Dispelling the IPv4 Address Shortage Myth 505
Zocalo writes "While looking up some WHOIS information at RIPE just now I noticed a couple of articles about the IPv4 address space allocation status. IPv4 Address Space: October 2003 is a short summary by RIPE themselves, and IPv4 - How long have we got? is from July 2003, but has lots more detail and pretty graphs!
In short, the "Death of the Internet" due to lack of IP space is a myth, which doesn't bode well for getting IPv6 rolled out any time soon."
just remember (Score:2, Informative)
Re:If it isn't broken... (Score:4, Informative)
Re:IPv6 = loss of privacy (Score:1, Informative)
Even with static addresses, ISP logs would still be necessary to see who owns them. You might be able to find out some other way, like if you have logs of them logging into a web site with a username or email address - but this works for dynamic addresses too.
Re:Good articles (Score:5, Informative)
There is more to IPv6 than a larger address space. The address space issue is just what is commonly pushed, since it's something that's easily grasped even by non-techies.
The true benefits of IPv6 are things like; improved routing, multicasting scope, greater flexibility in what packets contain, flow labeling, privacy and authentication.
Especially flow labeling will be important if the net is going to be a source of media. Streams could get a higher priority, so low latency and glitch free audio and video can be possible. Makes me wonder if this couldn't be abused though.
Re:Good articles (Score:4, Informative)
hostip.info (Score:3, Informative)
The url is hostip.info [hostip.info]. The idea is to provide a free geolocation service that you can download the DB from. All the other ones I've found are either pay-for, limited in what you can do, or only to country-resolution. At the moment, this is just to country-resolution as well, but who knows how far it'll go
Simon.
Re:Good articles (Score:2, Informative)
I quote
it has been suggested that Asia will experience an IPv4 address shortage before other regions. This is simply not true.
Couterexamples (Score:4, Informative)
Not at all.
Just because you have an assigned network doesn't mean that that network (or all parts of that network) has to be connected. You could even NAT an assigned address behind a firewall if you wanted, and never put out any routing information. It would be just as secure as a non-assigned address, but very convenient in many situations.
For example, I'm setting up an ad hoc VPN right now between several companies collaborating on a project. Naturally, we are not giving access to each others LANs, but separate segments. Howver, we can't ignore the unassigned addresss used by the other partners. If he uses 192.168.100.0/24 for his LAN, I can't use it for my VLAN segment.
Another example is when companies merge. They could just plug their LANs in and know everythign would work.
Shortage of area codes teaches a lesson (Score:3, Informative)
Re:Good articles (Score:5, Informative)
No. The questions of whether computers on a LAN have their own IP addresses and whether they are firewalled by a dedicated box are independent. Even if each machine has an IP address by which it is publically addressable, you can still have a system which protects it by blocking known-dangerous ports.
The advantage of a situation like that, for instance, would be that you could have the firewall block file-sharing/RPC ports, while still allowing port 80 inbound so the individual machines can run webservers. With a NAT, only one local system could have a webserver, and you'd have to configure which one got it on the firewall.
Re:Good articles (Score:3, Informative)
That argument makes no sense.
1. The parent poster clearly DOES want to have more public IP addresses. So do I.
2. Do you block all outbound connections from your NAT'd machines? That's the only way you could be more secure than blocking all inbound connections using a firewall.
3. If you want to keep NATing, go for it. IPv6 ain't gonna stop you.
Re:IPv6 = loss of privacy (Score:3, Informative)
Re:Good articles (Score:3, Informative)
Re:Good articles (Score:4, Informative)
Re:04 (Score:2, Informative)
from [deepsky.com]
64-bit UNIX time would be safe for the indefinite future, as this variable won't overflow until 2**63 or 9,223,372,036,854,775,808 (over nine quintillion) seconds after the beginning of the UNIX epoch - corresponding to GMT 15:30:08, Sunday, December 4, 292,277,026,596 C.E. This is a rather artificial and arbitrary date, considering that it is several times the average lifespan of a sun like our solar system's, the very same celestial body by which we measure time. The sun is estimated at present to be about four and a half billion years old, and it may last another five billion years before running out of hydrogen and turning into a white dwarf star.
Do you work at MIT? (Score:2, Informative)
From the article: The IANA policies for allocation of IPv4 address blocks to the RIRs are applied fairly and are based purely on the documented need for address space.
Europe has far fewer IP addresses than North American organizations, which have been assigned 74% of all current IPv4 addresses.
Both Stanford and MIT have more IP addresses than all of China.
Re:Grab em! (Score:3, Informative)
This point was somewhat unclear in the article. He mentions how assignment has moved away from the class licenses, but as far as I know, HP anyway, still maintains control over all of the 15 and 16 addresses. I believe something like 1/4 of the total address space was allocated to companies and organizations (DARPA, etc) initially. Though this may have changed in the last year or two, if so please feel free to correct me.
Re:Good articles (Score:1, Informative)
Until the Internet supports some sort of network service contract negotiation (with end users, yes, but more importantly between various ISPs), you can't really have classes of service. Without differential pricing, there's no reason for anyone to specify anything but the best service available for their traffic.
Re:just remember (Score:5, Informative)
But, for those that don't know, the CCNA book says:
Class A 0.0.0.0 to 127.255.255.255
Class B 128.0.0.0 to 191.255.255.255
Class C 192.0.0.0 to 223.255.255.255
Class D 224.0.0.0 to 239.255.255.255
Class E 240.0.0.0 to 255.255.255.255
Class D are multi-cast, which I don't believe very many people use..
Class E are "Scientific Purposes" or "Research".
I was running a little personal project a while back, to try to find logical distances from various points (places I had access to machines) to other places, and try to map them, to determine if there were more advantagous places to put servers, or redirect customers on particular networks to particular servers.
A whole bunch of those first
Of course, if I was the network god of 3.0.0.0/8 (General Electric), and I was only using say 100,000 IP's, they'd be hard pressed to make me give up any part of that, especially in knowing that they've had that block since the first days of the Internet. Whois says they registered 3.0.0.0/8 in 1988. I definately wouldn't want to be the admin that had to change 50,000 IP's.
I guess it does help with the old estimates, that people are using NAT more frequently. The stories I heard years ago said we would have run out long before Y2k, but since people run NAT's at home and many offices. Nextel has assigned IP's to every phone (ahhh, the wonders of the Internet), but they're all 10.0.0.0/8
For example, on my phone, I select
Menu -> More -> My Info -> Carrier IP
And it shows me 10.154.85.xxx
Using a Nextel im1100, I also get assigned an IP in the 10.0.0.0/8 network.
For those that don't know, 10.0.0.0/8 is a private network [ohio-state.edu]. You can use it any way you'd like, but it's completely useless to you on the Internet unless there's a NAT or something between you and the rest of the Internet.
IP v6 is not in use because it is not good (Score:1, Informative)
IP v6 is not a particularly good solution. The address fields are way too wide - and when you try to layer TCP on there, the per-packet overhead is just too big.
That, plus it doesn't seem to be backwards-compatible enough. I think a solution could be engineered whereby hosts that are really on the internet (not behind a firewall) switch to whatever new scheme is supposed to be in use, and regular client machines continue to operate behind NAT's, etc. You could unify the TCP port number and the IPv4 address into some IPv7 (or whatever) unique destination/service identifier.
Considering that there are almost no uses for IP without TCP (or UDP), not unifying those two protocols is just wasteful.
Internal networks being safer... (Score:2, Informative)
It is true that public ip addresses might expose all the *nix computers running sshd, and all the windows computers running smb, but that's what a firewall is for! And one has to have a firewall equivalent (i.e., a machine that all packets must route through) anyway if he's using NAT. Most NAT boxes are firewalls, too.
The only downside to public ip addresses is that it isn't strictly necessary to have a packet filtering solution to get up and running. But only a fool would set up a corporate network w/o some sort of protection.
In short, it is actually less work to configure a simple firewall which blocks everything to public ips than it is to configure a simple NAT solution which blocks everything to private ips. And once you start forwarding ports, it's actually the NAT that's less secure, because of the single point of entry. Let's not forget as well that people often "DMZ" one of their internal machines, exposing an entire machine to the outside, which again is far worse than a public, firewalled ip.
Again, public ips w/o a firewall is an even more insecure situation, but public ips aren't less secure per se. They're less secure in the hands of a fool.
-Dan
Re:Mac OS 10.3 has IPv6 Support Built in... (Score:1, Informative)
Re:Mac OS 10.3 has IPv6 Support Built in... (Score:3, Informative)
There's a long list of important transition mechanism protocols that need to be deployed to smooth the transition to IPv6, e.g. 6to4, Teredo, NAPT, etc. And they just aren't there yet.
Another thing that has to be fixed before IPv6 will start showing up is dual-stack IPv6/IPv4 residential gateway boxes. There are specs for these things floating around, and that implies that there are people planning to build them and roll them out.
But right now, your average cable-modem system and DSL router are designed to give customers exactly one IPv4 address (and maybe not even a public realm one). Getting IPv6 deployed over the top of this infrastructure is an ongoing process. It's happening now, but it will take years. Maybe even the better part of this decade. Maybe more.
Most people reading this thread will eventually upgrade to IPv6... without knowing it. A few will upgrade only when they discover how much more they're spending on maintainance of their old IPv4 network compared to what they would have spent if they had upgraded to IPv6 earlier. The rest of you will be killing yourselves, trying to keep from upgrading to IPv6, because you all belong to some kind of sick religious cult.
--