Events, news, technologies and products about cyber security
Tuesday, February 18, 2014
[computerworld] Whatever happened to the IPv4 address crisis?
Network World - In February 2011, the global Internet Assigned Numbers Authority (IANA) allocated the last blocks of IPv4 address space to the five regional Internet registries. At the time, experts warned that within months all available IPv4 addresses in the world would be distributed to ISPs.
Soon after that, unless everyone upgraded to IPv6, the world would be facing a crisis that would hamper Internet connectivity for everyone. That crisis would be exacerbated by the skyrocketing demand for IP addresses due to a variety of factors: the Internet of Things (refrigerators needing their own IP address); wearables (watches and glasses demanding connectivity); BYOD (the explosion of mobile devices allowed to connect to the corporate network); and the increase in smartphone use in developing countries.
So, here we are three years later and the American Registry for Internet Numbers (ARIN) is still doling out IPv4 addresses in the United States and Canada.
The day of reckoning still looms -- it's just been pushed out as the major Internet players have developed ingenious ways to stretch those available numbers. But these conservation efforts can only work for so long.
ARIN currently has "approximately 24 million IPv4 addresses in the available pool for the region," according to President and CEO John Curran. They're available to ISPs large and small, but Curran predicts they will all likely be handed out by "sometime in 2014."
Even then, addresses will still be available to be assigned to the operators' clients for a while longer. And not all operators are likely to experience shortages at the same time. "It's more of a problem for networks that are growing. For networks that are stable, they can reuse addresses" as some customers drop their service and new ones sign up.
Phil Roberts, technology program manager for the Internet Society, adds,A "There's some anticipation in using addresses. Network operators get a block and parcel them out -- you don't get them right when you need them."
How did we get here?
The problem took no one by surprise. The Internet Engineering Task Force (IETF) foresaw the global growth of network-connected devices 20 years ago, and in response drafted a new version of the Internet Protocol to address the looming shortage.
IPv6 uses a 128-bit address space -- that is, 2^128 -- yielding far more potential addresses than IPv4's 32-bit scheme, and in fact more addresses than there are grains of sand in the Earth's crust.
So, why hasn't everyone just switched over to IPv6?
Well, IPv6 is not backward compatible with IPv4, meaning network operators need to run a dual stack IPv4/IPv6 network for years to come. And for IPv6 to work, it needs to be implemented end to end, meaning IPv6 has to be enabled by network hardware vendors, transit providers, access providers, content providers, and endpoint hardware makers.
Since there's no economic incentive to being the first to invest in revamping your protocol support, many hardware and service providers stood on the sidelines and waited for momentum to build.
For enterprises, it made no sense to upgrade to IPv6 if their ISPs were still running IPv4. As John Brzozowski, fellow and chief architect for IPv6 at Comcast Cable, puts it: We had a chicken-and-egg problem. "Service providers didn't want to implement IPv6 because the content providers weren't there, and content providers didn't want to implement it because the service providers weren't there."
Plus, there were ways to avoid having to face the IPv6 music. One common technique is carrier-grade network (CGN) address translation (NAT), which translates private IP addresses within a carrier's network to a smaller number of public IP addresses in much the same way that ordinary NAT lets individuals and organizations use multiple internal IP addresses.
However, CGN brings with it a number of issues that limit its appeal. For one thing, it's expensive for carriers, and the money they spend on it could be more productively applied to IPv6-ready hardware. For another, a great deal of Internet infrastructure relies on the premise that a single public IP address uniquely identifies a carrier subscriber. CGN breaks that assumption, which means that it breaks geolocation services and impedes law enforcement organizations' ability to identify users.
ARIN is also helping to ease the pain by reclaiming unused addresses from, say, ISPs that have gone out of business, although that number is relatively small and won't materially affect the date upon which all IPv4 addresses are gone. ARIN is also now parceling out smaller and smaller blocks of IPv4 numbers and tightening the criteria for approval of new addresses.
But IPv4 workarounds will only last for so long and most organizations are recognizing that fact and moving, if grudgingly, to IPv6. Roberts says, "There's a light at the end of the tunnel."
Where are we headed?
Comcast recently announced that it now has the world's largest IPv6 deployment. In a post on Comcast's site, Brzozowski said, "Today, over 25 percent (and growing) of Comcast's Xfinity Internet customers are actively provisioned with native dual-stack broadband Internet service. Native IPv6 support has been deployed to over 75 percent of our broadband network, and our goal is 100 percent in early 2014."
All the major enterprise router vendors, and most vendors of small office routers, offer products with IPv6 support. A growing ISP or an expanding business should have no trouble finding hardware that supports IPv6.
As with IPv6 deployment among access providers, deployment among content providers is growing. Among websites, according to Roberts, the five top sitesas measured by Alexa all support IPv6, and they account for a substantial portion of total IP traffic. One of those sites, Google, continually collects statistics about IPv6 adoption and shares them in a graph whose curve shows a steady upward trend.
However, while the shape of the curve is encouraging, in absolute terms the number of users accessing Google via IPv6 is barely above 3% of all users. Still, "that's more than double what it was a year ago," Roberts says, and IPv6 traffic is growing at a faster rate than IPv4, which Roberts sees as a promising sign.
The Internet Society also makes ongoing measurements of IPv6 deployment on its World IPv6 Launch site. It shows that 13 percent of the Alexa Top 1,000 websites are currently reachable over IPv6. "That number was 10 percent a year ago," Roberts said. In addition, the Internet Society checks the number of network operators who are turning on IPv6. "The first time [we reported on the statistics] we had about 70 networks," Roberts says. "Now we're up to 226."
With endpoint hardware providers, IPv6 readiness is a mixed bag. "A lot of devices in the home don't use it yet," Roberts says. However, the fast-growing cell phone market is a different story. Cell carriers are making progress supporting IPv6-enabled devices. For instance, Roberts points to Verizon Wireless. "All of its new smartphones have IPv6 enabled," he says, and T-Mobile recently announced that its Android 4.4 phones will default to IPv6 only for connecting to its mobile network.
Some gaming console manufacturers too are jumping on the bandwagon. In October, Microsoft's Chris Palmer announced at NANOG 59 that the Xbox One gaming console will use IPv6 with IPsec for peer-to-peer communication between gamers, and said that performance will be best when end-to-end communication is over IPv6.
That end-to-end, IPv6 connection may be elusive when content delivery networks are involved. Some CDNs, such as Limelight, turn on IPv6 by default for their customers, but others, such as Akamai, do not. Akamai's Erik Nygren says, "Most of our customers have very rich environments that still require end-to-end testing prior to dual-stacking."
One problem is that customer-premises equipment (CPE) has to be capable of supporting IPv6 and properly configured to do so, and not all CPE currently in production can claim that. Nevertheless, Akamai reported in June that roughly 1.5 percent of the content requests it sees come in over IPv6 -- a rate that is about double what it saw a year previously.
Over the entire network ecosystem, including carrier hardware and networks, CDNs, corporate networks, home electronics, mobile devices, and content providers, there is steady progress in IPv6 implementation.
Unallocated IPv4 address blocks are gone forever. However, carriers still have IPv4 addresses available for allocation, so IPv4 addresses will remain in use for some time to come. And though there may be no immediate crisis for service providers, businesses, or customers, there is steady pressure to enable IPv6 in every segment of the network ecosystem as the best way to address IPv4 address scarcity.
No one seems willing to predict a date by which the last IPv4 packet will traverse the Internet backbone, but we are seeing clear progress toward IPv6 critical mass in the form of dual-stack implementations in enterprise, mobile, and home-based devices and operating systems.
Once it becomes clear we've reached an inflection point, when service and content providers can count on dual-stack users, and users can count on the availability of IPv6-enabled content, the pace of adoption should quicken. Just as no one needs to be the first to support IPv6, no one wants to be last either.
The reality is, Roberts says, "It takes a while to transition. After all this is done it would be a great graduate thesis for someone to see why it has taken so long."