The Internet is Running Out of Space

Page 4 - Seeking answers? Join the Tom's Guide community: where nearly two million members share solutions and discuss the latest tech.
Status
Not open for further replies.

NapoleonDK

Distinguished
Nov 3, 2009
218
0
18,840
[citation][nom]zachary k[/nom]i am about to finish my CCNA i am taking in HS.[/citation]Hey good luck on the test man! What did you do for the final case study? We had an assigned case study but my peers and I threw it away and built a totally bad-a network that (physically) covered three corners of our school, and used every different transmission media we could get our hands on! Imagine going from 10Gb fiber to 1Gb eth, then ISDN, and a crapola of V.35 cables with some frame relay thrown in just for the heck of it, then back again in reverse order. VLSM, CIDR, NAT, PAT, everything we covered in CCNA I guess uhm... Crap I think I've forgotten everything I learned! :(
 

NapoleonDK

Distinguished
Nov 3, 2009
218
0
18,840
[citation][nom]NapoleonDK[/nom]...Then back again in reverse order...[/citation]Oh BTW, I'm not saying that network was fast,(serial links duh) nor was it pretty. Our goal was to use every bit of tech we had and document every phase. That meant using the crappiest oldest junk you can imagine... =\
 

gm0n3y

Distinguished
Mar 13, 2006
1,548
0
19,730
Uh, haven't read all of the comments, but there will be more than mere 'trillions' of addresses. IPv6 will allow 2^128 (about 3.4×10^38) addresses. The current system allows 2^32 (4.1 billion or so). That size difference is like the difference between a single inch and the distance from here to the sun.

From wikipedia:
Approximately 5×10^28 (roughly 2^95) addresses for each of the roughly 6.8 billion (6.8×10^9) people alive in 2010. In another perspective, this is the same number of IP addresses per person as the number of atoms in a metric ton of carbon.
 

cronik93

Distinguished
Apr 15, 2010
100
0
18,630
Get rid of all pr0n websites and torrent sites and the internet will be full of space for decades.


All good things come at a cost.
 

borisof007

Distinguished
Mar 16, 2010
186
0
18,630
[citation][nom]palladin9479[/nom]IPv6 has been supported by nearly every network device for the past five years. Your $80 home router supports it now, and you can get its support on Windows XP and beyond.[/citation] The guy's right. Connect to your router if you're at home and you'll see that there should already be an option to operate on IPv6.
 

mdc837837

Distinguished
Mar 25, 2010
4
0
18,510
"April 2012, mere months before the world will come to an end."
whoa there kevin parrish. way to assume the world is going to end in 2012. c'mon, man. keep this to a tech article and keep the myths out.
 

brett1042002

Distinguished
Jun 17, 2009
65
0
18,590
You see guys... The Internetz is a bunch of pipes. All these pipes are clogged up with porn, Viagra advertisements, and chocolate rain. What we need is some sort of Internetz drano and a good plunger.
 

uwave101

Distinguished
Jan 26, 2010
2
0
18,510
While this may not sit well with some companies, they can always take some IPs back. I think most of the 16-30 or so Class A blocks are owned by a single company. I know HP owns the entire 16.xxx.xxx.xxx block and I really doubt they need all 16 million of these addresses...they only have 300k employees. Just disallow all/most Class A blocks.
 

badaxe2

Distinguished
Aug 27, 2008
180
0
18,630
If they got rid of 99% of the porn out there they'd free up plenty of space for more worthwhile stuff. And ironically enough, the internet would probably still consist of mostly porn lol.
 

blackbeastofaaaaagh

Distinguished
Jan 22, 2009
74
0
18,580
@ palladin9479
If you want to hide your address space in IPv6 you don't need NAT. Simply use link-local addresses. Any client with a NIC card can automatically set it up without any user intervention.

No one will miss NAT once IPv6 is fully deployed.
 

palladin9479

Distinguished
Jul 26, 2008
193
0
18,640
Those above who have questions about IPv6 and IPv4 and NATing.

Right now there is heated debate by those who designed IPv6 on creating some sort of IPv4 to IPv6 (and back again) bridging technology / 1:N NATing. The original design theory for IPv6 was a quick all at once cut over with almost zero backwards compatibility forseen. An older IPv4 system can not directly address a IPv6 system, and an IPv6 system can not directly address an IPv4 system. That is why everyone's running dual stack with both IPv6 and IPv4 at the same time. Windows vista + installs the IPv6 stack by default just for this reason. No matter how great IPv6 seems, the fact that a system must run IPv4 in order to talk to 95% of the current world means it'll never go away. 64-bit computing has been around for decades, MS started building 64-bit Windows back in 2003 with XP and Server 2003, yet applications are still being compiled as 32 bit x86. Thankfully 64-bit CPU's and 64-bit OS's can execute 32 bit programs just fine, so there is no barrier to a gradual adoption.

IPv6 in its current state will never be adopted globally, its just too rigid on its requirements. It assumes a perfect world scenario and thus becomes an ideological standard instead of a real one.

Current IPv6 has no method to hide internal IP's from external devices. The designers deliberately designed it such that it would be impossible to do that. They envisioned the entire internet as a huge cloud of interconnected nodes all being capable of talking directly to each other. The node in London England wanting to send a packet to the node in San Francisco can do so directly. The gaming console in France can send packets directly to the mobile phone in Mexico. Protocols wouldn't have to worry about masquerading or other packet magic going on because IPv6 states routers won't alter packets to hide identities. But at the same time, that guy in China can send packets directly to your PC in Dallas, the guy in Iraq can send packets directly to a banks system in New York. IPv6 relies entirely on expensive stateful packet inspection on firewalls for security. There is no "private" non-routable address space in IPv6 like there is in IPv4. Every address is unique and may be routed over the global infrastructure. Its idealic but relies on humans being nice to each other.

With IPv4 NATing you have three address's involved. One is the outside service / system using a global routable address. Another is the WAN interface on a NAT router that is using a global routable address provided by its ISP, the final is the private non-routable LAN address of the PC being used. It is completely impossible for the first system to see the third system. The first system can not send a packet to "192.168.1.1", the packet would get dumped by the global internet backbone if not earlier. Instead the first system is forced to address the WAN interface of the router without any knowledge of where this packet is going. The router then inspects the packet and looks its up on a "safe list" (aka port forwarding or the internal DNAT list) to determine what to do with it. If there is an entry relevant to the packet, the router does masquerading by swapping out the routers WAN address with the private systems LAN address and sends it on. Private LAN systems can send packets out all day long and usually unrestricted (unless the administrator wants to put restrictions), the router will automatically swap out the private LAN's address for the routers WAN address and send it on. This way every packet looks to be coming from the router's WAN interface with no way to distinguish whats inside. This presents a security layer by default because no unauthorized external system can send packets to the internal LAN client. They'll simply hit the WAN interface on the router and get dropped (usually without a reply).

Now this scenario presents some serious problems for some protocols that assume perfect two-way communication. First being that there is no way for them to broadcast to or otherwise "scan" the internal network to determine client type or initiate connections with an internal LAN system. The internal LAN system must initiate the connection to get the entry on the routers DNAT list. The work-around is the router can be configured with a port-forwarding and SNAT. Port forwarding is nothing more then a rule that sates all packets that pass firewall inspection on a specific WAN interface within a specific port range will automatically be allowed to pass to a specific internal LAN system. Such you could say all packets on port 80 should be automatically forwarded to the internal web server and what not. This requires the internal systems be static IP'd (not DHCP) and a hole be specifically opened for them. Easy to do for the administrator, annoying for hill-billy bob and grandma. Also many file-sharing protocols use random ports, so its often impossible to create a port-forwarding rule, this is the price you pay for having NAT available or using such a sloppy protocol.

SNAT is another method you can use, its like port-forwarding on steroids. Its defining a one to one translation instead of a global port allow. You specify the global IP address and port-range on the external interface then specify the internal IP address and port-range. Any packets from the global source IP and port will automatically be NAT'd to the internal IP / port. If both sides do this you have a transparent connection usually without problems. Again with random external clients and ports this is impossible to setup because everything is DHCP and random. This isn't a problem with the network as it is with protocols being designed in a vacuum.

IPv6 makes the above problems go away because anyone can send to anyone else without having to worry about FW's rejecting your packet because it doesn't recognize the connection. It also allows very bad people to do very bad things. I could stand right outside your ISP with IPv6 and do passive scans to create an entire network layout of not just the ISP, but of every single house, every single client, router, phone and gaming console connected. I could then craft my attack strategy to target specific systems, or I could just flood your mail with spam and marketing info because I now know what your using. Or if I'm the ISP I could tally up the devices and charge based on what you have connected. 1x router 9.99, 2x game consoles 5.99 each, three phones 8.99 each, there PC's 29.99 each (discountable to 19.99 for family plan).

Because of these issues IPv6 in its current state will ~never~ become adapted at the business level. If it became forced onto the general populace some coder somewhere will come up with a NAT scheme to overcome this. NAT wasn't designed into IPv4, it was invented later on, same will happen to IPv6 unless they design it into it first. It would be extremely easy to design a IPv6 NAT system by which the router swaps out the unique host ID (usually part of the MAC) with its own external WAN host ID and sends the packet on its merry way. This solution would solve the biggest problem which is getting people to migrate to IPv6 while also assuaging the concerns of corporations and knowledgeable home owners.

You ~could~ attempt to use link-local address's but those are only good between internet systems on the same subnet, and if those systems want to talk to anything external they'll have to use their global unique address, which defeats the entire purpose of link-local address's. Also link-local address's can not be routed across various subnets, at least not in current IPv6 standards. This means a corporations with large internal backbones must use global unique address's on all their systems (they have that anyway because everyone needs to talk to the internet). It really becomes a headache when your trying to protect your internal networks from outside threats.
 
Status
Not open for further replies.