IPv4 Unallocated Addresses Exhausted by 2010

An anonymous reader writes "Ars Technica is reporting on how the unallocated IPv4 address pool could run out as soon as 2010. The IPv4 Address Report gives details on just how fast the available pool of IPv4 addresses is diminishing. Will ISPs be moving towards IPv6 any time soon? Or will IPv4 exhaustion become the next Y2K?"

From TFA: free pr0n!

[Rodness (168429)]

Despite the best efforts of organizations like ARIN, the simple fact is that, compared to IPv4, IPv6 gives you access to very little content and very few users. So far, nobody has been able to get past this chicken-and-egg issue, although a The Great IPv6 Experiment [ipv6experiment.com] proposes to change this by giving away free access to "10 gigabytes of the most popular 'adult entertainment,'" but only over IPv6.

Is IPv6 so unappealing that they've gotta bribe people with pr0n to use it?

Re:From TFA: free pr0n!

[HoosierPeschke (887362)]

Well duh, why do you think people got on the Internet in the first place? Some military experiment? pffffffft. It's all about the pr0n!

No, it was about Music Piracy!

[billstewart (78916)]

I did some business with the @Home cable modem people back during the 90s boom. They had a very schizophrenic attitude about Napster - not only were they paranoid about users running anything serverlike that might interfere with network performance, but they had an official policy about "Napster Users are EEEVILLLL Content Thieves who'll steal television next! Bad! Bad!"

But if you talked to @Home's people as individuals rather than Corporate Employees, almost all of them would say "Well, Duh! Napster is the reason that people are *buying* broadband internet connections, of *course* we like it."

And, ok, the paranoia about servers on home cable modems was partly because their early trial equipment didn't work very well and they had no way to regulate individual upstream bandwidth usage, and PacBell's dishonest "Cable Modem Web Hog" ads made them really worried about perceptions of slow performance, but they were worried that somebody would run a pr0n webserver from home, become Cool Site of the Day because doing that on cable modem would be cool, and trash their neighborhood's network performance while causing a lot of publicity. And unfortunately most of the cable companies have not only not recovered from that attitude, they've been propagating it to the DSL providers, and they've been learning other cluelessly paranoid attitudes from the Australian ex-monopoly who thinks you should cap the total monthly download of their users (since that used to be expensive in Oz), and cap it to a ridiculously low level like 1GB/month, which is like 1.5 days of continuous 56kbps usage.

But when I had my corporate hat on, especially if I was talking to non-California customers, it was certainly much more proper to talk about the big internet usage being for music piracy than for pr0n :-) These days, BitTorrent occupies over 1/3 of the Internet's bits, apparently mostly copying movies and TV and Linux distros as opposed to music (that's by volume, not by number of items), and I don't know what fraction of that is what kind of movies.

Re:From TFA: free pr0n!

[(H)elix1 (231155)]

Is IPv6 so unappealing that they've gotta bribe people with pr0n to use it?

With one of the bigger 'features' of IPv6 being the possibility of assigning and tracking users individually with the huge number of addresses - I suspect it does not play into the current (sorta) anonymous surfing mindset folks have today. (Not that anyone is truly anonymous on the web) Once you have to slap down your address to access the content, I can see why people might not be interested.

Re:From TFA: free pr0n!

[Kadin2048 (468275)]

That's really just not true. With IPv6, you can get a lot more anonymity than you have now with IPv4. v6 has all sorts of special provisions for randomly assigning addresses, letting you reset them when you want, so that you can appear to be a new user in the middle of a browsing session. That's tough to do with IPv4; even if you try a DHCP release-and-renew from your ISP, generally they won't issue you a new address until the other one has expired.

IPv6 doesn't force you to give up any privacy, and there's no 'user serialization' unless you buy into it voluntarily.

Re:From TFA: free pr0n!

[gronofer (838299)]

v6 has all sorts of special provisions for randomly assigning addresses

I've read that with IPv6 the end user would be allocated a block of addresses, instead of getting a single IPv4 address and having to resort to NAT. Presumably this random assignment of addresses would be from the addresses in this block? I don't think this would necessarily give any anonymity, since it may turn out to be easy to identify the block size and alignment and thus be easy to determine that the addresses are associated.

Re:From TFA: free pr0n!

[Kadin2048 (468275)]

Yes, it would have the same prefix, but that's exactly the same level of anonymity that you have now with a single IPv4 address and NAT.

With v4, your router gets the address and then NATs it out to however-many devices you have. With v6, you'd get a block of addresses at the router, which it could then distribute via DHCP, or the machines could randomly assign themselves within. You're not losing anything there. Where you might gain something is in the ability to quickly switch IPs when traveling and connecting to an AP that's not yours (which is conceptually similar to performing a DHCP release-and-renew).

If you want plausible deniability, pretty much your only option is to leave your AP unsecured and hope that when the cops show up they buy it as a defense, or use some type of onion routing like Tor.

There seems to be a lot of fear and paranoia going around regarding IPv6, and I just don't get it. There's nothing you can do on IPv4 today that you can't do on IPv6, if you want to. Hell, if you're that attached to NAT, you can do it with IPv6 addresses just as readily -- it's just that it's stupid, because there's no longer any reason to since there's no address shortage, and there's really no privacy or security gained from it that you don't get by just rotating your IPv6 address.

Re:From TFA: free pr0n!

[X0563511 (793323)]

One issue is all the home users inadvertantly using NAT as a "firewall".

If one were to build a proper ipv6 router, they would need to (pony up the cash to) include a proper firewall, or educate the users. Good luck with either one.

Re:From TFA: free pr0n!

[Kadin2048 (468275)]

The stateful firewall you'd need on an IPv6 connection isn't inherently any more complicated than an IPv4 UPnP+NAT box. In order for NAT to work, the device performing the translation must keep track of all the individual connections; it's basically a stateful firewall already. If you can do that, then you can firewall IPv6 (provided you have the capacity for the longer addresses). You need a protocol, like UPnP, so that clients can request "holes" (so that things like FTP, Bittorrent, and VoIP work), but that's no worse than NAT right now.

Now, I think this is a completely crappy way to run a network, and I think we just need to get rid of the idea of firewalls completely (at least as a generic cureall, I'm all for retaining them for specific applications); security needs to be at the client level, not at the network-gateway level; as more and more devices become mobile, they cannot and should not ever assume that their local network is secure.

But unfortunately, people have gotten so used to the idea of firewalls that they're attached to them, particularly because it allows for a certain amount of laziness (running old, crummy operating systems on Internet-enabled systems, not patching, etc.) while giving the perception of safety. So I suspect that all IPv6 implementations will mimic the brokenness of NAT, at least initially.

Re:IPv6 can give out your hardware MAC address als

[TheRaven64 (641858)]

I take it you haven't been following IPv6 closely, since that hasn't been the case for about six years (see RFC3041). The MAC address part of the IPv6 address was never used as a substitute for ARP; doing so would have broken addresses assigned in different ways (e.g. stateful autoconfiguration, manual configuration), which were always allowed. The low bits are a hash of your MAC address, and so only a mapping from MAC to IP is possible, not the other way around. If privacy is a concern for you, then you can easily pick a different IP at pseudo-random.

Re:From TFA: free pr0n!

[kickdown (824054)]

That's really just not true. With IPv6, you can get a lot more anonymity than you have now with IPv4. v6 has all sorts of special provisions for randomly assigning addresses, letting you reset them when you want, so that you can appear to be a new user in the middle of a browsing session. That's tough to do with IPv4; even if you try a DHCP release-and-renew from your ISP, generally they won't issue you a new address until the other one has expired.

IPv6 doesn't force you to give up any privacy, and there's no 'user serialization' unless you buy into it voluntarily.

Sorry, but that is just not true. There's some fuss in the air about IPv6 privacy extensions, which is basically bullshit. As an IPv6 customer, you'll typically get a /64 prefix of the address space for your broadband connection. The entire address length is 128 bits, so you might *think* that you can play a lot with different, random, "anonymous" addresses.
BUT: The whole /64 is assigned to YOU, the contractor of this specific broadband account. So however you variate behind your /64 prefix, it will always be accountable to the same block. If your ISP does it's job right, your customer details will be delivered to RIPE, so that every content provider can conveniently look it up - no need to bug the ISP with such stuff, your cease-and-desist letter goes directly to your letterbox.
To illustrate my example, there's a IPv6 ISP in Germany that gives out even a /48 prefix - you could almost literally give an IP address to all the atoms in your house, and still have random space left for variations. Still, a RIPE query on the prefix 2001:4b88:107d:: shows that whatever happens with this /48 block gets this specific customer's credit.
If we're not counting accountability, but just usage tracking on websites etc, easy: just don't treat every Ip address as unique (like in IPv4), but instead every /64. There you go, almost as accurate as before in IPv4.

Re:From TFA: free pr0n!

[mengel (13619)]

The problem is, that claim makes no senses whatsoever. The IPv4 addresses are a subset of the IPv6 space -- you can get to all of the IPv4 systems from an IPv6 network.

There are two issues:

1. Switching protocols
2. Getting IPv6 addresses

You can use the IPv4 subset of the IPv6 address space, and everyone can still talk to everyone while you convert. It's only the folks that have IPV6 addresses before the IPv4 users have migrated that become unreachable by anyone.

So the online businesses are going to want to be the last ones to switch, so that their customers don't become unable to reach them.

But anyway, IPV6 gives you access to all the same content.

Re: From TFA: free pr0n!

[Dolda2000 (759023)]

If what you say is true, then you definitely know something that I don't, and then I still think that I know more about IPv6 than at least most people do. I would think that you confuse either the ::/96 or the ::ffff:0:0/96 prefix for the IPv4 address space as a "subspace" of the IPv6 space. If you do, neither is true.

::/96 is a method for routing IPv6 traffic over IPv4. In other words, if you send a UDP packet to ::1.2.3.4, what is being transmitted onto the wire is an IPv4 packet (src: the address of your system's IPv4 stack, dst: 1.2.3.4), encapsulating an IPv6 header (src: the address of your system's IPv4 stack in the last 32 bits left-padded with zeroes, dst: ::1.2.3.4), in turn encapsulating a UDP header. It's a simple way of setting up a SIT tunnel, nothing more. You won't be sending any raw IPv4 packets that way, and neither is any router on the way going to convert it to IPv4 for you.

::ffff:0:0/96 is merely a way of talking to the IPv4 stack in your system, even if the program in question only uses IPv6. It does not work on a system without a working and properly configured IPv4 stack. In fact, I hear that the IETF is starting to work against the ::ffff:0:0/96 prefix due to some security issues that I have yet to understand.

In fact, if IPv4 truly were a subspace of IPv6, then what sources address would an IPv4-only host be seeing when it receives such a packet from an IPv6-only host?

It is perfectly possible to use both an IPv4 and an IPv6 stack simultaneously, and there are some NAT-like technologies that run on a router to give IPv4 connectivity to IPv6-only hosts, but you'll still need an IPv4 stack somewhere on your network to access IPv4 content.

Re:From TFA: free pr0n!

[daeg (828071)]

There's also significant financial incentive to keep the limited address space of IPv4. Want a static IP address or additional IP addresses? Fork over the cash, baby!

it's tghe next Y2k

[timmarhy (659436)]

i've been hearing about how ip4 will run out in the next 5 years for the last TEN years.

Re:it's tghe next Y2k

[KarmaMB84 (743001)]

IPv4 will be exhausted at around the same time as the first commercial fusion power plant is started and the release of Duke Nukem Forever.

Re:it's tghe next Y2k

[Tackhead (54550)]

> i've been hearing about how ip4 will run out in the next 5 years for the last TEN years.

We've been in various stages of Imminent Death of the Net Predicted [catb.org] for at least 25 years. Y2K was merely the last version, and running out of IPv4 is merely the current version.

Just wait until we abandon CSS in order to ensure that an entire page can be rendered by through a single TCP/IPv6 connection. Domain names with vowels! HTML with serifed fonts! Imminent Death of Web 2.0 predicted!

Re:it's tghe next Y2k

[Kadin2048 (468275)]

i've been hearing about how ip4 will run out in the next 5 years for the last TEN years.

Well, it would have run out a lot faster, had it not been for CIDR [wikipedia.org], which allowed addresses to be allocated more efficiently. However that -- like proposals to re-allocate unused space in some of the old corporate A-blocks -- slowed the bleeding but doesn't really do anything about the real problem.

Re:it's tghe next Y2k

[QuoteMstr (55051)]

Have you considered that Y2K problems were only averted because we recongized the problem beforehand and took steps to correct it? Y2K was a success, not a poster-boy for scare-mongering.

everything is going to be ok

[WormholeFiend (674934)]

I bet that people will be bored of the internet by then

Worse than Y2K

[phantomcircuit (938963)]

Y2K was a bug which was easily solved. This is an infrastructure defect which has an available, but expensive, solution.

It will be expensive to make a major shift to IPv6, which is why it's taking so long.

Until the complete exhaustion of all IPv4 addresses is an immanent threat the change will not happen, much like Y2K.

Re:Worse than Y2K

[sirket (60694)]

This is so patently wrong I don't know where to begin-

My home network sits behind a Cisco 2621 running an IPv6 IOS image- and I have a /64 and a tunnel to tunnelbroker.net (By Hurrican Electric). It took ten minutes to set up- and another minute to enable IPv6 on my FreeBSD desktop- at that point I was able to get to www.kame.net via IPv6 with no problems.

I even set up an IPSEC / GRE tunnel with a friend of mine along with mBGP (multiprotocol BGP). No problems. I set up route-maps and filters all without a problem. My friend and I were then able to get to each others Unix servers via ssh over IPv6 using hostnames that resolved via AAAA records.

I also run OSPFv3 internally- again without incident. Deploying IPv6 to my network took a grand total of an hour- and we're talking about BGP, OSPF, GRE IPSEC tunnels and so on.

In fact- the change was so easy I immediately began a project to upgrade my company to IPv6. So far it has been incredibly easily and completely transparent to everyone.

What's holding IPv6 back is two things: public perception that the change will be difficult (completely unfounded) and the unwillingness of anyone to just start deploying it. I have SpeakEasy for my home connection (business class SDSL with a /27) and they neither offer IPv6- nor do they even have any IPv6 plans (or so customer service told me. This is just sad. The same goes for my employers upstream provider- and backbone provider.

-sirket
Senior Network Engineer for a company you've definitely heard of

Reshuffle existing IPv4 space

[McDutchie (151611)]

They could delay the inevitable by reallocating existing IPv4 space more efficiently. Many old/historical allocations are inefficient. Apple Computer, for example, has all of the 17.x.x.x space, comprising 256^3 = more than 16 million addresses, which is just plain absurd in this day and age.

Re:Reshuffle existing IPv4 space

[Detritus (11846)]

You and what army of lawyers? :-)

Class A blocks were one of the benefits of being a Internet pioneer. Why should they give them up?

Re:Reshuffle existing IPv4 space

[TooMuchToDo (882796)]

Actually, you don't need an army of lawyers. Those Class A blocks are delegated solely at the whim of ARIN (at least those Class A blocks that fall under ARIN control). If ARIN has a vote, and the majority of stakeholders create a resolution requiring action to be taken to stave off address exhaustion, then anything is possible.

Disclaimer: I've worked with ARIN to get/manage/return blocks of IPs for years.

Re:Reshuffle existing IPv4 space

[neoform (551705)]

Apple is a bad example, they could actually use those IPs if they shared them with google or something..

companies that totally don't need them would be companies like:

Ford
Boeing
GE

Re:Reshuffle existing IPv4 space

[Wolfier (94144)]

Halliburton Company     34.0.0.0 - 34.255.255.255

Even as someone who doesn't think of Microsoft as an Internet pioneer, I'd rather MS owns this block than Halliburton.

Re:Reshuffle existing IPv4 space

[RzUpAnmsCwrds (262647)]

They could delay the inevitable by reallocating existing IPv4 space more efficiently. Many old/historical allocations are inefficient. Apple Computer, for example, has all of the 17.x.x.x space, comprising 256^3 = more than 16 million addresses, which is just plain absurd in this day and age.

Don't complain about Apple. HP has all of 15.x.x.x and all of 16.x.x.x, because they purchased DEC who also had a class-A.

Interestingly, HP is the only company that effectively has a /7 because their block is contiguous.

Re:Reshuffle existing IPv4 space

[Kalriath (849904)]

Oh really?

Department of Defense Network Information Center 21.0.0.0 - 22.255.255.255

That's a... /7? And check THIS out:

Department of Defense Network Information Center 6.0.0.0 - 7.255.255.255
Department of Defense Network Information Center 11.0.0.0 - 11.255.255.255
Department of Defense Network Information Center 21.0.0.0 - 22.255.255.255
Department of Defense Network Information Center 26.0.0.0 - 26.255.255.255
Department of Defense Network Information Center 28.0.0.0 - 30.255.255.255
Department of Defense Network Information Center 33.0.0.0 - 33.255.255.255
Department of Defense Network Information Center 55.0.0.0 - 55.255.255.255

So that's... about 330 MILLION IP addresses for the US DoD alone? And people bitch about MIT hoarding!

In case they start embargoin' our IPs, see...

[Kadin2048 (468275)]

Well, yeah. That's the "Strategic IP Address Reserve."

Re:Reshuffle existing IPv4 space

[grapeape (137008)]

Anyone else think its kind of weird that the US only has 300,000,000 people but the Department of Defense needs 184,549,376 IP addresses? Also why does the freakin interop show need a class A, and why does PSI still have the 38. block didnt they go out of business around 5-6 years ago?

Re:Reshuffle existing IPv4 space

[Kadin2048 (468275)]

It only seems ridiculous because of the way we distribute IP addresses today, using CIDR. Prior to 1993 (or whenever CIDR was implemented), if you wanted to run a network with subnets, then you needed at least a Class B allocation, so that your subnets could have Class C blocks (254 hosts each).

This is why MIT, Apple, DEC, IBM, and lots of other big companies were given Class A's. It wasn't just a "thanks for playing" reward, it was because the original design for the IP system required Class A blocks if you wanted to run big networks: if you had a big organization, you needed a Class A, in order to do multiple levels of subnetting.

When you look at the IP allocations and see GE or DEC's Class A blocks, it seems ridiculous. But you have to understand that when those allocations were made, what they were looking at was less the number of actual host IPs in the block (which is what we care about now) but the number of Class B and C subnet blocks that were inside. Put yourself in the shoes of someone at a big company like IBM or GE, with lots of regional offices. Each region/office needs to have a network, with its own subnets (for each department or whatever). That's how they were laying things out. "IBM" as an organization gets a Class A. Each regional office or some other division, Class B. Each network or further subdivision, Class C. Yeah, you end up with a lot of wasted capacity, but this whole scheme was designed back when a "host" was a PDP or VAX; there just weren't enough of them for it to seem like a major issue.

The problem people sometimes refer to when they talk about "the last time we were running out of IPs" (back in the early 90s) wasn't really a shortage of IPs at all (well, at least not immediately, although people were definitely realizing it was going to be a problem), it was a shortage of Class B and C subnet blocks. (Particularly Class B's, since that's what medium-size businesses and .edu's really wanted, and there are only like 16k of them around for direct allocation.)

So that's when CIDR was introduced, and it ended the whole 'Classed Network' concept (A, B, and C classes) and replaced it with the now-familiar bitwise/subnet-mask format. (E.g., IBM's Class A block is 9.0.0.0/8, Apple's is 17.0.0.0/8, etc.) This, along with prefix aggregation, allowed more efficient address allocation, and kept the routing tables from growing out of control. Now that you can subnet at the bit level, rather than at the Class level, those A Blocks seem huge. But keep in mind that before CIDR, each of those A Blocks was looked at, not as 16M hosts, but as 254 subnetworks.

It's only in retrospect, with the help of a bunch of new technologies, that the allocations made back in the Internet's early years look ridiculous.

Re:Reshuffle existing IPv4 space

[Tatarize (682683)]

No reason? Ahem, those IP addresses are going to get *VERY* valuable in about 3 years apparently.

VoIp Everything

[chill (34294)]

Telecom companies are switching everything, including cell phones, to VoIP. Soon, damn near every cell phone will have an IP address associated with it. CDMA phones that EVDO rev-A already do. I know one carrier that has a pool of 2 million available addresses, and 20+ million customers with cellphones.

IPv4 addresses are going to be going away very quickly.

Re:VoIp Everything

[glomph (2644)]

Nonsense. If mobile companies do go to VoIP, it will be done in private IP space. The IPv6 fanboys are ridiculous, even Dick Cheney is more believable....

Re:VoIp Everything

[bofkentucky (555107)]

what provider is giving out routeable addresses on their phones? Nextel is giving us 10. addresses.

Whew!

[zymurgy_cat (627260)]

Man, am I glad I've got 192.168.0.100 through 192.168.0.105 setup on my network at home. Hmmm.....maybe I should lay claim to 106 through 110, just in case.....

Hey!

[The MAZZTer (911996)]

Those are MINE, you THIEF!

Re:Hey!

[zymurgy_cat (627260)]

In that case, I'm blocking them with my firewall. Take that, jerk!

Re:Whew!

[D4rk Fx (862399)]

Man, am I glad I've got 192.168.0.100

That's the same IP address I've got on my luggage!

Re:Whew!

[SageLikeFool (547462)]

Now that I know your IP address range I am so gonna h4x y3r b0x3n.

Carbon Credits

[biocute (936687)]

I think companies will start 'renting' addresses as IPv4 is approaching its limit, pretty much like the concept of carbon credits.

Companies may cut down unnecessary IP usage, or buy/rent addresses from other companies with plenty to spare.

This 'trade' could go on until such point it's either more costly to rent than move to IPv6, or when all available-and-necessary addresses have been fully utilized.

They will move when they have to

[DreadSpoon (653424)]

I doubt anyone will be making a concerted effort to switch until it actually becomes necessary. Once the IPv4 address space runs out, hacks will be done to extend it. Ranges will be "repo'd" from companies, or those companies will just start reselling those ranges. Not until there is no space left to squeeze out will people really start caring.

ISPs won't care

[Natales (182136)]

If we do run out of IPv4 addresses for real this time, I predict ISPs will switch to 100% private IP addressing space before even thinking on IPv6.
Heck, it's already happening in other countries. In Chile for example (a reasonably high-tech country) VTR http://www.vtr.cl/ [www.vtr.cl], the only cable ISP, will give you ONLY RFC-1918 addresses, period.

The masses won't care. They only care about their basic apps, and ISPs will use that as leverage to control more services, especially all P2P and VoIP-related ones.

Let's just NAT

[bl8n8r (649187)]

Kidding - I'm KIDDING

Start preparing your resume...

[dircha (893383)]

...and climb on board as an enterprise IPv6 migration consultant.

Hopefully it *is* the new Y2K.

IPv6 is already here. Been here for awhile

[Zaffle (13798)]

I'm continually amazed at the number of people in the IT and Net industry who keep "wondering" when IPv6 will arrive. Its been here for a long time. I'm running a series of web servers for internal company use that have native IPv6 addresses. For public consumption, we have an IPv4 reverse proxy that allows us to run our entire web services behind one IPv4 address. Any customer who has an IPv6 address gets to talk to the individual servers.

The advantage comes when you consider management. In order to have 20 SSH/FTP/etc accessible Internet servers, I'd either need 20 separate IPv4 addresses (getting a decent segment of a class C here is expensive), or I'd have to play fun games with ports. All our technicians have IPv6 on their laptops, and use tunnel brokers for access to the v6 network.

Most of our clients have IPv6 connectivity, though they don't notice it. When we put in a firewall, IPv6 comes default setup with tunnel brokers.

People keep asking, when's there gonna be v6 content? There is no v6 content (ok, their is full colour ascii starwars). Any content provider would be nuts to say "you have to have v6 to see our content" at this point (with the exception of mobile phones). IT Techs brought v4 to the public, we'll bring v6 to the public. Its technicians like myself who appreciate having an Internet accessible toaster (ok, so its not yet accessible) that have already started the ball rolling.

Before long you'll see hosting providers saying, you can have one web gateway shared v4 address and a /64 v6 address for a cheap price. You'll design your websites to be usable on v4, but for management tools, etc, you'll need to install a v6 tunnel.

So in a back alley in the future

[jhines (82154)]

There will be some guy in an ill fitting suit accosting you, "hey man, got extra IP4?" "I gotta plug in man, I'm jones'ng for some connectivity." "IP6? can't. My colon can't take the colons, 3 dots is all I can handle"

Easy way to speed IPv6 Adoption

[by Anonymous Coward]

Just move slashdot to an IPv6 only address; voilla by monday every corporate will have a functioning IPv6 setup... ;-)

auction!

[Doppler00 (534739)]

Same thing that happened when popular domain names started running out. I'm sure IP addresses will go up for auction. Seems kind of silly though considering the space available in IPv6. But if you have people that need these addresses, someone will be willing to pay for them. I imagine some of the big names that got them free from the start will be making a lot of money, such as MIT.