back to article IP registry goes to Defcon 1 as IPv4 doomsday nears

The provider of IP addresses to the Asia Pacific region has activated a major change in the way it allocates them after becoming the first registry to deplete its number of older addresses to fewer than 17 million. APNIC said the depletion of all but its final /8 block of addresses was a “key turning point in IPv4 exhaustion” …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Not quite "4 billion" usable addresses.

    Apart from small fry like 127/8 and the two "directed broadcast" addresses on both ends of each subnet block no matter how small, there's 224/3 to consider. 224/4 is multicast, and 240/4 is "reserved". Reserved for what? I don't know. Those addresses will be blocked in innumerable devices, but strictly speaking they're free (minus 255/8 just like 0/8 and 1/8 are tainted). I think those last fifteen /8 blocks might see service before too long.

    With a bit of foresight, or rather the benefit of hindsight, it would likely have been possible to put LINK LOCAL, LOCALHOST,,, and a goodly chunk of rfc1918-type addresses in a single /8, which would've saved a lot of hassle and freed up a couple blocks. No directed broadcast likewise. But that supposes people would've figured out right away that directed broadcast was a bad idea and that some day we might very well run out of addresses. Then again "they" didn't even start out with CIDR, as classes seemed like a good idea at the time, too. Oh well.

    Quite amazing that IPv6 still hasn't seen much take-up yet, at all. Even where ISPs supply custom-firmwared modem/switch/ap/routers and regularly update them, there's very, very few that actually support IPv6 at all. Is civilisation supposed to collapse first?

    1. Charlie Clark Silver badge

      The rollout is starting

      In Germany from the summer with Deutsche Telekom promising to put all subscribers on IPv6 by Christmas. Of course, because the rollout will be of unprecedented scale we can expect a few surprises along the way but you've got to start somewhere.

    2. prathlev

      @AC 21:13

      They didn't start out with classful addressing. :-) And there's nothing wrong with using /31 on point-to-point-links (RFC3021), and it often works on Ethernet-links too!

      And will hopefully not see service any time soon. The work involved in making sure it's reachable from everywhere makes IPv6 deployment seem like a vacation. It'll give you 14-15 IPv4 /8s, just around one years worth with the current allocation speed.

    3. Tom Chiverton 1

      Who cares ?

      So what if you ISP gives you a globally routable IP (v4 or v6). Most people will not care, and can live in NAT'ed 10.x.x.x land forever.

      If it's important, move to someone like Zen who already give you 8 IPv4 for free, and promise a public IPv6 address too when they move.

  2. Anonymous Coward

    Take IPv4 addresses away from (mostly) American Universities

    An astronomical number of IP addresses were grabbed by American Universities in the very early days, hogging them way out of proportion to actual need. As a consequence, American Universities (and Universities in general) don't run NAT'd LANS like corporations and most governments do. Which is also why Universities have rampant virus/zombie issues. ARIN-RIPE-APIC should take back most of those IPv4 blocks from all of those Universities and make them connect their campuses to the Internet through NAT routers.

    1. Paul Crawford Silver badge

      @Take IPv4 addresses away

      In general, you are right about universities having way more IPv4 addresses than they need. My own department has a 255 block for a couple of dozen machines. Only a couple of them need a world-facing static IPv4 address. I expect most universities could get by with only 254 IPv4 addresses in total.

      As for the virus/zombie issues, that is down to Windows as #1 reason, followed very closely by the number of 'personal' computers on the networks without competent administration. The computing equivalent of "A lawyer who represents himself has a fool for a client".

      1. Tom 13

        @Paul: On the virus/zombie count, it's actually the second item and not the first

        that causes the problems. I recall Apples being the main PCs on campus student labs way back when I was in college (well, after the dedicated mainframe terminals) and very few PCs. The lab had a persistent virus problem, particularly something they claimed lived in one of the printers and which kept reinfecting the network. I was barely able to afford a C64, so I had no such problems.

      2. Michael C

        not just Unis

        Pretty much all businesses continue to operate on the completely false premise that each DNS name requires a unique IP address. I;ve seen companies not only put each top level domain on it's own IP, but multiple sub-domains on their own, an FTP server on a separate IP, all fully routable and that could have co-existed on a single IP.

        The only time you need a unique front facing IP for a site is when you do not want 3rd parties to see that multiple URLs are all backed by a single system, or when more than one have to be capable of responding on the same port when other data (like the URL itself) is not concurrently passed to the server (session-less browsing, telnet, etc). In some cases, applying QoS at the edge is a need and this makes using a single Ip difficult, but really, most people using more than 1 IP could use at least fewer than they do now, many could in fact use just 1.

        Too many businesses simply find it's "easier" to have a new IP than bother with DNS and proper fire-walling to route traffic.

    2. Anonymous Coward
      Anonymous Coward

      On the contrary my friend

      It's Universities who really should have first choice on their addresses. Anyone at a University should be able to run a public server on their machines, it's how so many services got started.

      The paperwork craziness it takes to run a public IP in many UK Universities is just ridiculous and hampers any attempt at progress.

      1. Michael C

        no no no

        ALL those server can co-exist, pooled on a single IP. internal DNS can handle routing incoming port 80, 8080, and 426 conenction based on URL headers as easily as IP direct routing. it;s a simple matter of properly configuring a firewall and DNS server, or using something like DataPower.

        There are a few cases a server and URL must be matched to a specific unique IP on a specific port, but very, very few of them have anything to do with web services.

    3. Anonymous Coward
      Anonymous Coward

      Yes, but...

      Playing the blame game and criticising the universities would be fine if:

      a) they were somehow they were uniquely postioned to forecast the eventual depletion of IP addresses, even when the Internet consisted of only a few dozen organisations.

      b) they could have taken less if they wanted. Classful addressing was not the original addressing scheme, but an early attempt to stave off IP exhaustion. Before that if you wanted an address range you were allocated an /8 block regardless of need, since that was all the technology supported.

      1. Paul Crawford Silver badge

        Uni not only players

        Also remember that it is not just universities that have big IPv4 allocations, some US companies and gov also have more than far more than is needed.

        Are those addresses well used? It is true that some new projects could use them and justify a student block per uni, but most PCs are just for office admin and lab work, and would be best behind NAT anyway.

    4. Anonymous Coward

      Re: Take IPv4 addresses away from (mostly) American Universities

      It should be Universities (and Governments) leading the way with IPv6. NAT'd IPv4 and reasonably-firewalled public IPv6 available as standard and we'll see some progress fast. Suddenly half the new apps will be defaulting to IPv6 if available, and every next major startup will have it enabled on their websites by default. Devices and networking equipment that don't work well with IPv6 just won't be in the running.

      At some point, Google, Yahoo, Bing, Facebook, & Twitter will decide that enabling IPv6 by default is viable and is "the right thing to do", and the rest of the world will scramble to follow suit as IPv4-only companies are suddenly behind the times.

      1. Tom 13

        If you'd ever worked with (let alone for) the government,

        you'd know they'll be the last one dragged into IPv6. And they'll be kicking and screaming the whole way.

    5. Jim Morrow

      apply clue with extreme force

      for fuck's sake!

      it's not possible for the rirs to take back address space from the organisations who got that space before the rirs existed. there is no legal basis for doing that. even if there were, i'll bet those organisations would "prove" they were "using" most of that space. or demand that someone else (who?) pays for their renumbering.

      even if that legacy space was returned, it would make no fucking difference. it would just put off the meltdown by a few months. the world chews through a /8 of ipv4 space every month or theresabouts. so getting back the /8s from ford or mit are not going to solve the problem. ipv4 addresses are just about done and WILL run out soon. the only way to prevent that will be to shut down the interweb.

      1. jonathanb Silver badge

        Yes it would

        It would be like how the analogue spectrum is being taken away from TV stations and replaced with digital allocations. There needs to be an IPV6 switchover in the same way that there is a digital switchover currently underway for television.

        1. Vic

          No it wouldn't.

          > It would be like how the analogue spectrum is being taken away

          It would be nothing like it.

          RF spectrum is licenced. The licence issuer (the government) has the ability to control use of the spectrum by manipulation of those licences.

          IP addresses are not licenced. They are handed out by the registries. But the early allocations pre-date those registries, and that is when huge allocations were made. No mechanism exists to revoke those allocations.


    6. Vic

      It's a widespread problem...

      > grabbed by American Universities

      It's not just them. I've recently been working for a well-known multinational company with huge IPv4 allocations.

      All machines have globally-routable IPv4 addresses, which are then firewalled to the very brink of usability. The company would actually benefit from a transition to private addressing and a NAT setup. An enormous number of IPv4 addresses could be returned to the pool.

      That's not going to happen, though. Said company have outsourced their IT support, so such a move would cost them a fortune :-(


    7. Paul Hatch

      Natting unis

      Natting uni networks might also solve their alleged piracy problem the RIAA are always bleating about a then at least 1 person on campus would have to buy any cd copied :-)

      1. Anonymous Coward
        Anonymous Coward

        Piracy boon

        Other way around, NATing the networks would make the piracy worse. What happens on NATed university network is that someone sets up a DC++ server and you suddenly have several hundred individuals that can pirate off each other at LAN speeds (gigabit LAN speeds if you are lucky). Getting that one initial copy onto the network isn't a challenge either and I am speaking from experience of going on 3 years back, I have to assume that things are even "worse" now.

  3. Anonymous Coward

    And some are claiming IPv6 "won't happen"

    Shortly after, I wrote a piece that I sent in to the Wireless Institute of Australia regarding this issue. What was interesting was the bit the WIA immediately tacked onto the end of the submission, more or less attempting to refute what I had written, and claimed "we had another 5 years" and implied we didn't need to do anything. has my article down the bottom.

    It seems this is a common issue. Two problems though:

    (1) If IPv6 isn't it... what is? It took from about 1992 to 1998 for the IPng working group to come up with IPv6, then until 2005 before most mainstream operating systems implemented it. If we've got 5 years, we had better move NOW.

    (2) This assumes that the unused space by these corporations will just be graciously donated back to the Internet community. Hah! Excuse me while I die laughing.

    People are quick to point out NAT as a solution. Yeah? Until you get more than 65536 connections from users sharing the one IP address. Ooops. Moreover, if one of those users sends some spam to a website (say, via HTTPS, so no intervening proxy), how do you know which one of those users sent it?

    Right now we can look at an address, know the ISP, ISP looks up their records and says "Ohh yes, we leased that IP address to Mr. J Smith at 123 Imaginary Lane..." ... you can trace as far as their NAT router. And usually there aren't *too* many computers at a residence or business to be able to track down which one did it and remedy the problem.

    Now that IP address will soon only point to a carrier NAT device at the ISPs datacentre. Which one of the 100 users behind it is guilty? Do you log each and every TCP connection? How big are the log files going to get?

    If we go down the route of carrier NAT, I can see us in a year or two drowning in a sea of spam and malware. Think it's bad now? One lyric from Bachman Turner Overdrive comes to mind... "You ain't seen nothin' yet". Yes it's a short-term stop-gap measure, but it's no solution.

    ISPs need to pull their finger out and move on from IPv4. Currently in Australia, the only consumer ISP that offers IPv6 is Internode, with iiNet allegedly planning a move to IPv6. We need everyone (in every country) to pressure their ISPs to move up if we want the Internet to remain something more than a walled garden.

    1. Lance 3

      Assigned ports

      You don't need to log every connection. The far simpler route, assign a block of ports per subscriber. Then you don't need logs; you take the IP address and that points you to a group of users and then you look at what the source port that was used and that will point you to the exact subscriber. Most carriers are looking at 1000 subscribers per public IP. Most assign a /22 to a DHCP block, so this falls within that same approach.

      1. M Gale

        Assigned ports...

        ..and when, say, I'm playing a multiplayer game, dont' fancy paying $wtf for my own colo server, and fancy just selecting the option in the game that says "start new multiplayer game", then asking my friends to connect to me...

        Oh. Oops.

        Pushing NAT up any further than the router in your house is a really bad idea, if you want the Internet to remain the Internet, and not a strictly client/server model of which I'm sure various large media companies would LOVE.

      2. Anonymous Coward

        Re: Assigned ports

        Yes, but how many servers actually log the source port number?

        How many of those servers are proprietary and thus you've got to convince the software maker that the change is needed? I agree it's one way it can be done, but if you look at the headers in your last email, you'll notice its devoid of port information. Likewise with web server logs. Apache can be patched if needed, even by the end user. What do you do for IIS?

  4. Russ Tarbox


    Stupid boy. Etc etc.

  5. Christoph

    Reclaim IPv4 addresses?

    As several people have commented, we could reclaim unused addresses in various ways to stave off the crisis.

    And this would achieve exactly what? Well, it would let people go on saying "We don't have to do anything quite yet" and carry on doing nothing.

    And it would stave the crisis off for what, a few months maybe? Probably less time than it would take to actually do the reclaiming.

    And since internet takeup is still accelerating, this would mean that when the crisis finally does hit it will be even worse.

    1. Danny 14
      Thumb Down


      just ASK people when they renew package X. I could easily use an IPV6 address and translate back to ipv4 for our network via our firewall. The same cannot be said for those using TMG or ISA for instance. I mean come on M$ - it isnt like IPV6 has been around a while for you to encorporate into your latest firewall....

  6. Hotears

    Not much pain

    3 years ago I started a slow 'when convenient' slide towards IPv6. Today I am sitting on a fully working and tested dual stack network. But if you have been completely ignoring it, yes, you will be staying up. So why have you been ignoring it?

    dig AAAA returns no records, so go get some Provigil.

    @cowards: Even if you could find and reclaim the (fragmented) unused IPv4 space, it would be like peeing in your pants, so for one I welcome the first RIR pool depletions. It turns 'expected to happen' into current reality, which is much easier for management to relate to. And we're still running stateful firewalling on IPv6. Just like on v4. NAT makes zero difference. Zero state tracking does.

    1. John Sager

      Same here

      But I started planning only last Autumn. I already had a Alix board router/firewall but changed the software to LEAF-Bering to support IPv6. Changed the adsl modem to bridged mode & moved the ppp session onto the router/firewall. Then changed ISP to a Entanet reseller (UKFSN). I've now got dual-stack working with all my internal hosts. Definitely not for one's granny!

      The complete dearth of consumer routers that support IPv6 is something of a scandal IMHO. Perhaps it's a sad testament to the rush to the bottom that is consumer Internet provision in the UK.

      Totally agree that a few more popular websites on v6 wouldn't come amiss either.

      1. Svantevid

        @John Sager

        As the "So, what's the best sci-fi film never made?" forum is now closed for new posts, I just wanted to thank you for "The Legacy of Heorot"... it sounded interesting, I got the book... now I'm halfway through, and it's fantastic. :-)


    World IPv6 Test day is 8 June 2011

    "On 8 June, 2011, Google, Facebook, Yahoo!, Akamai and Limelight Networks will be amongst some of the major organisations that will offer their content over IPv6 for a 24-hour “test flight”. The goal of the Test Flight Day is to motivate organizations across the industry – Internet service providers, hardware makers, operating system vendors and web companies – to prepare their services for IPv6 to ensure a successful transition as IPv4 addresses run out.

    Please join us for this test drive and help accelerate the momentum of IPv6 deployment."

    There is a web page here for testing ipv6. I'm still on ipv4 only and can't really vouch for it. It wants you to allow scripting (ie allow all on the web page if you use noscript on Firefox). I get 10/10 for IPv4 stability and readiness, when publishers offer both IPv4 and IPv6 but my DNS server (possibly run by your ISP) appears to have no access to the IPv6 internet.

    I trust that El Reg has entered 8th June in the diary, but hope there is not a lot for them to report.

    1. Paul Crawford Silver badge

      @World IPv6 Test day

      Just tried on my home linux PC on Virgin cable broadband:

      "10/10 for your IPv4 stability and readiness, when publishers offer both IPv4 and IPv6

      0/10 for your IPv6 stability and readiness, when publishers are forced to go IPv6 only"

      1. DavCrav

        Me too

        Ditto for me on the Oxford Uni network. This'll be fun...

    2. John Sager

      10/10 on both

      This via UKFSN (Entanet reseller). Glad this stuff just works, though I have spent some effort getting it there. A giant raspberry from me to the consumer adsl/router manufacturers, and many (most?) ISPs in the UK for playing ostriches. No doubt we'll all get lumbered with the horrors of Carrier NAT before they realise they have to do things properly.

  8. Leeroy

    Give me IPv6

    I am all set with IPv6 internally as far as i can test.

    My ISP on the other hand is still issuing IPv4 Addresses and will not provide IPv6 addresses for my router let alone my internal devices.

    Does anyone know how to kick them in to gear ?

    PS. Oh crap i need a load of static IP's next month for SSL sites. WTF do i do if they are not available ?

    1. Ken Hagan Gold badge

      Re: how to kick them into gear

      Well if you want to be nice about it, send a message to their tech support and sales teams...

      1) Point out that if they intend to be in business this time next year, they need to be giving out IPv6 addresses today.

      2) Give them a list of ISPs who are already offering IPv6 to their customers, and who will therefore be picking up their customer base next year.

      3) Give them the choice between a "MAC code" or an "IPv6 block".

      If you don't want to be nice about it, do the same but don't give them the option of an IPv6 block.

    2. Mike Shepherd

      Why would you need separate IPv6 addresses?

      A small part of the IPv6 space has been allocated to correspond to the entire IPv4 address space.

      So, if you have a IPv4 address then you already have a corresponding range of IPv6 addresses. E.g. see

      Of course, if the IPv4 addresses are static, then the IPv6 addresses are static, too.

  9. John Tserkezis

    It's about the money people!

    You know, supply and demand?

    IPv4 is worth a LOT of money for a while now.

    There is an entire economy surrounding IPv4 and how it's handed out.

    IPv6 would not only single-handedly bring that to its knees, it would decimate industries that use that to make their money.

    The fact there's no address space left is irrelevant, because money wins every time.

    Scrambling for addiontinal "unused" IPv4 space is viable, because you're only introducing small pockets of IP address real estate - even though it only really buys a bit of time.

    You think the "Global Financial Crisis" was bad? You ain't seen nothing yet.

    *EVERYBODY* is using internet pipes in some capacity for everything, if not just most things.

    When those responsible for running the pipes hit the wall, till someone else takes over, *EVERYBODY* is going to see entirely missing or substandard communication conditions.

    Those that pick up the pieces are most likely those larger ones who will end up monopolising the game.

    Rationing IPv6 doesn't fix the problem it only enables the current problem to continue.

    I'm not saying things HAVE to end up like this, but the fuckers who run the game have to acknowledge that making houses out of tree parts, in an emerging market that's using modernised baked clay bricks is a lost cause. They NEED to change.

    And until they face that, we will continue to overpay for dwindling resources, before we stretch a commodity beyond something that's usable anymore.

    1. Anonymous Coward
      Anonymous Coward

      Too many people

      Not to mention the real problem is overpopulation. Less people means less IP addresses needed.

      Okay, IP addresses are a man made resource but there's plenty of other finite resources that we can't just make more of.

    2. Gerhard Mack


      The problem is the entire freaking industry waited until the absolute last moment to start IPv6 deployment. Right now there are many companies scrambling to deploy IPv6 and hopefully it will be ready somewhere before next year.

  10. Daniel B.

    Long live IPv6! DEATH TO NAT!

    NAT, while functional for residential networks, is one of the worst boneheaded ideas to get implemented by greedy ISPs. Most of the "cable ISPs" in Mexico are pimping their users, as they have ALWAYS used NAT, and serve only addys to them. Want a real IP? That's an extra $300/mo matey!

    One of the best things about IPv6 is that NAT is not supported, and will *never* be supported at all. The RFCs have seen to that. Fortunately, some content providers have been starting to provide AAAA registers for their sites; if the big ones start going IPv6 only, a lot of users will start demanding their ISPs for a switchover. Go!

    1. M Gale

      Never supported at all?

      LOL, don't be too sure of that. I can see some hacker implementing it simply to be contrary. Sure there is no such thing as a "local LAN IP" in IPv6, but that doesn't mean everything outside one single address can't just be redirected to the bit bucket at the edge router, and the rest of the "public" block you're assigned being turned into your own set of de facto unroutable addresses.

      Only problem I have with NAT is it going further upstream than my router.

      1. CD001



        Sure there is no such thing as a "local LAN IP" in IPv6


        There is 1 local machine IP though, ::1 and the IPv4 sub-subset perhaps, ::ffff: for instance - I'm guessing that IPv6 will inherit the "local LAN" reserved IP addresses from IPv4 and therefore there will never be any devices shipped with IPv6 addresses in that range.

      2. Vic

        Never say never...

        > Sure there is no such thing as a "local LAN IP" in IPv6



  11. -tim

    Not out of address, out of allocations

    Back in 1992 the decision was made to attempt to reduce the number of routes since a major vendor was always behind the curve. In 1993, AT&T built a router that could cope with 16 million unique routes. Had that been the direction that the *NICs gone down, a small dual homed business could be given a useful /24 or smaller but now they have a /22 in most parts of the world even if they only use a few addresses.

    1. prathlev


      It's no problem making a router that can take 16 million prefixes or more. Each prefix should take up less than 16 bytes so even my laptop could probably easily hold at least 50 million prefixes.

      There's just one catch to a large table: The lookup time tends to stink. And remember that each and every packet crossing the router needs at least one such lookup. Many solutions have been tried with varying success, e.g. flow-based routing (a la NetFlow) or trie, but I would guess the most widely used solution is the TCAM approach.

      This guarantees lookup times no matter what size, but TCAM is very very expensive. I'm certain that any major router vendor will gladly supply you with a TCAM based router that will hold 16 million prefixes, but it'll cost you...

      1. -tim


        Once you get rid off the idea that your going to look through routing tables to see where packets go and just pre-calculate all /24 routes, you only need to 2 mb of ram for a 4 port router for a bit map table and you can figure out where the packet is going to go before you even have all the packet.

    2. Anonymous Coward
      Gates Horns

      small dual-homes business network manager here

      Yup, we have a /24. We need about a /27, but route aggregation means you can't get a PI smaller than /24.

      I have the form on my desk for a /48 (minimum PI for IPv6 from RIPE) which I'm fighting my way through at the moment. One of our upstreams does IPv6, and I'm going to lie and pretend we're going to be dual-homed on IPv6. We will be, I'm going to sit on my IPv4 only upstream and tell them they don't get a renewal without IPv6 - but I don't want to make the application take longer than it has to.

      Very nearly all my networking kit will run IPv6, though my routers are creaking to stay default-free on IPv4, so I'm not looking forward to trying to cram another routing table in there.

      I do want to go and drop a bomb on Microsoft for not getting IPv6 working on TMG. Especially with UAG/DirectAccess being IPv6 only. Their insane recommendation is to have a TMG box managing your outbound traffic and UAG for your inbound. Yeah, that makes sense.

      Can I have a Ballmer with horns.

  12. Robin Bradshaw

    The sky is falling!!

    10/10 for your IPv4 stability and readiness, when publishers offer both IPv4 and IPv6

    9/10 for your IPv6 stability and readiness, when publishers are forced to go IPv6 only

    Ooops must sort out my DNS, well im sorted so balls to everybody else.

    If you all in a froth and panic then just sign up with a tunnelbroker I got a /64 to play with and after doing the tests on hurricane electrics site a free T-shirt too.

    It really isnt the end of the world.

    1. The Fuzzy Wotnot

      "It's the end of the world as we know it and I feel fine!"

      On the day it all goes "kaflooey", I shall pack up a picnic, make my way up Parliament Hill in London and watch as the city explodes!

      Everyone's had plenty of time to get IPV6 sorted and it's only home users and enthusiasts who've bothered. Come the day of retribution some smartarse will pull a load of NAT'd kit out his arse or they will get and some horrendous amendment to the RFC to buy a a little more time, until the whole system collapses under the weight of the sticky tape and blu-tak solutions put in place.

      I was born in a age before the internet and I'm sure I could live for a few months without out it, sure it'd be tough but I think I would survive slightly better than your average 16 year old! I'll just nip up to the loft and dig out my old Speccy for a little bit of keyboard hacking. Still think of the good side, with no internet connection, no virii, malware or pathetic emails purporting to be from Mr. Nngambo in Nigeria who is holding $750k in unmarked bills for me to pick up, subject to a deposit of $20k of course!

      To play on the old classic, the end of the world will not be a big bang or even a whimper, but simply getting up one day and getting the message, "Unable to locate server XYZ. Please check network connection and try again.".

  13. djberriman

    no need for seperate ips for ssl


    There is no need for a multiple ips for ssl, you can have as many domains as you like using a multi domain certificate, they've only been around a couple of years (to my knowledge) but you can have one ssl cert that supports multiple domains and thus can be used on one or many ips.

    for example

    1. Gerhard Mack

      @djberriman bad assumption

      You are assuming that the same organization owns all of the SSL certs but in many multi domain cert cases (any shared hosting) that's a really bad assumption.

      There is a way to properly virtual host on SSL called SNI but Microsoft has not back ported that change to XP so for any browser that uses the OS system SSL libs (IE, Chrome) they won't get SNI support. As far as I know the only browser on XP that supports SNI on XP is Firefox. The upshot: as long as there are a significant number of Chrome/IE users on XP I can't implement this technology on my servers.

      1. Richard Gadsden 1

        SNI Support more widespread than you thought

        Chrome 6+ / XP supports SNI, as does Opera 8 + / XP and Firefox 2+ /XP.

        Only Safari and IE don't support SNI on XP (because the SChannel library on Windows XP doesn't support it).

  14. Anteaus

    Bad design = poor acceptance

    Cursing yesterday when I typed ipconfig on a customer's remote computer, and had to spend ages trying to find the IP address somewhere in the midst of the screeds of crap which scrolled right offscreen. Since it was Vista I made excuses about Vista being useless. But of course, any IPv6 OS is the same.

    Industry has had a decade to switch to IPv6, and the fact that uptake was so low should have been a warning to the standards guys that they needed to rethink. Unfortunately, it's probably now too late to implement a better standard.

    1. JBR


      grep .There fixed it for you ;)

    2. Gerhard Mack
      Thumb Down

      @Anteaus really?

      On simple setup with Linux the entire output for all systems with ipv6 fits into one window unless you have a ton of virtual ips added. IPv6 is exactly one line of output per interface.

  15. Jusme

    My prediction...

    I spent some time recently looking into IPV6 and setting up IPV6 connectivity using the excellent tunnel broker service provided by Hurricane Electric ( Got it all working and passed all the connectivity tests. Then I switched it off. Why?

    IPV6 is a lame duck. It doesn't work* and isn't available for the majority of internet end users. Will my Xbox 360 /PS3/Wii use IPV6? No. Will most non-browser applications use IPV6? No. Do any of the large consumer ISPs provide IPV6? No. If I put up an IPV6 only website will it get any hits? No.

    What will happen is the consumer ISPs will start to hand out NATted IPV4 addresses when things get tight (which might not be for a while: Virgin claim to have sufficient IPV4 addresses "for the foreseeable future"). A lot less will break with IPV4 NAT than with IPV6 (and they'll be quietly happy if some things like P2P do...). They can then sell public IPV4 addresses at a premium - sounds like a business plan to me.

    Finally, IPV4 addresses haven't "run out". There are just as many as there were in 1985, just now they're all in private (business) hands rather than with the registries. Trading will happen, as with any commodity. Large ISPs and businesses will get what they need, and sell what they don't.

    * Yes, it can be made to work, with some effort. That means the for the majority of users it might as well not work.

    1. M Gale

      Won't work..


      Seriously, the moment Zuckerberg and Co decide to go IPv6 only, IPv6 will take off faster than a class M rocket engine attached to a bog roll. It will happen, you mark my words.

    2. Anonymous Coward
      Thumb Down

      Cue mass software developer/network admin suicides

      1000+ ISPs globally will choose 1000+ different NAT implementations which have to be supported by each and every application that needs to be contactable by the outside world.

      And of course, the smaller ISPs won't be able to compete, thus they'll get squeezed out of business, leaving the ones that remain free to rip us off with crap service.

      Yep, I can see a carrier-NATed Internet being a happy place!

    3. Daniel B.

      NAT breaks stuff

      Having everyone behind NAT is worse. Basically all Mexican cable ISPs have implemented NAT, and it's HELL. Even those who aren't tech-savvy have realized that cable ISPs over here are shit, and they don't even know why!

      IPv6 works. The reason we currently need to do some wonky stuff is because we are using tunnelbrokers instead of native IPv6. I've already tested a Vista box, it does work with IPv6 out of the box if you have a DHCPv6 server, which ISPs would obviously have. Once your ISP supports IPv6, you'll get IPv6 if you've got an IPv6-ready OS.

      And will the PS3/Xbox360/Wii support IPv6? Of course! That's what FW updates are for!

      Non-browser apps? Most of 'em support IPv6 as well!

      The one thing that will push everyone to IPv6 will be when some of the big sites (YouTube, Facebook) go IPv6-only. Then you'll have everyone deploying IPv6 en masse!!!

    4. Mike Shepherd


      No-one will force you to provide an IPv6 service. As you imply, many applications won't use it for a very long time. But if your prediction doesn't come true, there will soon be devices around the world which have only an IPv6 address and you won't get any traffic from them.

    5. SImon Hobson Silver badge

      Wroked for me

      >> I spent some time recently looking into IPV6 and setting up IPV6 connectivity using the excellent tunnel broker service provided by Hurricane Electric ( Got it all working and passed all the connectivity tests. Then I switched it off. Why?

      I set it up, and left it up - works just fine. Got both the office and home configured, plug in my laptop and it "just works". Yes there are going to be some teething troubles - but we went through similar learning curves a couple of decades back when people were migrating from dial-up walled gardens (think AOL before they went all internetty) to "doing IP". Setups were non-trivial and needed learning (or an available geek to help), but after a while CE manufacturers came up with easier to use products - to the extent today that many users don't know about IP addresses, they just plug in a computer and "it works".

      I agree that IPv6 probably isn't ready for mainstream users yet - but that's because too many people have put more effort into coming up with excuses and workaround than they have put into dealing with the impending problem. CE manufacturers need to extract a digit from their backsides and build the kit, and ISPs need to extract a digit and build the networks. Once the pieces are in place, home networks can be as plug-and-play for IPv6 as they are for IPv4. PLus in a router, fill in your ISP login details, plug in computer and go - few will know (or need to know) if they are using IPv4 or IPv6.

      The ones that need to know will soon pick it up - it's not *that* much harder than IPv4 !

  16. Anonymous Coward

    NAT IPV4. It is a mess RIGHT NOW.

    - I can't multiplayer my games without some clever workaround, either inside my router, my game, or my OS. Sometimes all 3 must bind to some trickery.

    - I can't have *decent* IM chat engine without a 3rd party involved. You could have a MSN-like chat without a Microsoft (or any) server in the middle, didn't you know that?

    - I can't setup my own Teamspeak server, because I don't know my 3-hour-DHCP-expiring IP number. Sometimes my ISP is kind enough to let me have the same IP the next day, some times it is not. Renting a TS server isn't exactly cheap, either.

    - Port routing is a mess, and I hate logging in my router firmware to change something that should not concern the router.

    - Remote logging in your home PC? Guess again. P2P? No comments.

    - I'd love to run my own website at home. My ISP doesn't need to know that I'm doing it, what I do with my band is my business. Throw in a FTP server for good measure (yes, I'm old fashioned and rely on dodgy methods. Sue me.) DDNS is just providing a service that shouldn't need to exist.

    1. Mayhem

      Nice rant but..

      You complain you can't do a bunch of server tasks on a home pc due to having a consumer connection to your ISP.

      Well duh.

      If you need a static IP because you run servers, then talk to your ISP and get one. It will cost you slightly more but there are reasons for that. If you actually read your ISP contract you would probably find that you are specifically prohibited from running servers on a standard consumer link anyway. Regardless of that, if you don't upgrade your link, the upload capacity is traditionally crap so your server wouldn't support much load either.

      As for being unable to multiplayer your games, well, I suspect you're trying to do something outside the normal usage of those games, as almost every modern game has an external matchmaker service to get around the issue of changing IPs.

  17. nagyeger

    NAT'd isp

    Not looking forwards to living behind an ISP that does NAT'?

    Naah, that's old hat. According to traceroute last time I ran it here in the wilds of transylvania our local small ISP provides us with a IP address, his uplink connects to an upstream provider who gives them a NAT''d address, which goes through yet another NAT box. I'm guessing that somewhere in there there's a bit of copper/fibre crossing a border, since those geotracking adverts think I'm in another country!

    What amazes me is that skype still works!

  18. Jusme

    I stand by my prediction...

    > Seriously, the moment Zuckerberg and Co decide to go IPv6 only, IPv6 will take off faster than a class M rocket engine attached to a bog roll.

    >The one thing that will push everyone to IPv6 will be when some of the big sites (YouTube, Facebook) go IPv6-only.

    These big sites will never go IPV6 *only* in our lifetime. They have no reason to.

    > And will the PS3/Xbox360/Wii support IPv6? Of course! That's what FW updates are for!

    Won't happen. What possible business case is there for MS/Sony/Nintendo to create a support nightmare when everything is working fine today and will continue to tomorrow. Again these companies have all the IPV4 they need "forever".

    No, some multiplayer games won't play well with NAT. They will be fixed (to use a 3rd party server - oh look another means of controlling the consumer. EA love turning their severs off to push everyone onto this years roll of their top-earning cash cow). A lot of multiplayer games do work with NAT, I've run several xboxes behind a local NAT and it's just fine most of the time.

    > And of course, the smaller ISPs won't be able to compete, thus they'll get squeezed out of business, leaving the ones that remain free to rip us off with crap service.

    I can't see the big ISPs crying about that...

    > Non-browser apps? Most of 'em support IPv6 as well!

    Disagree. There are a huge number of legacy application that don't. They won't be fixed. They will (and do) work with NAT. They don't work IPV6 only.

    > I can't have *decent* IM chat engine without a 3rd party involved

    Boo hoo say the telcos!

    > I'd love to run my own website at home.

    > I can't setup my own Teamspeak server,

    So pay a few $ extra for a premium service with an IPV4 address. Kerching!

    > Yep, I can see a carrier-NATed Internet being a happy place!

    It won't be. The internet will be come cable TV 2.0. A lot of big money wants exactly that.

    In the end, I'd love IPV6 to take off - but I fear that it won't and we'll end up in a world of IPV4 NAT pain.

  19. Steve X

    You think IPv6 is the cure?

  20. Alan Brown Silver badge

    NAT = Kludge

    It was something implemented to avoid assigning lots of IPs to end users and to allow end users to connect multiple computers to ISPs when the ISp would only allocate one IP address.

    It breaks a whole lot of stuff, however it's the main reason we didn't run out of IPv4 addresses by ~2002 (or earlier). Some SE asian "ISPs" NAT their entire user pool through 1 or 2 addresses (and then those endusers might have another level of NAT behind that)

    As long as there have been workarounds for lack of IPv4 space (see above), resistance to IPv6 deployment has been strong because it's "too hard" (Incidentally the same reason is given for not deploying mbone over the last 15-18 years, despite the potential to ease a lot of bandwidth issues such as live TV/Radio streams)

    I sometimes wish we'd never come up with NAT. The world's networking would be a lot easier with widespread IPv6 deployments.

  21. Mikel

    Globally addressable

    Most Windows desktops haven't been globally addressable from the Internet since the 1990's. This should prove interesting.

    1. Anonymous Coward

      "This should prove interesting"

      *Spine shiver".

      Now botnets can grow by attacking unsecured PCs that were otherwise safe* behind NAT gear.

      *If you call safety by obscurity safety at all.

  22. Amos


    You could try and get WIA to send that "expert" to TechEd this year. They have already announced that it will be a IPv6-only network at the conference *because they could not get any IPv4 allocation*.

    IPv4 connectivity? please hand over $XXX to the local residential ISP for a cellphone and do it yourself.

  23. James Woods


    Does this mean I can finally unblock all the apnic ip's from our firewalls?

    We at times blocked virtually every apnic ip that we could identify because all that we would see come out of apnic and africa's nic is garbage spam and attack traffic.

  24. Christian Berger

    All of you who don't have IPv6 should be ashamed

    Thanks to it's trivial to get IPv6 access.

  25. Anonymous Coward
    Anonymous Coward

    No will to sort out IPv4 but better to move to IPv6 anyway

    My last contract (organisation < 500 people) was using the top quarter of a /16 - five years ago, they migrated to one of their four /24 subnets (but they could easily fit within one /24). The rest of the /16 is allocated to a company which has not existed for at least a decade - so the entire /16 has been completely free for 5 years. There are loads of chunks of IPv4 like this but there is no will to introduce measures to reclaim all the unused or poorly used address space.

    On the other hand, maybe it is a good thing that everyone is being pushed to implement IPv6 - at least it will generate some work for people like myself.

  26. I ain't Spartacus Gold badge

    Help! HHEEEELLLLPPPPPPP!!!!11ONE11!!!!!!!

    I'm an educated layman. I don't speak fluent geek, but I can usually translate when required. I'm the person that fixes PC problems for my friends (almost always successfully), and our small business. Although I know my limits, and when to pay someone to do it properly.

    I'm quite seriously confused by IPv6. It's either the dog's bollocks, or a dog's dinner, depending on which commentard or article you choose. I haven't seen much middle ground.

    The fact that it's been around forever, hanging over our heads like the sword of Damocles, and never taken off doesn't bode well. Although of course, that could just be the industry being short-sighted.

    But if I'm confused, then there's an awful lot of people less clued up than me who've got no hope. I guess I'll have to commit some proper time to research, and learn more about networking than I've been getting away with up to now.

    But where's the consumer level kit? We're going to need a lot of new routers, and also some beefier hardware consumer firewalls, to make up for the lack of NAT.

    Please can someone come out with a hardware AV / firewall appliance for about £100 - or £150 quid with a hard drive and backup software...


    Confused and disgusted of Tumbridge Wells

    1. SImon Hobson Silver badge
      Thumb Up

      How about this ?

      A quick search for "getting started with ipv6" comes up with some interesting stuff. The first result (when I did the search) was this :

      which seems quite a reasonable entry point.

      If your ISP doesn't do IPv6 yet (ask them why not/when they will), then Hurricane Electric are running a free tunnelbroker service (, which while not as easy to use as a native connection from your ISP, lets you get started. They also have a certification scheme (, which while not having any real standing, does at least present you with some steps that introduce elements in a sequential manner so you can build up in steps and it doesn't seem quite as daunting.

      Try the above, dip your toe in, and have a go - then *you* can be the guru and have your friends/colleagues in awe when they finally wake up to the fact that they've been left behind ;-)

  27. J 3


    Just switch all the porn to IPv6 only and there will be an uprising demanding widespread IPv6 support, immediately...

  28. Anonymous Coward

    Stomp on ALL of the Domain Sitters

    Why doesn't someone just stomp on all of the Domain Sitters and tell them they have 30 days to sell the unused non functional domains (under construction or coming soon, or worse) or they all go back in the hopper along with all the IP addresses?

    1. Vic

      What for?

      > 30 days to sell the unused non functional domains

      That doesn't really help anyone.

      We don't have a lack of domain names, we have a lack of available IPv4 addresses.

      Unused domain names don't tend to tie up IP addresses...


  29. Sugarmice

    IPv6 on consumer kit *is* coming

    Some have asked where the consumer level kit support is. It's definitely starting to appear. I have a Samsung wireless laser printer at home. It does IPv6 out of the box. Somewhat to my surprise. Obviously it only manage a link local address because my wireless router doesn't know what to do with IPv6, and neither does my ISP, but still.

    I work at an academic site, and the subnet I use daily is dual-stack. All my systems attached to it just worked without further effort.

    I have a VM with Bytemark. Enabling IPv6 on it was easy, and Just Works.

    This really isn't all that hard. The only thing that really needs to happen is greater ISP takeup, and more consumer device support. The latter is happening already, witness my printer.

    I guess it's probably driven by the greater pressure on IP space in the Far East. I am told demand from China is the principal pressure on us at work to support IPv6 properly.

  30. Alan Brown Silver badge


    I wonder how much the 10 /24s still registered in my name are worth now :)

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022