I get really sick of this RUBBISH about running out of ip's in two years. Stop the FUD.
You can't blindly assume that ip address usage will simply just go up and up and up on a predictable arc that ends in disaster. That is FALSE. What needs to happen is for people to question the reasons why, for example, MIT needs to own 16 *MILLION* public ip addresses.
Most corporations already utilize NAT and need almost no public IP address space at all. Many more *could* (and should) move to NAT, but simply refuse.
There's still more than a half *BILLION* ip addresses that are not even allocated by IANA. I'm sure another billion could be recouped by forcing places like MIT to prove that they really need that much PUBLIC ip space.
Millions more addresses could be recouped by webhosting providers unnecessarily using ip instensive methods of hosting websites.
Just because a device needs an ip address because it is attached to a network does NOT mean that it needs to be public.
@AHinMaine: I suspect that your comment was deliberately designed to provoke a response, but I cant help myself.
Sure, Peter has cried "wolf" too many times. But if you remember the fable, he was dog food by the end of the tale (tail?)
If you understand enough to know what the absolute number of remaining addresses left is, then you should know that the practical number of useful addresses if far, far less. We might dream of 100% efficiency, but that is all it is: a dream.
Yes, pardon my ranting. Bit testier than necessary.
And yes, I'm familiar with what space is actually usable and I do factor in private allocations, 224.0.0.0/3, etc. I'm also familiar with consumption.
It's not really a question of efficiency. The highest efficiency that can reasonably be expected of any entity is about 1/3rd. But the problem is more that current usage is simply gluttonous.
I'm also a bit gunshy about ipv6 because there are still core operating system bugs related to ipv6. Bugs that affect many operating systems. For example, an ipv6 specific bug in glibc with the getaddrinfo() routine was just patched up a couple of months ago. So what happens when a company makes the switch to ipv6 and they haven't updated their glibc libraries for a while? Suddenly all their applications that utilize that function start mysteriously and intermittently breaking.
Damn near anything that performs network functions that was compiled with glibc would be affected by that. It was a relatively simple bug in the way AF_UNSPEC was handled as opposed to specifically using AF_INET or AF_INET6. Which also begs that question, what about legacy code that might specifically use AF_INET, rendering the application unusable on an ipv6 network? It makes me wonder what other issues haven't been found that would manifest quickly and painfully in a full-on conversion to ipv6.
So my problem isn't just a feeling of ipv4 being mishandled, it's a bit of dread of ipv6.
Even if estimations are sensational, exactly how long do you think we should wait? The technology has a spec, and is a long-term solution, why wait? I understand the problems you outline, but the position you speak from is a lazy one. Changing the way addressing is managed on a global scale is going to be a LOT of work no matter what. If something breaks due to outdated components, that's no one's fault other than the developer. If we waited to make sure everything was updated, we'd be looking at the same situation as the analog to digital crossover for broadcast television. We've known the date of the changeover for YEARS, and there's a hearing about it a couple months before the impending date because of worries of the people that don't keep up with this? It's absurd.
You also label the current IP delegation as "gluttonous." I think this is a bit short-sighted (like most of the contents of your comments here). More and more things are being created to utilize and benefit from an internet connection. There's nothing gluttonous about this, it's innovation.
By ignoring these aspects, and saving preparations for something that is this HUGE of a task, we're going to make it flat out IMPOSSIBLE if we wait until last minute. Hell, I'd bet that even if everyone started working on changing over right now, I expect that we'd be pushing capacity or reach capacity by the time the change was ready to take place.
To sum it up, I think that it's never too early to work out a solution to an identified, inevitable problem, especially in this industry. "Nobody will ever need more than 640k RAM!" sound familiar?
Expecting companies to spend money converting to v6 or even freeing up public addresses to hand back for reallocation is wishful thinking if you do not provide them with an incentive. With only nominal membership address utilisation charges to RIPE/ARIN/APNIC/AFRINIC how is the IT department going to justify the cost of the project?
Just like saving the forests part of any realistic solution is going to have to involve recognising that IPv4 ip addresses have a value and allowing that to be reflected in a well regulated market place. Until then I will ensure that I leave generous subnet allocations for all of my internet facing environments to leave me the greatest and most flexible array of options for future implementations and projects - it is the success of those after all that effect my pay, not whether the world runs short on address space.
I heard the same level of anger and denial from the Mainframe people about PC's, the Novell people about TCP/IP, the publishers/store owners about the e-commerce, and now we hear the same from you.
As far as the security problem, unlike IPv4, we are hopefully going into this change of network protocols with our eyes open. The smart people in your company should be looking for those bugs and mitigating them, right? And if you are that smart person, more power to you to find and responsibly disclosure IPv6 vulnerability’s, be it specification, implementation, code/library problems, or management issues.
...sigh... 640k... I suppose I deserved that. I definitely deserve the 'lazy' comment too, though I'm not particularly embarrassed at that. I think it's going to be a big pain in the ass it's daunting for many.
But the bit about it hurting innovation is just upholding another FUD argument. Yes, a mobile device (or insert your favorite form of modern technology) with an ip address is a beautiful thing. Yes, I'll be in geek heaven when my fridge has an ip address and I can snmp poll the thing and create ridiculously overcomplicated graphs from the data. But that ip address does not need to be public. Very very few of these modern innovations, especially mobile devices, need a PUBLIC ip address, regardless of it being ipv4 or ipv6. IMO, it is essential that they do NOT have a public address for security reasons alone.
@Michael and Dee, I totally agree and that isn't that type of environment I criticize. I do broadband ISP work and have vast dhcp scopes of ip ranges barely utilized at any given time. ISP's can't behave like Ma Bell when it comes to utilization and it isn't reasonable to expect otherwise.
@Joe Klein, you're mistaking my comments on software bugs for security related bugs. Although I hesitate to make a blanket statement, I seriously doubt that any of the problems with an ipv6 conversion will be security related bugs in software. About the only thing I would expect related to security problems in an ip conversion are things like firewall configurations implemented by people inexperienced with ipv6. Obviously ipv6 can't be blamed for PEBKAC issues.
@AHinMaine: It's a bit ridiculous to expect MIT to give up these IP addresses (as well as have thousands of "similar" entities do so) when it would be much easier to switch to ipv6. Sure, there are problems, but the future always contains problems. We will, eventually, run out of ipv4 addresses, and unless you propose that we wait until the last possible moment to fix the problem (hmmm...reminds me of regulation practices in our economic system...), then it would be much more logical to get a head start. Thus, I think TheDragon was entirely correct. Just try to realize that it's more important to try to make the future work better while we can still prevent problems rather than hold on to the past.
@Kannan: ipv6.google.com only works if you have a working IPv6 connection... If you want information about how they implemented their IPv6 support look here: http://www.google.com/intl/en/ipv6/
Others have rebutted some of your points, and I appreciate that you've acknowledged some points. That's something that is far too rare on the Internet.
Let me address one more.
Even if MIT returned all of their 16 million or so addresses that they have, at current rates of consumption, that only buys us another couple of months of time before the exhaustion of the IPv4 address pool.
See http://www.potaroo.net/tools/ipv4/index.html for statistics and analysis about the overall rate of consumption of the IPv4 address space. That's based on current utilization trends, which reflect requirements by registries for address space consumption to meet certain benchmarks of utilization (I think this varies by registry, but is typically around 80% utilization).
It's not really about companies or even users, it's about devices. Most people have multiple network devices now and are going to own many more in the future. NAT is also problematic, especially with devices like IP phones. Security would also improve and devices that move between networks, like mobile phones and notebooks would be able to have more features and services.
@JMcA, yes, I've seen that site. Their numbers are wrong. It's not that their their rate of consumption isn't believable, it's the fact that the current number that the counter sits at is LESS than the total amount of ip space that IANA hasn't even allocated yet. Bogus.
Everyone keep in mind that we will not toggle to IPv6. It is the decision of the American and a few other government to use the "dual stack" approach. Both IPv4 and IPv6 will run side by side until no one cares about IPv4 any more. Those who are “lazy” will not have to worry about it. Industry will replace there IPv4 infrastructure with IPv6 (which will be the standard) at the current infrastructures end of life. All major vendors have at least begun introducing IPv6 into there architecture with some being very mature. If you have a IPv4 dependent system or application, transition mechanisms already exist so that your IPv4 capabilities are not diminished in an IPv6 only network, which as I said will not happen for a long time. It will not be as painful as some are worried about.
You think MIT is a pig for sitting on 16 million IPv4 addresses? Today, I was allocated--just for me--over 18 quintillion static IPv6 addresses (a /64 subnet). My web sites are transitioned! Nice.
I get really sick of this RUBBISH about running out of ip's in two years. Stop the FUD.
ReplyDeleteYou can't blindly assume that ip address usage will simply just go up and up and up on a predictable arc that ends in disaster. That is FALSE. What needs to happen is for people to question the reasons why, for example, MIT needs to own 16 *MILLION* public ip addresses.
Most corporations already utilize NAT and need almost no public IP address space at all. Many more *could* (and should) move to NAT, but simply refuse.
There's still more than a half *BILLION* ip addresses that are not even allocated by IANA. I'm sure another billion could be recouped by forcing places like MIT to prove that they really need that much PUBLIC ip space.
Millions more addresses could be recouped by webhosting providers unnecessarily using ip instensive methods of hosting websites.
Just because a device needs an ip address because it is attached to a network does NOT mean that it needs to be public.
@AHinMaine: I suspect that your comment was deliberately designed to provoke a response, but I cant help myself.
ReplyDeleteSure, Peter has cried "wolf" too many times. But if you remember the fable, he was dog food by the end of the tale (tail?)
If you understand enough to know what the absolute number of remaining addresses left is, then you should know that the practical number of useful addresses if far, far less. We might dream of 100% efficiency, but that is all it is: a dream.
And meanwhile consumption continues apace.
Yes, pardon my ranting. Bit testier than necessary.
ReplyDeleteAnd yes, I'm familiar with what space is actually usable and I do factor in private allocations, 224.0.0.0/3, etc. I'm also familiar with consumption.
It's not really a question of efficiency. The highest efficiency that can reasonably be expected of any entity is about 1/3rd. But the problem is more that current usage is simply gluttonous.
I'm also a bit gunshy about ipv6 because there are still core operating system bugs related to ipv6. Bugs that affect many operating systems. For example, an ipv6 specific bug in glibc with the getaddrinfo() routine was just patched up a couple of months ago. So what happens when a company makes the switch to ipv6 and they haven't updated their glibc libraries for a while? Suddenly all their applications that utilize that function start mysteriously and intermittently breaking.
Damn near anything that performs network functions that was compiled with glibc would be affected by that. It was a relatively simple bug in the way AF_UNSPEC was handled as opposed to specifically using AF_INET or AF_INET6. Which also begs that question, what about legacy code that might specifically use AF_INET, rendering the application unusable on an ipv6 network? It makes me wonder what other issues haven't been found that would manifest quickly and painfully in a full-on conversion to ipv6.
So my problem isn't just a feeling of ipv4 being mishandled, it's a bit of dread of ipv6.
Even if estimations are sensational, exactly how long do you think we should wait? The technology has a spec, and is a long-term solution, why wait? I understand the problems you outline, but the position you speak from is a lazy one. Changing the way addressing is managed on a global scale is going to be a LOT of work no matter what. If something breaks due to outdated components, that's no one's fault other than the developer. If we waited to make sure everything was updated, we'd be looking at the same situation as the analog to digital crossover for broadcast television. We've known the date of the changeover for YEARS, and there's a hearing about it a couple months before the impending date because of worries of the people that don't keep up with this? It's absurd.
ReplyDeleteYou also label the current IP delegation as "gluttonous." I think this is a bit short-sighted (like most of the contents of your comments here). More and more things are being created to utilize and benefit from an internet connection. There's nothing gluttonous about this, it's innovation.
By ignoring these aspects, and saving preparations for something that is this HUGE of a task, we're going to make it flat out IMPOSSIBLE if we wait until last minute. Hell, I'd bet that even if everyone started working on changing over right now, I expect that we'd be pushing capacity or reach capacity by the time the change was ready to take place.
To sum it up, I think that it's never too early to work out a solution to an identified, inevitable problem, especially in this industry. "Nobody will ever need more than 640k RAM!" sound familiar?
Expecting companies to spend money converting to v6 or even freeing up public addresses to hand back for reallocation is wishful thinking if you do not provide them with an incentive. With only nominal membership address utilisation charges to RIPE/ARIN/APNIC/AFRINIC how is the IT department going to justify the cost of the project?
ReplyDeleteJust like saving the forests part of any realistic solution is going to have to involve recognising that IPv4 ip addresses have a value and allowing that to be reflected in a well regulated market place. Until then I will ensure that I leave generous subnet allocations for all of my internet facing environments to leave me the greatest and most flexible array of options for future implementations and projects - it is the success of those after all that effect my pay, not whether the world runs short on address space.
It's all a conspiracy you can do nothing about! Lol.
ReplyDeleteAHinMaine - You make me laugh, thank you!
ReplyDeleteI heard the same level of anger and denial from the Mainframe people about PC's, the Novell people about TCP/IP, the publishers/store owners about the e-commerce, and now we hear the same from you.
As far as the security problem, unlike IPv4, we are hopefully going into this change of network protocols with our eyes open. The smart people in your company should be looking for those bugs and mitigating them, right? And if you are that smart person, more power to you to find and responsibly disclosure IPv6 vulnerability’s, be it specification, implementation, code/library problems, or management issues.
@Michael: Most regions already have a policy for IPv4 address transfers to provide this incentive.
ReplyDeleteMore information: http://ispcolumn.isoc.org/2008-11/transfers.html
...sigh... 640k... I suppose I deserved that. I definitely deserve the 'lazy' comment too, though I'm not particularly embarrassed at that. I think it's going to be a big pain in the ass it's daunting for many.
ReplyDeleteBut the bit about it hurting innovation is just upholding another FUD argument. Yes, a mobile device (or insert your favorite form of modern technology) with an ip address is a beautiful thing. Yes, I'll be in geek heaven when my fridge has an ip address and I can snmp poll the thing and create ridiculously overcomplicated graphs from the data. But that ip address does not need to be public. Very very few of these modern innovations, especially mobile devices, need a PUBLIC ip address, regardless of it being ipv4 or ipv6. IMO, it is essential that they do NOT have a public address for security reasons alone.
@Michael and Dee, I totally agree and that isn't that type of environment I criticize. I do broadband ISP work and have vast dhcp scopes of ip ranges barely utilized at any given time. ISP's can't behave like Ma Bell when it comes to utilization and it isn't reasonable to expect otherwise.
@Joe Klein, you're mistaking my comments on software bugs for security related bugs. Although I hesitate to make a blanket statement, I seriously doubt that any of the problems with an ipv6 conversion will be security related bugs in software. About the only thing I would expect related to security problems in an ip conversion are things like firewall configurations implemented by people inexperienced with ipv6. Obviously ipv6 can't be blamed for PEBKAC issues.
@AHinMaine:
ReplyDeleteIt's a bit ridiculous to expect MIT to give up these IP addresses (as well as have thousands of "similar" entities do so) when it would be much easier to switch to ipv6. Sure, there are problems, but the future always contains problems. We will, eventually, run out of ipv4 addresses, and unless you propose that we wait until the last possible moment to fix the problem (hmmm...reminds me of regulation practices in our economic system...), then it would be much more logical to get a head start. Thus, I think TheDragon was entirely correct. Just try to realize that it's more important to try to make the future work better while we can still prevent problems rather than hold on to the past.
Very useful.
ReplyDeleteBTW, the link ipv6.google.com is broken.
@Kannan: ipv6.google.com only works if you have a working IPv6 connection... If you want information about how they implemented their IPv6 support look here: http://www.google.com/intl/en/ipv6/
ReplyDelete@AHinMaine:
ReplyDeleteOthers have rebutted some of your points, and I appreciate that you've acknowledged some points. That's something that is far too rare on the Internet.
Let me address one more.
Even if MIT returned all of their 16 million or so addresses that they have, at current rates of consumption, that only buys us another couple of months of time before the exhaustion of the IPv4 address pool.
See http://www.potaroo.net/tools/ipv4/index.html for statistics and analysis about the overall rate of consumption of the IPv4 address space. That's based on current utilization trends, which reflect requirements by registries for address space consumption to meet certain benchmarks of utilization (I think this varies by registry, but is typically around 80% utilization).
It's not really about companies or even users, it's about devices. Most people have multiple network devices now and are going to own many more in the future. NAT is also problematic, especially with devices like IP phones. Security would also improve and devices that move between networks, like mobile phones and notebooks would be able to have more features and services.
ReplyDelete@JMcA, yes, I've seen that site. Their numbers are wrong. It's not that their their rate of consumption isn't believable, it's the fact that the current number that the counter sits at is LESS than the total amount of ip space that IANA hasn't even allocated yet. Bogus.
ReplyDeleteEveryone keep in mind that we will not toggle to IPv6. It is the decision of the American and a few other government to use the "dual stack" approach. Both IPv4 and IPv6 will run side by side until no one cares about IPv4 any more. Those who are “lazy” will not have to worry about it. Industry will replace there IPv4 infrastructure with IPv6 (which will be the standard) at the current infrastructures end of life. All major vendors have at least begun introducing IPv6 into there architecture with some being very mature. If you have a IPv4 dependent system or application, transition mechanisms already exist so that your IPv4 capabilities are not diminished in an IPv6 only network, which as I said will not happen for a long time. It will not be as painful as some are worried about.
ReplyDeleteYou think MIT is a pig for sitting on 16 million IPv4 addresses? Today, I was allocated--just for me--over 18 quintillion static IPv6 addresses (a /64 subnet). My web sites are transitioned! Nice.
ReplyDelete