Forgot your password?
typodupeerror
The Internet

Dispelling the IPv4 Address Shortage Myth 505

Posted by CmdrTaco
from the put-on-your-debating-hat dept.
Zocalo writes "While looking up some WHOIS information at RIPE just now I noticed a couple of articles about the IPv4 address space allocation status. IPv4 Address Space: October 2003 is a short summary by RIPE themselves, and IPv4 - How long have we got? is from July 2003, but has lots more detail and pretty graphs! In short, the "Death of the Internet" due to lack of IP space is a myth, which doesn't bode well for getting IPv6 rolled out any time soon."
This discussion has been archived. No new comments can be posted.

Dispelling the IPv4 Address Shortage Myth

Comments Filter:
  • just remember (Score:2, Informative)

    by Anonymous Coward
    Class E addresses are still under the "Reserved for Future Use" mantra.
    • Re:just remember (Score:5, Informative)

      by JWSmythe (446288) * <jwsmythe.jwsmythe@com> on Tuesday November 04, 2003 @02:47PM (#7388573) Homepage Journal
      I finally took the CCNA class. Been working with the Cisco hardware for years, but finally took a class. I couldn't get the routers to assign class E addresses.

      But, for those that don't know, the CCNA book says:

      Class A 0.0.0.0 to 127.255.255.255
      Class B 128.0.0.0 to 191.255.255.255
      Class C 192.0.0.0 to 223.255.255.255
      Class D 224.0.0.0 to 239.255.255.255
      Class E 240.0.0.0 to 255.255.255.255

      Class D are multi-cast, which I don't believe very many people use..

      Class E are "Scientific Purposes" or "Research".

      I was running a little personal project a while back, to try to find logical distances from various points (places I had access to machines) to other places, and try to map them, to determine if there were more advantagous places to put servers, or redirect customers on particular networks to particular servers.

      A whole bunch of those first /8's don't have anything in them, or at least nothing reachable by a couple different methods. My tests weren't completely exhaustive. I didn't try every port on every IP. I just did a sampling of IP's for a few different ports and packet types. So, there are a whole lot of unused IP's out on the Internet.. Looking at the logs of some of our sites, with over 1 million uniques/day, you can see where the IP's are clumped up, and huge gaps in the usages.

      Of course, if I was the network god of 3.0.0.0/8 (General Electric), and I was only using say 100,000 IP's, they'd be hard pressed to make me give up any part of that, especially in knowing that they've had that block since the first days of the Internet. Whois says they registered 3.0.0.0/8 in 1988. I definately wouldn't want to be the admin that had to change 50,000 IP's.

      I guess it does help with the old estimates, that people are using NAT more frequently. The stories I heard years ago said we would have run out long before Y2k, but since people run NAT's at home and many offices. Nextel has assigned IP's to every phone (ahhh, the wonders of the Internet), but they're all 10.0.0.0/8 .

      For example, on my phone, I select

      Menu -> More -> My Info -> Carrier IP

      And it shows me 10.154.85.xxx

      Using a Nextel im1100, I also get assigned an IP in the 10.0.0.0/8 network.

      For those that don't know, 10.0.0.0/8 is a private network [ohio-state.edu]. You can use it any way you'd like, but it's completely useless to you on the Internet unless there's a NAT or something between you and the rest of the Internet.

  • by Anonymous Coward on Tuesday November 04, 2003 @11:54AM (#7386768)
    The last post possible, Please upgrade to SlashV6 to post more.
  • Grab em! (Score:5, Funny)

    by zyridium (676524) on Tuesday November 04, 2003 @11:54AM (#7386775)
    I'll take all the addresses I can :-)

    If I get enough for free, we will have to use IPV6..

    I think I want a screensaver where each pixel has an ip, and then we can replace X with a simple protocol just sending colors!!
    • Great! Thanks, you made my day! :-) If I had mod points, I would mod you up.

      This is definitely the weirdest idea how to (ab)use IPv6 I've ever read.
    • I want an IP address for every memory location in each of my boxes.

      -kgj
    • Re:Grab em! (Score:3, Informative)

      by Cheeko (165493)
      I think HP has a lead on you. At last check they had both the 15 (HP) and 16 (DEC) Class A's and a few class B's. So thats a whole lot of the total address space right there. Better start buying up old tech companies :) Among others that I can recall IBM, MIT, and Berkley also had class A's.

      This point was somewhat unclear in the article. He mentions how assignment has moved away from the class licenses, but as far as I know, HP anyway, still maintains control over all of the 15 and 16 addresses. I be
  • Good articles (Score:5, Interesting)

    by Anml4ixoye (264762) * on Tuesday November 04, 2003 @11:56AM (#7386790) Homepage
    I enjoyed both of the articles. The question I have is this. With the number of networks now being NATed and the such, will we ever truly need something like IPv6? It seems like whe I hear about it, the talk is always that every device will have a unique IP address. But what I see is that large deployments of devices needing IP addresses are more and more being done using 192.* or 10.* addresses. Anyone else have more insight?
    • Re:Good articles (Score:5, Insightful)

      by lemmen (48986) on Tuesday November 04, 2003 @12:02PM (#7386867) Homepage
      The need for IPv6 is _not_ shortage of IPv4 addresses, but you find it in the extra features in IPv6 (Build-in security, Automated addressing, etc).


      Check this presentation: mms://webcast.ripe.net/ripe46/plenary-2.wmv [webcastrip...enary-2wmv]

      • Re:Good articles (Score:5, Interesting)

        by aminorex (141494) on Tuesday November 04, 2003 @03:12PM (#7388845) Homepage Journal
        Oh, you mean like IPSEC, and DHCP?
        IPv6 offers nothing but a fat address space,
        really. Everything else can be retrofitted
        to IPv4.

        Frankly, I think we'll devolve to a system
        of discrete IPv4 address spaces with
        intelligent routers between them before
        IPv6. It doesn't matter how much mindshare
        v6 has, if the economics are wrong.
      • Re:Good articles (Score:5, Insightful)

        by Tailhook (98486) on Tuesday November 04, 2003 @03:20PM (#7388960)
        The need for IPv6 is _not_ shortage of IPv4 addresses, but you find it in the extra features in IPv6 (Build-in security, Automated addressing, etc).

        Disclaimer: First, understand, I'd like to agree with this. IPv6 is a good thing.

        However, the IPv6 motivations you mention are incorrect. IPv6 does provide the things you mention, but these are not sufficient to cause a migration and do not constitute a "need."

        Security; Adhoc VPN is providing this in IPv4. It's messy and complex, but it works within limits. IPv4 was not designed with this in mind and the hacks that appear as a result are deeply wrong, but it works.

        Autoconfig; DHCP is providing this to a large degree already. It is working "in the wild" right now in both fixed installations and more recent wireless environments. Again, it's messy and imperfect, but it's working.

        NAT is being extended to multiple levels through routing domains (my phone has a RFC1918 address and I wouldn't be surprised if some cable/DSL ISPs aren't distributing them too. A major issue for corporate WANs is making sure RFC1918 subnets don't overlap.) Protocols that don't play well with public IPv4 and NAT are being implicitly deprecated (consider SOAP running an entire RPC stack through HTTP ports and TCP/IP.) Obscene hacks necessary to overcome NAT are being created (IPSEC NAT-T.) How long will it be before ISPs set up tiers where you're only cost effective choice for small enterprise is a single public IP on a NAT gateway because a classless /28 public subnet is 5x more money?

        IPv6 will happen only when the pain of the transition approaches zero. Until then IPv4 will persist regardless of how painful it is. People will deal with figuring out how to run multiple virtual hosts through a single address to a NATed DMZ before they read page 1 about IPv6.

        When every OS and device supports it out of the box and the base of administrators are finally no longer mystified, it will occur. This will take a long time. I doubt IPv6 will be ubiquitous in the next 8-10 years. IPv6 proponents must continue to focus on vendor support and educating administrators. There is no magic bullet.
    • Re:Good articles (Score:5, Insightful)

      by Branc0 (580914) on Tuesday November 04, 2003 @12:02PM (#7386868) Homepage Journal
      IP addresses are more and more being done using 192.* or 10.* addresses.

      This is done because we have to, not because we want to. If IPv6 was a reality today i would put many machines with a public IP address that today are behind NAT.

      • Re:Good articles (Score:4, Interesting)

        by talon77 (410766) on Tuesday November 04, 2003 @12:16PM (#7387012) Homepage
        Nonsense, I think most of us do it because it makes good sense. You don't want your local network having a public IP address, even if you do have a firewall and the best IDP system available. Why create the risk? And even if you have a public server with a public IP address, most firewall's require you to NAT the public IP address anyways if you are nat'ing anything behind the firewall. (usually you nat it to itself, but nat'ing none the less)
        • Couterexamples (Score:4, Informative)

          by hey! (33014) on Tuesday November 04, 2003 @12:42PM (#7387302) Homepage Journal
          Nonsense, I think most of us do it because it makes good sense. You don't want your local network having a public IP address, even if you do have a firewall and the best IDP system available. Why create the risk?

          Not at all.

          Just because you have an assigned network doesn't mean that that network (or all parts of that network) has to be connected. You could even NAT an assigned address behind a firewall if you wanted, and never put out any routing information. It would be just as secure as a non-assigned address, but very convenient in many situations.

          For example, I'm setting up an ad hoc VPN right now between several companies collaborating on a project. Naturally, we are not giving access to each others LANs, but separate segments. Howver, we can't ignore the unassigned addresss used by the other partners. If he uses 192.168.100.0/24 for his LAN, I can't use it for my VLAN segment.


          Another example is when companies merge. They could just plug their LANs in and know everythign would work.

        • Re:Good articles (Score:5, Interesting)

          by mjh (57755) <<moc.nalcnroh> <ta> <kram>> on Tuesday November 04, 2003 @01:05PM (#7387389) Homepage Journal
          The biggest problem with NAT is not for the home user. It's for corporate users. If you're a medium sized or larger business, there's usually some third party that to whom you have to make a connection. If you've got all of your internal network running on RFC 1918 address space, and they've got all of their network running on the same address space, you're almost certainly screwed. You can hack it with dual NAT but it's almost always a maintenance nightmare to get it working right.

          IPV6 is needed because RFC 1918 is a bandaid. We need to have globally unique IP addresses, whether we expose those IP addresses to the internet or not is irrelevant.
          • Re:Good articles (Score:3, Informative)

            by Marillion (33728)
            Most of the $100 DSL/Cable appliances from Linksys, Belkin, 3com and similar vendors perform NAT out of the box. Plug it in and go. They DHCP to the ISP to get the public address and provide RFC1918 addresses internally via a built-in DHCP server. For small/ customers who don't have static address from their ISP, these devices also provide IP address stability internally. I can assign printers static addresses and know that I won't be subject to the whim of the dynamicly assigned number from the ISP.
        • Re:Good articles (Score:3, Informative)

          by kwerle (39371)
          You don't want your local network having a public IP address, even if you do have a firewall and the best IDP system available. Why create the risk?

          That argument makes no sense.
          1. The parent poster clearly DOES want to have more public IP addresses. So do I.
          2. Do you block all outbound connections from your NAT'd machines? That's the only way you could be more secure than blocking all inbound connections using a firewall.
          3. If you want to keep NATing, go for it. IPv6 ain't gonna stop you.
      • NAT does provide a bit more security though. If every machine had a public IP, wouldn't you have to run some sort of firewall on each individual machine, rather than just the gateway/router?
        • Re:Good articles (Score:4, Informative)

          by leerpm (570963) on Tuesday November 04, 2003 @12:29PM (#7387133)
          NAT does nothing that any decent real router/gateway cannot do as well. You install a router at the entrance to your network. It hands out REAL IP adresses to your hosts, and you put rules in your router that say 'drop TCP/UDP packets that are heading for port 1024', excluding those hosts that you want to run web/email/SSH on, etc.
        • Re:Good articles (Score:5, Informative)

          by Minna Kirai (624281) on Tuesday November 04, 2003 @01:08PM (#7387422)
          wouldn't you have to run some sort of firewall on each individual machine, rather than just the gateway/router?

          No. The questions of whether computers on a LAN have their own IP addresses and whether they are firewalled by a dedicated box are independent. Even if each machine has an IP address by which it is publically addressable, you can still have a system which protects it by blocking known-dangerous ports.

          The advantage of a situation like that, for instance, would be that you could have the firewall block file-sharing/RPC ports, while still allowing port 80 inbound so the individual machines can run webservers. With a NAT, only one local system could have a webserver, and you'd have to configure which one got it on the firewall.
          • Re:Good articles (Score:4, Informative)

            by E-Rock (84950) on Tuesday November 04, 2003 @02:10PM (#7388162) Homepage
            Not exactly. If you have a professional grade NAT device you can bind multiple real IPs to the router and then forward internally based on port and IP. So if you have x.x.x.1 and x.x.x.2 bound to your NAT, you can point x.x.x.1:80 to 192.168.0.1 and x.x.x.2:80 to 192.168.0.2. Just like with a firewall and real IPs.
            • Re:Good articles (Score:3, Insightful)

              by Khazunga (176423) *
              You'll never escape the limit of n internal servers for n publicly addressable IPs. Not unless you do some kludge like having an http proxy looking at Host: headers on requests.
    • Re:Good articles (Score:5, Insightful)

      by Anonymous Coward on Tuesday November 04, 2003 @12:02PM (#7386873)
      For philosophical reasons, there's some opposition to the mass NAT-ing of the Internet; it tends to break the equality between computers, creating the artificial distinction between servers and clients (just imagine all the pain you have to go through to use your favorite P2P/game/whatever behind a NAT router). IPv6 will solve that, although NAT will probably continue for other reasons.
    • Re:Good articles (Score:5, Insightful)

      by Mysticalfruit (533341) on Tuesday November 04, 2003 @12:04PM (#7386893) Journal
      My insight is to say that your right on the mark. NAT killed IPv6. Also, now with the focus more on security, more people are seeing isolated networks with single points of IDS monitoring as solid solutions to security. Hence people put everything on a non routable blocks of IPs and put a snort NAT box at the head end.
    • You should rephrase that to "will we ever truly need the address space that something like IPV6 provides?" IPV6 has much more to it than just a huge address size.

      See also: IPV6.org [ipv6.org]
    • Re:Good articles (Score:5, Interesting)

      by Firehawke (50498) on Tuesday November 04, 2003 @12:05PM (#7386917) Journal
      NAT is a quick and dirty hack that has to be updated for newer, complex protocols-- it wasn't until fairly recently that NAT would actually deal decently with FTP, but it requires mangling the packets.

      In the end, the only truly STABLE method for addressing is just to have real IP addresses. NATs just add points of failure and complexity in diagnosis.

      It doesn't help that Microsoft's own implementation of the system is nearly impossible to configure-- since NAT is useless for servers, you're only going to see it on clients, and there's your #1 most likely NAT solution to see.
      • "Fairly Recently?" (Score:5, Insightful)

        by mveloso (325617) on Tuesday November 04, 2003 @01:01PM (#7387364)
        Fairly recently as compared to when? I remember using ftp behind NAT years ago, back in the mid-90s...and boy does that sound strange.

        Anyhow, the stuff now works and is stable (and has for years), so there's no reason to whine about stability, etc. If your software doesn't work behind NAT, it's because they hired an inexperienced network guy to write the code.

        Why not complain about something else, like the crappy X server stuff?
        • by Abcd1234 (188840) on Tuesday November 04, 2003 @02:26PM (#7388326) Homepage
          Fairly recently as compared to when? I remember using ftp behind NAT years ago, back in the mid-90s...and boy does that sound strange.

          Yeah... it took until around 6 years ago before FTP would even work through a NAT. FTP! One of the oldest protocols on the 'net! And this requires stateful management on the server, which is non-trivial. Basically, it requires a protocol-specific hack.

          Anyhow, the stuff now works and is stable (and has for years), so there's no reason to whine about stability, etc. If your software doesn't work behind NAT, it's because they hired an inexperienced network guy to write the code.

          Sorry, but you're totally wrong, here. There are many applications (IPSec being the most obvious, as well as end-user apps, like VoIP, P2P apps, etc), where the very architecture of said application means NAT fundamentally breaks things. And yes, there are ways to hack around these limitations, but they're just that, hacks. And this is unavoidable... the minute you want machines to be able to directly contact other machines, things break down in the face of NAT.
    • Re:Good articles (Score:2, Insightful)

      by Anonymous Coward
      There's not really a shortage as in "we will run out of addresses in X years". But that's because RIPE, IANA, etc. are being so stingy with IP addresses. Many people are not using NAT by choice, they are using it because they can't get a suitably-sized IP block. It's a pain in the ass - small companies with 50 computers are lucky to get 8 IP addresses. They might get another 8 if they demonstrate the need, but then they'd be advertising multiple IP blocks, bloating the internet's routing tables. And if ever
    • I think it just prolongs it. VPNs between companies is becoming very popular. Now you don't need to drop money every month for a connect. A VPN is free. We're now hitting issues with conflicting private addresses and it's not going to get better. You end up having to do NAT in all sorts of places and that gets complex and error prone.

      I like the idea of NAT to hide addresses from public view, but unique internal addresses isn't a bad thing. Just NAT the internals to a block of externals.
    • Re:Good articles (Score:5, Informative)

      by CausticWindow (632215) on Tuesday November 04, 2003 @12:25PM (#7387102)

      There is more to IPv6 than a larger address space. The address space issue is just what is commonly pushed, since it's something that's easily grasped even by non-techies.

      The true benefits of IPv6 are things like; improved routing, multicasting scope, greater flexibility in what packets contain, flow labeling, privacy and authentication.

      Especially flow labeling will be important if the net is going to be a source of media. Streams could get a higher priority, so low latency and glitch free audio and video can be possible. Makes me wonder if this couldn't be abused though.

    • IPv6-enabled Windows Applications [win6.jp]

      Also, see see here [microsoft.com]
  • So.. (Score:5, Insightful)

    by pirodude (54707) on Tuesday November 04, 2003 @11:58AM (#7386813) Homepage
    So yeah, it'll take 20 years to exhaust the space. Let's wait until 2029 to switch to IPv6.

    Or instead start switching now (after all, it'll probably take atleast 10 years to get everything switched over) and not worry about IPs until we're extinct.
    • Re:So.. (Score:5, Insightful)

      by leerpm (570963) on Tuesday November 04, 2003 @12:04PM (#7386901)
      According to their study, yes it will take 20 years for 100% of the address space to be used up. But there was a study done (trying to find the URL right now..) saying that once we reach a critical mass of around 85% usage, it will become nearly impossible for an organization to obtain new address space. At this point, we will essentially be in a crisis-state, where no one will be able to request more space.
    • Exactly. It may take 20 years to completely exhaust the space, but we will have to make the switch way before that happens.

      One analogy I have come up with is bathrooms. Say you have 100 bathrooms, and right now 50 of them are busy (assigned). Now you (person #51) come along and want to use one. Is it very hard to find a spare washroom out of the 100, when 50 are free? Probably not too hard. Now think about when there are 90 bathrooms full and person #91 comes along to find a bathroom. It will be a lot hard
  • by heironymouscoward (683461) <heironymouscoward@NOSpaM.yahoo.com> on Tuesday November 04, 2003 @11:58AM (#7386821) Journal
    The cost of moving to IPv6 is going to be so huge that it will remain a research project until the benefits are correspondingly irresistable.

    It will almost always be cheaper to hack IPv4 than to switch to IPv6, and this will be the rule for 99% of IP users.

    My prediction is that IPv6 will never come into general use, we will stick with IPv4 for at least 40-50 more years. I have absolutely no idea what will replace IPv4, something will, but it will not be IPv6.

  • by websensei (84861) on Tuesday November 04, 2003 @11:58AM (#7386827) Journal
    my brother david weekly had this to say about it, which I found interesting:

    This message was posted on a mailing list in response to a post that claimed that IPv6 would be widespread by 2005 due to an IPv4 address shortage

    NATs, unfortunately, made a need to switch over to IPv6 wholly unnecessary. Such a switchover will probably not happen for at least another ten years. Even ten years ago, we were "running out of" IPv4 space due to incredibly inefficient allocations using the "class based addressing" method - by which your network was deemed to either to likely possess 253 computers, 65,533 computers, or 16,777,213 computers. A specific network was identified by 24, 16, or 8 bits. (The more bits it takes to identify a network, the more networks can exist but at the expense of having fewer unique addresses per network.)

    This was quickly determined to be an inordinate waste of addresses and as early as the early 90's folks were predicting we'd rapidly run out of addresses. So class allocations changed a little, and instead of giving an organization with 1000 computers a class B (with 65,533 useable addresses), they'd give them four class C's (with 1012 addresses). This helped stem the tide for a bit and arguably saved the Internet's ass, but it was clear that a more elegant system for identifying networks was needed.

    After some backbone technology re-architecting, a new scheme called Classless Internet Domain Routing, or CIDR was introduced, which allowed bit-sized granularity, meaning that a network was identified by exactly as many bits as you needed. Your network could possess 13 computers, or 16,381 computers, and the system could deal with that efficiently. CIDR definitely also helped save the Internet's ass. But the addresses kept on coming; that dang Internet was getting popular very quickly! Pundits started talking about The Great IPv6 changeover, despite the fact that less than one person in 100 on the Internet had an IPv6-enabled operating system.

    Then came NATs. While Network Address Translation had been used in many environments, it hadn't really taken off tremendously. Then Linksys released a rather affordable cute little blue box. This piece of hardware let home users plug in several computers to the blue box, configure it with a web interface, jack in their cable/DSL connection and suddenly be sharing Internet access easily with everyone in the house, using one IP address and so fooling the ISP into thinking that there was only one computer using the Internet (many ISPs either don't permit or don't have the infrastructure to give out multiple addresses to a customer). These NATs had a secondary benefit, which was that by default, all incoming connections from the outside are dropped on the floor. I'm not sure Linksys had such "firewalling" in mind when originally designing the device - it's purely a practical issue. I mean, if someone says to a NAT "here's this piece of information" - to who which of the four connected computers should the NAT send it? By default, the NAT will give up and just drop the sorry packet. This means that when you're behind a NAT, you're protected from a whole class of Internet attacks. This realization further drove adoption.

    Companies with low IT budgets realized that they wouldn't have to buy extra IP addresses from their ISP (which often came at a premium) and that they could have simple firewalling without a complex configuration. Both companies and people could not see the inherent value in having each of their computers have an Internet-deliverable address, and there was real value (protection) to be had in NOT be addressable from the Internet.

    This, again, saved the Internet's ass. Instead of an organization of 1000 needing a class B, wasting hundreds of thousands of IPs, or even four Class Cs, this organization now only needs a single IP address to cover all of its desktops. Now instead of thinking about IP addresses as computer addresses, they have started to become network addresses, which is to say,


    • Companies with low IT budgets realized that they wouldn't have to buy extra IP addresses from their ISP (which often came at a premium) and that...

      IPv6 would remove the practice of ISPs selling
      IP address at a premium. For that alone its worth it. Would make for more grassroots servers.
      • Would make for more grassroots servers.

        But you can set up your own grassroots server now, even with NAT. At worst, if you want to set up more than one server providing the same service, you run some on non-standard ports and have your gateway/NAT box forward the connections based on port. True, then people have to remember to use the port as well - but you could set the "standard" one to list all available services.

        Alternatively, if you host each on a seperate domain name, you could set up some sort of c
      • "IPv6 would remove the practice of ISPs selling
        IP address at a premium. For that alone its worth it. Would make for more grassroots servers."

        Or they could just keep selling IPs at premium and make even MORE money.

        You have to think like a corporation, not like a hopeful user.
    • I absolutely despise having to deal with crap that NAT introduces. I currently have my nat box forward all ports not defined to my main machine. For some reason, the forwarding breaks some stuff. Like prissy file transfers brokered by the various im networks. The other three boxes are essentially screwed. No incoming connections means no file transfers, no ddc (for irc). The outbound triggered dynamic port mapping doesn't help much if all of the boxes want to be connected to the same irc server, for examp
    • at least the way things are running now, most ISPs I've encountered use public address space. It's the consumer's choice to use NAT; if they want to be the next google no one is stopping them, they just need to avoid buying a router. Alright, they might have to call their cable company and get some ports opened -- but that's about it.

      That's not to say it'll stay this way, or that I think NAT is a great thing, but as it stands NAT is optional for most people.

      I for one would love to have public addresses

  • by lildogie (54998) on Tuesday November 04, 2003 @11:59AM (#7386837)
    IPv6 also provides security infrastructure.

    Imagine a world where you can trust the "from" IP address in a packet.
  • Different Problems? (Score:5, Interesting)

    by Richard_at_work (517087) * <richardprice AT gmail DOT com> on Tuesday November 04, 2003 @11:59AM (#7386838)
    I thought the current issue with IPv4 was not the limited number of ip addresses, but the increased routing tables brought on by classless routing? These days, the central routers on the Internet have routing tables which are huge, which must cost someone somewhere to upgrade them.

    IPv6 was supposed to deal with this issue as much as it dealt with the number of ip addresses available, in that it would revert back to a semi class based routing set, with ISPs being assigned a range of addresses.

    Thats how I understood it when I asked anyhow.
    • by leerpm (570963)
      Yes, the size of the routing tables is one more reason for the upgrade to IPv6. But there are a few problems with IPv6 that still need to be worked out before we can say for sure that the routing tables are going to get much smaller. The biggest one so far is the issue of multi-homing (having more than one provider to your network). No one solution has come forward that isn't without some significant disadvantages over the current way it is done in IPv4.
  • "Uncertainties" (Score:3, Insightful)

    by Andorion (526481) on Tuesday November 04, 2003 @12:00PM (#7386842)
    The entire second article is null and void for this reason, quoted from the article:

    Of course such projections are based on the underlying assumption that tomorrow will be much like today, and the visible changes that have occurred in the past will smoothly translate to continued change in the future. There are some obvious weaknesses in this assumption, and many events could disrupt this prediction.

    The argument that we're going to run out of space is based on the assumption that in the (near) future MANY MANY household appliances and objects which don't currently have anything to do with the internet are going to become attached to it.

    ~Berj
    • I *really* can't see an RIR agreeing to assign the huge numbers of IPs that would be required to give each Internet enabled household appliance or phone a DHCP address for the duration of the connection, let alone a static IP, when NAT is a viable option.

      I think we are much more likely to see the first widescale commercial IPv6 deployments in the fields of VoIP, mobile Internet devices and household devices, communicating via a gateway to the IPv4 Internet. Hopefully this will then provide the catalyst n

      • Hrrm... you don't think large corporations or even our government would see any benefit in having a static ID associated with not only every appliance, but with every household?

        ~Berj
        • Re:"Uncertainties" (Score:3, Insightful)

          by Zocalo (252965)
          I think you misunderstand me. Sure, I can see the "benefits" to a Big Brother entity of having static IPs everywhere, but that wasn't my point. Having dealt with RIPE it's already impossible to get a /24 for 200 workstations because of NAT. Imagine what the reaction would be if A.N.Other Telco asked for a /8 for its 3G network. I suspect the laughter from RIPE's offices in Amsterdam would be heard right across Europe.

          Mobile Internet and Internet appliances are largely a green field technology; what be

  • One thing that has helped the Internet grow is a perception of privacy and anonymity. Just look at how people are worried about cookies.

    Whatever it's other advantages, IPv6 will greatly reduce privacy. One partion of the 128 bit source will be your MAC, there for all to see and log.

    Dialup and DHCP give some piercable measure of anonymity. Somebody has to approach your ISP and get the logs manually.

  • by dcs (42578)
    Well, it certainly doesn't look like a myth to me, who have been involved in the process of acquiring a range of IP addresses.
  • NAT sucks. I want to be able to reach any computer on my LAN from the outside by its own IP address. So I hope IPv6 is implemented sooner rather than later.

    But of course that won't come out of the US. The US has 70% of the IP addresses, there won't be a shortage there any time soon. Asia doesn't really have another option though. This will soon be yet another area in which the US lags behind the world.

    • It does suck and it's pushing the technology in a strange direction.

      If you want to get access to inside your LAN and you don't have some official VPN client, etc., you have to set up your internal machine to actively poke out on ports 80 or 443 to some relay point for "further instructions" on how to establish a VPN. That's assuming the relay point is writable.

      As others have noted, the "protections" and IP multiplication benefits of NAT have had a side effect of choking information flow and flexibility.

  • I thought IPv6 was supposed to help with the large internet routing tables and help deal with some security issues. Its been awhile since I read up on this since I deal so much in IPv4 that it just hasn't been necassary for me to readup on v6 in awhile. Hmmm... Perhaps thats why we aren't going to upgrade, we're all too busy dealing with v4....
  • for IPv6

    Necessity is the mother of invention, and we don't need it.
  • no seriously, if Walmart and the DoD make an effort it'll happen. (its a joke laugh) Whats more likely is that China or some other country with a highly centralized internet setup will be the first to push IPv6 all the way. Its already been done on smaller scales, so maybe someone can explain where the costs are in pushing it worldwide (besides anything hardware related)?
    • It is already happening. Asia and Europe are miles ahead of North America in terms of IPv6 deployment. This is just another area (like mobile/wireless) where the US and Canada are going to fall behind the rest of the world because the suits don't have the foresight to look any more into the future than next quarter's results.

      ps. I am Canadian
  • That when IPV6 goes official that the gorverning body would consider handing out a block (maybe 256 addys) to every person. These are assigned permanently and can then be your phone number, personal webspace, permanent email address, etc. I think this would be really nice,

    Anyone care to comment on their perceived pros and cons to this idea?
    • Probably none since IPv6 allocations don't work that way, plus can you imagine having a routing table with over six *billion* entries? You can however do some nice tricks with DNS to achieve a similar result; essentially you split the DNS record into two halves, one being the ISP and the other being your "private" address. If you have multiple ISPs then the private address can remain the same while you update the ISP part as required. It was intended as an enhancement to the DNS round-robin loadsharing t
    • Anyone care to comment on their perceived pros and cons to this idea?

      Why would I need an IP tied to my webspace, anyway? Most people don't care enough to justify it, and it's more complicated than just running some shared servers with blogs, etc.

  • If ipv4 isn't broke, then there's no need to fix it with ipv6: instead, the time is used to allow ipv6 killer apps (your fridge telling your tv that you need more milk) to further mature. Like BBSes and JaNET had Internet gateways, there'll eventually be gateways between ipv4 and ipv6 Internets, and it'll suddenly be with us as if it always had been.

    About then we should be discussing whether housebricks should have IP addresses to report being dug through, or whether being able to detect movement means it
  • Can't have a 1 to 1 mapping of all domain names to unique ip's.

    Imagine a world where everyone did have a homepage on a unique machine w/ no redirecting depending on the ip or hostname or other network tricks.

    Nat will never solve that. It'd solve really silly things like, tracking who connects to what and how. And we wouldn't have silly kludges of solutions, like HTTP 1.1's Host: thing.

    Put up a new website? Just give it another ip! And do an ip mask in apache.
  • by sdxxx (471771) on Tuesday November 04, 2003 @12:13PM (#7386990)
    IPv6 will eventually be adopted, because the way IPv4 addresses are allocated, many regions of the world *do* have a shortage of addresses. In particular, Asia has a serious shortage of IPv4 addresses. In fact, I know of people who run IPv6-only machines in Japan (because there are 6to4 addresses that allow you to reach IPv4 servers with approximately the same functionality as NAT).

    Moreover, as people deploy new infrastructure, they may be forced to use IPv6. For example, at some point every cell phone is going to have a routable IP address--and that is definitely going to require IPv6.

    So while North American desktop machines are unlikely to be switched to IPv6 any time soon, it will happen in other parts of the world and for other types of hardware.
  • imho (Score:2, Funny)

    it's a race between IPv6 and *NIX running out of timestamp room in an int... only 3227004721 seconds to go!
  • 04 (Score:3, Funny)

    by Malicious (567158) on Tuesday November 04, 2003 @12:17PM (#7387024)
    While we're at it, we should switch to a 5 digit date for the year. Because you know it's going to be Y2k all over again in the year 9999.
  • by mnmn (145599) on Tuesday November 04, 2003 @12:19PM (#7387042) Homepage
    At a certain point in the middle of the last decade, everyone thought they would run out of IP addresses. Work was then put into routers and firewalls to bring to the masses the CIDR and NAT to stem the tide. Now on cisco routers you can do fancy port forwarding to use several servers behind one IP. All this work however could have been replaced by investing in ipv6. The fact that ipv6 is not being implemented means investment is being put into a scheme in which people will eventually run out of IP addresses, while there is a complete alternative available.

    The single biggest damaging factor of ipv4 is the fact that you cant really run servers behind it. There are already ISPs in many countries that provide service from behind a NAT firewall. This kills many people's freedom of speech and the spirit of the Internet where everyone had their own servers and ran whatever they wanted.

    The second damaging factor of the ipv4 is the control that IANA has. Both ICANN and IANA have been used politically and now we have many American ISPs churning out 4 IPs per person and 64 IPs per company, mostly going to waste while ISPs in some countrys like Pakistan's PakNET have 100,000 customers behind one IP none of whom can run their own servers.

    ipv6 can fix all these problems in one fell swoop, simplify routing enormously and introduce IPSec and other security technologies.
  • It has been suggested that Asia will experience an IPv4 address shortage before other regions. This is simply not true. This is because addresses are distributed in a co-ordinated fashion from a single global pool, and there is no system whereby that pool is exclusively divided among, or pre-allocated to, different countries or regions. Through the current system of address administration, IP addresses are allocated according to immediate need wherever that need is demonstrated and it is simply not possibl
  • I think that moving to IPv6 is really going in the wrong direction. Sure, it would be great to have an IP address available for every molecule in the universe, but the side-effect of addresses like fec0:02::0060:1dff:ff1e:26ee is not worth it. It's hard enough to remember a dozen IPv4 addresses, their associated subnet masks, and various DNS servers, gateways, etc. The answer is efficient use of the space we have. It used to be easy to get addresses; a school district I used to work for probably had 300
  • by cperciva (102828) on Tuesday November 04, 2003 @12:21PM (#7387068) Homepage
    Lies, damn lies, and statistics.

    The author is looking at the rate of IPv4 address allocation, and extrapolating future growth based on the current rate. This is a severely flawed methodology, because it does not take into account efficiency of utilization.

    Ten years ago, as the author notes, most networks used around 1% of their allocated IP addresses. Now, networks are expected to use over 50% of their addresses before they can receive a larger allocation. As a result, while the number of *allocated* addresses has not been growing rapidly, the number of *used* addresses certainly has.

    Unfortunately, utilization efficiency is bounded -- it's hard to use more than 100% of your allocated IP addresses. As a result, the rate at which IP addresses are allocated is likely to take a sharp turn upwards, as organizations which until now have been making efficiency improvements, find that they really do need a larger address allocation.
  • NAT (Score:4, Insightful)

    by Alomex (148003) on Tuesday November 04, 2003 @12:25PM (#7387104) Homepage
    I saw an academic paper late last year stating that NAT's and finer subnetting had resulted in a reduction of nearly 30% of allocated IP addresses. That is the first time I saw the "IP shortage no longer a realistic possibility" argument.

    To be clear IP shortave wasn't a myth. There was a time where even conservative projections were pointing towards a dearth of IPs. A solution needed to be implemented. IPv6 was one option, NATs and subnetting was another. The market seems to have chosen this last .
    • Re:NAT (Score:2, Insightful)

      by Uhlek (71945)
      The market chose NAT because it was the only technically feasible solution that could be implemented in the short term and still ensure interoperability with the rest of the Internet.

      The fact remains that NAT is a kludge of a solution. We here in the US see NAT like you see in Linksys routers. There are many implementations of NAT that have hundreds -- sometimes thousands -- of users hiding behind various layers of NAT. It's an administrative nightmare to say the least and is not a permanent solution to
  • This should be a myth because not all machines need too have a global IP. In part, I think this is part of the reason worms and virii are rampant nowadays since there are way more computers with global IPs than ever before. And the users don't have the experience of maintaining the machines.

    I like the idea of a good NAT firewall with private addresses inside. This way you only use 1 IP on the outside.

  • This myth made my ISP decide that they could no longer charge for extra ip's handed out to customers, they said they just didn't have enough. This was the only way that you were allowed to use more than one machine on the cablemodem. Now they've finally allowed using NAT ... don't wake 'm up :)
  • hostip.info (Score:3, Informative)

    by Space cowboy (13680) on Tuesday November 04, 2003 @12:35PM (#7387201) Journal
    Whereas this isn't really related, I've just put up a resource for geolocation of IP's to country/city. It'd be cool if some slashdotters were to type in/select their city - only takes 10 seconds :-)

    The url is hostip.info [hostip.info]. The idea is to provide a free geolocation service that you can download the DB from. All the other ones I've found are either pay-for, limited in what you can do, or only to country-resolution. At the moment, this is just to country-resolution as well, but who knows how far it'll go :-)

    Simon.
  • I was working at an ISP when my favorite customer asked me, "I need 12 Class C networks for all of my virtual hosts". A few months back, he had purchased a load balancer (Alteon) that could load-balance web servers and provide a public address to the Internet for the cluster. No one would have any reason to access each individual virtual IP address on the web servers themselves, so I pulled a few address blocks out of my pocket:
    172.16.0.0
    172.16.1.0
    172.16.2.0 ...etc...

    I later explained to him tha
  • Back in june, their IP6 plans were big news.

    http://slashdot.org/article.pl?sid=03/10/22/1755 25 8&mode=thread&tid=103&tid=126&tid=95&tid=9 9

    Given their size, this will get IP6 into many parts of the USA.
  • Most ISPs are making good $ charging out the ass for multiple IPs.

    Comcast wants something like 20 bucks extra a month for each extra IP. Folks who don't understand firewalls and routers and NATs think they need one for their Xbox, PS2, laptop, etc.. Of course, they can only claim they need to charge because of the shortage within the IPv4 addressing space.

    IPv6 makes this means of income obsolete. We all know that phone, cable, and media companies absolutely HATE when an improved technology comes along
  • by UpLock (640192) on Tuesday November 04, 2003 @12:56PM (#7387339)
    When the Bell system was broken up, the phone system's allocation scheme for area codes and prefix blocks was disrupted. Phone service providers were issued blocks of 10,000 phone numbers with a given prefix, from which they allocated local customers. There was no method for reclaiming unused portions of blocks from independent phone companies. So long as one number from a block remained in use, that prefix block could not be reallocated. THAT is why we suddenly needed new area codes--not because we had run out of unused phone numbers. At the time the new area codes were issued, the actual in service phone numbers comprised less than 50% of the available pool.
  • by riflemann (190895) <riflemann@bb.cactiCOUGARi.net minus cat> on Tuesday November 04, 2003 @01:20PM (#7387552)
    A lot of the reason why IPv4 won't run out is due to the fact that it's so hard to get any space. With extremely strict assignment rules, of course it will be a while before they are all used up.

    Unfortunately, this just means that the ugly hack known as NAT will continue to be used, breaking many applications and protocols, not to mention external reachability of many devices. If there was reachability to all devices, the net would be a lot more useful for controlling embedded devices, but then we'd quickly use up a lot of space more quickly.

    Address space is only a part of the reason to move to IPv6. There are plenty of other features which should be reason enough to move over:

    - Auto address configuration
    - No more LAN renumbering/resizing games
    - Built in tunnelling functions for portable devices
    - Simpler address hierarchy
    - Address renumbering is much simpler, and will soon be do-able automatically
    - Standardised IPSec functionality in all devices

    IPv4 will not run out with the current allocation guidelines - but it will continue to have incredibly restricted functionality due to NAT.
  • by Morth (322218) on Tuesday November 04, 2003 @01:31PM (#7387686)
    Well at least I have. I want to run https/ftps on several of my subdomains, but I only have one ip. I can only use https with one hostname per ip.

    That's just one example. Another is sending a file or playing a game or whatever between two computer each behind a different NAT. You have to do ugly port forwarding rules that might be more or less huge ranges. People have to learn how tcp/ip works on a level completely unnecessary unless you're a techie. And god forbid you want to run two public game servers behind the same nat (many games don't let you specify port to connect to).

    NAT is a necessity, not a feature. Things would be so much easier if it wasn't needed.
  • by mabu (178417) * on Tuesday November 04, 2003 @03:31PM (#7389074)
    I am not in favor of IPv6 being rolled out. I think at the present time, it will amplify all the existing problems we have yet to solve.

    I can appreciate the improved security and anti-spoofing provisions but the cons outweigh the pros. Most of what people are expecting to see with IPv6 will likely not be available to them. It's unlikely that broadband ISPs will give their customers more address space in order to avoid using NAT.

    NATs and VPNs serve very valuable uses within a safe and secure-computing model. If more address space means less people will be using VPNs, that's a bad thing. It will result in more vulnerability of more machines and more headaches for everyone.

    We also have the spamming/DOS issue, which is completely out of hand. There are measures that could be taken with the existing system which would dramatically reduce these problems. Moving to IPv6 will only make things worse until we adopt more regulation of the existing network systems.

    Nowhere is this more obvious than in the area of RBLs. A move to IPv6 would largely wipe out all smtp-based anti-spam blacklisting.

  • by Merk (25521) on Tuesday November 04, 2003 @04:53PM (#7389907) Homepage

    You know the one. It says that "We don't nee IPV6 because we have NAT". It's the same kind of thinking that says that The Internet == The Web. Just because NAT solves a certain subclass of problems that are more naturally solved by extra addresses, doesn't mean that there is no need for IPV6 because there's NAT.

    NAT works great for things like the web, which are initiated behind the NAT machine, and don't make any connections back through the NAT machine. But The Web != The Internet. Even FTP has problems with NAT, but at least those problems are well understood by now. When the original connection is made from the outside world, trying to contact something behind the NAT box, that's when problems start.

    Some people see this difficulty in reaching the machines behind the NAT box as security. It isn't. If you have no other forms of security, it helps a little bit, but it's more like a side effect. Saying that this is security is like saying that a rusty lock is more secure than a new one because it is harder to get the key into it. A stopped analog clock isn't right twice a day, it just appears to be right twice a day, but that doesn't mean it is ever working.

    If a NAT machine were replaced with a simple firewall machine with a closed-down firewall, you'd have the exact same kind of security. No packets get routed to the machines on the other side of the firewall unless the rules permit it. The only difference is that it avoids a lot of hacks. Rather than having to do "ssh -p 10322 mynatbox.mydomain.com" and having to remember that 10322 corresponds to your mail server, you can simply say "ssh mailserver.mydomain.com"

    Doing away with NAT also makes true peer-to-peer networking possible. Currently it doesn't work, you need some kind of a server because you can't initiate connections from the outside world to the NATted boxes. P2P doesn't just mean swapping songs, but also networked gaming.

    This is all just about routable addresses so far, but IPV6 is so much more than that. There are features of IPV6 like security that IPV4 simply doesn't offer.

    So remember kids, The Web != The Internet, and NAT != IPV6, nor can NAT do everything you can do with routable addresses.

  • by njdj (458173) on Tuesday November 04, 2003 @05:30PM (#7390308)
    The article is rubbish for several reasons.

    Even on its own terms, it predicts we run out of IPv4 addresses in about 20 years. That seems like the age of the universe to the 20-something kid who wrote the article. To those of us with a little more experience, it is not a long time at all to do something as major as converting the Internet to a different addressing scheme.

    But the basic assumption of the article, that the present situation is OK and the only reason to migrate is to avoid it worsening, is wrong. In many countries, the IPv4 address shortage is very severe today, not in 20 years from now. IP addresses are expensive in the countries where most people live.

    Finally, NAT is not a solution, it's a workaround. Many peer-to-peer applications simply do not work behind a NAT. Sure it lets machines surf the web, send email, and use clients like ftp, telnet, and ssh, but the Internet is much more than a handful of client/server apps. NAT is strangling it.
  • by Herbmaster (1486) on Tuesday November 04, 2003 @05:55PM (#7390516)
    I am a more-or-less typical internet user. I have a cable modem from RCN for my household which happens to have 4-6 computers. Of course, right now I am using NAT. This is an incredibly lame solution for a number of reasons which have been discussed exhaustively here already.
    RCN provides me with a connection, X bandwidth, and 1 IP.
    My incremental cost of more IPs on the same connection and bandwidth is prohibitively high. (I would consider a penny or two per month per IP to be "reasonable" since each IP should have trivial overhead for the ISP)

    Ergo, we are out of IPs already.
  • DJB Said It Best (Score:3, Insightful)

    by scosol (127202) on Tuesday November 04, 2003 @07:50PM (#7391349) Homepage
    The *only* (and fatal) flaw with IPv6 is lack of backward-compatibility.

    And it's never, ever going to work without it...

    http://cr.yp.to/djbdns/ipv6mess.html [cr.yp.to]

    (and he really does have the best host/domain/tld combo in existence)

The IQ of the group is the lowest IQ of a member of the group divided by the number of people in the group.

Working...