The exhaustion of IPv4 address space 589
FireFury03 writes "Cisco has an interesting article talking about estimates for the exhaustion of the IPv4 address space, and the inevitable move to IPv6. It predicts that the IPv4 address space will be exhausted in 2 - 10 years and suggests that it isn't worth trying to reclaim old allocations. With the mainstream use of IPv6 now potentially within the ROI period of many products the manufacturers need to start including support, but will the ISPs roll out native IPv6 networks before they absolutely have to? IMHO, ISPs providing native IPv6 support would be a Good Thing since it opens up the door for peer-to-peer technologies such as SIP without needing nasty NAT traversal hacks, but a major stumbling block seems to be a complete lack of IPv6 support on current consumer-grade DSL routers (tunneling over IPv4 is an option but requires more technical know-how from the end user)." Of course, Cisco may have some vested interest in driving up the IPv6-compatible router sales *cough*, but the bottom line is that the transition will have to happen at some point in the near future.
I can't understand why... (Score:3, Interesting)
NATs at home can only hold IPv4 together for so much longer. Soon a killer ap will come out that just doesn't want to be NATted, and the whole Internet using public will demand direct addressing [at least they'll demand a solution that requires direct IP addressing].
Is NAT Better? (Score:4, Interesting)
Can anyone explain whether this is true or not and why?
for anyone who can't tell wtf is going on (Score:3, Interesting)
"The IPv4 address space has 32 bits, limiting it to an absolute maximum of 232 (roughly 4.3 billion) possible addresses. For both administrative and technical reasons (the latter in large part being related to routing), IPv4 addresses are allocated in blocks which are restricted to sizes which are powers of 2; this leads to many addresses being unused at any given time. In addition to this, substantial parts of the IP address space are not easily usable because of early technical decisions reserving them for private network use, loopback addresses, multicast, and unspecified future uses, which has resulted in some of these limitations being programmed into devices; working around these limitations will require substantial amounts of re-engineering to increase the amount of available address space. Finally, some of the IPv4 address allocations made early in the development of the Internet (in the 1970s), when only blocks of 224 possible addresses (called a
THANK YOU wikipedia.
Home routers (Score:3, Interesting)
Re:Interesting (Score:4, Interesting)
My cold, dead hands (Score:5, Interesting)
fe80::02d0:c1ff:fe5c:0010/10
2002:c0a8:1122::5efe:0a01:0101/48
2001:7f8:2:c01f::2
I mean, DNS goes a long way towards turning that hex into something memorable, but as a sysadmin it does NOT make my life easier. Let's reclaim some of thoseRe:Already rolled... (Score:4, Interesting)
Re:Is NAT Better? (Score:5, Interesting)
well, it's not "better" as such, just a different solution. NAT is not a golden bullet though. Yes, it does, by and large prevent random machines on the internet directly contacting your unpatched windows desktop at home, but a firewall will do that too, and virtually every dsl router has a firewall these days too. I would like to see home dsl routers supporting native ipv6 but I don't know of any.
I think that ipv6 is a good thing to go for, but it's not finished (but then, is ipv4?
Mandatory support for ipsec is great.. except how many of us would use it? as there is currently no support for mndatory ipsec encryption to unknown strangers. you've got to be pre-configured for crypto. I'd like to see something like ssh. if you know the key then great, if you don't then you can accept and save one and then while you may not have verified the destination, you're at least protected on the wire. yes, they also need to sort out authentication and perhaps some form of certificate distribution, but lets make a start on something useable.
mobile IP. sounds great! I can be using my ipv6 pda via my mobile phone and as I walk into my house, it picks up my wireless net and my downloads speed up instantly, all the while not dropping the voip call I'm making. or I'm using a laptop on the train and as it flits from hotspot to hotspot I don't lose any of my connections. sounds great! how does it work? you tell me, details are not easy to find. ots of talk, few working implementations (if I'm wrong, please tell me, I'm genuinely very interested).
working with networks as part of my job, I know how useful and really annoying NAT can be, and I really think it should be an option, not a requirement. I'd love to see ipv6 rolled out and see what changes it brings, but I also think it needs a fair amount of work still.
dave
Re:Is NAT Better? (Score:5, Interesting)
NAT in itself doesn't provide any extra security - the connection tracking needed by NAT is what provides the security (and you can do this equally well without using NAT). I wrote an article [nexusuk.org] on this subject a while back.
Whiles NAT does to some extent "solve" the limited number of addresses problem, it also creates many more problems. The Internet was designed to be peer to peer but NAT turns it into a client/server model. Whilest client/server works fine for "traditional" applications such as web surfing, it's a major stumbling block for peer to peer services such as VoIP, which have to employ various hacks to trick NATs into letting the peer-to-peer traffic through (with varying degrees of success). The likes of Skype are designed to hijack the connections of random Skype users who don't have NAT and use them to route traffic between peers who do have NAT when the NAT traversal hacks fail.
Examples (Score:3, Interesting)
In general, corporate networks today are so completely firewalled that they might as well be behind NAT, and some (bless 'em) are -- Intel for one uses nonroutable addresses internally.
Paying extra for fixed IP (Score:3, Interesting)
Now, if we have an unlimited number of IP-numbers, then I will be pissed if they expect me to pay extra for a fixed IP. What is their explanation and motivation for a higher price for a Fixed IP?
So maybe one of the reasons that they are trying to delay the introduction of IPV6 is because they know they will no longer get the extra income from customers that are paying for a fixed IP.
Network Operators thoughts on IPv6 (Score:5, Interesting)
Anyhow, I myself was curious about if/when IPv6 would be rolled out. One of the talks was about how to deal with IPv4 space running out, and a lot of the talk revolved around such things as multiple web sites running on the same IP (which was very uncommon then) and other ways to use less address space. Some audience members gave other suggestions for conserving IP space such as ways to use Network Address Translation to limit public IP use. I would say the feeling in the hall was that this was not a problem, and that people had to go the route of IP sharing, and aside from the need for more IP sharing, everyone pretty much liked the situation as it was, which was in contrast to the prevailing attitude in the world outside the hall. One audience member rose his hand and said, "What about IPv6?" The response to this was the entire audience broke into laughter - it was the funniest thing they had heard that week. After that I began thinking about IPv6 more along the lines of projects such as MBONE [savetz.com] (anyone remember the hooplah over that years ago?). Not that IPv6 will never be implemented, but this story that IPv6 was needed straightaway could have been written 8 years ago. I haven't seen much headway in it in the past 8 years, except for products promising they were IPv6 compatible, just in case. Not that IPv6 will never be rolled out on a large scale, but I'm not holding my breath.
Re:Already rolled... (Score:4, Interesting)
Try Andrews and Arnold [aaisp.net.uk]. I've had IPv6 (via a tunnel from their network) for the last two years with them. Native IPv6 (without a tunnel) is integrated into the new router they are developing, and should be live by the end of the year (only problem is finding an ADSL router that will support it, but you can use an ADSL modem and Linux, for example).
Re:I predict that... (Score:3, Interesting)
No, there will not be a doubling of the address space, just the name space. Same internet, twice th ICANN. Now people will have to purchase domain names from two registrars to be listed on both DNS systems. And the moment this happens there will be a flurry of activity to develop rootless DNS systems, from which all will benefit.
Submarine Patents AHOY!!! (Score:3, Interesting)
That means for around the next 20 years we'll have the whole RSA debaucle played all over again in the IPv6 sphere. Expect to see "Innovative Ideas" lawsuits gouging money from OS makers and especially makers of routers(esp consumer grade) and other networking devices.
Look on the bright side thought. With any luck, we'll run out of IPv4 addresses before the litigation finishes, and then someone really WILL have to do something about it!
Re:Already rolled... (Score:2, Interesting)
No it's not. The reason they charge more is because they're charging what the market will bear. They figure if you want a static IP, you're trying to run some kind of server, and you're probably willing to pay more for it.
If IP6 effectively gives every device in the world a static IP, then the upsell oportunities associated with the witholding of static IPs by the ISPs go away. That's why I don't see many ISPs supporting IP6 any time soon.
Re:Interesting (Score:4, Interesting)
Re:Is NAT Better? (Score:4, Interesting)
There is a time where the problem is looming, but taking action then will mitigate a lot of the damage.
Or one can wait until it is having severe impacts, and then we will all be hosed very very badly.
For *business* customers maybe, for a price. (Score:4, Interesting)
They only offer multiple client services on business accounts, so technically I'm already in violation of their rules because of using a router and NAT even though I run no "server", just a couple of PCs.
Yes, Cisco has a vested interest in replacing all those legacy IPv4-only cigar-box routers like mine. Yes, my IP provider would love a reason to raise rates or otherwise push me into a "business" account (and thereby charge me more).
Fact is, I won't be buying a new router, I'll just recycle one PC into place as a gateway and continue to hide behind NAT because I don't care to pay business rates for home PC use.
No matter how much I dislike IPv6 because of its "second system" bloat, I have yet to find a free IPv6 tunnel provider. Yes, it's my fault, people tell me they're out there I just cannot find them.
Bob-
Re:Is NAT Better? (Score:3, Interesting)
Well, all those businesses that currently shell out rediculous amounts of money for VPN solutions I suppose. Things will get more interesting if DNSSEC (shoving X.509 certificates in DNS records) gets widespread and easier to use - at the moment it's horrendously complex to set up.
I think in the long run it'd be nice to use IPSEC with DNSSEC instead of SSL, etc. There are some advantages - for one thing, once the keys have been negotiated between 2 hosts then that's it (until they expire), no having to renegotiate the encryption for every connection with the associated multiple round trips needed. Of course it'll cause firewall administrators a headache since they can nolonger filter packets by port number.
Re:Is NAT Better? (Score:3, Interesting)
They do. That doesn't save your ass in these situations:
Scenario 1: ISP gets hacked. Attacker sets up routes to your internal network. Attacker now has full access to your network and never even needed to lay a finger on your "firewall".
Scenario 2: Broadband ISP has everything set up such that the outside IPs of all customers in the area look like they're all on one big ethernet. Road Runner (Time Warner's cable ISP) works this way. Other customers in the area can set up routes to your LAN right on their own routers.
And people who consider the security of their own networks "fluff" are better off not being connected to the internet at all. They're just providing connectivity to that many more spam/ddos zombie hosts.
Yes.
Most devices you know of (ie, cheap consumer broadband routers) are not capable of being confiugred to perform NAT without filtering, at least not through the idiot proof web interface (and that's certainly a good thing).
Re:Is NAT Better? (Score:3, Interesting)
Re:Explanation requested (Score:3, Interesting)
Right now, I can in most cases hide behind a
This question is partly rhetorical, as I don't think that this will be the case. But if anyone here knows about recent developments in this area, I'd be glad to hear!
Re:Interesting (Score:5, Interesting)
Its not like there aren't plenty to go around still- HP owns 2 class As now, and a handul of universities own a full A as well. Reclaim a major portion of them for reuse.
Re:Is NAT Better? (Score:3, Interesting)
Hahahahahahahaha, yeah right!
DHCP has been a internet standard RFC for what, 8 years now? DNS for over 20? And yet there are still brand new devices (copiers, network timeclocks, etc) that don't support either standard correctly. Devices which don't even work correctly with DHCP and IPv4, which have to be statically assigned and addressed by IP address because the vendor's crappy software won't do DNS lookups for some unknown reason. Or that claim to support DHCP, but in reality request a lease once and never try to renew it.
As much as I'd like it to be true, corporate networks are not in any way ready to go fully dynamic. Renumbering, whether with IPv4 or IPv6 will always be painful. IPv6 makes it worse since it strongly discourages private address space.
Re:Is NAT Better? (Score:3, Interesting)
Re:ADSL IPv6 router - Re:Already rolled... (Score:2, Interesting)
Don't get me wrong - with most of these other routers now there isn't anything really wrong with them, it's just the Cisco 837 is exceptionally stable and never requires a reset or a poke to awaken it, like some others I have mentioned above. YMMV.
Look out for the Cisco 837 SOHO version, and save a large wedge of money too! Expect to pay around £350 for the non-soho.
(I don't work, nor am I associated with Cisco
Re:Is NAT Better? (Score:3, Interesting)
I have a control stream (TCP/UDP doesn't matter) that I can successfully set up from within my NAT'ed network to an external machine. This control stream signals that we're going to set up two media streams, one from me to him, and one from him to me. They're over UDP.
I send him the port # I'm opening on my machine to receive the stream he's sending.
I never get the media he's sending. Want to know why?
Because I opened port 20057 on my machine but nothing happened on the NAT machine who is refusing to relay the media.
Many protocols use this technique and have to jump through hoops to get it to work through NAT.
NAT good riddance!
=Shreak
Re:Interesting (Score:3, Interesting)
Your comment reminds me of the people who will buy a house next to a rural airport and then complain about the noise and try to shut it down.
Re:Is NAT Better? (Score:3, Interesting)
Yes, that's right. But most of the cheap NAT gateways probably function that way interally also. It is just the web interface that prevents you from setting it up in that way.
For example, a number of linksys routers run linux. Linux can definitely be configured to NAT and NAT only, and it won't drop a thing. It is just the linksys web interface that prevents you from configuring it that way.
It isn't broken. It just isn't a function of NAT to decide to drop or accept packets. NAT just rewrites or does not rewrite. In just about every type router there is, NAT and firewalling are separate and distinct things. The NAT standards don't specify dropping packets if they can't be rewritten, and it is just good design to keep those things separate. It gives you more flexibility and power and makes debugging easier.
The decision wether to drop or accept is a function of the firewall.
There's nothing broken about a NAT implemenation that only Translates Network Addresses. It would be broken if it ever did more than that.
Re:I can't understand why... (Score:3, Interesting)
Re:Interesting (Score:3, Interesting)
First - Hearing people talking about Cisco, and other companies, drumming up hype so that they can start selling new-fangled IPv6 capable routers is getting old... The Cisco router you already have will do IPv6 today. It's a software change.
Second - Why do people seem to insist that by turning on the IPv6 website, somehow that will prevent people from accessing the IPv4 website? So many ways to address this: Enabling a second network stack on the existing host; Standing up an additional server to host the IPv6 version; putting a 4to6 gateway in front of the website...
IPv6 is coming. It's going to be a difficult transition, but the sooner it happens, the better for us all. Doing it sooner means less "transition work," because the installed base continues to swell.
Re:My cold, dead hands (Score:3, Interesting)
Anything that is limited is valuable. Supply and demand. Think real estate. They aren't going to make more ip addresses, at least not in IPv4. That makes the ip addresses valuable and that's why MIT et al are not going to willingly give them up.
reserving address space for certain entities
When they were handing out addresses they had no idea that this thing would be wildly popular. Why ration (reserve) when you have no inkling that you would need to. Do you reserve water today from your grocery? Why would you, after all there is plenty of water. However, fifty years from now someone is going to wonder why we didn't. See how the idea of plenty works?
Who said anything about evil corporations?
Not you apparently. I got you confused with the parent. Now relax, this is just a discussion forum. No need to get mad at early risk takers just because they won't give up something willingly that they earned by taking an early risk.
Not an issue... (Score:3, Interesting)
I know, I know, there are more people in the world than there are IP addresses or whatever, but so what? I'd say that billions of people don't have a shot at owning a PC in their life anyway. Those who do can probably share IPs too.
It's a made-up crisis. There's nothing wrong with IPv6 but there's absolutely no dire need for it.