IP registry goes to Defcon 1 as IPv4 doomsday nears

Take IPv4 addresses away from (mostly) American Universities

An astronomical number of IP addresses were grabbed by American Universities in the very early days, hogging them way out of proportion to actual need. As a consequence, American Universities (and Universities in general) don't run NAT'd LANS like corporations and most governments do. Which is also why Universities have rampant virus/zombie issues. ARIN-RIPE-APIC should take back most of those IPv4 blocks from all of those Universities and make them connect their campuses to the Internet through NAT routers.

And some are claiming IPv6 "won't happen"

Shortly after linux.conf.au, I wrote a piece that I sent in to the Wireless Institute of Australia regarding this issue. What was interesting was the bit the WIA immediately tacked onto the end of the submission, more or less attempting to refute what I had written, and claimed "we had another 5 years" and implied we didn't need to do anything.

http://www.wia.org.au/members/broadcast/wianews/display.php?file_id=wianews-2011-02-20 has my article down the bottom.

It seems this is a common issue. Two problems though:

(1) If IPv6 isn't it... what is? It took from about 1992 to 1998 for the IPng working group to come up with IPv6, then until 2005 before most mainstream operating systems implemented it. If we've got 5 years, we had better move NOW.

(2) This assumes that the unused space by these corporations will just be graciously donated back to the Internet community. Hah! Excuse me while I die laughing.

People are quick to point out NAT as a solution. Yeah? Until you get more than 65536 connections from users sharing the one IP address. Ooops. Moreover, if one of those users sends some spam to a website (say, via HTTPS, so no intervening proxy), how do you know which one of those users sent it?

Right now we can look at an address, know the ISP, ISP looks up their records and says "Ohh yes, we leased that IP address to Mr. J Smith at 123 Imaginary Lane..." ... you can trace as far as their NAT router. And usually there aren't *too* many computers at a residence or business to be able to track down which one did it and remedy the problem.

Now that IP address will soon only point to a carrier NAT device at the ISPs datacentre. Which one of the 100 users behind it is guilty? Do you log each and every TCP connection? How big are the log files going to get?

If we go down the route of carrier NAT, I can see us in a year or two drowning in a sea of spam and malware. Think it's bad now? One lyric from Bachman Turner Overdrive comes to mind... "You ain't seen nothin' yet". Yes it's a short-term stop-gap measure, but it's no solution.

ISPs need to pull their finger out and move on from IPv4. Currently in Australia, the only consumer ISP that offers IPv6 is Internode, with iiNet allegedly planning a move to IPv6. We need everyone (in every country) to pressure their ISPs to move up if we want the Internet to remain something more than a walled garden.

WE'RE ALL DOOMED!

Stupid boy. Etc etc.

Not much pain

3 years ago I started a slow 'when convenient' slide towards IPv6. Today I am sitting on a fully working and tested dual stack network. But if you have been completely ignoring it, yes, you will be staying up. So why have you been ignoring it?

dig AAAA www.theregister.co.uk returns no records, so go get some Provigil.

@cowards: Even if you could find and reclaim the (fragmented) unused IPv4 space, it would be like peeing in your pants, so for one I welcome the first RIR pool depletions. It turns 'expected to happen' into current reality, which is much easier for management to relate to. And we're still running stateful firewalling on IPv6. Just like on v4. NAT makes zero difference. Zero state tracking does.

World IPv6 Test day is 8 June 2011

http://isoc.org/wp/worldipv6day/

"On 8 June, 2011, Google, Facebook, Yahoo!, Akamai and Limelight Networks will be amongst some of the major organisations that will offer their content over IPv6 for a 24-hour “test flight”. The goal of the Test Flight Day is to motivate organizations across the industry – Internet service providers, hardware makers, operating system vendors and web companies – to prepare their services for IPv6 to ensure a successful transition as IPv4 addresses run out.

Please join us for this test drive and help accelerate the momentum of IPv6 deployment."

There is a web page here for testing ipv6. I'm still on ipv4 only and can't really vouch for it. It wants you to allow scripting (ie allow all on the web page if you use noscript on Firefox). I get 10/10 for IPv4 stability and readiness, when publishers offer both IPv4 and IPv6 but my DNS server (possibly run by your ISP) appears to have no access to the IPv6 internet.

http://test-ipv6.com/

I trust that El Reg has entered 8th June in the diary, but hope there is not a lot for them to report.

Long live IPv6! DEATH TO NAT!

NAT, while functional for residential networks, is one of the worst boneheaded ideas to get implemented by greedy ISPs. Most of the "cable ISPs" in Mexico are pimping their users, as they have ALWAYS used NAT, and serve only 10.0.0.0/8 addys to them. Want a real IP? That's an extra $300/mo matey!

One of the best things about IPv6 is that NAT is not supported, and will *never* be supported at all. The RFCs have seen to that. Fortunately, some content providers have been starting to provide AAAA registers for their sites; if the big ones start going IPv6 only, a lot of users will start demanding their ISPs for a switchover. Go!

Not out of address, out of allocations

Back in 1992 the decision was made to attempt to reduce the number of routes since a major vendor was always behind the curve. In 1993, AT&T built a router that could cope with 16 million unique routes. Had that been the direction that the *NICs gone down, a small dual homed business could be given a useful /24 or smaller but now they have a /22 in most parts of the world even if they only use a few addresses.

The sky is falling!!

10/10 for your IPv4 stability and readiness, when publishers offer both IPv4 and IPv6

9/10 for your IPv6 stability and readiness, when publishers are forced to go IPv6 only

Ooops must sort out my DNS, well im sorted so balls to everybody else.

If you all in a froth and panic then just sign up with a tunnelbroker I got a /64 to play with and after doing the tests on hurricane electrics site a free T-shirt too.

It really isnt the end of the world.

Bad design = poor acceptance

Cursing yesterday when I typed ipconfig on a customer's remote computer, and had to spend ages trying to find the IP address somewhere in the midst of the screeds of crap which scrolled right offscreen. Since it was Vista I made excuses about Vista being useless. But of course, any IPv6 OS is the same.

Industry has had a decade to switch to IPv6, and the fact that uptake was so low should have been a warning to the standards guys that they needed to rethink. Unfortunately, it's probably now too late to implement a better standard.

My prediction...

I spent some time recently looking into IPV6 and setting up IPV6 connectivity using the excellent tunnel broker service provided by Hurricane Electric (http://www.tunnelbroker.net/). Got it all working and passed all the connectivity tests. Then I switched it off. Why?

IPV6 is a lame duck. It doesn't work* and isn't available for the majority of internet end users. Will my Xbox 360 /PS3/Wii use IPV6? No. Will most non-browser applications use IPV6? No. Do any of the large consumer ISPs provide IPV6? No. If I put up an IPV6 only website will it get any hits? No.

What will happen is the consumer ISPs will start to hand out NATted IPV4 addresses when things get tight (which might not be for a while: Virgin claim to have sufficient IPV4 addresses "for the foreseeable future"). A lot less will break with IPV4 NAT than with IPV6 (and they'll be quietly happy if some things like P2P do...). They can then sell public IPV4 addresses at a premium - sounds like a business plan to me.

Finally, IPV4 addresses haven't "run out". There are just as many as there were in 1985, just now they're all in private (business) hands rather than with the registries. Trading will happen, as with any commodity. Large ISPs and businesses will get what they need, and sell what they don't.

* Yes, it can be made to work, with some effort. That means the for the majority of users it might as well not work.

NAT IPV4. It is a mess RIGHT NOW.

- I can't multiplayer my games without some clever workaround, either inside my router, my game, or my OS. Sometimes all 3 must bind to some trickery.

- I can't have *decent* IM chat engine without a 3rd party involved. You could have a MSN-like chat without a Microsoft (or any) server in the middle, didn't you know that?

- I can't setup my own Teamspeak server, because I don't know my 3-hour-DHCP-expiring IP number. Sometimes my ISP is kind enough to let me have the same IP the next day, some times it is not. Renting a TS server isn't exactly cheap, either.

- Port routing is a mess, and I hate logging in my router firmware to change something that should not concern the router.

- Remote logging in your home PC? Guess again. P2P? No comments.

- I'd love to run my own website at home. My ISP doesn't need to know that I'm doing it, what I do with my band is my business. Throw in a FTP server for good measure (yes, I'm old fashioned and rely on dodgy methods. Sue me.) DDNS is just providing a service that shouldn't need to exist.

You think IPv6 is the cure?

http://www.xkcd.com/865/

NAT = Kludge

It was something implemented to avoid assigning lots of IPs to end users and to allow end users to connect multiple computers to ISPs when the ISp would only allocate one IP address.

It breaks a whole lot of stuff, however it's the main reason we didn't run out of IPv4 addresses by ~2002 (or earlier). Some SE asian "ISPs" NAT their entire user pool through 1 or 2 addresses (and then those endusers might have another level of NAT behind that)

As long as there have been workarounds for lack of IPv4 space (see above), resistance to IPv6 deployment has been strong because it's "too hard" (Incidentally the same reason is given for not deploying mbone over the last 15-18 years, despite the potential to ease a lot of bandwidth issues such as live TV/Radio streams)

I sometimes wish we'd never come up with NAT. The world's networking would be a lot easier with widespread IPv6 deployments.

@Stuart

You could try and get WIA to send that "expert" to TechEd this year. They have already announced that it will be a IPv6-only network at the conference *because they could not get any IPv4 allocation*.

IPv4 connectivity? please hand over $XXX to the local residential ISP for a cellphone and do it yourself.

Help! HHEEEELLLLPPPPPPP!!!!11ONE11!!!!!!!

I'm an educated layman. I don't speak fluent geek, but I can usually translate when required. I'm the person that fixes PC problems for my friends (almost always successfully), and our small business. Although I know my limits, and when to pay someone to do it properly.

I'm quite seriously confused by IPv6. It's either the dog's bollocks, or a dog's dinner, depending on which commentard or article you choose. I haven't seen much middle ground.

The fact that it's been around forever, hanging over our heads like the sword of Damocles, and never taken off doesn't bode well. Although of course, that could just be the industry being short-sighted.

But if I'm confused, then there's an awful lot of people less clued up than me who've got no hope. I guess I'll have to commit some proper time to research, and learn more about networking than I've been getting away with up to now.

But where's the consumer level kit? We're going to need a lot of new routers, and also some beefier hardware consumer firewalls, to make up for the lack of NAT.

Please can someone come out with a hardware AV / firewall appliance for about £100 - or £150 quid with a hard drive and backup software...

Yours,

Confused and disgusted of Tumbridge Wells

Easy!

Just switch all the porn to IPv6 only and there will be an uprising demanding widespread IPv6 support, immediately...

Stomp on ALL of the Domain Sitters

Why doesn't someone just stomp on all of the Domain Sitters and tell them they have 30 days to sell the unused non functional domains (under construction or coming soon, or worse) or they all go back in the hopper along with all the IP addresses?

IPv6 on consumer kit *is* coming

Some have asked where the consumer level kit support is. It's definitely starting to appear. I have a Samsung wireless laser printer at home. It does IPv6 out of the box. Somewhat to my surprise. Obviously it only manage a link local address because my wireless router doesn't know what to do with IPv6, and neither does my ISP, but still.

I work at an academic site, and the subnet I use daily is dual-stack. All my systems attached to it just worked without further effort.

I have a VM with Bytemark. Enabling IPv6 on it was easy, and Just Works.

This really isn't all that hard. The only thing that really needs to happen is greater ISP takeup, and more consumer device support. The latter is happening already, witness my printer.

I guess it's probably driven by the greater pressure on IP space in the Far East. I am told demand from China is the principal pressure on us at work to support IPv6 properly.