Dispelling the IPv4 Address Shortage Myth

Zocalo writes "While looking up some WHOIS information at RIPE just now I noticed a couple of articles about the IPv4 address space allocation status. IPv4 Address Space: October 2003 is a short summary by RIPE themselves, and IPv4 - How long have we got? is from July 2003, but has lots more detail and pretty graphs! In short, the "Death of the Internet" due to lack of IP space is a myth, which doesn't bode well for getting IPv6 rolled out any time soon."

IPv6

[Anonymous Coward]

is just a tool to allow nations and corporations to "get control" of the internet (hierarchical geographic routing, anyone?), and for Cisco to sell a bunch of new equipment. It's no surprise that the majority isn't in any hurry to get on board.

~~~

So..

[pirodude]

So yeah, it'll take 20 years to exhaust the space. Let's wait until 2029 to switch to IPv6.

Or instead start switching now (after all, it'll probably take atleast 10 years to get everything switched over) and not worry about IPs until we're extinct.

IPv6 isn't just for bigger addresses

[lildogie]

IPv6 also provides security infrastructure.

Imagine a world where you can trust the "from" IP address in a packet.

"Uncertainties"

[Andorion]

The entire second article is null and void for this reason, quoted from the article:

Of course such projections are based on the underlying assumption that tomorrow will be much like today, and the visible changes that have occurred in the past will smoothly translate to continued change in the future. There are some obvious weaknesses in this assumption, and many events could disrupt this prediction.

The argument that we're going to run out of space is based on the assumption that in the (near) future MANY MANY household appliances and objects which don't currently have anything to do with the internet are going to become attached to it.

~Berj

Re:Good articles

[lemmen]

The need for IPv6 is _not_ shortage of IPv4 addresses, but you find it in the extra features in IPv6 (Build-in security, Automated addressing, etc).

Check this presentation: mms://webcast.ripe.net/ripe46/plenary-2.wmv [webcastrip...enary-2wmv]

Re:Good articles

[Branc0]

IP addresses are more and more being done using 192.* or 10.* addresses.

This is done because we have to, not because we want to. If IPv6 was a reality today i would put many machines with a public IP address that today are behind NAT.

Re:Good articles

[Anonymous Coward]

For philosophical reasons, there's some opposition to the mass NAT-ing of the Internet; it tends to break the equality between computers, creating the artificial distinction between servers and clients (just imagine all the pain you have to go through to use your favorite P2P/game/whatever behind a NAT router). IPv6 will solve that, although NAT will probably continue for other reasons.

Re:Good articles

[Mysticalfruit]

My insight is to say that your right on the mark. NAT killed IPv6. Also, now with the focus more on security, more people are seeing isolated networks with single points of IDS monitoring as solid solutions to security. Hence people put everything on a non routable blocks of IPs and put a snort NAT box at the head end.

Re:So..

[leerpm]

According to their study, yes it will take 20 years for 100% of the address space to be used up. But there was a study done (trying to find the URL right now..) saying that once we reach a critical mass of around 85% usage, it will become nearly impossible for an organization to obtain new address space. At this point, we will essentially be in a crisis-state, where no one will be able to request more space.

Re:Good articles

[Anonymous Coward]

There's not really a shortage as in "we will run out of addresses in X years". But that's because RIPE, IANA, etc. are being so stingy with IP addresses. Many people are not using NAT by choice, they are using it because they can't get a suitably-sized IP block. It's a pain in the ass - small companies with 50 computers are lucky to get 8 IP addresses. They might get another 8 if they demonstrate the need, but then they'd be advertising multiple IP blocks, bloating the internet's routing tables. And if every computer had a globally routable address, we probably would run out of them.

We won't truly need IPv6, but you could say we don't truly need the internet either. IPv6 should simplify things like address assignment and routing. It has some other benefits too, like built-in encryption (IPSEC) and multicasting.

More than just address space...

[f1ipf10p]

While NAT and CIDR made a big difference on the ability to make IPv4 address space last longer, the intrinsic use of IPSec and auto-renumbering features of IPv6 may be enough to get some moving toward it. And they are only two of the benefits.

The argument to stay on IPv4 sounds a lot like the argument to stay with SNA... We've got it, we know it, we don't know what else we need from it...

I'm ready for IPv6 when my first customer wants it. Not a day sooner, not a day later.

P.S. - LU 6.2 to IPv4 with 3172 was pre OSA. Now I can put IPv4 or IPv6 on the host.

Re:NAT firewalls a huge factor

[Tim C]

Would make for more grassroots servers.

But you can set up your own grassroots server now, even with NAT. At worst, if you want to set up more than one server providing the same service, you run some on non-standard ports and have your gateway/NAT box forward the connections based on port. True, then people have to remember to use the port as well - but you could set the "standard" one to list all available services.

Alternatively, if you host each on a seperate domain name, you could set up some sort of controller that forwarded the requests to the appropriate interal box & port transparently.

In short, the IP address restrictions are easily worked around - it's the upstream bandwidth that's the fundamental limit. My current home connection is 256Kbps upstream, and nothing I do can change that. That limits music streaming, for example, to one stream, without dropping quality to an imho unacceptably low level.

IPv6 more necessary than thought

[mnmn]

At a certain point in the middle of the last decade, everyone thought they would run out of IP addresses. Work was then put into routers and firewalls to bring to the masses the CIDR and NAT to stem the tide. Now on cisco routers you can do fancy port forwarding to use several servers behind one IP. All this work however could have been replaced by investing in ipv6. The fact that ipv6 is not being implemented means investment is being put into a scheme in which people will eventually run out of IP addresses, while there is a complete alternative available.

The single biggest damaging factor of ipv4 is the fact that you cant really run servers behind it. There are already ISPs in many countries that provide service from behind a NAT firewall. This kills many people's freedom of speech and the spirit of the Internet where everyone had their own servers and ran whatever they wanted.

The second damaging factor of the ipv4 is the control that IANA has. Both ICANN and IANA have been used politically and now we have many American ISPs churning out 4 IPs per person and 64 IPs per company, mostly going to waste while ISPs in some countrys like Pakistan's PakNET have 100,000 customers behind one IP none of whom can run their own servers.

ipv6 can fix all these problems in one fell swoop, simplify routing enormously and introduce IPSec and other security technologies.

Re:NAT firewalls a huge factor

[Vargasan]

"IPv6 would remove the practice of ISPs selling
IP address at a premium. For that alone its worth it. Would make for more grassroots servers."

Or they could just keep selling IPs at premium and make even MORE money.

You have to think like a corporation, not like a hopeful user.

Usage vs. allocations

[cperciva]

Lies, damn lies, and statistics.

The author is looking at the rate of IPv4 address allocation, and extrapolating future growth based on the current rate. This is a severely flawed methodology, because it does not take into account efficiency of utilization.

Ten years ago, as the author notes, most networks used around 1% of their allocated IP addresses. Now, networks are expected to use over 50% of their addresses before they can receive a larger allocation. As a result, while the number of *allocated* addresses has not been growing rapidly, the number of *used* addresses certainly has.

Unfortunately, utilization efficiency is bounded -- it's hard to use more than 100% of your allocated IP addresses. As a result, the rate at which IP addresses are allocated is likely to take a sharp turn upwards, as organizations which until now have been making efficiency improvements, find that they really do need a larger address allocation.

NAT

[Alomex]

I saw an academic paper late last year stating that NAT's and finer subnetting had resulted in a reduction of nearly 30% of allocated IP addresses. That is the first time I saw the "IP shortage no longer a realistic possibility" argument.

To be clear IP shortave wasn't a myth. There was a time where even conservative projections were pointing towards a dearth of IPs. A solution needed to be implemented. IPv6 was one option, NATs and subnetting was another. The market seems to have chosen this last .

No need for global IPs

[bigjnsa500]

This should be a myth because not all machines need too have a global IP. In part, I think this is part of the reason worms and virii are rampant nowadays since there are way more computers with global IPs than ever before. And the users don't have the experience of maintaining the machines.

I like the idea of a good NAT firewall with private addresses inside. This way you only use 1 IP on the outside.

Re:NAT firewalls a huge factor

[pueywei]

I absolutely despise having to deal with crap that NAT introduces. I currently have my nat box forward all ports not defined to my main machine. For some reason, the forwarding breaks some stuff. Like prissy file transfers brokered by the various im networks. The other three boxes are essentially screwed. No incoming connections means no file transfers, no ddc (for irc). The outbound triggered dynamic port mapping doesn't help much if all of the boxes want to be connected to the same irc server, for example. I want IPv6 now!

Re:NAT

[Uhlek]

The market chose NAT because it was the only technically feasible solution that could be implemented in the short term and still ensure interoperability with the rest of the Internet.

The fact remains that NAT is a kludge of a solution. We here in the US see NAT like you see in Linksys routers. There are many implementations of NAT that have hundreds -- sometimes thousands -- of users hiding behind various layers of NAT. It's an administrative nightmare to say the least and is not a permanent solution to the problem.

All NAT has done is stave off the immediacy of the problem. Unfortuantely, no one will want to spend the money to fix the problem until it's too late -- just like the Y2K bug.

Ah, well, more money for network engineers like me. Woohoo.

Re:"Uncertainties"

[Zocalo]

I think you misunderstand me. Sure, I can see the "benefits" to a Big Brother entity of having static IPs everywhere, but that wasn't my point. Having dealt with RIPE it's already impossible to get a /24 for 200 workstations because of NAT. Imagine what the reaction would be if A.N.Other Telco asked for a /8 for its 3G network. I suspect the laughter from RIPE's offices in Amsterdam would be heard right across Europe.

Mobile Internet and Internet appliances are largely a green field technology; what better place to start a widescale deployment of IPv6. I personally don't give a damn about the billions of IP addresses that I personally can have, I want the enhanced security features! And yes, I am aware that would entail a static IP and so on with all the Big Brother issues you allude to.

Why the status quo will stay as is

[stratjakt]

Most ISPs are making good $ charging out the ass for multiple IPs.

Comcast wants something like 20 bucks extra a month for each extra IP. Folks who don't understand firewalls and routers and NATs think they need one for their Xbox, PS2, laptop, etc.. Of course, they can only claim they need to charge because of the shortage within the IPv4 addressing space.

IPv6 makes this means of income obsolete. We all know that phone, cable, and media companies absolutely HATE when an improved technology comes along and makes their business model null and void.

IPv4 is here to stay for a long while.

Re:IPv6

[-brazil-]

is just a tool to allow nations and corporations to "get control" of the internet (hierarchical geographic routing, anyone?)

And this is different from the current situation with IPV4 HOW??

IPv4 Vs. IPv6

[blankinthefill]

The problem with IPv4 does not seem to be the lack of address space, but that will be a telling factor when/if a switch is made.
The major problems are, as has been mentioned, its inefficiencies and its current state. Currently the IPv4 standard is a cobbled together mess. VLSMs and NATing are late additions to the game, and are merely attempts to save an old and dying hulk. The fact remains that no matter what we add to IPv4, it will always be inefficient. In IPv6, most of these methods are inherent and relatively efficient. The mere fact that they are inherent as opposed to added on makes the standard a better one than IPv4 will ever be. Heck, IPv6 even has features that IPv4 doesn't (And probably won't).
Address space, though, will play a significant part. The graphs and projections are all well and good, but I don't believe they take into account many of the factors involved. As broadband and DSL become more popular and more implemented, it is going to increase the demand for static addresses. Even though there are bad points to having a static address, there are also good points. People will want to have their own address for everything from their cell phones to their home LANs to whatever you can think of. The rush of in the early 90's is nothing compared to what's coming. We have to account for the further IPzation of all products in life, from cars to houses to coffeemakers to refrigerators. Home networks are on the spread. All these things are going to make people want more addresses, addresses that IPv4 can't provide, and even if it could, it would be inefficient, time-consuming, and slower than any thing that IPv6 would provide. This will drive a move away from IPv4. As youngsters become more and more used to the changing faces of tech, they will become more educated in its use as well. This will mean that today's techies will be tomorrow's average citizen. I, personally, don't know of any geek, techie, nerd, whatever you want to call it, who likes using a system that is old, broken, and inefficient to boot! Maybe you do, but I doubt it. These tech savvy youngsters, coupled with increasingly knowledgeable management (hey, it could happen!) would only increase the drive away from IPv4.
And finally, I think that the authors forgot to take in to account the fact that most growth in certain fields happens exponentially. Most of the technologies that will drive a move away from IPv4 are new, or not old enough to be established. As soon as they age just a bit, and the bad ones are weeded out, the growth in those fields will rise by leaps and bounds. We have seen it with television, radio, cell phones, and most especially computers. To predict an almost linear line of growth is approaching on the naive! Like I said, growth states slow and rapidly increases after it reaches critical mass.
With all that said, may IPv4 rest in peace. Long live IPv6!

Food analogy

[Matthias Wiesmann]

As usual, the problem is not that there are not enought ressources, but that they are not well distributed. There is plenty of food on this planet, yet people are still starving. There are plenty of free IP addresses indeed.

• Do I have my own IP address? No.
• Do I have my own subnet? No.
• Can I get them for a reasonable price? No

So please stop telling me there is no problem. I thought the basic premise of capitalism was that a resource that is plentiful should be available for a low price?

Saying that NAT solves the problem is shortsighted. You can put many clients behind a NAT, setting up many servers is more difficult. Sooner or later, each portable phone will have an IP stack, and thus will need an address. As long as those phones are clients, NAT will do the trick, but sooner or later somebody will want to build an application where each phone is a server...

Using NAT is the same kind of kludge than using offsets for 16 bits pointers in the 8086 instead of 32 bits pointers it worked for some time, but ultimately it was not the solution.

I'm not saying I have a god given right for an IP address, but that for certain application, peer-to-peer, it will help. I will not be surprised when china or Japan has the next killer app that runs on portable phones, or lots of small computers and basically was possible because the region adopted IP6. When this happens, the same guys who are now saying the IP6 is irrelevant will bemoan the fact that this opportunity was neglected by politics.

You might argue that the problem is not the address space, but the organisation distributing them - as with food, this is true (but I did not hear Bush saying that Montesanto should stop doing better crop and improve food distribution in the world). In the end, this is a political problem - in general it is easier to solve technical problems.

"Fairly Recently?"

[mveloso]

Fairly recently as compared to when? I remember using ftp behind NAT years ago, back in the mid-90s...and boy does that sound strange.

Anyhow, the stuff now works and is stable (and has for years), so there's no reason to whine about stability, etc. If your software doesn't work behind NAT, it's because they hired an inexperienced network guy to write the code.

Why not complain about something else, like the crappy X server stuff?

IPv4 won't run out for a while because..

[riflemann]

A lot of the reason why IPv4 won't run out is due to the fact that it's so hard to get any space. With extremely strict assignment rules, of course it will be a while before they are all used up.

Unfortunately, this just means that the ugly hack known as NAT will continue to be used, breaking many applications and protocols, not to mention external reachability of many devices. If there was reachability to all devices, the net would be a lot more useful for controlling embedded devices, but then we'd quickly use up a lot of space more quickly.

Address space is only a part of the reason to move to IPv6. There are plenty of other features which should be reason enough to move over:

- Auto address configuration
- No more LAN renumbering/resizing games
- Built in tunnelling functions for portable devices
- Simpler address hierarchy
- Address renumbering is much simpler, and will soon be do-able automatically
- Standardised IPSec functionality in all devices

IPv4 will not run out with the current allocation guidelines - but it will continue to have incredibly restricted functionality due to NAT.

Re:Good articles

[Anonymous Coward]

it wasn't until fairly recently that NAT would actually deal decently with FTP, but it requires mangling the packets.

The original RFC [faqs.org] includes PASV, which is all you really need. The alternative, using PORT, may not be a good idea anyway [cr.yp.to].

since NAT is useless for servers, you're only going to see it on clients

This, I think, will actually become a problem. As people want to do more with the net, there's more cases where allowing connections into a machine becomes useful. You have to do really annoying hacks to do that (or something equivalent) with NAT.

Re:Good articles

[nsxfreddy]

What happens when the number of addresses available in 192.168 or 10. runs out? If we continue to move toward embedded devices with IPs, more computers, more servers, more , it's not that unlikely that a corporate NAT would get filled up. What do you do then? Start NATing the NAT? Each person gets their own NAT box and a single 10. address that then gets NATed to a single corporate address?

I guess the solution then is to switch to an IPv6 NAT... but then why not just switch to IPv6 and not have to worry about NATs anymore? If you want a NAT for the security features, go ahead, but if you use NAT just because you can't afford/don't have anymore IPs, then IPv6 is better.

We've already run out

[Morth]

Well at least I have. I want to run https/ftps on several of my subdomains, but I only have one ip. I can only use https with one hostname per ip.

That's just one example. Another is sending a file or playing a game or whatever between two computer each behind a different NAT. You have to do ugly port forwarding rules that might be more or less huge ranges. People have to learn how tcp/ip works on a level completely unnecessary unless you're a techie. And god forbid you want to run two public game servers behind the same nat (many games don't let you specify port to connect to).

NAT is a necessity, not a feature. Things would be so much easier if it wasn't needed.

Re:IPv6 more necessary than thought

[pauljlucas]

There are already ISPs in many countries that provide service from behind a NAT firewall. This kills many people's freedom of speech and the spirit of the Internet where everyone had their own servers and ran whatever they wanted.

No, what kills many people's freedom of speech are totalitarian governments such as China, North Korea, and Saudi Arabia where you can be jailed for speaking out on a street corner. Citizens of such countries have far more to worry about than being behind a NAT.

As for your "spirit of the Internet": what a whimsical invention. There is no such thing. The Internet was started as a tool of the military, government, and academia. It was never intended to be in peopel's homes much less giving all of them servers. Most people don't even know what a server is, much less how to set one up and run it.

IPv6 will NEVER HAPPEN

[Anonymous Coward]

Unless maybe Microsoft 1) puts it on all new Windows OS and 2) DISABLES IPv4 completely. Otherwise we will stick with IPv4 for along time.

Think about it.. the only way IPv6 will be "the standard" is if all your favorite sites are on IPv6 *only*.

The only way your favorite sites will be on IPv6, is when 95-100% of the client machines are on IPv6 *only*.

The key here is *ONLY* IPv6. As long as machines are on "both" networks, there is absolutely no reason for a company to use IPv6.

Now .. let's say you are the next google, amazon, ebay, etc. You want to set a web site, will you choose IPv4 or IPv6? Of *course* you will choose IPv4, because most people are using it.

Let's say you are an ISP customer, your ISP offers you an IPv6 address, or an IPv4 address. The IPv4 address will access all sites (because we're in the middle of the changeover, remember), and the IPv6 address will access, maybe, a handful of geeky sites.

Why would you get an IPv6 address? The big sites won't abandon IPv4, there's plenty of IPs for them, and therefore ISPs and clients won't abandon it either.

As long as you are using IPv4 in any capacity, YOU AREN'T SWITCHED OVER to IPv6. That's the key that everybody is missing..you don't get any of the IP address space benefits as long as you are still clinging to IPv4.

The other benefits of IPv6 are irrelavant, because the address space is different.

This is subtle but I believe the changeover will NEVER happen, and the BSD/Linux, etc, machines that are all rearin' to go with IPv6 will be used only for private networks (behind NAT and/or tunnel boxes, ironically).

NAT is not so bad .. I don't know why everybody says it's so terrible and breaks FTP .. why do I care if it breaks an obsolete protocol like FTP?? I don't even *use* FTP any more if I can help it.

NAT is the right solution for IP address shortage. Instead of wasting time with IPv6, they should've been looking at lower-level NAT routing/addressing protocols that are backwards-compatible, if that's possible.

I believe ISPs should offer "budget" service which is entirely NAT'd and web/mail/IM only. That would remove HUNDREDS of THOUSANDS of addresses and make them available for re-sale.

Re:Good articles

[Anonymous Coward]

Ok, this is idocy. Yes, the net can survive with NAT. The thing is, IPv6 is about looking forward.

If every phone, mobile phone, internet appliance, whatever had a publicly available internet address, things like VoIP could be routed over the internet, be more secure, have better latency, possibility of point to point encryption, etc. It would drive down the cost of mobile internet service, and make service better on the whole. Want your home phone# to ring your cellphone or computer? Forward it.

Phone numbers of the future should be like URLs. phone.yourname.com, mobile.yourname.com, and you could have as many of these as you could want to resolve to your phone's address. Want to have your cell listed by your employeer? joesmith.bigcompany.com. Confrence calls? IPv6 has much better facility for multicasting. Video, etc etc etc. are all quite possible.

It's not that complicated. IPv6 represents a paradigm shift for future accessible technologies, that aren't possible/interoperable any other way. People want mobile internet aware devices, lots of them.

What I want is to be able to subscribe to a mobile carrier like I would an ISP. They host my connection, give me some benefits (web space, whatever, more data transfer), and charge me for the byte. It's redicliously expensive to use internet enabled phones in most places in the world--Especially concidering that voice data is so much larger, by nature..

Re:"Fairly Recently?"

[Abcd1234]

Fairly recently as compared to when? I remember using ftp behind NAT years ago, back in the mid-90s...and boy does that sound strange.

Yeah... it took until around 6 years ago before FTP would even work through a NAT. FTP! One of the oldest protocols on the 'net! And this requires stateful management on the server, which is non-trivial. Basically, it requires a protocol-specific hack.

Anyhow, the stuff now works and is stable (and has for years), so there's no reason to whine about stability, etc. If your software doesn't work behind NAT, it's because they hired an inexperienced network guy to write the code.

Sorry, but you're totally wrong, here. There are many applications (IPSec being the most obvious, as well as end-user apps, like VoIP, P2P apps, etc), where the very architecture of said application means NAT fundamentally breaks things. And yes, there are ways to hack around these limitations, but they're just that, hacks. And this is unavoidable... the minute you want machines to be able to directly contact other machines, things break down in the face of NAT.

Re:Good articles

[Khazunga]

You'll never escape the limit of n internal servers for n publicly addressable IPs. Not unless you do some kludge like having an http proxy looking at Host: headers on requests.

Re:Good articles

[pmz]

That's common sense.

I thought it was common sense to not disclose more than is absolutely necessary about the internals of a network. A proxy server acts as a front man for obscurity and point of logging for accountability.

Re:"Fairly Recently?"

[Webmonger]

Putting a policy enforcement point (aka a firewall) between your network and the rest of the Internet keeps bad things from coming in and ensures that your users are using the network properly.

Indeed. But firewalling without NAT is equally effective, and allows you to selectively unblock machines and/or ports.

Re:So..

[serial frame]

Heh heh heh...Wouldn't you wish.

First off--Where at, then, in the IPv4 packet header, do you suggest putting the "differentiator"? Oh, shucks, I guess there isn't much space left in the header. (I'm interpreting you literally, here.)

Not to mention, the Internet is about connectivity, and what you describe is balkanizing it all. What if my friend in Zimbabwe was running a web server, and me, in Ukraine, wanted to view his web site? The only possible way to view the web site would be to know the address of a proxy server that was also within the same portion of his network, and possibly, any addresses of any proxies in between, in order to get a single HTTP request out.

The results of your idea wouldn't be far from necessitating something akin to bang paths like in UUCP. Once again, the Internet was architected with the value of end-to-end connectivity in mind, and you are obviously attempting to negate that value.

There is a point in time where duct tape and baling wire isn't so much of a good option.

Re:Good articles

[Tailhook]

The need for IPv6 is _not_ shortage of IPv4 addresses, but you find it in the extra features in IPv6 (Build-in security, Automated addressing, etc).

Disclaimer: First, understand, I'd like to agree with this. IPv6 is a good thing.

However, the IPv6 motivations you mention are incorrect. IPv6 does provide the things you mention, but these are not sufficient to cause a migration and do not constitute a "need."

Security; Adhoc VPN is providing this in IPv4. It's messy and complex, but it works within limits. IPv4 was not designed with this in mind and the hacks that appear as a result are deeply wrong, but it works.

Autoconfig; DHCP is providing this to a large degree already. It is working "in the wild" right now in both fixed installations and more recent wireless environments. Again, it's messy and imperfect, but it's working.

NAT is being extended to multiple levels through routing domains (my phone has a RFC1918 address and I wouldn't be surprised if some cable/DSL ISPs aren't distributing them too. A major issue for corporate WANs is making sure RFC1918 subnets don't overlap.) Protocols that don't play well with public IPv4 and NAT are being implicitly deprecated (consider SOAP running an entire RPC stack through HTTP ports and TCP/IP.) Obscene hacks necessary to overcome NAT are being created (IPSEC NAT-T.) How long will it be before ISPs set up tiers where you're only cost effective choice for small enterprise is a single public IP on a NAT gateway because a classless /28 public subnet is 5x more money?

IPv6 will happen only when the pain of the transition approaches zero. Until then IPv4 will persist regardless of how painful it is. People will deal with figuring out how to run multiple virtual hosts through a single address to a NATed DMZ before they read page 1 about IPv6.

When every OS and device supports it out of the box and the base of administrators are finally no longer mystified, it will occur. This will take a long time. I doubt IPv6 will be ubiquitous in the next 8-10 years. IPv6 proponents must continue to focus on vendor support and educating administrators. There is no magic bullet.

Not in favor of IPv6 yet

[mabu]

I am not in favor of IPv6 being rolled out. I think at the present time, it will amplify all the existing problems we have yet to solve.

I can appreciate the improved security and anti-spoofing provisions but the cons outweigh the pros. Most of what people are expecting to see with IPv6 will likely not be available to them. It's unlikely that broadband ISPs will give their customers more address space in order to avoid using NAT.

NATs and VPNs serve very valuable uses within a safe and secure-computing model. If more address space means less people will be using VPNs, that's a bad thing. It will result in more vulnerability of more machines and more headaches for everyone.

We also have the spamming/DOS issue, which is completely out of hand. There are measures that could be taken with the existing system which would dramatically reduce these problems. Moving to IPv6 will only make things worse until we adopt more regulation of the existing network systems.

Nowhere is this more obvious than in the area of RBLs. A move to IPv6 would largely wipe out all smtp-based anti-spam blacklisting.

economics

[Geno Z Heinlein]

In short, the "Death of the Internet" due to lack of IP space is a myth, which doesn't bode well for getting IPv6 rolled out any time soon.

Perhaps, but IPv6 will make addresses cheap and plentiful. Right now I pay $10 a month for one static IP. I want there to be so many addresses available that providers start advertising "Over 60,000 static IPs free with every account!" (Or the equivalent in name-based routing [stanford.edu] or any other technology that makes it quick and easy for me to throw another box on the network and connect it to the rest of the world.)

Re:Good articles

[Anonymous Coward]

You're not disclosing more than's absolutely necessary. Both parties already know there's a server on the other system, and frankly the fact that it has the IP address 23.34.45.56 isn't going to help a hacker one little bit. Why would the hacker care whether they have to access it via that IP address or the address of a proxy server? Worse still, you now have an additional point of failure - not only is there the security on the service running on the opened port to consider, but the proxy server now theoretically could have its own problems.

Indeed, this is a perfect example of the problems with security by obscurity - what you've done is made the job much more complex for yourself while offering no security advantages whatsoever. Thus you believe you've made yourself more secure, but opened up a slew of potential holes you didn't otherwise have.

Other than filtering (ie removing bad things - packets to the wrong ports, packets to and from the wrong IP addresses), you should have as little as possible between the two systems as possible.

Re:IPv6 will NEVER HAPPEN

[Jugalator]

Unless maybe Microsoft 1) puts it on all new Windows OS

You can already get the IPv6 layer for Windows XP. There's even a basic version for it included in XP, although an improved version with more features are available free to download from Microsoft. I recall it wasn't included for the simple reason it wasn't ready.

I'd be really surprised if there wasn't decent IPv6 support in Windows Longhorn.

Now .. let's say you are the next google, amazon, ebay, etc. You want to set a web site, will you choose IPv4 or IPv6? Of *course* you will choose IPv4, because most people are using it.

What are you talking about? What do you mean with next Google? Just because Google doesn't speak IPv4 doesn't mean they have to redesign the service. LOL. It's almost like you think the users or webmasters will need to care about whether they're connected to IPv6 or not? Users just type w-w-w-.-g-o-o-g-l-e-.-c-o-m as usual. Web masters just upload the content to their host as usual. If the host has a DNS entry, then that's just a matter of typing in the name of the host. :-) Where exactly do you see there's such a major difference that you'll suffer from choosing IPv6?

Let's say you are an ISP customer, your ISP offers you an IPv6 address, or an IPv4 address. The IPv4 address will access all sites (because we're in the middle of the changeover, remember), and the IPv6 address will access, maybe, a handful of geeky sites.

No, if an IPv6 transition occurs, all IPv4 addresses will be reachable in the new IPv6 format, since a special address space in IPv6 is allocated for this. After a while, more and more will switch to "real" IPv6 addresses. But the customers will never really have to care about these technicalities. They just get their dot com and is happy. :-)

I think I'm getting where your key misunderstanding and basis for your post is. You think IPv6 wasn't designed to coexist transparently with IPv4. Well, surprise there, it is.

This is subtle but I believe the changeover will NEVER happen, and the BSD/Linux, etc, machines that are all rearin' to go with IPv6 will be used only for private networks (behind NAT and/or tunnel boxes, ironically).

Why not on internet? IPv6 was designed from the ground to coexist with IPv4 after all. Routers only supporting IPv6 routing will be able to wrap IPv4 addresses and transmit data to IPv4 hosts, and fix the addresses back so the IPv4-only supporting host will never even know it's connected to an IPv6 network.

why do I care if it breaks an obsolete protocol like FTP??

Maybe you don't, but a world outside your ego bubble does, including both corporations and home users. Wake up.

NAT is the right solution for IP address shortage. Instead of wasting time with IPv6, they should've been looking at lower-level NAT routing/addressing protocols that are backwards-compatible, if that's possible.

Ooh, I'm so happy you aren't a network protocol designer. :-O

You seem to have quite a bit of reading to do to catch up with the latest advancements in the IPv6 area and especially how invisibly it can coexist with IPv4. Of course the designers never thought "let's do this protocol, make it totally incompatible, so no one will ever be able to switch smoothly".

What about the NAT myth?

[Merk]

You know the one. It says that "We don't nee IPV6 because we have NAT". It's the same kind of thinking that says that The Internet == The Web. Just because NAT solves a certain subclass of problems that are more naturally solved by extra addresses, doesn't mean that there is no need for IPV6 because there's NAT.

NAT works great for things like the web, which are initiated behind the NAT machine, and don't make any connections back through the NAT machine. But The Web != The Internet. Even FTP has problems with NAT, but at least those problems are well understood by now. When the original connection is made from the outside world, trying to contact something behind the NAT box, that's when problems start.

Some people see this difficulty in reaching the machines behind the NAT box as security. It isn't. If you have no other forms of security, it helps a little bit, but it's more like a side effect. Saying that this is security is like saying that a rusty lock is more secure than a new one because it is harder to get the key into it. A stopped analog clock isn't right twice a day, it just appears to be right twice a day, but that doesn't mean it is ever working.

If a NAT machine were replaced with a simple firewall machine with a closed-down firewall, you'd have the exact same kind of security. No packets get routed to the machines on the other side of the firewall unless the rules permit it. The only difference is that it avoids a lot of hacks. Rather than having to do "ssh -p 10322 mynatbox.mydomain.com" and having to remember that 10322 corresponds to your mail server, you can simply say "ssh mailserver.mydomain.com"

Doing away with NAT also makes true peer-to-peer networking possible. Currently it doesn't work, you need some kind of a server because you can't initiate connections from the outside world to the NATted boxes. P2P doesn't just mean swapping songs, but also networked gaming.

This is all just about routable addresses so far, but IPV6 is so much more than that. There are features of IPV6 like security that IPV4 simply doesn't offer.

So remember kids, The Web != The Internet, and NAT != IPV6, nor can NAT do everything you can do with routable addresses.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Rubbish article. We need IPv6

[njdj]

The article is rubbish for several reasons.

Even on its own terms, it predicts we run out of IPv4 addresses in about 20 years. That seems like the age of the universe to the 20-something kid who wrote the article. To those of us with a little more experience, it is not a long time at all to do something as major as converting the Internet to a different addressing scheme.

But the basic assumption of the article, that the present situation is OK and the only reason to migrate is to avoid it worsening, is wrong. In many countries, the IPv4 address shortage is very severe today, not in 20 years from now. IP addresses are expensive in the countries where most people live.

Finally, NAT is not a solution, it's a workaround. Many peer-to-peer applications simply do not work behind a NAT. Sure it lets machines surf the web, send email, and use clients like ftp, telnet, and ssh, but the Internet is much more than a handful of client/server apps. NAT is strangling it.

This is FUD. We are already out of IP addresses.

[Herbmaster]

I am a more-or-less typical internet user. I have a cable modem from RCN for my household which happens to have 4-6 computers. Of course, right now I am using NAT. This is an incredibly lame solution for a number of reasons which have been discussed exhaustively here already.
RCN provides me with a connection, X bandwidth, and 1 IP.
My incremental cost of more IPs on the same connection and bandwidth is prohibitively high. (I would consider a penny or two per month per IP to be "reasonable" since each IP should have trivial overhead for the ISP)

Ergo, we are out of IPs already.

DJB Said It Best

[scosol]

The *only* (and fatal) flaw with IPv6 is lack of backward-compatibility.

And it's never, ever going to work without it...

http://cr.yp.to/djbdns/ipv6mess.html [cr.yp.to]

(and he really does have the best host/domain/tld combo in existence)