Hide it behind a NAT?
Does every home router really need a public internet address? Can't ISPs hide all those home routers behind an overload NAT? That would cut down the number or IPv4 addreses in use.
Less than three per cent of IPv4 address space is still to be allocated, after two huge chunks were given to American and European ISPs. ARIN and RIPE, which administer IP addresses on either side of the Atlantic, each received two /8 address blocks in November. A fifth block went to their African equivalent. The moves leave …
A growing number of ISPs are likely to be doing this already. And customers who don't see a publicly routable IP address on the outside of their routers have no way of running a server on the inside without a much more complex setup involving cooperation from more parties. This is also going to be an excuse for ISPs to charge more to users who do need to make servers inside their home networks contactable by clients outside.
...And this is why I'm 100% against this. Yeah, it's great for getting extra IPs, but it means that no one can run an internal server. Sure, it means that I can't run a web server from home, but it also means no more home-based game servers and the like. Personally, my network would be completely crippled; I wouldn't be able to log into my computer remotely, I wouldn't be able to transfer files I need, I wouldn't be able to host my webserver, FTP server, mail server, or VPN server; I wouldn't even be able to share pictures with my family. Yeah, maybe people don't NEED their own public IP address, but then again, who really needs 3Mb download speeds?
It isn't ISPs that have the extra IP addresses, but large companies; many bought huge blocks of IPs, but only use a tiny handful. If those businesses were to sell some back, we'd be rolling in address space again... meanwhile, it would be great if the various governments would switch to IPv6 like they switched to digital TV; lots of addresses there, and we could end this hysteric nonsense.
Assuming we could get them all back, for the majority of them It would take at least months, probably years to
A) Get over the legal wrangles
B) Give the companies time to sort their networks out so that the reclamation doesn't destroy them.
Which means that, optimistically we would be getting a trickle of reclaimed /8s rather than a flood and we would already have run out before most of them were reclaimed.
Now, if we could instantly reclaim them all tomorrow, that would be different.
What would that do to tracking those naughty people who download things they shouldn't. I imagine it would also make things harder for certain lawyers, always assuming they are still lawyers by then, to send out their threatening letters.
ps. No I don't know much about networks and NAT, my bloodsugar is low and I need some jaffa cakes and Coffee, maybe then I will re-read this and delete it.
Nah, its one more level of indirection the ISPs need to sort through.
Besides, the lawyers involved dont seem to be particularly concerned with evidence anyway.
To quote badly from Yes minister,
"But they havent taken all the evidence yet!"
"Evidence? you dont think the comittee is going to soil its mind with anything quite a sordid as 'Evidence' do you?"
But surely the vast majority of home or even small business Internet users are exactly that - 'budget broadband' users; the Interweb is a thing they use for e-mailing and updating their Facebook accounts. It's not that different to the fact that some ISPs don't assign static IPs. So, using that same model I don't see why NAT wouldn't work for the majority of accounts, with the option of an IP address for those customers who wanted it. Yes, some ISPs may see this as an opportunity to charge extra (like some do for static IPs), but that's really a different argument that doesn't impact the feasability of this. Besides, I would suggest that most users running home servers etc probably already pay more for their ISP service than the cost of 'budget broadband'. NAT by default for the masses on BT and Sky, IP for the Zen etc users.
NAT is great except for one thing: it's difficult to create a hole for a server through NAT.
Imagine if, every time you wanted a service available to the outside world, you had to apply to your ISP for a port mapping! Your bittorrent client, your web server, your mail server, whatever special service you require a port for..
Unfortunately IPv6 will be like NAT for a long time: every time you want an IPv4 only service (and that will be most of the time for the first decade) you'll have to go through a translation service (i.e. NAT). No client will want IPv6 knowing only a few other users will be able to access their host directly.
IPv6 looks rather strange:
They "should" have used the first 8 bit to tell what's coming, IPv4 or IPX or whatever, and let the rest handle itself. But here, they use the first 80bit for IPv4 compatibility, the first 7bits for IPX compatibility.
"prefix-length: is a decimal value specifying how many of the leftmost contiguous bits of the address comprise the prefix"
Or even the first 32 bits if they were afraid they're going to be short on prefixes. It would still leave 96 bits ( (2^32)^3 !) for addresses. But for f****'s sake, use fixed length numbers.
Currently, most ISP's share a pool of IP addresses between their users, assuming that they will not all be online at the same time. This allows you to have a unique IP address for all the systems behind your NAT connection for the time you are connected. If you have this, then using a dynamic DNS service will work to make your systems locatable, and port re-direction will allow multiple inbound sessions to be directed to different servers behind your NAT system.
Unfortunately, the world is moving to always-connected devices, so this model is breaking down.
When DNS was first designed, they added the possibility of having well-known-services to be hosted in a map to be queried. This was to allow you to provide information such as port numbers for particular services. Since that time, everyone has got used to fixed port numbers for things like http (80), https (443), ssh (22) and the like, so WKS has been ignored.
Using fixed port numbers makes it difficult to NAT several people's service to a single IP address on the network, as they may all want 80 for example.
If the dynamic WKS support of DNS was used to hold port numbers, or something like SUN RPC (portmap) was rolled out onto the internet for inbound services using port redirection, then it would be possible to use the 16 bit port number together with a single IP address to stave off the inevitable exhaustion of available IPV4 addresses, but it would require people to be much more knowledgeable about port usage, and some changes to certain services to not rely on fixed port numbers.
It would also make firewalls a lot more difficult to write, but you would only expose the services you needed anyway, so maybe this would not be so much of an issue.
It's not just the home routers that need IP addresses, there's the ISP's internal hardware. I've seen reports that some US ISPs are struggling with that sort of internal addressing, because the biggest block of private addresses isn't big enough. Some of the problem may be an inefficient use of IP addresses which might be hard to resolve: if a particular location needs 10 IP addresses, it may work best to allocate a block of 16.
I do wonder if some of the "free router" deals are compatible with IPv6. On one hand, it's a way of getting compatible hardware out there (and simplifies support). On the other, it's a way of dumping kit that no sensible IT department would install.
[Coat... Semaphore flags... I'm just going outside. I may be some time.]
Using private address space to connect every home router is no fucking use.
It won't work because some network services that use random port numbers - SIP, most P2P shit, multiplayer games - can't survive NAT. Streaming audio and video tends to come unstuck too, specially if there's more than one gadget behind the NAT box doing that.
Even if NAT could work at this scale, we're still fucked. It would only save around 30 Million IPv4 addresses: there's roughly that number of households in the UK. There are about 1 Billion smart phones and hand-held devices out there already. And that number will surely grow as more iPhone/iPad knock-offs reach the shops. They'll all need IP addresses too.
Saving a few million addresses by NAT'ing home routers will be lost in the noise. The world is using up 16 million IPv4 addresses every month. So this idiot NAT idea, even if it worked (which it doesn't), would only put off IPv4 exhaustion by a couple of months.
Then we have things like smart metering, the intelligent grid and the internet of things. IPv6 is the only way to interconnect everything that will be connected to the Interweb.
I'm an operator on a medium-sized IRC network, and the thought of having hundreds of users behind a single NAT simply makes me cringe. Any one troublemaker would cause ALL behind that address to receive a ban, either channel-wide or network-wide, which is already enough of a pain due to dynamic IP addresses. Then there are session limits... Our servers by default limit users to up to 5 simultaneous sessions for security purposes. Putting users behind a NAT would cause all sorts of "fun" not only for us but for any type of server that limits the number of simultaneous connections. Mobile phones already do this to an extent, and that sort of situation makes some sense... But overall, using one giant NAT for many users is NOT a good idea at all.
Are these people on some kind of schedule or something? I only ask because it seems like every couple of years or so for the past fifteen years, some expert has appeared out of the woodwork to start yelling that the Internet is dead, or dying, or full.
Kinda' reminds me of one of my favorite pages from the Web 1.0 days; it was a single white page, completely blank except for the large bold headline:
"YOU HAVE REACHED THE END OF THE INTERNET. Click the Back button on your browser to return to the Internet."
126.96.36.199 is the last internet-routable device address currently possible in IPv4. 224/4 is multicast, and 240/4 (to which 255.255.255.254 belongs) is reserved for experimental purposes. 240/4 may get thrown into the mix out of desperation, but as of now, it's unroutable on the internet.
I'm all in favour of the long-overdue move to IPv6, but meanwhile why not offer incentives to those organisations with historic /8 and /16 ranges to hand part of them back? For this to be effective there would presumably need to be some cash incentive to do so, but then prices for IPv4 address ranges are bound to increase as a result of this shortage.
3% of the Internet equates to just eight /8 ranges and there's about 50 of them still in private hands.
Problem is there's no mechanism for this to happen, and the costs to a company of renumbering may well be beyond what anybody's prepeared to pay. This only defers the problem anyway - the consumption of Ipv4 addresses is increasing in speed.
However, don't be fooled by all of the hype - even when the remaining /8s are handed out by IANA (one to each RIR as soon as there are only 5 remaining) the RIRs still have unallocated addresses, and when they've run out LIRs still have their own reserves, so although it's correct to say IANA will run out (probably by the end of Jan at current rates), it'll be some time after that before RIRs have run out as well, and still further until the LIRs run out.
When the LIR's run out you can expect to see them aggresively reclaiming IPs from within their own networks.
Please- CGN is just a *bad* idea for so many reasons - don't go there.
You don't need a cash incentive; this has nothing to do with money. Nobody owns any IP addresses. You can not buy or sell an IP address (and indeed feel free to tell your ISP this the next time they try and charge you for a fixed IP address) so there is no "price" issue.
You are right though - the likes of Ford and GM and other large US companies have huge blocks of IP addresses assigned to them, and they should be made to give them back; there is no reason why they should continue to hold on to these. I assume ARIN works similar to RIPE in that you can basically have as many IP addresses as you like as long as you can justify them. I doubt GM (for example) can justify hanging on to (hundreds of ?) thousands of addresses. I wonder why the situation has been allowed to continue in the way it has.
Because they were allocated their blocks in the pre-ARIN/RIPE/APNIC etc. days, so aren't bound under the same rules. In fact the rules for any allocation state basically that as long as the original application is still valid then they remain where they are - the fact the circumsances outside those allocations has changed doesn't make any difference.
I was recently at a General Electric (GE) company. GE have a full /8 and every machine on every desk has a public IP yet they have a restrictive firewall and only a handful of machines can access the net through any mechanism other than the HTTP proxy or have incoming permissions.
I would bet parts of my anatomy that they don't have more than 253 Internet-facing machines. I would support an initiative to take away big netblocks from companies like this that don't use the addresses externally. I think it would be fair to give them a /24 and free the rest up unless technical need and the intent to use anything more for external-facing services can be demonstrated. Unless it's someone like Google, Akamai, an ISP or a hosting provider I can't think of many companies who would pass this test.
Is it time for "use it or lose it?"
I have no idea how much of the /8 they're using publicly, but I can attest to a /16 chunk of it that is currently in use in a publicly-routed infrastructure where RFC 1918 private addressing would not work.
That's not to dispute the fact that the corps with class A allocations hardly need much of what they've got without going to IPv6.
I have the "perfect" solution:
It is called "Liquid Plumr Foaming Pipe Snake" (tm). (May not be available outside of the US.)
Just pour it into the pipe, and the foaming action will clean all of the crud that clings to the pipe (tube) walls.
We will probably need at least 16 large oil tanker sized ships full of this stuff PER /8 address block. But, think of the children, no more smut or crap on the `innartubes`.
It looks like many ISPs are looking at carrier grade NAT as a quick fix, which is a shame as it breaks loads of stuff (VoIP especially) and the same effort could have been spent ages ago on IPv6.
I've been asking my ISP (Be) for IPv6 for over a year and even today it seems they have no plan. This is an industry wide fail with just a few cluefull and notable exceptions (HE, A&A etc).
On the plus side, it seems the regional registries will still have a few months IPs left to dish out after the main pool is exhausted. First come first served of course.... The rush for the final allocations could be more manic than an american "black Friday" sale!
it's far too broad an over-generalization to say that NAT has more issues that IPv6. Every ISP network has varying, installed bases of hardware, which may or may not be prepared to route IPv6. The same is true for implementing CGN. In the end, both are a mess and the shift is going to be very painful.
Is it possible this is the actual disaster that was originally anticipated for Y2K? Consultants, V6-up!
Paris, who loves the point of exhaustion.
Back in the day when the Internet* was invented in 1995 didn't they also come up with this crazy plan to replace IPv4 with IPv6 (v5 must have got lost in the post) that would let your fridge have 100 unique addresses all to itself?
Wasn't also the rationale behind some of the IPv6 design decisions to allow it to organically grow and ultimately swallow up pools of IPv4 addresses, until IPv4 was a thing of the past? I'm sure NT3.5 had some sort of provision for v6.
Maybe I was wrong. Maybe it was just in my imagination.
* See what I did there? I used a capital letter. Go on, it's not that difficult.
Agreed on that point. I prefer to avoid cable ISPs over here, because they have implemented NAT since the very beginning. That's something I label as dishonest, especially because they combine it with shady traffic shaping and will also break some protocols just because they can. At least one cable ISP has seen the light and will now offer IPv6 addys :)
A /8 block is 16 mebiaddresses. So they handed over blocks of this size. So what. Does it mean that all 80 mebiaddresses are now in use by devices? Eff no.
They have been handed to people who can in turn hand them to others (ad lib to...) who can in turn sell them to clients to stick on devices.
What I want to know is not "how much space is allocated to top-level allocation organizations?" but "how much space is actually being used by devices?".
When the latter maxes out, we have a problem.
And, as it has been for at least the last ten years, universal adoption of IPv6 is a couple of years away...
Where's the <SIGH/> icon?
Good points, its hardly impending doom and there are probably a much higher percentage of IPs being sat on and wasted.
I think those who are allocated IPs should be renting them, removing the incentive to hoard far more than you need - plus /8 allocations are quite large chunks, surely that can be broken down where getting on for 16.8 million IPs are not required!
As for NAT as a solution, my ISP can kiss my ass goodbye if they plan to nerf my connection in that way - I like my home email services, VoIP etc and I want that to stay working ta very much!
BTW, WTF are mebiaddresses?
There are huge chunks of the existing address space which are locked up behind firewalls with no intention of ever letting them route directly. I know that some companies who do have official address blocks in use internally still NAT connections to the outside world.
As others have pointed out the cost of renumber inside a company is considerable. There needs to be some sort of incentive. Why not allow companies with existing large address blocks to rent out their address ranges.
If companies could see a potential profit from re-numbering then they'd be onto it like a shot.
How long do you think it would take HP's management decide they didn't really need to sit on two whole /8s, a shed load of /16s and more /24s than you can shake a stick at if there were $$$ at the end of it.
When IANA is depleted - and I'd guess at February too, the RIRs will (by definition) all have at least one full /8 and a fractional /8. That will last several months for even the busiest (like APNIC, ARIN and RIPE) and AfriNIC and LANIC should last a bit longer than the other three.
Even when the RIRs are out, the LIRs (ie ISPs) will have blocks still to allocate to customers, so you're not likely to phone up an ISP and be told "sorry, we're full" until the back-end of 2012.
Still, what that does is it gives you two years from now to have your IPv6 transition planned, costed, and ready to implement.
There will be people who can only access the internet via IPv6 or 6to4 proxies by 2013 or 2014 at the latest. If you're an AS then you should be aiming for IPv6 by then - 6to4 proxies are going to be a pig.
[Oh, how I wish that the IPv4 space had been allocated a block in IPv6 and routers were required to down-convert packets; the transition would be so much easier]
This post has been deleted by its author
... the main question that arises is probably : if I need to access a site that has *only* an IPv6 address, will I be able to do so using my present present browser, router and ADSL line with no changes at my end other than making sure I have the latest operating system and browser updates. And if not, what action will I have to take.
Perhaps somebody at The Reg could either create such a guide, or find a well written one and publish a link to it.
to access ipv6 only sites (but hardly any exist right now, and none that are important).
You just run an bit of free software on your machine that creates a tunnel to an ipv6 gateway. Have a look at somewhere like http://www.sixxs.net/faq/ if you're interested.
I played around with ipv6 about a year ago to see what it was all about, but for the end user it turns out to be pretty pointless.
The answer is that it depends. But given a good NAT implementation by the ISP then you will probably need do do nothing at all. Incidentally a sophisticated NAT implementation by the ISP could probably deal with most of the objections to NAT in other comments - access to internal mail servers for instance - but would require a level of sophistication and interaction between ISP and customer which is almost certainly quite impractical at current support and pricing levels.
This question shows a lack of understanding of IPv6. An IPv4 device cannot access a IPv6 server.
Think about it: how are you going to express an IPv6 address in an IPv4 packet? Can't be done.
If you have IPv6 support on your PC you could TUNNEL your IPv6 through your ISP's IPv4. But you MUST HAVE IPv6 support with IPv4 tunnelling on your PC.
Adding layers, complications, signups, and extra stuff is going to be an annoyance for the end user. Really, it seems like a 6to4 tunnel is a bit of a hack to fudge the two systems. Is it not possible for an ISP to support both IPv4 and IPv6 packets at the same time? Well, it sort-of is...
Tracing route to shake.stacken.kth.se [2001:6b0:1:ea:202:a5ff:fecd:13a6]
from fe80::222:43ff:fe26:78f9%6 over a maximum of 30 hops:
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
My machine would appear to be IPv6 capable (it can ping itself) but my Livebox does not appear to fully support IPv6, or if it does, Orange themselves don't. I find it odd I can DNS for an IPv6 address, but then not speak to it.
At least I don't have to worry about being shoved behind a NAT. Most Liveboxes over here carry a VoIP phone, and in our case (being dégroupée) it's the ONLY phone, and with a proper local number, not some special-service number. But I'd drop them in a heartbeat (and stuff the contract) if running my mailserver becomes impossible. It's just a damn shame the sharks want €8/month for a fixed IP address (a price that will surely rise to silly figures if addresses "run out").
AFAIK the problem for Joe Public is the ADSL router. All mainstream OSes have supported IPV6 for years, as have the routers used by businesses. Even Cisco support IPV6 now. However, try finding an ADSL router that supports IPV6 for less than several hundred £ and you're onto a loser. Having said that, devices like the DrayTek Vigor 120 http://www.draytek.com/user/PdInfoDetail.php?Id=71 are getting there.
There are several routers that are open hardware, on which the manufacturer's firmware can be replaced by Linux (or by a different Linux kernel). Some are designed to be open, some have been cracked by enthusiasts. Linux has supported IPV6 for years. So the cost problem will solve itself just as soon as there is a mass market for IPV6 routers.
> if I need to access a site that has *only* an IPv6 address, will I be able to do so using my present present browser
Yes. For example, to look at ipv6.google.com from a V4-only machine, go to
(The gateway is apparently in Hong Kong, because that's where Google thinks I'm coming from :-)
However, you will never need to do this. No content provider is *ever* going to put content on V6-only, making it invisible to the Internet (unless they don't care about users and customers). If people are prepared to pay $1m+ for a domain name, they'll certainly pay a few thousand dollars for their own IPV4 address, or will sit behind a shared HTTP proxy.
ipv6 was designed by nerds for nerds and has no appeal to the general net using public whatsoever. And instead of making it truly backwards compatible with ipv4 so that the net could just expand seemlessly, they decided a total rewrite was in order, hence the slow takeup.
Hey, but at least your toaster can have it's own IP address with ipv6!
The problem is the dire lack of knowledge about IPv6 and people posting nonsense based solely on rumour and ignorance. IPv6 has a /118 address space for site-local (equivalent to private space in IPv4) and another /118 space for link-local, a new category of private addresses. So you can NAT away to your heart's content.
This post has been deleted by its author
but it may not be elegant.
The basic plan would be that you designate a single IPv4 address as indicating that the packet is really IPv..( erm 7?) and that extra address information is then found at offset X.
At offset X you have a few bytes to verify that the packet is really the new format plus whatever extra address info is needed.
Machines and routers need software updates to understand the new format but the crucial fact should be that any unupdated router should just pass the packet on as an IPv4 packet that it does not understand. Routing tables would need a bit of clever work to make this work right, but I'm sure it's achievable. Also crucially, old IPv4 packets can continue to be sent and received as before and a machine with an IPv4 address can talk to a machine with a new address without having to have a new address itself.
Well that took me all of fifteen minutes to rough out, I'm sure there are plenty of flaws but nothing insurmountable. Don't tell me that with more time all the brains of the internet couldn't make the general principle workable.
Face it, when the internet explosion started, fifteen or so years ago, it was a nerd thing. There's now a lot of stuff on top of the basic IPv4 that hides it from the customer. The ADSL router gets its IP address from upstream. The computer gets its IP address from the router. If those machines can handle IPv6 then why should I care as the user?
Yes, there are things that I, specifically, would need to be careful of. I have a hard drive on my network, and occasionally run a server on localhost. But I don't use IP addresses directly.
Maybe if IPv6 wasn't such an incomprehensible abortion then you might find more techies happily switching sooner. As it is, why go through that pain until you HAVE to?!
Also, as suggested previously: Intel invent a new 64-bit architecture (IA64) and it bombs. AMD come up with a 32-bit compatible 64-bit architecture (AMD64) and it takes off like a rocket 'cos it's a no-brainer! Maybe the people who put v6 together should've done something similar...
brd1#sh ip bgp 188.8.131.52
BGP routing table entry for 184.108.40.206/8, version 24216485
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
6461 2152 7377
220.127.116.11 from x.x.x.x (18.104.22.168)
Origin IGP, metric 7021, localpref 100, valid, external, best
6320 20500 22822 11164 2152 7377
22.214.171.124 from x.x.x.x (126.96.36.199)
Origin IGP, localpref 100, valid, external
Community: 414208520 414208620
Noooo..... We "hams" are desperate to hang on to our radio frequency assignments, even if some are under used at present. The reason is that often a new technology comes along and without reserved space, there is no place to experiment. I believe things should be similar in the IP world.
Even the IP registries have held back some v4 space for future possible use.... Maybe the 188.8.131.52/8 range should be treated the same way or added to the same pool.
if you understand the proper meaning of "orders of magnitude."
Specifically, IPv6 provides exactly 96 binary orders of magnitude, or approximately 28 decimal orders of magnitude, over IPv4. In the common IPv6 notation, which is hexadecimal, IPv6 provides 24 orders of magnitude over IPv4.
Sure, in individual numbers that's a s**tload of space, but in orders of magnitude, "many" covers it quite nicely.
I'm calling it a fake crisis because we already KNEW it was coming and we already have the solution in hand. What's the matter with us that even when we can see that far ahead, we can't do anything about it until we actually run into the wall?
Supports my conclusion that the answer to the Fermi Paradox is that most intelligent species don't survive. Especially given the recent evidence of large numbers of planets, I'm increasingly convinced there must be lots of opportunities for life out there, but the intelligent forms remain hidden. At this point, I'm even quite doubtful we should claim to be an intelligent form. In spite of the lack of evidence, I don't think ALL of them exterminate themselves, but I'm inclined to believe that there are very few survivors--but they are probably watching us and betting quatloos on how long we'll survive. If I was betting, I'd probably bet on a supervirus bioweapon in the next 10 years...
> What I want to know is not "how much space is allocated to top-level
> allocation organizations?" but "how much space is actually being used
> by devices?".
> When the latter maxes out, we have a problem.
Not quite: when the number of IPv4 subnets that are actually being used by devices maxes out, we have a problem. That's much, much sooner than 4 billion public IP addresses actually being used.
A few months ago, the ISPs with opinions were expecting this to happen around 2015 (source: RFC 6036). Which is, like, tomorrow in terms of rolling out v6 everywhere. If you are an ISP and you have no plan, your entire revenue is at risk.
Let me tell you what the majority of ISP's will have as their plan.
But first we need to establish a few facts.
1) ISPs hate P2P because it makes them transmit a tonne of packets.
2) ISPs hate P2P because people use it to download movies and music, which ISP's would very much prefer you to purchase from their very own online stores.
3) ISPs hate VoIP because for the most part, they also are selling you your voice services as well and VoIP hinders their ability to do that quite substantially.
4) ISPs couldn't care less whether you are able to run your own web/mail/game server because they would prefer that you simply use your connection to surf the web and be a good little passive consumer. And hopefully they can figure a way of collecting data about your surfing habits to sell off at a later date at some point.
5) ISPs are greedy and amoral and are constantly on the lookout for new ways of charging more for stuff that they already provide.
So, with that in mind, this is how it will go down;
ISPs will move all their consumer customers to NAT. This of course will break all sorts of things but considering that those things are currently costing them money in the form of running expenses or loss of potential revenue they won't care at all. Most of their ToSs already state that running servers on consumer lines is verboten, and if they don't then these can simply be changed a few months beforehand.
For all the people who complain there will of course be a solution and that will be a "Premium Service" which is nothing more than what we currently have, ie: a proper IP address.
This will come at a price of course.
99% of the proles out there will never even notice that things have changed. Of the few that do, most of them will just shrug and go back to watching Justin Bieber clips on youtube, a few will sign up for the Premium Service and the rest will attempt to churn over to one of the ever shrinking number of ISPs that aren't implementing NAT (yet).
The golden age of the open Internet is nearing its end folks. One day we will all be telling our grand kids about the good old days where anyone could just hook a server up to the 'net and you could even create a private tunnel between your networks! All by yourself! No ISP fees required!
If they ever end up actually rolling out IPv6 then this won't be a problem of course but honestly, have a think about your current ISP. Do you _really_ think they have either the ability or the inclination to make such a move?
I'm not betting on it happening anytime soon. For gods sake we are within _weeks_ of running out of addresses and there is only one ISP in the whole of Australia that is supporting IPv6. The others aren't even _trialling_ it as far as I can tell.
It doesn't help of course about the whole IPv6 lack of backwards compatibility thing. Why they IETF didn't just add a couple more octets to the existing IPv4 is beyond me. I realise they wanted to address some of the perceived flaws in IPv4 but the fact is that the solution they came up with is simply too difficult to implement for todays massive existing networks. If the transition had have been fast tracked back when IPv6 was first introduced in the mid nineties when IPX still ruled the roost in corporate networks then it might have been less of a problem but today IPv4 is so entrenched in both the network infrastructure and staff knowledge sets that it is going to be an unmitigated nightmare.
I might have to consider retiring.
I work for a very large Internet icon that was foundation:fundamental in the growth of the internet. They own a number of B class address spaces that could easily be replaced by NAT + private address space. Like so many other large organizations, they are holding on.
IPv4 address space need a re-org, thats all.
IPv4 barely works for most people anyhow because of NA(P)T. For me it's just there as a legacy technology which I only use to communicate to people who don't have IPv6 yet.
I like to compare IPv4 to ISDN. Back then it was 'the big thing', but today it stales in popularity. Of course I have an ISDN line for increased geekiness, but I don't actually use it much more.
IPv6 will overshadow IPv4 in the same way. IPv6 will enable completely new possibilities like peer to peer web applications or proper VoIP.
Could ICANN just declare that in 12 months time, they will start releasing the private /8 ranges and the root DNSs will start pointing to their new owners? The NAT will still stop access from the outside internet, but machines behind the NAT would not be able to route packets to the outside.
Or am I just showing my ignorance?
I don't get the doomsaying from Anon 16 and others about increased risk...just because machines have their own IPs instead of shared ones doesn't mean it can't be firewalled. Bridging firewalls and 1:1 NAT are both perfectly reasonable solutions and would be easy to implement in ADSL routers.
I work as a network engineer in a UK Uni which has a class b subnet, which is essentially split into class c's for use. Almost every device gets a routable ipv4 address regardless of what it is being used for. Most of the class c subnets we use don't need to be a full class c, its just easier for non-networking people to understand. I suspect that we are not the only University who do this.
If someone turned around and told the University they could sell or lease class c subnets for some serious money with no major drawback, the University almost certainly would, and you could get a lot of IP addresses freed up.
All of it. They used a reasonable spread of it (through interesting internal numbering policies) but ultimately I doubt they used more than about 5000 addresses.
However, there is no way on God's green earth would they give their range up - clearly they would have to re-number internally and that would be too costly and too risky.
I worked for a different company that had a block of 8 class Cs and they woudln't give them up either.
No-one with an otherwise assignable range would give it up without a fight, or at least shed loads of money and high-level skills on tap. Even then most would probably just make it really, really difficult.
Slightly over the top article trying to overstate the upcoming end of the world. Those blocks have only been split up and reallocated to different regions for their use, so it's not like we've suddenly lost the use of them.
Also, please note that those allocated addresses don't have to be Internet routable; there are other networks out there other than the Internet to which registered address space is used, you know.
Many corporations have to use registered address space when dealing with connectivity to third parties and/or business partners through private connections so they can be sure that network is really owned by company. (ignoring the encryption and authentication angle)
Of course, whois information could be out of date, but that's unfortunately one of the only ways of checking.
I use a 10/8 subnet for my home network, have I 'wasted' 16 million IPv4 addresses? No, because it's a *private* network. /64 may be recommended for IPv6 because it allows automatic address assignment using MAC addresses* avoiding DCHP. But even if every private network used the full /118 site-local range it wouldn't make any difference to the consumption of Internet-routable IPv6 addresses.
* BTW anyone know when we're projected to run out of 48-bit MAC addresses? I feel like starting another scare ...
Don't get me wrong, I like IPv6, a lot, but the "we'll run out of IPv4 any minute now" mantra has been going since the late 90's or so. The *reason* we haven't changed over, has nothing to do with running out:
This doesn't haven anything to do about address space, or that every device in our house will be internet addressable, or the development and use of NAT tables, it's about the money and to hell with everything else.
We're going to run out, and it's going to *stay* that way, till someone works out how the hogs that own lots of address space get to keep their share of the money without making new address space cheap (because that will "devaluate" exising space, and single-handedly prevent any new owners from IP space because it costs so much. Can anyone say real-estate agent?).
Or work out a way to instantly make existing address space worth nothing. (so there's no reason NOT to decomission IPv4)
Good luck with either of those.
As has been pointed out here, nobody 'owns' their IP addresses, they can't be sold or rented. And the suggested solutions is that they should be forced to hand back unused numbers.
Or you could just let them sell. Establish a market, and you would see big companies that need the cash, like Ford and GM, handing over their IP addresses to their IT outsourcing companies, and quickly leaking adresses back into the market.
BTW, regarding that old "NAT is not a firewall" meme. A NAT is not a WALL. It is not made of Brick, Asbestos, or very thick Hardwood. And, like most original IT firewalls, it only walls in one direction. Sure, you can re-define "firewall" to mean "only my firewall is a firewall" or "Now that we've got NAT, there is no point in having an additional firewall unless it blocks outgoing", or "if a Luser can use it, it's not real IT", but the original packet filters were marked by the fact that they were configured to do LESS than a NAT router, not more.
It's like global warming.
Bank of America has 5 million ip addresses for it's consumption (that much is made public).
IP's for a long time were given out by Arin like candy because it was a big money-maker. At times you could purchase a /24 directly from Arin but they got greedy and decided they only wanted to sell in much larger block sizes http://www.pantz.org/software/tcpip/subnetchart.html
We in this business have all probably been told "you need to justify why you want these 5 extra ip's" meanwhile you have companies that have millions and millions of ips that aren't even in the internet business.
Arin sold and sold and sold ip's without any concern about running out of ip's. Arin's job was to assign ip's hopefully in a fashion that wouldn't bring us to our knees.
They have been pushing ipv6 for more than 10 years because alot of the same people in arin are invested in ipv6 technology and the people do NOT want it.
They don't want it because we don't need it, at least not at this point.
We need to have a giant audit of ip's, who they are allocated, why they are allocated, and if any carelessness was permitted by Arin to overlook allocation requests based on profit.
Completewhois.com (now dead) used to have a great website regarding rir ratios. It said which companies had the large allocations.
Companies such as ford motor co had/have ip allocations the same as companies like level3.
Level3 is an internet provider and ford is not yet ford had the same number of ip's.
Need to get the information out there, Arin isn't permitting 'legacy" ip allocations to be re-evaluated but if you want to get a new allocation your screwed.
And you don't have to take my word for it. The internet as we have it now has only been around for a short time. Arin and a few other organizations were appointed to control things / IANA (who is now merged in with Arin. How did we get to this point in such a short period of time? Why would we get to this point in such a short period of time?
I once heard that they had considered opening up the Class E block for public addressing (presumably to be distributed in /24 blocks, but that would just be my best educated guess). However, at the time it was said that a lot of routers (that is, commercial routers; who knows about consumer routers) would not properly route anything in the Class E space and for some odd reason a firmware upgrade just won't suffice to fix that.
I suspect that if they had begun preparing for the public allocation of the Class E space in the mid 90's when IPv6 was envisioned we could be allocating blocks of Class E today instead of worrying about running out of address space with no widely-deployed solution. Instead, we're sitting on approximately 248,720,625 (give-or-take some for network and broadcast) addresses that were never implemented "for future use," despite the fact that it is now the _future_ and we could really _use_ them.
Please could you add a new house rule that says you will delete redundant comments.
So many articles are clogged up with people repeating what was already commented on. In this post its been filled with people banging on about large American corporates holding address ranges.
We don't need ten people saying the same thing, the up votes are for that.
Thanks for your hard work by the way.
Are saying the same thing, it means they feel someone is not listening.
There is no IPV4 crisis. A HUGE percentage of issued / allocated IPs are not used publicly or even at all
IP6 is not a solution. It needs scrapped and re-designed.
A weasel or other Badger cousin could do it better.
Biting the hand that feeds IT © 1998–2020