IANA be a hero
May 27, 2009 7:02 PM   Subscribe

They must be really getting desperate - 2011 appears to be the end of the line.
posted by stbalbach at 7:10 PM on May 27

Team ARIN is not a typical group of superheroes -- they do not battle a literal enemy directly. Instead they use their powers to educate the public and facilitate community participation in the existing open, transparent, bottom-up policy process.

Oh, this is going to be good.
posted by Kadin2048 at 7:13 PM on May 27 [1 favorite]

Does every computer genius have a beard?
posted by zorro astor at 7:14 PM on May 27

Thank you, I didn't know they made sequels! Every new tech support rep that I take under my wing has gets to read volume 1 of this comic. They will be absolutely delighted tomorrow!
posted by effigy at 7:16 PM on May 27

I can't wait until TWC starts charging me for my IPv4 address because "there's only so many of them left."

Can't you run IPv4 over a IPv6 network? For adoption wouldn't we just need the new addresses to be IPv6? It seems like this will not be such a big deal outside of network providers, where this might be a large budget increase for a lucky project manager. Am I missing something?
posted by geoff. at 7:28 PM on May 27

You can check to see if you have an IPv6 enabled connection by going to whatismyipv6address.com and clicking 'IPv6 only Test.' If you have a home router it probably won't work.
posted by jedicus at 7:49 PM on May 27

I _think_ there's a fair amount of content out there in IPv6 space already, but there's no guarantee you can resolve it or even get to it through your provider. It's sort of a chicken and the egg problem - nobody wants to go to the trouble of upgrading their network if there isn't any content for users to reach with it, and nobody wants to provide content without certain access from users. I _think_ every step of the chain from me to my provider is IPv6 compatible (OS, Router, etc), if I were to get an IPv6 address from them. Conversely, in a few cases where this has happened, the IPv6 compatible nature has gone on to play hell with poor inadvertent beta-testers when google decides to fiddle with their IPv6 site and people who don't know better are hitting the new site and oy.

And, frankly, I've been hearing from ARIN that IPv4 is going to be exhausted n+2 years away since at least 2000. It'll happen I'm sure, eventually, but 2011? Color me skeptical. Have they started making aggressive noises about reclaiming some of the early "permanent" allocations, like the classic /8's? Or did that happen back when CIDR rolled out (into wide use, anyway) and the allocations weren't quite so permanently routed? (I'm more systems these days, I haven't really been a core routing nerd in more than 7 years now, so my knowledge could be dated, I'll admit.)

Anyway, on the comic: I got the first issue in the mail at the office last year. Color me surprised to discover there's a _series_.
posted by Kyol at 7:55 PM on May 27

Have they started making aggressive noises about reclaiming some of the early "permanent" allocations, like the classic /8's?

They have not. Some of the original Class A or /8 holders have voluntarily relinquished some of their numbers, but quite a few questionable (i.e., non-ISP) cases remain.

I can't even really see IBM actually needing all 16.7 million addresses in its network, for instance, and Apple definitely doesn't. HP now actually has two /8s on account of the Compaq merger, which is ridiculous. Xerox PARC's /8 is now owned by PARC, which was spun off from Xerox, so it surely doesn't need a /8.

The DoD has 10 /8s, which is absurd, but good luck prying them from the military's hands. Also, I love amateur radio as much as the next guy, but there are only about 3 million hams worldwide, which makes the AMPRNet /8 kind of excessive.

So, anyway, yeah, there are tons of numbers left to be reclaimed, but I don't know if the 2011 estimate takes that into account or not.
posted by jedicus at 8:11 PM on May 27 [1 favorite]

Ah, thanks. At one point I knew the holders of those classic /8's, but since routing is more of a LAN-level concern for me these days, it faded. And even beyond the _big_ /8's, there are reasonably large chunks of 90's ISP "permanent" allocations going basically disused as various shell companies acquired assets they don't know about slash can't use. (I can think of 3, and can probably scrounge up the ASNs for 2 off the top of my head.) Better we try to implement IPv6 than the political suicide of asking the major players and various AS's to clean up their shit a bit, though. *shrug* We live in interesting times.
posted by Kyol at 8:27 PM on May 27

And, to be fair, ultimately I don't know what the transitional concerns for going from IPv4 to IPv6 are like these days. I get the impression it's little bit of ISP's upgrading (in this economic climate? shyeah right) and a little bit consumers upgrading. Ultimately I think we're going to see developing nations jump to IPv6 out of necessity, and a bunch of tunneling networks spring up to reach them until hardware is relatively ubiquitous, but even still, I don't know that we'll ever see 100% IPv6 compatible hardware, and I don't see anything in the transition discussion relating to what to do with those islands. Permanent ::ffff:192.168.0.1-type addressing, and do the IPv6->IPv4 transition layer at something upstream that's smarter? guh. Or will the NAT ghettos just get even more all-encompassing from the current ranges to include all of 0.0.0.0/0?

And background to why the date has been continually pushed back: NAT has helped tons - you don't have to assign a (reasonably) wasteful CIDR allocation to every tom dick and harry who wants multiple computers on their internet connection. And virtual webhosting, so every podunk little website on the internet doesn't need a unique address. I don't know if there are any other major address saving techniques of that sort on the horizon, though.
posted by Kyol at 8:59 PM on May 27

I've had v6 connectivity from my home network for a few years now, using one of Hurricane Electric's tunnelbroker tunnels. Works fine, and there does seem to be a slowly, slowly increasing number of sites I connect to via v6 instead of v4. (It's perfectly transparent; I only notice if I check for it.)

On the other hand, every time I talk to an ISP about getting a "real" v6 connection (as opposed to bouncing all my traffic off a server in California like it was 1992) the response is that they simply don't have enough interest from customers to be willing to do it.
posted by hattifattener at 10:08 PM on May 27

The idea of clawing back some of the /8s comes up in every IPv6 discussion, but it's not really worth the trouble. It would take a lot of political and social capital to pressure the current users to give them up (and it's an open question whether they can be legally compelled to anyway; the allocation agreements used back then aren't the same as are used now), and there are technical hurdles on their networks to doing it that somebody would have to pay for.

It may be unfair that Ford/IBM/DoD/HP gets an entire /8 (or two), but at this point who's going to pay to move Ford/IBM/DoD/HP off? They're not going to; that's for sure. There's nothing in it for them but a major PITA. A lot of statically-configured equipment would have to be updated, or more likely replaced, routes and rules that assume anything in the /8 is intranet traffic would have to change ... there could be some serious software archeology involved. I don't see them just doing that as some sort of public service to their own detriment.

Rather than spending the time and money on clawbacks, which at best would get us a few extra years and then put us right back where we are today, it's a lot better to just start working on the IPv6 transition.

IPv6 is a permanent solution, at least to the number-scarcity issue; the /8s are at best an expensive stopgap.
posted by Kadin2048 at 10:12 PM on May 27

I've setup IPv6 with Hurricane Electric as well, as it's fairly easy.

I setup AAAA records so people could actually reach hosts on the IPv6 address, but I found that traffic from one host to another over the IPv6 tunnel had a good amount of packet loss and jitter. Good for testing, but nothing I'd actually want normal users hitting.

Kyol, probably the next big conservation technique will be Server Name Indication, so SSL hosts can finally be virtually based and not require one IP per domain.

Firefox 2.0, IE on Vista or modern Mac browsers all support this, so it's really the major servers that are lagging.

Apache just backported SNI support to the current 2.2 release. No idea when Microsoft will add it to IIS, unfortunately.
posted by dragoon at 10:47 PM on May 27

Yeah, and I'm not saying we ought delay the IPv6 transition in the long term anyway really, but it just sort of feels (again, judging by the wiki page, so the usual caveats apply) that there's this degree of "oh well, guess you're screwed" attitude applied to all of the hardware that's currently out there that will need to be replaced. (before 2011!) But I could be mistaking how IPv4/IPv6 BGP-like announcements will work. I just see a huge headache trying to update all the embedded/ancient/non-updatable servers out there with incompatible stacks*, but if their ASN will still advertise via the ::ffff:old.dotted.quad.scheme over IPv6 borders and their gateways will manage the translations, eh, whatevs, let's do this. C'mon transit providers, go for the gusto.

dragoon: ah, I had a suspicion it would be something to do with SSL, I had forgotten they couldn't be virtualized yet due to the cert requirements.

Anyway, it's nice to talk shop again. I'm sort of locked in the basement Milton-style at my current gig.

* Which is, I guess the same problem as IBM et al face cleaning up their /8s, but applied to the entire IPv4 world, isn't it?
posted by Kyol at 12:16 AM on May 28

zorro astor: Does every computer genius have a beard?

No.
posted by atbash at 6:59 AM on May 28 [2 favorites]

I think one of the things that is holding things back is that NAT is so friggen easy and (largely) it just works. It makes segmenting networks a breeze - and you get a (sorta) firewall out of the deal just for playing. I'm not saying NAT is awesome - it's a hack, sure. But if it's stupid and it works, it's not stupid.

The removes a great deal of the pressure that ISPs would be feeling from the smaller consumers, especially the small/mid businesses who can get along just fine with a few Internet addresses, and a huge NAT space behind them.

I also tend to think that there are a lot of network admins at that level who don't understand how to do things that NAT provides in an IPv6 world that some sort of NAT similar hack will need to be developed to make those things easy again. I would even wager that these admins don't want every IP address they manage to be internet routable.
posted by Pogo_Fuzzybutt at 7:14 AM on May 28

I detest the design decision not to have embedded IPv4 in IPv6. I know there are good technical reasons, but imagine if the bottom 127 characters of UTF-8 weren't the same as ASCII: *nobody at all* would be using Unicode. Because implementing it would mean breaking everyone, everywhere, all at once.

I predict that IPv4 will never die, even when it's really a horrible pain, because of IPv6's irresponsible decision not to embed the previous namespace in their own.
posted by Fraxas at 12:15 PM on May 28 [1 favorite]

Fraxas, there is actually such an embedding.

The problem is that even though every v4 address has a corresponding v6 address (::ffff:XXXX), not every v6 address has a v4 address (duh), so a v4 host can't communicate with a v6 host without some sort of NATlike technology in between. This is inherent to the fact that there are more v6 addresses than v4 addresses.
posted by hattifattener at 2:38 PM on May 28