Mon, 08 Oct 2007

We are running out of IPv4 addresses...

and there's no slowing down

I remember messing around with IPv6 for the first time almost 10 years ago, while setting up a training installation at the INET 1998 workshops in Geneva. It was straightfoward to get the the Windows NT (MSRIPv6), BSDi, FreeBSD and Linux hosts to autoconfigure themselves on the local subnet and communicate using IPv6. The general enthusiasm reflected one idea: "We're going to migrate to IPv6". At no point do I remember thinking "gee, and how will they communicate with IPv4 ?". I don't remember anyone talking about the transition itself, or the protocols involved.

As a followup to the recent announcement that the IETF's IPv6 Working Group had effectively been dissolved, some individuals on the NANOG list have been pointing out the apparent fact that, while a lot of time and effort was spent on designing "IPNG", as IPv6 was originally called, including all the bells and whistles that IPv4 lacked, like QoS, IPsec, autoconfiguration, prefix hierarchisation, (effectively a Second System Effect), not a lot of thinking has gone into the effective migration away from IPv4 to IPv6, and more importantly, how IPv6 and IPv4 users are supposed to talk together -- at least not on the massive scale of today's Internet.

Today this issue is very much present in the minds of network operators around the globe. A few are very aware of the wall that's looming ahread, and are trying to spread the message. After the Year 2000 hype (at least, as it was perceived by the general public), it's difficult to get worked up about impending doom scenarios, especially those the date of which keep changing.

The fact is, IPv6 and IPv4 are not compatible on the wire. This means that IPv4 and IPv6 are different protocols, and that an IPv4 host cannot talk to an IPv6 host and vice versa, unless at least one of the hosts is dual stacked (running both protocols), or some sort of translation mechanisms exists (NAT or application level gateway) to allow the hosts to talk to each other. Indirectly this could mean that many more IPv4 addresses than we have left today might be required, to allow for a transition where every IPv6 host could talk to every IPv4 node, and vice-versa.

RFC2766, which defines NAT-PT (NAT Protocol Translation) nails the problem description square on the head:

"There is expected to be a long transition period during which it will be necessary for IPv4 and IPv6 nodes to coexist and communicate. A strong, flexible set of IPv4-to-IPv6 transition and coexistence mechanisms will be required during this transition period."

Today, 7 years after NAT-PT was introduced, a new RFC recommends that NAT-PT be deprecated.

The original draft of this RFC stated, in September 2004:

"Description of an alternative protocol translation mechanism is out of scope for this document."

Even here in Denmark, which has a reputation for early adoption of new technologies, and where Internet penetration is among the highest in the world , most larger organizations I talk to are absolutely ignorant or unconcerned about the deployment of IPv6 -- not that they have no idea what IPv6 is, but they have no plans to deploy it, or do not seem to be aware of the issues regarding IPv4 depletion: they have no strategy, or at least intended strategy, with regards to IPv6.

As someone I know who is very knowledgeable with IPv6 wrote a half year ago,

"Still not much going on in Denmark with regards to IPv6. Nobody cares, nobody wants it, nobody works to implement it."

Learning IPv6 is one more burden for the average network administrator. Administrating IPv6 and IPv4 in parallel even more so. Dual routing tables, dual filtering paths, dual routing protocols, twice the security hassle. Even more reasons to start now. Not while it's early (that was 5 years ago), but while there's still time.

In hindsight, considering that many of the more revolutionary aspects of IPv6 have been dropped, it might have been smarter to just make IPv6 on-the-wire compatible with IPv4, and to use the lower 32 bits of the IPv6 addressing space to map the IPv4 space into it, enabling a simple compatibility mode for IPv6 to communicate with IPv4-only hosts, without the need for extra translation. [a few readers pointed out to me that this is contradictory with the idea of having a 128-bit address space: there can be no compatibility on the wire. Any sort of "compatibility" where an IPv6 host emits IPv4 packets is in fact simpley a dual stack system].

Unfortunately, this is not the case, and we have to deal with an installed base of tens of millions of IPv4-only NAT gateways and CPE (customer premises equipment) that only support IPv4, and will likely never support IPv6. It's in this environment that IPv6 will need to be deployed. The transition will most likely not be "from the core to edge" in one smooth wave. IPv6 is going to pop-up everywhere it makes sense, and for it to function it will have to use all the dirty tricks that IPv4 used to survive, including tunneling, protocol translation, and application level gateways.

Phil R.

• A fractal map illustrating the rate of exhaustion:

  http://www.tndh.net/~tony/ietf/IPv4%20Address%20Fractal%20Map.pdf

• A new presentation by Geoff Huston at RIPE 55 -- a very good overview of the IPv4 exhaustion problem:

  http://www.ripe.net/ripe/meetings/ripe-55/presentations/huston-ipv4.pdf

• Factsheet from ICANN about IPv6 -- most useful for management and decision makers:

  http://www.icann.org/announcements/factsheet-ipv6-26oct07.pdf

A number of announcement of publications were made recently, underlining the problem at hand:

• An Informational draft RFC was published, outlining an IPv4 to IPv6 transition plan, with goals of being "ready" by 2011-01-01:
  http://www.ietf.org/internet-drafts/draft-jcurran-v6transitionplan-00.txt
• LACNIC (the Latin American and Caribbean Internet Addresses Registry) announced that it wants all the region's networks to be adapted to IPv6 by January 1st, 2011

Compare this to a very informative presentation from Randy Bush regarding the reality of such a transition (and, in some cases, why it's plain impossible, since IPv6 is not "backwards compatible" with IPv4):

[IPv6 Transition & Operational Reality]

(the part regarding the emergence of a market for IPv4 addresses, and the transition from allocation to entitlement is worth it by itself).

Some background data and interesting comments from Geoff Huston, who maintains a page which is updated daily with an estimate of when IANA and RIRs will run out of unallocated IPv4 space (and the trading -- whether it's legitimate or not -- will begin):

• http://www.potaroo.net/tools/ipv4/index.html
• http://www.potaroo.net/ispcol/2007-07/v4end.html
• http://www.potaroo.net/ispcol/2007-08/dualstack.html

To get a feel of the context, a very informative read is the transcript of the APNIC Plenary, New Delhi, Sept. 2007.

Some good starting points on IPv6

• ARIN IPv6 Wiki
• Educating_Yourself_about_IPv6

There are some very interesting reports of the operational experiences of deploying IPv6.

posted at: 09:26 | path: | permanent link to this entry

Comments? Hah!