Hide it behind a NAT?
Does every home router really need a public internet address? Can't ISPs hide all those home routers behind an overload NAT? That would cut down the number or IPv4 addreses in use.
Less than three per cent of IPv4 address space is still to be allocated, after two huge chunks were given to American and European ISPs. ARIN and RIPE, which administer IP addresses on either side of the Atlantic, each received two /8 address blocks in November. A fifth block went to their African equivalent. The moves leave …
Does every home router really need a public internet address? Can't ISPs hide all those home routers behind an overload NAT? That would cut down the number or IPv4 addreses in use.
A growing number of ISPs are likely to be doing this already. And customers who don't see a publicly routable IP address on the outside of their routers have no way of running a server on the inside without a much more complex setup involving cooperation from more parties. This is also going to be an excuse for ISPs to charge more to users who do need to make servers inside their home networks contactable by clients outside.
Can't see that working too well - maybe for 'budget broadband', but otherwise anything that needs to present services to the internet would break - which would include things like online gaming and VoIP and my personal email solution!
NAT is great except for one thing: it's difficult to create a hole for a server through NAT.
Imagine if, every time you wanted a service available to the outside world, you had to apply to your ISP for a port mapping! Your bittorrent client, your web server, your mail server, whatever special service you require a port for..
Unfortunately IPv6 will be like NAT for a long time: every time you want an IPv4 only service (and that will be most of the time for the first decade) you'll have to go through a translation service (i.e. NAT). No client will want IPv6 knowing only a few other users will be able to access their host directly.
What would that do to tracking those naughty people who download things they shouldn't. I imagine it would also make things harder for certain lawyers, always assuming they are still lawyers by then, to send out their threatening letters.
ps. No I don't know much about networks and NAT, my bloodsugar is low and I need some jaffa cakes and Coffee, maybe then I will re-read this and delete it.
It should be easy enough to allocate a small corner of the IPv6 address space that maps directly one-for-one onto the existing IPv4 address range, and use that to hide the mixture of protocols in use.
There, see, easy? The rest is just implementation....
...And this is why I'm 100% against this. Yeah, it's great for getting extra IPs, but it means that no one can run an internal server. Sure, it means that I can't run a web server from home, but it also means no more home-based game servers and the like. Personally, my network would be completely crippled; I wouldn't be able to log into my computer remotely, I wouldn't be able to transfer files I need, I wouldn't be able to host my webserver, FTP server, mail server, or VPN server; I wouldn't even be able to share pictures with my family. Yeah, maybe people don't NEED their own public IP address, but then again, who really needs 3Mb download speeds?
It isn't ISPs that have the extra IP addresses, but large companies; many bought huge blocks of IPs, but only use a tiny handful. If those businesses were to sell some back, we'd be rolling in address space again... meanwhile, it would be great if the various governments would switch to IPv6 like they switched to digital TV; lots of addresses there, and we could end this hysteric nonsense.
But surely the vast majority of home or even small business Internet users are exactly that - 'budget broadband' users; the Interweb is a thing they use for e-mailing and updating their Facebook accounts. It's not that different to the fact that some ISPs don't assign static IPs. So, using that same model I don't see why NAT wouldn't work for the majority of accounts, with the option of an IP address for those customers who wanted it. Yes, some ISPs may see this as an opportunity to charge extra (like some do for static IPs), but that's really a different argument that doesn't impact the feasability of this. Besides, I would suggest that most users running home servers etc probably already pay more for their ISP service than the cost of 'budget broadband'. NAT by default for the masses on BT and Sky, IP for the Zen etc users.
Services could be modified to work via a STUN server instead.
Is to grow a set of balls and demand some of the /8s allocated in the first years of the internet back.
Compaq has 2 of them (It has DECs old one as well), IBM has at least one, I seem to remember GE had 1 as well.
Nah, its one more level of indirection the ISPs need to sort through.
Besides, the lawyers involved dont seem to be particularly concerned with evidence anyway.
To quote badly from Yes minister,
"But they havent taken all the evidence yet!"
"Evidence? you dont think the comittee is going to soil its mind with anything quite a sordid as 'Evidence' do you?"
It's not just the home routers that need IP addresses, there's the ISP's internal hardware. I've seen reports that some US ISPs are struggling with that sort of internal addressing, because the biggest block of private addresses isn't big enough. Some of the problem may be an inefficient use of IP addresses which might be hard to resolve: if a particular location needs 10 IP addresses, it may work best to allocate a block of 16.
I do wonder if some of the "free router" deals are compatible with IPv6. On one hand, it's a way of getting compatible hardware out there (and simplifies support). On the other, it's a way of dumping kit that no sensible IT department would install.
[Coat... Semaphore flags... I'm just going outside. I may be some time.]
You mean like embedded IPv4 addresses - ::/96 and ::FFFF/96?
It's not a panacaea because of inherent differences between the two protocols, but it's there if needed.
Currently, most ISP's share a pool of IP addresses between their users, assuming that they will not all be online at the same time. This allows you to have a unique IP address for all the systems behind your NAT connection for the time you are connected. If you have this, then using a dynamic DNS service will work to make your systems locatable, and port re-direction will allow multiple inbound sessions to be directed to different servers behind your NAT system.
Unfortunately, the world is moving to always-connected devices, so this model is breaking down.
When DNS was first designed, they added the possibility of having well-known-services to be hosted in a map to be queried. This was to allow you to provide information such as port numbers for particular services. Since that time, everyone has got used to fixed port numbers for things like http (80), https (443), ssh (22) and the like, so WKS has been ignored.
Using fixed port numbers makes it difficult to NAT several people's service to a single IP address on the network, as they may all want 80 for example.
If the dynamic WKS support of DNS was used to hold port numbers, or something like SUN RPC (portmap) was rolled out onto the internet for inbound services using port redirection, then it would be possible to use the 16 bit port number together with a single IP address to stave off the inevitable exhaustion of available IPV4 addresses, but it would require people to be much more knowledgeable about port usage, and some changes to certain services to not rely on fixed port numbers.
It would also make firewalls a lot more difficult to write, but you would only expose the services you needed anyway, so maybe this would not be so much of an issue.
................boil every single spammer in oil - especially the viagra/penis extension bandits. That would deal with at least 90 %-age points of that overload!
Using private address space to connect every home router is no fucking use.
It won't work because some network services that use random port numbers - SIP, most P2P shit, multiplayer games - can't survive NAT. Streaming audio and video tends to come unstuck too, specially if there's more than one gadget behind the NAT box doing that.
Even if NAT could work at this scale, we're still fucked. It would only save around 30 Million IPv4 addresses: there's roughly that number of households in the UK. There are about 1 Billion smart phones and hand-held devices out there already. And that number will surely grow as more iPhone/iPad knock-offs reach the shops. They'll all need IP addresses too.
Saving a few million addresses by NAT'ing home routers will be lost in the noise. The world is using up 16 million IPv4 addresses every month. So this idiot NAT idea, even if it worked (which it doesn't), would only put off IPv4 exhaustion by a couple of months.
Then we have things like smart metering, the intelligent grid and the internet of things. IPv6 is the only way to interconnect everything that will be connected to the Interweb.
I'm an operator on a medium-sized IRC network, and the thought of having hundreds of users behind a single NAT simply makes me cringe. Any one troublemaker would cause ALL behind that address to receive a ban, either channel-wide or network-wide, which is already enough of a pain due to dynamic IP addresses. Then there are session limits... Our servers by default limit users to up to 5 simultaneous sessions for security purposes. Putting users behind a NAT would cause all sorts of "fun" not only for us but for any type of server that limits the number of simultaneous connections. Mobile phones already do this to an extent, and that sort of situation makes some sense... But overall, using one giant NAT for many users is NOT a good idea at all.
This comes up again and again whenever this topic is talked about,
Even if every one of those very large legacy IP blocks were released by their companies it would gain us, at the current rate of allocation, an extra 3 or 4 months maximum.
Hardly "rolling in addresses"
Which of these statements is incorrect?
 3% of Internet address space left leaves us only a few months allocation, says Vint Cerf
 50 /8 addresses (20% of the Internet, more if we're talking about usable space) would be exhausted in 3 or 4 months max, says RJ.
They can't both be true.
IPv6 looks rather strange:
They "should" have used the first 8 bit to tell what's coming, IPv4 or IPX or whatever, and let the rest handle itself. But here, they use the first 80bit for IPv4 compatibility, the first 7bits for IPX compatibility.
"prefix-length: is a decimal value specifying how many of the leftmost contiguous bits of the address comprise the prefix"
Or even the first 32 bits if they were afraid they're going to be short on prefixes. It would still leave 96 bits ( (2^32)^3 !) for addresses. But for f****'s sake, use fixed length numbers.
Assuming we could get them all back, for the majority of them It would take at least months, probably years to
A) Get over the legal wrangles
B) Give the companies time to sort their networks out so that the reclamation doesn't destroy them.
Which means that, optimistically we would be getting a trickle of reclaimed /8s rather than a flood and we would already have run out before most of them were reclaimed.
Now, if we could instantly reclaim them all tomorrow, that would be different.
I too think they should have mapped the current IPv4 space into the first 1/64th of the IPv6 address space.
... they just got 70 IPs back from p2p sites!
Are these people on some kind of schedule or something? I only ask because it seems like every couple of years or so for the past fifteen years, some expert has appeared out of the woodwork to start yelling that the Internet is dead, or dying, or full.
Kinda' reminds me of one of my favorite pages from the Web 1.0 days; it was a single white page, completely blank except for the large bold headline:
"YOU HAVE REACHED THE END OF THE INTERNET. Click the Back button on your browser to return to the Internet."
Someone ought to resurrect that page and stick it on 255.255.255.255
Wouldnt 255.255.255.254 be the end of the internet? .255 is a broadcast address, not a host address.
Roger Varley was apparently joking... everyone knows that the last really usable IP is 22.214.171.124.
Anything above it - Class D and E (Multicast and Reserved) is not for general consumption.
theres always one isnt there....lol
126.96.36.199 is the last internet-routable device address currently possible in IPv4. 224/4 is multicast, and 240/4 (to which 255.255.255.254 belongs) is reserved for experimental purposes. 240/4 may get thrown into the mix out of desperation, but as of now, it's unroutable on the internet.
you can never be too sure.
Ever since they let the unwashed masses on, its full of people lacking clue :P
I'm all in favour of the long-overdue move to IPv6, but meanwhile why not offer incentives to those organisations with historic /8 and /16 ranges to hand part of them back? For this to be effective there would presumably need to be some cash incentive to do so, but then prices for IPv4 address ranges are bound to increase as a result of this shortage.
3% of the Internet equates to just eight /8 ranges and there's about 50 of them still in private hands.
Problem is there's no mechanism for this to happen, and the costs to a company of renumbering may well be beyond what anybody's prepeared to pay. This only defers the problem anyway - the consumption of Ipv4 addresses is increasing in speed.
However, don't be fooled by all of the hype - even when the remaining /8s are handed out by IANA (one to each RIR as soon as there are only 5 remaining) the RIRs still have unallocated addresses, and when they've run out LIRs still have their own reserves, so although it's correct to say IANA will run out (probably by the end of Jan at current rates), it'll be some time after that before RIRs have run out as well, and still further until the LIRs run out.
When the LIR's run out you can expect to see them aggresively reclaiming IPs from within their own networks.
Please- CGN is just a *bad* idea for so many reasons - don't go there.
You don't need a cash incentive; this has nothing to do with money. Nobody owns any IP addresses. You can not buy or sell an IP address (and indeed feel free to tell your ISP this the next time they try and charge you for a fixed IP address) so there is no "price" issue.
You are right though - the likes of Ford and GM and other large US companies have huge blocks of IP addresses assigned to them, and they should be made to give them back; there is no reason why they should continue to hold on to these. I assume ARIN works similar to RIPE in that you can basically have as many IP addresses as you like as long as you can justify them. I doubt GM (for example) can justify hanging on to (hundreds of ?) thousands of addresses. I wonder why the situation has been allowed to continue in the way it has.
Because they were allocated their blocks in the pre-ARIN/RIPE/APNIC etc. days, so aren't bound under the same rules. In fact the rules for any allocation state basically that as long as the original application is still valid then they remain where they are - the fact the circumsances outside those allocations has changed doesn't make any difference.
Back when I worked for GE they had a class A '3.' but it was never actually used on the internet.
I have no idea how much of the /8 they're using publicly, but I can attest to a /16 chunk of it that is currently in use in a publicly-routed infrastructure where RFC 1918 private addressing would not work.
That's not to dispute the fact that the corps with class A allocations hardly need much of what they've got without going to IPv6.
I was recently at a General Electric (GE) company. GE have a full /8 and every machine on every desk has a public IP yet they have a restrictive firewall and only a handful of machines can access the net through any mechanism other than the HTTP proxy or have incoming permissions.
I would bet parts of my anatomy that they don't have more than 253 Internet-facing machines. I would support an initiative to take away big netblocks from companies like this that don't use the addresses externally. I think it would be fair to give them a /24 and free the rest up unless technical need and the intent to use anything more for external-facing services can be demonstrated. Unless it's someone like Google, Akamai, an ISP or a hosting provider I can't think of many companies who would pass this test.
Is it time for "use it or lose it?"
are getting clogged
I have the "perfect" solution:
It is called "Liquid Plumr Foaming Pipe Snake" (tm). (May not be available outside of the US.)
Just pour it into the pipe, and the foaming action will clean all of the crud that clings to the pipe (tube) walls.
We will probably need at least 16 large oil tanker sized ships full of this stuff PER /8 address block. But, think of the children, no more smut or crap on the `innartubes`.
we should just turn the Internet off. Seems it's more trouble than it's worth.
"we should just turn the Internet off. Seems it's more trouble than it's worth." .... Pirate Dave Posted Wednesday 1st December 2010 14:53 GMT
I don't think that will be allowed, Pirate Dave. Sorry about that. It is for the best though.
It looks like many ISPs are looking at carrier grade NAT as a quick fix, which is a shame as it breaks loads of stuff (VoIP especially) and the same effort could have been spent ages ago on IPv6.
I've been asking my ISP (Be) for IPv6 for over a year and even today it seems they have no plan. This is an industry wide fail with just a few cluefull and notable exceptions (HE, A&A etc).
On the plus side, it seems the regional registries will still have a few months IPs left to dish out after the main pool is exhausted. First come first served of course.... The rush for the final allocations could be more manic than an american "black Friday" sale!
...upstream provider about IPv6, he told me many of their routers could not pass it.
Meanwhile, I just gave back 13 addresses to my hosting provider.
As much as I like my current ISP over any of the alternatives, moving to NAT would mean I leave them that instant. I want easy access to my home network, take that away and I move on...
Honestly, I think an ISP moving to NAT brings far more issues than them moving to IPv6.
it's far too broad an over-generalization to say that NAT has more issues that IPv6. Every ISP network has varying, installed bases of hardware, which may or may not be prepared to route IPv6. The same is true for implementing CGN. In the end, both are a mess and the shift is going to be very painful.
Is it possible this is the actual disaster that was originally anticipated for Y2K? Consultants, V6-up!
Paris, who loves the point of exhaustion.
Back in the day when the Internet* was invented in 1995 didn't they also come up with this crazy plan to replace IPv4 with IPv6 (v5 must have got lost in the post) that would let your fridge have 100 unique addresses all to itself?
Wasn't also the rationale behind some of the IPv6 design decisions to allow it to organically grow and ultimately swallow up pools of IPv4 addresses, until IPv4 was a thing of the past? I'm sure NT3.5 had some sort of provision for v6.
Maybe I was wrong. Maybe it was just in my imagination.
* See what I did there? I used a capital letter. Go on, it's not that difficult.
Agreed on that point. I prefer to avoid cable ISPs over here, because they have implemented NAT since the very beginning. That's something I label as dishonest, especially because they combine it with shady traffic shaping and will also break some protocols just because they can. At least one cable ISP has seen the light and will now offer IPv6 addys :)
A /8 block is 16 mebiaddresses. So they handed over blocks of this size. So what. Does it mean that all 80 mebiaddresses are now in use by devices? Eff no.
They have been handed to people who can in turn hand them to others (ad lib to...) who can in turn sell them to clients to stick on devices.
What I want to know is not "how much space is allocated to top-level allocation organizations?" but "how much space is actually being used by devices?".
When the latter maxes out, we have a problem.
And, as it has been for at least the last ten years, universal adoption of IPv6 is a couple of years away...
Where's the <SIGH/> icon?
Good points, its hardly impending doom and there are probably a much higher percentage of IPs being sat on and wasted.
I think those who are allocated IPs should be renting them, removing the incentive to hoard far more than you need - plus /8 allocations are quite large chunks, surely that can be broken down where getting on for 16.8 million IPs are not required!
As for NAT as a solution, my ISP can kiss my ass goodbye if they plan to nerf my connection in that way - I like my home email services, VoIP etc and I want that to stay working ta very much!
BTW, WTF are mebiaddresses?