Hacker News new | comments | show | ask | jobs | submit login
MIT no longer owns 18.0.0.0/8 (arin.net)
173 points by imjustapie on Apr 19, 2017 | hide | past | web | favorite | 141 comments



That's too bad. I think universities should make these resources that they've been granted available to students and researchers.

Last time I was at the MIT media lab for a conference, I was able to get an unfirewalled external ip address from their wireless network. It was amazing. I briefly streamed live audio of a talk via shoutcast, but of course, nobody uses that stuff anymore. It really makes you ponder what a cloudless internet would be like.

A little over a year ago, my university gave up their generous range of IP addresses. You could plug in ethernet, and not just get an internet routable IP (albeit firewalled from incoming traffic from the internet), you would even be assigned a subdomain off of the school's .edu domain. It was great. Students ran servers in their dorms. Clubs ran servers. Some professors ran servers. Even though you couldn't listen on a socket for incoming traffic from the internet by default, it was unfirewalled internally. I had to briefly live in student housing, and I was able to connect to my server via the school's http proxy via corkscrew. There were so many cool uses for it. Students were encouraged to run web servers if they needed hosting. It was also much faster[1]

I think CMU still provides fairly decent network services.

It was an insanely useful utility provided to students, and any serious engineering school should do it.

[1] http://www.speedtest.net/result/4339921583.png


IPV6 solves this, plus even without you don't need anything close to this amount of IPs to do what you're describing. It's a fairly niche case to need that many public IPs and it seems a little crazy to hold that many just in case some researcher might want to use them.

Even your comment about streaming, seems like mainly nostalgia vs reality as you kind of admit. Any modern streaming infrastructure works from behind a NAT since most people are behind one these days.


IPv6 solves mAAAAny issues. DNS issues causes MAAAAny more. I dAAAAbble in v6 here AAAAnd there AAAAnd the situAAAAtion is still pretty dire.


The question is, will people get the joke?


Only people that could have anything approaching a opinion about ipv6 worth listening to.


Guy who manages a two-dozen site v6 network with tens of thousands of clients here. What issues are you referring to?


Yeah if you want to make a cname for yourself in this field you'll have to bring your AAA game.


*AAAA


They answered that question 6 times in their comment.


If you can't access IPv6 enabled sites, you can't access Google, Facebook, Wikipedia, or Netflix, who all enabled IPv6 permanently in 2012[1]. According to [2], around a third of US has IPv6 connectivity. If AAAA records constitute some big problem, it's not well known.

1. http://www.worldipv6launch.org/participants/?q=1

2. https://www.google.com/intl/en/ipv6/statistics.html#tab=per-...


Thats not how it works, if you only have IPv4, AAAA records have no effect. Google et all continue to work via IPv4.


I'm not sure what you're referring to when you say "Thats not how it works".

I was referring to people with broken IPv6 setups, mostly Teredo and 6to4 (old Mac OS X versions), for whom IPv4 worked but IPv6 was not actually routable. At the time, publishing AAAA records would lock out all of those users.


> If you can't access IPv6 enabled sites, you can't access Google

He was referring to your lack of qualification in the above. An IPv4 user can indeed access Google, which is an IPv6 enabled site.


Oh, I see now. You're reading "Having IPv6 access is a necessary for accessing Google". What I meant was "If the presence of AAAA records means you can't access a site, then you can't access Google".

A user who only has IPv4 connectivity relies on their software recognizing this when accessing an IPv6 enabled site. Software's failure to do so is one of the main reasons for the slow rollout of IPv6.


Very hAAAArd to rAAAed - even having troubling remembering whAAAt you just sAAAAid...


IPV6 is all well and good, but I am not optimistic about it. Why should a university deploy it, and introduce all sorts of new problems? Mine hasn't. And I don't blame them.

No, I think that our future is isolated carrier-grade NAT, connecting to cloud services exclusively. And that makes me sad.

I had to disable ipv6 on my Linode, because Clouldflare, Google, and Facebook do not seem to trust any ipv6 traffic coming from Linode. Only using ipv4 has fixed everything.

And, as for ip4 blocks being obsolete, I still think it's wrong to sell them off. Universities were endowed with these. If they don't have a use for them, they should make them available for someone who does. Not just sell them to be used for some corporation's infrastructure.

I hate how so many people on hackernews seem to think that not selling these ipv4 addresses is a "waste". People are only looking at this in purely financial terms. I consider it to be wasteful to sell them to Microsoft or Amazon or whatever. No matter how much money they offer. Universities are supposed to use the gifts they are given to try to better society.

Aren't these ip addresses going to just be used for things like NAT traversal? Why doesn't MIT make them available for some non profit to offer that service as a public utility?

If a flight school has an operating runway and hanger, should they just make all their students use flight simulators and demolish their runway? Should an agricultural school sell off their farmland to real estate developers? If their students really weren't benefiting from their property, then they should donate it to some organization that could carry on the spirit of what they were supposed to be doing with it.


> Why should a university deploy it, and introduce all sorts of new problems? Mine hasn't. And I don't blame them.

If your university doesn't have a lot more demand for IP addresses then yeah -- it makes sense that they'd just hold on to their network space, continue to NAT their DHCP pools and keep doing what they're doing. That's not an indictment of IPv6, it just means that the work to deploy IPv6 doesn't provide any benefits to them. However, newcomers and networks that foresee expansion can't just "stay the course" -- there just isn't enough IPv4 for them -- and do need to bite the IPv6 bullet.

Deploying IPv6 does indeed require work in terms of management (all tools that assume the length/format of an IP address need to be updated, netadmins need to learn and deploy RA guard and friends) and your network silicon needs to do IPv6 in the fastpath -- but even with all these pain points, carrier-grade NAT'ing IPv4 is nevertheless more painful, expensive, and slow.

Forward-thinking network operators have been taking advantage of the LTE and DOCSIS 3 transitions to enable native IPv6 everywhere, and Facebook is moving to IPv6-only infrastructure -- and it's paid off! About 80% of network traffic (to Akamai) from T-Mobile and Verizon is IPv6 (from Comcast it's lower -- around 50%): https://www.akamai.com/uk/en/our-thinking/state-of-the-inter...

The future is IPv6 -- it's just not quite equally distributed yet.


>If they don't have a use for them, they should make them available for someone who does. Not just sell them to be used for some corporation's infrastructure.

Isn't selling them off to someone who will pay money for them pretty much the definition of making them available for someone who has a use for them?

It's not like you can't buy an IPv4 address if you want one because Amazon and Google own them all.

We just have this situation where a few universities, the US DoD, and a handful of corporations own a disproportionate number of IP addresses because they were early to the game. They all got cheap IPv4 addresses. So HP owns two /8 addresses while Google does not.

I'm not seeing a situation where donating millions of IPv4 addresses to someone is going to improve society relative to Amazon forking over a bunch of dollars to a university.


I guess it's a matter of opinion. If a university had some prime real estate, they could sell it to the highest bidder so that they could build a shopping mall, or they could donate it to a non-profit that would improve society in some way, thereby fulfilling their mission, to improve society. Or they could just cash out and getting more money could arguably improve society in a less tangible, less measurable way.

Universities are uniquely positioned to not be constrained by market forces. Part of the reason that universities get privileged access to things, is because they are seen as working in the public interest. Government and business and wealthy donors throw money at universities, because they want to see innovation and public good come from it.

Maybe that's idealistic of me, and universities are just a kind of business, and only that. MIT already gives the public free hosting, with an externally routable, unfirewalled ip4 or ip6 address, to anyone who comes on campus. I don't think any other universities in the world do that. And MIT does this at great expense. (this is how Aaron Schwarz was able to download so much of JSTOR)

It makes no financial sense for MIT to be doing this. Perhaps they should lock down their network as much as possible, and probably outsource it's management.


That hasn't been completely true for a few years. If you just walk onto campus with a wireless device and use the public network (the one that doesn't require authentication) you get a 10.x.x.x address behind a NAT and it has some firewall restrictions. (They're pretty light; it's mostly to keep out some network attacks.) I think you do still get a public address if you plug into an Ethernet port, and you may get one if you use the MIT SECURE wireless network.

MIT's network policies are not purely about what makes financial sense. The Institute was one of the birthplaces of the internet, and they see the ongoing development of it as one of their core missions. MIT has a close relationship with W3C, which is located a stone's throw away. Their network is multi-homed to the max; I think they peer with ALL the backbone providers that operate in the US. The school has ludicrous amounts of internet bandwidth; I think it's now measured in terabits per second. After all, they have to be able to cope with thousands of students watching Netflix along with all the research!

And just in case there is a REAL internet collapse... they have an emergency info site at mit.NET that is hosted far away from the campus. That would let them get some information out even if Cambridge were wiped off the map and all the name servers for .edu were to fail.


On Linode, were you using the default single IPv6 address, or did you request a prefix? I found that the default address was in a blacklisted /64, and couldn't send email without it getting bounced or blackholed. Once I got my own /64, the problems went away (but DKIM+SPF was also mandatory).


We really need to just pick a date and turn off ipv4 because its the only way to make this guy change.


It's not me that's fixated on ipv4. I would love ipv6. But why aren't ISPs providing it? Why aren't universities and other large organizations switching to it by default?

ISPs don't care. They would rather everyone just use carrier-grade NAT.


Because someone works at those universities or ISPs who is making the same argument you're making. If enough of you all throw your hands in the air and say 'not enough people are doing it' then there will never be enough people doing it. At some point someone needs to point a (metaphorical) gun at your heads and make you all do it or else.

In the meantime, you should feel bad every time you make this argument because you're helping to make the world worse and enabling everyone else to just kick the can down the road.


I've tried to run IPv6 on my Comcast connection. Unsurprisingly, Comcast doesn't get the point of IPv6. They allocate one single IPv6 address to my router. That's right, ONE. LOUSY. ADDRESS.

This seems to be a "feature" of owning your own modem rather than renting one of theirs. I hesitate to even try to get this fixed via their tech support.

I guess if I want IPv6 connectivity, I'm either going to have to get a tunnel from Hurricane Electric (SIXXS is shutting down), or carve out some IPv6 space from my Linode and tunnel it to my home network.


Actually, Comcast supports DHCP prefix delegation (I'm led to believe everywhere, but it works at my home anyway), which is pretty much the Right Thing in this space. Your default DHCPv6 request is from a single client and it returns a single IP, as expected. And you can then do NAT across that if you want, which is what their default routers do.

But if you want a subnet, you can make a second DHCPv6 request with prefix delegation metadata, and the server will establish a route for a full /64 subnet to your existing IP and return it to you. Then you can hand these out however you want (though they won't give you bigger than a /64 so you can do internal subnet routing).

The only annoyance is that none of the existing Linux distros support this yet as part of their network client integration, so you have to script it yourself around dhclient (see the -P argument), which is a little hairy if you want to get the hooks right (I punted and just did it once manually and left dhclient running).


UPDATE: I now have IPv6 connectivity via my shiny new EdgeRouter POE. Now I just have to poke a few holes in the firewall where appropriate (now that I've set drop-by-default rules).

Getting it to work with the ER-POE was non-intuitive but not as bad as I was expecting. I'm even getting a /60...


I suspect most people don't use a Linux box as their router (with the obvious exception of router distros and embedded Linux on routers).

Most people will read this, I think, and think a Linux client won't accept a V6 from a router that has obtained it's delegation via DHCP-PD..


>The only annoyance is that none of the existing Linux distros support this yet as part of their network client integration, so you have to script it yourself around dhclient (see the -P argument), which is a little hairy if you want to get the hooks right (I punted and just did it once manually and left dhclient running).

I think OpenWRT has all you need for this. At least I think that's exactly what I did with my ISP config on my own router just with the LuCi web interface.


Yep, same with Cox in my area. I'm running Sophos UTM Home which supports prefix delegation, I'm sure there are others that are plug and play as well.


Linux doesn't support it? My Comcast router has a /64 given to it by Comcast and all my linux boxes connected to it work like a charm.. although I haven't been able to get my dd-wrt router to pass them on yet.


Linux supports it just fine, you have to do the integration on your own. If you want to use the distro-provided DHCP setup, you need to work out the NetworkManager hooks on your own to add the PD client at the right spots.


Comcast will give out up to a /60 for residential if you hint for it in DHCPv6-PD.


That doesn't sound correct. Are you absolutely sure you aren't also getting a prefix delegation thru DHCPv6? That's currently the common way to provide IPv6 connectivity currently for residential users.

From what I remember hearing, Comcast was giving /60s thru PD.


No, I don't get a prefix. No /60, no /64, not even a /120, just one single address. A /128. Maybe I should jump on their forums and raise a fuss. I'm not at all confident that calling tech support would get me to someone who even had a clue what IPv6 is.


Just to be sure, with a routed network being aimed at your house, you'll actually receive two subnets (well, a single address in one subnet, and a whole second subnet). You need to use DHCP-PD or similar to make use of it.

The /128 sounds perfectly normal, and is used as a "point to point" link between the ISP and your modem. Over this, DHCP prefix delegation typically gives you a whole second subnet of /60 or so. If your modem isn't handling DHCP-PD, then all your see is 1 measly address even though they've likely allocated and pushed 295,147,905,179,352,825,856 addresses to you.


Hmmm, maybe I should revisit this. I first tried it a year or so ago with pfSense on a virtual machine. Between the IPv6 issues and generally poor performance (long story), I went back to my IPv4-only configuration with DD-WRT on a D-Link DIR-825.

I'm now using a Ubiquiti EdgeRouter POE, and maybe I should give it another shot. I'm not convinced I'll actually get a prefix from Comcast, though.


It may differ by region, but in the SF Bay Area I've been getting a /60 from Comcast residential for a few years now using a MikroTik router. See here: http://i.imgur.com/2mrRk01.png


The edge router can do DHCP-PD, but it needs some configuration for it to do it, there's lots of info on the Ubuiquiti forums about it. Good luck!


Comcast has a decent ipv6 technology group (by necessity - they were an early adopter/innovator of carrier-grade v6 as they have more CPE to address than can be fit into 10/8). If you ever become interested in resolving this you may want to dig through http://www.comcast6.net and see if you can find a direct contact to work with.

I don't have any contacts myself, I'm just a customer and interested observer.


I can confirm that, my home network is currently routing a /60 from Comcast.


FTR, I don't get a prefix from them, either.

I tunnel all traffic through Comcast via a VPN, though, because I consider them a hostile network, so I don't especially care.


Not necessarily your situation -- but I noticed this from Time Warner as well and it turned out to be my old Airport Extreme hardware. Even with the latest firmware it wouldn't receive the delegated range. As soon as I upgraded to the latest model, it properly received a delegated range from TWC without me doing anything else. Just saying, there is a lot of reason to hate cable companies, but it's not always their fault :)


That's surprising, in Denver Comcast gives my Time Capsule a /64 (and has for years, we were one of the earlier areas to get v6 service from them). Doubly surprising since the v6 RFCs all but forbid giving out less than a /64, and Comcast is a leader rather than follower of v6 technology. I wonder if the modem manufacturer is at fault instead.

I regularly ssh straight into to my suspended WoL Macbook over v6, and never went out of my way to set up a single bit of it. A half dozen new technologies working perfectly out of the box!


"carve out some IPv6 space from my Linode and tunnel it to my home network."

I'm planning on doing exactly this using openvpn as my transport (because I already have an extensive ipv4 openvpn system). Has anyone tried it? I'm not interested so much in how to do it, which I think I know, but in anecdotes along the lines of "it makes openvpn crash" or "linode told me I was being abusive and cut me off" or whatever.

I've had ipv6 for decades I guess. I even got one of the Hurricane Electric "sage" tee shirts last decade. But when sixxs goes down I lose ipv6 connectivity for the first time since the DSL days at the turn of the century.


I tunnel all of my traffic through my Linode. I had to disable ipv6, because I was getting constant captcha checks from facebook, cloudflare, and google. No matter how many different ipv6 addresses I tried, traffic is always marked as suspicious. As soon as I disabled ipv6, everything went smoothly.


This sounds like CloudFlare etc have just blacklisted hosting provider IPv6 blocks, as there a real easy way to get millions of "clean" IPs priced by the hour.

CloudFlare etc certainly dont do this with SiXXS IPv6 addresses, or any traditional residential provider I'm aware of.


Well, I'd love to use ipv6. In fact, I can't wait. But, what am I supposed to do?

  * T-mobile: ipv4  
  * Office: ipv4  
  * Verizon: ipv4  
  * University: ipv4
  * Linode: ipv6 (but flagged as hostile)
Google will not just show me captchas, but will deactivate accounts if I use some of their apis. I had to reverify several accounts when I've tried using ipv6.

I'm not being backward about ipv4, I'm really not. But we're in denial about the fact that we still live in an ipv4 world. And I don't like seeing the last vestiges of non-profit ipv4 address space being liquidated.


T-Mobile stopped handing out IPv4 addresses to handsets on iOS 10 -- IPv6 Only.


Yeah, T-Mo is IPv6 on smartphones such as Android/iPhone.


I route all of my mobile traffic through an older Android device that only connects to their 3G network. Maybe that's why...


You should be able to get a /56 or /60 from them using DHCPV6-PD.


I have Comcast and get a range. It may be a regional thing or your setup is just wonky.

Granted, I have business class so that I don't violate their ToS by hosting stuff and to get a dedicated IP.


Rogers in Canada gives /64, which is lovely.


My old ISP gave me a /64 and it was anything but lovely. It's too small to break up into subnets, and they were unable to give anything larger.

This caused me to switch ISP's and now I have a static /48. That's much nicer.


I get a /60 from Comcast in Chicago.


> Even your comment about streaming, seems like mainly nostalgia vs reality as you kind of admit. Any modern streaming infrastructure works from behind a NAT since most people are behind one these days.

If I tried streaming a conference on youtube, facebook, or periscope, my stream could be muted or stopped because someone plays copyrighted music or something.


That's too bad. I think universities should make these resources that they've been granted available to students and researchers.

They are... indirectly. MIT can do far more to assist students and researchers using the money they raise by selling off IP addresses than they can by holding on to the addresses in case 16 million students all decide that they want to host their own podcasts.


16 million students!! The school only has a bit over 11,000 students, and just over 12,000 faculty and staff. In other words, they had about 700 addresses per person. After the sale they will only have 350.


I don't think MIT needs any more money. Universities are often endowed with special assets that others organizations are not.

Yes, universities should dole out as many IP addresses as students want. Where else will students get an opportunity to build something with that infrastructure?

Maybe the university could use their infrastructure to create a non-profit ISP that serves some underutilized market.

If I were endowing land to a university, I would want them to use it, or make it available for the public good. Not just sell it off.


How many IP addresses do the roughly 12,000 students, 1,000 faculty, and 8,600 staff at MIT use? Do they use an average of 800 publicly-routable IPv4 addresses per person? Do they need that many? Do they want that many? Do they have projects that would actually use those IP addresses?

Mind you, an /8 block might sell for maybe $3-$7 per address, or $50M on the conservative side.


If the ip addresses really aren't useful to them, they can provide them to someone who could carry on their spirit of improving society.

How about providing services to the general public in some way, then? Transfer them to a non-profit trust that will allocate them to anyone who would do something important with them.

If a university had extra land, I would argue that they provide it to someone who could give it back to the public in some way.

It is because universities are supposed to do this in the first place, that they are endowed with things.


I don't think we agree on what the purpose of a university is. I'd say the purposes of a University are research and post-secondary education. MIT is not some kind of general-purpose charity with the vague goal of improving society. It sounds like they decided that $50M is more useful than an /8 block for achieving their mission.

All I'm hearing in response is the unjustified assertion that the IPv4 addresses are more useful somehow. I'd like to hear why the IPv4 addresses are so useful, and why you need 17M of them, and how they'll improve society more than $50M of research or education would.


Obviously IPv4 addresses are useful, because people are offering money for them. My understanding of what they are used for, is to support clients behind NAT. But there could be some further application that I am not aware of.

If IPv4 addresses are useful to Microsoft or Amazon, then perhaps they can be useful to the general public, in some way. Indeed, MIT already provides IPv4 hosting to anyone who physically shows up at their campus. Maybe MIT could grant their IP addresses to a non-profit that would find a way to improve society.

It's debatable what universities should be doing. I've talked about this with several people who work in grant writing, and administration of well respected universities. What I have been told, is that it is generally the job of universities to educate certain people, with the end goal of improving society, and the world. And that is what justifies universities hand picking who they educate; affirmative action. So, picking out students from poor and marginalized communities, and targeting them for education, would arguably do more good for society as a whole. Universities played a part in ending slavery, by demonstrating that black people could indeed compete with white people intellectually. And that this mission is explicitly laid out in the charters of many universities.

But, I'm aware of how indirect that is. Not everyone will agree. And certainly not all, if not most universities are like this. I think a lot of universities are just educational and research facilities.


This answer is profoundly unsatisfying.

It sounds like the argument is that IPv4 addresses are useful to ISPs and cloud providers, therefore they must be useful to MIT. Somehow. The question of why IPv4 addresses would be useful to MIT is completely dodged.

I am also reading the comment about what universities should be doing and it sounds contradictory. You say the job of a university is to "educate certain people", but then complain that some universities are "just educational and research facilities". It feels like complaining that a bakery is "merely a provider of baked goods".

Education and research are part of the university's mission. Making the world a better place isn't the mission, it's the desired outcome of education and research. So giving grants to students so they can attend classes furthers the university's mission, and giving grants to faculty so they can do research furthers the university's mission, but providing IPv4 addresses to some vague hypothetical project is not part of MIT's mission.


MIT may not need more money, but I guarantee you there are people there who could do something productive with a grant. Many more than can do something productive with 1000 public IP addresses anyway.


Given ipv4 exhaustion I'm not sure the pros outweigh the cons but your post just triggered some happy long forgotten memories.

Manchester Uni (circa ~2001) as part of JANET (https://en.wikipedia.org/wiki/JANET) had unmetered, unfiltered 100Mbit ethernet ports straight into all the dorm rooms, each with a dynamic public IP on the end. A publicly routable 100MBit line back then was a big deal (the fastest connection I could get at my parents was a bonded ISDN line).

It was thanks to that that I first started playing around with linux (RedHat 5 or 6 back then iirc). I remember assembling a server box with cheap PC parts, hosting an FTP (...posting the Dyn domain for it to alt.2600 and later getting in trouble after the uni received a letter from Universal :), running audiogalaxy satellite 24/7, setting up an IRC server for me and my friends to co-ordinate Quake 2 games (or counter strike - can't remember), trying (and failing) to do my own email with qmail and all sorts of other fun stuff I've forgotten. Good times.


>I think universities should make these resources that they've been granted available to students and researchers.

MIT student body size: ~11,200

Unique IPs on this block: ~16.7 MILLION.

That's ~1500 unique IPs per student.[1]

>Students ran servers in their dorms. Clubs ran servers. Some professors ran servers.

Well, they're still keeping a whole boatload and IPv6 is here, so you're lamenting a scenario that isn't actually happening. MIT students will not have a shortage of IPs for such activities.

Sorry, but we're way past the point of any rational argument to reserve 16 million ipv4 IPs for such a tiny student body. IPv4 hoarding is counter-productive. It keeps organizations from moving to v6 in a timely fashion and over-powers organizations that ran quickly during the IP goldrush way back when. Its not merit based and its just dirty politics as far as I'm concerned. We have v6 now and setting up v6 to v4 gateways is trivial for v4-only destinations. If anything if you love hacking around and setting up boxen then you should be thrilled at what v6 is offering and the amount of addresses you can trivially get, not the opposite. Its legitimately democratizing due to the lack of scarcity while v4 allocation is nothing but representative of the dirty politics and dirty economics of scarcity.

I doubt Vint Cerf is crying in his cornflakes about MIT giving up v4 addresses, and I would assume he's thrilled to hear about v6 getting more traction:

Some researchers wanted a 128-bit space for the binary address, Cerf (recalled) ... But others said, "That's crazy," because it's far larger than necessary, and they suggested a much smaller space. Cerf finally settled on a 32-bit space that was incorporated into IPv4 and provided a respectable 4.3 billion separate addresses.

"It's enough to do an experiment," he said. "The problem is the experiment never ended."

http://www.networkworld.com/article/2227543/software/softwar...

[1] MIT is only giving up half of this mother lode, so each student merely is allocated ~700 each. MIT also claims 14m of those IPs have never been used in internet history.

https://gist.github.com/simonster/e22e50cd52b7dffcf5a4db2b8e...


MIT keeping their /8 would actually make IPv4 addresses more scarce and thus encourage other organizations to migrate to IPv6 faster. But on the other hand, they would be crazy not to do anything with that money.


> MIT is only giving up half of this mother lode, so each student merely is allocated ~700 each. MIT also claims 14m of those IPs have never been used in internet history.

Good. I didn't realize how many ip addresses they have. I think that universities are endowed with finite resources like land or ip addresses have a responsibility to make them available to students and fellows, and by extension, improve society.

Selling everything to the highest bidder isn't something I want to see done.


MIT had about 700 IPv4 addresses for every human being involved with the Institute - students, faculty, and staff. They're only putting half of them on the market, so they will still have 350 per person. I don't think it's going to compromise the quality of their network services or the availability of IP addresses for people who want them.

Like most large institutions, MIT doesn't give public IP addresses to most client devices (desktops, laptops, phones, and tablets); they get DHCP address in the 10.x.x.x range behind a NAT because it's a bit easier to firewall them that way. But real IP addresses are available if you need them to run services.


A student ran an IRC server (necromancy.poly.edu) that anyone could connect to from outside the network, if they used their student VPN. I love that that was possible.

There were so many cool projects that their network facilitated. I went to this exhibition, after the network "upgrade", and spoke to a student who's wearable device gets sensor readings from itself using HTTP to a node.js server hosted on a VPS. He was having latency issues.


I'm the VP of the Linux users group at the University of Delaware and we have several servers in the central data center connected to the university's subnet(128.4.0.0/16) with unfettered access to the general internet. No NAT, and limited firewall.

Our Webserver is on a subdomain of the .edu(lug.udel.edu) and is totally accessible from the internet. It even listens for incoming connections. We run a mail server, a mirror, and an IRC server on there. It's great because even alumni can connect from wherever. I think there is a central firewall for every connection coming in, but I haven't run into problems for my uses.

In fact, every system registered for an IP on the UD intranet is assigned a public, world-accessible IP on the 128.4.0.0/16 subnet and can listen for incoming connections. Even wireless devices.


Many universities still own generous blocks, though historically there were possibly many more[1]. My university, Caltech, still has the 131.215.0.0 - 131.215.255.255 block and has student dorms, graduate student housing, and office buildings wired up exactly as you describe. They also happen to own the 134.4.0.0 - 134.4.255.255 block, though I have never seen an actual server used there linked externally or internally.

[1] http://answers.google.com/answers/threadview?id=339445


131.215.0.0/16

134.4.0.0/16


I don't follow.


contiguous IP blocks are typically denoted in CIDR notation


More compact notation for the address blocks


CMU does still provide a public ip over wifi. You can even specify if you want a static one for a given mac address.


Are there schools that NAT student computers? That would be pretty shitty.


My how things change. At one point in the late 90s, I had an entire MIT Class C subnet at my house.

Now, I've got 5 static IPs from Verizon FiOS on some ancient grandfathered plan. Years ago, they "changed" the addresses, prompting me to ask, "what part of 'static' is not clear?"


I still remember the day that happened to us. It was a Friday and not only did we lose data but our phones were VoIP so no clients could get through to use either.

I spent much of the day troubleshooting with their support before I figured out to ask them to tell me what five static IPs they have listed for us in their system. Turns out they changed with no notification and even their internal people didn't know. Spent more time trying to get our old IP addresses back as some of our vendors had IP restrictions and some of our partners accessed one of our internal servers. That turned out to "not be possible" so spent Monday filling out forms to update to the new IPs everywhere else.

I think I still have one of their senior VPs cell phone numbers in my phone from the late calls that night including a couple while I was having a party at my house.


Comcast (I have a business class plan; this is not their residential offering) also changed my "static" IPv4 address at one point, as well. They claimed to have allocated the same IP to two different accounts.


If you can find an ISP that supports IPv6 quite a few of them (maybe all?) support prefix delegation. A /64 isn't uncommon from ISPs in Seattle.


FIOS doesn't support V6. At all. In 2017.


I have Time Warner Cable in NYC and get a delegated /64. FiOS definitely does not support IPv6 at all.


No friend of mine is on ipv6. No mobile phone I've seen supports ipv6.

Having an ipv6 prefix is useless to me (as someone that is behind the abomination called CGNAT / 'Dual Stack Lite').


> No mobile phone I've seen supports ipv6.

T-Mobile LTE has been exclusively IPv6 on most phones for some time now. I'm pretty sure other mobile providers have done the same or are in the process of doing so.

All my Android devices have supported IPv6 as long as I've had it running on my network. I don't have an iOS device but since T-Mobile sells them I assume they work with IPv6.


> I don't have an iOS device but since T-Mobile sells them I assume they work with IPv6.

My iphone works perfectly with T-Mobile's ipv6 network -- it gets a v6 address of its own and also anyone who tethers to it also gets v6 address.


Verizon LTE is IPv6, too


I replied to a different post in this thread, but ipv6 isn't available for me (Germany). Sure, my devices would support it..


iOS supports IPv6, and has done for some time:

https://developer.apple.com/news/?id=05042016a


My T-Mobile (US) Android phone definitely supports IPv6 - but only as a native device, not as a hotspot. Anything that connects to the hotspot gets an RFC1918 address with NAT.


> No mobile phone I've seen supports ipv6.

How hard have you looked? My iPhone has native IPv6 on Verizon.


Whoa. I got quite some downvotes - probably from people living in completely different environments.

I'm from Germany. We have three big players here: Vodafone (my corporate mobile), Deutsche Telekom, EPlus (I think that is owned by/known as Orange elsewhere?).

Vodafone: No ipv6 address Telekom: Can't test EPlus: No ipv6 address

Google's ipv6 test (I checked with 'ip addr' before and don't get any ipv6 address other than the link-local one): Left SIM is Vodafone, right one is a reseller for EPlus.

http://imgur.com/a/TNSFy

In other words: Maybe, maybe ONE of the three mobile networks hands out ipv6 in Germany (I doubt it though?). For me and everyone around me, ipv6 services are unreachable from any phone and accessing ipv6 services from random machines (friend's house, hotel network) is highly unlikely. Like .. I'd give it a 10% chance to work and my home network is ipv6 only for years now, so it's not like I haven't tried..


Just curious, was it a breach of contract or did they have one of those lovely small printed clauses no one ever reads :)


Most of them are 'reasonably' static, with (relatively generous?) provisions for notice and migration.


I believe the contract is silent on the "static-ness" of static IPs.


Letter to MIT community: https://gist.github.com/simonster/e22e50cd52b7dffcf5a4db2b8e...

tl;dr MIT is selling off half of 18.0.0.0/8 (8 million IPs)


heh, so they got the 18/8 for free, refused to replace /8 with /16 like other universities did to help relieve IP shortage, but then they simply sold the 8 millions of the addresses for profit, while still hugging to remaining 8 million, even though that their student body size is only ~11,200.

I guess that's good for them, but it's still a dick behavior.


AFAIK, Stanford was the only other university with a /8 though I may be wrong. In any case, I'm not sure what the issue is with extracting money from Amazon for something they own. There are plenty of companies that were in early on that got /8s for relative pennies. Some even have two today by way of acquisition.


Technically it also helps whoever they sold it to. (One side effect of speculation is that stuff gets held in reserve until someone really needs it. :-)


I agree with you, but I guess you could say that those IPs have "appreciated" in value from $0 way-back-when to some considerable sum today.


Slightly longer tl;dr IPv6 is coming and we're working on the upgrade. In the meantime we have 14 million unused IP addresses out of our 16 million allocation. So it seems pretty reasonable to sell 8 million of those off given that they're worth a lot of money and we'll never need them prior to IPv6 adoption.


Off-topic: When broadband came to my hometown around 2003 it was build out by a local guy so I managed to ask him to provide us a static IP address. I am always amused when I visit my parents that their IP address is still the same.

Off-offtopic: The cable modem broke down once. We called the guy, he picked it up 20 minutes later, soldered the broken capacitor and we had our internet back in 2 hours. It was on a Saturday.

He didn't have to do any of that, he had monopoly on broadband on the entire area. Small ISPs are the best.


> He didn't have to do any of that, he had monopoly on broadband on the entire area. Small ISPs are the best.

I'm guessing part of it is because they only preside over a small area that there's a human element to it, they must feel responsible for the internet of these people, and they're close enough to them (in the hierarchy) that that actually matters.


Looks like they SWIP'ed out the subnets of 18/8, transferred that object to ARIN allocation, and transferred 18.145/16 to Amazon.

https://whois.arin.net/rest/net/NET-18-145-0-0-1.html

edit: Looks like a lot more than just 18.145/16, based on https://whois.arin.net/rest/org/AT-88-Z/nets


An updated list of MIT's IPv4 address ownership:

https://whois.arin.net/rest/org/MIT-2/nets


https://whois.arin.net/rest/net/NET-18-0-0-0-1.html

So they don't have 18.0.0.0/8, but they do have 18.0.0.0/9?


That's up to 8388608 addresses lost...


Sold, probably. Looking at https://www.leadertelecom.biz/ips/transfer, that could have brought in a nice sum of money (they ask #unicode code points in dollars per 65,536 addresses)


> "(they ask #unicode code points in dollars per 65,536 addresses)"

Could someone explain this? I feel like I'm missing something (not the 2^16 addresses, the "#unicode code points")


There are 1,114,112 Unicode code points (17 times 64k), and that particular site happens to charge $17/IP, so for 64k IPs they happen to charge $1,114,112. Same idea as "number of libraries of Congress" or "number of Empire State Buildings", but nerdier.


Thanks! That was very helpful.

edit: From wikipedia:

"Unicode comprises 1,114,112 code points in the range 0x0 to 0x10FFFF. The Unicode code space is divided into seventeen planes (the basic multilingual plane, and 16 supplementary planes), each with 65,536 (= 216) code points."

https://en.wikipedia.org/wiki/Code_point


Probably easier to just look at BGP

http://bgp.he.net/AS3#_prefixes


Ah, it looks like BGP caught up. Yesterday AS3 was still announcing 18.0.0.0/8.


Why'd they get of them in such odd intervals?


Well, I think some of the intervals are still actively used by building networks!


Wasn't it purchased by Amazon? I don't have a source unfortunately, except this reddit thread: https://redd.it/668ffg



Really glad to see this happen. I (MIT alum) think this was a legacy of the past that had to change - MIT was just hoarding too many IP addresses. Not blaming MIT - it was a historical artifact, but most other universities had released theirs over the years and MIT hadn't.


Does HP still own 15/8 and 16/8? I remember visiting there once and everyone had public internet addresses.


"public" in the sense of theoretically routable, yes, but most of them were firewalled off, so they might as well have been RFC1918 addresses for all the good it did you.

The worst part about getting 16/8 from Compaq was that it wasn't contiguous address space, so you couldn't use a single netmask for both. :(


It was contiguous, but didn't aggregate under a single bitmask. For example if it had been 14/8 and 15/8 (instead of 15/8 and 16/8) then they would have held the world's only /7.


It appears so. (HPE specifically.) Hewlett-Packard had an original /8 and acquired another that was Digital Equipment's by way of Compaq.

Stanford had a /8 like MIT but they sold that off [edit: or gave it back] a while back.


For the uninitiated, can someone give a brief explanation of what that means?


Computers on the internet are pointed to by special numbers. Usually the special numbers look like 4 numbers with '.' like 123.45.67.89 Each of those 4 numbers can be between 0 and 255 so (to be more simple) the lowest special number would be 0.0.0.0 and the highest would be 255.255.255.255.

Back when the internet was still young, you would go to ARIN (the American Registry of Internet Numbers) and say "I think I need 256 special numbers" and they would give you a block of 256 of them. Something like 1.2.3.0 - 1.2.3.255. If you asked for about 65,000 special they might give you 231.45.0.0 through 231.45.255.255.

MIT (the Massachusettes Institute of Technology in Boston, MA, USA) was one of the first people to ask for special numbers and so asked for over 16,000,000 of them (this was 1/256 of all of them) and so MIT was given 18.0.0.0-18.255.255.255.

Now today, all of the special numbers have given to people and companies. This makes each special number extra special and large groups of special numbers very extra special. Since MIT had 16,000,000 of the special numbers all next to each other, they decided to sell half of their special numbers for a lot of money.

Edit: Simple English: https://xkcd.com/simplewriter/


I'm so old that I predate CIDR and in the old days before netmasks the netmask was essentially implied by the first couple bits of an ip address so all msb zero ip addrs were class A aka /8 allocations. All MSB 00 or whatever it was were class B implying a netmask of 255.255.0.0 aka a /16 allocation.

Before CIDR you couldn't route or advertise rando netmasks like a /9 or a /20. There were no steps between a /16 and a /8 so if you convinced (someone, forget who) that you "need" more than 65K ip addresses (and MIT is big enough to need more, theoretically) then you got a /8.

A lot of noobs think ipv4 rolled out with CIDR; not so. For "a long time" people had to make due with classful routing.

From memory, isn't RIP v1 only classful routing compatible? Been awhile since I used something that old.


One of my friends took a CCNA class and had her mind blown by Class C != /24. I was shocked they're still teaching anything about classful networking in 2017. I think the last time I saw RIPv1 was 1998.


"MIT [...] asked for over 16,000,000 of them"

I don't think they specifically asked for 16 million of them. Back at the time, that was the unit in which they were doled out. https://en.wikipedia.org/wiki/Classful_network#Background:

"Originally, a 32-bit IPv4 address was logically subdivided into the network number field, the most significant 8 bits of an address, which specified the particular network a host was attached to, and the local address, also called rest field (the rest of the address), which uniquely identifies a host connected to that network. This format was sufficient at a time when only a few large networks existed, such as the ARPANET, which was assigned the network number 10, and before the wide proliferation of local area networks (LANs). As a consequence of this architecture, the address space supported only a low number (254) of independent networks, and it became clear very early on that this would not be enough."


One of your words is wrong though. Cambridge, not Boston :-) OK, we're picky about that sort of thing.

I think it's also more like the special big blocks of special numbers were given away without thinking much when the internet was young.


They owned ~0.39% of the internet address as a single institution. Which is a lot, given MIT is less than 100K users and world is 7Billions sharing 4billions IPv4.


University of Michigan has a few /16s that they still lease to all devices on their network - wireless and wired.


xkcd explained what a mess the allocations were ages ago: https://xkcd.com/195/


I guess that's just human nature, we are doing similar with IPv6 right now. The smallest allocation for IPv6 is /64 that's 1.84467440737096E19 addresses.


Only similar if you ignore that there are 2^64 available /64s. We're never going to be in danger of running out, so the use of /64s allows potentially interesting application of the host part of the address (uses so far include stateless autoconfiguration and privacy addresses).


> We're never going to be in danger of running out.

Just wait until every cell in your body has its own IP.


An estimate for the number of cells in an adult human being is ~37.2 trillion [1]. Let's be conservative and round that up to 40, and then assume that everyone on earth is an adult, too.

There are currently 7.49 billion people in the world [2]. Let's be conservative again and round that up to 8.

Multiplying these numbers gives us 3.2x10^23 cells. The IPv6 Global Unicast address space (2000::/3) is 125 bits wide, for 2^125 = 4.3x10^37 combinations. This gives us 1.33x10^14 addresses per cell.

Ofcourse, thinking about IPv6 in terms of number of addresses is wrong, because you should be thinking in terms of number of networks (/64). That gives us 2^(125-64) = 2.3x10^18 networks, or 0.000007 networks per cell, which is 268054250 networks per person.

I think we're okay.

[1] http://www.smithsonianmag.com/smart-news/there-are-372-trill... [2] http://www.worldometers.info/world-population/

EDIT: Fixed formatting.


My body is v6-ready.


LSC


I wish all of those who own a /8 would release it unless they actually needed it, that + cgnat would really help with the ipv4 shortage.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: