When did you first hear concern expressed about the prospect of explosive growth of the internet resulting in exhaustion of the stock of available IP addresses? About twenty years ago perhaps? All computers directly connected to the internet must have an individual unique address, and the IPv4 scheme used since the 1980s has a 32-bit address space that provides only 4,294,967,296 possibilities. All that growth now means that IPv4 addresses are now in short supply, and this week RIPE, the body which allocates them in Europe, has announced that it no longer has any to allocate. Instead of handing new address blocks they will instead now provide ones that have been relinquished for example by companies that have gone out of business, and parties interested can join a waiting list.
Is the Internet dead then? Hardly, because of course IPv6, the replacement for IPv4, has been with us for decades and has a much larger 128-bit address space. The problem is that there is a huge installed base of IPv4 infrastructure which has always been cited as the reason to delay its adoption, so the vast majority of the internet-connected world has remained with IPv4. Even in an IPv4 world there are opportunities to be more efficient in the use of addresses such as the network address translation or NAT that many private networks use to share one address between many hosts, so it’s not quite curtains for your smart TV or IoT light bulb even though the situation will not get any easier.
The mystery comes in why after so many years we still use IPv4 so much. Your home router and millions like it will pick up an IPv4 address from your broadband provider’s pool, and there seems little reason why it can not instead pick up an IPv6 address and contain a gateway between the two. The same goes for addresses outside the domestic arena, and even in out community we find that IPv6 networks at events are labelled as experimental. Perhaps this news will spur the change, but meanwhile we don’t expect to be using an IPv6 address day-to-day very soon.
We know among Hackaday’s readership there will be people close to the coalface when it comes to IPv6 adoption. As always the comments are open, and we’d like to hear your views.
Header: Robert.Harker [CC BY-SA 3.0].
Why do we still use IPV4? I see a couple of reasons for that, the most prominent probably being:
– a lot of rubbish hard- and software cannot deal with IPV6. That includes routers, “intelligent” switches, IoT-BS, operating systems (XP being still in use in production) and, last not least, internet connectivity providers. If you simply cannot use a system, it’s no wonder you do not use that system ^_^
– IPV4 addresses are easy to remember. Anyone who can remember her phone number or credit card number won’t have any issues memorizing most of the office’s hardware IP addresses (the printer’s on 55, right? Gateway is 1 or 254, what else …). Replacing a cemented, set in stone, wood-overgrown and well taken care of habit is … hard.
– spying: You cannot trust your government, period. There’s a lot of easy-to-use software to cover up a good part of your tracks when you use IPV4 (and be it a rerouting, a proxy etc). There’s not that much toad-simple tools available to the laywoman to use “da ned” at least superficially “anonymously”.
IPv6 addresses are formed by taking the MAC of your endpoint and appending a network-specific ending to it, so it basically allows you to track the same machine across networks.
That’s not been recommended practice for years. Nobody does MAC based stuff for IPv6 any more.
Doesn’t stop ISPs from doing it, especially if their governments mandate it.
ISPs aren’t doing shit about it…all they do is give you a prefix, if you have disabled privacy etensions on your box, then it’s your own damn fault.
” if you have disabled privacy etensions on your box”
You’re assuming they’re enabled in the first place.
The MAC address disappears when the packet passes through the first router. MACs are for Ethernet only and irrelevant beyond the local network. Routers cannot pass the Ethernet frame that contains the MAC, only the IP packet.
@james – MAC disappears, but automatic address assignment in IPv6 used MAC as a part of an address. Or still uses.
@fhunter
You can use a random number in place of the MAC based address for incoming connections. Outgoing normally use privacy addresses which are random number based. You also get a new one every day and they only last for a week.
Only if you use SLAAC. There are other ways to allocate IPv6 addresses to your hosts, static allocation and DHCPv6 being just two.
https://tools.ietf.org/html/rfc4941 might help too.
That’s what you have privacy extensions for.
Don’t you think there are concerns outside the realm of browser privacy?
Why do you hear the word “extensions” and automatically think of browsers? IPv6 Privacy Extensions is a standard that modifies IPv6 to prevent you from permanently identifying a node by its address…
@coward. Good to know, thanks.
https://tools.ietf.org/html/rfc4941 (for the second time)
Normally, privacy addresses are used. I haven’t seen and device that doesn’t enable them by default. Also, you’d use the MAC based address or permanent random number address for incoming connections. You’d configure the DNS to point to those.
@Luke says: “IPv6 addresses are formed by taking the MAC of your endpoint and appending a network-specific ending to it, so it basically allows you to track the same machine across networks.”
SPOOOF Ya’ MAC Brah!
That doesn’t solve the issue. Regular people can’t or don’t know how to.
> operating systems (XP being still in use in production)
Windows XP can do IPv6… so could Windows 2000 if you can track down the “technical preview” extension that did it. Been there, done that. I have a dual-stack network and have been running dual-stack for some time now.
Where you will come un-stuck is Windows NT 3.1/3.5/3.51/4.0, or anything DOS-based.
>IPV4 addresses are easy to remember.
Are easy to remember as well. Your prefix will always stay the same. You will have remembered that in less than a day. Also the few adresses you really need to know by IP are easy to remember too. For the rest you can work with hostnames, which works flawlessly with IPv6. These are just some made up reasons to stay with v4. V6 ist really not that bad.
I can vouch for this… enter in the same set of digits enough and you’ll remember it. I already have the /56 assigned by my ISP in my muscle memory.
SLAAC exists, but you don’t have to use it, and if you’re in the habit of statically assigning your IPv4 devices, you can do that with IPv6 too. In fact, you can do both. That way, outgoing connections can use RFC4941 for privacy and you can still hit your machines with a consistent address.
Your printer might be at 172.24.60.55, and 2001:db8:abcd:ef60::55. Your gateway might be 172.24.60.1 / 2001:db8:abcd:ef60::1 or 172.24.60.254 / 2001:db8:abcd:ef60::254 (or 2001:db8:abcd:ef60::fe if you like).
The first 64-bits, will remain the same for a given subnet, the rest, is up to you. You can make it as easy or as hard to remember as YOU want.
I think hard to remember addresses is actually a good thing it force the administrators to set up proper hostnames and DNS. It much easier to remember printer.local and gateway.local than 55 and 1.
.local is not DNS. It’s mdns / avahi/ bonjour. There’s no DNS server, but rather P2P packets between hosts.
Obligatory “fuck avahi” comment. Fuck poettering and that inefficient anti-privacy system.
:)
Well, use some other mDNS implementation then. mDNSResponder, Howl… DIY…?
IPv6 has been around for decades. My ISP in the US runs IPv6 and my router at home is capable of using it. So, there really isn’t any excuse for adopting the new standard. Most people who don’t use IPv6 claim they just can’t wrap their heads around the 128-bit configuration. Well, it’s high time that we started wrapping our heads around it since the IPv4 address space depletion issue isn’t going to go away.
@Nitpicker Smartyass says: “Anyone who can remember HER phone number or credit card number…” As a real Man – I’m TRIGGERED!
Many people that work in technical fields struggle with subnetting.
IPV6 looks even more complicated at first glance as its in hex. and thus alien to the majority.
When you’re dealing with end users too, asking them to setup IPV4 is much easier than asking them to manage IPV6 addressing. And some “real world” stuff breaks on IPV6 which consumers use (beyond your control, ISP level and above).
It’s a bit like climate change.
Cannot see anything wrong / everything works fine.
So whats the problem other than a few network hippies saying we all need to change everything we do with IP’s becos “reasons” ?
For the end user, having an IPV4 is better for setting up a server at home or remotely accessing certain services, because ipv4 numbers are easy to remember while ipv6 strings are virtually impossible to remember.
IPv6 didn’t really solve the problem either. Sure, you got more addresses, but the global routing tables are still growing beyond limits and using alternate routes between two endpoints is still difficult (multi-homing). Meanwhile, as most connected devices live on cellular or other mobile networks, they exist behind NATs anyways and don’t need individual IPs.
What the IP address system does is just keep the control over the internet with IANA/ICANN which can be controlled by state governments so they can, if they will, shut you out of the internet by messing up with the routing. There are alternative addressing and routing schemes which don’t rely on such central control, but implementing them would be difficult at this point.
The point is that, with such a big number of addresses available, it is possible to rationalize the route tables and make them smaller than with IPv4.
Can you share some examples of the alternatives? I’m curious.
Well, this thing went around a couple years ago
https://en.wikipedia.org/wiki/Recursive_Internetwork_Architecture
Thanks Luke!
Actually, it reduces table size. With IPv6, addresses are split up geographically, so that it will reduce routes. On the other hand, IPv4 is a mess, as this was not considered initially and worsened by reselling surplus address blocks.
They’re not supposed to have to manage IPv6. You had to manage IPv4 because back in the Pleistocene you had to manually assign an address to each one. IPv6 has DAD and prefix and router solicitation. On the WAN side, there’s DHCPv6 for ISP prefix assignment and for DNS server discovery. Put all of that together and all you are supposed to have to do is either plug in the Ethernet cable or configure WiFi and whatever device it is will have a globally unique, globally routable address.
Is it possible to screw this up? Of course it is. But that doesn’t mean that it’s impossible not to.
With IPv6, there’s only one subnet size used on the LAN. It’s /64 only.
For SLAAC at least. Otherwise you can use any prefix length.
I just checked my firewall (pfSense) and saw the DHCPv6 server supports only /64. The intent was the network portion of an address was 64 bits and 64 bits for the host. While you may be able to set up a LAN with other than /64, you’d have to use a manual configuration.
That’s not really true. One of the assumptions baked into the IPv6 is that nobody will use prefix lengths between 64 and 128. It’s kind of just assumed that every address on a broadcastable network will be divided into two halves. You can configure your network in a different way, if you want, but you’ll definitely be swimming upstream if you do.
Capitalism :-P
IPV4 support is non-negotiable, whereas IPV6 is a nice to have. In a world of minimal viable products, cost reductions, and maximising shareholder value, something as niche and complex as IPV6 will be the first thing to get cut.
The carrier dropped of my ISP IPv6 in my area. My ISP has no clue that IPv6 was available nor do they care.
ATA boxes for VoIP doesn’t work with IPv6.
It should work, I’m a VoIP engineer and the platform we use is broadsoft broadworks(though Cisco bought them) it supports ipv6 in release 19 or later and their currently at R22
Remember me this : https://ipv6bingo.com/
On my side of the VPN firewall, I use MAC address of each device.
Admittedly, my setup doesn’t have that many devices, but the firewall seems to keep track of who gets what data.
There are still many not-so-big companies that by going online early get easily /16 subnets of public addresses (almost 65536 addresses) and they really don’t need it or even use it. I work at company that has /24 pool of public addresses (256), and use 4-5 of them for serving public services and 1 as outgoing traffic gateway. Other are kept “just in case”.
afaikt the DoD alone has thirteen /8 blocks so ~218million IPs
Couldn’t they release the ones for the 50,000 or so smart bombs they’ve already dropped? :-D
The smart bombs probably use DHCP or IPv4LL.
I worked for a company that was on the net before the web. We had 10 /24 address pools and by the time the first talk of any running out of IPV4 space occurred we were down to using just a few of them. Back in the early days they were happy to hand big swaths out, but those were also the days before NAT.
I used to work for IBM. They had at least 2 /8s that I was aware of. My own address then was 9.29.146.147 and I had 4 other addresses for use in my work for testing. I also had 5 SNA addresses too back then. ;)
I find this interesting: https://xkcd.com/195/
(Should have been number 192 or 168 :-)
Note how, for example, the (since bankrupt and taken over) company PSI has the same amount of IP space as the whole of Africa. That whole top-left quarter seems to be full of companies and organisations who got in fast at the beginning.
So, Apple, IBM and Xerox but not Microsoft, Ford and Mercedes but not GM.
That diagram was drawn quite some time ago, though, and https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks
Seems to suggest that a lot of the top left has been reallocated. Ford Motor Co(19.x.x.x) stands out as a bit of an anomaly now. But in this era of connected cars and over-the-air flash the extend of the IPv4 problem can be seen by the fact that even a Class A would run out of IP addresses to give to cars with 2 years of production.
“curtains for your smart TV or IoT light bulb”
– wow, that should be patented! Nobody thought of that before!
It’s not going to matter much when countries start going down the China route and have a government controlled intranet instead. The UK has plans to implement that incrementally over the next ten to twelve years. Along with the banning of smoking, manually driven vehicles, fossil fuels and alcoholic drinks.
Suuure, a government which cant even manage Brexit wants to start a new prohibition-era. Take off your tinfoilhat.
Rease is simple: there is no (financial) benefit to implementing ipv4.
The moment everyone has to start paying more for ipv4 trafic peering compared to ipv6 trafic, you’ll see adoption skyrocket.
Best thing that could happen IMHO is that the Tier 1 ISP’s start charging an aditional fee for ipv4 traffic
That’s why most major USA cellphone networks are running IPv6.
couldnt they start allocating the private ip address ranges used by local networks such as 192.168.2.0 to 192.168.255.255
reserving 192.168.0.xxx to 192.168.1.255 for router and home network use.
That is really stupid idea. Our company network uses from 192.168.0.0 to 192.168.255.0 via VLANs, so basicaly we are talking about 192.168.0.0/16 network. We need 192.168.0.0/16 network reserved for private. And this is used in datacentres as well. Doing as you suggest would break sh*tload of things.
I doubt I’d want one of those, first you’ll be DOSsed off the net with configuration leakages meaning thousands of machines think you’re they’re local buddy. Then after complaining for 2 years everybody implements “robust” filtering and all of a sudden you’re only getting a quarter of your emails and a quarter of your intended traffic is getting through.
My phone’s hotspot allocates 192.168.42.0/24 addresses… I don’t know where in Android 4.1 you go to change that.
More likely, other historic allocations like AMPRnet (44.0.0.0/8) will get sliced up … this is already happening.
My guess is that we will very soon see a blossoming of CGNAT like we had never seen before, and at some point all of the IoT folks will just finally knuckle under to the reality that if they need to reach out to their devices from their data centers they’ll need to use IPv6 or they won’t have any idea what address to use.
Of course, now we’ll need a replacement for UPnP for IPv6 so that IoT things can request the local firewall to allow incoming connections to particular ports (perhaps even from particular source addresses or ranges).
For just about anything else, I imagine CGNAT will probably be the cul de sac that IPv4 dies in.
Some IoT folk already know this, so their IoT stuff talks IPv6 natively and uses NAT64 to talk to the IPv4 world.
https://en.wikipedia.org/wiki/6LoWPAN
Some of us are also looking at implementing this on packet radio
https://hackaday.io/project/161975-6lowham
Although it’s probably a reserved address, wouldnt it be a nice touch if the last EVER IPv4 number (255.255.255.255) resolved to http://www.haniballecter.com … I’ll get my coat, nobody will ever get it…
Liver with a nice Chianti 255.255.255.255
Though I first thought I should expect a page like … http://hmpg.net/
It would have to be on .254 because .255 is a broadcast address
Oh I saw a cool solution on rewatching “The Net” the other night, just make the numbers bigger than 255, I think there was a 354 in there and Sandra Bullock had it working no sweat. ;-)
I think they used VisualBASIC to make that work.
Why couldn’t the numbers simply have been allowed to go up to 999.999.999.999?
Well that’s what V6 is really 4095:4095:4095:4095 only in hex format with some notion of making it look more compact which for V4 kinda works with FF.FF.FF.FF being highest, but for some reason it makes V6 just look more scrambled.
Dammit, I eFFed up and dropped one, that should be FFFF = 65535 , i.e. 65535:65535:65535:65535 max and yes it is more compact in hex form.
*Bill Gates voice* 64^4 addresses should be enough for anyone.
Dammit again, 64K ^4 grrr… ima pretend that was my keyboard and say ima look out cyber monday for a new one….
It’s only 1.8 billion nodes per person. If nanotech takes off that might not be enough to address even a portion of my personal grey goo army.
18.4 billion? Actually, a /64 gives 18.4 billion, billion addresses per LAN. I get 256x that from my ISP.
How do you represent 999 with 8 bits and still have it distinct from 001?
Because FF.FF.FF.FF
With Putin’s new firewall all we have to do is assign one IP address to all of Russia and free up all the class A address blocks assigned to Russia. It’s a Win-Win scenario. We just freed up a lot of IPV4 and now we only have to blacklist a single IP address on our firewalls. Now do the same thing for China, North Korea, Ivory Coast, ….
For what its worth, “consumer” ISPs are already going this way.
I’ve now seen two instances of (Telstra) Bigpond home internet connections (one via ADSL, the other via HFC/NBN), where the Internet connection was dual-stack. Internode have been advertising it for years now.
My workplace did have it when they were with Anttel, but then Spirit bought them out, and it would appear Spirit like to censor IPv6 traffic, at least for the first few months. (Spirit: if I’m wrong, prove it by providing us with our IPv6 subnet and gateway settings please!)
I’ve been running IPv6 natively at home for a couple of decades, starting with a connection to my office which had a tunnel to the 6bone, and then a tunnel to Hurricane Electric or, um, the other one. (Whichever one happened to be working that month.) And, finally, native service (and a delegated /63) through my Comcast cable modem. My last IPv4-only server is scheduled to go offline a couple of days from now as I write this, but it hasn’t really seen any use for more than a month.
I have been seeing a fair amount of IPv6 traffic to various Web sites for some time now, and the world is almost to the point where IPv6 connectivity is something that most people will actually be willing to actually pay for, instead of being something that you get for free when you pay for IPv4 connectivity.
My belief that the IETF badly bungled the IPv6 transition has been related elsewhere, so I won’t relate here the reasons why.
If someone wants to pay to replace my new router (that I just put in with Openwrt, in order to have vlans), along with my Ethernet switches, my Pi-Holes/DNS servers, and anything else I might need…maybe I’ll consider it—-as long as my ISP supports IPv6.
Otherwise, I have no problem with address space using IPv4 for all my projects & iot devices. That’s what vlans are for.
Who’s gonna pay for all the infrastructure change for all the clients? By that I mean homeowners, small business, etc.
I prefer maintaining all my IT stuff, so I learn what I need. But most people sure don’t want to learn all that IPv6 nonsense. Not just longer numbers to remember, but new terminology and everything works different!
OpenWRT support IPv6. I know, because I have used it for at least 8-6 years now from HE (their IPv6 tunnel where you get a /48 if you ask, instead of the free /64) and last 4 years from the ISP.
Your switches doesn’t care if it pushes IPv4 or IPv6. RaspberryPi supports IPv6 since all the time, because it is based on Debian, which have had support for IPv6 longer then RaspberryPi existed. I know because I have used Debian longer then the first generation RaspberryPi that I bought when they came out. No, I didn’t manage to get one at the release date.
So every major OS has support for IPv6 since 2010 (I would bet since 2000, but I give it a bit of slack here. I wasn’t using IPv6 back before 2010). Every network device that isn’t a simple home router from china has supported IPv6 since around 2015. Except for those WiFi IoT devices from china. Real IoT devices uses IPv6. All modern printers uses IPv6, and prefers that if it have a choice. So if you have a printer on your network, it probably already using IPv6.
You don’t need IPv6 DNS if you have IPv4 DNS, and vice versa. As long as the device have dual stack, because there are no difference between DNS on IPv4/IPv6.
You do have problem, you just doesn’t know it yet. :-)
Most thing actually work mostly equally to IPv4. So IF you know basics of IPv4, you can change to IPv6. Most things are as easy or easier, like all local networks ALWAYS have a /64 netmask. And your ISP should give you one /56 (that is 256 LAN addresses) or /60 (that is 16 LAN addresses). If you get anything closer to /64, change your ISP, as they probably neither know IPv4.
So when it comes to security, you now use several LAN, all with public addresses (but by default not accessable from internet, unless you open firewall. Which is a bliss, as you don’t need to manage NAT). Use one LAN for your IoT devices, so they don’t have access to your server LAN. And there you have your file servers, which you give the LAN for your media and game access to, so they can get access to those files. And you also have a LAN for each person in the household, so you can easy set firewall rules for each persons computers. And a couple of LAN for guests, so you can give them appropriate access to your servers etc.
Yes, it sounds complicated, but with a nice GUI in your home router, this is much easier then manage on LAN that you do have now with your IPv4 network.
But really, you should have IoT stuff in a separate network (where you can have dual stack because stupid implementations). And you don’t want those chines things access to all your other IoT things and file servers etc.
Or you just turn on a single IPv6 LAN for your current network. As most things you do have, if they are not older then 20 years, do work with IPv6. And you probably also want a dual stack turned on for simple chines things, like your WiFi bulbs, as they probably don’t have IPv6.