Hacker News new | past | comments | ask | show | jobs | submit login
IPv4 is depleted: Final five blocks allocated to registries (nanog.org)
241 points by jedsmith on Feb 3, 2011 | hide | past | favorite | 105 comments

I asked this question on a similar article that gained no traction here recently: what do I, as a regular user of the internet, hosting no domains, and with no real responsibility for any website technicals, need to do about this? (Or what can I do about this?)

Do I need to request something from my ISP? Lobby them to see if they take it seriously? Or do I have little choice but to hang around, feeling smug because I've heard of IPv6 before this week, but waiting for someone else to ensure I transition?

> Do I need to request something from my ISP? Lobby them to see if they take it seriously?

Yes, but it's less crucial for you. Ask for a timeline for IPv6, if you'd like, but don't expect much.

You can also set up IPv6 for yourself or your home network via a tunnel (which is a pretty fun exercise), and get access to the IPv6-enabled Internet. All recent operating systems have very good support for it -- even Windows 7 will hear RA and autoconfigure itself.

Start here: http://www.ipsidixit.net/2010/02/24/228/

You can get a tunnel here: http://tunnelbroker.net/main.php

Other people use this, but I prefer HE: http://www.sixxs.net/

Or if you don't have static routable v4 address but have at least dynamically allocated v4 routable address you can use 6to4.

I use this to configure my Debian-based router to change used v6 addresses to match DHCP-allocated v4: https://gist.github.com/806333 (bit of an ugly hack)

I strongly recommend this or 6RD. It's a very straightforward and easy way of getting into IPv6 before ISPs start offering IPv6, as comcast did recently ( http://www.comcast6.net/ ).

From the Comcast link:

Each user has been delegated a /64 block of approximately 18,446,744,073,709,551,616 (18 quintillion) unique IPv6 addresses.

This seems like a ridiculous number of addresses, until you realize that this basically allows for 18 quintillion users, each with 18 quintillion addresses, before we exhaust the IPv6 space.

I think /64 was the guideline for the smallest divisible network an ISP should hand out. It basically allows for a household or organization to grow indefinitely while assigning anything that can hook up to the network a real IP address, with little restrictions on topology and/or address allocation layout. No need to reuse the addresses either, just give the new device a new one.

EDIT: I forgot to add that it also allows network devices to use their 64-bit link layer (ethernet/MAC) address as a host identifier.

Actually, /64 is the smallest indivisible network. You can divide that further, but then you lose this network/host identifier split and IPv6 features that require that (stateless autoconfiguration, privacy extensions...). So in case of normal network, ISP handing out /64 restricts topology of you network in that you can have only one network (with normal end-user devices).

Using smaller networks than /64 is certainly possible, but it's not something you want to do on end-user network and it's best left only for things like point-to-point connections and intra-datacenter networks.

18 quintillion is much much bigger than you think.

The peak estimated birth rate on Earth was 173 million in the 1990s. If 200 million people were born every year and we gave every person a /64 block, we could allocate addresses for the next 92 billion years. The sun will be long dead by the time we use up that address space.

That's what we all think right now. They'll be laughing at us in the future when every nanobot needs an IPv6 address.

No, really- 18 quintillion is a huge number.

92 billion years is a long time to imagine. Let's say we won't have a use for these addresses after the sun dies in approximately 5 billion years, so we're going to try to use them all up by giving every person 1,000 /64 blocks.

Wolfram Alpha gives the surface area of earth as 5e18 square centimeters. 2^64 is approximately 1.8e19. With a single /64 block you could put two nanobots in every square centimeter on earth. That's not really practical over the oceans, but whatever.

With 1000 /64 blocks, you could cover the earth with nanobots that take up only 0.05mm^2 of space each.

Pixels on the average computer display take up 0.055mm^2.

You could address a display that covered the surface of the entire earth with just 1000 /64 blocks, and you could make one of these display for every person born until our sun dies.

It's an astoundingly huge number.

>You can also set up IPv6 for yourself or your home network via a tunnel (which is a pretty fun exercise), and get access to the IPv6-enabled Internet. All recent operating systems have very good support for it -- even Windows 7 will hear RA and autoconfigure itself.

In fact, even Windows XP will automagically set up a 6to4 tunnel with no configuration needed if you have a public IPv4 address. Just enable IPv6 support for your connection and it does it all for you.

Comments like these make me wish HN had a save feature. Thanks, you just got bookmarked.

HN does. Anytime you upvote a story, the HN thread can be accessed again through the "saved stories" link on your profile page.

> Ask for a timeline for IPv6, if you'd like, but don't expect much.

This is actually one of the best things you can do. One of the frustrating things is when I talk to vendors about IPv6 and they say "oh, you're the only person to ever ask about that.."

Just drop a quick line to any networks you do business with (home ISP, hosting provider, hosted DNS, etc...) and politely ask them what their IPv6 rollout timeline is. Their response will give you a lot of information about how on the ball they are in general.

As for fun exercises, you might want to try out the Hurricane Electric Free IPv6 Certification: http://ipv6.he.net/certification/ It consists of a series of small and manageable tasks that will get you up to speed in no time.

I have been bugging my ISP (small, regional outfit) about IPV6 for the last 2 years, hoping to get them to move earlier than later. I called them again this morning, and they say that they still can't make a business case for it as they have 25% of their assigned IP space unallocated. They're waiting for some real momentum or need before committing resources to roll it out across their infrastructure. This attitude just adds to the chicken-and-egg problem, but I also know that this ISP is (human) resource constrained. They are constantly rolling out wireless solutions to unserved rural areas, so I must admit they are just being pragmatic. That said, as some other posters have suggested, getting a tunnel broker like HE and going through their IPV6 training game (Guru!) would be a great way to get yourself ready while your ISP figures things out on their end.


Even if you host websites, nothing until ipv4 actually gets scarce or costly.

Just because all ipv4 address space is "allocated" doesn't mean it's used or even allocated to end users.

I'd start worrying when you have to pay a lot of money to get a second IP on a server for example.

That'll probably be years away.... still good to read up on ipv6 though.

Years away? Gosh! Depends a bit on where you want your servers to be located, I guess, but still. For a lot of server hosting customers, prices for additional IPs have already increased steadily over the last few months. But don't take my word for it, here's a bit from a recent APNIC announcement, for example:

"APNIC expects normal allocations to continue for a further three to six months."


For a lot of server hosting customers, prices for additional IPs have already increased steadily over the last few months

That's just retail markup. If you peer with tier 1 transit providers you can still get IPv4 space for practically nothing.

Practically nothing? Are there tier-1 providers charging for IP space now? I can confirm that neither Level3 nor Global Crossing charge for IP allocations as of a month ago.

(The whole "charging for IP addresses" racket always left a bad taste in my mouth, since it's a public resource for which ISPs aren't paying, other than the overhead of being expected to justify and account for the space they've been allocated.)

Cogent gave us /22 (1024 IPs) free of charge in December.

For those reading along: loaned not gave

True. Applying to ARIN now...

Level 3 doesn't charge us either - what's really funny is some of the second-string ISP's actually pay you to take IP space from them.

First I would request it from my ISP. The more people requesting the more likely they are to take it seriously.

The second thing I would do is setup ipv6. We are currently in a chicken/egg problem. No one uses ipv6 because no sites use it. No sites use it because no users use it.

Adding a bit of ipv6 traffic to the internet helps. If your ISP doesn't offer ipv6 you can setup a tunnel using a ddwrt router and a tunnel provider like Hurricane Electric.

Best tweet of the morning: "I came here to kick ass and assign IPv4 addresses. And I'm all out of IPv4 addresses."

Thanks, someone retweeted it and I didn't have the link handy.

IPv4 is only "depleted" in a very technical sense. The last free /8 was allocated to a regional authority. This does not mean no IPv4 addresses are available.

The regional authorities (RIRs), the guys who actually allocate the addresses to user organizations, still have many, many blocks to allocate. The first RIR isn't expected to run out of ipv4 space until October.

That's when the shit really hits the fan -- requests for IPv4 space start to be rejected, ISPs start deploying NAT or 6RD, network administrators start jumping from windows etc.

APNIC is expected to run out sooner than October. October is on the high end of predictions, with some predicting as early as May based on burn rate. Two different sources:

http://www.potaroo.net/tools/ipv4/rir.jpg (probability distribution per-month)


The entire point of this exercise is to raise awareness. The IPv4 reserves are depleted, and the five regions are now chewing on the crumbs. Granted, this isn't shit hitting the fan -- however, preparations for shit hitting the fan must be on everybody's radar right now.

Huge changes to infrastructure, which honestly should have been completed years ago, do not happen overnight. That's why this is news.

Now it's up to the registries. From a nearby thread on NANOG, the forecasted exhaustion dates of the individual registries: http://www.tndh.net/~tony/ietf/IPv4-rir-pools.jpg

It's time to invade Africa and take all their precious IP addresses!

Anyone know how the transition in China is going? My employer sells networking products there, and all Chinese customers require IPv6 support. It would be interesting to know if it's rolled out to consumers yet.

I always thought that when we ran out of IP4, that some of the companies holding on to Class A blocks would release parts of those for use. I'm not a master of how blocks are assigned or if addressing wise it would be feasible but really, does Ford fully use its Class A block? Prudential Insurance? Eli Lilly? GE?

They could be playing the long view and realizing how much that address space is worth. If I were in charge of IT at those companies, I'd renumber out of the block and start thinking about selling the space, once it gets tight.

I've noticed that the perceived view in the netops community -- backed up by mailing list messages today, even -- is that such an IPv4 broker market is an inevitability no matter what the RIRs do. There are policies about it, but some regions (i.e., APNIC) have a model that encourages reselling space without their involvement.

Many people don't realize how non-trivial renumbering a network is. I transitioned the resnet at a public university from a /19 to a new /18, and it took several months of planning to pull off.

90% of the space was assigned via DHCP, but that remaining 10% which was statically assigned was a lot of work. Imagine tracking down every device assigned an IP address, scattered across a college campus.

Our routing configuration was trivial (single super-net, single site, &c), compacting an enterprise /8 would be an insane amount of work.

The long view isn't making a quick buck off v4, it's moving to v6 as quickly as possible.

OTOH, legacy /8s may contain whole /16s that have never been used and thus can be sold off without renumbering.

Spot on. It took Stanford roughly two years to move off their /8.

Looks like Stanford already did this with their block:


Its a pretty interesting list of companies that still hold onto these blocks.

I have to wonder what the DoD's Network Information Centre needs with 151 million IP addresses. Surely they could spare a few.

Random point about this (my current employer is a national lab):

In 2006, the OMB issued a requirement that new DoD/DoE/USG/etc IT spend ("to the maximum extent practicable") be IPv6-capable, and tasked NIST with developing a testing framework for determining compliance:

http://www.whitehouse.gov/sites/default/files/omb/assets/omb... http://management.energy.gov/documents/AttachmentFlash2010-4...

Mind you, we were also supposed to be running at least dual-stack by 2008. ;-) Anyway, as of the middle of last year, this came along:


Basically, we have to be IPv6-capable on external services by 2012, and be ready for it enterprise-wide (for anything that touches the Internet; offline farms, etc. are exempt) by 2014. I don't suspect many organizations are going to hit that, but that's the target, and we're taking it pretty seriously here.

Also, here's a random resource: a totally unofficial IPv6 survey:


Especially when you consider none of the good stuff is allowed on the internet anyway.

An IPv4 address space walks into a bar. He says to the bartender, "A strong CIDR please. I'm exhausted."

Enough with the fear mongering headlines already. Yes, IANA allocated the last 5 /8's to the regional registries. IPv4 is not going anywhere anytime soon.

People have been beating the same "IPv4's time is running out" drum since the late 90's apparently

It isn't running out. It is out.

I edited out over and replaced it with depleted to satisfy the concern about the headline, but I didn't even like doing that. The cavalier attitude that "nothing is really wrong, keep doing what we're doing" has been an extensive contributor to the problematic situation we're in right now.

People have been beating the drum, as you say, because this day was foreseen more than a decade ago. IPv6 has been in use for far longer than a decade. It was anticipated that we'd be most of the way through the transition by now, but we're not, partially due to "nothing's wrong" attitudes.

Edit: By it in the first sentence, I meant IPv4's time (and was responding to the parent's usage of time running out). I don't mean IPv4 addresses have been exhausted, as I'm quite aware they're not. However, IPv4 has reached the end of its usefulness, is the underlying root of my meaning.

So, why hasn't IBM, GE, MIT, and other legacies been offered a little cash to move back to a handful of class Bs? I mean, Stanford did it...

Because they realize the monetary value of their claim.

IPv4 addresses are not "out". There are a finite number of IPv4 addresses just as there is a finite amount of land on earth. We are not "out" of land are we? The regional registries haven't even finished allocating the addresses (let alone the low utilization rate of allocated addresses).

If the need of migrating to IPv6 is so great and it so valuable to do so, why the need for artificial pronouncements?

Yes, IPv6 is about 13-years old (from draft RFC approval in 1998). I view this as a more of a failure of IPv6, however.

Again, I meant that IPv4's time is out. I have edited my comment to clarify this.

> "It isn't running out. It is out."

I think that's an unfair assessment.

When every ipv4 address is actually used, it'll have run out. We're a long long way away from that scenario though.

Vast ranges are "allocated" but "unused".

That's actually something I've been having a hard time finding: What percentage of IPv4 addresses are currently in use.

Probably wouldn't take too long to check what % are pingable, which would give you a lower bound.

I'm willing to bet it would ;)

By my calculations, you'd only need to spin up 50 or so amazon instances, and they could cover the entire IP space in a day doing 1k pings/second each.

That's pretty doable.

These guys have been mapping the IPv4 space via ping over time (since 2003) and have an interactive browsable map that also shows blocks marked for localhost/private networks/multicast, etc and which registrars control which regions. It is pretty neat. Most recent data is Nov 2010. Since then the 11 /8 blocks that show as free have been allocated.


Thats still not an insignificant amount of time/effort. I'd love to see someone do this though!

I meant that its time is out, not the addresses themselves.

People have been beating the same "gas is running out" drum since we left Tulsa apparently, and that was three hours ago.

Hey... why aren't we moving anymore?

http://xkcd.com/195/ IPv4 space, 2006

Let me get some popcorn.

Any ideas of what will happen next? How far are we until some home users with outdated ISPs be blocked from the internet?

Nothing happens immediately --- the regional authorities still have some free space left, although some are planning to get more stingy. (The discussion here --- http://en.wikipedia.org/wiki/IPv4_address_exhaustion --- is at least a starting point for the curious. FWIW, the first that's likely to really run out is APNIC, for the Asia/Pacific region, within the next three to six months; the RIRs for Europe and North America expect to run out in maybe a year or so, and those for Africa and Latin America expect a couple of years' left of run room.)

Once congestion hits (a few months to a year), I think ISPs natting ipv4 clients, or demanding a premium price from anyone who wants a routable address, is likely to happen somewhat more quickly than ipv6 to the home. But that's based on no inside information...

Also keep in mind there's likely to be a bit of IP reallocation happening. There are a number of companies with full /8 blocks they can't possibly fully utilize.

Yeah, HP as 2 /8s and they seem to be shrinking rather than growing.

The Department of Defence Network Information Centre has 151 million addresses. I'm not sure what they're doing with them but they could probably squeeze by with just 100 million if they had to.

Shrinking headcount perhaps.. I would imagine that the number of computing devices at HP/EDS is significantly larger than the number of staff..

What I don't understand is what happens to website hosting? Will the cost of a Linode go up? Will they be able to get IP addresses for new customers?

That's a question probably best asked directly to Linode (esp. if you are a paying customer).

As a basis for making up your own mind: Linode has, at the moment, nine /20's allocated. At 80% utilisation, that means roughly 30'000 IPv4 addresses.

I'm pretty sure nothing will happen. They likely have several blocks already allocated which give them enough headroom for growth.

I think mobile carriers will be some of the first to transition. The number of devices they need to connect is exploding, and since they have more control over the devices than general ISPs, they can smooth the transition.

Nokia's been pushing IPv6 for a while. It apparently has a significant improvement in battery life because they no longer require devices to check in and renew DHCP leases as often.

I'm under the impression that many mobile carriers already NAT their client's devices, so they've already "fixed" their problem.

I'm pretty sure T-mobile does something like this. I believe you can get a non-NAT'd address if you specifically ask for it.

This is happening already. All of Verizon's currently shipping LTE (4G) devices have native IPv6.

Verizon actually require 4G devices to support ipv6


It will take a long time if it will ever happen. ISP's can still assign the old IP's they already have while they roll out new modems with IPV6 addresses.

not quite; there are issues with whether those clients can talk to the rest of the net not yet on ipv6 [like, 90% of it or something]).

What appears to be happening is that people are just now seriously beginning to ask the questions about ipv6. We're seeing stuff like incredible performance penalties, poor routing and a complete lack of 6to4 (and back) support anywhere.

There's a long long slog to go and we're just getting started.

Why would anyone be blocked?

No available addresses, or not compatible with many places?

Get used to 192.168.x.x y'all.

Pfft. 10.x.x.x for me.

http://www.faqs.org/rfcs/rfc1918.html        -  (10/8 prefix)      -  (172.16/12 prefix)     - (192.168/16 prefix)

Yeah, take your pick. It was kind of a joke but the reality is already starting to make itself known. It used to be that every cable modem and many DSLs got public addresses even if they weren't static. It's getting more and more rare.

IPv4 won't die overnight, or even any time soon but there is likely to be an uncomfortable transition period where it becomes difficult for people like me who like to have static publics to get them cheaply, or at all.

I did a traceroute from my cable modem a few years ago, and found that my traffic went from my internal network to my public-facing IPv4 address (assigned to my router), then through several 10.x hops before finally hitting the public internet again. Quite a sane use of resources, I thought.

I wonder how long it will take until there is a market for IP addresses. I suspect once such a market is in place IPv6 will not see widespread adoption, since most IPv4 addresses are not really used.

do you know if goldman sachs or some other financial entity has created an investment vehicle that I can use to speculate in the market with?

I suspect you're joking, but the old timers really don't like IP speculation. It took them years to agree on the current pseudo-market because they had to figure out how to keep out speculators.

At which point the routing properties of IP will be destroyed (all addresses in a given /16 or /24 routing through the same link helps router performance a lot). I think at that point you'll get a real ISP push to switch to IPv6

I can't wait till everybody has an IPv6 modem/router. No more of this NAT hole punching or long polling crap for pushing notifications.

As far as hole punching/long polling, how is NAT different than a firewall with deny inbound and only allow outbound connections?

Technically, with NAT you don't even have a route to the internal stuff. While with the pure firewall approach there is a route.

In practice, yeah, not much of a difference.

Each person is supposed to get assigned a /64 from their ISP, which will be then assigned to any downstream devices.

Then you get your bill from your isp, $5 extra per device.

I can seriously see this happening.

I don't.

In the past you paid for the extra's because the ISP had to do extra work for it.

But if the ISP sets everything up so all users have enough from the start. Like a /48. You won't have to bother them.

Actually, most deployment recommendations expect, that ISP will allocate something larger than /64 to each customer, with /48 being the ideal scenario and something like /56 being reasonable.

I heard Egypt isn't using theirs.

(edit: i can feel the down-voting coming)

There's still the complete range left (class E), but unfortunately it's probably too late to make use of them now.

I suspect some workaround for IPv4 depletion will be created so ISPs wont have to upgrade to IPv6.


Most likely. My understanding is that some ISP's are already giving customers RFC 1918 private addresses and NAT'ing them out to the Internet.

As far as I know only for mobile.

A lot of the mobile telcos are going to be using DS-Lite or NAT64. What does this mean? Well, NAT64 relies on modifying dns entries. So, take this as a reminder to NEVER EVER hardcode pubic-facing ip addresses if possible!

Always remember to shave your pubic-facing IP addresses.

Panic! At the RIR

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact