The exhaustion of IPv4 address space 589
FireFury03 writes "Cisco has an interesting article talking about estimates for the exhaustion of the IPv4 address space, and the inevitable move to IPv6. It predicts that the IPv4 address space will be exhausted in 2 - 10 years and suggests that it isn't worth trying to reclaim old allocations. With the mainstream use of IPv6 now potentially within the ROI period of many products the manufacturers need to start including support, but will the ISPs roll out native IPv6 networks before they absolutely have to? IMHO, ISPs providing native IPv6 support would be a Good Thing since it opens up the door for peer-to-peer technologies such as SIP without needing nasty NAT traversal hacks, but a major stumbling block seems to be a complete lack of IPv6 support on current consumer-grade DSL routers (tunneling over IPv4 is an option but requires more technical know-how from the end user)." Of course, Cisco may have some vested interest in driving up the IPv6-compatible router sales *cough*, but the bottom line is that the transition will have to happen at some point in the near future.
Already rolled... (Score:5, Insightful)
Love that quote (Score:5, Insightful)
Isn't worth it to whom?
Re:Interesting (Score:2, Insightful)
It's almost like me saying that any random new car model from Detroit will get between 20 and 100 miles per gallon. We all know how fuzzy EPA figures are, but even those are more precise than Cisco is here.
concurrent operation of IPv4 and IPv6? (Score:2, Insightful)
Can IPv4 and IPv6 coexist? When do the root servers transfer over? (have they already?) If they can co-exist, what's the motivation for *everyone* to switch?
What happens to smaller countries that don't have the resources to make hardware changes to keep up to date.
From a laymen's perspetive this seems a lot like Y2K in terms of the scope of changes required.
Explanation requested (Score:3, Insightful)
New Allocation Schedule (Score:3, Insightful)
I just wonder how we're going to resist the temptation to do the same thing again, now that we have another glut of address space. On one hand we don't want to end up with vacant blocks of addresses, but we don't want to be too niggardly about it either, or else individual static addresses won't ever 'trickle down' to end users and we'll be stuck with the same mess of NAT traversals and subnets that we have now.
I'm sure that this issue has been addressed (or will be addressed) but I'm just curious how the IANA will find the 'balance point' between assigning enough high-level blocks to make sure end users can get static global addresses, while not overassigning. Perhaps there should be some sort of a periodic review process for high-level address block assignments to see how fully utilized they are, and either assign an entity more addresses or reallocate underutilized resources.
Re:Is NAT Better? (Score:2, Insightful)
The majority in new IP address growth comes from all the future gadgets, your house, the washing machine, fridge, etc. So PCs can still 'hide' behind a NAT if they need protecting.
Re:I can't understand why... (Score:3, Insightful)
Because IPv6 isn't yet a buzzword that non-technical buyers are looking for. This will probably change in the next few years when the business world becomes concerned with it. Once a company CIO hears that his internet connection will die without IPv6 support, there will be a huge marketing effort on the part of Cisco and other router makers.
Simple fix.. (Score:3, Insightful)
MASQUERADING. I get only 1 ip address from my provider.
I've got a wireless webcam, a zaurus wireless pda, company assigned laptop, my linux development desktop computer, my Apple G3 running LinuxPPC (my gateway, web, imap server),
My oldest son't room with a Linux based AMD 64bit server, a
mini mac, a sharp zaurus, my 2 youngest boys room and thier
computer and a laptop up in thier room, my hombrew robot,
a hacked compaq IA-1 that runs linux that I use to monitor my firewall, email, etc.. All these devices get to the outside world on 1 ip address. I have multiple servers that
are accessed by the outside world via port redirection as
well.
My point is that we should be tighter with ip address allocation.
Home / SOHO Routers (Score:1, Insightful)
Re:Explanation requested (Score:5, Insightful)
Waste (Score:3, Insightful)
Ed Almos
Not any time soon. (Score:5, Insightful)
The bottom line is that the only people who realy WANT a rollout of IPv6 is Cisco. Why? Because the vast majority of their existing installed routers will not support IPv6 with anywhere near the same feature set and packet rate as those routers can handle with IPv4. Thus, IPv6 means people upgrading equipment that isn't really deficient.
Most people have no concept of:
a) How much IP space we have left.
b) How extremely inefficent we have been with a large percentage of the address space.
c) How much assigned, announced, and routed space is completely unused.
d) How much the rate of growth has flattened.
e) How wrong every prediction about when we run out of IP space has been thus far.
If you search the nanog archives, you'll see posts by myself going back many years stating essentially "Somebody tell me why we need IPv6 again?"
Do not hold your breath. We're 10-15 years away from IPv6, because it will take an even larger gross expenditure for the service providers to upgrade to support IPv6 than it did for the broadcast industry to upgrade to HDTV.
This is what industries that rely on revenue growth do when their customer growth flattens. They invent a new widget, come up with reasons why everybody needs it, market it, and hopefully everybody buys the product all over again. IPv6 is admittedly a good bit different; it was created by geeks in attempt to solve a perceived problem. However, it was siezed upon by the router vendors as a future "upgrade when growth flattens" path.
Don't buy into the hype. IPv4 is here to stay for a long time. Even when IPv6 starts to have some decent degree of market penetration, you will always find most of the devices on the net are IPv4 behind IPv6 to IPv4 NATs.
NAT is about a lot more than low address reserves (Score:3, Insightful)
For a start, a lot of ISPs only offer one address, partly to encourage people to buy more expensive packages with multiple addresses, and NAT transparently solves that issue.
There is no reason to assume that increased avilability of addresses will cause ISPs to offer more addresses to consumers - after all if they anticipate 100,000 single PC broadband connections, they are going to find it hard to get approval for 800,000 addresses (to allow a
Also low end ADSL connections often force NAT upon a user, allowing the vendor to create a differentiator between it's commercial and domestic offerings.
In the end NAT offers security, independence of allocated IP space to available addresses, simplified network management with an excellent delineation point between vendor and consumer (the ISP dosen't have to worry about what is inside the end user network), and a reasonable form of security. It's great for a small internet connected network.
Re:Love that quote (Score:3, Insightful)
Re:Is NAT Better? (Score:3, Insightful)
NAT *is* a stateful firewall. That's how it works. It has to keep track of outgoing connections to remap those ports on the external interface. No outgoing connections == no port remapping on the external interface.
If you disagree, then explain to me how one could connect to a machine behind a NAT device if said machine has initiated *no* connections to the Internet. Sounds like stateful filtering at work.
Now, stateful firewalls are just as easy to implement on IPv6, so NAT is certainly not a valid reason for sticking with IPv4. But NAT is indeed a stateful firewall.
Re:Is NAT Better? (Score:2, Insightful)
Ah yes, the fabled "Internet Devices". When will the companies realise that I have no need to control my washing machine from the other side of the world, or from work, for that matter. I survived this long without the useless feature, I think I'll manage. For nearly a decade I've heard about IP-enabled white goods, in that time I've seen precisely one device, an IP fridge [lginternetfamily.co.uk]. And it still can't ring up Tesco's & place your order.
Re:Already rolled... (Score:3, Insightful)
Everybody seems to think that the added costs of a new software product end with deployment. Not so.
Re:I can't understand why... (Score:4, Insightful)
NAT is not a security tool.
NAT is not a security tool.
NAT is not a security tool.
Network Address Translation was never intended to function as a firewall or a packet filter, it was designed exclusively to allow multiple computers to share the same IP at once. That's it.
The fact that NAT has some side effects which are similar to a firewall has been a big problem for network security, because it leads users and even administrators to believe that their network does not need a firewall because they use a NAT system.
We are finally, after many years, starting to see real firewall use become commonplace, and a XP even has an automatic software firewall now, but if it hadn't been for NAT, I bet people would've been implementing real, security-focused firewalls a lot earlier.
Re:Paying extra for fixed IP (Score:2, Insightful)
They'll still charge for static IPs even with IPv6. After all, there's not much reason for cable and DSL providers not to offer them for free right now. Most cable and DSL modems are always on and occupying an IP address anyway, and there's never been any mention of an address crunch at any big ISP (Cablevision, Comcast, etc.), so there's no technical reason to avoid offering static IPs.
Charging for static IP addresses is pure profit for these companies. A small change to the DHCP servers to indicate that a particular modem should always get a particular IP is all it takes (and only needs to be done once), but the money for that keeps rolling in. Opening up more addresses isn't going to change that.
Re:Is NAT Better? (Score:3, Insightful)
Re:Is NAT Better? (Score:3, Insightful)
IPv6 provides for priority and quality of service information in the packet, allowing for better priority based routing.
It also doesn't permit for fragmenting packets, which makes life easier for both routing and stitching it back together at the destination.
And distrobution of the addresses is done more fairly. It's not the US and western Europe (to a lesser extent) grab the address space they'd like and the rest of the world can scrounge for what's left.
NAT does blur the line between Network layer and transport layer somewhat. NAT uses TCP or UDP ports to do routing. Good design would dictate that independant modules of a system should stay indepedant, NAT doesn't do that. Not that it's really a big deal here, there's not much change of a new transport layer protocol grabbing hold anyomre.
Re:Is NAT Better? (Score:5, Insightful)
Second, NAT helps multihomed corporations. For large companies, your 10k hosts are going to be distributed over many states/countries/ISPs
It is this address isolation and multihoming support that drives NAT use in small and large companies. Address space depletion has nothing to do with it. IPv6 does not fix these problems; companies will continue using NATs because NATs do.
Let the EU deal with it (Score:3, Insightful)
Re:Love that quote (Score:5, Insightful)
In particular, Level 3 Communications has not one but two Class A blocks, the 4.0.0.0 and 8.0.0.0 blocks; "Comcast IP Services" has another one.
There are some oddball Class A assignments on there too. Who would have guessed that Ford has one? The US Postal Service? The Defense Department has something like seven, not a huge surprise given when the assignments were made. Halliburton even has one.
Anyway, reading down the list you can see that the people who already have their own Class A blocks are unlikely to care too much about how quickly v6 gets rolled out, at least for their own use. But some of the newer big-time tech companies who aren't on that list might have more of an interest
Re:Embedded? (Score:3, Insightful)
But will this increase the depletion of IPv4, or just result in home NAT starting to support the use of CIDR/16 chunks of of 172.16/12 instead of CIDR/24 chunks of 192.168/16? As an example, my Zyxel DSL Modem was pretty trivial to switch over to using 10/8 on the inside its NAT, and would have been easier if it was a model that the manufacturer intended to allow a normal sized NAT pool. (The Zyxel firmware tries to prevent use of spaces above CIDR/30 for non-router hardware.) While my five-year old router isn't thrilled at this sort of thing, my 1 yr old Belkin router is completely content with any IP space I want to assign it.
So the question is, how many of these devices will have Internet (as opposed to LAN) VISIBILITY (as opposed to merely connectivity) be a feature?
Re:Is NAT Better? (Score:3, Insightful)
A second item is that moving to IPv6 will not necessarily remove NAT or the current 1 router many PCs setup so many of us have. ISPs in general have charged per IP connection/computer, considering each IP a separate computer. Do you honestly think that will change with IPv6? That ISPs are going to be nice and just let you wire up however many systems you want to their network?
I don't think they'd give up that type of revenue stream. (Besides, think of the security nightmare of locking down and managing security for all those items, like your refrigerator! You'd want some sort of appliance FW/NAT box, both to secure you and keep you from paying extra each month. The latter would be the selling point for most normal users.)
Excuses, excuses (Score:3, Insightful)
The only admins who don't like IPv6 are those who are either ignorant of the way it works, or who are too hooked on being worked to death. Both need help, treatment and beer.
Re:Is NAT Better? (Score:3, Insightful)
There's nothing inherently more secure about NAT, it's just the way it's set up on most home routers. As a little experiment you can take a Windows box and put it in the "DMZ" of a normal home NAT box, which means that all ports and protocols get forwarded to it, just as if it was sitting on the public internet itself. It should end up getting owned by viruses and spyware just as quickly as if you plugged it into the modem, even though it's subject to NAT. The point being: the address translation isn't providing any security itself, its only because it's being applied selectively.
Of COURSE the Windows machine will get "owned" (as it were) if you TELL your FIREWALL/NAT device to forward all unexpected incoming connections to it!
Here. I've got one for you. Here's a condom. You can wear it while you have sex with whatever partners, but there is one particular partner for which I'm going to poke a hole in it for you.
Geez..
Fossil fuels (Score:3, Insightful)
8 years seems to be a long time, to me.
Yep, and thirty years ago they said that we would be out of oil in twenty years. Go figure...
Re: hardware limitations (Score:2, Insightful)
As long as IPv6 isn't required to get everywhere, they can save money by using smaller/fewer routers to do IPv4 work.
In terms of just memory, you almost double the use by having a separate table for IPv4 and IPv6.
Re:Is NAT Better? (Score:3, Insightful)
Re:NAT is about a lot more than low address reserv (Score:3, Insightful)
Re: hardware limitations (Score:3, Insightful)
I think that rather depends on how much of the network is IPv6 only - if there's a large chunk that's only on IPv6 then refusing to support it would be like telling the customers "we've decided to not route any of your traffic to the US anymore because that's cheaper for us". Customers would be leaving them in droves - they don't need to understand _why_ parts of the internet are inaccessible, it will just become known that this ISP is crap because they have "firewalled" off part of the internet in the interests of cost saving.
Re:Explanation requested (Score:3, Insightful)
Well NAT is a huge pain in the arse for anything peer-to-peer - for example VoIP.
Lets take Skype (horrible system that it is) for example. You want to make a call:
1. Caller A places a call to caller B. This involves talking to the Skype directory server and ggiving caller A the IP address for caller B.
2. The system realises that caller B is behind a NAT so caller A can't start a connection to B... ok, no problem, we just get caller B to initiate the session instead.
3. Oh wait, A is also behind a NAT so B can't start a connection to A.
4. Lots of nasty NAT traversal hacks are tried to tick the NATs on both ends into allowing the traffic through.
5. Sometimes the NAT traversal works, lets assume in this case it doesn't. The only way to get traffic between A and B is to go via a third party server.
6. Another random Skype user's connection (which isn't using NAT) is hijacked - both A and B connect to this Skype user and use his connection to pass the traffic. This means that not only is it sucking the bandwidth and CPU time up on the third party's connection, but that connection may vanish at any instant and there is added latency caused by going via a connection of unknown quality.
Whereas without NAT that'd just be a case of A connecting to B and all would be good.
Also, being about to log into my video recorder from my cellphone and ask it to record something would be cool
Re:Is NAT Better? (Score:2, Insightful)
Seriously... it is better in this case to be proactively preparing for the transition than to one day realize we *really* need IPv6 and are not capable of making it happen effectively. No one is saying it has to be a hard and fast cutover today. I don't see anything wrong with getting some momentum going and starting to work out some unexpected kinks before the need is *real and imminent*.
Re:Interestingly precise (Score:0, Insightful)
The cost of unsupport (Score:3, Insightful)
I mostly work in tech pubs (when I'm working), and this has been a constant issue for me. At some badly managed companies, I've seen engineers add SuperKewl Features to the product without authorization, thinking they can just throw them over the wall to the customers and forget about them. Wrong. I have to document their damn features, and that costs. If I don't document their damn features, then tech support has to handle the resulting calls, and that costs even more. And if tech support tries to tell a big customer, "Oh, that's an unofficial feature, we don't support it," that really costs!