
All quiet in the IPv4 Internet? - okket
http://blog.apnic.net/2016/09/15/quiet-ipv4-internet/
======
jedberg
The lack of usage in static blocks isn't entirely surprising. A lot of
universities got their IP space early and utilize it poorly. I know this
because it is in part my fault.

When we were assigning IP addresses for the dorms at Berkeley, we gave every
dorm a /24, and then reserved the first 50 IPs for "future use" and "internal
use". Most of those were never used. And unless 200 people signed up per
building, some of the top end was missed too.

My understanding is that they have since fixed this on the wifi since many
people bring three or four devices now, but the hard wired connections are
still poorly utilized.

~~~
freehunter
I have several clients that have a class B or class C and use it mostly for
their internal address space instead of using private address space. What a
waste.

~~~
geofft
It's a very good way to make sure that if those clients need to route their
internal networks to each other, they don't have to renumber. If two companies
using 10.x.y.z networks merge, you are likely to end up with a mess. Heck, if
you need to VPN to a 10.x.y.z network and your local network is also 10.x.y.z,
you'll end up with a mess.

(The IPv6 solution here is Unique Local Addresses, where fdXX:XXXX:XXXX::/48
are _all_ permissible local networks, and if you use a decent RNG to generate
the 40-bit number XXXXXXXXXX, you're unlikely to hit a collision with any
other actual, active site, let alone one you might want to route to.)

~~~
X-Istence
Instead of using fd with a RNG, you should follow the RFC...

SixxS even runs a registry for ULA prefixes:
[https://www.sixxs.net/tools/grh/ula/](https://www.sixxs.net/tools/grh/ula/)

Put in your MAC address, get back a ULA. Then register it so that in the
future if someone happens to have the same mac address you don't accidentally
use the ULA.

~~~
geofft
I'm following the RFC: "Locally assigned Global IDs MUST be generated with a
pseudo-random algorithm consistent with [RFC 4086]. Section 3.2.2 describes a
suggested algorithm."

I happen to be of the opinion that /dev/urandom is more likely to comply with
RFC 4086 than the suggested algorithm, but I may have an unfairly low opinion
of the distribution of timestamps and MAC addresses.

------
okket
Slides from IETF96:
[https://www.ietf.org/proceedings/96/slides/slides-96-maprg-1...](https://www.ietf.org/proceedings/96/slides/slides-96-maprg-1.pdf)

Paper:
[http://arxiv.org/pdf/1606.00360.pdf](http://arxiv.org/pdf/1606.00360.pdf)

Edit: If you have some time and like high quality networking commentary (aka
'rants'), I strongly recommend to listen to this packet pusher episode with
Geoff Huston, where he plays devil's advocate for IPv4.

[http://packetpushers.net/podcast/podcasts/show-275-future-
of...](http://packetpushers.net/podcast/podcasts/show-275-future-of-
networking-geoff-huston/)

~~~
nmc
(I know this is drifting off.) Geoff Huston is a phenomenal speaker (and
researcher of course). If you have even more time and want to learn more about
how the address spaces and routing tables are evolving, I definitely recommend
his talk on BGP at RIPE 68 (2014) which I was lucky enough to attend.

Video:
[https://ripe68.ripe.net/archives/video/131/](https://ripe68.ripe.net/archives/video/131/)

Slides:
[https://ripe68.ripe.net/presentations/156-2014-05-12-bgp2013...](https://ripe68.ripe.net/presentations/156-2014-05-12-bgp2013.pdf)

[EDIT] In another talk he indicates where you can get that kind of data on the
Internet address space:
[http://www.routeviews.org/](http://www.routeviews.org/)

~~~
okket
Great talk, thanks for the link!

------
nvarsj
I'm happy that my ISP gives me a /29 ipv4 block :).

An example of a real world effect is one of the largest fibre ISPs in the U.K.
They are the only provider afaik to assign users internal IPs, which is then
NAT'd. This then gets NAT'd on the router again - double NAT, woohoo! :) I
know they desperately tried to get enough public space for all their
customers, but were unable to buy a large enough space for it, so were forced
into this position.

Interestingly, the U.K. has at least two /8 ranges that aren't even advertised
on the public internet, owned by MoD (25/8) and Department of Work & Pensions
(51/8). That's 32 million addresses unused as far as anyone can tell from the
outside.

~~~
nmc
Seriously? They assign internal addresses (10/8, 172.16/12, 192.168/16) to all
customers?

Are you able to name the ISP?

~~~
knorker
Is it rare?

I think BT's cheaper broadbands do this, for one.

~~~
tokenizerrr
I certainly have never encountered this, and would be really unhappy if my ISP
pulled this stunt.

~~~
j3097736
Only the early players get the luxury of large IP pools, everyone else has had
to resort to carrier-grade NAT.

Fortunately some of those can un-NAT you if you ask politely.

------
Animats
They're only looking at IP addresses that access a big CDN as clients. They
won't see servers that way.

As mobile devices migrate to IPv6, the address space problem should be less.
It's too bad that most mobile devices don't have permanent IPv6 addresses -
more peer to peer applications would be possible.

~~~
korethr
I'd say it's more like most mobile devices don't have IPv6 period, at least
not here in the US. Every time I've done or seen network tests on a phone on
the major cell carrier networks here in the US, there's been no IPv6 to be
found.

~~~
okket
"Major Mobile US Networks Pass 50% IPv6 Threshold for IPv6-Enabled Hosts"

[http://www.worldipv6launch.org/major-mobile-us-networks-
pass...](http://www.worldipv6launch.org/major-mobile-us-networks-
pass-50-ipv6-threshold/)

Discussion:
[https://news.ycombinator.com/item?id=12338993](https://news.ycombinator.com/item?id=12338993)

------
madsushi
Public IPs are about $10/each on the market. If you're running a serious
service, $10 is a fairly small cost, so you just buy whatever you need. IPv4
exhaustion has mostly affected people that were getting addresses for "free".

~~~
PhantomGremlin
_Public IPs are about $10 /each on the market._

Bah.

 _mostly affected people that were getting addresses for "free"._

There are still a lot of "free" IPv4 addresses out there.

The problem is the cost of IPv4 addresses is not evenly applied. There's
hoarding by some early adopters. E.g. I see that Stanford gave back its
original /8 allocation, but MIT did not.[1] And why is Prudential Securities
still sitting on a Class A block?

If MIT or Prudential had to pay 16,777,216 * $10 per month for their IP
addresses, you can bet that most would be returned within 48 hours! Even if
they had to pay only $16 million per year, you can bet they'd return most of
those addresses.

A true capitalist solution to the IPv4 "shortage" never happened. That's why
you have the current situation. Some organizations are sitting on huge swaths
of unused addresses, others (the free market) are forced to pay $10 per month.

There are about 4 billion possible IPv4 addresses (sure, some are reserved for
e.g. multicast, but those could have been reclaimed). If each and every IPv4
address cost $10 per month, there would _never_ have been a need for IPv6.
Even if each and every IPv4 address cost only $1 per month (about $50 billion
per year in aggregate), there would never have been a need for IPv6. Or at
least IPv6 could have been postponed for a while and "done right".

[1]
[https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_addre...](https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks)

~~~
wmf
Note that a secondhand IP address costs $10 to buy, not $10/month.

IMO Postel's allocation of IP addresses can be rationalized from a capitalist
viewpoint as a form of homesteading. Some people end up with windfall profits
three decades later, but it's a small price to pay for a peacefully
functioning market. Owning a $100M asset that's underutilized is already an
economic incentive to free up addresses (just don't tell _my_ company); a
Georgist property tax on IP addresses would provide even more incentive but it
would also likely cause a revolt.

Since there are going to be 4B devices on the Internet soon if not already,
talking about "there would never have been a need for IPv6" seems to imply the
existence of an address-less underclass.

~~~
PhantomGremlin
_Note that a secondhand IP address costs $10 to buy, not $10 /month._

Yeah I really screwed up on that one!!!

I got confused because often the _retail_ price is in that range. E.g. Comcast
Business will give you a static IP for $20/month.[1] But reading further, they
will give you 13 extra IPs for $40/month, so clearly I didn't think it
through.

[1] I can't link directly to that information on Comcast's site, but it can be
found here by clicking on Static IP pricing.
[https://business.comcast.com/internet/business-
internet](https://business.comcast.com/internet/business-internet)

------
kyledrake
I've pondered the IPv4 issue a lot, having recently acquired a /24 block for
running an Anycast network (blog post coming soon).

People have asked me my thoughts on IPv6 adoption, and I have to honestly say
I'm pretty bearish on IPv6 being quickly adopted. I try to enable IPv6 on all
my friends' routers, but even today, many routers, though they support 6
(notable exception being DD-WRT.. WTF), don't enable it by default, which
means they don't enable the dual-stack configuration needed for transition.
People then place these routers in a dusty area under their computers or
behind their couches, where they sit, basically untouched, for 10+ years until
they blow up and require replacement.

The people I've talked to that happen to control a lot of IPv4 addresses tell
me that even at the current ~$10-12/ip strike price, nobody is interested in
selling because the IPs are more valuable to them for use with datacenters and
leasing than for selling them at auctions. And nobody's putting pressure on
the people that own huge IPv4 subnets (and I genuinely doubt use all of it) to
start splitting them up and releasing them. Not to name names, but the
original developers of the Internet come to mind (huge research universities
like MIT).

As such, I'm expecting the price of IPv4 addresses to increase substantially
over the next 10 years, and I'm really not anticipating that price to drop for
longer than that even. Because at the end of the day, if you want to support
everybody, you need 4. And even today, dual stack is not the default option
(despite ISPs like Comcast being ready for it). IMHO, If you need IPv4s for
something like an Anycast network or a hosting service, the time to get them
is now.

As for IPv6 transition, the best way to improve this problem is to do your
part to get ready for it: [https://blog.apnic.net/2016/05/04/you-have-
ipv6-turn-it-on/](https://blog.apnic.net/2016/05/04/you-have-ipv6-turn-it-on/)

~~~
joshstrange
Are you sure about DD-WRT? I found this [https://www.dd-
wrt.com/wiki/index.php/IPv6#Enabling_IPv6_Sup...](https://www.dd-
wrt.com/wiki/index.php/IPv6#Enabling_IPv6_Support)

~~~
wmf
Let's count the ways this is broken: IPv6 is off by default (and it sounds
like some builds don't have it at all). To enable it, you have to enable two
settings (presumably if you only enable one you'll end up with half-broken
IPv6). Firewalling is not included. There's no mention of prefix delegation,
but there's plenty of instructions for configuring deprecated 6to4 or
deprecated tunnel brokers.

~~~
kyledrake
Yeah, this is beyond broken. On my DLink router at home, I had to literally
click one "setup" button to get IPv6 working. That's how it should work:
either be very simple, or work by default out of the box (preferred).

------
dreamcompiler
Assuming consumer-grade router manufacturers started fully enabling IPv6 by
default (and ISPs did too), how does Grandma get the automatic firewall-ish
security benefits NAT provides? Does the end of NAT mean Grandma has to start
caring about firewall settings?

~~~
jauer
By using a stateful firewall with a default-deny policy on the external
interface?

One would hope that SoHo routers that ship with IPv6 support are configured
that way by default so they mimic the apparent behavior of NAT (though NAT is
not, and is less effective than a firewall).

~~~
marcosdumay
Notice that this should still be easier to implement, and use less memory
(read cheaper devices) than NAT.

NAT is an ugly hack. Uglier yet when you remember that the internet is not
only TCP.

~~~
tedunangst
Less memory? A complete inside-outside-remote address triple for IPv4 NAT uses
less memory than even a single IPv6 address. And keeping state requires two.

~~~
marcosdumay
You are correct.

Let me rephrase it correctly: implementing that uses less memory than IPv6
NAT.

Yet, all the practical implications from my previous comment are gone. This
correct version is useless.

------
byuu
On this topic, does anyone have any advice for pressuring ISPs to move on
IPv6?

I've tried calling and public shaming Wide Open West to no avail. They don't
seem to care at all. Time Warner Cable is the next fastest ISP (and they do
support IPv6), but they want almost the same price for 1/12th the speed
(600mbit/s WOW vs 50mbit/s TWC); so I begrudgingly stick with WOW anyway =(

------
nashashmi
One thing I cannot understand about the transition to ipv6 is why weren't all
ipv4 addresses converted via encoding to ipv6. This way ipv4 and ipv6 could
talk to each other.

And all service websites could jump on the ipv6 bandwagon without hiccups.

By encoding, I mean every ipv4 segment would be encoded as a hexadecimal set
and that would be merged into an ipv6 category under a special prefix.

~~~
XorNot
That is not the problem. The problem is how does a 32 bit address represent
all possible 128 bit addresses?

It can't, period. Ipv4 devices cannot route to ipv6.

------
swingbridge
As the article points out theres a big difference between addresses being
allocated and addresses being used.

------
shmerl
Still waiting for any ISP in my area to start supporting IPv6. They seem to
have fallen asleep about it.

------
daenney
That site barely loads for me and I can't find an archive/cached link. I would
expect a RIR to be able to handle this internet thing a bit better.

~~~
azdle
Working for me. Looks like Archive.is has it already too:
[http://archive.is/yhSBN](http://archive.is/yhSBN)

