
IPv6 Exhaustion Counter - sajal83
https://samsclass.info/ipv6/exhaustion.htm
======
vanzard
This counter is completely inaccurate. I used to work for a company that was
doing email marketing (I quit because I disagreed with their practices). My
employer was buying about one /48 per week. What does this mean? We alone
exhausted 2^80 ip addresses per week, or 2e18 addresses per second (that's 2
quintillion!). So this counter showing 2 addresses exhausted per second is
wrong by an order of 1 quintillion.

In fact, with the proper paperwork you can still relatively easily buy an
entire /40 or maybe even /32\. With these practices, IPv6 WILL run out of
addresses within the next 100 years. Well, to be pedantic, it will run out of
allocatable subnets, but the vast majority of their addresses will remain
unused.

~~~
byuu
I've wondered about that. My ISP gives me a /64.

On the one hand, it seems cheap to give me one-four-billionth of the relative
amount of space as the one IPv4 address they give me.

On the other hand, I can't possibly imagine which consumer home network needs
four billion times more IP addresses than _all of IPv4 combined_. (EUI-64
notwithstanding.)

It would seem like /112 would be way more than enough for home use (131,072
unique IPs), even for complex setups with lots of subnetting, and /96 for
small business use.

I understand that giving out /64s will still take 4 billion times longer to
exhaust all IPs than IPv4, but ... it still feels like they're being overly
generous. 64-bit IPs would have more than enough to outlast our sun going
supernova if we were smarter about allocating them.

~~~
clinta
This is part of the design of IPv6. There are (amost) never networks other
than /64\. This allows the possibility of generating addresses based on a mac
address, and frequently changing addresses for privacy reasons.

Most devices will not work on a network with a mask longer than 64. The only
common exception is point to point links between routers, which may be a /127.

Removing variable length subnet masks from end networks makes routing and
configuration a lot simpler.

~~~
peeters
Honest question, how does privacy come into play here? If you're given a /64,
even if you change the last 64 bits, isn't it trivial for someone to assume
everything from the first 64 is you?

~~~
shawkinaw
Two things:

1\. The /64 is the same for your whole local network. Granted that at home
that is usually not many devices, but it's almost certainly more than one.

2\. The /64 changes when you change networks, and unless you have a static IP
address it will change for your home network too. On the other hand, if the
low 64 bits is derived from your MAC address, it _never_ changes (unless you
replace your NIC of course.)

~~~
simoncion
> The /64 is the same for your whole local network.

This means that -at best- IPv6 "Privacy Extensions" give advertisers no more
information than they get today with non-Carrier-Grade IPv4 NATs. That's not a
big win, in my book. :/

------
lucisferre
Relevant [https://xkcd.com/865/](https://xkcd.com/865/)

------
msvan
What about the 10^40 years between IPv6 exhaustion and proton decay? No one
plans for the future these days.

~~~
personjerry
Let's start working on IPv8.

~~~
BorisMelnik
you might not be far off. I imagine there will be an ipv8 not because of
address allocation but protocol standardization changes. Just a guess.

------
mdergosits
Notes from when we get close to exhaustion of IPv9:

[https://tools.ietf.org/html/rfc1606](https://tools.ietf.org/html/rfc1606)

~~~
colinbartlett
> 1 April 1994

------
ChuckMcM
Reminding us once again why 64 bit addresses would have been just fine.

~~~
api
Large address spaces give you more than just more addresses. There's room in
IPv6 addresses to put meaningful information such as cryptographically
significant identifiers. It also allows for stateless auto-configuration with
ridiculously small chances of collision.

There are issues and missed opportunities in IPv6 but that isn't one of them.

~~~
colin_mccabe
One man's "meaningful information" is another mans "privacy leak." If I visit
foobar.com and they can find out from my ipv6 address what make and model of
motherboard I am running, is that really a good thing? There is a reason why
MAC addresses were not included in ipv4.

The ipv6 designers seem to have hated the idea of network address translation
(NAT). But a lot of people have come to depend on it for security. For
example, with ipv4 my wireless router only exposes one IP address to the
world, no matter how many devices are behind it. But with ipv6 in its default
mode, all the devices are exposed. So if I visit evildude.com on my laptop,
they will know my ipv6 address. This will then map back directly to the device
(no NAT), and they can port scan me and try to do bad things to any ports I
have open. You can fix this with firewalls or just with NAT, but you lose a
lot of the supposed benefits of ipv6 by doing so.

I think there's a strong argument to be made that point-to-point communication
is more useful for evil than for good. Most of the time when you're doing
something legitimate you don't mind going through a gateway. For example, I
don't need to talk to my bank's backend servers directly... I can just use
their public IP address and let their load-balancer send me to some open
server. But if I'm a hacker, maybe I want to target something deep inside the
internal network, and ipv6 makes that easier.

~~~
simoncion
> I think there's a strong argument to be made that point-to-point
> communication is more useful for evil than for good.

It's not true in meatspace. It's also not true in cyberspace.

> ...they can port scan me and try to do bad things to any ports I have open.

It's _software_ that's behind those ports, and _software_ that's the target of
attack. :)

> For example, I don't need to talk to my bank's backend servers directly... I
> can just use their public IP address and let their load-balancer send me to
> some open server. But if I'm a hacker, maybe I want to target something deep
> inside the internal network, and ipv6 makes that easier.

...IPv6 _still_ supports stateful and stateless firewalls. Those haven't gone
away, yanno? What's more, ULA space exists for a couple of reasons. If you
_really_ want to give something a non-publically-routable IP address, creating
a ULA prefix and going to town is the preferred way of doing this.

------
AndrewGaspar
Does this take into account that we're creating devices that connect to the
Internet at an increasing rate? :)

~~~
irl_zebra
I was also wondering this. For example, they were talking about the debunked
idea of solar panel roadways. If something like that took off in the future,
literally every panel would require its own ipv6 address.

Perhaps we can at least make it until solar systems no longer exist.

~~~
nickodell
Why do they need an Internet connection at all? Even if they do need to be
connected to the Internet, why can't they connect through NAT?

~~~
j_jochem
Because NAT is a hack to cope with IPv4 address space exhaustion. The main
benefit of using IPv6 is that it allows you to get rid of NAT.

~~~
nickodell
That might be, but it's a hack that works pretty well on a lot of real-world
systems.

~~~
simoncion
If you think that, you've not read the details of any NAT traversal schemes
that _aren 't_ uPnP.

------
nisa
So why don't I get at least an /48 if I rent a server online? Hetzner gives
you a /64 and a lot of providers only provide something like /80 or /112.

Having a /48 oder /44 would make deploying IPv6 VPNs a breeze because of ULA
and prefix translation.
[https://tools.ietf.org/html/rfc6296](https://tools.ietf.org/html/rfc6296)

Where is the problem?

~~~
devicenull
Router hardware cannot keep up with any real number of IPv6 addresses. You'll
quickly overflow router tables if you try to use even a tiny fraction of that
/48 at once.

For example, Cisco Nexus 9000 can deal with 30k IPv6 neighbors. Once you cross
that, things start blowing up.

This isn't really a limit for the backbone routers, because they're all
dealing with routes, not individual IPs (they know that 2001:DB8::/32 goes to
peer A, which only consumes one routing table entry). It's only a provide when
you get to the network edge.

~~~
nisa
> ...when you get to the network edge.

I'm not a networking guy. Where is the difference? One table entry for the /48
should be enough? Where is the difference to a /64 that still allows enough IP
addresses to blow something up? I can't image that a lot of people map their
ULA network 1:1 to a /48 or is this the reason? As far as I undetstand it it
shouldn't matter because the prefix translation is happening on the server
itself on not on the router. So a single router should suffice?

Wasn't at least the IPv6 header explicitly designed to be more router
friendly?

~~~
devicenull
At the edge, the last router before your server has to have a mapping that a
single particular IPv6 address maps to a specific MAC address. You can't
really condense this down to a single entry, because any given switchport
might have multiple MAC addresses active (think of the case where you have a
dumb switch attached to your router, and 20 servers attached to that dumb
switch. You're looking at 20 different mac addresses, so no way to condense
that down to a few entries).

Even a /64 is more then enough to blow up a router at this point. The /48 just
makes it a lot more likely that that will happen.

The simplest solution here is to route the entire /48 at a specific IPv6
address. This brings you back down to a couple table entries, but requires
that your customer configure things properly.

~~~
X-Istence
That's when you do DHCP-PD and the router (last hop before your server) sets
up a route for that entire /48 to the link-local address of your server.

Or you set up a static route (as a provider this would be recommended) or let
the edge do a BGP announcement of it's address space.

~~~
simoncion
Why do either of these solve the problem mentioned, and _why_ would you
allocate a /48 to a single server?

~~~
simoncion
Wait, when you said

"...the router (last hop before your server) sets up a route for that entire
/48 to the link-local address of your server."

Was "your server" the ISP's server, or the customer's server? If the former,
why are you saying "server", rather than "router"?

~~~
X-Istence
It's the customers server. If they need a /48 of address space, you just want
to route all of it to them.

------
gweinberg
The best ones are gone already though.

------
ck2
This is lovely for end users but for server admin, how do you firewall
countries for IPv6 without memory exhaustion?

~~~
marcosdumay
What?

Differently from IPv4, IPv6 addresses are strictly hierarchical. You block
areas by blocking their root network.

Now, why do you need to firewall entire countries again? Are you working at
the Great Firewall of China or some similar project?

~~~
worklogin
How about working for a company with sensitive defense or financial
information, for which access from China/Russia/Ukraine is completely
unnecessary?

GeoIP blocking is not one's only defense, of course, but it's one of many
tools to keep the low-to-mid level groups at bay.

------
api
Hmm... still could be a problem:

[http://www.multivax.com/last_question.html](http://www.multivax.com/last_question.html)

------
Wonderdonkey
Small point of grammar: AD goes in front of the date. IPv6 will be exhausted
in AD 5,395,000,000,000,000,000,000,000,000,000, not
5,395,000,000,000,000,000,000,000,000,000 AD.

Explanation: AD stands for anno Domini, "in the year of our Lord...." You
would say "in the year of our Lord 2015," not "2015 in the year of our Lord."

BC and CE go after the date.

~~~
vacri
This sounds like a convention that is begging to be broken. No-one speaks
Latin anymore, so let's start now :)

------
Apocryphon
All of this discussion of the accuracy of the counter also overlooks the
cosmology- Sol is projected to expand into a red giant, which while it will
certainly destroy the Earth, will not actually explode. Our sun isn't heavy
enough to go supernova.

------
tommorris
I first heard about IPv6 on the front of a British computing magazine in 1997.

For an industry that is supposed to be so cutting edge and innovative and
disruptive (urgh), we sure have been slow as shit in transitioning to IPv6.

~~~
nextw33k
Sky are certainly looking at a roll out:

[http://www.ipv6.org.uk/wp-content/uploads/2014/11/SKY-
IPv6-T...](http://www.ipv6.org.uk/wp-content/uploads/2014/11/SKY-
IPv6-Technology-Update-IPv6Councilc1.pdf)

BT are apparently going the opposite direction (and looking to create a lot of
hurt) with CG-NAT: [http://www.alphr.com/news/broadband/381646/customers-fume-
as...](http://www.alphr.com/news/broadband/381646/customers-fume-as-bt-
introduces-ip-sharing)

------
tux
Is there something like this for IPv4 ?

~~~
itslennysfault
[http://www.potaroo.net/tools/ipv4/](http://www.potaroo.net/tools/ipv4/)

