
We're about to hit phase 3 of ARIN IPV4 rationing - samuelkadolph
https://www.arin.net/resources/request/ipv4_countdown.html
======
ars
There are a ton of /8 still assigned to companies that don't need them.

Ford, GE, IBM, AT&T (x2), Xerox, HP (x2), Apple, MIT, CSC, Eli Lilly, Nortel,
Prudential Insurance, DuPont, Cap Debis, Merck, SITA.

All of those can return their /8\. That's 18 /8 potentially available.

And does the DoD really need 12 /8's? I get that they want to network every
person, gun, ship, tank, truck and plane. But none of those need to be on the
public internet. (Well, maybe the people do - but 1 /8 should be enough for
that.)

~~~
Negitivefrags
Can those companies sell their IPs on the open market when the normal pool has
run out? Is that allowed?

~~~
lmm
Legally it's an allocation, not ownership. The registry could simply revoke
your allocations if it caught you selling them (though whether it would is
another question).

~~~
bifrost
Exactly, its more like a lease. You can't actually sell an IP because you
don't own them, but you are given a lease/license to use them.

Frankly, the only way to truly transfer an IP block between companies is to
have one company buy the other, then the IP addresses can be reallocated to
the new owner. You can't just transfer an IP block to another entity according
to ARIN's registration agreement.

------
teddyh
Meanwhile, in Europe, RIPE ran out of IPv4 a year ago[1], and people have been
happily implementing IPv6 ever since. In Sweden, there is a government
directive[2] that all state infrastructure should implement IPv6 and DNSSEC by
this year (2013) at the latest.

1) [https://www.ripe.net/internet-
coordination/ipv4-exhaustion](https://www.ripe.net/internet-
coordination/ipv4-exhaustion)

2)
[http://www.regeringen.se/sb/d/15234/a/177127](http://www.regeringen.se/sb/d/15234/a/177127)

~~~
teddyh
Found an english version of the directive (PDF):

[http://www.government.se/content/1/c6/18/19/14/70f489cb.pdf](http://www.government.se/content/1/c6/18/19/14/70f489cb.pdf)

Page 40, _Actions_ , first paragraph: “In addition, all authorities should
make use of DNSSEC and be reachable with IPv6 by 2013.”

------
tlb
... And as the foredeck of the Titanic sinks below the water line, we enter
phase 3 of deck chair rationing ...

~~~
SwellJoe
The band is still playing. I think that means everything is fine, right?

------
PhantomGremlin
Bah. All this IPV4 "exhaustion" stuff can be simply solved. Almost overnight.
Right now, most of the space is underused and simply being hoarded.

Want to free up 90% of the IPs? Easily? Then _charge_ for them!!!

If MIT had to pay $1/mo for each IP address ($16 million per month), it would
immediately give most of them back.

If MIT had to pay $1/year for each IP address ($16 million per year), it would
immediately give most of them back.

And yet for people like me, paying (in round numbers) $50 / month for
Internet, $1/year or even $1/month would be "in the noise".

So how many hundreds of billions of dollars will instead be spent on the
designed-by-nerds very-difficult-to-implement not-very-backward-compatible
solution of IPV6?

~~~
belorn
Such policy would lead to an explosion of fragmented patterns in routing,
expanding the global routing table. That mean latency and costs would go up
while throughput would go down.

If I remember right, there doesn't exist hardware for backbone networks that
can handle a fully fragmented global routing table at the required speed of
today. They are thus unlikely to also handle the increased speed of tomorrow
without quantum computers.

~~~
valisystem
Making ipv4 a second class citizen working like an low performance
compatibility layer for legacy seems like a great migration plan to me.
Especially if performance would go down progressively.

~~~
belorn
The backbone network is unlikely separated by hardware for IPv4 and IPv6. If
one drains resources, the other gets effected.

They could start to charge differently for IPv4 traffic and IPv6. If peering
Terms of IPv6 interconnection agreements was free/radically lower than ipv4
(by say, increasing ipv4 charge rate), ISPs would see a direct encouragement
to move to ipv6. Its not a unique concept, as similar suggestion has been made
in 2011
([http://www.canscouncil.net/presentations/CANS2011/china_ipv6...](http://www.canscouncil.net/presentations/CANS2011/china_ipv6-KC%20Claffy.pdf))

------
p1mrx
And news.ycombinator.com is still IPv4-only.

~~~
nknighthb
The main argument for migrating existing websites to IPv6 in the near-term is
merely to aid the policy goal by showing "Hey! IPv6 is in actual use!".

On the technical side, there are various transition mechanisms that can ensure
even "IPv6-only" clients will be able to communicate with most legacy IPv4
services for years to come. HN is not holding up progress.

~~~
teddyh
No, such a thing does not exist. At least not automatically. There are
stories[1] about large corporations getting complaints from end customers in
Asia about not being reachable - and it turns out the customers only have
IPv6. IPv4 FAIL.

(Note: APNIC ran out of IPv4 addresses more than _two years ago_ [2], and has
had _rapid_ internet expansion in the mean time. Asians are heavy IPv6
adopters.)

Such a thing you imagine could conceivably be implemented, but it would be an
extra thing for the IPv6-only ISPs to implement, and they do not have the
incentive to do so. The current companies with servers _do_ have an incentive
to be reachable by IPv6-only customers, and are the only parties who can
reasonably solve the situation, by implementing IPv6.

1) [https://www.iis.se/blogg/ipv6-nar-sent-inforande-kostar-
peng...](https://www.iis.se/blogg/ipv6-nar-sent-inforande-kostar-pengar/)
(Swedish)

2)
[https://www.apnic.net/publications/news/2011/final-8](https://www.apnic.net/publications/news/2011/final-8)

~~~
nknighthb
IPv6 doesn't exist automatically, either. If an ISP is going to move their
customers to it without setting up the requisite transition mechanisms, I
don't see how that's any different than failing to meet the myriad
requirements for provisioning a functional IPv4-only network in the modern
age. Whom do you blame when an ISP forgets to configure BGP on their routers?

~~~
teddyh
You might think such a scheme is "requisite", but the fact remains that there
is insufficient incentive for the ISPs to do them, and they plainly don't do
them, as my cited example shows.

You can assign blame however you like, but it won't help your IPv6
customers/users to reach your servers.

~~~
nknighthb
I really don't know what your example shows, because I don't read Swedish, and
the Google translate version is predictably mangled and difficult to parse. To
the extent it says anything, it's very vague and seems to recount a single,
unique incident. This and your apparent inability to provide case studies in
English leads me to the belief that the problem is rare.

I'll also add that I've been in the employ of a company that does business
exclusively in Asia for years. We've as yet not encountered this problem.

~~~
teddyh
If you have experience with Asian ISPs, could you then maybe report on how
common it is for them to have IPv6-only versus IPv6-plus-transition-mechanism?

This data would be better than my anecdotal story about an unnamed company, so
please provide any you have.

~~~
nknighthb
In my experience? Exactly 0% of ISPs are strict IPv6-only. That doesn't mean
there isn't one anywhere, we don't have millions of users throughout the
continent, mostly Taiwan and (to a lesser extent) China. But we've yet to find
one.

When I say the issue has not arisen, I mean it. We have two infrastructures,
one is basically 8 years old, the other is about three. At the time the latter
was setup, our provider wasn't even ready to deploy IPv6 widely, they were
still learning and testing with a handful of select customers.

Both legacy and modern run solely on IPv4, and we've not had cause to revisit
the issue.

When we get reports of network problems not attributable to simple user error,
the cause is almost always either misconfigured routers breaking path MTU
discovery, or ridiculously strict firewall rules that don't even allow port
443 out.

I don't even know how many of our users have IPv6 at all. I have no reason to
know nor any good way to measure it short of calling all the ISPs or sending
people to our customer's homes to check.

------
jameswyse
I'd really hoped we'd have more support for IPv6 by now. It's funny, every so
often there's a big "We need IPv6" push with lots of media coverage which is
forgotten about shortly afterwards.

As far as I know there's only one ISP (Internode) here in Australia which
offers IPv6.

~~~
rdtsc
There is some network effect in there and I've experienced it myself.

In a product we make, we can go the extra mile and start supporting IPv6 but
the libraries we use, the rest of the echo system we play in, don't support
it. So we feel like it would be wasted effort at best and it would break
things at worst.

A good way we found to force others to configure and bother about IPv6 support
is if we deliberately add extra and better features only tied to IPv6.

------
unreal37
Unless I'm misreading it. The rationing rules in effect during Phase 3 are
exactly the same as Phase 2.

So why the distinction at all?

~~~
btilly
There is now a 60 day payment window that wasn't there before. And a review of
previous procedures that could result in various minor revisions. So it is
different, but not a lot different.

~~~
rgbrenner
The 60 day payment window was added in phase 2

~~~
btilly
Oops, the order didn't match up.

------
casca
There's always been a vocal group who maintains that the IP addresses that are
not visible on the internet should be returned. There are a number of problems
with this argument.

Firstly, there are legitimate business reasons for having assigned, non-
RFC1918 addresses that are only used internally. Interconnecting private
networks belonging to different organizations that have overlapping 10.x
addresses is a painful process. Sure it's possible to NAT, but given that the
IP addresses are effectively an asset of the organization, why not use them?
I'm not implying that this is right, but it's how the system was in the past
and the cost of changing internal networking and applications could be very
high.

Secondly, how do you prove that an IP address is accessible on the Internet?
Many IPs do not respond to pings and I can easily set up a device that will
answer for all IPs behind the corporate gateways.

~~~
nwh
I'd rather just see the massive corporate reservations returned.

Why does Xerox need an entire A block, why do Apple, BMW?

~~~
ctrl_freak
> Why does Xerox need an entire A block, why do Apple, BMW?

They don't, but retroactively taking away their /8s would be extremely
complicated and expensive for them, not to mention that there is very little
benefit from prolonging exhaustion by perhaps 1-2 years at most.

~~~
nwh
They could buy the ranges back if they really desired. The results from the
Carna botnet show just how sparse the usage of the allocated ranges is. It's
practically empty for the entire left upper quadrant.

[http://internetcensus2012.bitbucket.org/images/hilbert_icmp_...](http://internetcensus2012.bitbucket.org/images/hilbert_icmp_map_lowquality.jpg)

~~~
wmf
A lot of IP addresses are used but not visible from the public Internet.

~~~
nwh
Oh I realise, I just have a hard time believing that Ford even has a tiny
portion of their block allocated to anything.

~~~
rjsw
Ford has multiple design centres in different countries plus a lot of
subcontractors who may need to connect to stuff from outside.

I can believe that they are using a large part of an /8.

~~~
devcpp
And normal people and smaller companies need their addresses even more.

~~~
wmf
Then they can bid for them.

------
bloopletech
What's the time lag until we run out of IPv4 addresses at the VPS/hosting
provider and broadband ISP level?

I see the situation getting progressively more dire, and presumably these
notifications are there to try and get people moving to avoid the wall; but
assuming everyone keeps operating as close to the status quo as they are able,
how long before we truly hit the wall?

~~~
teddyh
[http://www.potaroo.net/ispcol/2013-08/when.html](http://www.potaroo.net/ispcol/2013-08/when.html)

Currently the estimate indicates September 2014.

------
mfincham
Some good information on this from Geoff Huston:
[http://www.potaroo.net/ispcol/2012-08/EndPt2.html](http://www.potaroo.net/ispcol/2012-08/EndPt2.html)

~~~
p1mrx
This article looks a bit more relevant. Also, it's from the future:
[http://www.potaroo.net/ispcol/2013-08/when.html](http://www.potaroo.net/ispcol/2013-08/when.html)

~~~
mfincham
Awesome thanks! I hadn't read this yet :)

------
kazagistar
Its not really so bad. Its not like end users need IP addresses. All you need
is addresses for all the major servers, and then like a couple dozen for each
ISP, right?

~~~
cbhl
Carrier NAT has lots of bad consequences.

It means that NAT-punching may stop working (because there may be two or three
levels of it).

It makes fraud detection harder.

Plus, it's error prone -- once in a while, you'll get data that happens to
look like your IP address, and you'll find that you can't send that precise
sequence of bits in a packet ever because it'll get mangled by the NAT.

~~~
tjgq
> once in a while, you'll get data that happens to look like your IP address,
> and you'll find that you can't send that precise sequence of bits in a
> packet ever because it'll get mangled by the NAT

How so? Those bits should only matter to the NAT logic if they are found in
their expected position in the IP header, not in the payload portion of the
datagram.

~~~
0x0
Some cheap NAT devices rewrites stuff that "looks like" the internal IP
addresses inside the TCP payload, in a hackish attempt to "fix" things like
FTP and other protocols that send addresses in the payload. A really stupid
and dangerous way to do things, but it's been known to happen.

~~~
tjgq
Crazy. Has that been observed in carrier-grade NAT boxes, though? Or only in
el-cheapo residential devices? It seems an incredible risk to the carriers to
do things that way.

------
ck2
Time to go around to Fortune 100 companies and say "use it or lose it".

~~~
mfincham
Recovering additional IPv4 space at this point only prolongs the inevitable
problem. The solution is IPv6.

~~~
bigiain
Five (or ten) years ago, NAT was "the solution" – which helped and worked for
longer than the doomsayers predicted.

Today, I suspect SNI will be the important stop-gap measure. There's a whole
bunch of websites out there on shared hosting with dedicated IP(v4) addresses
for their vhost just so they can use SSL certs for https connections. If we
can ignore Windows XP users and IE6 users, SNI allows SSL certs on shared IP
addresses - if I can think of a few dozen "unnecessary" IP addresses this
little web development firm consumes, I suspect big hosting companies could
probably find thousands or tens of thousands of similarly used IP addresses.

(Having said that, analytics still shows a startlingly high number of WinXP
and IE6 users out there. It'd be interesting to see if any of them ever
"convert" in ways that'd require SSL certs? I understand why the use of
pirated XP and 10 year old hardware are rampant across the 3rd world, for _my_
clients that demographic is almost certainly not likely to be ecommerce
customers... That's a bit of a personally skewed perspective though, there's
no good argument to be made that says wikileaks/twitter/gmail users on old
hard/software shouldn't get ssl protection, but I suspect high-end bed linen
online shops wouldn't be hurt at all by using SNI and thereby increasing
friction for IE6/WinXP users…)

~~~
kiallmacinnes
> I can think of a few dozen "unnecessary" IP addresses this little web
> development firm consumes, I suspect big hosting companies could probably
> find thousands or tens of thousands of similarly used IP addresses.

That's the problem. A few million addresses would stretch things out by a
couple of months.. But the cost of getting a few million websites onto SNI
would _far exceed_ any benefit.

~~~
bigiain
Perhaps. As well as "returning" a few million addresses, it'd also plug one of
the drivers behind demand for new addresses (I've got no idea if it's just my
blinkered little web-dev worldview talking here - anyone actually _know_ what
the big consumers of new ipv4 addresses are doing with them? Is SSL certs for
websites a significant consumer?)

If my view is even vaguely supportable - I see things happening that give me
some optimism - WHM/cPanel, a fairly significant webhosting management system,
rolled out SNI support earlier this year (a few months behind schedule, but
it's out now and it works). I assume Plesk and other webhosting management
packages are doing the same thing. Perhaps this'll stave off the ipv4
apocolypse by longer than expected? (Or perhaps I've got no idea about what's
really going on out there…)

