facebook rss twitter

The European IPv4 net address river runs dry

by Alistair Lowe on 17 September 2012, 10:15

Quick Link: HEXUS.net/qabmhr

Add to My Vault: x

Quick! Run around, panic, place your head in the sand, we've ran out of IPv4 web addresses! It's the end of the internet as we know it. OK... not quite, truthfully it's more of a notable point in history, though could cause issues for some ISPs, particularly smaller firms with out-dated hardware and limited budgets.

For every device on the internet, be it a PC, tablet or smartphone, there's a unique address, known as an IPv4 (Internet Protocol version 4) address. When the IPv4 standard was established in 1981, the notion that there could be billions of computers mere decades on seemed somewhat far-fetched and thus it was decided, to implement an address scheme with a theoretical maximum of just over four billion addresses.

33 years on, however, and Europe has officially reached the end of its slice of those four billion addresses. Had ISPs not prepared for this, firms would have no choice but to stop offering internet services for their new products. ISPs are free to chose their own solutions to the address shortage issue, with many choosing to implement the new IPv6 standard, currently tunnelling existing IPv4 connections over the new protocol to maintain compatibility. Other ISPs are resorting to NAT (Network Address Translation), the same technology used to allow computers on a local network to access the internet under a single address.

Ultimately, full IPv6 migration will be the only way forward. It's the closest alternative to be supported in most modern hardware and offers the most efficient long-term solution. IPv6 solves our addressing problem by offering up a number of addresses so high, that, *fingers crossed* we should never come even remotely close to reaching the theoretical maximum, which is 340 undecillion unique values (that's 340,000,000,000,000,000,000,000,000,000,000,000,000 addresses).

IPv6 accomplishes this huge number by using 128-bit addresses, four times the size of current 32-bit addresses. Initially, this may seem like a huge inefficiency, an extra 12 bytes per data packet, just for the address, a typically unacceptable overhead. However, IPv6's huge address range makes some seriously cool stuff possible.

Currently, businesses and home computers sit behind a NAT router. This router performs address translation to a single internet-side IP address. This is a slow process and can lead to complex configurations for the routing of incoming data to various devices, introducing overheads of its own. With IPv6, however, the notion of NAT will eventually disappear; every computer will be able to have a unique, internet-facing IP address. Gone will be configuration and many of the popular fire-walling and port-forwarding woes. Likewise, other changes to the protocol make it less computationally intensive to route, which could lower the cost/power consumption of user-end modems/routers though, most importantly, enables far more cost-effective and efficient carrier-grade equipment, ideal for high-speed international fibre routing.

It may be a while yet before your household or business is switched to IPv6 - though the European IP address body, Ripe, has ran out of addresses, many ISPs still have addresses assigned to themselves that are unused. Somewhere down the line, however, expect a new router or a letter with new configuration details through the door, to switch you over to IPv6.



HEXUS Forums :: 10 Comments

Login with Forum Account

Don't have an account? Register today!
I learnt the basics of IPv6 4 years ago to make our product IPv6 ready (and build a simple network for testing). We've only ever sold one copy with IPv6 enabled. IPv6 is really cool but it'd going to take something like this to make everyone finally make the effort to switch.
With IPv6, however, the notion of NAT will eventually disappear
I disagree, NAT still has an important place as a security feature, and I'd still be using it even if I was assigned a block of IPv6 addresses. Besides that, IPv4 is much easier to memorise/type for private addresses. It would be useful for any servers you might be running though.
IPv6 might eliminate the woes associated with NAT but it introduces a whole lot more new woes, by it's nature NAT focuses traffic on a point in your network where you can “do security” and disrupts traffic flow in/out of a network, nobody outside can reach a machine inside unless the router/firewall is configured to make it so, meanwhile all machines inside are usually allowed to create any connection out…

If all machines have a globally routable address we're going to have to get rid of any default allow firewall rules and move to default drop/reject and then only allow traffic intended to transcend the LAN/WAN barrier. Network admins are going to have to learn PROPER firewall config and know each protocol and whether it should be allowed…

I don't know how true it is that IPv6 will really reduce computational intensity, we'll still need to inspect packet headers and apply firewall rules, devices will still be needed to perform load balancing for big websites etc even if each backend server had it's own global IPv6 address etc etc.
kingpotnoodle
IPv6 might eliminate the woes associated with NAT but it introduces a whole lot more new woes, by it's nature NAT focuses traffic on a point in your network where you can “do security” and disrupts traffic flow in/out of a network, nobody outside can reach a machine inside unless the router/firewall is configured to make it so, meanwhile all machines inside are usually allowed to create any connection out…
Huh? You've never needed NAT just to do that. NAT was developed as a dirty hack to work around IPv4 exhaustion. It's never been a competent security solution, ever.
watercooled
With IPv6, however, the notion of NAT will eventually disappear
I disagree, NAT still has an important place as a security feature, and I'd still be using it even if I was assigned a block of IPv6 addresses. Besides that, IPv4 is much easier to memorise/type for private addresses. It would be useful for any servers you might be running though.

NAT is not and should never, ever be considered a “security feature” by any means. What you want is a firewall, which will give you the same kind of protection (i.e. blocks unwanted incoming connections) but doesn't limit your network in any way and works both ways (blocks unwanted outgoing connections as well). Plus it'll log intrusions better and a good firewall will prevent things like DoS attacks much better than NAT ever will.

As for memorising addresses, IPv6 can be quite easy to memorise depending on which kind it is. For example, the equivelant to 127.0.0.1 (or “localhost” in IPv6 is 0:0:0:0:0:0:0:1, however it can be reduced to just ::1.
Unique Local addresses (the equiveland to 192.168.x.x) are not too difficult to memorise, either:

http://en.wikipedia.org/wiki/Unique_local_address