Wednesday, 25 July 2012

IPv4: THE END IS NIGH!

The glass is not half full!
Version 4 Internet Protocol addresses are running out - we all know this. Last February IANA allocated the last blocks to the five regional registries. Since then one of these (APNIC) has already run out.

This weekend RIPE, the regional registry for all of Europe, is forecast to run out!

Technically, running out means they are on their last block and are effectively in lock down so not giving ISPs any more addresses. In practice, there is a policy allowing one final block per ISP, but this is only a thousand addresses, which you can imagine is not very useful for the likes of BT or Virgin.


What this means is that UK ISPs can no longer get more IPv4 address space, ever.

They have to cope with what they have. Technically there are ways for IPv4 to be traded, and ISPs to acquire other ISPs, but apart from that, ISPs are a bit stuck.

So when will ISPs run out? Well, tricky. The forecast window has been down to 3 months for a while, so, in theory, ISPs should not have more than 3 months of addresses left! In practice all ISPs have (or should have) plans for how they are managing their remaining IPv4 addresses. You can expect changes in policy to happen now.

It is hard to say what ISPs will do. Some will deploy carrier grade NAT which means you do not get a real IP address when you connect. Instead you get a private IPv4 which is mapped to a share of a real IPv4 address. There is even a scheme where routers can directly get a share of an IP address (i.e. the router is told a range of TCP/UDP ports it can use and expected to NAT to those). NAT itself is not new, and not nice, but this extra layer of NAT and sharing has a whole string of problems and costs for the ISPs.

Even when one router is used to share an IPv4 address on a network and one person is using it, the router can run out of sessions or ports. We have seen this happen where someone cannot see something because it keeps failing at the same point. Given non NAT and real IPv4 addresses it just works. Such problems will get worse and worse with torrent users not just hogging all the bandwidth but also all of the ports on shared IP addresses.

You also have to remember, if someone wants to put a new server on the Internet, such as a new web site, they too need IP addresses. That is going to get interesting.

We can say what AAISP is doing, and it is good news. We have always given customers as many IP addresses as they need (as per RIPE policy). This means we have a lot more IP addresses than customers.

Over the last few weeks we have gone through a programme where customers that can qualify for their own addresses (provider independent space) get it, and give us back blocks of A&A IP addresses. That is no longer possible now that RIPE have run out. It has, however, given those customers security that they have their own, portable, IP address blocks and we won't be asking for them back.

The next step is identifying anyone that has IP space they are not using. The new sflow stats make this easier, and we are contacting people to reclaim unused address space. Obviously, we can also claim our last thousands addresses from RIPE. We will also stop offering blocks of IPv4s to new customers at some point. Right now, anyone needing a block of IPv4 has to discuss it with support.

Where people have IPv4 blocks, and their router can handle the WAN address being within that block (which many can), we'll be recovering the WAN addresses too allocating an overlapping address. This seems trivial, saving one address, but could apply to thousands of customers. Similarly, multi-line customers using a FireBrick for PPPoE can use one WAN address on all lines.

Obviously we are already getting people using IPv6. So the next step is people that are using their IPv4 blocks. We contact them to see if they can get their networks using IPv6 and ideally to no longer need the IPv4 blocks. We already sell router upgrades to get people on to IPv6 and supply Ipv6 to new customers as standard.

One of the main reasons for needing real IPv4 addresses is VoIP. We already have VoIP gateway functions in the FireBrick, and so many customers can upgrade so they no longer need the public IPv4 addresses. We also have IPv6 VoIP services and there are some VoIP phones starting to support IPv6.

The final stages, which may be years off, are that we start charging for blocks of IPv4. Ultimately we may even start clawing back IPv4 blocks to allocate to new customers. The hope is that we can always provide every customer with at least one fixed public external IPv4 address. We think we have enough IPv4 addresses to do that in the long term and never have to deploy carrier grade NAT. But it is hard to predict the future.

So, really, IPv4 is dead, long live IPv6.

Update: With no change in the underlying data, potaroo have changed their forecast from 29th and 31st July to 11th October!

10 comments:

  1. I can't see RIPE running out this weekend - Huston is wrong on this one.

    They currently have 1.69 /8s, and at the current rate don't look to be within a month of exhaustion (They used .04 last week and their highest recent drop has been .15). It's telling they haven't implemented their 'stage 1' exhaustion plan yet (http://www.ripe.net/internet-coordination/ipv4-exhaustion/last-8-phases).

    ReplyDelete
    Replies
    1. Potaroo says :-
      RIPENCC: 31-Jul-2012 1.5895

      Yesterday it was saying 29th.

      Even so, watching it go down last week, it would not surprise me to find it is next week.

      Delete
    2. Last week almost nothing happened.. there's a bit of a summer lull.

      Not sure why the two figures don't match.. Ripe's official ones are here. http://www.ripe.net/internet-coordination/ipv4-exhaustion/ipv4-available-pool-graph

      It's possible a large ISP may request a huge block at the last minute, but it's looking less likely as the date approaches.

      Delete
  2. A lot of my systems are moving over to IP6 only, though they still _HAVE_ an IPv4 address, it's rarely used, thanks to 2001:8b0:6464::1-2. With the exception of my web/mail server & my voip server. even the physical host of my server (all my servers are now virtualised) doesn't even have an IPv4 address on it. - so at least for now, please don't remove 2001:8b0:6464:: system! - That said, more and more things are getting IPv6 address's, which is a good start. personally, I have a /27 from A&A, I have this split for my LAN, and my WLAN, though this actually came about due to RTP streams killing my Wifi devices rather rapidly, so now they're a separate network. The only things that really have a problem with IPv6 are my consoles (XBOX & PS3), my TV, and my voip system.

    ReplyDelete
  3. I have a /28 but only really need a /29 so could give back a block of 8 addresses.
    Should I email support?

    ReplyDelete
    Replies
    1. You can email or just mention on irc, and they can arrange changes. There is no rush just yet, and I'll do a status post when we start asking people to re-consider their usage and return spare space. Thanks for your help.

      Delete
  4. How's NAT64 (http://aa.net.uk/kb-broadband-ipv6-nat64.html) looking these days?

    ReplyDelete
  5. I'd be happy to try out anything that allows a system to do without IPv4 - though my success has been limited as yet.

    ReplyDelete