ipv4 Exhaustion

Things that don't belong anywhere else. (Check first).

Moderators: Moderators General, Prelates, Magistrates

User avatar
frezik
Posts: 1336
Joined: Wed Jan 10, 2007 7:52 pm UTC
Location: Schrödinger's Box

Re: ipv4 Exhaustion

Postby frezik » Tue Feb 01, 2011 5:23 am UTC

Thesh wrote:
Eseell wrote:The way IPv6 is subnetted, all LANs are /64s. There is no reason to ever use a subnet smaller than /64 in IPv6


For most individuals and businesses a /112 would be overkill for public IP addresses. While you say there is no reason to use a subnet smaller than /64, I see no reason to ever use a subnet larger than /96 (including for allocation to ISPs).


IPv6 cut-and-pasted a bit from the IPX spec, which autoconfigures an address based on the hardware MAC address. Those are 48-bits, so everyone will need at least a /80.
I do not agree with the beer you drink, but will defend to the death your right to drink it

User avatar
Thesh
Made to Fuck Dinosaurs
Posts: 6271
Joined: Tue Jan 12, 2010 1:55 am UTC
Location: Colorado

Re: ipv4 Exhaustion

Postby Thesh » Tue Feb 01, 2011 5:31 am UTC

Yeah, I read up on that, it's actually using 64 bits for that portion as a previous poster mentioned. I'm not saying it's possible to implement it differently, I'm just saying we are going to waste a lot of space.
Summum ius, summa iniuria.

User avatar
Eseell
Posts: 789
Joined: Sun Feb 21, 2010 6:58 am UTC
Location: Phoenix, AZ
Contact:

Re: ipv4 Exhaustion

Postby Eseell » Tue Feb 01, 2011 7:04 am UTC

This example originally appeared on the NANOG mailing list and I'm stealing it because it illustrates why wasted space at the subnet level is really not a concern.

Let's say we take my opinion as truth for every ISP and issue a /48 to every end site. It's not, of course; lots of ISPs are going to issue networks with longer masks (smaller networks), but in my model every residential and business subscriber alike gets a /48. That's 65536 /64s per site.

There are, naturally, 248 /48s available for use. 248 is 281,474,976,710,656. If there are 7 billion people on the planet right now and we give each of them ten /48s - 10 buildings per person - we still have 281,404,976,710,656 remaining /48 networks.

There's going to be a lot of waste at all levels of IPv6 addressing hierarchies, but based on my own addressing plan and the others I've seen put forth by service providers, I suspect that at the /48 level we'll see utilization at about the same rate as IPv4 - 50-80%. If we built 1000 end sites every second it would take more than 4,000 years to utilize half of the /48 space available in IPv6. I'll be surprised if IPv6 lasts more than a few decades, but it probably won't be address space that forces the next upgrade.
"Math is hard work and it occupies your mind -- and it doesn't hurt to learn all you can of it, no matter what rank you are; everything of any importance is founded on mathematics." - Robert A. Heinlein

User avatar
Thesh
Made to Fuck Dinosaurs
Posts: 6271
Joined: Tue Jan 12, 2010 1:55 am UTC
Location: Colorado

Re: ipv4 Exhaustion

Postby Thesh » Tue Feb 01, 2011 7:39 am UTC

I do have to wonder what this is going to do to botnets. You can't really just scan an IP range for trojans on IPv6 like you could on IPv4.
Summum ius, summa iniuria.

User avatar
Eseell
Posts: 789
Joined: Sun Feb 21, 2010 6:58 am UTC
Location: Phoenix, AZ
Contact:

Re: ipv4 Exhaustion

Postby Eseell » Tue Feb 01, 2011 7:50 am UTC

That's true with stateless autoconfig, but with DHCPv6 and static config it's less true. There are still addresses that are statistically more likely to be in use than others, like the ::1 of any subnet.
"Math is hard work and it occupies your mind -- and it doesn't hurt to learn all you can of it, no matter what rank you are; everything of any importance is founded on mathematics." - Robert A. Heinlein

User avatar
Zorlin
Posts: 949
Joined: Sat May 30, 2009 2:31 am UTC
Location: Perth, Western Australia

Re: ipv4 Exhaustion

Postby Zorlin » Tue Feb 01, 2011 8:53 am UTC

Thesh wrote:I do have to wonder what this is going to do to botnets. You can't really just scan an IP range for trojans on IPv6 like you could on IPv4.

They'll just phone-home.
Mysterious wizard rabbit of unknown proportions.

Check out #xkcd-hugs movie night! Watch movies with your fellow xkcdians.

Meaux_Pas wrote:You're all mad.

User avatar
Thesh
Made to Fuck Dinosaurs
Posts: 6271
Joined: Tue Jan 12, 2010 1:55 am UTC
Location: Colorado

Re: ipv4 Exhaustion

Postby Thesh » Tue Feb 01, 2011 8:59 am UTC

Yeah, but that would limit the botnet to whoever created the virus. Also, the ISPs could easily fight it by blocking the IP/DNS.
Summum ius, summa iniuria.

User avatar
Phoenix112358
Posts: 133
Joined: Wed Dec 03, 2008 12:39 pm UTC
Location: New Zealand

Re: ipv4 Exhaustion

Postby Phoenix112358 » Tue Feb 01, 2011 11:53 am UTC

I had a read of this thread and like, 90% of it just went past my head.

You guys mentioned that modems may not be IPv6 compatible. We recently bought a modem and router - is there a big possibility that we'll need to replace it just to connect to the internet once the switch starts happening?

User avatar
SecondTalon
SexyTalon
Posts: 26254
Joined: Sat May 05, 2007 2:10 pm UTC
Location: Louisville, Kentucky, USA, Mars. HA!
Contact:

Re: ipv4 Exhaustion

Postby SecondTalon » Tue Feb 01, 2011 3:11 pm UTC

Phoenix112358 wrote:I had a read of this thread and like, 90% of it just went past my head.

You guys mentioned that modems may not be IPv6 compatible. We recently bought a modem and router - is there a big possibility that we'll need to replace it just to connect to the internet once the switch starts happening?

Easiest way to find out - flip your equipment around and get the model numbers (Linksys stuff likes to use a Letter Letter Letter Number Number (Optional Letter) format, for example) and punch those into the Googles or whatever search engine you dig with ipv6 compatible behind it.

For example..

wrt54g ipv6 compatible

Anyway, to answer your question - Yes? Even assuming you bought brand new equipment (which I am) you may not have purchased the brand new models, but older models they're still making because they sell. So.. yeah, it's possible.
heuristically_alone wrote:I want to write a DnD campaign and play it by myself and DM it myself.
heuristically_alone wrote:I have been informed that this is called writing a book.

User avatar
frezik
Posts: 1336
Joined: Wed Jan 10, 2007 7:52 pm UTC
Location: Schrödinger's Box

Re: ipv4 Exhaustion

Postby frezik » Tue Feb 01, 2011 8:44 pm UTC

One question to those who have obviously studied this more than I have--I'm on a DSL modem with 6to4 setup on my router (a Netgear WNR3500 running DD-WRT). The test on test-ipv6.com gives me a decent enough score considering that I don't have any official word on IPv6 support from my ISP.

What kind of benefits would I expect on a hypothetical DSL modem that properly supported IPv6?

(To me, it seems like the fact that DSL/cable modems have to support it at all is a major breakage of OSI layering.)
I do not agree with the beer you drink, but will defend to the death your right to drink it

User avatar
Eseell
Posts: 789
Joined: Sun Feb 21, 2010 6:58 am UTC
Location: Phoenix, AZ
Contact:

Re: ipv4 Exhaustion

Postby Eseell » Wed Feb 02, 2011 2:19 am UTC

frezik wrote:What kind of benefits would I expect on a hypothetical DSL modem that properly supported IPv6?

(To me, it seems like the fact that DSL/cable modems have to support it at all is a major breakage of OSI layering.)

Just to be clear, cable modems are still a bridging technology. The IPv6 compatibility of your cable modem does not per se affect your router's or PC's ability to get access to the IPv6 internet because the modem is just a bump in the wire that does translation and encapsulation at OSI layers one and two. However, all cable modems and DSL modems need to have IP addresses for management purposes and in order to communicate with your ISP's provisioning system. If your cable or DSL modem is not IPv6 compatible then an ISP that is only using IPv6 for provisioning will not be able to communicate with your modem and tell it how to do its job. I don't think you're likely to see that problem crop up for a while, yet.

I'm not a DSL guy, so I might be wrong about this next bit, but I'm pretty sure that most DSL modems are actually modem/gateway combos. That's where you get into trouble if you want IPv6 connectivity through to your PC, because most of them don't support IPv6 on the management or the gateway side, yet. If you had one that did and your OS also supports IPv6 (most do, now) then you're good to go. There aren't any useful IPv6-only apps that I'm aware of yet, so the benefit right now is mostly that you won't get screwed by large-scale NAT if your provider decides to implement it.
"Math is hard work and it occupies your mind -- and it doesn't hurt to learn all you can of it, no matter what rank you are; everything of any importance is founded on mathematics." - Robert A. Heinlein

User avatar
frezik
Posts: 1336
Joined: Wed Jan 10, 2007 7:52 pm UTC
Location: Schrödinger's Box

Re: ipv4 Exhaustion

Postby frezik » Wed Feb 02, 2011 3:12 pm UTC

Eseell wrote:I'm not a DSL guy, so I might be wrong about this next bit, but I'm pretty sure that most DSL modems are actually modem/gateway combos. That's where you get into trouble if you want IPv6 connectivity through to your PC, because most of them don't support IPv6 on the management or the gateway side, yet.


Thanks, that makes sense. I know for a fact that my DSL modem was setup in bridging mode. It can act as a gateway, but I wanted the extra control of a DD-WRT router.

If you had one that did and your OS also supports IPv6 (most do, now) then you're good to go. There aren't any useful IPv6-only apps that I'm aware of yet, so the benefit right now is mostly that you won't get screwed by large-scale NAT if your provider decides to implement it.


For now, I'm a business-class user assigned a block of 5 static IPv4 addresses. Hopefully, I'll be one of the last of the smaller end users affected by the shortage.
I do not agree with the beer you drink, but will defend to the death your right to drink it

lemming465
Posts: 7
Joined: Tue Jan 25, 2011 5:00 pm UTC

Re: ipv4 Exhaustion

Postby lemming465 » Wed Feb 02, 2011 5:22 pm UTC

frezik wrote:What kind of benefits would I expect on a hypothetical DSL modem that properly supported IPv6?

There are three benefits to being on native rather than tunneled IPv6, all of which improve your client experience.

Native has bigger MTU. Regular ethernet allows 1500 octet packets, IPv6 requires a minimum of 1280 octets, AFAIK IPv4 minimum was 568. Since in IPv6 routers don't do fragmentation, only end points, retrieving something large like a web page or video either has to limit itself to 1280 byte chunks, increasing overhead and decreasing throughput, or hope that "path MTU discovery" is working properly. Unfortunately PMTU depends on receiving ICMPv6 "too large" errors back, and congested ISP links tend to preferentially drop or rate limit ICMP, plus badly misconfigured overzealous firewalls may block necessary ICMP messages. So relying on PMTU to work reduces your reliability. The response by servers expecting tunneled clients (50% of clients currently, 100% of servers) is to reduce their MTU to 1280. Clients with native v6 can mostly not worry about it. Simple tunneling (6in4, 6to4) using IPv4 protocol 41 (slap a v4 header in front of the v6 payload) reduces MTU by a minimum of 20 octets. Teredo, where you have to put a v4 header, a UDP header, and a Teredo header in front of the v6 payload might knock it down by 50-70 octets. Then add in tunneling by your ISP, which might not be native v6 end-to-end yet, a VPN tunnel somewhere, etc. and possibly lose another 70+. If I'm trying to make a 30 octet DNS query, and I have to eat 200 extra octets of overhead along the way, my performance is going to suffer.

Native has lower latency and jitter. Predictable, small round trip times matter for applications like videoconferencing and gaming. Going through some remote 6in4 or 6to4 or Teredo relay can incur an extra 20 or 30 routing hops. Even for simple web pages this can double the page load time.

Native has higher reliability. If you are using a tunnel, you are depending on shared 3rd party resources, which may be overloaded, are more subject to denial of service attacks, and which increase your risks of packet loss due to congestion or routing blackholes. Measurements by APNIC's chief technologist, Geoff Huston, suggest that up to 15% of IPv6 tunneled 6to4 connections currently just fail entirely. Ditto for Teredo, which is only for masochists.

Best practice: for IPv6 R&D, use a point-to-point tunnel with a tunnel broker. For production IPV6 use, insist on native.

(To me, it seems like the fact that DSL/cable modems have to support it at all is a major breakage of OSI layering.)

No, it's actually a triumph of layering. If you are going to swap out the routing layer, where IPv4 and IPv6 live, every device doing routing is going to have to know. Which is a lot of gear, as detailed earlier in the thread. But we're keeping IEEE 802.whatever at physical layer 2: we run both IPv4 and IPv6 over the same ethernet, WIFI, bluetooth, WiMax, 3GPP, fiber, etc. We're keeping UDP and TCP and SCTP and ... session stuff at layer 4. We're keeping HTTP and DNS and FTP and SMTP and ... application stuff at layer 7, with only minor tweaks where the protocols embed IP addresses. We're keeping everything except layer 3, really, and if you are going to replace the entire infrastructure of the internet, you are going to have to expect to change something somewhere.

User avatar
frezik
Posts: 1336
Joined: Wed Jan 10, 2007 7:52 pm UTC
Location: Schrödinger's Box

Re: ipv4 Exhaustion

Postby frezik » Wed Feb 02, 2011 6:06 pm UTC

lemming465 wrote:
(To me, it seems like the fact that DSL/cable modems have to support it at all is a major breakage of OSI layering.)

No, it's actually a triumph of layering. If you are going to swap out the routing layer, where IPv4 and IPv6 live, every device doing routing is going to have to know.


That's just the thing--to me, a DSL modem should just be a modem at layer 2. Same with DOCSIS. They should be both converting between the format on the external wire and the internal Ethernet frames in a manner that's as dumb as possible.

But Eseell's reply makes sense. A lot of DSL/Cable modems double as a gateway, which is fine for most people most of the time. And that they need some way to be configured on the ISP's side, which might as well be an IPv[46] link.
I do not agree with the beer you drink, but will defend to the death your right to drink it

User avatar
SlyReaper
inflatable
Posts: 8015
Joined: Mon Dec 31, 2007 11:09 pm UTC
Location: Bristol, Old Blighty

Re: ipv4 Exhaustion

Postby SlyReaper » Wed Feb 02, 2011 8:00 pm UTC

I'll just leave this here:

Image
Image
What would Baron Harkonnen do?

teelo
Posts: 760
Joined: Thu Apr 08, 2010 11:50 pm UTC

Re: ipv4 Exhaustion

Postby teelo » Thu Feb 03, 2011 5:58 am UTC

SlyReaper wrote:I'll just leave this here:

Image

Win.

User avatar
Giant Speck
Bouncy Sex Marshmallow
Posts: 3808
Joined: Tue Sep 08, 2009 12:30 pm UTC
Location: Tucson, Arizona

Re: ipv4 Exhaustion

Postby Giant Speck » Thu Feb 03, 2011 6:44 am UTC

Image
"Did I say recently that I love Giant Speck? Because I love Giant Speck. He is the best." - Weeks


Return to “General”

Who is online

Users browsing this forum: No registered users and 18 guests