Even though many ISPs have begun offering IPv6 services to customers, uptake and use of the next-generation internet technology remains low, according to a European Commission-funded study published last week. The most comprehensive survey of the subject to date found that misconceptions about the cost of deployment are delaying …
How many IP4 addresses have gone to corporations whose third-rate technicians spooked their clueless management into stockpiling as many as they could before they ran out?
It's like when the news says there's going to be a wheat shortage this winter which is going to increase the price of bread... you go to the supermarket the next morning (in July) to find not a single loaf on any shelf.
F'wits, they're amongst us!
Answer to your question - very few
I think you'll find most of the assignments of blocks to corporations were done long before anyone envisaged the problem.
More relevant is how many of the big blocks are actually reserved by the US Military. You'd expect they would have everything secured properly and shouldn't need as many blocks now.
I know when it was designed as a military network all devices would continue to function in the event of nuclear war, but are hosts really configured on those addresses, or is most stuff now NAT'd like the rest of the world.
I just did a quick check on RIPE and found well over a thousand IPV4 addresses that are still listed as mine yet they have been unused (due to changing provider) for well over 5 years now, longer in some cases. Surely these can be re-issued?
Mostly the large blocks of IP addresses were allocated before anyone thought there was a shortage. They were allocated before technologies like NAT existed.
HP for instance owns its original allocation of 15/8 plus several class B and lots of class C blocks
It then acquired 16/8 when it acquired DEC. (Damn clueless management, should have worked out who owned 14/8 then they could have had a whole /7)
As to third rate technician spooking clueless management. These allocations were made by lab engineers and the company management would have had little or no involvement. It was only later on that the companies found that these research IP networks were better than the previous networks built by corporate IT departments and used by management. But that was still years before the idea of having an internet connection at home or at a small company.
From 1981 till 1993 IP address allocation were made by class A,B or C. You got a /8, a /16 or a /24. That is how allocations worked. Even after the advent of home Internet connections (but still years before Al Gore invented the Internet) if you asked for routed IP addresses you were allocated a /24 block. At one time I had 188.8.131.52/24 allocated, that is just what you got. It wasn't until about 2000 that they started to get worried about the supply and asked for them back, or asked you to justify why you needed than many addresses.
Perhaps the owners of the large blocks should be asked to return them. But I don't think anyone will every manage to persuade them to do it.
Correct. But you can't account for the idiots companies employ. And in fairness no-one could really see the explosion in the internet and the number of devices and plan appropriately.
IPv6 may not be the perfect solution, but it offers benefits over IP4, and allows for a clean slate, so people and organisations can plan better.
Anyone with eyes and a brain could have predicted the explosion in the number of devices. It was inevitable.
Read the first 10 works of my post. Most people are idiots.
IPv6 is a luxury many enterprises cannot afford at present
i think the economic circumstances of the past couple of years have also contributed to the lack of IPv6 deployments, IT managers with limited headcount and reduced budgets have been focusing on either "keep the lights on" activities or prioritizing what ever development / infrastructure dollars they may have to other needs.
simply put for the vast majority of enterprises (large or small) IPv6 is simply not a priority in the current environment. thats not to say its the right longer term strategic decision but for most at present its about survival and essential services, that does not include IPv6
Can the implementation of IPv6 possibly be harmful?
Can the IPv6 be used to abuse privacy and security concerns?
I believe the IPv6 standard has built in a security feature, but just like the workings of any MMO game, I cannot help thinking that somehow this standard can be abused somehow.
My problem is a lack of home technology
Even if my ISP started running IPv6 I wouldn't be able to pass the packets across my router. So unless all of those router manufacturers start offering firmware, or we all buy new routers we're all stuffed anyway.
ISP's have been using ipv4 to ipv6 conversion at their end for some time. A bit like using rfc1918 space on the end of your ssl vpn's - no-one else would see them once everything switched to ipv6 - your ipv4 address would be appended to the ISP's top level aggregator (tla).
Only once the backbone was switched to ipv6 though of course.
When IPv6 basically gives away my MAC address, and makes me abandon NAT into the bargain?
Forgive me if I'm being ignorant here, but no-one has yet explained to me quite how this improves my security...
More clue needed
you really need to get a clue.
ipv6 does not make anyone abandon nat. if you want to nat everything behind one ipv6 address, go ahead.
as for your mac address question, wtf? please explain how "security" is improved by concealing that. ever heard of security through obscurity?
oh and if you knew anything about ip6 addressing, you'd know that these don't *have* to use mac addresses. the mac address for the ipv6 interface on a.root-servers.net (2001:503:ba3e::2:30) is certainly not 00:00:00:00:02:30.
wider meaning of security
knowing someone's mac address may not help someone to hack them*, but it means you can track someone across IP changes.
though yeah, the solution is "don't use your mac address in your ipv6 address"
*though for OEM PCs it might give you a clue on things like what virus software could be installed, or if it's a server board etc.
But who has the problem?
If you've already got your class C or whetever for external facing connections and your inside NAT running fine then isn't the motication for putting all the work in pretty minimal?
Unless I misunderstand spectacularly the problem surely only really worries ISPs and Mobile companies who actually need new addresses in bulk: its hardly suprising with all the other problems we're facing that the rest of us hardly care...
Won't it will only really be a problem once serious numbers of organisations public facing systems or whatever are only accessible via IPV6 addresses?
You only really need to upgrade your DHCP or network devices, even just the ingress router would be able to do the job. Just append your ipv4 address to the assigned TLA and bob's your uncle. You wouldn't necessarily even have to use ipv6 addresses on your hosts.
Is motication? Is it similar to motivation?
Grammer Nazi, because there isn't a spelling Nazi icon.
We're all language nazis now.
Is motication what? What is a grammer? Why have you capitalised a generic noun?
What has rising smartphone use got to do with this ? They all sit behind NAT, and probably should continue to do so for security reasons !
Connectivity issue - between humans!
One other barrier to entry, and I don't think it's a small one, is the difficulty of communicating an IPv6 address between humans. It's frickin' LONG, it's in hex, and even if you're just telling someone what the host part of the address is, I can only imagine the typos and transcription errors that are going to drive a lot of us mad when we're troubleshooting connectivity issues.
There's something elegantly simply about an IPv4 address. Maybe it's just because we've been doing it for so long, but I'm sure not in any hurry to be setting a static IP of 1a33:43b6:d435:9045:8acc:34f0:29bd:2910 and then calling someone on the phone to tell them what it is. Even pinging an address like this is going to suck!
It's so much easier to ask clients and even family, "Can you ping 192.168.1.1" or telling them to type the same into their address bar for network troubleshooting.
DNS is great for resolving the human readability issue with IP addresses, and worst case scenario, it's not so bad to jot down or remember a few three digit numbers with IPV4. I know the IPV4 schemes for many of the offices in my organization by heart.
Troubleshooting TCP/IP issues with IPV6 seems like it's going to be such a pain without being able to copy and paste the address you need. That's what really kills me for adopting it, but best to get ready for it now I suppose.
Are there any consumer grade routers that support IPV6?
Are there any real benefits for end users to move to IPV6?
$ nslookup -type=AAAA www.theregister.co.uk ns1.theregister.co.uk
*** Can't find www.theregister.co.uk: No answer
IP6 doesn't work yet
I don't WANT ANYTHING on my LAN to be public on the Internet.
NAT may have been invented to get round not having enough public IPs.
But today you are a Moron to put anything other than Firewall/NAT/Router on the Public IP.
Where is the IP6 security? see http://www.theregister.co.uk/2010/08/06/ipv6_security_nightmare/
The original US Universities and Gov and Companies have Millions of IP4 where they need hundreds.
There is no real shortage. It's artificial.
IP6 creates more problems than it cures.
IPv6 can do NAT just as well as IPv4.
please switch off the idiot magnet
> IP6 creates more problems than it cures
this is a remarkably silly claim.
fact: there is already a lack of available ipv4 space today and it's only going to get worse.
fact: there is going to be an acute shortage of ipv4 very soon and it *will* hurt
fact: ipv6 is the only way to address that shortage (excuse the pun)
fact: some people will only be able to get or afford ipv6 once v4 runs out
fact: demand for internet-enabled devices and services continues to grow - rfid tags, smart meters etc - many of these can't use rfc1918 space (too small) or get enough ipv4
fact: 4 billion ipv4 addresses is not enough for a world of 6bn people, no matter how those addresses get shared and used or nat'ed
now, what was it you were saying about causing and curing problems?
btw, the "security nightmare" url you refer to is just the usual bullshit, errors and fud about how bad things happen if you don't configure firewalls and acls properly or disable security settings.
Here be idiots
Surprise, surprise - IPv6 supports locally routable (private) as well as globally routable (public)address spaces. You might want to do some light reading before posting further - try:
IPv6 works quite well. The security nightmare will arise when people like Mage, who think they know what they're doing, start using it.
Why not use IPv6 NAT?
If you don't want your systems directly on the public LAN.
Deferring the inevitable
But there are still around 50 organisations that own class A (/8) IP ranges - mostly allocated in the 90s. The idea was that IBM, HP, GE, UK-MOD ... needed that many to allow them to have more than 60,000 IP addresses. Now everyone uses private addresses (10/8 etc) for internal devices, they can't conceivably need more than a /16 range for their addresses that need to be publicly routable. If they could be persuaded to hand them back to IANA, there'd be plenty of addresses for a few more years. Alternatively, when IPv4 addresses do run out, they can set themselves up as a registry and flog them off at 'what the market will bear'.
Full list here:
close, but no cigar
The internet is eating through a /8 of IPv4 space every month. So even if those legacy Class A holders renumbered and handed these back, it's not going to help much. If IANA somehow got another 6 Class As back, that just postpones the end date by six months. A few of these already have been recycled. There's not much left to reclaim. IANA have explained this many times now.
FYI not "everyone" hides their internal net behind private address space. Even large enterprises.
And yes, once the RIRs run out of IPv4 there will almost certainly be a market in IPv4 space. But what's it going to cost to get a /16 say? [$250K is the going rate today IIUC.] And how do you know you're buying that space from its true "owner"? Or that the seller hasn't sold the same block to several gullible punters? Or the seller is still using the space? Or that you'll get an ISP to route that space? These are the known unknowns. There are bound to be more: the ones we won't know about until this market emerges.
All that uncertainty could be avoided by switching on IPv6. Apart from most CPE, all your kit already speaks IPv6. There's plenty of IPv6 space and it's cheap. It just needs to be used.
"... marked themselves out as technology laggards ..."
That is all.
At work, I have IP6, Tunnelled (only because RouterBoard 4.11 doesn't support Native over PPPoE) at home, I have native IP6, using DD-WRT. I'm an IT Manager and I have no problem with this. However, How many Consumer-level ADSL routers support IP6, either Native or tunnelled. I work closely with an ISP that has IP6 available. I have asked the ISP where my colo box's are a number of times about IP6, and still they haven't delivered. I do however have a tunnelled IP6 connection on them.
I intentionally host some services only on IP6, including my web-mail. and I have worked a way to have an IP6 address on my laptop whether I'm at home, in the office, in the pub, or on a train. what actually needs to happen is consumer-grade routers need to support IP6, and the ball can then get rolling.
users won't change
The plain fact is most end-users will not bother to change because there simply isn't any benefit in them doing so at the present time, but there would be a fair bit of hassle.
I played around with IPv6 for a while last year to see what it's all about. However even if you manage to get all your existing hardware and software working with it, the net benefit to you is... zilch! Unless, that is, you can think of a reason why your toaster and fridge should have their own public IP address.
There's vague promises of better security, but for home users being behind an ipv4 NAT router is in itself a reasonable security measure.
Wanted: IPv6/IPv4 *home* routers
As others have noted, the problem--at least in part--is home routers. I have a mix of machines running various OSs, back to Win98SE, but including Linux, XP, Vista and Win7.
What I would look for would be a home router that will handle IPv6 on it's public side and IPv4 on the private side.
If the ISPs want to create an incentive for people to switch, offer a small static block of IPv6 addresses at no additional charge over current rates.
There really is no need for this to happen.
All the ISP's need to do assign your home router a bogon or rdc1918 address, then prepend this to an IPv6 TLA at their end before sending it on to the rest of the world.
The ISP's need to start building their IPv6 networks out to the consumers and not just as a bolt-on for net savvy companies.
As several have pointed out ...
A key component is consumer grade equipment - in which IPv6 is conspicuous by it's absence.
Until consumer endpoints have IPv6 addresses, then services offered over IPv6 are going to have a limited market - hence a low priority for most people in putting the effort into providing them.
So where are Netgear, D-Link, Zyxel, Draytek, et all in the IPv6 rollout ? Given their current lack of visible progress, you have to wonder not so much if they are actually in the game, but even if they know where the playing field is !
AARON is slowly reclaiming un used IPV4, but only in north/south America.
IPv4 will be with us for a while
"IPv4 exhaustion problem has become a reality."
Erm, no it hasn't.
What's needed is to stop handing out "real" ip addresses to dial-up/adsl home users. They don't need them. Mobile phones generally don't get them anyway - they get something in the 10s.
Carrier grade NAT will arrive before anyone gets around to rewriting the gazillion line-of-business applications which assume IPV4.
Dial up = ADSL?
Since when was ADSL equal to dial up?
I have a couple of services exposed to the public in my adsl connection (which is alway connected, with a *static* ip). I would be seriously pissed if my ISP decided to put me behind a NAT, since that would make such a setup impossible (or almost impossible atleast)
Not impossible, hardly even difficult
Even if they gave you an interface to forward ports? Many ISPs will routinely block ports 25, 135, 137, 445 and don't much like 80 or 8080 either, but thanks to the nature of many protocols that are suck to advertise on alternate ports (HTTP, SMTP, HTTPS), the ISP can use the host header to proxy from the outside to the correct customer. Most other service ports are easily and commonly altered anyway, so it won't be a problem to use any random port.
We already NAT or Proxy everything off of two IPs (and one is nothing but a second RDP address, could be modified if it was a problem), it used to be nearly a dozen. Gave back all but a handful.
Takeup is slow?
Duh, of course it is, for the simple reason that being connected to IPv6 (as opposed to being connected to The Internet) doesn't give any benefit for the two groups of people who matter: the users, and the content providers.
ISPs are a small band who sit in the middle, and can moan all they like about IP address depletion (because it will probably start costing them more to get IP addresses), but the users don't give a hoot.
Right now, if you go the recommended IPv6 deployment approach - dual stack - then you are connected to two networks. One is The Internet, and the other one isn't. It's just like the days when people connected to IP and X25, or IP and CLNP. The one which wasn't IP didn't have the content and services that the users wanted, so it withered away.
Even if by some huge stretch, just imagine that 50% of the content on the Internet was also available on the IPv6 network. People would still need IPv4 connections to access the rest of the Internet. So they've gained absolutely nothing by deploying IPv6 (*).
The pain and cost in going dual-stack is huge. Not only does your OS need to change, but all your network-aware *applications* need to be modified too. Sure, things like Cisco routers nominally support IPv6 - but try turning on the full set of features you need (let's say MPLS and IPSEC), and see if it works. Pain and expense without business benefit = no deployment.
Of course, content *providers* will have to remain on IPv4 indefinitely anyway, to keep themselves visible to the IPv4 users, which in circular fashion means that users who stay on IPv4 are the ones who benefit most: they can still access the whole Internet, and they avoid the costs. Any content provider who went IPv6-only would be suicidal.
There's only one way in which you'll get IPv6 deployment, and that is to embrace NAT. Treat IPv6 as a sort of super-RFC1918 address space. Run only IPv6 on your corporate or campus LAN, and have NAT/PAT gateways which let you talk at least TCP and UDP to the IPv4 world.
Unfortunately, the IPv6 nazis are so anti-NAT that they have decreed this is a forbidden approach - it's dual stack or nothing. They shouldn't be surprised, then, if nothing is what they get.
(*) Remember that IPv6 doesn't solve *any* of the problems of IPv4 - such as multi-homing, mobility, or security. IPv6 may mandate IPSEC in the spec, but without a global keying infrastructure, it gives you nothing more than IPSEC on IPv4.
Think of it like this.
The ISPs are the ones who provide the content to both the users and the content providers. If they can't get more address space to handle their increasing number of customers, what happens when a user or provider wants an IP address and the provider doesn't have any to provide?
And before you say just put the users behind NATs, do you know what's one of the user's greatest frustrations about NAT? Talking to a user *behind another NAT*. If a user is behind a NAT, particularly one not under his/her control (which would be the case if the ISP hosts the NAT), then picking up something from another user behind a different NAT (especially in a protocol where an intermediary is discouraged) is going to be bloody difficult.
This is one reason the people behind IPv6 are against NAT--they want machines (that are public-facing) to be directly addressable over the IPv6 internet for the sake of simplicity.
Indeed, the end-user benefit is moot
The last time there was a problem of this class it was with DECnet Phase IV (16 bit addresses). Users mostly migrated to TCP/IP rather than DECnet Phase V (which, incidentally, formed the basis for one early proposal for IPv6) as they actually got something positive out of the pain of transition - the ability to talk to the Internet (which was at the time of a similar scale to the research-based DECnet networks).
In this case, there isn't anything positive to get for existing users. Obviously the first IPv6-only endpoints are going to have a problem in that they're going to be on a small island with a few other castaways, but that's going to be perceived as their problem.
As things stand, you can't have universal connectivity until everyone migrates. But you can't have a migration that requires end-users to do anything remotely technical (you could have done whe IPv6 was first mooted but you can't any more) and which stops existing applications working (which is pretty much inevitable with the way sockets are abstracted).
What ISPs could do is intercept DNS lookups from IPv4 end users and return a fake IPv4 address for IPv6-only hosts which they simultaneously arrange to relay to the remote host via v4/v6 translation - NAT multiplexing using IPv4 network addresses rather than TCP port numbers. Voila - full connectivity and migrate at your leisure. This however has been deprecated by RFC 4966 for reasons that seem mostly spurious (IPv6 mobility breaks, as if anyone cared, and the need for the translator to be on the path to the IPv4 host - er, where else is your network equipment going to be located relative to an ADSL endpoint?).
All the migration scenarios I've seen seem to be aimed at keeping a few legacy IPv4 systems around in a mostly IPv6 world. It's actually going to be the other way around - accommodating a small initial number of IPv6-only systems in a mostly IPv4 world - and I foresee a resurrection of NAT-PT/DNS-ALG as this realisation slowly sinks in.
Re: Think of it like this.
> what happens when a user or provider wants an IP address and the provider doesn't have any to provide?
99% of users don't care. As long as they type www.porn.com into their browser and get a page back, they don't care if it's gone through 3 levels of NAT or not. Business users see it as a security advantage.
I agree there are minorities who are interested in direct addressing: e.g. peer-to-peer filesharers, gamers (although many games are server-based anyway), and VOIP users. These may actually take the trouble to configure up their IPv6 stacks, and pay to replace their CPE routers. They will not displace the IPv4 majority though.
More IPv6 hype
I work for an organisation that used to be an ISP (back in the dim, distant past). We've still got over 8000 addresses assigned to us - and we use about 5% of them.
The IPv6 scaremongering is laughable. I remember first being told the IPv4 world was coming to an end in about 1995 - that everything would be running IPv6 by the year 2000 or teh intarnetz (or whatever the meme was back then) would fall over and collapse in on itself like a dying star. Fast-forward 15 years and we're still in exactly the same position.
All the shit about smartphone uptake finally spelling The End (tm) for IPv4 is ludicrous - every single smartphone on Earth is proxied through a bank of addresses that the ISP has - it's not like we're all running around with public addresses on our Androids/Jesus Phones. The crap about the Chinese swallowing up all the addresses is also pants - they're running everything through state-controlled ISPs that probably have about 40000 connections proxied through the same IP.
I can't see any need for it at anything other than an ISP level for decades.
More IPv6 hype
Interesting. So you have 7600 addresses that you aren't using? You are aware that the condition of retaining IP addresses is that the reason for requesting them is still valid? You'll be returning them to the appropriate Regional Internet Registry won't you? As per your contract?
The IPv4 shortage is real. Yes, there are a fair number of unused address blocks (like the 7600 you have), but at the current rate of usage, even if we recovered them all we would only be gaining ourselves a couple of years at the most. Sooner or later a broadband customer will be connected who doesn't have an IPv4 address. V4 - V6 NAT will enable them to reach the V4 world for a while, but isn't a long term solution for the reasons enumerated above. However, content providers are increasingly dual-stacked and all modern operating systems: Linux, Mac and Windows (from Vista onwards) work perfectly with Ipv6 with no configuration required.
IPv4 runout will happen sometime in the next couple of years. Many people won't notice as long as ISPs and content providers manage things properly. But that is the crux...
natting customers doesn't matter; also ISPs could use transparent proxying
I can imagine that many ISPs will put in place transparent web proxies which will hide ipv6 from many of their users - it requires some hackery with DNS to test for both A and AAAA records and prefer the latter. Since some ISPs already force use of transparent proxies, it's not going to matter to many people.
99% of consumers in the UK will have a regular NAT (modem/)router and won't have any port forwarding set up, so if their ISP puts new customers behind a NATting router they won't even notice... although they may require UPNP which does make life more interesting.
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- 20 Freescale staff on vanished Malaysia Airlines flight MH370
- Neil Young touts MP3 player that's no Piece of Crap
- Review Distro diaspora: Four flavours of Ubuntu unpacked
- Did Apple's iOS literally make you SICK? Try swallowing version 7.1