Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

IPv4 Free Pool Drops Below 10%, 1.0.0.0/8 Allocated

kdawson posted more than 4 years ago | from the pure-water dept.

The Internet 467

mysidia writes "A total of 16,777,216 IP address numbers were just allocated to the Asian Pacific Network Information Centre IP address registry for assignment to users. Some venerable IP addresses such as 1.1.1.1 and 1.2.3.4 have been officially assigned to the registry itself temporarily, for testing as part of the DEBOGON project. The major address blocks 1.0.0.0/8 and 27.0.0.0/8, are chosen accordance with a decision by ICANN to assign the least-desirable remaining IP address ranges to the largest regional registries first, reserving most more desirable blocks of addresses for the African and Latin American internet users, instead of North America, Europe, or Asia. In other words: of the 256 major networks in IPv4, only 24 network blocks remain unallocated in the global free pool, and many of the remaining networks have been tainted or made less desirable by unofficial users who attempted an end-run around the registration process, and treated 'RESERVED' IP addresses as 'freely available' for their own internal use. This allocation is right on target with projected IPv4 consumption and was predicted by the IPv4 report, which has continuously and reliably estimated global pool IP address exhaustion for late 2011 and regional registry exhaustion by late 2012. So, does your enterprise intranet use any unofficial address ranges for private networks?" Reader dude_nl sends in a summary of the issues with allocating from 1.0.0.0/8 from the BGPmon.net blog. "As Alain Durand mentioned on Nanog: 'Who said the water at the bottom of the barrel of IPv4 addresses will be very pure? We ARE running out and the global pain is increasing.'"

cancel ×

467 comments

Sorry! There are no comments related to the filter you selected.

AnoNet (4, Informative)

sopssa (1498795) | more than 4 years ago | (#30883244)

AnoNet [wikipedia.org] is one of those who use 1.0.0.0/8 for private VPN because everyone thought it wouldn't be in use. I am pretty sure there are A LOT of organizations and other services who do too.

anoNet is a decentralized friend-to-friend network built using VPNs and software BGP routers. anoNet works by making it difficult to learn the identities of others on the network allowing them to anonymously host content and IPv4 services. Assuming that a router administrator on such a metanet knows only information about the adjacent routers, standard routing protocols can take care of finding the proper path for a packet to take to reach its destination. All destinations further than one hop can for most people's threat models be considered anonymous. This is because only your immediate peers know your IP. Anyone not directly connected to you only knows you by an IP in the 1.0.0.0/8 range, and that IP is not necessarily tied to any identifiable information.

To avoid addressing conflict with the internet itself, the range 1.0.0.0/8 is used. This is to avoid conflicting with internal networks such as 10/8, 172.16/12 and 192.168/16, as well as assigned Internet ranges. As of January 2010 IANA has allocated 1/8 to APNIC.[1] If the service does not switch to another address range then Internet hosts using 1.0.0.0/8 will be inaccessible to AnoNet users.

Re:AnoNet (-1)

MichaelSmith (789609) | more than 4 years ago | (#30883368)

Maybe they could use IPv6 internally? But if someone allocates 10.1.1.0 and 10.1.2.0 on the internet I am not going to be happy. They are my wired and wireless LANs, at my place.

Re:AnoNet (4, Informative)

chill (34294) | more than 4 years ago | (#30883446)

Uhhhh...no?

10.0.0.0/8 is, and always will be, an RFC-1918 private IP address used for internal networks and NAT.

The company in question was using 1.0.0.0/8, just because it was routable and unused.

Re:AnoNet (1)

MichaelSmith (789609) | more than 4 years ago | (#30883506)

Hi Charles. I should have put a smiley on that post ;)

Better Reserve 1.1.1.0/24 :-) (1)

billstewart (78916) | more than 4 years ago | (#30883534)

So many network examples out there use 1.1.1.1 and 2.2.2.2 as addresses - I hope the APNIC has the sense to make 1.1.1.0/24 reserved.

1.0.0.0/8 isn't publicly routable - it was reserved, and ISPs don't route it, though they'll be starting now. 1.0.0.0/8 was temporarily safe to use *because* it wasn't routable or used for real Internet sites.

Re:Better Reserve 1.1.1.0/24 :-) (1)

xaxa (988988) | more than 4 years ago | (#30883724)

traceroute -In 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
  1 192.168.1.254 69.794 ms 69.256 ms 68.732 ms
  2 212.74.102.13 24.112 ms * *
  3 * * *
  4 * * *
  5 * * *
  6 * 10.72.11.74 31.213 ms 27.606 ms
  7 1.1.1.1 27.320 ms 27.172 ms 27.544 ms

That's not meant to happen, is it?

traceroute -n 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
  1 192.168.1.254 33.818 ms 33.315 ms 32.731 ms
  2 212.74.102.13 23.348 ms 30.207 ms 38.751 ms
  3 10.72.4.179 38.744 ms 38.737 ms 42.955 ms
  4 10.72.4.126 42.953 ms 46.147 ms 46.144 ms
  5 10.72.9.53 52.619 ms 54.692 ms 56.713 ms
  6 10.72.11.74 58.784 ms 37.516 ms 32.860 ms
  7 * * *
  8 * * *
  9 * * *
10 * * *
11 * * *
12 * 212.74.107.105 30.979 ms *

(IANA network expert, I don't know the significance of the -I flag.)

Re:Better Reserve 1.1.1.0/24 :-) (1, Funny)

Anonymous Coward | more than 4 years ago | (#30883802)

IANA

I hope you did that on purpose.

Re:AnoNet (2, Informative)

Anonymous Coward | more than 4 years ago | (#30883620)

Another one still unallocated is 5.0.0.0/8 which Hamachi uses to create a virtual lan on the internet. I'm sure it wont be too long until that one will get assigned too though.

Also some Cisco hardware use 1.1.1.1 internally. Painful times ahead.

Re:AnoNet (1, Informative)

mysidia (191772) | more than 4 years ago | (#30883544)

Just to be clear: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12 are officially assigned [faqs.org] for use by private networks. They cannot be allocated for use on the internet.

And "192.0.0.0/24" has been allocated for use in documentation, so those 256 addresses won't be allocated for use on the internet, either.

Re:AnoNet (4, Funny)

sjames (1099) | more than 4 years ago | (#30883702)

Not a problem, we can just NAT the NATed NAT NAT and everything will be fine forever, tra-la!

Re:AnoNet (1, Funny)

Anonymous Coward | more than 4 years ago | (#30883804)

Not a problem, we can just NAT the NATed NAT NAT and everything will be fine forever, tra-la!

Yo dawg, I heard you like IPv4, so we put some NAT in yo NAT so you can surf while you surf.

Ill bet this will happen (5, Insightful)

jhoegl (638955) | more than 4 years ago | (#30883276)

What will happen will be the standard that us humans have followed throughout the ages.

We will wait until the IPv4 addresses run out and then force businesses to start using IPv6 if they want to get on the internet.
There will be a temporary boon for networking manufacturers as companies will have to change their equipment
As a side curiosity, I wonder how many public IPv4 IPs are actually in use.

Re:Ill bet this will happen (5, Insightful)

causality (777677) | more than 4 years ago | (#30883358)

What will happen will be the standard that us humans have followed throughout the ages. We will wait until the IPv4 addresses run out and then force businesses to start using IPv6 if they want to get on the internet. There will be a temporary boon for networking manufacturers as companies will have to change their equipment As a side curiosity, I wonder how many public IPv4 IPs are actually in use.

Unfortunately I think you're right. We are a very reactive culture, generally. We don't seem to believe in using foresight to ease predictable and inevitable suffering of any kind. I suspect that's because there is a great deal of political power and quick money to be had in crises when people are desperate and afraid, but not so much in preparedness and prevention.

Re:Ill bet this will happen (2, Interesting)

0123456 (636235) | more than 4 years ago | (#30883478)

We are a very reactive culture, generally. We don't seem to believe in using foresight to ease predictable and inevitable suffering of any kind.

Because it's usually more expensive and difficult than dealing with problems when they actually become problems.

Re:Ill bet this will happen (-1, Troll)

poopdeville (841677) | more than 4 years ago | (#30883516)

Please mod-bomb this to the stone age, where it belongs.

Re:Ill bet this will happen (2, Insightful)

dsanfte (443781) | more than 4 years ago | (#30883634)

Why? He's right. When a problem is right on top of you, it's very easy to quantify.

Yes I know the saying, "ounce of prevention is worth a pound of cure". But it doesn't work that way. It's hard to quantify a problem that's years in the future, so preventions tend to be financially wasteful.

Re:Ill bet this will happen (4, Insightful)

causality (777677) | more than 4 years ago | (#30883832)

Why? He's right. When a problem is right on top of you, it's very easy to quantify.

Yes I know the saying, "ounce of prevention is worth a pound of cure". But it doesn't work that way. It's hard to quantify a problem that's years in the future, so preventions tend to be financially wasteful.

Note that I specifically (and plainly) said problems which are predictable and inevitable. By definition, these are not difficult to quantify. This is why attention to detail, good reading comprehension, or whatever you prefer to call it is important. Sorry but I see this mistake all the time and it's a careless one.

At any rate, Aesop had it right. The ant had a much easier time than did the grasshopper.

Lao Tzu had it right as well. To paraphrase, every large and difficult-to-solve problem was once a small problem that could have been easily solved. Once realized, the only limit to the application of this principle is whether you have the fine perception necessary to notice a problem while it is in its early stages and nip it in the bud before it blossoms. What I was saying before is that government does not grok this principle because it doesn't want to; it has no such incentive. That is, it's unreasonable to expect an amoral organization to willingly take any action that would result in less money and power for that organization. Government is unfortunately no exception.

It's hard to institute a Federal Reserve system if there is no Great Depression. It's hard to pass a law like the Patriot Act if there is no September 11th attack. It's hard to justify warrantless wiretapping if there is no bogeyman around every corner. The term for the technique is the Hegelian Dialectic, aka "Thesis, Antithesis, Synthesis," aka "Problem, Reaction, Solution."

Re:Ill bet this will happen (4, Insightful)

Bigjeff5 (1143585) | more than 4 years ago | (#30883764)

Amen to that.

The fact is, we've been preparing for the IPv6 switch for years now. The IPv6 spec reserves space for the entire IPv4 network, making translation between the two a snap. Any modern OS less than 5 years old has IPv6 built in, including conversion between v4 and v6. Almost all commercial networking hardware sold in the last 5-10 years is IPv6 capable, and as I already said using IPv4 within IPv6 is a piece of cake.

The only issue here is going to be the fighting between registrars over address blocks, and that's nothing new. Private addressing with NAT doesn't even need to change if you don't want to bother with it, just change your gateway IP's from v4 to v6 and there you go, bandaid applied until you actually truly need to upgrade everything.

The whole uproar over this issue is silly. It has already been taken care of. Hell it was half taken care of in the IPv6 spec itself, and the rest by the router and switch vendors that have been putting the option in their equipment over the last decade. At worst there will be some minor pains to actually enable and configure the IPv6 capable equipment, and those using really old equipment will have to upgrade their gateways. Those like AnoNet who improperly used IPv4 addresses in the first place are going to have to come up with something else until the switch is finally thrown on IPv6, and that's entirely their own fault. By definition they were not supposed to use those addresses, and they've been bitten for it. Sucks to be them.

The IPv4 problem isn't 1/10th the problem people seem to think it is. The only reason it hasn't been done yet is because it is quite a bit cheaper to spend no money at all than it is to spend a little money for no immediate gain. Companies will spend the money to switch when they need to, and not a moment before; as long as we still have 10% of the addresses unassigned or reserved, there is no need to spend the money yet.

Re:Ill bet this will happen (2, Informative)

Anpheus (908711) | more than 4 years ago | (#30883838)

Not just any modern OS, the BSDs, *nixes, and Windows all have IPv6 support going back a decade. I'm not sure about the classic Mac OS, though.

Re:Ill bet this will happen (1)

Toonol (1057698) | more than 4 years ago | (#30883872)

Often times being 'proactive' means contributing money and ceding control to some authority that is demanding trust. They don't always deserve it. Running out of IPv4 addresses is, of course, inevitable and predictable; but the timeline hasn't necessarily been. The cost and best method of switching hasn't necessarily been. As we get closer, better decisions can be made.

Re:Ill bet this will happen (4, Insightful)

Jarik C-Bol (894741) | more than 4 years ago | (#30883788)

your right, because if we had been thinking ahead at all, we would have fully switched to IPv6 by now. personally, I'm surprised we 're not having a new Y2K-esque freak-out over this already. (heck, more effort was put into the digital TV switch than seems to be going into IPv6 switch).

Re:Ill bet this will happen (4, Interesting)

Dadoo (899435) | more than 4 years ago | (#30883810)

I actually called my ISP last week and asked if I could get an IPv6 address. They told me Cisco said they won't have to worry about it for at least a couple of years, so they (my ISP) haven't even started thinking about it, yet. I guess they're going to wait until the last IPv4 addresses run out and have a mad rush to assign IPv6 addresses. That'll be fun...

DEBOGON (1)

aztektum (170569) | more than 4 years ago | (#30883294)

I seriously read that as Dagobah

Re:DEBOGON (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30883668)

Now that you seem to realize it is not "Dagobah," what are you posting this for?

Why do so many Slashdotters believe that their inability to correctly read a word is remotely noteworthy or amusing? Serious question. If it's caused by anything other than being unable to get over yourself, or being far too easily amused, I'd like to know. I'm guessing being too easily amused by repetitive and unoriginal attempts at humor is the deal. How else could you possibly explain the formulaic Slashdot memes that keep getting modded up to +5 Funny after hundreds of repostings?

No (4, Funny)

Dunbal (464142) | more than 4 years ago | (#30883302)

They'll never take my 127.0.0.1 away from me, dammit!

Re:No (1)

mysidia (191772) | more than 4 years ago | (#30883318)

Ah... 127.0.0.1.... sometimes mistyped as 27.0.0.1 though, especially by folks trying to "ping 127.0.0.1" for some reason :)

Re:No (2, Funny)

sopssa (1498795) | more than 4 years ago | (#30883344)

You don't probably have anything to worry about, but the owner of 69.69.69.69 is probably sweating about his leetness.

$ host 69.69.69.69
69.69.69.69.in-addr.arpa domain name pointer the-coolest-ip-on-the-net.com.

Re:No (2, Funny)

mustafap (452510) | more than 4 years ago | (#30883824)

My favourite address is 70.85.67.75

I've tried for ages but I've never been able to get it.

Re:No (1)

thms (1339227) | more than 4 years ago | (#30883362)

And as long as 4.2.2.2 remains ping-able so I can quickly whether just DNS or the net in general is down I'm okay with any reallocation.

Re:No (1)

bipbop (1144919) | more than 4 years ago | (#30883388)

I use 4.8 for that.

Re:No (3, Interesting)

sopssa (1498795) | more than 4 years ago | (#30883396)

And as long as 4.2.2.2 remains ping-able so I can quickly whether just DNS or the net in general is down I'm okay with any reallocation.

It actually might not be for long, Level 3 is closing public access to it and only allowing its use for their own customers.

Re:No (1)

GNUALMAFUERTE (697061) | more than 4 years ago | (#30883726)

Aw crap! Really? I have shitloads of servers configured to that IP!

Motherfucker!

1.2.3.4! (5, Funny)

Anonymous Coward | more than 4 years ago | (#30883322)

Thats the IP address of my luggage.

Re:1.2.3.4! (1)

dasherjan (1485895) | more than 4 years ago | (#30883520)

Thank you! I needed a laugh. :)

Re:1.2.3.4! (3, Funny)

GIL_Dude (850471) | more than 4 years ago | (#30883692)

Obviously you say that in jest (and I laughed). However, I was once on a shuttle back to the hotel from a Microsoft event with several representatives of some of Microsoft's large customers when some crazy guy was trying to convince a rep from a major airline that they needed to re architect their luggage system to assign an IPv6 address to each bag. This guy was serious about it too. My buddy and I just kept cracking jokes at his expense though.

If you leave your bag unattended its time to live might expire.
When the luggage system backs up, it sends a source quench.
What do you mean "no route to host"?
My luggage was fragmented!
Can't your luggage route around the storm?
and many more...

It was one of the most enjoyable bus rides I've ever had.

they should start selling IPadresses like phone (2, Interesting)

obarthelemy (160321) | more than 4 years ago | (#30883342)

numbers and car plates.

I'd love to have 1.1.1.1, or 29.09.19.69 (my bday)

Re:they should start selling IPadresses like phone (0)

Anonymous Coward | more than 4 years ago | (#30883500)

That's a dangerous post right there. Ma Bell's agents will be popping by your place later, you've been scheduled for re-education.

Phones are old tech, the cable has been laid. No cable boxes, no phones, just an IP is all we need.

Phones are dinosaur tech, no matter how many widgets they have. Stop paying for them. /soapbox

Re:they should start selling IPadresses like phone (5, Funny)

Anonymous Coward | more than 4 years ago | (#30883524)

or 29.09.19.69 (my bday)

So if you had your Social Security number as an IP address, what would it be?

Re:they should start selling IPadresses like phone (0)

Anonymous Coward | more than 4 years ago | (#30883786)

Thanks! Your slashdot, facebook, and email accounts are MINE!

Re:they should start selling IPadresses like phone (2, Interesting)

Rich0 (548339) | more than 4 years ago | (#30883884)

Only issue with that is how the routing system works. Routers are incapable of keeping track of where every single individual IP is located on the internet. Instead they just get announcements for very large networks, and then as the packet gets closer to its destination it can be tracked with greater and greater granularity.

Dynamic DNS is a much better approach - it separates the implementation of the naming and the routing functions.

I have no idea how the phone system manages to handle number portability. I suspect that either they just rely on the fact that relatively few numbers are ported, or they do a one-time lookup on the phone number to get a different "real" network address for the phone and use that for the routing. That basically just treats the phone number as a DNS address and your local switch as the real IP address.

Desirable? (1)

MichaelSmith (789609) | more than 4 years ago | (#30883348)

Why are some IP addresses more desirable than others? They are just numbers after all.

Re:Desirable? (1)

fucket (1256188) | more than 4 years ago | (#30883378)

And why does it skip right from 12.0.0.0/8 to 14.0.0.0/8? You guys on 14.0.0.0/8, you know what subnet you're really on.

Re:Desirable? (1)

sopssa (1498795) | more than 4 years ago | (#30883422)

Uh, what does? 13.0.0.0/8 is owned by Xerox. Which doesn't really make sense, but they were there to pick it up in 1991.

Re:Desirable? (2, Funny)

MichaelSmith (789609) | more than 4 years ago | (#30883426)

I will be happy to wear the consequences of owning 13.0.0.0 and following recent events I suggest China be allocated 4.0.0.0

Re:Desirable? (1)

srussia (884021) | more than 4 years ago | (#30883432)

Why are some IP addresses more desirable than others? They are just numbers after all.

Same thing with domain names. They're just letters, after all.

Re:Desirable? (5, Informative)

mysidia (191772) | more than 4 years ago | (#30883470)

A good example of an undesirable IP address is one that's on a bunch of spam blacklists.

Some IP addresses are more likely to have connectivity issues than others.

One major issue improper or poorly maintained filters, that effects most address blocks that were previously not being assigned from equally, hence the DEBOGON projects and testing.

There are more insidious issues that only effect some blocks, however.

For example the guerilla usage of "1.0.0.0/8" by AnoNet, and "5.0.0.0/8" by Hamachi, plus private use of those, and other ranges instead of proper RFC1918 addresses by some enterprises.

Makes hosts that use those IP addresses more likely to have communication problems with other hosts on the internet, just because their IP address is in that block.

What about getting back some... (4, Insightful)

mrboyd (1211932) | more than 4 years ago | (#30883366)

I seriously doubt that GE, IBM, AT&T, Xerox, HP, Apple, MIT, Ford, AT&T (again), Halliburton, Bell, Prudential securities, UK government Department for work and Pensions, Dupont de Nemours and Co., Inc, Merck, USPS and some others deserve or need a /8.

Too much effort for too little benefit (2, Insightful)

Nicolas MONNET (4727) | more than 4 years ago | (#30883410)

Even if you could recoup some of these addresses, this would only afford a few months of use, so it's not going to be worth the effort.

Re:What about getting back some... (5, Informative)

Trolan (42526) | more than 4 years ago | (#30883424)

And for each of those /8s, you buy maybe 1.5-2 months more time until v4 exhaustion. Most of those /8s were also allocated prior to any policies permitting reclamation. Any recovery of them would involve legal wrangling, which would be expensive and time consuming. Prolonging the end result isn't a viable solution to the problem, when the solution is available now.

Re:What about getting back some... (1)

compro01 (777531) | more than 4 years ago | (#30883438)

And after all the kicking, screaming, hair-pulling, knock-down drag-out legal battles to reclaim those blocks, you buy a grand total of about 18 months.

It's not worth it.

Re:What about getting back some... (1)

wumpus188 (657540) | more than 4 years ago | (#30883522)

You can have my 127/8 when you pry it from my cold dead fingers, you insensitive clod!

How do these ignorant comments get modded up? (3, Insightful)

Abcd1234 (188840) | more than 4 years ago | (#30883618)

This has been addressed time and time (and time) again. a) Those organizations would have to defrag their IP space before large blocks could get released, a process that's slow, intensive, and expensive. But more importantly, b) even if they did that, and then release those blocks for reallocation, at the current rate of consumption, it'd buy us, what? 18 months? Two years at the outside? Meanwhile, global routing tables would get even *larger*, and they're already gigantic.

No, reallocating unused IPs is a total fucking waste of time. That time would be *far* better spent getting IPv6 deployed so we could all move on from this mess.

Re:What about getting back some... (1)

Vandilzer (122962) | more than 4 years ago | (#30883626)

Let me ask you this...

If you have a /8 would you give it back with out a fight?

No, I thought not, and these companies pay lawyers to sit around, and in some cases pay the judges or just others to write the laws....

Re:What about getting back some... (1)

diamondsw (685967) | more than 4 years ago | (#30883856)

Yeah, I'm sure that AT&T as a global networking company has no need of those IP addresses. And yes, I'm well aware of the magnitudes involved.

Re:What about getting back some... (1)

QuantumRiff (120817) | more than 4 years ago | (#30883874)

Someday, everyone will eventually realize you don't increase the availability of an item much by increasing it by 1/256th.

audits... (1)

irving47 (73147) | more than 4 years ago | (#30883370)

I guess it's ICANN or ARIN that forces audits and demands accountability of usage of address space. Who are some of the big targets for recovery? Apple should be target numero uno with the entire 17.x.x.x class A. I know my college used a lot of 143.88.x.x as live ip's for every work station and wifi-connected laptop that happened to come along. No, that's not a lot, but just an example of the waste that goes on.
(Now i'm going to be flamed by the "NAT is just a crappy hack/workaround" crowd.) Oh well.

Re:audits... (1)

MightyMartian (840721) | more than 4 years ago | (#30883412)

It is a crappy hack/workaround, but it works right now. At some point I know I'm going to have to switch, but for now, well, I'll happily use NAT with port forwarding to make my services available.

Re:audits... (1)

compro01 (777531) | more than 4 years ago | (#30883502)

The problem with that is the the issuing of IP space back when a lot of those were handed out have no provisions for auditing, use accountability, or reclamation. That means you're looking at a long ugly legal battle, and even if you do win, you buy a little less than one month per /8 reclaimed.

Routers and IPvx (1)

hackwrench (573697) | more than 4 years ago | (#30883384)

The way I understand it, routers still use IPv4. Is it feasable for routers to use IPv6 amongst themselves, freeing their IPv4 addresses for use at endpoints?

Re:Routers and IPvx (1)

gandhi_2 (1108023) | more than 4 years ago | (#30883812)

huh?

If you are talking about gateway routers, they have at least 2 interfaces. One interface must be in the subnet it gateways, the interface linking to the next router usually uses a private non-routable like 10...., 176.16...., or 192.168.... I see no way to claim back any routable IP's from the routers themselves. And even if you could, you are only getting back one address per subnet.

deprecating broadcast and making the last address on the subnet a valid host address would be about as feasible. which is to say, it ain't gonna happen.

Install your own 6to4 tunnel today (5, Interesting)

bbn (172659) | more than 4 years ago | (#30883394)

Run this script to get your own IPv6 address today:


CUR_IP=(`ip -4 addr show ${CUR_DV} | awk '/inet / { print $2 }' | sed -e 's/^\(\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*$/\1/'`)
IPV6_ADDR=$(printf "2002:%02x%02x:%02x%02x:%04x::%04x" $(echo "${CUR_IP} ${SLA_INTF} ${INTF_ID}" | tr '.' ' '))

ip tunnel add tun6to4 mode sit remote any local ${CUR_IP}
ip link set dev tun6to4 up
ip -6 addr add ${IPV6_ADDR}/64 dev tun6to4
ip -6 route add 2002::/16 dev tun6to4
ip -6 route add ::/0 via ::192.88.99.1 dev tun6to4 metric 1

Install radvd if you want to share your new IPv6 subnet with other people on your local network.

This is all it takes. You do not need to wait for your ISP to get a clue.

Only problem is this does not work with NAT.

Re:Install your own 6to4 tunnel today (5, Interesting)

AlexWillisson (1348553) | more than 4 years ago | (#30883512)

I use SIXXS, it's been working great.

http://www.sixxs.net/main/ [sixxs.net] (www is required, the site isn't perfect but it works)

I currently have two tunnels (one to an out of house server & one to my house), a subnet for my house (I've tested it, I can ssh from an external server directly to my in-house computers without any port forwarding). It adds a little latency (since you have to go through some other router before reaching the ipv6 part of the internet), but not too bad.

Hurricane Electric is also a great option. (3, Interesting)

Abcd1234 (188840) | more than 4 years ago | (#30883658)

I run an HE tunnel at home to provide IPv6 connectivity to my personal network, and it's been working great, and has the advantage over SIXXS of more geographically distributed tunnel endpoints (SIXXS' seem to be clustered on the east coast, while, HE has endpoints in California, among other places). Though you do need to rig up a script to update the tunnel should your IP address change.

Throw in a free v6-capable DNS hosting service like freedns.afraid.org and you're laughing.

Re:Install your own 6to4 tunnel today (4, Informative)

Dagger2 (1177377) | more than 4 years ago | (#30883672)

Only problem is this does not work with NAT.

To be clear, 6to4 needs to be run on the device with your public IP address, or alternately that device needs to pass protocol 41 traffic to the machine doing 6to4. The rest of your network then gets access by native IPv6 routing.

The presence of NAT is not fatal to 6to4.

Why should we care about idiots? (2, Insightful)

kju (327) | more than 4 years ago | (#30883428)

So, what? Some idiots have abused reserved or otherwise unused netblocks for their internal networks. I honestly couldn't care less. I have seen this before, even with other blocks which were already in use. It is a very bad practice. Unfortunately there is only one way people might stop doing this: Allocate the blocks now. If users won't be able to reach certain sites, the admin might change the internal addresses. Or they might not. Who cares? No, really: Who cares?

Wouldn't more widespread SNI support be nice? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#30883440)

Where I work perhaps 50% of our IP allocations are due to requests for SSL websites. Now imagine a world without IE6/Windows XP where IIS supported SNI. Unfortunately I suspect Microsoft has once again been far too slow to catch up. That was the obligatory Microsoft bash out the way - seriously though, how long is it going to take to finally lose the ridiculous single address per site requirement for websites in a globally supported manner?

How's NAT64 coming along? (5, Insightful)

Nicolas MONNET (4727) | more than 4 years ago | (#30883442)

From the beginning of IPv6, something was missing: the possibility for IPv4 only hosts to reach IPv6 only hosts. The solution is a form of nat, called NAT64, but a few months ago it was just a vague proposal AFAIK. As long as this is not solved, the transition to IPv6 *cannot* work. There is a simple reason: the planned transition involves ALL hosts talking both IPv4 and IPv6. When you speak both, inevitably the least used IPv6 is not supported well, and people end up using only IPv4.

It's so obvious, I find it shocking it's not taken into account more seriously.

Re:How's NAT64 coming along? (1)

klapaucjusz (1167407) | more than 4 years ago | (#30883780)

NAT64 so obvious, I find it shocking it's not taken into account more seriously.

It was actually a part of the initial design for IPv6 -- see Section 5 of RFC 1710, or all the stuff about "translation from IPv6 to IPv4" in RFC 1883. It just somehow fell out of the specifications during the standardisation process.

Re:How's NAT64 coming along? (1)

paskie (539112) | more than 4 years ago | (#30883852)

NAT64 actually does not solve that, it concerns only the IPv6->IPv4 part, not vice versa. A more general mechanism NAT-PT has been proposed at the dawn of IPv6, but its status has been changed to historic by RFC4966 as it turns out that this is not really easy to get right.

Re:How's NAT64 coming along? (1)

Abcd1234 (188840) | more than 4 years ago | (#30883854)

As I understand it, NAT64 has gotten greater attention in the last little while as people involved in v6 have finally come to the conclusion that it, or something like it, is going to be necessary to make the transition happen.

'course, personally, I think it's far more important that we get old, broken routers shut down ASAP. Today, people at home are actively *turning off* the v6 stack on their desktops because their broken routers erroneously send out radv broadcasts, despite having no v6 connectivity. The result is massive delays due to v6 connection timeouts. Meanwhile, service providers who support v6 are actively choosing not to add AAAA records to their sites because those with broken v6 connectivity would see poor service (Google is one of those doing this, which is why for most, www.google.com has no AAAA record, while ipv6.google.com does... unless your v6 provider has negotiated a special arrangement with Google, at which point they'll provide AAAA records for all of their services).

Not using any bogons over here (1)

coolgeek (140561) | more than 4 years ago | (#30883456)

But I did notice the other day that Time Warner is using 10.0.0.0 for user devices, and not just between the device and its gateway. Such IPs are exposed to the public, and fully routable within their network. Well, the cross-section of the public limited to TW customers, I suppose. I discovered this quite by accident. I thought my WiFi router was at 10.something and was very puzzled by the web page I received, which said "Scientific-Atlanta WebStar Cable Modem". Turns out my router is at 10.somethingelse

Re:Not using any bogons over here (1)

jimicus (737525) | more than 4 years ago | (#30883754)

Not at all uncommon with big ISPs, alas. British Telecom are doing something similar - which to my mind suggests there may well be more than one layer of NAT going on for quite a few customers....

Re:Not using any bogons over here (1)

/dev/trash (182850) | more than 4 years ago | (#30883816)

Yeah, I had to switch to 192.168. once my ISP started to use 10.x.x.x a few years ago. Sucked.

Oh well... (1)

snowtigger (204757) | more than 4 years ago | (#30883486)

I've been using 1.1.1.1/8 at home for years. It's by far the quickest to type and remember.

I'll probably keep using it for a while, until I need to reach any of those officially allocated addresses in 1/8. Hearing they got allocated in Africa and Latina America is really good news, since I rarely go to African and Latin American websites.

Re:Oh well... (1)

Trolan (42526) | more than 4 years ago | (#30883526)

No, it's APNIC (Asia Pacific) which got those blocks, not AFRINIC (Africa) or LACNIC (Latin America/Caribbean). If you have need to communicate with Japan, China, India, etc., you'll need to switch.

Re:Oh well... (0)

Anonymous Coward | more than 4 years ago | (#30883690)

APNIC, it's Asia-Pacific, you insensitive (and technically incompetent) clod!

Re:Oh well... (1)

/dev/trash (182850) | more than 4 years ago | (#30883770)

I used to use 10.x.x.x for my internal network, until it started to get routed. Appears some ISPs use it for things.

Map of the Internet (0, Funny)

Anonymous Coward | more than 4 years ago | (#30883510)

It looks like that the Map of the internet [xkcd.com] needs to be redrawn soon.

Re:Map of the Internet (0)

Anonymous Coward | more than 4 years ago | (#30883654)

this is the best xkcd ever!

131.0.0.0 (1)

ZERO1ZERO (948669) | more than 4 years ago | (#30883514)

For some reason the private network at my work is on 131.0.0.0 with various subnets and VLANS in place. I believe this is already a public IP Address range for something or other.

No, I don't know why it is that and not something else. We only have a couple hundred assigned IP addresses.

Multicast/Class E (1)

argent (18001) | more than 4 years ago | (#30883552)

How about the Class E (reserved for future use) range? That's another 15 "Class A" blocks excluding RFC0919.

How many people use anything but 224/8 for Multicast applications? IANA [iana.org] seems to have most of that space reserved or experimental.

Re:Multicast/Class E (4, Informative)

mysidia (191772) | more than 4 years ago | (#30883848)

The problem with "Class E" is these addresses have a "not a valid IP address" status; the classification of the addresses are "Experimental", not UNICAST. As a result, many OSes or devices from many vendors will not allow you to assign a Class E address, or communicate with a Class E address.

Windows XP falls into that category, Vista falls into that category, I cannot confirm whether Windows 7 falls into the category or not; unless there has been a recent patch, Class E IPs are unusable. Even Linux wouldn't allow you to communicate with a Class E address or assign it to an interface, until a kernel patch that was first introduced in January 2008

Many routers and firewalls are in a similar situation. There is a lot of old software running at internet sites that is unlikely to be updated.

If "Class E" address space is ever opened, it's likely that IETF would not direct IANA to assign Class E to the RIRs for public allocation, instead it might be made available for private purposes, much like the RFC1918 address space.

The possibility of allocating 240/4 for use has been discussed on various network engineering mailing lists.

Their findings were that many software programs and hardware devices recognize "Class E" addresses and indicates an error.

So the thought that "Class E" is just more IP addresses to pick up for free, is a nice idea, but unfortunately no panacea. It would be very hard to resurrect that range to 'usefulness' at this point in the Internet's evolution (with such a large installed base).

Enter the IP truthers (3, Funny)

calmofthestorm (1344385) | more than 4 years ago | (#30883556)

who claim that IP exhaustion is a conspiracy thought up by Al Gore to generate more money for the British Royal Family, and that if we ignore the liberal computer scientists and their biased journals, everything will be fine.

Allocation strategy (1)

Nofsck Ingcloo (145724) | more than 4 years ago | (#30883584)

I'm really ticked about how the allocation of addresses has been handled over the years, and I can't seem to get a reasonable answer as to why the allocation strategy can't be fixed. How come we can't (pardon the expression) claw back a bunch of allocated but unused addresses from the organizations that are squatting on them? How come we can't allocate addresses in smaller blocks?

Re:Allocation strategy (1)

compro01 (777531) | more than 4 years ago | (#30883736)

1. Because those addresses were handed out back when there were not any provisions for reclaiming them.

2. They are allocated in smaller blocks. This is IANA assigning address blocks to the Regional Internet Registries, which then assign smaller blocks out to whoever.

IPv6? (1)

Midnight Thunder (17205) | more than 4 years ago | (#30883598)

So still no need to start getting infrastructure ready for IPv6?

Marketing + Consumer Idiocy = Profit! (2, Insightful)

greatica (1586137) | more than 4 years ago | (#30883604)

Oh geez, I'm gonna have to explain things to my Mom after she gets the following notice in the mail:

"Great news! Our engineers have invented an amazing new technology called IPv6 that NONE OF OUR COMPETITORS HAVE: More addresses! Greater speed! Less lag! New HD content never before available! OMG this new technology called VOIP works over it! Perform online backups! And enjoy the $20 increase to your monthly bill!

That or Obama launches a "Rebates for Routers" program - 6 months AFTER I purchase an IPv6 device.

Re:Marketing + Consumer Idiocy = Profit! (2, Insightful)

Billly Gates (198444) | more than 4 years ago | (#30883808)

Well the investors have to get their 15% return every quarter for all of eternity somehow. This is whats expected in this day and age.

The sky is falling...again? (1)

clm1970 (1728766) | more than 4 years ago | (#30883612)

Not the first time the IPv4 Sky is falling. CIDR and NAT fixed the first couple of times. Quite possible there will be a large proliferation of v4 to v6 gateways. Or other policy changes to prolong the available pool of IPv4. The "drop dead date" for running out of address space keeps getting pushed out....

While they're at it... (1)

jadobbins (1028872) | more than 4 years ago | (#30883622)

I want 1.3.3.7

I would pay good money.... (1)

Filgy (2588) | more than 4 years ago | (#30883636)

....for 1.3.3.7... :)

Oops! (1)

dandart (1274360) | more than 4 years ago | (#30883646)

Oops - the house which one of my servers is on uses 1.1.0.0/16 for its internal connection.

I told him to change it.

Hewlett-Packard (1)

QuietLagoon (813062) | more than 4 years ago | (#30883680)

Why does Hewlett-Packard have not one but TWO /8 IPv4 address ranges [iana.org] ? Ain't they heard of NAT? How many other corporations have legacy /8 addresses and are holding on to them, not because they need them but because their laziness to move towards efficient use of those addresses creates a sense of entitlement to those very addresses.

Re:Hewlett-Packard (1)

klapaucjusz (1167407) | more than 4 years ago | (#30883846)

Why does Hewlett-Packard have not one but TWO /8 IPv4 address ranges [iana.org] ?

Where do you see that? As far as I know, they have a single /8 and a bunch of /16s.

The answer, of course, is that they were assigned before subnetting (CIDR) was deployed.

What? (1)

Cyberllama (113628) | more than 4 years ago | (#30883698)

How is 1.1.1.1 one of the "least desirable" ip addresses? I'd love to have it!

Hello, is this thing on??? (0)

jcwayne (995747) | more than 4 years ago | (#30883712)

RTFS all the way to the end people. We've finally discovered the mechanism of our demise. The Mayans accurately predicted the exhaustion of the IPv4 address space.

Unfortunately, applications still behind the curve (4, Interesting)

Abcd1234 (188840) | more than 4 years ago | (#30883794)

When I discovered m0n0wall 1.3 hit the pavement, with support for IPv6, I made the move to transition my home network to v6, for no other reason than it seemed like an interesting thing to do (what can I say, I like to tinker). In the process, I looked to moving all my services to v6... obviously I can't completely abandon v4 internally, but I figured, why not move all my internal stuff over? Problem is, among the software I use, the following don't support v6 at all:

Linux NFS client and server
MySQL
MythTV
rtorrent
m0n0wall's VPN implementations (both IPSec (ironically) and PPTP)

And those are just the first four that popped up (though at least I was able to patch rtorrent). God knows what other software out there doesn't support v6. Of course, many of these things can live in private v4 networks for the time being, but until application vendors catch up with the times, it seems v4 and v6 will be living side-by-side for a long time to come.

Re:Unfortunately, applications still behind the cu (4, Informative)

klapaucjusz (1167407) | more than 4 years ago | (#30883860)

among the software I use, the following don't support v6 at all

Please file bugs. Most Free Software projects take IPv6 very seriously indeed.

Speculators and domain squaters (1)

Billly Gates (198444) | more than 4 years ago | (#30883796)

I wonder if speculators and investors are buying up all the IP4 addresses just to resell them at 10x the price. The same speculators that made billions doing this to housing until a bubble formed.

Or am I just paranoid? I would be tempted myself if I were an evil billionaire.

reclaim dead ip space first (2, Interesting)

Anonymous Coward | more than 4 years ago | (#30883806)

ARIN is totally incompetent; Not only does the Prudential have a /8, but back in 1992 when I worked at the Prudential Bank in Atlanta, that totally separate division applied for and got a class-B (158.221) and still holds it to this day. The ridiculous thing is that they will never use it, never did and when I tried to get ARIN to look into getting it back in the late 1990s, that fell on deaf ears. In fact, the Prudential Bank doesn't even exist anymore at the address in the registry entry for 158.221; I don't know if they even exist at all anymore. Go and reclaim dead IP space, and then see what is left.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?