back to article Tweaks to IPv4 could free up 'hundreds of millions of addresses'

It may be nearly three years since the world officially exhausted all of the available IPv4 internet addresses, but now a new initiative has been proposed that could free up hundreds of millions of addresses that are currently unused – or are they? While the world is still slowly moving towards broader adoption of the newer …

  1. Anonymous Coward
    Anonymous Coward

    I'd love to be able to use the .0 in a subnet as a default gateway! I hate having to either choose .1 (so my actual hosts start from .2) or .254 (YUK)

    1. A Non e-mouse Silver badge
      Happy

      I think you're opening a big can of worms there with the ol' first Vs last address for your gateway.

      I'll just get a fresh box of popcorn and enjoy the show.

      1. Anonymous Coward
        Anonymous Coward

        Re: first Vs last

        Simples

        If your network was designed by the system admins the GW is tucked at its right and proper place out of the way at the end

        If your network was designed by the network admin team then it's on the first address and they don't see why any of the actual computers needs connecting to their network anyway

        Sadly I don't like popcorn, is it too early in the morning to sit back and watch with a pint in my hand?

        1. greenwood-IT

          Re: first Vs last

          Haha,

          Well I've stuck with a setup we developed for a 50,000 PC deployment with over 2000 sites. The router goes at .200 with clients on DHCP below, and "important stuff" on the higher numbers above. It does mean the first PC on site is .1, so names and IP addresses can match if you really want :-)

          Chat soon.

          1. Anonymous Coward
            Anonymous Coward

            @greenwood-IT - Re: first Vs last

            What do you mean the first PC. What's so special about it ? Are you using IP address reservation just to do that ?

            You know, asking for a friend.

    2. Anonymous Coward
      Anonymous Coward

      I’ll bite

      You can use any address in the subnet as the gateway.

      Doesn’t have to be the first or the last.

      I agree that .0 would be useful as a vip or gateway address.

      It grates me seeing the first few numbers of the last octet as interface IP’s then the vip address, why not just make the vip the first or the last then you can add other ha IP’s if needed perhaps when migrating?

    3. Mayday

      /31

      /31s allow for this on point to point links.

      Understand your suggestion/query of course.

    4. Anonymous Coward
      Anonymous Coward

      If you use a netmask smaller than /24, you can already use .0 if that's esthetically more pleasing to you.

      Eg, 192.168.1.0/23 is a valid, usable IP address.

      1. Mayday
        Headmaster

        /23

        /23 is double the size of a /24.

    5. J.G.Harston Silver badge

      Pah! File server on .254, printer server on .235. :)

    6. Solviva

      Years ago when we had a /29 at home (those were the days ;) so e.g. X.X.X.160 - X.X.X.167 were routable from the outside world, I made a small tweak such that the internal subnet was actually X.X.X.160/28 so rather than X.X.X.167 being dead wood, it was a fully usable address.

      The only downside was that we couldn't communicate with whoever really did have X.X.X.168/29, but then I don't think we wanted to...

      Releasing 240/4 to the world would likely work for the most part, but you'd end up with corner cases of old equipment ignoring those addresses and so that whole subnet would be like second-class IP address. Slightly better than NAT, but at the same time slightly worse.

      "Changing these into recognized unicast addresses was previously proposed to the IETF more than a decade ago and apparently implemented in several operating systems now running in millions of nodes on the internet, and "has not caused any problems over the past decade," he states."

      That's like adding a faulty disk to a computer for future use and when the OS correctly lists it as being present, reporting "it's not caused any problems since we installed it". Well no, but as soon as you 'activate' it i.e. mount and use it, then that's when you'll notice problems.

  2. A Non e-mouse Silver badge

    I can see the pros with the 0/8 & 240/4, but the reduction of 127/8 to a /16 could cause problems: I've seen systems configured with 127.1.x.x on their loopback interface.

    (No, I'm not going to get into the debate about IPv6. Yes, I have configured systems to use IPv6 so don't try and accuse me of being a luddite)

    1. DS999 Silver badge

      0/8 no way

      A long time ago I worked at a location that had a B class address x.255.0.0. Solaris would not accept that as a valid address for the first few releases, you had to tell the installer the address was x.254.y.z and fix it up after the install was complete. I doubt that was the only such case, just the only one I was aware of. Now multiply that a thousand fold because there is no way there aren't a bunch of GUIs that won't take '0' as the first octet, not to mention a bunch of TCP/IP stacks that treat any 0/8 via some sort of special case.

      Not worth the hassle when using 240/4 sounds easy and is 15x larger (not 16x, because 255/8 has the same problem)

      The idea is to have something you can use immediately, not only those running the right sort of software.

      1. cweinhold

        Re: 0/8 no way

        All of the IP change suggestions will break thousands of home-brew administrative systems and low-quality open source projects whose authors thought their sketchy IP parsing algorithm was somehow better than inet_aton. This is a good thing, since such software likely has many other logic problems and needs to be replaced or updated.

        Another good thing is that /31 and .0 are mainstream today. The first thing I do with new network gear is configure a /31 and, if it won't do it, I chuck it.

        A final good thing is that we already did this in the 90's with CIDR (rfc 1519), which changed fundamental treatment of IP addresses. The Internet was much smaller back then, but CIDR was still a pretty big deal at the time.

    2. Anonymous Coward
      Anonymous Coward

      Yeah, there's a matter of philospophy there

      Which is that while ALL of these proposals will require changes, the 127 changes will cause client and server configs to need to be re-addressed. I don't see this as a huge problem, but it's not something you can just push out as an active feature in a patch and not blow a few things up.

      I'd be fine with down scoping 127, but it should be more than just a single address. Some real it does stuff code uses multiple local addresses. Re-scoping them would be an easy re-factor. Rewriting everything to use just 127.0.0.1 would not.

      Stuff down in the 0's would get weird too. But both of those could be a place to shift local multicast traffic, which could also let them re-scope some of the big multicast blocks to something else. Those are also pretty sparse. Has the added benefit that is might "accidentally" break mdns/bonjour traffic.

      But I think that we should grab the low hanging fruit first, and implement changes that stay more within the the tcp stack than higher level application code instead of mucking about with 0. or 127. right away.

      1. eldakka

        Re: Yeah, there's a matter of philospophy there

        > I'd be fine with down scoping 127, but it should be more than just a single address. Some real it does stuff code uses multiple local addresses. Re-scoping them would be an easy re-factor. Rewriting everything to use just 127.0.0.1 would not.

        Where does the article say that it'll just be a single address, 127.0.0.1, for loopback? The article states that there'll be 65k addresses - 127.0/16 - available for loopback:

        Schoen's proposal is to reduce the range of this block so that only 127.0/16 is reserved for local loopback purposes.

      2. Anonymous Coward
        Anonymous Coward

        Re: Yeah, there's a matter of philospophy there

        I often used a wide range of 127 addresses. If you need to tunnel to multiple systems you often need a simple way to allocate local addresses for your end of the tunnel. An easy scheme I saw online was to just replace the first part of your target's IP address with 127. I've never had a case where I wanted to tunnel to two machines who's IP address only differed in the first section.

        Other schemes are of course possible but that one is simple.

        At least this proposal is 65,536 times better than the case with IPv6 where given the choice of 340282366920938463463374607431768211456 addresses the miserly bastards only agreed to give us one loop back address where in most cases they had out things in chunks of 2^64 addresses.

        1. Jamie Jones Silver badge

          Re: Yeah, there's a matter of philospophy there

          Yeah, only one defined loopback address for IPv6 is annoying.

          Sure, we can assign unrouteable addresses and even block them from lan access, or better, assign 'private' address to the loopback interface itself, but it's aesthetically more pleasing to me to have all services that require an IP address that never needs to leave the machine under the 127.X.X.X scheme.

    3. DougMac

      There are setups already using the rest of 127/8 for internal IP addressing.

      Granted, they can all change over time.

      But since the realistic time-frame of changing everything over is decades long, they'll have time.

    4. Crypto Monad Silver badge

      This isn't going to fly.

      I was recently bitten by a much smaller example: I was in a hospital in Copenhagen, and the wifi network's public IP address was within 128.0/16 (i.e. it was 128.0.x.x). I was blocked from reaching a certain university site, and had to contact the university's network team to resolve it.

      It turns out that 128.0/16 was a historical bogon, and despite ten years of work, it's still not been removed from bogon filters everywhere (it's even hard-coded in some router OSes). For more details see:

      https://labs.ripe.net/author/mirjam/an-update-on-de-bogonising-12800016/

      which was written in 2013.

      So I can tell you now that the proposed new blocks will be utterly worthless. Please stick me behind a CGN, rather than assigning me an address from 0/8 or 127/8 !!

      1. DS999 Silver badge

        Yep I'll bet more than one company's router software has a built in block against traffic claiming to be from 127/8 entering from an outside interface. Wouldn't show up in the GUI or CLI, it was just assumed in the software to avoid accidental screwups and potential mischief.

        Given the long second/third life of routers in third world countries you would run into this constantly in the places that would most benefit from additional IPv4 addresses.

        And if the router sanity checks when you try to set its interface addresses and won't let you put '127' in as the first octet, what are you gonna do then if it is an obsolete model that's no longer getting software updates? "Buy a new router" is something we can say in the west, not something some small company trying to get by in the third world can easily make happen.

      2. Jamie Jones Silver badge

        Arrggh, yes. One big annoyance is that some time ago, someone wrote a tutorial on securing dns servers, and it included blocks for all BOGONS at the time.

        One such unused block was 2.0.0.0/8 - it wasn't even ever invalid - it was just not used at the time.

        Even today, there are nameservers around the world that will refuse to resolve any requests from a 2.0.0.0/8 address.

        I know that about a year ago, the NHS nameservers were one. I did contact both NHS networking and nominet who were listed as responsible, but they never replied, and nothing was done.

        I no longer use a 2.0.0.0/8 address, so can't test it currently, but it's probably still the same.

    5. bombastic bob Silver badge
      Devil

      I've only seen 127.0.x.x actually in use, and I've often made use of alias loopbacks with different 127.0.0/24 addresses. So normally I would assume that outside of 127.0/16 it could (theoretically) work to free them up.

      I would rather see IPv6 universally implemented, though...

      1. Jamie Jones Silver badge

        I have used 127.127,127,127 in the past.

        In its place, I now use 127.0.127.127 instead, though I doubt changing localhost allocation from 127.0.0.0/8 to 127.0.0/16 will ever happen.

        In fact, whilst I have no objection to these proposals,I don't think in the real world, any of them will happen - there are still netblocks suffering from access issues and their only crime where that for a long while they were unallocated bogons - getting addresses that were actually invalid in the standard back in to use will never work.

  3. heyrick Silver badge

    "We are continuing to encourage implementers to make the required changes, and developing software patches to support them. These addresses will gradually become more useful as more implementations accept them as valid address space," he wrote.

    I think the author might be missing the point that IPv4 isn't going away any time soon because there's a shitload of stuff that only understands IPv4 and is never going to be updated.

    1. John Robson Silver badge

      So it needs to live in an environment with a gateway…

      IPv4 really shouldn’t be required online any more.

      If your ISP router would support IPv6 then you can run whatever you like internally, and still present as IPv6 to the rest of the world.

      Honest question - how much of the non domestic internet can’t handle IPv6 for public communications?

      1. Andy E
        FAIL

        Virgin Media home routers don't know what IPv6 is. They only do IPv4.

        1. Anonymous Coward
          Anonymous Coward

          So pick an ISP that isn't living in the stone age. Even BT can do IPv6 for fuck's sake - why not Beardie net?

          1. J. Cook Silver badge
            Pirate

            A lot of places don't have that choice- they have a single provider in their area due to location (rural areas), government permitted monopoly, or other reasons. (like not be able to get DSL because I'm 100 feet past the limit for the DSLAM, Cable company wants arm, leg, and first *AND* second born because they'll have to trench a line to you, Google and telecos passing laws to keep municipalities from running their own damned internet provider to it's citizens, Google promising fiber to the home and then pulling out after said municipalities give them the thumbs up on it so they don't have to deal with possible lawsuits, etc.)

            1. Anonymous Coward
              Anonymous Coward

              Yeah, but that could be fixed by legaslation. Here in the UK, the local loop is not the responsibility of the ISP. As such, anyone in the UK can choose from a large number of ISPs, as they all have access to the network infrastrructure, which is rented out to any ISP that wants it.

              1. Anonymous Coward
                Anonymous Coward

                I don't know why the downvote... He/She is correct.

        2. Martin-73 Silver badge

          So.... virgin lose lots of money having to replace routers they had designed to an already obsolescent protocol. Cry me a river. It's not really a valid ISP anyway, just the default for people who have a bug in their hat about openreach

          1. the reluctant commentard

            They don't even need to replace them - just deploy different firmware. Virgin is Liberty Global, in The Netherlands that's Ziggo which uses the exact same modems and does support IPV6 including prefix delegation.

        3. Missing Semicolon Silver badge

          Virgin media Business also only hand out IPv4. You can have a /29.

        4. Felim_Doyle

          Virgin Media* in the Republic of Ireland has IPv6 because it inherited the network from NTL so they have the technology elswhere, just having difficulty implementing it in the UK.

          *Virgin Media in this context is actually Liberty Global using the VM name under licence.

      2. Throatwarbler Mangrove Silver badge
        Meh

        Unfortunately, I think a lot of smaller ISPs (for example SONIC) do not support IPv6 natively. I agree that it would be great if they did, but SONIC is focusing on building out their fiber optic capability instead, which I suspect is a more profitable endeavor for them than trying to get IPv6 working right. I, for one, would love to see it, but the project seems to have been put on indefinite hold.

        1. Charlie Clark Silver badge

          Fortunately, IPv4 isn't going anywhere soon but an ISP that doesn't do IPv6 by now really shouldn't be calling itself an ISP. Regardless of the merits or flaws of IPv6 network and sys admins should be able to handle it.

      3. Jim Willsher

        Most carriers support it; backbone providers etc. But most ISPs - in the UK at least - who provide the last mile. BT, Virgin and EE are three, and they probably cover 80% of the domestic endpoints. I know you asked about non-domestic but the reality is that most users and probably most SMEs use domestic-class connections.

        1. A Non e-mouse Silver badge

          Sky have supported IPv6 for years. I believe BT are rolling out IPv6 too. According to choose.co.uk/broadband/guide/market-share/ Sky & BT account for over 50% of the UK domestic broadband market.

          1. Vestas

            Sky started trialling IPv6 to end-users nearly a decade ago.

            I was one of the UKOnline customers they "acquired" when they bought Easynet* and ended up doing some beta testing for them - it got you a direct line to third-line/NOC support back then so was worth the hassle.

            More end-users were added when the SR102 router started rolling out - 2014 maybe?.

            They rolled IPv6 out to all** end-users in 2016 and achieved something like 95-98% usage within a year or so.

            If you're using a modern device (not designed for the USA market) then you will be using native IPv6 on all Sky broadband services - you can force IPv4 but unless you've got serious OCD then the 20-byte extra overhead in the header isn't noticeable.

            The reason its taken BT/EE so long to transition the same way? They decided it was cheaper to acquire other ISPs IPv4 allocations by buying them - I lost count of how many small ISPs got subsumed into the absymal BT-owned Plusnet long long ago.....

            *Easynet were the reason Sky were successful from day 1 on broadband compared to other entrants to the market. Great guys.

            **there were some people who used their own routers which either didn't support IPv6 or had "issues", mainly user-generated ;).

            1. Jamie Jones Silver badge

              I have been using IPv6 on all my servers, and from home for well over 10 years, however, when my mum switched to SKY a few years ago, their IPv6 service was so flaky that to make things more reliable for her, I ended up disabling Ipv6 entirely.

              I hope things are better now

        2. Anonymous Coward
          Anonymous Coward

          In Austria, Czech Republic and (at least parts of) Germany we've had IPv6 for the last 10+ years.

          In France, customer support think it's the name of a promo offer.

      4. The Basis of everything is...
        FAIL

        Used to get IPv6 on the work and personal mobiles, which was handy for testing out an IPv6 tunnel on the broadband but noticed a while back that both had quietly dropped it and now only get a 10.x.x.x. I can only guess that CGNAT must be cheaper that IPv6. Pity.

        1. SealTeam6

          IPv6 on mobiles

          All the mobiles that I've used support IPV6, including the Samsung S21 on which I'm typing this.

          1. A Non e-mouse Silver badge

            Re: IPv6 on mobiles

            IPv6 is used by some 4G & 5G networks so it's not unsurprising that many mobiles support IPv6.

        2. DS999 Silver badge

          CGNAT and IPv6 aren't mutally exclusive

          I recently signed my mom up for AT&T's mobile broadband, since you can get more than enough data for her needs for $25/month if you pay a year in advance. That's a much better deal than from her cable or telco providers - she was paying nearly 3x as much! Plus outages should be rarer.

          I was thinking this might finally be the thing that will make me enable IPv6 at home since AT&T assigns a 10/8 IPv4 address so I'd no longer be able to remote desktop into her PC over IPv4. But no, turns out AT&T uses CGNAT not only for the IPv4 address their mobile broadband hands out but their IPv6 addresses as well!

          I ended up having her router run a script at startup to ssh into my router and provide me a tunnel I can connect through. So I guess enabling IPv6 on my home network will have to wait a few more years until something FINALLY comes along that I actually need it for!

          1. david 12 Silver badge

            Re: CGNAT and IPv6 aren't mutally exclusive

            Mobile providers have to firewall their clients because the environment is so diverse. IPV4 or IPV6, NAT or not, any way it's implemented you or they have to punch a tunnel if you want inbound traffic.

      5. tip pc Silver badge

        For your ipv6 router to route ipv4 it’ll be seen as a security risk as it’ll effectively have to either tunnel your ipv4 traffic to some end point you don’t control and NAT it like in cgnat or it’ll have to rewrite the ipv4 packet to be ipv6 and all the checksums and ssl security will be off so to do it properly it’ll effectively be a proxy and able to read all your encrypted coms.

        Far easier for VM or any other isp to keep their nose out and just relay the packets as undisturbed as possible.

        1. MatthewSt

          First part is right, second part isn't. It's on a lower layer than TLS etc so the contents of your packets won't be decrypted or modified (apart from possibly fragmented depending on MTU).

        2. Anonymous Coward
          Anonymous Coward

          "o some end point you don’t control"

          It's usually provided by your ISP which already sees all of your traffic. MAP-E and MAP-T work this way, and they do encapsulate and tunnel IPv4 packets inside IPv6 ones. Here Sky uses MAP-T and Iliad MAP-E. The downside is they need specific CPE support to work, and many routers don't support them.

          Other protocols work without CPE support, but need states to be kept on the ISP gateway, which means more resources and thereby costs.

        3. Anonymous Coward
          Anonymous Coward

          > For your ipv6 router to route ipv4 it’ll be seen as a security risk as it’ll effectively have to either tunnel your ipv4 traffic to some end point you don’t control

          And how is that different, pray tell, from any other traffic going through network equipment you don't control?

        4. Anonymous Coward
          Anonymous Coward

          He's talking about a non-ipv4 internet, so your first point isn't relevant.

          As for your second point, that's not how it works.

          His original statement of how things could work is accurate.

      6. Anonymous Coward
        Anonymous Coward

        Public IP's are the key point here

        That many of these changes don't necessarily need to target behind the firewall networks. If these new blocks are assigned as the single public ipv4 address for gateways that are doing NAT, then the IPv4 local networks don't need to grok IPv4.1 or IPv4E or whatever they call it. The gateway would just have to NAT the addresses back from IPv4.1 to IPv4.

        You could probably do this in a week for all the *NIX systems with some ugly NAT and packet mangling rules, at least on ones from the post ipchains/tables/PF era.

        Changing the rules of how IPv4 addresses are handled on the PUBLIC internet isn't the same impact as changing them on all IP networks. That said, we should show restraint with that idea. These addresses are not currentlypublicly route-able so that limits their impact of the public internet a bit. That said, unpatched clients would need to be behind another layer of address translation to handle connecting to the new addresses.

        1. Solviva

          Re: Public IP's are the key point here

          I think what you're trying to say is use these new addresses for the public IP address of a CGNAT network, so the CGNAT clients don't need to care about it. Well that's true... and holds so long as every other single IP publicly available address understands the new scheme.

          Therein lies the problem, it's not the clients behind the CGNAT network, it's the public addresses (running systems unaware of the IP scheme juggling) which see traffic from what they think is a special address and discard it. It's those that need fixing. While you're at it, why not 'fix' them so they are IPv6 capable too. In which case, why bother fudging IPv4...

      7. mark l 2 Silver badge

        I have a VPS which only has IPv6 and it has to use a NAT64 gateway to access some resources which still don't have IPV6 versions.

        And i am not talking about some small independent website but some big websites are still only accessible from IPv4.

        This isn't too much of an issue for my VPS. But if this were a residential network with only IPv6 and had to rely on NAT64 gateway to access resources that are IPv4 only you end up in a situation with lot of people connecting to a IPV4 only website from the IPv4 of the NAT64 gateway, and if one person abuses the system the IPv4 addresses can get blacklisted.

        Hopefully more website will go dual stack soon, as its especially easy if you use cloudflare for a website as its a simple setting change to support IPv6

      8. Anonymous Coward
        Anonymous Coward

        I hate it when people down vote without an explanation. We're not talking obvious trolling or spam here.

        What's wrong with the post above?

        1. Anonymous Coward
          Anonymous Coward

          "You must be new here!"

      9. Crypto Monad Silver badge

        > Honest question - how much of the non domestic internet can’t handle IPv6 for public communications?

        Answer: most of it.

        - Businesses are the slowest adopters of all. They don't like touching their firewalls, or having more complex rulesets, or adding potential attack vectors.

        Dual-stack would be fine as a migration tool - e.g. roll out v6 this month, remove v4 next month. But it's not like that, since you can't migrate to v6 without cutting yourself off from most of the Internet. Instead, dual stack is an expensive "forever" proposition.

        - Content providers have a pretty poor showing. In theory they can easily make their content available over both v4 and v6, and those behind the likes of Cloudflare can easily IPv6-enable their content at the click of a button.

        But many major providers like the BBC are still dragging their feet. They probably don't have a business case for the work involved. Everyone can see them on IPv4, so why spend time enabling IPv6 and debugging any associated problems? Does all their logging and tracking and monetising work with IPv6? They won't want to risk any problems with that.

        - As for domestic Internet: home networks are a mixed bag. Mobile networks in much of the world are the leaders here, since any traffic they can shift onto IPv6 is traffic shifted off their CGN (and the biggest content by volume, i.e. Google/Youtube and Facebook, is already accessible via IPv6). So there is a direct business case for them to do it.

    2. Ken Hagan Gold badge

      "and is never going to be updated"

      This is the point made at the end of the article. If you tell programmers for 40 years that .0 is reserved (and can be used to identify a network) then they will build that into their code. Likewise with 0/8 and 127/8. I've certainly written code that classifies addresses as multicast or node-scope based on the numbering. In fact, I'm not aware of any other way to perform such a classification, so I'm not even sorry.

      1. Anonymous Coward
        Anonymous Coward

        Re: dot zero

        In the early days there was no standard for the broadcast address, we've ended up using the all ones address but back in the mid 80s there were systems that would only use the all zeros address for their broadcasts.

        HP-UX answers both as broadcasts because of it.

    3. Anonymous Coward
      Anonymous Coward

      Conversely, I think you might be missing the point that the number of devices that can /only/ support IPv4 is small, and not growing.

      It's rather unlikely their number has any relevance today.

      1. Anonymous Coward
        Anonymous Coward

        You might need to show some numbers to back that up.

  4. Pirate Dave Silver badge
    Pirate

    ?

    So I guess the question isn't whether this should be done or not, but rather - who would get these new addresses? Are they going to auction them off like they do radio spectrum? If so, won't they just wind up getting hoovered up by the deep-pocketed likes of Microsoft, IBM, Verizon, etc, etc, for their own internal use, and won't do the rest of us Internetians any good?

    1. DS999 Silver badge

      Re: ?

      Why would they need more addresses for internal use, when they have the whole 10.x.x.x space, and can re-use ranges of that over and over again for stuff that's internally internal (i.e. doesn't need to communicate with everything on their internal network)

      They might not be grabbed by Microsoft or Verizon, but they would be grabbed in the west - when it is Asia and Africa that got shortchanged in the initial allocation and are most in shortage now (but to be fair, are also much further along the IPv6 path than we are for that very reason)

      1. Anonymous Coward
        Anonymous Coward

        "Why would they need more addresses for internal use"

        Cloud.

        1. DS999 Silver badge

          Re: "Why would they need more addresses for internal use"

          Cloud does not need an IP per public facing instance, and never has. Web servers will share the same IP for many different domains, and since a lot of cloud is basically HTTP calls...

          Even what isn't could use similar techniques where the API calls identify an instance and share an IP address, and it gets routed to the correct instance via an internal 10.x.x.x IP. The big cloud companies are not starving for IP addresses, though would probably buy some if a couple hundred million new addresses came online. Even a million would be way more than all the major cloud companies combined could ever use, and that would be less than 1% of what we'd get with 240/4.

          1. runt row raggy

            Re: "Why would they need more addresses for internal use"

            so to paraphrase, there's only room for another million public service endpoints across all cloud providers?

            with the trend of ditching corporate vpn, only another million VDI instances would use that up. not to mention other uses.

            1. DS999 Silver badge

              Re: "Why would they need more addresses for internal use"

              Um no, did you even read what I wrote? They are already running thousands of instances on single IP addresses, so a million IPs is probably a billion instances.

          2. Anonymous Coward
            Anonymous Coward

            "Cloud does not need an IP per public facing instance"

            O yes, they need if the customers ask for them. Some companies selling cloud offerings are already offering IPv6 only, and getting an IPv4 is an additional cost option.

            "Web servers will share the same IP for many different domains"

            Not all web servers are cheap ones sold for 9.99/year to run a lot of small sites on the same machine. You can't always share an IP for many reasons, from load to security.

            256M addresses is just 32 addresses for 8 million customers, for example - if you look at clout providers scale you soon understand why cloud provider would like a large share of them.

            1. DS999 Silver badge

              Re: "Cloud does not need an IP per public facing instance"

              Not all web servers are cheap ones sold for 9.99/year to run a lot of small sites on the same machine

              They aren't running on the same machine. They have context switches that accept connections to a given IP, figure out what instance is being referred to, and send it to the part of the cloud handling that instance. Part of the reason why HTTP introduced persistent connections was to help with this sort of thing - after the connection is made that front end can be bypassed.

      2. Pirate Dave Silver badge

        Re: ?

        Sorry, I didn't mean "internal" as in private IPs, I meant it more as they'll use them in their public-accessible products, clouds, etc, instead of these refurbished addresses being used to help "the Internet" in general.

      3. The Basis of everything is...

        Re: ?

        Worked on an as-a-service project a few years ago, where thanks to having to allocate multiple subnets at design time (and before launching too, so no idea just how big the subnets would really have to be, or how many we would actually sell) the 10.x.x.x space wasn't big enough.

        Also brought home just how wasteful IPv4 subnetting really is, and how inflexible a lot of networky things are. For home use I have an entire IPv6 /48 just for fun, and I can't afford the 'leccy bill to use even a tiny percent of that. Even assuming I could get a gazillion RPi's in the first place.

        1. SImon Hobson Bronze badge

          Re: ?

          The main idea behind having so many addresses in IPv6 isn't that you can have that many devices, but that you can have many addresses per device. The default is for each prefix to be /64 - which means a space big enough for :

          * Devices to pick an address at random and there be very little chance of a collision.

          * Devices to pick multiple addresses, and still have a very low chance of a collision.

          * Devices to regularly change addresses for privacy, and still have a very low chance of a collision.

          Software doesn't support it yet, but in principle it would be possible for a browser to use a different source address for every site you connect to. There are lots of possibilities once you get away from the idea of having AN address per device.

          Being able to have a /56 or /48 from your ISP means you can have multiple networks. Just think, stick all the IoT stuff on there own networks segregated from your private stuff :)

          1. Anonymous Coward
            Anonymous Coward

            Re: ?

            Even on a single host you can use different IP as well - no need for example to use the "virtual host" that web server needs now to serve each website - you can simply assign a different IP to each web site running on a single host.

          2. DS999 Silver badge

            Re: ?

            Devices to regularly change addresses for privacy, and still have a very low chance of a collision.

            Software doesn't support it yet, but in principle it would be possible for a browser to use a different source address for every site you connect to.

            There is no privacy gained from that, because the rest of the IPv6 address exactly identifies you. That's like using youremail+xxx@gmail.com and thinking by giving every company a different 'xxx' you are gaining privacy.

            1. SImon Hobson Bronze badge

              Re: ?

              True, the prefix will be the same - it's a lot like being behind NAT where you share an address.

              But it completely negates one of the old (and no longer valid) criticisms that IPv6 enables tracking to the individual device by its IP. Privacy addressing has "been a thing" for some time now, so IPv6 is no worse than IPv4 & NAT when it comes to tracking by IP.

          3. stiine Silver badge

            Re: ?

            Privacy? With the mac address embedded into the ipv6 address chosen each time its hardly privacy enhancing.

            1. SImon Hobson Bronze badge

              Re: ?

              Correct, which is why it was deprecated a long time ago and no modern OS does it.

    2. Anonymous Coward
      Anonymous Coward

      Public IPs for NAT routers and firewalls gets the most milage

      That way they are enabling connectivity for more hosts. I'd go so far as to say that if we are using these extended addresses that it's fair to not only require them to be issued to gateways serving a decent number of clients, but that they could be required to host specific services like IP 624 and 426 NAT for their clients, host VPN connections, etc. That way the hosts behind them are two way discoverable unless their admins make a given host unrouteable or unlisted for security reasons.

  5. Scott Broukell

    Party Line

    When I were a nipper the family telephone line was a party line, shared with the house next door. I mean it's just an idea that I'm putting out there, but, shared IPv4 addresses anybody? You know, just for the lowly plebs you understand, nuffin important like. No?

    1. Anonymous Coward
      Anonymous Coward

      Re: Party Line

      Mobile carriers (at least in my neck of the woods) already heavily use NAT... I wonder if residential cable could use NAT a lot more heavily as well. Each neighborhood gets a single IPv4... and if you want to do something unsupported like a run a server with an open port, pay an extra ten bucks/mo to get your own IP.

      1. Anonymous Coward
        Anonymous Coward

        Please don't give the US cable companies more ideas.

        My life is hard enough without losing my public IP address. There is a huge difference between issuing me and IP that I control the DNS, routing, and port mapping on and the helpless misery of someone on carrier grade nat with NO control over those things.

        As an example deciding which of the devices on the local network gets mapped to the external IPs port 80 is not the same as which of 100k customers that don't know each other "wins the lottery" or otherwise the 100k second class citizens that can't participate as equals on the public internet.

        1. Martin-73 Silver badge

          Re: Please don't give the US cable companies more ideas.

          Then, a different ISP? Cable is pretty much a dead technology

          1. Martin-73 Silver badge

            Re: Please don't give the US cable companies more ideas.

            Thumb down, you like being tied to one isp, one provider, one world? Cable is a johnny come lately, mostly pointless in the post television era, tech

            1. SImon Hobson Bronze badge

              Re: Please don't give the US cable companies more ideas.

              You seem to forget that in the UK we have it quite good. While the majority of us are stuck with BT OpenRetch infrastructure, we have a choice of ISP. Over the other side of the pond, the market is disfunctional - with rules designed to allow ISPs to claim (for the official stats) they provide services that aren't actually available*, and with nice agreements between providers to carve up the nation into a number of small monopolies so they can give the public a good shake down.

              * Things are divided into blocks, and if just one property (say one right next door to the exchange) can get a service, then the whole block is deemed to be able to get it. So massive areas are officially able to get high speed services via (e.g.) DSL but in reality no-one actually can - except that one house next to the exchange. So according to official stats, there's lots of competition, so no reason to (e.g.) reign in the cable companies monopolistic practices.

              There's also the matter that if you have an apartment (flat in UK terminology), then what you can have may well be decided by which single provider the building management have decided to permit.

              1. Martin-73 Silver badge

                Re: Please don't give the US cable companies more ideas.

                But cable is a dead technology nonetheless... (yes by this argument so are phonelines). It's internet piggybacking on something that has had its day. FTTH for everyone. And refusal by any company (be it landline or cable) to open their network should lead to punitive fines

                1. Peter2 Silver badge

                  Re: Please don't give the US cable companies more ideas.

                  Have you ever looked at how much it would cost to dig a trench between the exchange and every house and run and terminate fibre to every house?

                  I have done this properly once, for putting a FTTP line in. The cost was eyewatering and unaffordable even by business standards. Copper cables are here to stay for a very, very long time simply due to the economics unless somebody comes up with a cheap way of installing FTTP.

                  1. tip pc Silver badge

                    Re: Please don't give the US cable companies more ideas.

                    Anyone who needed private circuits will know about excess construction charges.

                    It’s not uncommon to have ecc’s running £20k+.

                    Back in the early 2000’s 2mb frame relay circuits could cost £3k a month including those ecc’s amortised over 3+ years.

                    That was just normal.

                    Civils are civils and need paying for if you need the circuit.

          2. runt row raggy

            Re: Please don't give the US cable companies more ideas.

            in my area, cable (pronounced cab-al) is the only game in town. no fiber and DSL is another perhaps deader tech. as evidenced by DSL only friends who can't get speeds my company sets as minima for any price.

          3. Richard 12 Silver badge

            Re: Please don't give the US cable companies more ideas.

            In most of the US there is only one wired Internet supplier at all.

            Your only other choice is Starlink.

    2. Peter2 Silver badge

      Re: Party Line

      Webservers, offices, houses etc already share IP's.

      1. Anonymous Coward
        Anonymous Coward

        Re: Party Line

        Not the same thing, as CGNAT shares a public address with customers on different accounts that have no relationship with each other.

        If your ISP gives your router one address, you can provision it as you see fit, even if it's not a static ip. The issues are that sharing IP's with other users on a local network is different than two webservers from different operators sharing the same IP, which breaks parts of the webs security model. This was already an issue for shared hosting, and dangerous for users who are behind versions of CGNAT that aren't visible to the end user.

        This allowed some network level webserver attacks on customers on the older cable builds back in the day.

    3. Anonymous Coward
      Anonymous Coward

      Re: Party Line

      That already exists, and is called CGNAT (carrier grade NAT). Lowly plebs get an IP from the range 100.64.0.0/10 (analogous to the ring pattern on a party line) while the external address is from the carrier's pool.

      1. Jim Willsher

        Re: Party Line

        And it works, but it's impossibly to host anything. Great for Joe Public, but probably not for most of the readers of this website.

        1. david 12 Silver badge

          Re: Party Line

          All of my important stuff is in the cloud already. The only reason I have a fixed IPV4 address is for IOT demor servers and legacy systems that could be turned off today. -- although the VOIP phones are IPV4 and don't work with some versions of CGNAT, they work perfectly well with the IPV6 backbone and stable NAT used by our provider.

          1. oiseau
            Facepalm

            Re: Party Line

            All of my important stuff is in the cloud already.

            Really?

            All of it, in the cloud?

            "All clouds are made up of basically the same thing: water droplets or ice crystals that float in the sky."

            I would not be caught dead in that situation.

            Nevertheless, I cannot but commend you for your unbridled optimism.

            As for me, I stay away from all that and avoid the eventual* leap into headlong despair.

            *ie: not if but when.

            O.

          2. SImon Hobson Bronze badge

            Re: Party Line

            All of my important stuff is in the cloud already

            And there is another issue with the way things are heading. CGNAT is another nail int eh coffin of being able to choose - i.e. it further reinforces the power of the ever fewer and more powerful hosting and content providers to the detriment of end user choice.

          3. Anonymous Coward
            Anonymous Coward

            Re: Party Line

            "All of my important stuff is in the cloud already."

            Including the IP addresses you use to reach all that stuff in the cloud?

        2. mark l 2 Silver badge

          Re: Party Line

          CGNAT is also bad when one bad actor behind the NAT server does something to cause the public IP to get blacklisted.

          My old ISP used to use it and I found I couldn't access a website because the CGNAT IP address had been blocked for abuse, as far as the website was concerned everyone behind the NAT was connecting from one public IP.

    4. DougMac

      Re: Party Line

      Oh, you mean CGNAT.

      Already done. Already causing issues for gamers and the like.

  6. Kevin McMurtrie Silver badge
    Paris Hilton

    If you can't upgrade...

    If you have old crud that can't upgrade to IPv6, how are you going to upgrade the IPv4 allocations? Think of all the hardcoded subnets in firewall rules, routing rules, and configuration wizards. It's in your old network hardware, your old OS, and your old apps.

    It makes NAT or IPv6 look easy by comparison.

    1. Anonymous Coward
      Anonymous Coward

      Re: If you can't upgrade...

      That's not really the use case here. The benefit is more likely to allow people and companies to participate the in the public IPv4 internet with existing IPv4 only devices. That doesn't mean you need to make every IPv4 device understand the new address layout. It means that publicly facing devices need to be. Updating routers and firewalls isn't the same as forcing updates on IPv4 device. (or you can sit a new gateway in front of your old one if you feel like being that lazy... :-)

      So you can leave your 500 out of warranty IP cameras and old DVR on a 20 year old switch. Probably your service provider would take care of the handoff in your router or CPE, or you could do it in a firewall.

      1. Richard 12 Silver badge

        Re: If you can't upgrade...

        Why, exactly, is that any better to tunneling over IPv6?

        If you have to make major changes anyway, then just change all externally-facing to IPv6 and do the IPv6 to IPv4 NAT thing.

      2. Charlie Clark Silver badge

        Re: If you can't upgrade...

        Updating routers and firewalls isn't the same as forcing updates on IPv4 device.

        Updating devices is often easier than updating routers…

  7. R Soul Silver badge

    far beyond stupid

    This idea is bat-shit crazy.

    There's an unknown but significant installed base that cannot properly handle these "special" /8s. There's next to no chance of fixing those elderly and unsupported/unmaintained protocol stacks.

    Even if these backwards compatibility issues could be addressed (excuse the pun), freeing up those three /8s will be an utter waste of time. In the last 3-4 years of IPv4 distribution, the Internet went through 1 /8 of v4 every month or theresabouts. If these three /8s could be made available now - how? - they'd be used up by September. And probably a lot sooner than because the address brokers and speculators will surely snaffle them up.

    Stop fucking about with the dregs of IPv4. There's no point. Any effort wasted on that is better spent getting IPv6 deployed.

    1. thondwe

      Re: far beyond stupid

      This would be money minter for consultants akin to the Y2K project?

  8. TeeCee Gold badge

    ...slowly moving towards broader adoption of the newer IPv6 protocol...

    That's being generous. If it weren't for global warming the adoption would be being caught and overtaken by glaciers.

    1. Jim Willsher

      I'm willing to bet my house that I'll not see it overtake IPv4 during my lifetime, and I'm only aged 49.999999.

      1. Charlie Clark Silver badge

        Sort of depends where you live. IPv6 is now the default for mobile networks because it's supported by both Android and IOS and mobile devices dominate the internet. However, because these networks are generally private, the internet "looks" less IPv6 than it probably already is.

        The important thing is that the move towards IPv6 is now hardly noticeable thanks to the gateways.

      2. TimMaher Silver badge
        Paris Hilton

        Re: 49.999999

        Is that IPv8?

      3. Vestas

        You already lost that bet so cough up the house... :)

        The ONLY reason we're having this stupid fucking discussion again is because the USA has over 40% of the IPv4 addresses available and insists that IPv6 is "too difficult".

        Buy non-USA networking kit and oh look - it works. PROPERLY!

        If you can't/won't implement a working IPv6 stack in equipment* then GTFO of the industry as you're not competent.

        *Liberty Global (Virgin Media in the UK) being the poster child of this.

  9. DS999 Silver badge

    I still have a single C class

    I got almost 30 years ago.

    I've watched the value slowly increase over time, last I checked I could probably get about $5000 for it. I keep waiting figuring it can only go up in value. Adding a bunch of new IPv4 space would probably depress that value but it would probably also depress momentum towards eliminating IPv4 so in the long run it might make my class C even more valuable lol!

    1. Throatwarbler Mangrove Silver badge
      Trollface

      Re: I still have a single C class

      Would you be willing to trade it for my apes? Their value is skyrocketing!

      1. DS999 Silver badge

        Re: I still have a single C class

        Sorry, I'm holding out for Luna cryptocoin I hear it is making a comeback!

    2. Charlie Clark Silver badge

      Re: I still have a single C class

      Isn't that the point? The allocation of C classes to anything other than registries was a mistake.

      1. Anonymous Coward
        Anonymous Coward

        Re: I still have a single C class

        Back before the Internet went boom and "normal people" started using it anyone could get a class C, you just asked nicely. At least in Europe RIPE reclaimed most of the ones which weren't being used much in the second half of the 90s.

        1. Jamie Jones Silver badge

          Re: I still have a single C class

          ICL stopped using their "class B" when I was still there, over 20 years ago.

          It's still sitting there unused now. (assigned to Fujitsu who swallowed up ICL)

          https://myip.ms/info/whois/145.227.0.0

  10. R Soul Silver badge

    Somebody's talking bollocks

    The article says "a new initiative has been proposed that could free up hundreds of millions of addresses that are currently unused". But it only mentions 3 /8s. Which can't easily be brought into use. 3 /8s is ~48M IPv4 addresses. Which is quite a lot less than hundreds of millions.

    BTW if there were hundreds of millions of IPv4 addresses going spare, somebody would have figured out how to distribute them by now. They haven't. That's because there's next to no IPv4 space left to allocate. It's almost all gone.

    1. Anonymous Coward
      Anonymous Coward

      Re: Somebody's talking bollocks

      No, "Class E" is a /4. So it's about 256M - which looks a lot maybe for a single RIR (but APNIC) - but if you start to allocate pieces of it to each RIR, they don't look so many after all. And cloud providers would probably go after them immediately...

      Also while computer OS might take those addresses without issues - the problem is network devices which may have embedded OS far pickier.

      1. R Soul Silver badge

        Re: Somebody's talking bollocks

        Oops! I misread 240/4 as 240/8 - so shoot me.

        240/4 means 16 /8s, not one. So at previous depletion rates, if that address space was available - and it can't be for legacy reasons - 240/4 would last until around the end of next year. At which point we're back where we are today: no more IPv4 and a need to deploy IPv6.

    2. martinusher Silver badge

      Re: Somebody's talking bollocks

      The US DoD owns a huge block of addresses.

      Incidentally, I've been watching IPv6 touted as the 'new thing' for well over 20 years now. Its adoption has been fairly glacial because its really unwieldy to use, its what I'd term 'inelegant'. Maybe what we should come up with is IPv5, something with a larger address space (but not so ludicrously large as v6) and without all the extra bells and whistles that v6 brought that never really got implemented.

      (v6 for me breaks one of the most important rules, one that this article touches on. Don't go around subdividing spaces by address blocks in anticipation of some future development. A number's a number so apart from one or two widely known and used constants all addresses should be equivalent, we're long past the point where a /8 and /24 could take advantage of different processing paths.)

      1. The Basis of everything is...

        Re: Somebody's talking bollocks

        IPv5 has been and gone. As have IPv7, IPv8 and IPv9. At this rate it won't be long before we have to start doing NAT for the Protocol Version Header

        https://en.wikipedia.org/wiki/List_of_IP_version_numbers

      2. Kevin McMurtrie Silver badge

        Re: Somebody's talking bollocks

        I've found IPv6 really easy to use. It's the IPv6 instructions that are absolute crap. Inconsistent terminology, sample configurations where you don't know if the address is supposed to be LAN or WAN, and junk that just plain doesn't work.

        Take Docker, for example. For years, the IPv6 instructions said {"ipv6": true} and you're done.

        After billions of downvotes, it became:

        {

        "ipv6": true,

        "fixed-cidr-v6": "2001:db8:1::/64"

        }

        It needs another billion downvotes because it's actually all of this:

        {

        "ip6tables": true,

        "ipv6": true,

        "fixed-cidr-v6": WAN or LAN of exactly /80,

        "experimental" : true

        }

        It's good to know if you're hitting the eternal IPv4 SNAT bug.

      3. Eric Kimminau TREG

        Re: Somebody's talking bollocks

        There are 4,294,967,296 IPv4 addresses. Adding a single Octet will increase this by 254X or to 1,090,921,693,184 IP addresses.

        xxx.xxx.xxx.xxx.xxx

        1. Eric Kimminau TREG

          Re: Somebody's talking bollocks

          Converting the 8 bit address space to Hexadecimal values, FFF:FFF:FFF:FFF would increase the address space to 281,200,199,450,625 IP Addresses.

        2. Solviva

          Re: Somebody's talking bollocks

          While you're at it, why not add another few octets to future proof it.

          Then roll out the new network stack to every single network aware device on (and off) the planet.

          Sound familiar?

  11. Blackjack Silver badge

    IPv4 is going the way of Visual Basic 6.0, Internet Explorer and COBOL in refusing to die.

    I won't count Internet Explorer fully dead until Microsoft finally stops maintaining any OS thar still has it and removes the IE compatibility mode of Edge.

  12. ChrisBedford

    But it will just delay the inevitable

    "Testing and changing all devices that know that 240/8, 0/8, and 127/8, etc, are 'special' is a bigger job than making them just use IPv6," tweeted Adrian Kennard, who runs UK ISP Andrews & Arnold. "The 0 address being usable probably only helps local networks."

    Yah not to mention it's just a way of dragging out the transition by giving admins an excuse to delay it another year - or two, or three. Sounds to me like more work than actually just biting the bullet and making the jump to IP6

    1. Vestas

      Re: But it will just delay the inevitable

      The first IPv6 allocation I had was via AAISP - 21 years ago and tunneled over IPv4 as everything came via the BT Ignite (BT Wholesale or whatever now) network which didn't understand IPv6.... Liberty Global (Virgin Media) still doesn't now!

  13. Donchik

    What about the range gluttons?

    Some government and corporate enterprises have whole blocks of ip numbers for their personal business use.

    Whilst useful to them perhaps its time to get the vast amount of unused numbers freed up by requiring evidence of need.

    Xerox, Amazon, Alibaba, AT&T even Ford, Mercedes Benz have entire address ranges to themselves. HP even has two! 15.x.x.x and 16.x.x.x

    100s of millions of numbers could be freed up by less wasteful allocation to powerful corporations.

    https://myip.ms/info/ip_ranges_blocks/Major_Biggest_IP_Address_Ranges_in_Internet.html

    1. Anonymous Coward
      Anonymous Coward

      Re: What about the range gluttons?

      > HP even has two! 15.x.x.x and 16.x.x.x

      Not any longer.

      All of 15 is still in the hands of HP or its offshoots but a lot might be used to systems they manage for customers.

      16 has been well and truly broken up (?$$$$$sold$$$$$?) Amazon has lots of it these days, with HPE only having parts of the range.

      They've still got a ridiculous number of addresses though and almost all are behind their firewalls and on non-routed subnets. At one point for us minnows if the numbering authorities couldn't ping a majority of your addresses they warned that you'd lose your allocation. Once upon a time I had a whole class "C" because why not, they had that back off me decades ago.

      When I used to work for HP they didn't just have their main class A, they also had a large number of both class B & C networks. Not sure if any of that lot still exist.

      1. Anonymous Coward
        Anonymous Coward

        Re: What about the range gluttons?

        They do similar where I work. The 'mothership' will give subnets out for groups/units to use for their DHCP clients, but they regularly check for how much of your allocation is actually used.

        So my boss challenged me several years ago with getting the unused addresses looking used, put together an openwrt image to run in a VM for each host, ca 50MB for the image, 50MB RAM used. To the world they all looked like different devices.

    2. R Soul Silver badge

      Re: What about the range gluttons?

      Some government and corporate enterprises have whole blocks of ip numbers for their personal business use. Whilst useful to them perhaps its time to get the vast amount of unused numbers freed up by requiring evidence of need.

      Most of those blocks were handed out long before the policy of needs-based address allocations or the RIRs existed. So it's not possible to forcibly reclaim unused addresses from them. There's no legal basis for that action. Assuming there was an IPv4 address police. Which there isn't.

      These "legacy" IP addresses are already being freed up and recycled. For example, the UK government started selling off unused chunks of DWP's 51/8 in 2015: https://www.bbc.co.uk/news/technology-32826353. Microsoft bought Nortel's address space after the company went bust in 2011.

      Further tinkering with IPv4 address allocations is too silly for words. If all of the IPv4 space was available and could be perfectly distributed/utilised, it would not be enough. ~4 billion addresses is too small for a planet with 7-8 billion people. Trying to get closer to 100% utilisation of IPv4 is pointless. There just aren't enough v4 addresses to go round.

      1. DS999 Silver badge

        Re: What about the range gluttons?

        The problem wasn't companies like HP, IBM and Apple coming along and saying "hey give us a class A because we think we need it!" they were assigned them because they were "big companies".

        Whoever decided to carve up the space in class A, class B, class C etc. is to blame. I don't blame them for not knowing we'd have billions of connected devices a few decades later so running out of addresses was an issue, but I do blame them for the concept of "class A". There was no conceivable use for that many addresses for anyone back then, beyond the US government/military. Handing them out to corporations was dumb, they could have easily foreseen that the number of companies of the sizes they were handing them out to was far greater than the number of class A addresses available.

        1. Anonymous Coward
          Anonymous Coward

          Re: What about the range gluttons?

          Whoever decided to carve up the space in class A, class B, class C etc. is to blame.

          Hindsight is a wonderful thing.

          The Class A/B/C approach seemed right at the time. But even with far more conservative allocation policies back then it would have made no difference. ~4B IPv4 addresses couldn't be enough for the then global population of 4-5B. And few people then thought exhausting a 32-bit address space was a reasonable possibility. Or that zillions of people would walk around with computers in their pocket.

          1. DS999 Silver badge

            Re: What about the range gluttons?

            There is hindsight and there is obvious.

            I don't think there was any conceivable way that class A had any reason to exist in the 80s, and if they figured "well someday people will need netblocks that big" they should have held them all in reserve while assigning class Bs to everyone in the meantime.

  14. Charlie Clark Silver badge

    Drop in the ocean

    While the potential number of addresses sounds like a lot, it's really only a fraction of those that are already required. The downside is an unknown number of potentially critical devices failing because they can't be updated.

    Apart from the fact that IPv6 and CGNAT are already deployed in the places that need these addresses, it would be simpler to take back some of the massive over allocations to US companies and institutions as these are not "classified" for particular types of use. Well, simpler technically but I'm sure the lawyers would make it legally a nightmare!

  15. Richard Tobin

    "Of the four, the lowest address fix is regarded as the least problematic"

    But... all my Sun 2s running SunOS 2.0 will stop working!

  16. Franco

    I feel like I'm back in 2011 when Microsoft bought ~666,000 IP addresses for $7.5m from the remnants of Nortel. Wonder what they're worth now?

    https://www.bbc.co.uk/news/technology-12859585#:~:text=Microsoft%20has%20offered%20to%20pay%20%247.5m%20%28%C2%A34.7m%29%20for,generation%20of%20address%20is%20close%20to%20running%20dry.

  17. Pat 9

    So hear me out

    Why not just make IPv6 public and IPv4 private? Internal networks don't have to make any changes, most users get a dhcp address from their ISP so no work done on their end except maybe a modem reboot. I understand the "but everything can have a public address" but in reality that is the last thing I want.

    I guess I want my cake and to eat it too. Thoughts?

    1. Vestas

      Re: So hear me out

      You could just NAT the IPv6 range you're assigned if you wanted to. You have both public and local IPv6 addresses on a native IPv6 LAN anyway so just NAT the IPv6 WAN to the local IPv6 addresses, same as you'd do with IPv4.

      Why you'd want to do that is a different matter as its unlikely to improve anything - security/obscurity/whatever you're thinking of......

      1. Pat 9

        Re: So hear me out

        My main thought was for the help desk being able to remotely access a device not in dns. They could type 10.0.0.5 instead of 2001:0db8:85a3::8a2e:0370:7334. Also, trying to get that information from a user would be a lot more of a pain.

        1. Vestas

          Re: So hear me out

          TR069 is something you probably want to google then.

    2. Anonymous Coward
      Anonymous Coward

      "Why not just make IPv6 public and IPv4 private?"

      Because it can't work. You can't reach an IPv6 address if your use only an IPv4 one, unless using a lot of tricks.

      Say for example you type "www.theregister.com". The DNS is invoked and it returns an IPv6 address. The IPv4 stack has no idea how to reach it - and how to build a packet for such destination. So you start to need tricks... and like any tricks they may bring more complications than the problem they solve.

      "but in reality that is the last thing I want."

      The firewall will take care of that. The implied "deny rule" of NAT was just a side effect, but it works like a simple "deny all" rule of any firewall. Proper algorithms assigning random addresses from the 2^64 space makes tracking single devices quite difficult. They can track the prefix, just like they can track the public IP assigned to you now. But tracking is today far more exte4nsive using other techniques.

      1. Vestas

        Re: "Why not just make IPv6 public and IPv4 private?"

        Dual-stack IPv4 over IPv6 is deployed fairly widely (not in the USA) in ISP-supplied consumer routers. It has issues but arguably a lot less than CGNAT.

        I realise we're diverging somewhat but IPv4 NAT over a native IPv6 network is the norm for a lot of users and isn't in any way new.

  18. Eric Kimminau TREG

    YAY! Lets break all EOL Operating Systems

    Every OS that is End Of Life with an IPv4 TCP stack is going to break with any/all of these changes.

    Im not advocating use of EOL OS. It is just reality that there are still a LOT of systems s till running EOL OS.

    I know of manufacturing plants still running embedded systems with NT4, WIndows 95, Windows XP, Server 2000, 2003, 2008, ME, etc.

    I hope a part of this is a standard NAT rule set to implement on the gateways/firewalls separating the legacy from "current" networks.

    1. Anonymous Coward
      Anonymous Coward

      Re: YAY! Lets break all EOL Operating Systems

      How do you know those systems would just work with the proposed changes? They aren't changes that necessarily require a change to the IP stack - only if the stack has made certain assumptions.

    2. Franco

      Re: YAY! Lets break all EOL Operating Systems

      IMO that's a non-issue. I encounter lots of those types of embedded systems as well (E.g. CNC machines) and if they're networked at all it's only on a small private isolated VLAN o completely air-gapped network so that job files can be put on the embedded systems.

      Not only are they on those networks now, but they always have been even before their OSs went EoL.

  19. thegushi

    Gee, if only there was a better protocol to do this with that has been around for the last 30 years.

  20. DerekCurrie
    Holmes

    If only...

    ...The IPV6 standard had simply incorporated all the IPV4 numbers. It would have been dead simple. But no. It had to be a PITA with no backwards compatibility. Welcome to techno hell.

    It may not be too late to fix it! Ask me how if you can't figure it out for yourself. It's NOT hard.

    *sigh*

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like