
Update: Approaching IPv4 Run-out - modinfo
https://www.ripe.net/publications/news/about-ripe-ncc-and-ripe/update-approaching-ipv4-run-out
======
tyingq
I wonder if they will implement some kind of clawback for orgs that are
sitting on large chunks of sparsely used blocks. Old tech companies and
colleges come to mind.

[https://myip.ms/info/ip_ranges_blocks/Major_Biggest_IP_Addre...](https://myip.ms/info/ip_ranges_blocks/Major_Biggest_IP_Address_Ranges_in_Internet.html)

~~~
gorgoiler
When the options are: let them profit awkwardly from a windfall, claw it back
against their will, or make their IPv4 assets obsolete, focusing on the latter
seems most productive.

The UK’s largest mobile provider now gives me an IPv6 only connection and I
didn’t even notice.

~~~
JimDabell
Apple have made it a hard requirement for apps to operate correctly on
IPv6-only connections for a few years now. If your app doesn't work unless
it's on IPv4, Apple will reject it.

~~~
bifrost
That can't be totally true, Twitter doesn't work on v6.

~~~
rstuart4133
Not only can it be true I've done it at a conference, which is to say I've
implemented an IPv6 only network for conference delegates and had zero
connectivity complaints.

The ingredient you are missing is while the clients only talk IPv6, the
gateway they go through (must) have both IPv6 and IPv4 addresses. There is a
well defined mapping from IPv4 to IPv6 addresses, so if the IPv6 clients need
to communicate with a IPv4 only host they use it's mapped IPv6 address. The
gateway then NAT's all those mapped IPv6 addresses to it's IPv4 address.

Which only leave the problem of does an IPv6 client know to use an mapped IPv4
address, given it is supposed to know nothing about the IPv4 world. The answer
is you make it use a DNS server that lies. I'll leave it to you to figure out
exactly how it lies, but it isn't hard to figure out given it has clients that
only understand AAAA records, and some hosts (such as twitter) that only
resolve to A records.

~~~
bifrost
> The gateway then NAT's all those mapped IPv6 addresses to it's IPv4 address.

Right, then its not a pure v6 network, its got v4 somewhere patched in. When
I'm on my pure v6 network at home, Twitter does not work.

------
jl6
IPv6 worldwide adoption is at just under 30%:

[https://www.google.com/intl/en/ipv6/statistics.html](https://www.google.com/intl/en/ipv6/statistics.html)

If the current growth rate continues, it looks like it will reach 100% by
about 2035.

~~~
paulsutter
Wrong interpretation: the linked chart shows client-side adoption among Google
users

In practice today IPv6 is a kind of high functionality NAT for consumer
devices.

A more interesting statistic would be server-side adoption.

~~~
jl6
"Google users" is approximately everybody, and surely client-side adoption is
what drives server-side adoption?

~~~
paulsutter
If it’s not measured we don’t know

------
gorgoiler
IPv6 isn’t such a monster, I found, after biting the bullet seriously last
year. There are still way too many IPv4 only sites though.

As with anything IP related there’s a culture that’s just as important as the
technical side. If your ISP gives you anything less than a /56 for your site
(a VPS running multiple containers is a valid definition of site!) take your
business elsewhere.

There’s a lot of hyperbole about v6 address space, but even taking account of
its sparseness, IP rationing really is for v4 only.

For every /24 allocated to an LIR (NB 2 bits fewer than the subject of this
RIPE bulletin) they can assign as many sites a /56 as there are current IPv4
addresses in total.

~~~
tormeh
Why would you do that? The promise of IPv6 to me is that all devices gets
their own IP address, enabling us to move away from the server-client
architecture of the internet. Allocating all IPv6 addresses to commercial
server operators would require us to continue using NAT, so then we might as
well continue using IPv4.

~~~
Tuna-Fish
There is no address allocation scheme that would force you to use NAT on IPv6.

A lot of people don't really understand exactly what moving from 32bit to
128-bit addresses means.

Let's say that we waste 65535/65536, or about 99.9985% of IPv6 address space
on pointless allocations, leaving only one /16 left. This still means there
are 5 192 296 858 534 827 628 530 496 329 220 096 addresses left to allocate,
or 5*10^30, or enough addresses that if we had to distribute them to a
trillion people per planet living on a trillion planets, they'd still get 5
billion addresses per person.

~~~
gorgoiler
Part of demystifying IPv6 was that in practice the most significant 64 bits
are the limiting factor. It helped me to put more manageable numbers on
things.

Each ISP can have 65k customers who are big orgs with complex site needs and a
/48, or 4 billion small customers getting a bundle of individual networks on
their /56.

In the latter, each has address space for, say, 256 VLANs which allows network
isolation of many internet enabled fridges.

And in theory the current scheme allows for 16 million ISPs to exist, though
in practice not all the address space is available.

------
mirimir
But there are secondary markets for IPv4, no?

[https://duckduckgo.com/html?q=buy%20ipv4](https://duckduckgo.com/html?q=buy%20ipv4)

Edit: And prices going up:

[https://www.retevia.net/address-pricing-2019-and-
beyond/](https://www.retevia.net/address-pricing-2019-and-beyond/)

------
lifty
I'm curious if there are people here that have migrated their home network to
IPv6 only, and if yes, what are the challenges encountered? I suspect the
biggest problem is that there still are many websites that only have IPv4

~~~
gerdesj
IPv6 only is a bit daft as yet because you'll need a 6 to 4 gateway of some
sort to see much of the web/internets. For starters, this:

$ dig news.ycombinator.com AAAA

... fails

I have been running dual stack at home for around five years now with only a
couple of wobbles that I can point at my ISP losing their IPv6 and not
noticing for a while.

~~~
Dagger2

      $ ip -4 addr show | grep eth0
      # nothing
    
      $ dig news.ycombinator.com AAAA +short
      64:ff9b::d1d8:e6f0
    
      $ wget -6 https://news.ycombinator.com -O /dev/null
      Resolving news.ycombinator.com (news.ycombinator.com)... 64:ff9b::d1d8:e6f0
      Connecting to news.ycombinator.com (news.ycombinator.com)|64:ff9b::d1d8:e6f0|:443... connected.
      HTTP request sent, awaiting response... 200 OK
      [...] ‘/dev/null’ saved [34663]
    

WFM!

~~~
zzzcpan
It's a translated with DNS64 ipv4 address into a NAT64 ipv6. They have 64:ff9b
prefix.

~~~
Dagger2
Indeed it is, and it works fine. v4-only websites aren't a problem for running
v6-only.

~~~
gerdesj
I am now at home and tried your experiment but I have IPv4 as well as IPv6.

The wget forced to v6 does not work here. That's a bug somewhere. My eyes are
no longer happy 8( ... 8) ... ahh, all OK now!

~~~
Dagger2
I have a NAT64 translator handling the translation, plus a DNS64 server to
point clients to it. You probably don't have those, because it's typically
easier to run native v4 instead. I just wanted to make the point that v4-only
websites are totally not a problem.

~~~
cesarb
> I just wanted to make the point that v4-only websites are totally not a
> problem.

They will be once DoH breaks DNS64, unless Cloudflare invents a way to make it
somehow work (perhaps hosting their own NAT64 gateway?).

~~~
Dagger2
Since they seem to want to take over the internet, I guess that would be right
up their street.

Clients can also synthesize the DNS64 records themselves locally, or use
464xlat.

------
nathancahill
How does this apply to email delivery? The biggest factor is having a "clean"
IP address. Do these eventually become prohibitively expensive? Does email
protocols switch to IPv6 and stop considering address reputation?

~~~
top256
With email deliverability the key factor is now domain name reputation and
less ip.

~~~
lucb1e
I never considered that it could be that way. That would be really nice: new
domain, new reputation. Domains cost money, so that's good against spammers in
general. And it's good for me, because my domains never sent any spam.

But alas, no, that's not the state of things.

------
sneak

        sneak@nostromo-2:~$ host -t aaaa news.ycombinator.com
        news.ycombinator.com has no AAAA record
        sneak@nostromo-2:~$

------
aklemm
What's going on with IPv6 that is preventing it from alleviating the IPv4
scarcity?

~~~
positr0n
I always thought that basically the only difference between IPv4 and IPv6 is
the number of bytes in an address.

Lately I've been learning a lot more about IPv6 and there are a TON of subtle
differences in the protocols that matter if you're operating a large network.
Random example I recently read about: the way link-local addresses are
generated. [0]

Not that this excuses inaction, but it does give me more empathy for orgs
struggling with, or not doing, the transition to IPv6.

[0]: [https://en.wikipedia.org/wiki/Link-
local_address](https://en.wikipedia.org/wiki/Link-local_address)

[1]: Best doc I can find in 30 seconds that covers some of the differences:
[https://www.juniper.net/documentation/en_US/learn-
about/ipv4...](https://www.juniper.net/documentation/en_US/learn-
about/ipv4-ipv6-differences.pdf)

~~~
apple4ever
What happened is they changed a bunch of things about the protocol because
they thought it would be a very forced adoption. Instead, it caused lagging
adoption because of all the changes.

If IPv6 was just IPv4 with extra addresses, the adoption rate would have been
very quick.

~~~
zamadatix
I hear this a lot but being in the networking but the only 3 complaints I
actually hear in the field are "those addresses look a lot harder to type
out", "our device doesn't support IPv6 (at all/fully)", and "can we hold off
on that project another year or will things start breaking before then?". Not
once has any of the protocol additions that always get talked about been a
stopping point. I finally got the opportunity to roll it out on some of our
guest wireless networks, it was literally a matter of assigning some space,
flipping some settings on, and making sure Google still loads.

Ironically the techs did complain about the addresses looking funny in the
Firewall logging.

------
ThePhysicist
We're still waiting for the processing of our application from beginning of
September, I hope we can still get at least a /24 block. We mainly plan to use
it to become independent of specific cloud / IT providers and control more of
our infrastructure stack.

~~~
alex_duf
I'm not sure in what business area you are, but aren't domain names usually
enough to abstract resolution from location?

~~~
zaarn
Not if you want to do things like E-Mail or provide stable IPs to customers.
Also you'll get a more direct uplink and have more control over what traffic
goes in or out (since you can blackhole traffic yourself).

------
realid
So when will HN and ycombinator.com get IPv6?

------
jakeogh
IPv4's inability to label all the things may be a feature. NAT's are like
borders in some ways, and prevent fine grained censorship without larger
consequences.

------
privateSFacct
Isn’t this just for free ipv4?

If you watch cloud providers ip spaces they are growing very impressively.

When people say ipv4 has run out they should qualify this as free IPv4

~~~
krallja
This is for unallocated IPv4. ISPs and cloud providers will still rent you an
address for as long as you have money in the bank.

~~~
souterrain
The opportunity to make money off an arbitrarily scarce resource is in my
opinion a reason we haven’t seen more network operators pushing users towards
IPv6.

------
exabrial
IPv4 runout can be be pushed far into the future with DNS SRV records. This is
a preventable emergency. Why it hasn't be included in HTTP/2|3 is mind
boggling.

~~~
zamadatix
HTTP/1.1 and forward includes name based virtual hosting (brought through TLS
with the SNI field) and it's been extremely widely used. Seems mind boggling
to suddenly want to change that for no additional gain.

------
mikl
It’ll be very intersting to see if this is enough to push ISPs to adopt IPv6
en masse, or they’ll keep dragging their feet and use nasty hacks like CG-NAT
to avoid it.

~~~
jarfil
The more ISPs migrate to IPv6 and CG-NAT, the more free IPv4 addresses for
everyone else. Wich means the migration will take a really long time.

Also the only way to reach an IPv6 target from a IPv4 source is through a CG-
NAT, so dual stack IPv6+CG-NAT deployments should be the norm for many years
to come.

~~~
oarsinsync
> The more ISPs migrate to IPv6 and CG-NAT, the more free IPv4 addresses for
> everyone else.

Uhhh, they're not returning their IPv4 addresses to any kind of free pool.
Those IPs that they have allocated remain with them.

~~~
the_mitsuhiko
If they can make money selling them I don’t see that happening.

~~~
oarsinsync
Current cost of an IPv4 address: $20

Value of product that can be sold per IP address: $5 - $1000/month.

Having worked in an organisation that had millions of addresses, we opted to
carry on having a long term sustainable business over selling our IPs for
short term gains.

Eventually the addressable market on IPv6 will reach a critical mass. At that
point, the value of IPv4 will become relevant to niche markets only.

------
pikzel
RIPE, there's this story of The Boy Who Cried Wolf. Would suggest reading it.

~~~
Dagger2
When did they cry wolf over this? They've made various announcements at each
stage of running out, but this is the first time they've announced that they
have more pending LIR applications than blocks to assign to them.

~~~
lozf
Yes, I remember the "Bring on IPv6" event when IANA ceremonially handed over
the last IPv4 /8 to RIPE, at the TfL Museum, London in 2011.

~~~
p1mrx
For comparison, ARIN went dry in 2015. RIPE had a rationing policy (one /22
per LIR) for that last /8, which is why it's lasted until now.

------
vectorEQ
nice of them to admit last times it wasn't serious then ;D they been calling
this out since advent of ipv6 >.> are they just trying to sell ipv6 or what?
since a lot of companies move to cloud solutions i can imagine this being less
of an issue and a lot of blocks to be returned to the pool?

~~~
anderskaseorg
RIPE is one of five regional Internet registries that manage allocations for
their respective regions, and all of them have announced the exhaustion of
their pools of available address blocks of various sizes at various times over
several years, as you would expect. Which of these announcements do you think
weren’t serious?

~~~
jcranmer
> all of them have announced the exhaustion of their pools of available
> address blocks of various sizes at various times over several years

AFRINIC has not exhausted IPv4 yet, although they are coming close to the
beginning of the end (when they're down to their last /11).

------
goatinaboat
They were panicking about IPv4 running out 20 years ago, the amazing
inventions of NAT and CIDR meant it never happened. I predict that we’ll be
here in 20 years again.

~~~
superkuh
If you look at the mobile telco IPv4 blocks, or lack thereof, you'll see that
NAT is here, heavily, almost ubiqitously, as carrier NAT. It's destroyed the
network functionality of mobile telecommunications (lacking routable ipv4) and
made them essentially dumb terminals lacking any ability to participate in the
'net. They can only consume other's services.

~~~
PappaPatat
Can you explain what you mean with "It's destroyed the network functionality
of mobile telecommunications"? Since I can think of exactly zero reasons one
needs his handheld to be reachable from the Internet (that has not been long
solved).

~~~
vertex-four
I'd like to be able to communicate with other handhelds without involving a
STUN/TURN server, which is hugely unnecessary complexity.

