't want to think about all the tech support calls coming in from people complaining about only being able to access a small chunk of Internet hosts, just because some unnamed operating system hasn't put IPv6 support in yet.

Again, this shows how the big companies screw up

[scoof]

I work at a reasonably sized ISP in .dk, and I'm in charge of allocating IP's for our customers
Every now and then people whine about, how they could get more than the 4 or 8 IP's I'm willing to assign for them, and they explain, how they, if they went to a larger ISP could get an entire C-class, even though they'll only be using IP's for a router and a firewall.
People don't know, and don't want to know the possibilities of NAT.
How sad!

Don't forget the class E addresses

[Will+Sargent]

Okay, so we're running low on class C addresses. The moment it comes to a crunch, people will assign private addresses and NAT them.

But something that's always amazed me is that the address space from 240 to 247 is UNASSIGNED! They're reserved for future use... now people want to go to IPv6 instead of ever using those addresses. Why? Do they have cooties?

Re:Don't forget the class E addresses

[cpt+kangarooski]

Can't you read? Those addresses are reserved! That means you can't use them no matter what, unless it's for the purpose they're reserved for. What purpose is that, you say? Well if we knew, we'd've told you. But since people might need those addresses in the future, we can't let people who need them now use them. That would be reckless and wasteful.

FreeS/WAN does IPsec fine through firewalls

[Will+Sargent]

Admittedly I'm not an expert, but you can use FreeS/WAN to tunnel through a firewall and connect two NATted subnets. The tunnel exists between the two public addresses of the firewall, but I don't see any reason you couldn't repeat the process host-to-host inside the NATted region.

http://www.xs4all.nl/~freeswan/freeswan_trees/fr eeswan-1.00/doc/index.html

Grrr... need dynamic port forwarding

[Will+Sargent]

The problem with port forwarders as I've experienced them is that they will only forward to one machine. Meaning that if you have one machine behind an ip-masq gateway it will work fine, but if you have two or more computers, all the inbound packets will go to the IP address specified by the gateway.

It would be great to be able to have dynamic port forwarding (dunno how you'd distinguish which IP to forward to -- base it on the sequence number?) so that you could have two inbound streams to the same gateway, and have those streams demuxed to the appropriate IPs.

Reverse lookups on phone numbers

[Will+Sargent]

Actually, exactly that situation has been spelled out in Britain, where privacy advocates asked the Yellow Pages not to give out their database on the web because people could look up an address from a phone number.

The really scary part is not the psychos. It's the direct mailing people. If they can doing reverse lookups, any time you phone someone up they can find your phone number from call return, get your address, and start compiling information on what you buy. Yes, and junk mail you. And link it to your credit rating. And .

No, what's really funny...

[discHead]

...are those companies who have hundreds of IP addresses with Web servers that just redirect to a central Web server, so the companies can spam search engines with porn site links.

By "restricting new Net machines," I hope you mean providing incentives for conservation measures like IP masquerading, private subnets, etc., or disincentives for wasteful usage (see above).

If you think getting a dedicated IP address for a cable modem is excessive... I just signed up for a new DSL line, and I was given the option of having up to eight IP addresses for it. (I took just one.)

Re:And then....

[thomasd]

No, masquerading is a quick fix, not a true solution. Sure, it'll be fine for some things, but you'll regret it when you remember that you've forgotten to set the video, and have no way of telnetting to it through the masquerade box.

The difficulty is in getting anyone to make the first move towards IPv6

Re:The solution in Denver

[cpt+kangarooski]

My proposal for area codes...

Although I like the idea of breaking down the allocation blocks to a more useful size, here's what I was thinking. Add area codes based on the use of the number. Sometimes this is fairly clear, like for celphones and pagers. Other times it's quite tricky, like for modems and faxes (offer a slight discount for registered data numbers). Then just overlay them; landline voice would probably remain on the old AC, secondary services would get relegated out. (In the beginning you'd probably dump all non-landline voice together, and split it up later if necessary). Will the telcos do this? No, they're stupid.

Re:The solution in Denver

[cpt+kangarooski]

I don't mean provider by provider. I mean service.

That is ALL cellphones, no matter who the provider is, get a particular area code. They can squabble over exchanges all they want, but they're all (123) xxx-xxxx or whatever. Datalines would be much the same (if you told them that it was a dataline, for they're unlikely to know otherwise). All data goes through area (256) for some given area, and exchanges or whatever get given out to everyone, including the primary telco. The 'default' code for the region (like 617 in Boston) is mixed-use, but with pressure to be voice landline only)

Dump non voice landline services all together, regardless of provider, into alternate codes.

*SHOCK*

[db]

Gee, I didnt see this coming 15 miles away. Okay, everyone get ready to NAT!


--
:wq

Re:Subnet IP's

[Decibel]

Keep in mind that anytime you create a subnet, you lose 2 IPs for the broadcast and network addresses. For example, in a /28 (16 IP addresses) this would work out to a broadcast address of $XX XX XX XF and a network address of $XX XX XX X0.

Your point is _very_ well taken for the larger subnets though. For example, the IP address of this machine is 155.1.x.x, but it's completely firewalled. As far as I know, our company's network would be just as happy if this box had a 10.x.x.x address. There's a lot of other companies in a similar boat. Unfortunatly, now that there's a perceived value to IP addresses, no one wants to give them up.

I too would be interested to know just how many IP addresses are currently un-assigned.

Loopback uses too many IPs

[Kiwi]

I always found it silly that the loopback set of IP addresses take up an entire class A block (127.0.0.0 to 127.255.255.255).

The problem is plain simply that people did not see the internet growing the way it has when they released IP in the early 80s. Waste 16 million IP addresses for loopback? Sure, why not.

- Sam

Re:The real pain of the IP address crunch felt tod

[cthonious]

they don't need to be the same ... your customers don't have 16 million hosts, do they?

I mean one customer can take 10.0.1-2.x, the other 10.0.3-4.x and so on ...

The solution in Minneapolis/Saint Paul..

[Ares]

.. was to do the geographical split. I've been in Maryland, where they are overlaid. The geographical split is significantly better, because you and all your neighbors have the same area code. People you're more likely to call are still 7 digit dialling, while those across the river require 10. I've gotten myself in the habit of dialling 10 digits for all my calls just because the MNPUC is going to do it again. Twice. Now, if only they can strip 612 from Minneapolis...

However, imagine you've got a business over in say Malaysia. You need only a few 20 extension groups for interfacing to your central PBX somewhere in America. Guess what, you not only get your 60 extensions, but you've got the entire block of 10000 numbers allocated to you. Why? Because that's the way the phone company does things. And we think the handing out of the original A's was ridiculous.

Re:The solution in Minneapolis/Saint Paul..

[aphrael]

I'd quibble with the assertion that the geographical split is better --- or, at the very least, claim it depends on where you live.

The 408 area code --- covering san jose and monterey --- was split last year. The demand for numbers is growing so fast that it would be split again next year, with resultant area codes smaller than the city limits of San Jose; one more split --- not hard to imagine in the forseeable future --- and you'd be down to approximately a 10 mile square area per area code.

Unfortunately, few people actually have a clear enough geographical picture to be able to tell, at that resolution, what belongs in which area code. Hell, it's hard enough now with the existing 6 area codes in the san francisco bay area to tell which neighborhoods belong in which area code.

Overlyaing alleviates this somewhat by establishing geographical boundaries which are at least somewhat amenable to memorization. :)

I'm sure theres still alot...

[Curt+Hall]

Anyway, I currently have a Class C, but my provider (South Western Bell) claimed it wouldn't be a problem to get alot more, if I could justify it.

Killall those vhosts*!*&$#%

--azop

There IS a shortage (and some info on IPv6)

[Sesse]

When I tried to get IP addresses here in Norway, the answer was: No, sorry, there is none for you, because there is a shortage.

I can't possibly understand how all you people can manage to get C-class subnets, without having a _very_ good reason for it. Much less how you can possibly be disappointed with it!

Somebody up on the list wished there was an IPv6 initiative, and waited for somebody to "take the first step". I would just like to say: Wake up! The 6bone (a world-wide IPv6 network, using mainly IPv6-over-IPv4) has been running steady for quite a while now, and many equipment manufactorers (of them Cisco) do have close to production standard implementations. IPv6 will have enough addresses for everybody (a 128-bit address space... You usually get 64 or more bits, and usually use your Ethernet MAC address as the last 64 bits, to get autoconfiguration), and some extra neaties as well. I encourage everybody to join the 6bone (read the IPv6-HOWTO first, probably available at the LDP). It's free, and Linux has the support you need.

/* Steinar */

Re:IPv6 never going to happen? I think it will

[Des+Herriott]

Comparing IP address space to real estate is a poor analogy. While simply creating real estate out of thin air is impossible, creating a larger IP address space is quite possible (if non-trivial :-)

Speaking as someone who has worked for an ISP, I think IPV6 will happen. It'll be a long time before IPV4 is phased out, I agree, but IPV6 is by no means dead in the water.

Remember, IPV6 involves many more improvements over IPV4 than just a larger address space (though that is one of the most significant). We'll get goodies like:

• Much more efficient routing (people have already mentioned that in this thread).
• Extensible address headers will also make life much easier for routers
• Security - authentication and encryption in the IP layer, where they belong.
• Mobility, and address autoconfiguration - an IPV6-enabled device can autoconfigure itself whenever it's plugged in at a new location.
• Quality of service - IPV4 has this, but IPV6 improves on it. Someone mentioned that IPV6 wouldn't be much good for real-time applications - it will be.

Suits and ISP's are seeing the value of a greatly improved technology - to suggest that they want to keep IPV4 simply because they can inflate address costs is crazy. It ain't so.

Solution: Use more ip-masquerading!

[Rob_D_Clark]

I would hazard the guess that there are lots of places where a whole block of IP address are assigned when there really only need to be a couple IP addresses assigned.

For example, FooBar Corp. grabs a class B so each of their computers can have an IP address. However, they only have a small handful of external servers and gateways. What they really should have done is gotten individual IP addresses from their ISP and used IP masquerading for all the internal computers. That way, computers that are behind their firewall aren't using "real" IP addresses.

Re:Solution: Use more ip-masquerading!

[Royster]

The advice pre-CIDR was to get an official IP number for every computer that you eventually expected to be on the internet. At that time when I was getting Class-Cs we weren't even hooked up to the Internet and had no immediate plans to be, so we weren't even thinking about firewalling. I hadn't even thought about NAT or IPMasq as a possibility.

Re:Protocols

[atw]

That would be soooo nice in sense of security, to have a unique IP allocated to your house. A thing most maniacs and serial killers who are able enough to use traceroute would love for sure.


AtW,
http://www.investigatio.com

charge for IP, !4 domain name, money -> IPv6

[atw]

These indecent prices for a stupid DNS name by internic.net and others (national domains are often even more expensive), could have been (somehow) justified if they were charging for an actual IP allocation. In this case they could have collected some real money and fund IPv6 initiative, which IMO could have made it more realistic in our the timeframe allocated to our lifes. Actually they are making money on IP allocations (selling them to ISPs), but they want to charge for domains too.

AtW,
http://www.investigatio.com

The solution in Denver

[afniv]

...is to overlap area codes. In Denver, you must dial all ten digits. It has nothing to do with long distance (where you must dial a 1 before the ten digit number). To call my neighbor, I have to dial all ten digits. The two area codes that are overlaid are 303 and 720.

I think a better method of chunking groups of numbers is better than adding larger numbers so that someone can have 10000 numbers just to use 500 to use a previous example.

A quick look, I see that Denver is not alone with overlaid area codes. I guess I feel better now.

~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"

Re:The solution in Denver

[Jburkholder]

Yep, wether you do geographic split or overlay two area codes, you are merely adding additional available nxx combos, and this does not address the eventual exhaustion of line numbers in the npa/nxx 10,000 block scheme.

Overlays are more attractive to phone customers because no one has to change their number, only new numbers are assigned the new area code. Companies that compete with the established local carriers hate this because they feel they get an unfair percentage of these numbers and they think customers hate the new area code since it is seen as second-citizen to the established code.

Re:The solution in Denver

[Jburkholder]

yes, this has been argued into submission. :-)
The problem here is that this tends to 'discriminate' against one service provider vs another.

Lets say they decide to do this and say cable telephony providers have to use a different area code than the incumbent bell local carrier. They don't like this because now your service looks second-class compared to the bell and they think (maybe rightly so?) that this is an unfain competitive disadvantage.

Re:The solution in Denver

[Jburkholder]

No, they're stupid.
Won't disagree on that, I work for one and know first hand! But that's not the reason this wont get done. The decision is not entirely in their hands. The public utilities commissions probably have as much or more to say on the subject, and are often as lacking as the phone companies in the smarts column. :-)

Do Both...

[Parity]

A sensible transition plan, and one I would be very surprised if it hadn't already been written up, would be for the 240-247 space to be used in the transition to IPv6; during the interim-period,
IPv6 addresses would -only- exist in the class E range. Once everything is stable, then everything goes IPv6.
(Or maybe we do it in reverse... 240-247 are used as a prefix by 'smart' gateways to allow new-IP to talk to old-IP. Or whatever.)
The point is, if we throw away those addresses for the minimal (percentage-wise) increase in total address space, we won't have them for transition schemes of this nature.

--Parity

No household needs more than one IP address

[joshv]

Each househould needs only one routeable IP address. All internal devices needs only non-routable IP addresses handled by IP Masq or something similar.

A number of people have pointed out that this is not satisfactory as the outside world cannot address the devices behind the firewall individually.

Sure they can, through a server. You are going to have to have some sort of a organizing server that registers devices and their capabilities as they are installed on the local network anyway. Something similar to Sun's jini.

Did you imagine that each device, in addition to having its own IP stack, would have all the brains to present its own individual interface to the outside world?

No, these devices will broadcast their capabilities to a server and let the server worry about presenting an interface to the outside world.

In this scenario instead of sending an IP phone call directly to phone1.myhouse.org I send an IP call to myhouse.org and undergo a discovery protocol with the server. The server tells me all the devices it has registered internally that can speak my language, and then I converse with whichever device I chose THROUGH the server.

Making all devices _globally_ individually adressable would be a nightmare. What do you want to do, telnet to each lightbulb in your house and tell each to shutdown (after having barely remembered the DNS names - was that lght1 or light1, or lightbulb1?) - or go to your house's web page, authenticate, and select each bulb from a list that the server dynamically generated based on all the devices which had the requested capability?

If we use them intelligently I think we should have more than enough IP addresses for quite some time to come.

If we could only get those corporation to give back the routeable IP addresses that they are using only internally.

-josh

Re:All IPs cannot be used

[j+h+woodyatt]

The IETF has a working group that worries about this problem in IPv4.

You can check out its charter at http://www.ietf.org/html.charters/nat-charter.html and you should read all the drafts if this is an issue that pushes your buttons. In particular, read the "terminologies and considerations" paper and the draft on "implications" of network address translators.

There is a real problem with IPv4 addressing that is fixed in the IPv6 architecture. Large organizations hate renumbering every host on their network, and the way they prevent external conditions from forcing them into that kind of flag day is to use an RFC 1918 private network and an address translator. IPv6 uses such a large address space not because the architects are worried about eventually running out of addresses, but because it makes for a more scalable address assignment system than the one we currently have.

Just so everyone here knows, the reason to adopt IPv6 has nothing to do with a perceived shortage of IPv4 addresses and everything to do with the protocol complications caused by the loss of end-to-end addressing in the network caused by the widespread deployment of network address translators.

Subnet IP's

[Rayban]

This is a really important issue we're dealing with. People are so caught up with every machine being hooked up to the Internet, they haven't realized that you can actually use either an ipmasq or a natd program to allow all your computers behind your firewall to access the internet w/o problems.

I've seen offers for 8 IP addresses with ADSL connections. It'd be great to have that, but it is really important? With a firewall, you get protection against attacks and the like as well. I'm starting to wonder if I really want any computer (other than a firewall) hooked directly up to the Internet.

Subnets are EASY to configure and work almost as well as nets connected directly to the Internet. Remember that the next time you set up a number of connected systems. :)

Too few IPs?

[Graymalkin]

If companies would stop sitting on their brains and stop tying up class C addresses there would be less of a problem. And who REALLY needs their Mr.Coffee to be hooked up to the web? Unless you have a spare Rosie the robotic maid of C-3PO lying around...you have to get everything ready (by hand most likely in the morning)) for the appliance in question to work it's mechanics on it. My fridge, coffee maker, and/or microwave doesnt need an IP address. And even if they did, put a server in your house that routes commands to the different devices/appliances. That way you take up one IP.

Re:All IPs cannot be used

[Graymalkin]

Maybe I'm stuck in the past or something...but I really don't want my toaster setting anything off. Do we REALLY need to have everything in our households done for us so we become mindless idiots who surf the Go network and watch network television all day. Giving an IP address to everything is just stupid in my opinion. No one's life should revolve around their PC to where it needs to tell them when their toast is ready. I'm on my computer many hours of the day, but I tell if my toast is ready the old fashioned way, I smell for smoke.

Re:And then....

[JasonB]

OK, here it goes:

Let's say you have a server machine with two Interfaces, one on the Internet side with IP 199.99.99.1, and another on your private network side with IP 10.0.0.1. This server machine is doing Network Address Translation.

Within your network, you have a desktop PC running linux with IP 10.0.0.2.

The only way you could connect to your desktop PC would be to telnet to your server, and then telnet to your PC from the server.

If you had a web server running on that desktop PC, nobody outside of your private network could access it, as it has been assigned a non-routable address. That's how most companies secure their private networks.

-jason

Who said anything about cabling?

[_Stryker]

Ever heard of Bluetooth?
---

Routing is a problem.

[Skinka]

only 10% of all available ip addresses are used

The problem isn't the amount of IP addresses, what it really comes down to is efficient routing. Lets say for example that IP 2.2.2.2 belongs to some dude in Norway. So route all packets that have 2.2.2.2 as destination to Norway. How about IP 2.2.2.3 then? Let's give it a university in Malaysia. Now routers have to know exatly where the holder of each IP lives. They have to scan every packet and compare its IP to a BIG database of locations. Needles to say, this would be very slow.

So how do 128bit-addresses help? Well, we can make a deal that the first 8 bits mark the country. Now the router needs to scan only the first 8 bits and compare it to small database to determine where to send the packet. When the packet reaches the right country, next 8 bits are checked. These 8 bits could mean the state/province/whatever. Then scan 16 bits to determine the correct city. This way you can narrow down the search step by step until the packet has been delivered. Simple and fast.

Re:Routing is a problem.

[thogard]

Routing is only a problem because the stupid way modern routers work. A routers job is to take packets from one interface and dump them on another with a bit of smarts of best routes/failures etc. But what happens in the real big routers? They lookup the route table for every packet in huge table. If a big router has 16 interfaces, treating everything in the world as a /24 (aka class C) then there needs to be a table of exactly 8 megabytes. One could build a mega-switch that uses a second box to do the fancy routing bits. This crud about needing the router to instantly dynamicly reroute is a sham, let another computer generate the best routes and update the mega-switch and lose a few packets when things go down -after all TCP will recover anyway.

Re:Routing is a problem.

[djp]

Actually the table needs to be quite a bit bigger than 8MB, as there will be multiple routes to destinations, and other route properties (also isnt 2^28 bits == 32MBytes not 8).

Looking this up fast is hard, even using the techniques you describe which are already used in modern routers with distributed switching architectures.

The problem in both telephone and internet networks boils down to a good clean hierarchy versus the ability to change providers and keep old addresses. This later obviously breaks any hierarchy that may have been in the system. Using namelookup mechanisms is a saving grace, as people can renumber and preserve structure. Having 128 bits of address space helps a little (as users dont have to come back for more addresses). IPv6 isnt the whole answer though - indeed some of the IPv6 address allocation procedures Ive seen look worse than what we currently have for IPv4.

Any one who uses "class A/B/C" should be immediately corrected because they cause immense confusion. Its no harder to say "slash 8" than "class A", a lot clearer, and try saying "2 bits longer than a class B" instead of "slash 18". Its amazing really how many "supposed experts" keep refering to class A/B/C in a non-historical context.

Unfortunately theres still some software that contains classful bugs. All Solaris up to at least 2.5.1 (they route without a netmask !), DNS-servers, and Ciscos IOS for example..... Linux has remarkably few :)

Re:Routing is a problem.

[drew69]

i think that bigger address space help because the addresses in a network can be grouped together more efficiently.

i am not sure how it is affected by classless routing but i understand that each 'network address' needs a route table entry, and it is only by having a system that breaks the Internet into a manageable number of smaller networks that the whole thing hangs together - you dont route to a host, you route to a network.

Shortage? Nah

[DJPenguin]

There can't be much of a shortage here. I just signed up with demon internet and got a static IP without even asking for one!

James

IANA has about a billion addresses to give out

[apsmith]

Look at all the class A's IANA has NOT assigned! And all the "reserved" addresses? I suspect this is just a bit of noise-mongering to get the new ICANN (IANA's replacement) jumping. Or maybe it's when people look at those growth numbers with the internet doubling every year that they think we're going to run out shortly. But actually internet growth has slowed especially in the last year or so - check out John Quarterman's latest analysis at www.mids.org.

-- Arthur

Some "class A"'s _are_ being broken up.

[Grit]

Stanford University has a "class A" 36.0.0.0/8, but this is (supposedly) being phased out and returned to IANA. Since we also have 171.64.0.0/18, there's no problem fitting all existing hosts back in. Are other universities that were granted "class A"s behaving similarly?

IP Wastage

[GC]

Our WAN supplier has a complete Class B range and several Class C ranges of official IP addresses that it uses internally only, when an internal host accesses the internet we almost always use NAT to yet another range of addresses that our ISP has allocated.

The problem isn't that we don't have enough IP addresses, it's just that we're not using them very well.

I see no reason why we couldn't change to the private IP ranges (10.0.0.0 Class A range for instance) and then use NAT or even PAT to the Internet, but it's an organisational nightmare to make this kind of change simultaneously across several corporations.

The problem is almost certainly mis-management of IP addresses.

This is not an issue

[umoto]

Consider the expansion of the telephone system. Over time we have added more digits. Yes, there have been glitches (sometimes you just can't call your aunt in Africa because of some kind of "busy" signal) but we have solved problem after problem and I think we can take it for granted that even if we run out of area codes, we'll find a way to squeeze in more digits. Same goes for IP. Of course, solutions like IP masquerading work very, very well IMHO and not every computer really needs its own instant global access point.

Re:And then....

[gawk]

Ummmm ... aren't you forgetting port-forwarding?
let's see; I can telnet to my masqueraded machine
like this:
redir --lport=97 --caddr=192.168.1.2 --cport=23 &
telnet mydomain 97

I can do the same with a web server or any other
kind of service. Set up right, you can open up
all sorts of holes to inbound services. I'm logged
into a masq'ed machine at home from work right now.

Re:And then....

[gawk]

Ummmm ... aren't you forgetting port-forwarding?
let's see; I can telnet to my masqueraded machine
like this:
redir --lport=97 --caddr=192.168.1.2 --cport=23 &
telnet mydomain 97 #forwards connections to port 97
#to the masq'd box's port 23
I can do the same with a web server or any other
kind of service. Set up right, you can open up
all sorts of holes to inbound services. I'm logged
into a masq'ed machine at home from work right now.

Think Big Not Small!!!!

[Pepe+Rodriguez]

Everyone seems to be thinking small.... Any scheme that does not provide an individual IP address to a particular computer is going against the basic design of the Internet. A device/ entity /computer/home/remote/fridge with an IP address can do anything you want it to (in regards to Internet activities). The other schemes all have limitations, whether it be outside accesibility or whatever. THINK BIG and don't settle for any solutions that do not provide IP's for anything and everything you want them for. Otherwise, you are starting to mess up the Internet's basic structure. Sure you can point to individual activity and say "That can be done without individual IP allocations, heres how.....", but anything can be done if you have an individual IP allocation.

anyway, my 2c, I'll go have another cup of coffee now.

Waste Not, Want Not!

[BobMarley]

All the talk over the past couple years about the shortage of numbers, and I have a Class C number that I can't use, and NSI won't take back. I grabbed it way back before CIDR days, used it for a year or so, now have cable modem access, and can't use it -- nobody will route it for me.

.c.

This problems caused by morons - like most of us

[gwolf]

When I set up the network for the company I worked with until about 1 month ago, I was completely unaware of the situation or of any possible workarounds. I got a class C for (then) 60 PCs. They grew up to be 150 in a bit over a year. Well, they always had Internet access, but via a proxy (bandwith is too expensive in Mexico, I had to set up Squid with 2GB in order to make it work smoother). Later, I restricted most ports to all machines except for the servers - Well, I could have done it from the beginning with a 10.x.x.x or 192.168.x.x or any other public number... But, as I did not know this beforehand (as most sysadmins don't when they start sysadmining), it would be a PITA to change it all...

Yes, IPv6 will fix a LOT of things, but the FIRST thing is - READ before you set up. Search for optimal, ecological (i.e. - don't ask for what you won't need) solutions.

You are so stupid ...

[rullskidor]

If there are internet in a coutry they naturly must get the right tools to use it.

Why don't you start your own 100% american CP-net and use that instead, you obviously don't care about anything else than you and your contry.

Does the INTER part of internet mean anything to you?, well it's not USAnet it's internet, a world wide network for everybody but guess what, the numbers are not enough then whole Asia and Europe wan't to use it.

With your attitude you should be living in caves and fear the light; IPv6 will help everybody and make the internet a better place.

/I worship good technology not my Country

Re:All IPs cannot be used

[garver]

I agree that it is virtually impossible to run out of IPv6 addresses. Hell, its going to be tough to completely use all IPv4 addresses. But, the problem is still routing. With a larger IP space, we get an even worse coverage rate.

I also agree that we probably won't need more space than IPv6 until we leave the planet, but I hope someday we will. It probably won't be in my life time, although I hope it is. The attitude that you have will cause a similar crisis to the Y2K problem, only the scope and cost will be much bigger. We can save the future by designing correctly now.

BTW, ethernet addresses don't need to be assigned based on routes, so we really do need to have 2^32 cards before this a problem.

All IPs cannot be used

[garver]

First, it is impossible for every IP address out there to be used. Routing is the evil here. Every little network has to have some contiguous IP block. For a small office it could be a /28 up to a /24. There will always be some IP addresses extra for future growth and because things come in powers of two. If you are very good, 50% coverage is possible. A group of offices becomes a corporation which needs a contiguous (if possible) block under which all of the offices live. Of course we need to have room for future addition of offices. Here, using 50% of our sub-blocks again would be good. Now we are to a total of 25% of the IP's used.

This process goes all the way up to the backbone providers.

We could get greater than a 50% coverage, but at the cost of a management nightmare and larger routing tables. You want to keep an office in the same IP block so that it is one router entry. The same with a corporation. Otherwise, by the time you get a few hops from the end-user toward the backbone you will have router tables too large to handle.

That being said. There are some /8's out there that I think could be broken up. Some of the major players in the Internet's early days got /8's (Class A's) because no one ever dreamed that whole world would be trying to get IP addresses.

Second, I think NAT is only a temporary and mostly an unsatisfactory solution. NAT uses one IP address for a bunch of IP devices. A proxy server has the one IP address and all traffic goes through it. I say it is unsatisfactory, because you cannot run servers multiple servers listening on the same port behind a proxy. You can get away with one mail or one web server by telling the proxy anything for port 25 goes to the mail server or for port 80 goes to the web server, but a second web server would have to run on another port. In short, only clients can go behind a NAT proxy. Eventually we will run out of IP addresses for servers also.

Third, yes your toaster will need to have an IP address. Any device in your house will want to communicate to other devices in your house. Your toaster could set off the fire alarm (which has its own IP) when toasting gets out of hand or blink an icon on your desktop when your toast is done. If a device communicates, it needs an address. If IP is the protocol used, it needs an IP address.

Finally, I'm not sure IPv6 is a good solution. It just gives us a new ceiling in the total number of IP addresses. Granted the ceiling is really damned high, but try telling an ARPAnet boy in the 70's that 32-bits is not enough. I would rather see a variable length address. Give my house a prefix (1.2.3.4.5) and let me assign after that. Everyone else just needs to know that something beginning with my house prefix comes to me. ISP would have their own prefix and their customers would be underneath that. This is a rough, but it might work.

Also, IPv6 is missing other features that I would like to see if we are going to upgrade the 'net. Realtime transmission is top on that list.

Re:All IPs cannot be used

[ebrandwi]

Sure, there are some /8s out there (e.g. MIT), but breaking them up is not a nice thing to do. Switching the backbone entirely to CIDR would cut our routng tables by a factor of 10. It would just require re-IPing everything that has an address. Everything. Not gonna happen this week.

And 2^32 is a high limit, sure, but not that high. However, exponential growth is a quick sucker. IPv6 provides enough addresses to give an IP to every grain of sand on every beach in the world. Even counting huge tracts of waste due to allocating contiguous blocks, we are not going to run out until we leave the planet. Heck, no one is at all scared of running out of ethernet MAC addresses....

Not as bad as it sounds.... yet.

[Restil]

I personally have 16 ip addresses, and I'm planning to upgrade to a full class C in the near future, but I do a lot of serving, so its somewhat justified.

One of my IP addresses is allocated for my household appliances (yes, I'm not making this up). Currently it only has control of my doorbell, a lamp, the roter on my webcam, and my RC car. However, just this one computer has no problem controlling multiple devices.

Even if each appliance had a separate computer with its own IP address, there's no reason that those IP addresses would NEED to be internet IP addresses. They could just as easily use masquarading or some other internal network scheme and full control of those appliances could still be controlled from anywhere in the world with only a single dedicated IP address.

As for upgrading to IPv6, parts of the upgrade will be easy, parts will be difficult. The easy part will involve any type of generic operating system. Linux, any unix system, win95, win 3.1, all those types can be upgraded relatively painlessly. There will still be a lot of confusion, but it could probably be gradually upgraded so the new IPv6 network could temporarily mirror the IPv4 network so for a year or so, it would work both ways as if all computers still used IPv4.

The hard part will be the embedded systems that have IPv4 hard coded and would require a flash upgrade or worse, couldn't be upgraded without a hardware swap. However, for many of those systems, they could still be utilized to some extent, at least until people have a chance to upgrade. Things like X stations, port servers, and the like don't need physical internet addresses and could function equally well as an internal masquaraded network on IPv6 with a router or bouncer taking care of things in the middle.
Its not as clean as we would like, but if we really have 25 years to work on it, it should be possible to have a smooth transition, without the Y2K variety of panic that comes with an imminent forced deadline.

-Restil
restil@alignment.net

And then....

[Patman]

it'll get even worse when more people hook refrigerators and crap up to the Net....I think it's funny that I have my own IP address now, and that's for a cable modem that does no serving. Looks like we better either get the new IP address standard into place, or start restricting new Net machines....come to think of it, the second might not be a bad idea....

An IP for you Remote?

[Mnemic]

I'm not sure why you would need this. Why would your remote control need to be on the net? if you wanted to do something like this, wouldn't it be sensible to set up a proxy of some sort, and reserve all your household stuff for a Private Network? Last I checked you could easily use 192.168.1.0 for your network..... Having your individual appliances on the internet would also prove for exploits..... Can't you just see someone hacking someone's fridge, and putting it on 10 degrees Below freezing just to tick them off? Or Have someone change the channel in your house from somewhere else in the world because they exploited your remote control? We don't need to have our remote control on the internet taking up an IP adress... Private networks are out there for a reason.....

RTFM RFC1519

[sam_vilain]

CIDR avoids this by assigning IP addresses geographically. ie, you can then determine whether a packet should be sent north, south, east, west, up, down...

Just How Many addresses does IPv6 have ?

[Splatty]

I Have heard many different stories on just how many addresses IPV6 can accomodate - Could any1 shed some light on what the TRUE amount is ?

Reselling?

[Garpenlov]

So, when IP addresses are scarce, will the priveleged few "organizations" (be they companies or universities) with class A networks allocated to them resell parts of their address space at unreasonable prices? Will IANA force them to give back their unused address space? Or will it never occur?

[Like the first few posts, I agree that the article's contention that all your household devices need public IP addresses is silly -- they shouldn't, both for security's sake (someone's hacking my toaster!) and the fact that they only need to communicate to other household devices. And I still think it's kind of silly to predict that all your household devices will be network enabled and talking to each other. You think cabling is a problem now...]

Protocols

[aaronl]

Here's an idea, how about we don't use TCP/IP to talk to devices in a house. How about we just give a house an IP address, and let some computer handle figuring out devices. Or we could just use TCP/IP and assing a device to a port on that IP. There are an awful lot of ports above port 1024 anyway.

Crackers and Television

[unyun]

Personally, I would want my network to be "secure". You said that crackers wouldn't be able to break in and give something a virus... but I still wouldn't want them to break in and change the channel at the finale of a movie... or break in and change the temperature to 20 degrees in the winter while I'm sleeping.

~unyun~

Good point there...

[detritus.]

I think eventually we will be running short on IP addresses, especially with more and more ISP's buying up subnets for dialup customers. The numbers will only keep growing.

There's no way in hell if we do run out of IP addresses that we will add another subnet. That's billions of programs that would have to be re-written again to understand more addresses.
It eventually will be an internet "y2k", people looking back and saying "why didn't we think of this before?".

Al Gore Made a mistake then!

[TeChYMaN]

Remember? He made the internet? Trent Lott was smart... No paperclip shortages

Range 65-126 is vacant

[isdnip]

Half of the original "Class A" space was never given out; the whole Net 65-126 range is vacant. Using CIDR allocations, that can last a long time!

IPv6 is too much work for too little gain. I'd rather see a total rethinking of the IP layer by some people who don't think that IPv4 was handed down to Moses on Sinai.