Wasted IP ranges
I can't find the article now, but apparently there are whole /8 blocks assigned to private companies that can't possibly be using them all.
Just take them back into the pool and re-use them.
The allocation of internet addresses using the IPv4 protocol in Latin America and the Caribbean has hit a critical stage, the region's registry (LACNIC) warned on Tuesday. It said that its IPv4 address pool had been "officially exhausted" and urged businesses and governments in the geographical area – which spreads from the …
>but the real question is : who really owns IP addresses?
This is a question that has been dug over for some years, current thinking and practise is that if the address range was assigned prior to the establishment of ARIN to an organisation then it is owned by assignee.About the only leverage ARIN have over these addresses is the annual maintenance fee they charge.
However, addresses assigned by ARIN are more like telephone numbers.
The companies paid a pretty penny for those IP addresses
The organisations paid nothing for them - they asked for them when IPv4 was still young and no-one had thought about the concept of address exhaustion. IANA asked the companies to return them several years ago in exchange for smaller blocks (e.g. /16 - still plenty for most people) but only one university complied with the request - all of the others either flatly refused or (in some cases) ignored the request and did not bother to reply.
There's surely a good case here for an IPV4 address tax! Someone with a /8 block is likely to rapidly relinquish most of it, when a tax demand for 2^24 pounds/dollars/euros per annum arrives (about 4 million). Whereas the /30 block I have at home would cost me (via my ISP) an extra £4 per annum, which I'd happily pay. Heck, several times that wouldn't hurt much for any addresses actually being used.
Might even make ipv6 popular. People used to live in darkness rather than pay a windows tax. (NB, small W, 17th century).
Here you go:
http://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks
Some stand-out figures there. HP have not one, but two /8 ranges. Lots owned by the US military, too. And Haliburton - why on earth would a medium sized civil engineering firm need their own /8?
GJC
HP has more than just two /8's. They have those allocations from IANA but they also have blocks from ARIN (not a /8 though).
66.179.1.0 - 66.179.1.63
12.130.88.0 - 12.130.88.127
12.130.88.128 - 12.130.88.255
64.106.255.0 - 64.106.255.63
208.246.182.0 - 208.246.182.255
207.18.199.0 - 207.18.199.255
208.196.166.0 - 208.196.166.255
64.244.120.96 - 64.244.120.127
How much address space does HP need? Two /8's is more than enough for a company 10 times their size.
I expect you'll find that they have ranges originally assigned to DEC and Compaq, and to other minor acquisitions. IP address space has been treated as an asset in mergers and acquisitions for many years. And who says that large companies with hundreds of sites and many thousands of machines are wasting space to a significant extent anyway? You have to structure your address assignments somehow. Also, renumbering to release a "spare" range is an operational nightmare generally reckoned to cost megabucks for a large enterprise network.
Oh, and when will I be able to reach Vulture Central via IPv6?
It shouldn't be forgotten that IANA are still holding on to the [240/8..255/8] address ranges for "future use".
Whilst the [224/8..239/8] is largely free, because it is reserved for multicast, bringing this block into general use may be problematic and is likely to cause problems.
Hah! I'm sure that's what they're going to do, and not just roll out CGN to their end users.
BAHAHAHAHAHAHAHA
The cable ISPs in Mexico have been doing CGN since forever. Those cheap bastards have done that to "save" on buying IP blocks. It also breaks a lot of stuff on the 'net. In fact, my first "experience" with NAT was thanks to those guys.
It's just another good reason for IPv6 to kill NAT forever.
NAT and security are not the same thing. You can have a policy which allows only outbound connections without NAT; and equally you can have NAT without security. Have you looked how a Cone NAT works? Did you realise that while you are making an outbound connection, *anyone* can connect inbound to the same port? A number of peer-to-peer applications rely on this behaviour. Besides, most malware is now picked up by people connecting outbound, via websites or E-mail attachments.
So NAT is not the reason people aren't deploying IPv6. It's because deploying it generates no benefit *to the user themselves* and therefore people have no incentive to bother with it - and it's just one more thing to break.
Most ISPs don't do it because it increases their support overheads whilst not increasing the usefulness of the connection for the vast majority of their users.
And although it would be relatively easy for content providers to put their stuff on IPv6, most don't bother because they know all their users have access to IPv4 resources anyway. And yes, Vulture Central is a perfectly good example of this.
$ dig +short www.theregister.co.uk aaaa
$
No business case = no return on investment = no deployment.
"Sell Stephen Fry to Latin America!"
When they call him a national treasure, I don't think they have the piratey glittery sort you can sell or plunder in mind.
Besides, I'd miss the arguments on QI between Stephen Fry and David Mitchell about who gets more facts wrong on their respective broadcasts...
> making IPv6 back compatible with IPv4
Do you seriously imagine that wouldn't have been done if it was physically possible?
An IPv4-only host cannot interpret or create a packet that is not in IPv4 format. So there is no such thing as a backwards compatible solution whereby an IPng-only host can communicate directly with an IPv4-only host. Logically, that requires that we have some or all of dual-stack hosts, IP-in-IP tunnels, and IPv4-IPng translators. We have all three.
You can argue that IPv6 could have been more similar to IPv4, but it was physically impossible to make it backwards-compatible.
I don't hear of much IP networking over radio these days, 1200 baud isn't very attractive today for that task even though it'd be more than appropriate for short simple messages.
I think the 44/8 network will soon go public domain as should many other /8's too. I did enquire with IANA regarding an equivalent v6 prefix but apparently there are no plans.
We have some servers colo'd with a big ISP. Despite telling them that everything would be behind a single-IP firewall, so we would only need 1 address for our equipment, they gave us a /28 block, not a /30 block that we actually needed. That's 12 "wasted" addresses just for us.
Is there a sensible way of sharing the cost of the necessary infrastructure upgrades around the world that doesn't invite gaming?
The real problem seems that the address shortage has yet to affect large parts of the service providers - the US can probably survive with its IPv4 addresses for another 1000 years (famous last words!). I suspect governments are reluctant to require IPv6 deployments partly out of consideration of the costs (anti-competitive); lack of technical skills (both in companies and regulators) and ignorance and possibly even because IPv6 is far from perfect. Quick fixes with layers of NAT are so much more inviting.
I wonder if, for example, the EU mandated IPv6 capable equipment for (imported) switches, routers, et al. whether that would have a similar effect on the industry that standards power consumption in stand-by or vehicle emissions have had. Once the endpoints can handle dual-stack then network upgrades can be handled with a minimum of disruption.
There are no /infrastructure/ overheads. The only changes needed are in software stacks and the necessary software is almost everywhere except the domestic router. As for government mandates ... the US mandated IPv6-compatilibity for all new kit about a decade ago. It's had no effect that *I* can see. You're probably right about technical skills, though that's less of an IPv6-specific problem and more of a general gripe against humanity.
Nevertheless, I suspect the real story here will be in six months time when we learn that the sky hasn't fallen in because, shock, if a vendor *really* has no alternative then yes they can put IPv6-capable firmware in (new) routers and so ISPs can still deliver something to (new) customers that works.
Excuse me, please, but you fail to take into account all those devices with the ip stack directly made on silicon. Not to mention those oldies that need a jtag interface to program because they aren't built on top of an os.
Moreover, the cost of upgrading those of them that CAN be upgraded isn't small.
Albert.
1) RFC7040
2) The infrastructure needs to be in place first. IANA should have forced the local registrars to "entice" the customers to have an IPv6 plan years ago. When they ask for an allocation, they should have been told to prepare an IPv6 plan for when they need more addresses in the future. When they need more addresses, if they don't an IPv6 plan, then no more addresses. If they did, then to get more addresses they have to start to deploy the plan and be completed by the time they need more address space. This should have been done a decade ago.
>That could easily be IPv6 with RFC7040 translation
Shame RFC 7040 "Public 4over6" was only published in November 2013 and "Lightweight 4over6" is still work in progress. Rfc7040 was needed back in circa 2000 when the 3g networks were being designed...
Do we conclude that the IETF are finally beginning to listen? and hence in a few more years they may actually develop a workable migration plan?
> 1) RFC7040
That's only one out of many, many specs for tunnelling v4 over v6 or v6 over v4, going back almost 20 years. A mixed infrastructure has always been assumed.
> When they ask for an allocation, they should have been told to prepare an IPv6 plan
afaik, the registries have been at the forefront of inciting ISPs to prepare for IPv6 for about the last ten years. The fact that many ISPs and large enterprises simply chose to ignore the problem is definitely not the fault of the registries.
Ha! That's because the architects of IPv6 wanted to kill IPv4 and it's devil child, NAT, with fire. So they ensured that the new protocol was inherently incapable of allowing intermediate nodes to tinker with the source address of packets, and other Spanish practices. The result is a protocol with both technical and political problems. I suspect that many people are holding off implementation until "IPv6bis" comes out, with these issues addressed.
-bis (twice) and -ter (thrice) are suffixes that ITU put on to specifications to indicate the second and third revision of that specification.
Eg, the first 600 baud standard was V22, this allowed 1200bps and was shortly followed by V22bis, which allowed 2400bps.
Basically, he's saying the current spec is bollocks and we'll wait for V2.
The problem with hanging around for "version two" of IPv6 is that the space in the IP header that specifies version is only 4 bits long which means a maximum of 16 versions ever (unless you break the format completely, which rather undermines the point of "waiting for the next version which will integrate better"). And we're already up to v6.
"no specification for routing ipv4 onto ipv6 was made as part of the standard"
Wouldn't have helped. There *is* almost two decades of "best practice" on how to run a dual-stack solution on any given, so anyone with a network device who actually gives a shit has been able to make their device mix and match both protocols. Any extension to IPv4 to make IPv6 easier would be (has been?) ignored. Any support in IPv6 to make IPv4-interoperability would be (has been) impolemented only by those who give enough of a shit to be IPv6-ready.
"mobil devices were allowed to have ipv4 addresses"
Mmm, because forcing a second class experience on anyone who spends several hundred quid on their new shiny is going to get everyone on-board, from Apple all the way down to the little guys like Stephen Fry.
"There *is* almost two decades of "best practice" on how to run a dual-stack solution"
Dual stack is the problem, not the solution. As soon as you're connected to The Internet on IPv4, you gain no benefit from connecting on IPv6, so it withers away.
Therefore, "migration" needs a sane way to run IPv6-only - but obviously still be able to talk to the Internet. There are a bunch of things proposed like NAT64, 464XLAT, DS-Lite (not the console). They're all a pain and they're all broken for various definitions of broken. As for RFC7040, it "is not recommended for new deployments" (their words, first paragraph)