back to article OK, this time it's for real: The last available IPv4 address block has gone

You may have heard this one before, but we have now really run out of public IPv4 address blocks. The Internet Assigned Numbers Authority – the global overseers of network addresses – said it had run out of new addresses to dish out to regional internet registries (RIRs) in 2011. One of those RIRs, the Asia-Pacific Network …

Page:

  1. Anonymous Coward
    Anonymous Coward

    Time to claw some back

    There are probably large blocks of unused IPv4 addresses out there, if only the IANA would get off it's bottom and reclaim them. A lot of the big companies who were assigned a /8, back in the day probably don't use the full range they hold, since the introduction of NAT.

    1. DougS Silver badge

      Re: Time to claw some back

      If they were going to, they would have needed to begin the effort a decade ago. You can't ask big organizations to re-IP hundreds of thousands of devices overnight. By the time old school /8's like Apple's, MIT's, HP's pair etc. become available everyone who needs more IPv4 addresses will have moved to IPv6.

    2. Anonymous Coward
      Anonymous Coward

      Re: Time to claw some back

      What's the point in trying to claw back IPv4 addresses? It would not fix the problem, just delay it for another couple of years.

      Anyway, good news is that I'm starting to see malware attacks via IPv6, so its use is clearly on the rise.

      1. Christian Berger Silver badge

        Re: Time to claw some back

        "What's the point in trying to claw back IPv4 addresses? It would not fix the problem, just delay it for another couple of years."

        There's actually an interesting thought there. There are multiple groups of people who are "anti Internet".

        One is the Facebook Crowd, they only want Facebook, not the Internet. Those people typically either don't use E-Mail at all or use one of the few largest mail providers.

        The other one is the people being fed up with their ISPs meddling with the Internet and certain agencies sniffing it all, so they create their own overlay network using the Internet only as a transport network for their VPNs.

        So there's a chance that in a few years people don't want the Internet any more.

        1. Sir Runcible Spoon Silver badge

          compatability

          Many companies running ipv4 routable addresses inside their network could release addresses by running IPv6 at the border and IPv4 internally. Basically turns their assigned range into a private network block. Not suitable for all, but should help migration timelines.

          You append your internal v4 addresses to your v6 address block and away you go (almost).

        2. Anonymous Coward
          Anonymous Coward

          Re: Time to claw some back

          @ Christian Berger

          If you are wondering why you have so many down votes, this is a site mainly for technical people so you may want to learn the difference between the internet and the web.

          1. Kay Burley ate my hamster

            Re: Time to claw some back

            @Lost all faith...

            Aww leave him alone, he probably just works in Marketing or something!

            1. GX5000

              Re: Time to claw some back

              Yes because we really like Marketing people down here in the trenches...

              Reminds me I have to go catch http://ars.userfriendly.org/cartoons/?id=20180406

        3. anonymous boring coward Silver badge

          Re: Time to claw some back

          "So there's a chance that in a few years people don't want the Internet any more."

          So how's that gonna work then?

          It's like saying we don't need roads, now that we decided to travel on busses instead of driving cars.

          1. Anonymous Coward
            Anonymous Coward

            Re: Time to claw some back

            @anonymous boring coward; "It's like saying we don't need roads, now that we decided to travel on busses instead of driving cars."

            You're very clever, young man, very clever. But it's buses all the way down!

          2. Jamie Jones Silver badge

            Re: Time to claw some back

            I left ICL in 2001 - they had already at that point switched their internet link from a fully routed (but firewalled as approriate) internal network (145.227.0.0/16) to some seperate proxy / gateway in another net range run by ICLNET. 145.227.0.0 has basically been dead to the world since then, but is still allocated to (now) Fujitsu.

            Sure, the renumbering of internal machines to the new 'private lan' scheme was taking ages, and most stuff still used 145.227.0.0/16 when I left, but it doesn't matter - the only internet access they have is through application-level proxies so they'll never need to route to a "real" 145.227.0.0/16 address if it was relinquished.

            Same goes for most others - there is no need for them to all renumber before giving up a netblock.

        4. Dr Dan Holdsworth Silver badge

          Re: Time to claw some back

          "Anti-Internet" people can be described by another, much easier word: idiots.

        5. JohnFen Silver badge

          Re: Time to claw some back

          "The other one is the people being fed up with their ISPs meddling with the Internet and certain agencies sniffing it all, so they create their own overlay network using the Internet only as a transport network for their VPNs."

          This is what I and a handful of my friends have done for a few years now, but I never really considered it as being "anti-internet" at all, but rather using the internet as designed. The internet is, after all, just a transport network which various services use for communication. Also all of us use external services on the internet (obviously) as well.

      2. vtcodger Silver badge

        Re: Time to claw some back

        "What's the point in trying to claw back IPv4 addresses? It would not fix the problem, just delay it for another couple of years."

        I'd submit that Plan A -- everybody grumbles a bit them and switches to IPv6.-- does not seem to be working. In reality, many users can't "upgrade" because third parties like their ISP don't support IPV6. Others lack resources to upgrade. Many users feel, possibly correctly, that the minimal security provided by IPV4 plus NAT is better than not having "NAT security". A lot of stuff that purportedly supports IPV6 doesn't. Less than a year and a half ago, Microsoft had to fix Windows 10 before they could change their headquarters network to IPV6. Most users don't have the resources to fix their OS(es) or their hardware. There may be other valid reasons. Whatever ... IPV6 adoption is glacial at best.

        I'd submit that a few years to develop and implement a Plan B that -- unlike Plan A -- realistically addresses the needs/desires of users might be a really good idea.

        And a Plan C developed in parallel with Plan B in case Plan B doesn't work out, might not be a bad idea either.

      3. DougS Silver badge

        @AC - starting to see malware attacks in IPv6

        And this is why the average person shouldn't want to switch to IPv6, even if his ISP, his router and his computer/devices all support IPv6 perfectly. With IPv4 pretty much every consumer uses NAT, and is mostly safe from direct attacks from the internet.

        Sure IPv6 can use firewalls, but will consumers have that by default with all typical combinations of IPv6 supporting ISPs, routers, etc.? I wouldn't count on it - if my parents were urged by their ISP to switch to IPv6 I'd tell them not to. I know they are safe with IPv4 thanks to NAT, with IPv6 I'd have to check out the hardware, how it is set up, etc.

        Even then I have to hope that they don't buy some internet connected light bulb that provides instructions telling you how to disable your router's firewall.

        1. Orv Silver badge

          Re: @AC - starting to see malware attacks in IPv6

          I've had two cable ISPs that supported IPv6, now. Every home router I've used that had IPv6 had a firewall turned on by default. My cell phone provider also uses IPv6, BTW, with IPv4 support behind carrier NAT.

          NAT was never supposed to be a security barrier; that it functions as one is mostly by accident, because it happens to require a firewall.

          I've had no problems except for once early on when Comcast turned up IPv6 locally before they were ready to route it. A substantial fraction of my web and video streaming traffic goes over IPv6 now, and I can't say I notice a difference. And that may be part of the problem; for the consumer this isn't really a value-added proposition.

    3. Nanashi

      Re: Time to claw some back

      Back in 2011, just before the first RIR ran out, we were going through more than one /8 per month. That was 7 years ago; the demand for v4 addresses is only going to be higher today. In other words, this would buy us something on the order of 2 weeks or so per /8. It really isn't worth the effort.

    4. DougMac

      Re: Time to claw some back

      > There are probably large blocks of unused IPv4 addresses out there, if only the IANA would get off it's bottom and reclaim them.

      Nope, been already done. They got some /8's back, and reallocated them years ago.

      The only "large companies" left are Apple, HPE & Ford and a couple others. If you go down the IANA list, almost everything is allocated to huge Tier1 carriers directly, or to a regional IRR.

    5. bombastic bob Silver badge
      Unhappy

      Re: Time to claw some back

      part of the scheme uses an IPv4 /30 block, which basically wastes 3 of the addresses. In reality, a scheme that uses something _like_ PPPoE or some other kind of tunneling protocol would only require 1 IP address in a block of 255 to be a gateway address. The additional bandwidth you might get by having to NOT use a tunneling or PPP-derived protocol (maybe 5%, let's say) would be compensated for by a much lower price. The ISP would be able to sell 3 times (or more) as many fixed IPv4 addresses to customers that need them.

      All of this being said, it's the lack of efficiency of small netblocks (particularly /30's that potentially waste 3 for every 1 that gets assigned) that's eating up the IPv4's I'd bet.

      I still want everyone migrating to IPv6. It's just that the ISPs have been dragging their feet for SO long that it's likely I'll need to maintain a fixed IPv4 address for the short haul, at least. And I don't want to see them priced out of the range of affordability.

      1. Jamie Jones Silver badge

        Re: Time to claw some back

        part of the scheme uses an IPv4 /30 block, which basically wastes 3 of the addresses. In reality, a scheme that uses something _like_ PPPoE or some other kind of tunneling protocol would only require 1 IP address in a block of 255 to be a gateway address. The additional bandwidth you might get by having to NOT use a tunneling or PPP-derived protocol (maybe 5%, let's say) would be compensated for by a much lower price. The ISP would be able to sell 3 times (or more) as many fixed IPv4 addresses to customers that need them.

        What scheme? I believe you, but I've never seen it myself apart from a few niche (and practical) cases. I hope it's just one ISP, not a general USA 'tang?

        Most residential services I know use at least /24 or a /23 for their provisions.

        But even if they use that reasoning that it's to avoid needing tunnelling, they are wrong.

        My current connection isn't tunnelled any more - no PPPoE. - authorisation is done based on the physical connection - i.e. who is "me" is tied to the physical line (even in my days of adsl with PPPoE I'm pretty sure you couldn't login with someone elses user/password on your line - so the authorisation of PPPoE wasn't the prime purpose of its use.)

        At the moment, my single external IP address is sitting on a /20 - I don't have the "local lan traffic" sent to me - the remote router deals with that.

        Any connections I do try to make to my "local lan" - the remote router replies to arp requests with it's own MAC (proxy arp) which then acts as a bridge to the remote address.

        Upshot, single IP address from ISP. No PPP overhead. No small netblock allocation. No leakage of anyone elses data (more importantly, their dross doesn't needlessly slow my link)

        From my routers point of view, it's just a normal machine in a /20 network - sending IP packets "directly" to other users machines "on my lan", and routing to the router for addresses off-lan. The remote end deals with the realities.

    6. Anonymous Coward
      Anonymous Coward

      Re: Time to claw some back

      AFAIK, they legally can't, because they were assigned before IANA existed, or something alike.

      1. Alan Brown Silver badge

        Re: Time to claw some back

        "they were assigned before IANA existed"

        Yup, and the guy who assigned them (Jon Postel) has been dead over 20 years.

        And there have been some highly questionable acquisitions of some of those blocks (Such as how OSF1's block ended up in the hands of av8 software, via OSF1's tech contact apparently just walking off with it when OSF1 effectively ceased to exist)

    7. djvrs

      Re: Time to claw some back

      One place I used to work had a complete /16 address range for internal use (130.1.??.??)

    8. hmv

      Re: Time to claw some back

      To paraphrase someone from NANOG: "Anyone who thinks NAT is anything other than a temporary work-around hasn't dealt with five layers of NAT"

      1. Aitor 1 Silver badge

        Re: Time to claw some back

        Or some proxy-cache at ISP level.. that tells websites that all their clients have the same ip.. but hey, look at these "nice" propietary headers!!

        Other ISPs tried ISP level NAT... (I am looking at you three)

      2. JohnFen Silver badge

        Re: Time to claw some back

        But, as the old engineering adage goes, there is nothing more permanent than a temporary fix.

    9. Anonymous Coward
      Anonymous Coward

      Re: Time to claw some back

      No shit, plus all of the IP's that need to be reclaimed from Fraudsters and con men that are easily found out by greedy ISP's but not kicked off the 'net.

    10. Sureo

      Re: Time to claw some back

      Take Facebook's away from them. Solves two problems at once.

  2. Mayday Silver badge
    Unhappy

    I've been trying to get this happening

    In multiple places and PHBs over the years.

    With very little luck, no one sees the problem, no one wants to pay etc. Any advice here is appreciated.

    1. DougS Silver badge

      Re: I've been trying to get this happening

      Won't happen, don't stress over it. When the first site that's gotta be visible for some application is available on IPv6 only, then you'll get what you need to go IPv6 :)

      1. Warm Braw Silver badge
        Big Brother

        Re: I've been trying to get this happening

        When the first site that's gotta be visible for some application is available on IPv6 only, then you'll get what you need to go IPv6

        Perhaps the answer is to move social media to IPv6, leaving the original Internet behind for those who liked it the way it was...

        1. John Sager

          Re: I've been trying to get this happening

          Perhaps the answer is to move social media to IPv6

          That's already happened: ...:FACE:B00C:... in their V6 addresses, though they are still on V4.

      2. Crypto Monad

        Re: I've been trying to get this happening

        Won't happen, don't stress over it. When the first site that's gotta be visible for some application is available on IPv6 only, then you'll get what you need to go IPv6 :)

        And that ain't ever going to happen, not in my lifetime anyway.

        No *business* is going to put their content on IPv6 only and have it visible to only a fraction of the world, when for a few dollars more it can be visible to the whole world. Perhaps once 99% of the users have IPv6 access then IPv6-only sites will start to appear.

        There is no IPv4 shortage at the *content provider* side of things. You can share IPv4 addresses via CDNs, reverse proxies, load balancers, HTTP virtual hosts, SNI etc; this has been going on for years.

        Even if a content-provider business *does* need their own IPv4 address for a service, and suppose it cost $10,000, they would still pay it just to make their service usable to everyone; they often pay more just for a cool domain name.

        Things are different at the access side (i.e. users / customers). There, the shortage of IPv4 addresses is acute (at least in some regions). But unfortunately, deploying IPv6 does nothing to reduce the shortage, because it doesn't remove the need for IPv4 source addresses to access most of the Internet. If you don't have enough IPv4 addresses to give each customer one, then you are forced to use some sort of NAT, whether it be NAT44 or NAT64.

        I see one solution: connecting the IPv6 and IPv4 Internets with a giant NAT64. This could be done by the existing content providers (e.g. Akamai, Cloudflare, Google): each of them could treat the whole IPv4 Internet as a big pool of user content and NAT64 to it as a public service. Then an end-user could have an IPv6-only connection, but still reach the whole IPv4 Internet (at least over TCP and UDP).

      3. John Crisp

        Re: I've been trying to get this happening

        Feckbook as IPv6 only?

        That would be a good reason not to migrate :-)

      4. David Crowe

        Re: I've been trying to get this happening

        That's impossible. If you had a service accessible only by IPv6, and people really, really needed it, someone would build an IPv4/IPv6 adapter so that IPv4 could reach it. More likely your service isn't that important and nobody would ever use it, they'd use a similar service that was IPv4 only.

    2. Milton Silver badge

      Re: I've been trying to get this happening

      I salute your heroic efforts. What will actually happen is that as the tsunami waters recede, thick with corpses, the mercifully few politcians left alive will start up their endless litany of "I knew this would happen" and "If only they'd listened to me" with a big dollop of "Only I know how to fix this, trust me" and your choices will be—as usual after a completely predictable and monstrously mishandled crisis—believe them; or cut their throats.

      Strangely, human history shows that these greedy, self-serving cretins usually do not get their throats cut but go on to incubate the next colossal disaster.

      If you want a short summary of human history and what is fatally wrong with our species, I suggest: "People believe words, instead of actions".

      1. dbtx Bronze badge

        what is wrong

        is that people believe things that aren't true and act on those beliefs. That's all you need. I believe that accounts for 100% of artificial problems in this corner of the cosmos. But how to act on that belief... so far my favourite thing to do is called "hesitate"

        1. Rich 11 Silver badge

          Re: what is wrong

          But how to act on that belief... so far my favourite thing to do is called "hesitate"

          Mine is called "procrastinate", simply because it takes longer to type.

          1. JohnFen Silver badge
            Coat

            Re: what is wrong

            "Mine is called "procrastinate""

            Eh, I really can't be bothered right now. I'll procrastinate tomorrow.

      2. Flakk Silver badge

        Re: I've been trying to get this happening

        your choices will be—as usual after a completely predictable and monstrously mishandled crisis—believe them; or cut their throats.

        Milton,

        I'm only saying this because I care.

        There are plenty of decaffeinated brands on the market that are just as tasty as the real thing.

    3. Anonymous Coward
      Anonymous Coward

      Re: I've been trying to get this happening

      Send emails or whatever format you need so that whoever makes the decisions can't come back and say why wasn't I informed and keep copies of all correspondences.

    4. Jason 24

      Re: I've been trying to get this happening

      Apparently I work for the UKs "leading provider of unified comms" (doesn't every company claim to be the leading?)

      Yet we don't lead with IPv6..... All IPv4

  3. Brian Miller Silver badge

    "Nobody uses it..."

    Yeah, we need to move to IPv6, but I keep getting told, nobody uses it, so the software doesn't get developed for it. That's inertia for you.

    1. GrumpyOldBloke

      Re: "Nobody uses it..."

      IPV6 is supported by most major operating systems. However, if you do try to use it on your network you run into non-standard IPV6 implementations; Android in general and Samsung Android in particular.

      1. bombastic bob Silver badge
        Meh

        Re: "Nobody uses it..."

        I haven't had trouble with any 'droid device on my network [I have IPv6 via an he.net tunnel and AAAA records for a domain that correctly point to multiple machines' IPv6 addresses].

        I'm running the usual support protocols as well as DHCPv6 so maybe that's why everything just works...

        [and I've had people come to my house and use their 'droid and iOS devices, no problems noted]

    2. boxplayer
      Happy

      Re: "Nobody uses it..."

      I use it!

      My home network, my ISP connection and the server where all my web sites live (and the sites I host for others) are all dual stack. It wasn't THAT hard.

      1. Anonymous Coward
        Anonymous Coward

        @boxplayer - Re: "Nobody uses it..."

        Brownie for you!

        Now keep on and come back to us when you'll be a big bank, insurance company, multinational corporation with 24/7 mission legacy critical systems and you'll teach us how you managed to convince the top management to accept the risk.

        1. Anonymous Coward
          Anonymous Coward

          @AC Brownie for you!

          What are you doing to help, apart from posting facetious comments?

          1. Anonymous Coward
            Anonymous Coward

            Re: @AC Brownie for you!

            I'm demonstrating the kind of behaviour that got us in this stupid position!!!

        2. Chronos Silver badge
          Facepalm

          Re: @boxplayer - "Nobody uses it..."

          Now keep on and come back to us when you'll be a big bank, insurance company, multinational corporation with 24/7 mission legacy critical systems and you'll teach us how you managed to convince the top management to accept the risk.

          ...or even The Register.

          % host www.theregister.co.uk

          www.theregister.co.uk has address 104.20.251.41

          www.theregister.co.uk has address 104.20.250.41

          Oh, the irony.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019