
Goodbye, IPv4 IANA Starts Allocating Final Address Blocks - danyork
http://www.internetsociety.org/deploy360/blog/2014/05/goodbye-ipv4-iana-starts-allocating-final-address-blocks/
======
api
There are unallocated /8's that are privately routed. A lot are controlled by
the U.S. DoD. But every time they come up, the response is always "so what?
use IPv6!"

I generally agree. Putting those in circulation would actually be a bad thing.
It would allow IPv4 to continue to zombie-walk for another couple years, maybe
another decade, and in so doing to become more deeply entrenched, harming us
in the long-run. IPv4 is technical debt.

It's also important to consider _why_ DoD (and some large corps too) likes to
sit on these address spaces. The problem with IPv4 isn't just that there isn't
a big enough address space for every device on the Internet. IPv4 also lacks
enough address space to permit the easy allocation of non-conflicting private
address spaces. Ask any large-scale enterprise network engineer what happens
when two companies merge or want to interconnect corporate networks and both
use 10.0.0.0/16 as their address space. The answer is a visit to the bottom-
most circles of NAT hell where sinners are boiled in firewall port remapping
rules for all eternity. Either that or one of the merging/linking entities
must renumber their entire network, which is often even more painful.

It really, really pains me that so many cloud providers are taking so damn
long to support IPv6. Does Amazon even support it yet? I heard Digital Ocean
was _finally_ doing a limited beta. Jeez.

~~~
btgeekboy
The cloud provider problem is definitely real. I have an idea for a service
that requires both IPv4 and IPv6, but Linode and Rackspace were the two I
found that both support native IPv6. Otherwise, it's something involving a
HE.net tunnel, which I'm not comfortable with for more than experimental use.

~~~
deathanatos
A note on Rackspace: we see about 2–3% of the VMs we allocate come with only
an IPv4 address. We have no idea why — we suspect it's a bug on Rackspace's
side (we allocate everything automatically, through the same code path, so it
isn't us!).

We currently only use the IPv4 address (I know, I know!), but it does present
a bit of a problem when/if we decide to move.

~~~
thedude75
Hi there!

I work at Rackspace and I'd love to get our product engineers involved and
review this issue for you. Would it be possible for you to email your account
number and any pertinent server information (hostname/IP address/etc) to
help@rackspace.com so that we can investigate?

Thanks! Andy Pape Social Media Support @Racker_Andy

------
StephenFalken
Steve Reeding, one of the creators of IPv6, shares his crucial insight on how
some networks adapt, survive, and impose themselves [1]:

"I have a different take on that. Yes, a lot of people were dissing tunnels
yesterday. I'm actually a big fan of tunnels. I think the way the IPv4
Internet was built originally was basically by tunneling over the phone
system. Ignore, you know, getting leased lines, putting computers on the end,
building a network with no cooperation at all from the phone company. In fact,
I once saw a phone company memo that referred to the Internet as a 'hostile
overlay'. You know, and we basically, you know, demolished their billing plans
and everything, and built this network in spite of the desires of the
carriers. And, as I see the IPv4 Internet getting more and more like the phone
company, I thought one way to deploy IPv6 is basically tunnel over all that
junk. Iterate the same thing again. And I gather, you know, some people, you
know, who are concerned about this are looking at other ways of sort evolving
the Internet, where you, you know, tunnel over HTTP or whatever you have to do
to basically get over all that cruft and build a new network on top of it. So
that, to me, was one possible way, you know, as the IPv4 Internet rotted the
underneath. We would tunnel over it and then we would throw away the rotted
bits and replace them with wires."

[1] "Internet as a 'Hostile Overlay'" ->
[http://www.youtube.com/watch?v=mwRVNwa6nJc#t=11m07s](http://www.youtube.com/watch?v=mwRVNwa6nJc#t=11m07s)

~~~
jacquesm
That's a very interesting view and the closest thing that I've seen to date
for a practical, workable solution to the current mess.

I really like that.

How are RBLs and other useful internet institutions that work on the basis of
IPv4 addresses along the way with their IPv6 adoption?

~~~
gingerlime
I also wondered about this and any throttling-based protection / rate limiting
based on IP. With IPv6 the address space is huge and makes blacklists far less
effective (or much more memory consuming and slow, but that's something that
can be resolved with things like Bloom Filters I imagine).

It would take some time to adapt implementations. I speculate this gives
attackers some opportunities to use old-style hacks that were largely
mitigated, but suddenly re-appear with IPv6.

~~~
blueskin_
My guess is blacklistings will just expand netblock size if ineffective, much
like they do on IPv4 in a limited manner now, just on a larger scale.

------
sneak
It would be nice if certain websites we all use every day supported v6
better...

    
    
        firstmillion:~▻ host -t AAAA news.ycombinator.com
        news.ycombinator.com has no AAAA record
        firstmillion:~▻ host -t AAAA twitter.com
        twitter.com has no AAAA record
        firstmillion:~▻ host -t AAAA cloud-images.ubuntu.com
        cloud-images.ubuntu.com has no AAAA record
        firstmillion:~▻ host -t AAAA ubuntu.com
        ubuntu.com has no AAAA record
    

...

~~~
IgorPartola
It sure would be. Here's a list that does:
[http://www.worldipv6launch.org/participants/?q=1](http://www.worldipv6launch.org/participants/?q=1)

BTW, there is a nifty Chrome extension that tells you whether the site is
doing IPv4 or IPv6. Always nice to see a green 6 in the address bar.

~~~
mineo
In case anyone's interested, the Chrome extensions is IPvFoo [0], a similar
one for firefox is IPvFox [1].

[0]
[https://chrome.google.com/webstore/detail/ipvfoo/ecanpcehffn...](https://chrome.google.com/webstore/detail/ipvfoo/ecanpcehffngcegjmadlcijfolapggal)
[1]
[https://addons.mozilla.org/de/firefox/addon/ipvfox/](https://addons.mozilla.org/de/firefox/addon/ipvfox/)

------
fournm
This is the recovered pool that's finally running out, so short of reclaiming
something drastic like the class A block 10 (you know, a really really bad
idea), dang.

Anyone know what IPv6 adoption is looking like these days? Google is showing
like 3% of their connections are native to it [1], which does not look
promising.

1:
[https://www.google.com/intl/en/ipv6/statistics.html#tab=ipv6...](https://www.google.com/intl/en/ipv6/statistics.html#tab=ipv6-adoption)

~~~
duskwuff
> …short of reclaiming something drastic like the class A block 10 (you know,
> a really really bad idea), dang.

10/8 is off limits, but there are a bunch of /8 blocks which could likely be
reclaimed if we really needed to, including:

\- About half a dozen which were allocated to the US military in the early
1990s, most of which aren't even publicly advertised at all

\- 44/8, reserved for amateur radio

\- A number of other /8 blocks owned by corporations, which could potentially
sell or return chunks of them if properly convinced

~~~
IgorPartola
Obligatory: [http://xkcd.com/195/](http://xkcd.com/195/)

Edit: I wish there was an updated version.

~~~
danielweber
What is that way of ordering numbers called? If I knew the name I could google
it but that's what I'm missing.

~~~
Coincoin
It's called a Hilbert Curve.

[https://en.wikipedia.org/wiki/Hilbert_curve](https://en.wikipedia.org/wiki/Hilbert_curve)

------
bkeroack
I've seen headlines like this for literally 5 years at least. "IANA finally
out of IPv4 addresses", "IANA allocates last X block", etc.

When will it finally be impossible to buy an IPv4 address?

~~~
joshavant
It becomes more and more impossible every day.

Last time I tried to acquire a new IPv4, the distributor (my VPS host)
required a technical reason for the request. If the request wasn't up to par,
you would be denied an IPv4 + given an IPv6.

~~~
mgkimsal
15 years ago I had to fill out an IP justification form - the justification
was I had multiple SSL sites that all needed separate IP addresses. Wasn't a
big deal, but was told it was standard practice (it was a smaller server
center). And then I've had other dedicated server companies give me a block of
8 (5 usable) as just part of the monthly price.

What seems so wasteful is the "3 unusable" out of the 8 that are allocated. I
have a vague understanding that those 3 are used for some routing/addressing
stuff internally, but it's always felt incredibly wasteful.

~~~
q3k
You can actually use two of these addresses (network & broadcast) - but you
cannot really call it a proper /X block anymore. You will also have to make
sure to disable the broadcast address you've used up on all of your hosts.

This is all very fuzzy and some admins will look at you weird for doing this -
but sometimes you've gotta do what you've gotta do.

The third address (router) is actually used by your ISP's router's to reach
your subnet.

------
skrause
So what exactly is the "IANA IPv4 Recovered Address Space"? Today's news
sounds almost exactly like February 2011 when the IANA announced that it
finally allocated the last remaining blocks:
[http://www.nro.net/news/ipv4-free-pool-
depleted](http://www.nro.net/news/ipv4-free-pool-depleted)

~~~
danyork
The announcement in Feb 2011 was that IANA had allocated the last IPv4 address
blocks from the planned allocations. IANA (ICANN) and the RIRs then worked to
recover some blocks of unused IPv4 addresses. These became the "recovered IPv4
pool" and the agreement was that allocations from this pool would begin once
one of the RIRs reached the last /9 of their available IPv4 address space.

LACNIC hit that mark and triggered ICANN's policy to start allocating out of
this recovered address space pool. The NRO has an announcement up about this,
too:

[http://www.nro.net/news/iana-allocates-recovered-
ipv4-addres...](http://www.nro.net/news/iana-allocates-recovered-
ipv4-addresses-to-rirs)

Basically, after this recovered pool of IPv4 addresses is allocated by IANA,
there aren't any more IPv4 addresses to give out.

------
IgorPartola
So there is a lot of sentiment that I've been hearing over time about when
exactly will IPv6 become a thing. Here's how I see it:

Step -1: We started running out of IPv4 addresses. The internet is IPv4-only
for all practical purposes. Nobody is doing IPv6 because it's still
experimental. Your weird neck-bearded friends are talking about it, that's
about it.

Step 0: Inception! IPv6 is now a standard and you can route IPv6 over the
tubes. Two networks have connected!

Step 1: Dual stack is a thing. Now you can set up both IPv4 and IPv6 on the
same network and they co-exist. Some hosts (goole.com, facebook.com) try this
and finally turn it on for good in 2012.

Step 2: Dual stack intensifies. This is where we are now. You cannot yet run a
full blown IPv6-only network that you want to talk to the Internet and do
anything practical with it, but all your cleanly shaven friends are now
telling you that you should support IPv6 first, then add IPv4 for
compatibility. Google sees as much as 3.5% of their traffic over IPv6.

Step 3: The cost of any single IPv4 address rises dramatically. For an end
user it's already roughly $1/month. Buying in bulk is much cheaper, but not
free like it used to be. ISP's and other service providers (Amazon, Rackspace,
Digital Ocean) are going to start noticing the costs on their bottom lines.
Severe restrictions are imposed by IPS's and service providers on anything but
the bare minimum of IPv4 usage.

Step 4: The future. The first IPv6-only networks start to pop up. They use
special network translation to talk to IPv4-only internet. (You can do this at
home now! It's called NAT64:
[http://www.litech.org/tayga/](http://www.litech.org/tayga/)).

Step 5. The number of IPv6-only networks is growing rapidly. IPv4 is now a
legacy protocol. All your friends are telling you that they cannot believe we
are still using IPv4 and how much of a pain it is to support it. Sales of
T-shirts with "There is no place like 127.0.0.1" drop dramatically.

Step 6. The same people that put together IPv6 World Launch Day put together
an IPv4 funeral. Major companies turn off IPv4 presence.

The crucial point here is not that someone demands IPv6 by calling their ISP,
etc. It is fun to play with and you should at least get a tunnel set up
through Hurricane Electric if you are reading this, but the demand here _does
not matter_. What matters is supply: supply of IPv4 that is. Once that goes to
nil, the cost rises and some executive at every ISP and service provider has a
bright idea to save the company millions by switching everyone to IPv6. That's
it. We, the people in the trenches, cannot affect this. We cannot speed it up
and we cannot slow it down. The invisible hand of the market will make IPv6
happen all on its own.

~~~
wyager
> Sales of T-shirts with "There is no place like 127.0.0.1" drop dramatically.

The nerdy t-shirt industry experiences a boost in margins, as they can now
save ink by printing the much shorter "::1".

~~~
lambda
The sad part about IPv6 is that there's only one loopback address; ::1.

In IPv4, you have an entire /8 at your disposal, just for talking to yourself!

~~~
simon_vetter
Aside from ::/128 (undefined address) and ::1/128 (local loopback), the
entirety of ::/96 was reserved for ipv4-compatible addresses and had been
deprecated for a while [1]

It is safe to assume that they won't be allocated in the future. You can
easily assign them to your loopback interface. e.g. on linux:

    
    
      $ ip addr add ::2/128 dev lo
    

You will then be able to use them over loopback just like ::1, and can
populate your /etc/hosts file accordingly.

    
    
      $ ping6 -c 1 ::2
      PING ::2(::2) 56 data bytes
      64 bytes from ::2: icmp_seq=1 ttl=64 time=0.078 ms
      1 packets transmitted, 1 received, 0% packet loss, time 0ms
      rtt min/avg/max/mdev = 0.078/0.078/0.078/0.000 ms
    

[1]
[http://tools.ietf.org/html/rfc4291#section-4](http://tools.ietf.org/html/rfc4291#section-4)

EDIT: formatting.

------
eknkc
It feels like I've been reading this exact headline once a week for a couple
of years.. I started to believe that there is an infinite reserve of ipv4
blocks and we'll be just fine.

------
ry0ohki
Easy problem to solve, so many entire /8 blocks are owned by single
corporations, which should either be forced to sell or give up this outdated
privilege. Does Xerox really need all of 13.x.x.x? Or Ford Motor Company all
of 19.x.x.x?

[http://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_addres...](http://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks)

~~~
nknighthb
Between 2008 and 2010, IANA was allocating 10 /8s per year. In 2010, they
allocated 20 /8s. There are only 256 total in the system, and not all of those
are even usable.

Rapidly-developing Asia already has about as many people as there are IP
addresses by itself.

Where are you going to find enough /8s, how are you going to recover them fast
enough to do any good, and who's going to pay the massive legal bills from the
ensuing litigation?

------
Yardlink
Isn't IPv4 good for privacy? My IP address doesn't uniquely identify me unless
you get records from my ISP. But wouldn't I be more likely to keep the same
IPv6 address consistently?

It also makes it hard for websites to block users based on IP without also
blocking lots of legitimate users sharing that IP. I think this is a good
thing to keep the internet more equal and anonymous.

~~~
sc68cal
IPv6 provides temporary addresses and privacy extensions - check your
operating system for support.

------
jacquesm
The quickest way to gain mass adoption to IPv6 is if facebook, twitter and
google+ collectively decide to disable their IPv4 and leave only IPv6 as a
connection option.

I figure the subsequent avalanche of user pressure on isps will solve the
problem in a week or so. Added bonus: during that week productivity will be at
an all time high.

------
dcc1
Ive been given a static ipv4 and a big ipv6 range from my isp, problem is
despite getting the latest and best router
[http://www.asus.com/Networking/RTN66U/](http://www.asus.com/Networking/RTN66U/)

I cant get ipv6 to work with this router, tho if i connect laptop directly to
the wan cable i get an ipv6 address without issues and can use google via ipv6
etc

If a slightly unshaven geek like me cant get ipv6 to work easily what hope is
there for rest of the world :(

------
eyeareque
We've been saying goodbye to IPv4 for years and years. No one will care unless
money is lost by not running IPv6. That is when adoption rates will go up.

------
paulsutter
Time to start auctioning IPv4 ranges. Is there anything in the terms that
prevents such an auction? Putting a price on ranges should redistribute IPv4
ranges to those who need them. It's certainly simpler than coming up with a
set of rules for usage.

~~~
mraison
I have the feeling that fighting this is about as important as protecting net
neutrality. I wouldn't like a world where only those who can afford to buy
expensive IPv4 addresses can serve their content without any obstacles,
especially when the issue would be completely solved by wider IPv6 adoption.

------
hippich
My provider (Suddenlink) support rep responded to my question about IPv6
support with "No, we do not support it since almost no one uses it currently."
S

~~~
danyork
Perhaps you can point them to sites like
[http://www.worldipv6launch.org/measurements/](http://www.worldipv6launch.org/measurements/)
and show them some of the stats on networks that _are_ using it. You can also
point them to the fact that Facebook, Netflix, Wikipedia and all of Google's
sites are available over IPv6. So the "almost no one uses it" doesn't quite
fly.

~~~
hippich
I am pretty sure they are well aware of that. It is just boilerplate response
for reps to respond to IPv6 inquiries.

------
blueskin_
Meanwhile, most ISPs have done sod all about IPv6 and will probably only start
when they start getting complaints from users that foo site doesn't work.

------
TranceMan
PDF Warning!
[https://conference.apnic.net/data/37/2geoff-2014-02-26-ipv6-...](https://conference.apnic.net/data/37/2geoff-2014-02-26-ipv6-measurement-
bof_1393236812.pdf)

Am on phone so not read 100%

------
dorfsmay
Peak ipv4!

