Internet IPv4 Addresses Depleted by Early 2011

Status
Not open for further replies.

mavroxur

Distinguished
Feb 8, 2009
326
0
18,960
Ok, I have to call bullshit on this one. The problem isn't that all but 5% is allocated, the problem lies in how the allcations are dealt out. There are HUGE blocks of addresses that are being wasted and reserved for networks that aren't in use. And what reason is there for most devices on the internet to have their own externally visible IP address? Isn't that what ROUTING and PORT FORWARDING is for? IPv4, granted, is a limited architecture, but even the most efficent architecture is useless if it's implemented poorly. There's no reason for every pc/pda/phone/tablet/toaster/ceiling fan on the planet to have an externally visible IP.
 

jskilnyk

Distinguished
Oct 5, 2010
35
0
18,580
Isn't that why they thought up the crazy idea of IPv6... If anyone has the time can they tell use how many different IPv6 address there are versus IPv4?
 

enzo matrix

Distinguished
Nov 10, 2009
174
0
18,640
[citation][nom]mavroxur[/nom]There's no reason for every pc/pda/phone/tablet/toaster/ceiling fan on the planet to have an externally visible IP.[/citation]
What do you suggest then?
 

stevo777

Distinguished
Jan 8, 2008
139
0
18,630
The transition will get handled too late in my view. Foresight always seems rare and issues aren't dealt with until problems arise. It will be interesting to see if this view is vindicated.
 

LuckyDucky7

Distinguished
May 5, 2010
131
0
18,630
And this isn't going to be enough time before "the sky starts falling".

The problem with all this is the fact that they still have 200,400,000 (200.4 million) addresses to allocate. In fact, there are still more in reserve, because certain companies (and notably the United States Department of Defense) still have whole blocks of 16.7 million IPs each, which they don't need (as I said earlier, the Department of Defense has 200.4 million addresses allocated to it.)

You'd figure that the DoD would have already upgraded its systems as a matter of national security. Well, guess what? Looks like they haven't! I wonder why?

This is the problem- it's not the software, it's the hardware that powers it. Almost any operating system and program can be patched to use IPv6- and indeed most OSes do this, but the problem is the unpatchable- the old hardware that most of us have no doubt accumulated over the years, and still use. If you think you've spent a lot of cash on routers and switches, you haven't seen the enterprise- the thousands of 16 and 24-port switches and routers and fiber-optic switches and infrared links and all that, that don't support this protocol- even those made this year.

Have any of you actually seen a (unmanaged) router or switch that is IPv6 compatible? I didn't think so.
Have any of you seen any mobile phones (smart or dumb) that have IPv6 addresses on them, or at least can even support it? No again.
How about your NAS boxes? No? Surprise!
And how about your brand-spanking-new Google TV? You get 3 guesses, and the first 2 don't count for that one.
And how about that $5000 dollar VoIP unit that your workplace just got? No again- and forget about tunneling THAT one!
How about that tablet that you're looking at (in that chart up there)? NO- it doesn't support v6.
And, in the case of the DoD, how about the vital networking devices that cost a LOT of taxpayer money to get? And how about all the old military technology that's still based on v4? How much will that cost them to replace?

Don't get me wrong- if another protocol does not rise to replace IPv4, the sky will cave in- because certain developing countries will run out of addresses to name their computers. We, as (principally) North Americans won't have it as bad, except for companies that are just starting up and need certain equipment that needs an IPv4 address.

Therefore, there is a great need to replace IPv6 with another protocol that is completely backwards-compatible with IPv4, with the feature set of IPv6- because if that doesn't happen, the Internet sky will certainly become unstable and break.
Tunneling is great, but it will cause large headaches for those who use it, and some programs just won't work at all (if you're stuck with v4 hardware).

I, for one, will not be running out to get an IPv6 router just because I can (and because the majority out there don't have it), and because most network providers do not supply v6 addresses- if you get a free gateway with your Internet connection, look at it, and see that it's IPv4.

This is the problem, and until it's fixed...
 

deltatux

Distinguished
Jul 29, 2008
98
0
18,580
[citation][nom]enzo matrix[/nom]What do you suggest then?[/citation]

Use NAT within each cellphone carrier which then use a shared IP address. I know 4G phones will use packet-switching and are forced to use IPv6 which is a good thing.

We should have started migrating to IPv6 back in 2008, but no, no one is working on it until the last minute.
 

Pyroflea

Distinguished
Mar 18, 2007
341
0
18,930
Was there not an article EXACTLY like this a few months ago...?

On a side note, IPv6 will NEVER catch on. It's far too complex compared to IPv4. Who's gonna remember 3ffe:1900:4545:3:200:f8ff:fe21:67cf when they can remember 192.168.1.100? It just doesn't make sense. They need to find a new method of generating IP's that is practical.
 

palladin9479

Distinguished
Jul 26, 2008
193
0
18,640
Ok some corrects. The US DoD doesn't use IPv6 because it requires each device be visible from the outside. IPv6 was designed to work for an ideal situation not a practical one. There is no way to do NAT masquerading and those who write the standards adamantly refuse to allow it. They envisioned a world where every single device is a node and gets a unique address connected to a huge world network. Great for a SF book or movie but horrible for privacy and reality reasons. Currently IPv4 use's NAT masquerading to hide a private network from a public one. Anything on the public side has no ability to count, monitor or otherwise discern whats on the inside of the private network. And thus your ISP just provides you with a single external IP address and you handle the rest.

With IPv6 each device would be communicating with its own unique address. The ISP will be able to count, monitor, meter and shape traffic for each device. Your data plans will contain caveats saying your only allowed unlimited data on the first two devices then a surcharge of 2.99 on each additional device connected. What your using a XBOX 720, well our network is partnered with Sony's PSN for "preferred" service so that will be an additional 19.99 per month for the "gold gaming" package. PC #3 is streaming video from a non-authorized multimedia site, your media package plan only covers streaming from PC's #1 and #2 and only to our authorized media sites. That will be another 19.99 per PC for the "extended media" package.

If you doubt for a miniute this will happen just read up on the recent FCC vs ComCast battle about control. ISP's already want to shape, monitor, meter and control your data streams. If you check your ISP's data plan you'll notice it only authorizes one PC or home device connected. They have no real way to track the number of devices using their services so most people ignore that part. Once they can track the number, how long till they see this as a "new untapped revenue stream"?

Eventually someone will design and standardize a form of NAT Masquerading for IPv6. One that completely hides and obscures the source address in such a way as to make it impossible to differentiate it from others. When that happens IPv6 will become popular, not until then.
 

scimanal

Distinguished
Aug 4, 2008
4
0
18,510
IPv6 is compatible with IPv4... You can do a IPv6 to IPv4 Nat at your gateway and provide a NAT layer. There is no reason to get in a bunch about it. When we lose IPv4 public addresses, this will first affect the gateway devices, and doesn't mean the need to redo your internal networks at all. This is only an issue for the edge devices of a network. There are plenty of great uses for IPv6, and you still can maintain a level of control with IPv6 firewalling. A mobile phone would have an IPv6 address, because this would help facilitate things like video calling, and other features. Keep in mind that your home network functions just fine, and there is no reason it will stop working. At some point there will likely be a NAT exchange to an IPv6 powered network, whether it is your cable modem doing it, or the ISP, or your own edge device. Smaller companies will gain the benefit of running older phased out IPv4 gear behind an IPv6 gateway.

ISPs already know plenty about what is going into your home network, and using NAT as a security measure is not a good practice. Also, keep in mind that creating an edge oriented security system leaves your insides vulnerable to all sorts of silly things if they get past your outside line of defense. In the vision of IPv6 it is much smarter to not trust anything and secure your communications on an as need white list basis to anything/one trying to communicate to you. Net Neutrality if it persists would not allow the situation you are describing, whether it be on IPv4 or IPv6.

IPv6 it is important to remember, is not another kind of cat5, it is simply an international language for data to travel on the wires as.

I think I mean to leave with one final comment, I don't mean to belittle or disregard the valid concerns raised here, but I do want to point out, we all have our private networks today, and if the internet expands, there are still plenty of tricks to consolidate services down to fewer IPs, and when pushed business will go with it. For the home user, I expect this to have the very smallest effect, I would predict this to be similar to the switch to digital television, it really in the end was not that big of a deal.

"Ok some corrects. The US DoD doesn't use IPv6 because it requires each device be visible from the outside. IPv6 was designed to work for an ideal situation not a practical one. There is no way to do NAT masquerading and those who write the standards adamantly refuse to allow it. They envisioned a world where every single device is a node and gets a unique address connected to a huge world network. Great for a SF book or movie but horrible for privacy and reality reasons. Currently IPv4 use's NAT masquerading to hide a private network from a public one. Anything on the public side has no ability to count, monitor or otherwise discern whats on the inside of the private network. And thus your ISP just provides you with a single external IP address and you handle the rest.

With IPv6 each device would be communicating with its own unique address. The ISP will be able to count, monitor, meter and shape traffic for each device. Your data plans will contain caveats saying your only allowed unlimited data on the first two devices then a surcharge of 2.99 on each additional device connected. What your using a XBOX 720, well our network is partnered with Sony's PSN for "preferred" service so that will be an additional 19.99 per month for the "gold gaming" package. PC #3 is streaming video from a non-authorized multimedia site, your media package plan only covers streaming from PC's #1 and #2 and only to our authorized media sites. That will be another 19.99 per PC for the "extended media" package.

If you doubt for a miniute this will happen just read up on the recent FCC vs ComCast battle about control. ISP's already want to shape, monitor, meter and control your data streams. If you check your ISP's data plan you'll notice it only authorizes one PC or home device connected. They have no real way to track the number of devices using their services so most people ignore that part. Once they can track the number, how long till they see this as a "new untapped revenue stream"?

Eventually someone will design and standardize a form of NAT Masquerading for IPv6. One that completely hides and obscures the source address in such a way as to make it impossible to differentiate it from others. When that happens IPv6 will become popular, not until then."

"And this isn't going to be enough time before "the sky starts falling".

The problem with all this is the fact that they still have 200,400,000 (200.4 million) addresses to allocate. In fact, there are still more in reserve, because certain companies (and notably the United States Department of Defense) still have whole blocks of 16.7 million IPs each, which they don't need (as I said earlier, the Department of Defense has 200.4 million addresses allocated to it.)

You'd figure that the DoD would have already upgraded its systems as a matter of national security. Well, guess what? Looks like they haven't! I wonder why?

This is the problem- it's not the software, it's the hardware that powers it. Almost any operating system and program can be patched to use IPv6- and indeed most OSes do this, but the problem is the unpatchable- the old hardware that most of us have no doubt accumulated over the years, and still use. If you think you've spent a lot of cash on routers and switches, you haven't seen the enterprise- the thousands of 16 and 24-port switches and routers and fiber-optic switches and infrared links and all that, that don't support this protocol- even those made this year.

Have any of you actually seen a (unmanaged) router or switch that is IPv6 compatible? I didn't think so.
Have any of you seen any mobile phones (smart or dumb) that have IPv6 addresses on them, or at least can even support it? No again.
How about your NAS boxes? No? Surprise!
And how about your brand-spanking-new Google TV? You get 3 guesses, and the first 2 don't count for that one.
And how about that $5000 dollar VoIP unit that your workplace just got? No again- and forget about tunneling THAT one!
How about that tablet that you're looking at (in that chart up there)? NO- it doesn't support v6.
And, in the case of the DoD, how about the vital networking devices that cost a LOT of taxpayer money to get? And how about all the old military technology that's still based on v4? How much will that cost them to replace?

Don't get me wrong- if another protocol does not rise to replace IPv4, the sky will cave in- because certain developing countries will run out of addresses to name their computers. We, as (principally) North Americans won't have it as bad, except for companies that are just starting up and need certain equipment that needs an IPv4 address.

Therefore, there is a great need to replace IPv6 with another protocol that is completely backwards-compatible with IPv4, with the feature set of IPv6- because if that doesn't happen, the Internet sky will certainly become unstable and break.
Tunneling is great, but it will cause large headaches for those who use it, and some programs just won't work at all (if you're stuck with v4 hardware).

I, for one, will not be running out to get an IPv6 router just because I can (and because the majority out there don't have it), and because most network providers do not supply v6 addresses- if you get a free gateway with your Internet connection, look at it, and see that it's IPv4.

This is the problem, and until it's fixed..."
 

palladin9479

Distinguished
Jul 26, 2008
193
0
18,640
Companies are ~already~ trying to charge per content instead of a flat rate. Their limited because they don't know how many game systems, PC's, laptops or other devices you have inside your home network. The moment that data becomes available it will become a new "revenue stream".

And while IPv6 is backwards compatible with IPv4, IPv4 is not forwards compatible with IPv6. You have your tunneling idea reversed. An IPv4 device can ~never~ communicate with an IPv6 device. The IPv6 device must run a dual stack and use the IPv4 stack / address to answer the IPv4 request. Simply put, the IPv4 device can't address an IPv6 address. Encapsulation only works between two IPv4 devices over an IPv6 network.

And check the IPv6 documentation. It specifically prohibits masquerading of host address's. Each device use's part of its MAC, EUI-64, as the last 64 bits of a IPv6 address. This makes each devices IPv6 address globally unique and allows global communication and identification. Great for intercommunication and SF books, really really bad for privacy. Anyone sitting at your ISP will be able to count the number of unique IPv6 address's your are using. Using the first part of the EUI-64 they can determine the manufacturer of your device and the kind of network unit its using. They will be able to tell if its a phone, a PC, or a game system. They will then be able to meter and charge for the bandwidth that specific device is using. They can even take it a step further and throttle the bandwidth to specific devices, or limit the speed to specific sites and media providers. And since the majority of home ISPs are part of your cable company, they can get really evil with this. They provide you a "home digital media experience" package, and since its their media device your loaning you they know its MAC / EUI-64. They then allow full bandwidth for that device across their networks but severely restrict bandwidth allocation for any other media device.

Think this is too much, want to talk about net neutrality? The supreme court recently ruled that the FCC has no legal authority to enforce net neutrality on ISPs under the current deregulated system. The FCC is being forced to re-regulate ISP's as "telecommunication service providers" instead of broad-band providers. This is because TSP's are required by law to allow unimpeded traffic to and from their competitors and to / from other networks. Commcast already wants to meter and charge their users by service and not a flat rate plan. The better you can hide your network the better it is for you. IPv6 does not allow anyone to hide their networks, it fully exposes your system to the rest of the world. All under the notion that we'll have this Utopian global network.
 

palladin9479

Distinguished
Jul 26, 2008
193
0
18,640
Ok and now the final mention about NAT and IPv4 vs IPv6. The dirty little subject every network administrator and pro-IPv6 will sidestep and dance around, the subject of network security. When NAT was first appearing it was an system for home users to allow multiple PC's access to the internet through a single dial-up phone connection. ISP's wanted each PC to have its own account, this requires another phone line to be installed and often another ISP subscription to be paid. This starts to look expensive quickly. Later this technology was developed to allow multiple PC's to share a single DSL / cable internet connection. Sharing a single Cable connection doesn't require NAT, you can plug a switch into the back of a cable modem and each PC will draw its own IP address from the ISP. Except the ISP's still maintained a "one PC, one IP, one account" policy and would require the individual to buy another subscription for their second PC. So in comes NAT to effectively hide the local PC's from the ISP through the use of the single public IP address. NAT was never designed to alleviate the global shortage of IPv4 address's. It was designed by clever home users to hide their home networks from intrusive ISPs and service internet to all their devices without having to pay extra fees. It was the natural evolution of the web proxy. Instead of proxying HTTP requests it would instead proxy network packets by rewriting their headers.

The interesting side effect of this is that it makes the local network completely separated from the global network. It is impossible for a device on the global network to directly address or communicate with a device on the local network. This means the local network devices are protected from any form of buffer overflows, underflows, or security flaws in the network stack. A hacker sitting on the global side of the NAT boundary finds it rather impossible to get their dirty packet + payload to an end user inside the local network. Instead they must now rely on 3rd party methods. They must deposit their payloads on websites and entire users to go to the website and execute the payload. We've gone from hacking the protocol / transport layer of the OSI model to hacking the application layer. A bad guy sitting on the global side of the NAT boundary can not scan inside the local network, they can't port scan, they can't listen to see which traffic is being sent and thus deduce which applications your using. All that traffic gets bundled into a single outgoing IP address that is being used by a device that has minimal process's running and is 100% expecting the hacker to be knocking on front door. In the era of Windows 95, a poorly secured OS this was a godsend.

Since then OS's have become more secure but their still complicated devices. A proper systems administrator / security administrator can secure an OS from potential attack. But your average Joe Black surfing teh pornz will have absolutely no idea how to do this. A stateful firewall is an awesome thing, but again it needs to be configured properly to be useful, and that same Joe Black won't do this. Stateful firewalls can only protect you from what they know about, they will not protect you from unknown methods. The most you can hope for is that they have an explicit drop all as a policy.

Which comes to the final point, security is a layered concept. You secure your systems in layers. From network boundry (firewalls / NAT) to network local (host firewalls) to OS (user ID / passwords and restricted root access) to the applications themselves (anti-virus / application permission restrictions). Why on earth would someone knowingly remove one layer of their security out of some idealistic belief? The "IPv6 makes NAT necessary" is about as smart as "firewalls make ACLs / anti-virus necessary". You layer your security with as many layers as possible to prevent the bad guys from doing anything to you. And masquerading your entire local network from public view is a very good idea. Me personally, I'm slightly paranoid about identity theft and bad guys getting inside. And I'm not alone, security guys across the world cringe at the thought of some outsider being able to enumerate and map out their entire network from outside the perimeter. Its like giving the bad guys a target list of your most vulnerable systems. The #1 reason corporations haven't adopted IPv6 is their network / security guys tell them it isn't a good idea. They tell them this because it doesn't make security sense to remove one of your layers "just cause".
 

techguy378

Distinguished
Jul 14, 2009
264
0
18,930
[citation][nom]mavroxur[/nom]There's no reason for every pc/pda/phone/tablet/toaster/ceiling fan on the planet to have an externally visible IP.[/citation]
Yes there is. Because they can.
 
Status
Not open for further replies.