OK, this time it's for real: The last available IPv4 address block has gone You may have heard this one before, but we have now really run out of public IPv4 address blocks. The Internet Assigned Numbers Authority – the global overseers of network addresses – said it had run out of new addresses to dish out to regional internet registries (RIRs) in 2011. One of those RIRs, the Asia-Pacific Network …
There are probably large blocks of unused IPv4 addresses out there, if only the IANA would get off it's bottom and reclaim them. A lot of the big companies who were assigned a /8, back in the day probably don't use the full range they hold, since the introduction of NAT.
If they were going to, they would have needed to begin the effort a decade ago. You can't ask big organizations to re-IP hundreds of thousands of devices overnight. By the time old school /8's like Apple's, MIT's, HP's pair etc. become available everyone who needs more IPv4 addresses will have moved to IPv6.
"What's the point in trying to claw back IPv4 addresses? It would not fix the problem, just delay it for another couple of years."
There's actually an interesting thought there. There are multiple groups of people who are "anti Internet".
One is the Facebook Crowd, they only want Facebook, not the Internet. Those people typically either don't use E-Mail at all or use one of the few largest mail providers.
The other one is the people being fed up with their ISPs meddling with the Internet and certain agencies sniffing it all, so they create their own overlay network using the Internet only as a transport network for their VPNs.
So there's a chance that in a few years people don't want the Internet any more.
Many companies running ipv4 routable addresses inside their network could release addresses by running IPv6 at the border and IPv4 internally. Basically turns their assigned range into a private network block. Not suitable for all, but should help migration timelines.
You append your internal v4 addresses to your v6 address block and away you go (almost).
I left ICL in 2001 - they had already at that point switched their internet link from a fully routed (but firewalled as approriate) internal network (145.227.0.0/16) to some seperate proxy / gateway in another net range run by ICLNET. 145.227.0.0 has basically been dead to the world since then, but is still allocated to (now) Fujitsu.
Sure, the renumbering of internal machines to the new 'private lan' scheme was taking ages, and most stuff still used 145.227.0.0/16 when I left, but it doesn't matter - the only internet access they have is through application-level proxies so they'll never need to route to a "real" 145.227.0.0/16 address if it was relinquished.
Same goes for most others - there is no need for them to all renumber before giving up a netblock.
"The other one is the people being fed up with their ISPs meddling with the Internet and certain agencies sniffing it all, so they create their own overlay network using the Internet only as a transport network for their VPNs."
This is what I and a handful of my friends have done for a few years now, but I never really considered it as being "anti-internet" at all, but rather using the internet as designed. The internet is, after all, just a transport network which various services use for communication. Also all of us use external services on the internet (obviously) as well.
"What's the point in trying to claw back IPv4 addresses? It would not fix the problem, just delay it for another couple of years."
I'd submit that Plan A -- everybody grumbles a bit them and switches to IPv6.-- does not seem to be working. In reality, many users can't "upgrade" because third parties like their ISP don't support IPV6. Others lack resources to upgrade. Many users feel, possibly correctly, that the minimal security provided by IPV4 plus NAT is better than not having "NAT security". A lot of stuff that purportedly supports IPV6 doesn't. Less than a year and a half ago, Microsoft had to fix Windows 10 before they could change their headquarters network to IPV6. Most users don't have the resources to fix their OS(es) or their hardware. There may be other valid reasons. Whatever ... IPV6 adoption is glacial at best.
I'd submit that a few years to develop and implement a Plan B that -- unlike Plan A -- realistically addresses the needs/desires of users might be a really good idea.
And a Plan C developed in parallel with Plan B in case Plan B doesn't work out, might not be a bad idea either.
And this is why the average person shouldn't want to switch to IPv6, even if his ISP, his router and his computer/devices all support IPv6 perfectly. With IPv4 pretty much every consumer uses NAT, and is mostly safe from direct attacks from the internet.
Sure IPv6 can use firewalls, but will consumers have that by default with all typical combinations of IPv6 supporting ISPs, routers, etc.? I wouldn't count on it - if my parents were urged by their ISP to switch to IPv6 I'd tell them not to. I know they are safe with IPv4 thanks to NAT, with IPv6 I'd have to check out the hardware, how it is set up, etc.
Even then I have to hope that they don't buy some internet connected light bulb that provides instructions telling you how to disable your router's firewall.
I've had two cable ISPs that supported IPv6, now. Every home router I've used that had IPv6 had a firewall turned on by default. My cell phone provider also uses IPv6, BTW, with IPv4 support behind carrier NAT.
NAT was never supposed to be a security barrier; that it functions as one is mostly by accident, because it happens to require a firewall.
I've had no problems except for once early on when Comcast turned up IPv6 locally before they were ready to route it. A substantial fraction of my web and video streaming traffic goes over IPv6 now, and I can't say I notice a difference. And that may be part of the problem; for the consumer this isn't really a value-added proposition.
Back in 2011, just before the first RIR ran out, we were going through more than one /8 per month. That was 7 years ago; the demand for v4 addresses is only going to be higher today. In other words, this would buy us something on the order of 2 weeks or so per /8. It really isn't worth the effort.
> There are probably large blocks of unused IPv4 addresses out there, if only the IANA would get off it's bottom and reclaim them.
Nope, been already done. They got some /8's back, and reallocated them years ago.
The only "large companies" left are Apple, HPE & Ford and a couple others. If you go down the IANA list, almost everything is allocated to huge Tier1 carriers directly, or to a regional IRR.
part of the scheme uses an IPv4 /30 block, which basically wastes 3 of the addresses. In reality, a scheme that uses something _like_ PPPoE or some other kind of tunneling protocol would only require 1 IP address in a block of 255 to be a gateway address. The additional bandwidth you might get by having to NOT use a tunneling or PPP-derived protocol (maybe 5%, let's say) would be compensated for by a much lower price. The ISP would be able to sell 3 times (or more) as many fixed IPv4 addresses to customers that need them.
All of this being said, it's the lack of efficiency of small netblocks (particularly /30's that potentially waste 3 for every 1 that gets assigned) that's eating up the IPv4's I'd bet.
I still want everyone migrating to IPv6. It's just that the ISPs have been dragging their feet for SO long that it's likely I'll need to maintain a fixed IPv4 address for the short haul, at least. And I don't want to see them priced out of the range of affordability.
part of the scheme uses an IPv4 /30 block, which basically wastes 3 of the addresses. In reality, a scheme that uses something _like_ PPPoE or some other kind of tunneling protocol would only require 1 IP address in a block of 255 to be a gateway address. The additional bandwidth you might get by having to NOT use a tunneling or PPP-derived protocol (maybe 5%, let's say) would be compensated for by a much lower price. The ISP would be able to sell 3 times (or more) as many fixed IPv4 addresses to customers that need them.
What scheme? I believe you, but I've never seen it myself apart from a few niche (and practical) cases. I hope it's just one ISP, not a general USA 'tang?
Most residential services I know use at least /24 or a /23 for their provisions.
But even if they use that reasoning that it's to avoid needing tunnelling, they are wrong.
My current connection isn't tunnelled any more - no PPPoE. - authorisation is done based on the physical connection - i.e. who is "me" is tied to the physical line (even in my days of adsl with PPPoE I'm pretty sure you couldn't login with someone elses user/password on your line - so the authorisation of PPPoE wasn't the prime purpose of its use.)
At the moment, my single external IP address is sitting on a /20 - I don't have the "local lan traffic" sent to me - the remote router deals with that.
Any connections I do try to make to my "local lan" - the remote router replies to arp requests with it's own MAC (proxy arp) which then acts as a bridge to the remote address.
Upshot, single IP address from ISP. No PPP overhead. No small netblock allocation. No leakage of anyone elses data (more importantly, their dross doesn't needlessly slow my link)
From my routers point of view, it's just a normal machine in a /20 network - sending IP packets "directly" to other users machines "on my lan", and routing to the router for addresses off-lan. The remote end deals with the realities.
"they were assigned before IANA existed"
Yup, and the guy who assigned them (Jon Postel) has been dead over 20 years.
And there have been some highly questionable acquisitions of some of those blocks (Such as how OSF1's block ended up in the hands of av8 software, via OSF1's tech contact apparently just walking off with it when OSF1 effectively ceased to exist)
When the first site that's gotta be visible for some application is available on IPv6 only, then you'll get what you need to go IPv6
Perhaps the answer is to move social media to IPv6, leaving the original Internet behind for those who liked it the way it was...
Won't happen, don't stress over it. When the first site that's gotta be visible for some application is available on IPv6 only, then you'll get what you need to go IPv6 :)
And that ain't ever going to happen, not in my lifetime anyway.
No *business* is going to put their content on IPv6 only and have it visible to only a fraction of the world, when for a few dollars more it can be visible to the whole world. Perhaps once 99% of the users have IPv6 access then IPv6-only sites will start to appear.
There is no IPv4 shortage at the *content provider* side of things. You can share IPv4 addresses via CDNs, reverse proxies, load balancers, HTTP virtual hosts, SNI etc; this has been going on for years.
Even if a content-provider business *does* need their own IPv4 address for a service, and suppose it cost $10,000, they would still pay it just to make their service usable to everyone; they often pay more just for a cool domain name.
Things are different at the access side (i.e. users / customers). There, the shortage of IPv4 addresses is acute (at least in some regions). But unfortunately, deploying IPv6 does nothing to reduce the shortage, because it doesn't remove the need for IPv4 source addresses to access most of the Internet. If you don't have enough IPv4 addresses to give each customer one, then you are forced to use some sort of NAT, whether it be NAT44 or NAT64.
I see one solution: connecting the IPv6 and IPv4 Internets with a giant NAT64. This could be done by the existing content providers (e.g. Akamai, Cloudflare, Google): each of them could treat the whole IPv4 Internet as a big pool of user content and NAT64 to it as a public service. Then an end-user could have an IPv6-only connection, but still reach the whole IPv4 Internet (at least over TCP and UDP).
That's impossible. If you had a service accessible only by IPv6, and people really, really needed it, someone would build an IPv4/IPv6 adapter so that IPv4 could reach it. More likely your service isn't that important and nobody would ever use it, they'd use a similar service that was IPv4 only.
I salute your heroic efforts. What will actually happen is that as the tsunami waters recede, thick with corpses, the mercifully few politcians left alive will start up their endless litany of "I knew this would happen" and "If only they'd listened to me" with a big dollop of "Only I know how to fix this, trust me" and your choices will be—as usual after a completely predictable and monstrously mishandled crisis—believe them; or cut their throats.
Strangely, human history shows that these greedy, self-serving cretins usually do not get their throats cut but go on to incubate the next colossal disaster.
If you want a short summary of human history and what is fatally wrong with our species, I suggest: "People believe words, instead of actions".
your choices will be—as usual after a completely predictable and monstrously mishandled crisis—believe them; or cut their throats.
Milton,
I'm only saying this because I care.
There are plenty of decaffeinated brands on the market that are just as tasty as the real thing.
I haven't had trouble with any 'droid device on my network [I have IPv6 via an he.net tunnel and AAAA records for a domain that correctly point to multiple machines' IPv6 addresses].
I'm running the usual support protocols as well as DHCPv6 so maybe that's why everything just works...
[and I've had people come to my house and use their 'droid and iOS devices, no problems noted]
Now keep on and come back to us when you'll be a big bank, insurance company, multinational corporation with 24/7 mission legacy critical systems and you'll teach us how you managed to convince the top management to accept the risk.
...or even The Register.
% host www.theregister.co.uk
www.theregister.co.uk has address 104.20.251.41
www.theregister.co.uk has address 104.20.250.41
Oh, the irony.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
