The first part isn't really almost fixed to 2001 -- the actual RIR allocations are listed here. The RIRs have /12 blocks assigned to them, with space to expand that to a /7. They also have older /23 blocks allocated out of 2001::/16. The first part might look like it's fixed to one of a few values, but that's because the address space is big enough that the RIRs haven't needed to use those bits yet. They'll use them when they need to.

Likewise, the minimum ISP allocation is /32, but each /32 is actually taken from a /29 reservation that the ISP can grow into. ISPs that are already large get bigger allocations -- mine has a /24, with a /21 to grow into. Allocation isn't done strictly on word boundaries.

It's perfectly fine for sufficiently large companies to get allocations in the /32 range. We have a billion /32s available. That's only one per seven people, sure, but we've just said we're talking about very large companies -- they have a lot more than seven employees each. (Of course the allocation should reflect the size of the company's network; if they're too big for a /48 but too small for a /32 then they should get something inbetween. I've seen /40 and /44 allocations to universities, for instance.)

Even taking the HD-ratio into account doesn't change things that much. If you use a HD-ratio of 0.8 (which is fairly low; IPv4 was around that number in 1998-99 or so) my "5000/person" figure from before becomes something more like 10-20 /48s per person. This is a number a person can realistically manage to hit, but I still don't see everybody on the planet managing that.

Finally, we have five more unused /3s that we can do this all over again in. We could even change the allocation strategy in those /3s, if we discover that our current strategy is bad. I don't think we'll fill 2000::/3, but there's an escape plan available if we do. We could have done it using your split, but we didn't, and from the numbers I don't believe the split we did decide on is going to be problematic.

I agree that 2^64 hosts is a bit more than you can sanely fit on a subnet. I am not convinced that moving the boundaries over so that /48 and /64 become /64 and /80 (or /96) would have been useful though.

My justification for this is that there are 5000 /48s available per person on the planet, where each /48 is enough for an entire network. How many people do you know who manage 5000 administratively-separate networks? That would need to be everyone for the current use of /48 to be a problem.

And even if that does happen, that's only out of 2000::/3. We still have five more /3 blocks available, so we can do it all over again if we really need to.

(I take it you meant characters or nibbles in your first paragraph; a full v6 address is 128 bits = 16 bytes.)

Yes, as I was saying, privacy addresses. What good does tracking the IP address do when they switch to a new IP every 24 hours?

Until they discover that Windows has privacy addresses turned on by default, which basically means that their address-based cookies are cleared every day.

Having more addresses than you need is annoying? I'd have thought having too few (i.e. the current situation in v4) would be the more annoying situation.

He specifically mentioned IPv6 though, and in IPv6 the address space is so massive that you can (and do) hop IPs regularly -- rather than hiding behind a single address, you instead use new ones constantly. There's no way to tie the IP to the computer, because by the time the **AA come knocking with the IP they logged, the computer has long since forgotten it.

How would IPv6 help?

Yet you don't seem to understand privacy extensions, which confound logging by generating lots of useless addresses rather than by trying to hide them all.

NAT breaks stuff. Its benefits are available other ways, so there's no need to put up with its downsides anymore. The world will be better off not having to deal with it everywhere.

Although ULA does exist... it's actually not very relevant for most people. Generally you want to be able to connect to anywhere on the internet, and to do that you use global addresses.

The thing the GP really wants is a firewall. If he doesn't want people on the internet connecting to his systems, all he has to do is say so. Firewalls have been around for a while and work just fine in IPv6; this is a solved problem.

Indeed, I was assuming privacy addressing was turned on. This is the default in Windows XP/Vista/7/8, so it's not an unreasonable assumption. It's still off by default in Linux, although that's nothing a sysctl or two won't solve.

Smart phones, tablets etc could be pretty much taken care of if Android, iOS and Windows Mobile enable privacy extensions by default. I'm not sure what they actually do at the moment; I think they default to off with a few isolated devices that have it turned on.