I'd love to be able to use the .0 in a subnet as a default gateway! I hate having to either choose .1 (so my actual hosts start from .2) or .254 (YUK)
Tweaks to IPv4 could free up 'hundreds of millions of addresses'
It may be nearly three years since the world officially exhausted all of the available IPv4 internet addresses, but now a new initiative has been proposed that could free up hundreds of millions of addresses that are currently unused – or are they? While the world is still slowly moving towards broader adoption of the newer …
COMMENTS
-
-
-
Thursday 2nd June 2022 06:56 GMT Anonymous Coward
Re: first Vs last
Simples
If your network was designed by the system admins the GW is tucked at its right and proper place out of the way at the end
If your network was designed by the network admin team then it's on the first address and they don't see why any of the actual computers needs connecting to their network anyway
Sadly I don't like popcorn, is it too early in the morning to sit back and watch with a pint in my hand?
-
Thursday 2nd June 2022 10:13 GMT greenwood-IT
Re: first Vs last
Haha,
Well I've stuck with a setup we developed for a 50,000 PC deployment with over 2000 sites. The router goes at .200 with clients on DHCP below, and "important stuff" on the higher numbers above. It does mean the first PC on site is .1, so names and IP addresses can match if you really want :-)
Chat soon.
-
-
-
Wednesday 1st June 2022 20:55 GMT Anonymous Coward
I’ll bite
You can use any address in the subnet as the gateway.
Doesn’t have to be the first or the last.
I agree that .0 would be useful as a vip or gateway address.
It grates me seeing the first few numbers of the last octet as interface IP’s then the vip address, why not just make the vip the first or the last then you can add other ha IP’s if needed perhaps when migrating?
-
-
-
Friday 3rd June 2022 11:44 GMT Solviva
Years ago when we had a /29 at home (those were the days ;) so e.g. X.X.X.160 - X.X.X.167 were routable from the outside world, I made a small tweak such that the internal subnet was actually X.X.X.160/28 so rather than X.X.X.167 being dead wood, it was a fully usable address.
The only downside was that we couldn't communicate with whoever really did have X.X.X.168/29, but then I don't think we wanted to...
Releasing 240/4 to the world would likely work for the most part, but you'd end up with corner cases of old equipment ignoring those addresses and so that whole subnet would be like second-class IP address. Slightly better than NAT, but at the same time slightly worse.
"Changing these into recognized unicast addresses was previously proposed to the IETF more than a decade ago and apparently implemented in several operating systems now running in millions of nodes on the internet, and "has not caused any problems over the past decade," he states."
That's like adding a faulty disk to a computer for future use and when the OS correctly lists it as being present, reporting "it's not caused any problems since we installed it". Well no, but as soon as you 'activate' it i.e. mount and use it, then that's when you'll notice problems.
-
-
Wednesday 1st June 2022 16:27 GMT A Non e-mouse
I can see the pros with the 0/8 & 240/4, but the reduction of 127/8 to a /16 could cause problems: I've seen systems configured with 127.1.x.x on their loopback interface.
(No, I'm not going to get into the debate about IPv6. Yes, I have configured systems to use IPv6 so don't try and accuse me of being a luddite)
-
Wednesday 1st June 2022 17:56 GMT DS999
0/8 no way
A long time ago I worked at a location that had a B class address x.255.0.0. Solaris would not accept that as a valid address for the first few releases, you had to tell the installer the address was x.254.y.z and fix it up after the install was complete. I doubt that was the only such case, just the only one I was aware of. Now multiply that a thousand fold because there is no way there aren't a bunch of GUIs that won't take '0' as the first octet, not to mention a bunch of TCP/IP stacks that treat any 0/8 via some sort of special case.
Not worth the hassle when using 240/4 sounds easy and is 15x larger (not 16x, because 255/8 has the same problem)
The idea is to have something you can use immediately, not only those running the right sort of software.
-
Friday 3rd June 2022 00:57 GMT cweinhold
Re: 0/8 no way
All of the IP change suggestions will break thousands of home-brew administrative systems and low-quality open source projects whose authors thought their sketchy IP parsing algorithm was somehow better than inet_aton. This is a good thing, since such software likely has many other logic problems and needs to be replaced or updated.
Another good thing is that /31 and .0 are mainstream today. The first thing I do with new network gear is configure a /31 and, if it won't do it, I chuck it.
A final good thing is that we already did this in the 90's with CIDR (rfc 1519), which changed fundamental treatment of IP addresses. The Internet was much smaller back then, but CIDR was still a pretty big deal at the time.
-
-
Wednesday 1st June 2022 22:31 GMT Anonymous Coward
Yeah, there's a matter of philospophy there
Which is that while ALL of these proposals will require changes, the 127 changes will cause client and server configs to need to be re-addressed. I don't see this as a huge problem, but it's not something you can just push out as an active feature in a patch and not blow a few things up.
I'd be fine with down scoping 127, but it should be more than just a single address. Some real it does stuff code uses multiple local addresses. Re-scoping them would be an easy re-factor. Rewriting everything to use just 127.0.0.1 would not.
Stuff down in the 0's would get weird too. But both of those could be a place to shift local multicast traffic, which could also let them re-scope some of the big multicast blocks to something else. Those are also pretty sparse. Has the added benefit that is might "accidentally" break mdns/bonjour traffic.
But I think that we should grab the low hanging fruit first, and implement changes that stay more within the the tcp stack than higher level application code instead of mucking about with 0. or 127. right away.
-
Thursday 2nd June 2022 01:00 GMT eldakka
Re: Yeah, there's a matter of philospophy there
> I'd be fine with down scoping 127, but it should be more than just a single address. Some real it does stuff code uses multiple local addresses. Re-scoping them would be an easy re-factor. Rewriting everything to use just 127.0.0.1 would not.
Where does the article say that it'll just be a single address, 127.0.0.1, for loopback? The article states that there'll be 65k addresses - 127.0/16 - available for loopback:
Schoen's proposal is to reduce the range of this block so that only 127.0/16 is reserved for local loopback purposes.
-
Thursday 2nd June 2022 10:13 GMT Anonymous Coward
Re: Yeah, there's a matter of philospophy there
I often used a wide range of 127 addresses. If you need to tunnel to multiple systems you often need a simple way to allocate local addresses for your end of the tunnel. An easy scheme I saw online was to just replace the first part of your target's IP address with 127. I've never had a case where I wanted to tunnel to two machines who's IP address only differed in the first section.
Other schemes are of course possible but that one is simple.
At least this proposal is 65,536 times better than the case with IPv6 where given the choice of 340282366920938463463374607431768211456 addresses the miserly bastards only agreed to give us one loop back address where in most cases they had out things in chunks of 2^64 addresses.
-
Friday 3rd June 2022 02:18 GMT Jamie Jones
Re: Yeah, there's a matter of philospophy there
Yeah, only one defined loopback address for IPv6 is annoying.
Sure, we can assign unrouteable addresses and even block them from lan access, or better, assign 'private' address to the loopback interface itself, but it's aesthetically more pleasing to me to have all services that require an IP address that never needs to leave the machine under the 127.X.X.X scheme.
-
-
-
Thursday 2nd June 2022 11:44 GMT Crypto Monad
This isn't going to fly.
I was recently bitten by a much smaller example: I was in a hospital in Copenhagen, and the wifi network's public IP address was within 128.0/16 (i.e. it was 128.0.x.x). I was blocked from reaching a certain university site, and had to contact the university's network team to resolve it.
It turns out that 128.0/16 was a historical bogon, and despite ten years of work, it's still not been removed from bogon filters everywhere (it's even hard-coded in some router OSes). For more details see:
https://labs.ripe.net/author/mirjam/an-update-on-de-bogonising-12800016/
which was written in 2013.
So I can tell you now that the proposed new blocks will be utterly worthless. Please stick me behind a CGN, rather than assigning me an address from 0/8 or 127/8 !!
-
Thursday 2nd June 2022 18:45 GMT DS999
Yep I'll bet more than one company's router software has a built in block against traffic claiming to be from 127/8 entering from an outside interface. Wouldn't show up in the GUI or CLI, it was just assumed in the software to avoid accidental screwups and potential mischief.
Given the long second/third life of routers in third world countries you would run into this constantly in the places that would most benefit from additional IPv4 addresses.
And if the router sanity checks when you try to set its interface addresses and won't let you put '127' in as the first octet, what are you gonna do then if it is an obsolete model that's no longer getting software updates? "Buy a new router" is something we can say in the west, not something some small company trying to get by in the third world can easily make happen.
-
Friday 3rd June 2022 02:25 GMT Jamie Jones
Arrggh, yes. One big annoyance is that some time ago, someone wrote a tutorial on securing dns servers, and it included blocks for all BOGONS at the time.
One such unused block was 2.0.0.0/8 - it wasn't even ever invalid - it was just not used at the time.
Even today, there are nameservers around the world that will refuse to resolve any requests from a 2.0.0.0/8 address.
I know that about a year ago, the NHS nameservers were one. I did contact both NHS networking and nominet who were listed as responsible, but they never replied, and nothing was done.
I no longer use a 2.0.0.0/8 address, so can't test it currently, but it's probably still the same.
-
-
-
Friday 3rd June 2022 02:37 GMT Jamie Jones
I have used 127.127,127,127 in the past.
In its place, I now use 127.0.127.127 instead, though I doubt changing localhost allocation from 127.0.0.0/8 to 127.0.0/16 will ever happen.
In fact, whilst I have no objection to these proposals,I don't think in the real world, any of them will happen - there are still netblocks suffering from access issues and their only crime where that for a long while they were unallocated bogons - getting addresses that were actually invalid in the standard back in to use will never work.
-
-
-
Wednesday 1st June 2022 16:28 GMT heyrick
"We are continuing to encourage implementers to make the required changes, and developing software patches to support them. These addresses will gradually become more useful as more implementations accept them as valid address space," he wrote.
I think the author might be missing the point that IPv4 isn't going away any time soon because there's a shitload of stuff that only understands IPv4 and is never going to be updated.
-
Wednesday 1st June 2022 16:46 GMT John Robson
So it needs to live in an environment with a gateway…
IPv4 really shouldn’t be required online any more.
If your ISP router would support IPv6 then you can run whatever you like internally, and still present as IPv6 to the rest of the world.
Honest question - how much of the non domestic internet can’t handle IPv6 for public communications?
-
-
-
Thursday 2nd June 2022 20:43 GMT J. Cook
A lot of places don't have that choice- they have a single provider in their area due to location (rural areas), government permitted monopoly, or other reasons. (like not be able to get DSL because I'm 100 feet past the limit for the DSLAM, Cable company wants arm, leg, and first *AND* second born because they'll have to trench a line to you, Google and telecos passing laws to keep municipalities from running their own damned internet provider to it's citizens, Google promising fiber to the home and then pulling out after said municipalities give them the thumbs up on it so they don't have to deal with possible lawsuits, etc.)
-
-
-
Wednesday 1st June 2022 18:20 GMT Throatwarbler Mangrove
Unfortunately, I think a lot of smaller ISPs (for example SONIC) do not support IPv6 natively. I agree that it would be great if they did, but SONIC is focusing on building out their fiber optic capability instead, which I suspect is a more profitable endeavor for them than trying to get IPv6 working right. I, for one, would love to see it, but the project seems to have been put on indefinite hold.
-
Wednesday 1st June 2022 18:25 GMT Jim Willsher
Most carriers support it; backbone providers etc. But most ISPs - in the UK at least - who provide the last mile. BT, Virgin and EE are three, and they probably cover 80% of the domestic endpoints. I know you asked about non-domestic but the reality is that most users and probably most SMEs use domestic-class connections.
-
Thursday 2nd June 2022 08:28 GMT A Non e-mouse
Sky have supported IPv6 for years. I believe BT are rolling out IPv6 too. According to choose.co.uk/broadband/guide/market-share/ Sky & BT account for over 50% of the UK domestic broadband market.
-
Thursday 2nd June 2022 12:34 GMT Vestas
Sky started trialling IPv6 to end-users nearly a decade ago.
I was one of the UKOnline customers they "acquired" when they bought Easynet* and ended up doing some beta testing for them - it got you a direct line to third-line/NOC support back then so was worth the hassle.
More end-users were added when the SR102 router started rolling out - 2014 maybe?.
They rolled IPv6 out to all** end-users in 2016 and achieved something like 95-98% usage within a year or so.
If you're using a modern device (not designed for the USA market) then you will be using native IPv6 on all Sky broadband services - you can force IPv4 but unless you've got serious OCD then the 20-byte extra overhead in the header isn't noticeable.
The reason its taken BT/EE so long to transition the same way? They decided it was cheaper to acquire other ISPs IPv4 allocations by buying them - I lost count of how many small ISPs got subsumed into the absymal BT-owned Plusnet long long ago.....
*Easynet were the reason Sky were successful from day 1 on broadband compared to other entrants to the market. Great guys.
**there were some people who used their own routers which either didn't support IPv6 or had "issues", mainly user-generated ;).
-
-
-
-
Thursday 2nd June 2022 18:59 GMT DS999
CGNAT and IPv6 aren't mutally exclusive
I recently signed my mom up for AT&T's mobile broadband, since you can get more than enough data for her needs for $25/month if you pay a year in advance. That's a much better deal than from her cable or telco providers - she was paying nearly 3x as much! Plus outages should be rarer.
I was thinking this might finally be the thing that will make me enable IPv6 at home since AT&T assigns a 10/8 IPv4 address so I'd no longer be able to remote desktop into her PC over IPv4. But no, turns out AT&T uses CGNAT not only for the IPv4 address their mobile broadband hands out but their IPv6 addresses as well!
I ended up having her router run a script at startup to ssh into my router and provide me a tunnel I can connect through. So I guess enabling IPv6 on my home network will have to wait a few more years until something FINALLY comes along that I actually need it for!
-
Wednesday 1st June 2022 21:06 GMT tip pc
For your ipv6 router to route ipv4 it’ll be seen as a security risk as it’ll effectively have to either tunnel your ipv4 traffic to some end point you don’t control and NAT it like in cgnat or it’ll have to rewrite the ipv4 packet to be ipv6 and all the checksums and ssl security will be off so to do it properly it’ll effectively be a proxy and able to read all your encrypted coms.
Far easier for VM or any other isp to keep their nose out and just relay the packets as undisturbed as possible.
-
Thursday 2nd June 2022 13:48 GMT Anonymous Coward
"o some end point you don’t control"
It's usually provided by your ISP which already sees all of your traffic. MAP-E and MAP-T work this way, and they do encapsulate and tunnel IPv4 packets inside IPv6 ones. Here Sky uses MAP-T and Iliad MAP-E. The downside is they need specific CPE support to work, and many routers don't support them.
Other protocols work without CPE support, but need states to be kept on the ISP gateway, which means more resources and thereby costs.
-
Wednesday 1st June 2022 22:44 GMT Anonymous Coward
Public IP's are the key point here
That many of these changes don't necessarily need to target behind the firewall networks. If these new blocks are assigned as the single public ipv4 address for gateways that are doing NAT, then the IPv4 local networks don't need to grok IPv4.1 or IPv4E or whatever they call it. The gateway would just have to NAT the addresses back from IPv4.1 to IPv4.
You could probably do this in a week for all the *NIX systems with some ugly NAT and packet mangling rules, at least on ones from the post ipchains/tables/PF era.
Changing the rules of how IPv4 addresses are handled on the PUBLIC internet isn't the same impact as changing them on all IP networks. That said, we should show restraint with that idea. These addresses are not currentlypublicly route-able so that limits their impact of the public internet a bit. That said, unpatched clients would need to be behind another layer of address translation to handle connecting to the new addresses.
-
Friday 3rd June 2022 11:59 GMT Solviva
Re: Public IP's are the key point here
I think what you're trying to say is use these new addresses for the public IP address of a CGNAT network, so the CGNAT clients don't need to care about it. Well that's true... and holds so long as every other single IP publicly available address understands the new scheme.
Therein lies the problem, it's not the clients behind the CGNAT network, it's the public addresses (running systems unaware of the IP scheme juggling) which see traffic from what they think is a special address and discard it. It's those that need fixing. While you're at it, why not 'fix' them so they are IPv6 capable too. In which case, why bother fudging IPv4...
-
-
Thursday 2nd June 2022 09:21 GMT mark l 2
I have a VPS which only has IPv6 and it has to use a NAT64 gateway to access some resources which still don't have IPV6 versions.
And i am not talking about some small independent website but some big websites are still only accessible from IPv4.
This isn't too much of an issue for my VPS. But if this were a residential network with only IPv6 and had to rely on NAT64 gateway to access resources that are IPv4 only you end up in a situation with lot of people connecting to a IPV4 only website from the IPv4 of the NAT64 gateway, and if one person abuses the system the IPv4 addresses can get blacklisted.
Hopefully more website will go dual stack soon, as its especially easy if you use cloudflare for a website as its a simple setting change to support IPv6
-
-
Thursday 2nd June 2022 18:59 GMT Crypto Monad
> Honest question - how much of the non domestic internet can’t handle IPv6 for public communications?
Answer: most of it.
- Businesses are the slowest adopters of all. They don't like touching their firewalls, or having more complex rulesets, or adding potential attack vectors.
Dual-stack would be fine as a migration tool - e.g. roll out v6 this month, remove v4 next month. But it's not like that, since you can't migrate to v6 without cutting yourself off from most of the Internet. Instead, dual stack is an expensive "forever" proposition.
- Content providers have a pretty poor showing. In theory they can easily make their content available over both v4 and v6, and those behind the likes of Cloudflare can easily IPv6-enable their content at the click of a button.
But many major providers like the BBC are still dragging their feet. They probably don't have a business case for the work involved. Everyone can see them on IPv4, so why spend time enabling IPv6 and debugging any associated problems? Does all their logging and tracking and monetising work with IPv6? They won't want to risk any problems with that.
- As for domestic Internet: home networks are a mixed bag. Mobile networks in much of the world are the leaders here, since any traffic they can shift onto IPv6 is traffic shifted off their CGN (and the biggest content by volume, i.e. Google/Youtube and Facebook, is already accessible via IPv6). So there is a direct business case for them to do it.
-
-
Wednesday 1st June 2022 17:41 GMT Ken Hagan
"and is never going to be updated"
This is the point made at the end of the article. If you tell programmers for 40 years that .0 is reserved (and can be used to identify a network) then they will build that into their code. Likewise with 0/8 and 127/8. I've certainly written code that classifies addresses as multicast or node-scope based on the numbering. In fact, I'm not aware of any other way to perform such a classification, so I'm not even sorry.
-
-
Wednesday 1st June 2022 16:43 GMT Pirate Dave
?
So I guess the question isn't whether this should be done or not, but rather - who would get these new addresses? Are they going to auction them off like they do radio spectrum? If so, won't they just wind up getting hoovered up by the deep-pocketed likes of Microsoft, IBM, Verizon, etc, etc, for their own internal use, and won't do the rest of us Internetians any good?
-
Wednesday 1st June 2022 18:01 GMT DS999
Re: ?
Why would they need more addresses for internal use, when they have the whole 10.x.x.x space, and can re-use ranges of that over and over again for stuff that's internally internal (i.e. doesn't need to communicate with everything on their internal network)
They might not be grabbed by Microsoft or Verizon, but they would be grabbed in the west - when it is Asia and Africa that got shortchanged in the initial allocation and are most in shortage now (but to be fair, are also much further along the IPv6 path than we are for that very reason)
-
-
Thursday 2nd June 2022 05:00 GMT DS999
Re: "Why would they need more addresses for internal use"
Cloud does not need an IP per public facing instance, and never has. Web servers will share the same IP for many different domains, and since a lot of cloud is basically HTTP calls...
Even what isn't could use similar techniques where the API calls identify an instance and share an IP address, and it gets routed to the correct instance via an internal 10.x.x.x IP. The big cloud companies are not starving for IP addresses, though would probably buy some if a couple hundred million new addresses came online. Even a million would be way more than all the major cloud companies combined could ever use, and that would be less than 1% of what we'd get with 240/4.
-
Thursday 2nd June 2022 13:58 GMT Anonymous Coward
"Cloud does not need an IP per public facing instance"
O yes, they need if the customers ask for them. Some companies selling cloud offerings are already offering IPv6 only, and getting an IPv4 is an additional cost option.
"Web servers will share the same IP for many different domains"
Not all web servers are cheap ones sold for 9.99/year to run a lot of small sites on the same machine. You can't always share an IP for many reasons, from load to security.
256M addresses is just 32 addresses for 8 million customers, for example - if you look at clout providers scale you soon understand why cloud provider would like a large share of them.
-
Thursday 2nd June 2022 19:05 GMT DS999
Re: "Cloud does not need an IP per public facing instance"
Not all web servers are cheap ones sold for 9.99/year to run a lot of small sites on the same machine
They aren't running on the same machine. They have context switches that accept connections to a given IP, figure out what instance is being referred to, and send it to the part of the cloud handling that instance. Part of the reason why HTTP introduced persistent connections was to help with this sort of thing - after the connection is made that front end can be bypassed.
-
-
-
Wednesday 1st June 2022 20:28 GMT The Basis of everything is...
Re: ?
Worked on an as-a-service project a few years ago, where thanks to having to allocate multiple subnets at design time (and before launching too, so no idea just how big the subnets would really have to be, or how many we would actually sell) the 10.x.x.x space wasn't big enough.
Also brought home just how wasteful IPv4 subnetting really is, and how inflexible a lot of networky things are. For home use I have an entire IPv6 /48 just for fun, and I can't afford the 'leccy bill to use even a tiny percent of that. Even assuming I could get a gazillion RPi's in the first place.
-
Thursday 2nd June 2022 12:26 GMT SImon Hobson
Re: ?
The main idea behind having so many addresses in IPv6 isn't that you can have that many devices, but that you can have many addresses per device. The default is for each prefix to be /64 - which means a space big enough for :
* Devices to pick an address at random and there be very little chance of a collision.
* Devices to pick multiple addresses, and still have a very low chance of a collision.
* Devices to regularly change addresses for privacy, and still have a very low chance of a collision.
Software doesn't support it yet, but in principle it would be possible for a browser to use a different source address for every site you connect to. There are lots of possibilities once you get away from the idea of having AN address per device.
Being able to have a /56 or /48 from your ISP means you can have multiple networks. Just think, stick all the IoT stuff on there own networks segregated from your private stuff :)
-
Thursday 2nd June 2022 19:09 GMT DS999
Re: ?
Devices to regularly change addresses for privacy, and still have a very low chance of a collision.
Software doesn't support it yet, but in principle it would be possible for a browser to use a different source address for every site you connect to.
There is no privacy gained from that, because the rest of the IPv6 address exactly identifies you. That's like using youremail+xxx@gmail.com and thinking by giving every company a different 'xxx' you are gaining privacy.
-
Monday 6th June 2022 19:12 GMT SImon Hobson
Re: ?
True, the prefix will be the same - it's a lot like being behind NAT where you share an address.
But it completely negates one of the old (and no longer valid) criticisms that IPv6 enables tracking to the individual device by its IP. Privacy addressing has "been a thing" for some time now, so IPv6 is no worse than IPv4 & NAT when it comes to tracking by IP.
-
-
-
-
Wednesday 1st June 2022 22:54 GMT Anonymous Coward
Public IPs for NAT routers and firewalls gets the most milage
That way they are enabling connectivity for more hosts. I'd go so far as to say that if we are using these extended addresses that it's fair to not only require them to be issued to gateways serving a decent number of clients, but that they could be required to host specific services like IP 624 and 426 NAT for their clients, host VPN connections, etc. That way the hosts behind them are two way discoverable unless their admins make a given host unrouteable or unlisted for security reasons.
-
-
-
Wednesday 1st June 2022 17:14 GMT Anonymous Coward
Re: Party Line
Mobile carriers (at least in my neck of the woods) already heavily use NAT... I wonder if residential cable could use NAT a lot more heavily as well. Each neighborhood gets a single IPv4... and if you want to do something unsupported like a run a server with an open port, pay an extra ten bucks/mo to get your own IP.
-
Wednesday 1st June 2022 23:01 GMT Anonymous Coward
Please don't give the US cable companies more ideas.
My life is hard enough without losing my public IP address. There is a huge difference between issuing me and IP that I control the DNS, routing, and port mapping on and the helpless misery of someone on carrier grade nat with NO control over those things.
As an example deciding which of the devices on the local network gets mapped to the external IPs port 80 is not the same as which of 100k customers that don't know each other "wins the lottery" or otherwise the 100k second class citizens that can't participate as equals on the public internet.
-
-
-
Thursday 2nd June 2022 12:33 GMT SImon Hobson
Re: Please don't give the US cable companies more ideas.
You seem to forget that in the UK we have it quite good. While the majority of us are stuck with BT OpenRetch infrastructure, we have a choice of ISP. Over the other side of the pond, the market is disfunctional - with rules designed to allow ISPs to claim (for the official stats) they provide services that aren't actually available*, and with nice agreements between providers to carve up the nation into a number of small monopolies so they can give the public a good shake down.
* Things are divided into blocks, and if just one property (say one right next door to the exchange) can get a service, then the whole block is deemed to be able to get it. So massive areas are officially able to get high speed services via (e.g.) DSL but in reality no-one actually can - except that one house next to the exchange. So according to official stats, there's lots of competition, so no reason to (e.g.) reign in the cable companies monopolistic practices.
There's also the matter that if you have an apartment (flat in UK terminology), then what you can have may well be decided by which single provider the building management have decided to permit.
-
Friday 3rd June 2022 03:18 GMT Martin-73
Re: Please don't give the US cable companies more ideas.
But cable is a dead technology nonetheless... (yes by this argument so are phonelines). It's internet piggybacking on something that has had its day. FTTH for everyone. And refusal by any company (be it landline or cable) to open their network should lead to punitive fines
-
Monday 6th June 2022 10:25 GMT Peter2
Re: Please don't give the US cable companies more ideas.
Have you ever looked at how much it would cost to dig a trench between the exchange and every house and run and terminate fibre to every house?
I have done this properly once, for putting a FTTP line in. The cost was eyewatering and unaffordable even by business standards. Copper cables are here to stay for a very, very long time simply due to the economics unless somebody comes up with a cheap way of installing FTTP.
-
Monday 6th June 2022 13:15 GMT tip pc
Re: Please don't give the US cable companies more ideas.
Anyone who needed private circuits will know about excess construction charges.
It’s not uncommon to have ecc’s running £20k+.
Back in the early 2000’s 2mb frame relay circuits could cost £3k a month including those ecc’s amortised over 3+ years.
That was just normal.
Civils are civils and need paying for if you need the circuit.
-
-
-
-
-
-
-
-
-
Wednesday 1st June 2022 23:08 GMT Anonymous Coward
Re: Party Line
Not the same thing, as CGNAT shares a public address with customers on different accounts that have no relationship with each other.
If your ISP gives your router one address, you can provision it as you see fit, even if it's not a static ip. The issues are that sharing IP's with other users on a local network is different than two webservers from different operators sharing the same IP, which breaks parts of the webs security model. This was already an issue for shared hosting, and dangerous for users who are behind versions of CGNAT that aren't visible to the end user.
This allowed some network level webserver attacks on customers on the older cable builds back in the day.
-
-
-
-
Wednesday 1st June 2022 22:24 GMT david 12
Re: Party Line
All of my important stuff is in the cloud already. The only reason I have a fixed IPV4 address is for IOT demor servers and legacy systems that could be turned off today. -- although the VOIP phones are IPV4 and don't work with some versions of CGNAT, they work perfectly well with the IPV6 backbone and stable NAT used by our provider.
-
Thursday 2nd June 2022 10:26 GMT oiseau
Re: Party Line
All of my important stuff is in the cloud already.
Really?
All of it, in the cloud?
"All clouds are made up of basically the same thing: water droplets or ice crystals that float in the sky."
I would not be caught dead in that situation.
Nevertheless, I cannot but commend you for your unbridled optimism.
As for me, I stay away from all that and avoid the eventual* leap into headlong despair.
*ie: not if but when.
O.
-
Thursday 2nd June 2022 12:36 GMT SImon Hobson
Re: Party Line
All of my important stuff is in the cloud already
And there is another issue with the way things are heading. CGNAT is another nail int eh coffin of being able to choose - i.e. it further reinforces the power of the ever fewer and more powerful hosting and content providers to the detriment of end user choice.
-
-
Thursday 2nd June 2022 09:41 GMT mark l 2
Re: Party Line
CGNAT is also bad when one bad actor behind the NAT server does something to cause the public IP to get blacklisted.
My old ISP used to use it and I found I couldn't access a website because the CGNAT IP address had been blocked for abuse, as far as the website was concerned everyone behind the NAT was connecting from one public IP.
-
-
-
-
Wednesday 1st June 2022 17:28 GMT Kevin McMurtrie
If you can't upgrade...
If you have old crud that can't upgrade to IPv6, how are you going to upgrade the IPv4 allocations? Think of all the hardcoded subnets in firewall rules, routing rules, and configuration wizards. It's in your old network hardware, your old OS, and your old apps.
It makes NAT or IPv6 look easy by comparison.
-
Wednesday 1st June 2022 23:18 GMT Anonymous Coward
Re: If you can't upgrade...
That's not really the use case here. The benefit is more likely to allow people and companies to participate the in the public IPv4 internet with existing IPv4 only devices. That doesn't mean you need to make every IPv4 device understand the new address layout. It means that publicly facing devices need to be. Updating routers and firewalls isn't the same as forcing updates on IPv4 device. (or you can sit a new gateway in front of your old one if you feel like being that lazy... :-)
So you can leave your 500 out of warranty IP cameras and old DVR on a 20 year old switch. Probably your service provider would take care of the handoff in your router or CPE, or you could do it in a firewall.
-
-
Wednesday 1st June 2022 17:49 GMT R Soul
far beyond stupid
This idea is bat-shit crazy.
There's an unknown but significant installed base that cannot properly handle these "special" /8s. There's next to no chance of fixing those elderly and unsupported/unmaintained protocol stacks.
Even if these backwards compatibility issues could be addressed (excuse the pun), freeing up those three /8s will be an utter waste of time. In the last 3-4 years of IPv4 distribution, the Internet went through 1 /8 of v4 every month or theresabouts. If these three /8s could be made available now - how? - they'd be used up by September. And probably a lot sooner than because the address brokers and speculators will surely snaffle them up.
Stop fucking about with the dregs of IPv4. There's no point. Any effort wasted on that is better spent getting IPv6 deployed.
-
-
-
Thursday 2nd June 2022 09:26 GMT Charlie Clark
Sort of depends where you live. IPv6 is now the default for mobile networks because it's supported by both Android and IOS and mobile devices dominate the internet. However, because these networks are generally private, the internet "looks" less IPv6 than it probably already is.
The important thing is that the move towards IPv6 is now hardly noticeable thanks to the gateways.
-
Thursday 2nd June 2022 12:11 GMT Vestas
You already lost that bet so cough up the house... :)
The ONLY reason we're having this stupid fucking discussion again is because the USA has over 40% of the IPv4 addresses available and insists that IPv6 is "too difficult".
Buy non-USA networking kit and oh look - it works. PROPERLY!
If you can't/won't implement a working IPv6 stack in equipment* then GTFO of the industry as you're not competent.
*Liberty Global (Virgin Media in the UK) being the poster child of this.
-
-
-
Wednesday 1st June 2022 18:05 GMT DS999
I still have a single C class
I got almost 30 years ago.
I've watched the value slowly increase over time, last I checked I could probably get about $5000 for it. I keep waiting figuring it can only go up in value. Adding a bunch of new IPv4 space would probably depress that value but it would probably also depress momentum towards eliminating IPv4 so in the long run it might make my class C even more valuable lol!
-
-
-
Friday 3rd June 2022 05:53 GMT Jamie Jones
Re: I still have a single C class
ICL stopped using their "class B" when I was still there, over 20 years ago.
It's still sitting there unused now. (assigned to Fujitsu who swallowed up ICL)
-
-
-
Wednesday 1st June 2022 18:23 GMT R Soul
Somebody's talking bollocks
The article says "a new initiative has been proposed that could free up hundreds of millions of addresses that are currently unused". But it only mentions 3 /8s. Which can't easily be brought into use. 3 /8s is ~48M IPv4 addresses. Which is quite a lot less than hundreds of millions.
BTW if there were hundreds of millions of IPv4 addresses going spare, somebody would have figured out how to distribute them by now. They haven't. That's because there's next to no IPv4 space left to allocate. It's almost all gone.
-
Wednesday 1st June 2022 19:03 GMT Anonymous Coward
Re: Somebody's talking bollocks
No, "Class E" is a /4. So it's about 256M - which looks a lot maybe for a single RIR (but APNIC) - but if you start to allocate pieces of it to each RIR, they don't look so many after all. And cloud providers would probably go after them immediately...
Also while computer OS might take those addresses without issues - the problem is network devices which may have embedded OS far pickier.
-
Wednesday 1st June 2022 23:06 GMT R Soul
Re: Somebody's talking bollocks
Oops! I misread 240/4 as 240/8 - so shoot me.
240/4 means 16 /8s, not one. So at previous depletion rates, if that address space was available - and it can't be for legacy reasons - 240/4 would last until around the end of next year. At which point we're back where we are today: no more IPv4 and a need to deploy IPv6.
-
-
Wednesday 1st June 2022 20:59 GMT martinusher
Re: Somebody's talking bollocks
The US DoD owns a huge block of addresses.
Incidentally, I've been watching IPv6 touted as the 'new thing' for well over 20 years now. Its adoption has been fairly glacial because its really unwieldy to use, its what I'd term 'inelegant'. Maybe what we should come up with is IPv5, something with a larger address space (but not so ludicrously large as v6) and without all the extra bells and whistles that v6 brought that never really got implemented.
(v6 for me breaks one of the most important rules, one that this article touches on. Don't go around subdividing spaces by address blocks in anticipation of some future development. A number's a number so apart from one or two widely known and used constants all addresses should be equivalent, we're long past the point where a /8 and /24 could take advantage of different processing paths.)
-
Thursday 2nd June 2022 07:12 GMT Kevin McMurtrie
Re: Somebody's talking bollocks
I've found IPv6 really easy to use. It's the IPv6 instructions that are absolute crap. Inconsistent terminology, sample configurations where you don't know if the address is supposed to be LAN or WAN, and junk that just plain doesn't work.
Take Docker, for example. For years, the IPv6 instructions said
{"ipv6": true}
and you're done.After billions of downvotes, it became:
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:1::/64"
}
It needs another billion downvotes because it's actually all of this:
{
"ip6tables": true,
"ipv6": true,
"fixed-cidr-v6": WAN or LAN of exactly /80,
"experimental" : true
}
It's good to know if you're hitting the eternal IPv4 SNAT bug.
-
-
Thursday 2nd June 2022 06:58 GMT ChrisBedford
But it will just delay the inevitable
"Testing and changing all devices that know that 240/8, 0/8, and 127/8, etc, are 'special' is a bigger job than making them just use IPv6," tweeted Adrian Kennard, who runs UK ISP Andrews & Arnold. "The 0 address being usable probably only helps local networks."
Yah not to mention it's just a way of dragging out the transition by giving admins an excuse to delay it another year - or two, or three. Sounds to me like more work than actually just biting the bullet and making the jump to IP6
-
Thursday 2nd June 2022 07:00 GMT Donchik
What about the range gluttons?
Some government and corporate enterprises have whole blocks of ip numbers for their personal business use.
Whilst useful to them perhaps its time to get the vast amount of unused numbers freed up by requiring evidence of need.
Xerox, Amazon, Alibaba, AT&T even Ford, Mercedes Benz have entire address ranges to themselves. HP even has two! 15.x.x.x and 16.x.x.x
100s of millions of numbers could be freed up by less wasteful allocation to powerful corporations.
https://myip.ms/info/ip_ranges_blocks/Major_Biggest_IP_Address_Ranges_in_Internet.html
-
Thursday 2nd June 2022 10:04 GMT Anonymous Coward
Re: What about the range gluttons?
> HP even has two! 15.x.x.x and 16.x.x.x
Not any longer.
All of 15 is still in the hands of HP or its offshoots but a lot might be used to systems they manage for customers.
16 has been well and truly broken up (?$$$$$sold$$$$$?) Amazon has lots of it these days, with HPE only having parts of the range.
They've still got a ridiculous number of addresses though and almost all are behind their firewalls and on non-routed subnets. At one point for us minnows if the numbering authorities couldn't ping a majority of your addresses they warned that you'd lose your allocation. Once upon a time I had a whole class "C" because why not, they had that back off me decades ago.
When I used to work for HP they didn't just have their main class A, they also had a large number of both class B & C networks. Not sure if any of that lot still exist.
-
Friday 3rd June 2022 12:35 GMT Anonymous Coward
Re: What about the range gluttons?
They do similar where I work. The 'mothership' will give subnets out for groups/units to use for their DHCP clients, but they regularly check for how much of your allocation is actually used.
So my boss challenged me several years ago with getting the unused addresses looking used, put together an openwrt image to run in a VM for each host, ca 50MB for the image, 50MB RAM used. To the world they all looked like different devices.
-
-
Thursday 2nd June 2022 10:17 GMT R Soul
Re: What about the range gluttons?
Some government and corporate enterprises have whole blocks of ip numbers for their personal business use. Whilst useful to them perhaps its time to get the vast amount of unused numbers freed up by requiring evidence of need.
Most of those blocks were handed out long before the policy of needs-based address allocations or the RIRs existed. So it's not possible to forcibly reclaim unused addresses from them. There's no legal basis for that action. Assuming there was an IPv4 address police. Which there isn't.
These "legacy" IP addresses are already being freed up and recycled. For example, the UK government started selling off unused chunks of DWP's 51/8 in 2015: https://www.bbc.co.uk/news/technology-32826353. Microsoft bought Nortel's address space after the company went bust in 2011.
Further tinkering with IPv4 address allocations is too silly for words. If all of the IPv4 space was available and could be perfectly distributed/utilised, it would not be enough. ~4 billion addresses is too small for a planet with 7-8 billion people. Trying to get closer to 100% utilisation of IPv4 is pointless. There just aren't enough v4 addresses to go round.
-
Thursday 2nd June 2022 19:18 GMT DS999
Re: What about the range gluttons?
The problem wasn't companies like HP, IBM and Apple coming along and saying "hey give us a class A because we think we need it!" they were assigned them because they were "big companies".
Whoever decided to carve up the space in class A, class B, class C etc. is to blame. I don't blame them for not knowing we'd have billions of connected devices a few decades later so running out of addresses was an issue, but I do blame them for the concept of "class A". There was no conceivable use for that many addresses for anyone back then, beyond the US government/military. Handing them out to corporations was dumb, they could have easily foreseen that the number of companies of the sizes they were handing them out to was far greater than the number of class A addresses available.
-
Thursday 2nd June 2022 21:32 GMT Anonymous Coward
Re: What about the range gluttons?
Whoever decided to carve up the space in class A, class B, class C etc. is to blame.
Hindsight is a wonderful thing.
The Class A/B/C approach seemed right at the time. But even with far more conservative allocation policies back then it would have made no difference. ~4B IPv4 addresses couldn't be enough for the then global population of 4-5B. And few people then thought exhausting a 32-bit address space was a reasonable possibility. Or that zillions of people would walk around with computers in their pocket.
-
Friday 3rd June 2022 06:37 GMT DS999
Re: What about the range gluttons?
There is hindsight and there is obvious.
I don't think there was any conceivable way that class A had any reason to exist in the 80s, and if they figured "well someday people will need netblocks that big" they should have held them all in reserve while assigning class Bs to everyone in the meantime.
-
-
-
-
-
Thursday 2nd June 2022 09:32 GMT Charlie Clark
Drop in the ocean
While the potential number of addresses sounds like a lot, it's really only a fraction of those that are already required. The downside is an unknown number of potentially critical devices failing because they can't be updated.
Apart from the fact that IPv6 and CGNAT are already deployed in the places that need these addresses, it would be simpler to take back some of the massive over allocations to US companies and institutions as these are not "classified" for particular types of use. Well, simpler technically but I'm sure the lawyers would make it legally a nightmare!
-
Thursday 2nd June 2022 13:11 GMT Franco
I feel like I'm back in 2011 when Microsoft bought ~666,000 IP addresses for $7.5m from the remnants of Nortel. Wonder what they're worth now?
https://www.bbc.co.uk/news/technology-12859585#:~:text=Microsoft%20has%20offered%20to%20pay%20%247.5m%20%28%C2%A34.7m%29%20for,generation%20of%20address%20is%20close%20to%20running%20dry.
-
Thursday 2nd June 2022 13:17 GMT Pat 9
So hear me out
Why not just make IPv6 public and IPv4 private? Internal networks don't have to make any changes, most users get a dhcp address from their ISP so no work done on their end except maybe a modem reboot. I understand the "but everything can have a public address" but in reality that is the last thing I want.
I guess I want my cake and to eat it too. Thoughts?
-
Thursday 2nd June 2022 13:32 GMT Vestas
Re: So hear me out
You could just NAT the IPv6 range you're assigned if you wanted to. You have both public and local IPv6 addresses on a native IPv6 LAN anyway so just NAT the IPv6 WAN to the local IPv6 addresses, same as you'd do with IPv4.
Why you'd want to do that is a different matter as its unlikely to improve anything - security/obscurity/whatever you're thinking of......
-
Thursday 2nd June 2022 14:22 GMT Anonymous Coward
"Why not just make IPv6 public and IPv4 private?"
Because it can't work. You can't reach an IPv6 address if your use only an IPv4 one, unless using a lot of tricks.
Say for example you type "www.theregister.com". The DNS is invoked and it returns an IPv6 address. The IPv4 stack has no idea how to reach it - and how to build a packet for such destination. So you start to need tricks... and like any tricks they may bring more complications than the problem they solve.
"but in reality that is the last thing I want."
The firewall will take care of that. The implied "deny rule" of NAT was just a side effect, but it works like a simple "deny all" rule of any firewall. Proper algorithms assigning random addresses from the 2^64 space makes tracking single devices quite difficult. They can track the prefix, just like they can track the public IP assigned to you now. But tracking is today far more exte4nsive using other techniques.
-
Thursday 2nd June 2022 14:26 GMT Vestas
Re: "Why not just make IPv6 public and IPv4 private?"
Dual-stack IPv4 over IPv6 is deployed fairly widely (not in the USA) in ISP-supplied consumer routers. It has issues but arguably a lot less than CGNAT.
I realise we're diverging somewhat but IPv4 NAT over a native IPv6 network is the norm for a lot of users and isn't in any way new.
-
-
-
Thursday 2nd June 2022 14:07 GMT Eric Kimminau TREG
YAY! Lets break all EOL Operating Systems
Every OS that is End Of Life with an IPv4 TCP stack is going to break with any/all of these changes.
Im not advocating use of EOL OS. It is just reality that there are still a LOT of systems s till running EOL OS.
I know of manufacturing plants still running embedded systems with NT4, WIndows 95, Windows XP, Server 2000, 2003, 2008, ME, etc.
I hope a part of this is a standard NAT rule set to implement on the gateways/firewalls separating the legacy from "current" networks.
-
Friday 3rd June 2022 09:30 GMT Franco
Re: YAY! Lets break all EOL Operating Systems
IMO that's a non-issue. I encounter lots of those types of embedded systems as well (E.g. CNC machines) and if they're networked at all it's only on a small private isolated VLAN o completely air-gapped network so that job files can be put on the embedded systems.
Not only are they on those networks now, but they always have been even before their OSs went EoL.
-
Saturday 4th June 2022 01:43 GMT DerekCurrie
If only...
...The IPV6 standard had simply incorporated all the IPV4 numbers. It would have been dead simple. But no. It had to be a PITA with no backwards compatibility. Welcome to techno hell.
It may not be too late to fix it! Ask me how if you can't figure it out for yourself. It's NOT hard.
*sigh*