IPv4 Unallocated Addresses Exhausted by 2010

An anonymous reader writes "Ars Technica is reporting on how the unallocated IPv4 address pool could run out as soon as 2010. The IPv4 Address Report gives details on just how fast the available pool of IPv4 addresses is diminishing. Will ISPs be moving towards IPv6 any time soon? Or will IPv4 exhaustion become the next Y2K?"

Re:From TFA: free pr0n!

[mengel]

The problem is, that claim makes no senses whatsoever. The IPv4 addresses are a subset of the IPv6 space -- you can get to all of the IPv4 systems from an IPv6 network.

There are two issues:

1. Switching protocols
2. Getting IPv6 addresses

You can use the IPv4 subset of the IPv6 address space, and everyone can still talk to everyone while you convert. It's only the folks that have IPV6 addresses before the IPv4 users have migrated that become unreachable by anyone.

So the online businesses are going to want to be the last ones to switch, so that their customers don't become unable to reach them.

But anyway, IPV6 gives you access to all the same content.

Re:VoIp Everything

[bofkentucky]

what provider is giving out routeable addresses on their phones? Nextel is giving us 10. addresses.

Re:it's tghe next Y2k

[Kadin2048]

i've been hearing about how ip4 will run out in the next 5 years for the last TEN years.

Well, it would have run out a lot faster, had it not been for CIDR [wikipedia.org], which allowed addresses to be allocated more efficiently. However that -- like proposals to re-allocate unused space in some of the old corporate A-blocks -- slowed the bleeding but doesn't really do anything about the real problem.

Re:uh, what? uh, what? uh, what?? (ie. stupid idea

[Anonymous Coward]

The gradual change is the IPv6! You have no *clue* what you are talking about.

IPv6 can address all IPv4s. It just doesn't work the other way around because IPv6 is a superset of IPv4.

Link to RFC 1918

[NevarMore]

http://www.faqs.org/rfcs/rfc1918.html [faqs.org]

If I'm reading it correctly your ISP treats you like you are part of their corporate intranet and then pipes your traffic out. I'd expect the ISP have a similar traffic footprint and pattern to a largeish college campus that doesn't assign every PC an outside IP.

Re:Reshuffle existing IPv4 space

[imemyself]

"harder to do"

Are you kidding me? Are you actually saying that it would be more difficult for IANA to pull the class A's from organizations who have absolutely no use for it whatsoever, than it would be to upgrade every device connected to or part of the Internet infrastructure and configure it to communicate/route an almost entirely new protocol?

Re: From TFA: free pr0n!

[Dolda2000]

If what you say is true, then you definitely know something that I don't, and then I still think that I know more about IPv6 than at least most people do. I would think that you confuse either the ::/96 or the ::ffff:0:0/96 prefix for the IPv4 address space as a "subspace" of the IPv6 space. If you do, neither is true.

::/96 is a method for routing IPv6 traffic over IPv4. In other words, if you send a UDP packet to ::1.2.3.4, what is being transmitted onto the wire is an IPv4 packet (src: the address of your system's IPv4 stack, dst: 1.2.3.4), encapsulating an IPv6 header (src: the address of your system's IPv4 stack in the last 32 bits left-padded with zeroes, dst: ::1.2.3.4), in turn encapsulating a UDP header. It's a simple way of setting up a SIT tunnel, nothing more. You won't be sending any raw IPv4 packets that way, and neither is any router on the way going to convert it to IPv4 for you.

::ffff:0:0/96 is merely a way of talking to the IPv4 stack in your system, even if the program in question only uses IPv6. It does not work on a system without a working and properly configured IPv4 stack. In fact, I hear that the IETF is starting to work against the ::ffff:0:0/96 prefix due to some security issues that I have yet to understand.

In fact, if IPv4 truly were a subspace of IPv6, then what sources address would an IPv4-only host be seeing when it receives such a packet from an IPv6-only host?

It is perfectly possible to use both an IPv4 and an IPv6 stack simultaneously, and there are some NAT-like technologies that run on a router to give IPv4 connectivity to IPv6-only hosts, but you'll still need an IPv4 stack somewhere on your network to access IPv4 content.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Reshuffle existing IPv4 space

[Kalriath]

Oh really?

Department of Defense Network Information Center 21.0.0.0 - 22.255.255.255

That's a... /7? And check THIS out:

Department of Defense Network Information Center 6.0.0.0 - 7.255.255.255
Department of Defense Network Information Center 11.0.0.0 - 11.255.255.255
Department of Defense Network Information Center 21.0.0.0 - 22.255.255.255
Department of Defense Network Information Center 26.0.0.0 - 26.255.255.255
Department of Defense Network Information Center 28.0.0.0 - 30.255.255.255
Department of Defense Network Information Center 33.0.0.0 - 33.255.255.255
Department of Defense Network Information Center 55.0.0.0 - 55.255.255.255

So that's... about 330 MILLION IP addresses for the US DoD alone? And people bitch about MIT hoarding!

Re:Is Bogon List Space Considered

[Anonymous Coward]

Last allocation my company got was from ex bogon space. They apparently take it off the bogon list and allow one year for all the firewall providers etc to update their lists. We had some problems with customers still using older lists. So yes, bogon space is being reclaimed and used.

WRONG

[Anonymous Coward]

The IPv4 addresses are a subset of the IPv6 space -- you can get to all of the IPv4 systems from an IPv6 network.

This is what IPv6 fanatics constantly FAIL TO UNDERSTAND. IPv4 addresses ARE NOT a subset of IPv6 addresses, because IPv4 and IPv6 are INCOMPATIBLE PROTOCOLS.

Let that sink in.

Just because there's some addresses within the IPv6 space that can map onto IPv4 addresses doesn't mean you've made the two protocols compatible.

I can't get to these embedded IPv4 addresses from my IPv4-only machine unless I go through extra hardware/software that tunnels or gateways the packets, basically converting them to IPv6.

And if there's an IPv4 address on the other end, I'll simply USE IPv4 TO REACH IT.

The *only* incentive for people to use IPv6 is if popular and useful web sites exist ONLY on IPv6. I.e., Google, Hotmail, whatever. Apparently, the IPv6 fanatics think that ISPs will happily upgrade their hardware and software just so that their IPv4 hosts can talk to IPv4 servers through some Rube Goldberg IPv6 network, waiting for the day that Google's IPv4 IP goes dark. No, that's not gonna happen.

If you can't comprehend what I've said, replace "IPv6" with "Fidonet" or some other protocol and think about it.

Re:Worse than Y2K

[sirket]

This is so patently wrong I don't know where to begin-

My home network sits behind a Cisco 2621 running an IPv6 IOS image- and I have a /64 and a tunnel to tunnelbroker.net (By Hurrican Electric). It took ten minutes to set up- and another minute to enable IPv6 on my FreeBSD desktop- at that point I was able to get to www.kame.net via IPv6 with no problems.

I even set up an IPSEC / GRE tunnel with a friend of mine along with mBGP (multiprotocol BGP). No problems. I set up route-maps and filters all without a problem. My friend and I were then able to get to each others Unix servers via ssh over IPv6 using hostnames that resolved via AAAA records.

I also run OSPFv3 internally- again without incident. Deploying IPv6 to my network took a grand total of an hour- and we're talking about BGP, OSPF, GRE IPSEC tunnels and so on.

In fact- the change was so easy I immediately began a project to upgrade my company to IPv6. So far it has been incredibly easily and completely transparent to everyone.

What's holding IPv6 back is two things: public perception that the change will be difficult (completely unfounded) and the unwillingness of anyone to just start deploying it. I have SpeakEasy for my home connection (business class SDSL with a /27) and they neither offer IPv6- nor do they even have any IPv6 plans (or so customer service told me. This is just sad. The same goes for my employers upstream provider- and backbone provider.

-sirket
Senior Network Engineer for a company you've definitely heard of

Re:Reshuffle existing IPv4 space

[sirket]

Everyone in this thread is sooooo wrong it isn't funny.

First off- no one in their right mind is going to give up their addresses.

Secondly- let's not keep IPv4 around any longer than it has to be. Please let it die already. Moving to IPv6 is just not that hard- including OSPFv3, mBGP, tunnels, filters and route-maps it took me an hour or so of actual configuration time to enable IPv6- for gods sake- let's just do it already.

Finally- breaking up /8's into lot's of smaller networks is a TERRIBLE idea. There are already about 200k routes in the global routing table. Splitting up a single class A up into /20's (the current standard allocation) would increase the size of the table by 4k entries. Do that for a dozen networks and you've just increased the global routing table by 25%. That's an AWFUL idea. IPv6 avoids this problem with a stricter and more sensible heirarchy that allows for a LOT more aggregation.

The fact is- you don't know anything about backbone routing so please don't tell ARIN how to do their job.

-sirket

Re:Carbon Credits

[TooMuchToDo]

Perhaps you need to read up a bit. ARIN is a not-for-profit whose primary role is to delegate address space. They do the same function NANPA/NeuStar [North American Numbering Plan Administration] does, except NANPA/NeuStar handles area codes and phone numbers. ARIN's authority has already been proven in court as well. Anti-trust laws don't apply here.

Don't be an ass unless you've done your homework.

Re:From TFA: free pr0n!

[Kadin2048]

The stateful firewall you'd need on an IPv6 connection isn't inherently any more complicated than an IPv4 UPnP+NAT box. In order for NAT to work, the device performing the translation must keep track of all the individual connections; it's basically a stateful firewall already. If you can do that, then you can firewall IPv6 (provided you have the capacity for the longer addresses). You need a protocol, like UPnP, so that clients can request "holes" (so that things like FTP, Bittorrent, and VoIP work), but that's no worse than NAT right now.

Now, I think this is a completely crappy way to run a network, and I think we just need to get rid of the idea of firewalls completely (at least as a generic cureall, I'm all for retaining them for specific applications); security needs to be at the client level, not at the network-gateway level; as more and more devices become mobile, they cannot and should not ever assume that their local network is secure.

But unfortunately, people have gotten so used to the idea of firewalls that they're attached to them, particularly because it allows for a certain amount of laziness (running old, crummy operating systems on Internet-enabled systems, not patching, etc.) while giving the perception of safety. So I suspect that all IPv6 implementations will mimic the brokenness of NAT, at least initially.

Re:Most people don't have that kind of hardware.

[Jaidan]

You're kinda nuts...a 2621 runs the same price (on e-bay) as a mid to low end users computer! At $500-$600 on ebay we're talking router tech that's 6-7x the price of the average home router. So as long as that's the kind of hardware the end user will need, i's not going to work.

IPv6 can give out your hardware MAC address also

[billstewart]

One of the many optimistic goals in IPv6's design was to support really simple administration, so users can set up machines and networks automagically without having to configure anything by hand. (This dates from the days before DHCP and DHCP Relay support were universal. And Netware IPX could do that (remember Netware? IPX was an XNS-like protocol alternative to IP.)) And we certainly wouldn't have NAT, because that was a crufty annoying artifact of IPv4 address shortages that broke the end-to-end principle that's fundamental to how the Internet worked.

IPv6 has large address blocks - the smallest any organization (like your home DSL line) is likely to have is a /64, so you've got 64 bits to play with. A real obvious IP address assignment strategy is to use 16 bits for a subnet number and 48 bits (the MAC address on your Ethernet or Wireless card), kind of the way Netware used to work. So you could set up routers if you needed to split up your building into subnets, and when your computer or printer or whatever booted up, it could squawk the LAN to get a subnet number and use all-0s if nobody answered, and it was ready to talk. And it meant that if your router/switch wants to find the machine with a given IP address, instead of having to ARP to find the MAC address for the machine, you just look at the lower 48 bits of the IP address. (And that means you don't need to worry about ARP storms - remember ARP storms?)

So unlike IPv4, where any machine you connect to on the net or anybody eavesdropping in between knows what IPv4 address you're using, and maybe they can find out from DNS or logfiles where that address is, with IPv6, they see your IPv6 address which tells them what machine you're connecting from. You can do things to change that (e.g. pick a different IPv6 address, or set the MAC address on your network card if it supports that), and if you control the network connection, you can set it any way you want. And these days you're probably still going to go through some firewall, there might be something NAT-like happening, or at least a proxy, or some 6to4 gateways.

But in theory, if everybody administered everything the way the IPv6 designers envisioned it, every time you plugged in your laptop to a different LAN, your MAC address would probably still be visible, which is really convenient for debugging and not so hot for privacy.

Not so much actually

[Sycraft-fu]

Often the router can do it, but not well. We have this at work (a major university) with our stuff. It's all Layer-3 switches, which means that IPv4 is done extremely quickly via ASICs, with minimal impact on the CPU even for fairly complex sets of rules. However IPv6 is not accelerated. Thus you can turn it on, and it'll work fine so long as not many people use it, but if everyone tried, the router falls over as the CPU gets slammed. There are, of course, new supervisor modules that'll do the v6 routing on ASICs, but we don't have those and they aren't cheap (a few million dollars to upgrade all the core and edge routers that'd need it). Being that we are having our budget cut, this isn't something that's high on the list.

That's a large part of the problem with v6 is that it isn't as simple as many people think. You don't just enable it on your routers and expect everything to work well. There's a lot of high end gear in place that doesn't have hardware support for v6 and thus it all has to be done on the CPU, which is usually much less powerful than you'd think. It isn't a trivial amount of money to just replace all those, nor can they afford to turn it on in software and hope that usage is light enough that they don't get slammed.

Now as new gear gets put in to place, which happens all the time, this problem is slowly going away, however it's still a major problem right now. The routers on our campus may be about 6 years old, but they are still powerful units that do what we need, and we've no inclination to replace them. I'm sure big ISPs feel the same way.

Given that the IP situation isn't the crisis that some people keep wanting to make it out to be (I've heard this shit many times before) I imagine that the process will probably be slow, and equipment will be replaced for other reasons. However once all the equipment is IPv6 capable, organizations will probably start turning it on since why not. It isn't likely to be a big, hurried rollout, just a gradual shift.

Re:From TFA: free pr0n!

[kickdown]

That's really just not true. With IPv6, you can get a lot more anonymity than you have now with IPv4. v6 has all sorts of special provisions for randomly assigning addresses, letting you reset them when you want, so that you can appear to be a new user in the middle of a browsing session. That's tough to do with IPv4; even if you try a DHCP release-and-renew from your ISP, generally they won't issue you a new address until the other one has expired.

IPv6 doesn't force you to give up any privacy, and there's no 'user serialization' unless you buy into it voluntarily.

Sorry, but that is just not true. There's some fuss in the air about IPv6 privacy extensions, which is basically bullshit. As an IPv6 customer, you'll typically get a /64 prefix of the address space for your broadband connection. The entire address length is 128 bits, so you might *think* that you can play a lot with different, random, "anonymous" addresses.
BUT: The whole /64 is assigned to YOU, the contractor of this specific broadband account. So however you variate behind your /64 prefix, it will always be accountable to the same block. If your ISP does it's job right, your customer details will be delivered to RIPE, so that every content provider can conveniently look it up - no need to bug the ISP with such stuff, your cease-and-desist letter goes directly to your letterbox.
To illustrate my example, there's a IPv6 ISP in Germany that gives out even a /48 prefix - you could almost literally give an IP address to all the atoms in your house, and still have random space left for variations. Still, a RIPE query on the prefix 2001:4b88:107d:: shows that whatever happens with this /48 block gets this specific customer's credit.
If we're not counting accountability, but just usage tracking on websites etc, easy: just don't treat every Ip address as unique (like in IPv4), but instead every /64. There you go, almost as accurate as before in IPv4.

Re:Reshuffle existing IPv4 space

[Anonymous Coward]

companies that totally don't need them would be companies like: ...Boeing...

Apple has under 20,000 employees. Boeing has over 150,000 employees.

Apple is a computer company, but just because Boeing isn't as trendy as Apple today doesn't mean they design airplanes with slide rules.

And they're not all about building commercial aircraft, either (that's actually less than half the company these days). Phantomworks isn't as well-known as Lockheed's Skunkworks, but they do their share of high-performance computing (=lots of computers), too.

And Boeing is itself a small company compared to Ford (280,000 employees) or GE (315,000 employees). Don't forget that GE is the world's second largest company, who own everything from financial and real estate to industrial components (they make engines for Boeing) to big media (NBC Universal). (Ever watch Sci-Fi Channel? That's GE.) If you don't think GE needs a class-A, it's hard to imagine why any single company would, especially a small one less than 1/10th its size, that isn't even primarily a media distribution company.

Re:IPv6 can give out your hardware MAC address als

[TheRaven64]

I take it you haven't been following IPv6 closely, since that hasn't been the case for about six years (see RFC3041). The MAC address part of the IPv6 address was never used as a substitute for ARP; doing so would have broken addresses assigned in different ways (e.g. stateful autoconfiguration, manual configuration), which were always allowed. The low bits are a hash of your MAC address, and so only a mapping from MAC to IP is possible, not the other way around. If privacy is a concern for you, then you can easily pick a different IP at pseudo-random.

Re:it's tghe next Y2k

[Anonymous Coward]

Maybe you don't recall: CIDR was designed to decrease the number of BGP routes. That is, to enable route aggregation. CIDR is not the cause of the explosion. Without CIDR, people who got 4 class B's had to announce four routes that no one could aggregate. With CIDR, they can announce 1.

Re:"best efforts of organizations like ARIN" joke

[anticypher]

Truth is that ARIN does not, and has never, made a best effort at anything except to charge ISPs for address space and let them reap a 500 to 1000% profit reselling it.

ARIN, and the RIRs made one effort back in the 1997-2000 timeframe to reclaim many of the allocations that didn't seem to be in use (i.e. not announced on the internet). I can't find the summary of that, it should be somewhere on the Potaroo site linked in the OP. The results were something like 8 /8's were returned, 15 replied with an absolute NO, and none of the other 70 or so companies even bothered to respond. There were a number of attempts to contact the large block holders, but with no success. Search NANOG archives for other details.

If you have ever seen a talk by Geoff Huston, the man behind Potaroo, he talks in depth about how there has never, to date, been any attempt to take back an allocation through legal action. Should that ever become necessary, it would be costly and require years in the court systems allowing for appeals. He addresses every concern voiced by the ignorant /. masses in this story.

Even if all the large /8 allocations were to be reclaimed voluntarily without any bother, it would push the exhaustion date out by no more than 2-3 years.

This is exactly what Network Solutions/Verisign did with domain names when they had a government-protected monopoly. Have we forgotten so soon, one year domain registration was free (via SRI), and the mext year it was $100 per year per domain (via Verisign), despite actual costs of $7/year.

It wasn't NetSol in 1995, but their predecessor, who charged US$100 for the first year, and $50/year renewal. Within a year NetSol got involved, and the prices came way down. And it wasn't Stanford Research Institute, it was the National Science Foundation who ran the domain allocation for a few years before it was privatised.

ICANN has been putting out feelers, mostly verbal at meetings and careful not to put in writing, the idea of eliminating the IANA and IETF groups in favor of ICANN charging around US$4.00 per year per IPv4 address. So a group like MIT with their /8 would have to pay US$64 Million per year to keep that many addresses. A web hosting company with a few thousand machines on a /20 would need to pay US$17,000 per year to just have routable addresses. The idea is that the RIRs would become private companies who would purchase allocations they could resell on a "free-market". That would earn the US Government a large bundle of money as they still control ICANN through the Department of Commerce. ICANN loathes the RIRs as they are currently organised, too much of the hippy feeling of volunteer effort and consensus in the public good.

Almost everyone I have talked with, especially the most die hard Free Market economists, think this is both a very bad idea, and an eventuality. Whether IPv6 will suffer the same fate remains to be seen, but ICANN wants to make money more than anything else.

the AC

Re:WRONG

[Cato]

Comcast has already deployed IPv6 in its core network and will deploy it to homes, simply because it's already gone beyond the available 10.x addresses and is now on public IPv4 space - it needs about 100 million devices for its IP voice/video/net customers. So the other incentive to use IPv6 is simply that you won't get Comcast service at some future date without having IPv6. Of course, this will be largely transparent to the customer as they'll use native IPv6 within Comcast and then be converted to and from IPv4 on the IPv4 Internet - but it will create a base of users who are IPv6. These users won't have IPv4 at all in their home (otherwise you don't solve the address scarcity issue).

Also, if Comcast ever decides to serve their video content outwards to Internet users who don't have Comcast access, it would be easy to provide it over IPv6 as well as v4. This doesn't mean exclusive IPv6 content, but it shows one step in the process of wider IPv6 usage.

The other thing I've seen, working in the telco industry, is that IPv6 support requirements are now moving into the management software (operational support system) space, and of course the federal government mandate for IPv6 is driving things too. I'm now much more confident than a few years ago that IPv6 will happen.

See http://it.slashdot.org/comments.pl?sid=234063&cid= 19052065 [slashdot.org] for link to a presentation by Comcast on this.

Samba and Vista will lead the way

[davecb]

Vista will only contact Active Directory DC over IPv6, and although Samba3 works over IPv6, it won't work as a DC [Dan Shearer]

David Holder has a more detailed presentation of this at http://www.ipv6consultancy.com/ipv6blog/wp-content /uploads/2007/05/samba-and-vista-with-ipv6v2.pdf [ipv6consultancy.com] but to oversimplify, MS tried to prevent Samba from being an AD Domain Controller by making IPV6 a prerequisite, with strictly limited and temporary success (;-))

--dave