[HN Gopher] AWS adds an extra 5.5M IPv4 addresses
___________________________________________________________________
AWS adds an extra 5.5M IPv4 addresses
Author : chynkm
Score : 270 points
Date : 2021-08-14 04:06 UTC (18 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| fortran77 wrote:
| Wow! IPv4 addresses are like oil. We think we've run out, then we
| get better methods like "fracking" and "shale oil" and we can
| squeeze out a few more barrels of them.
| turminal wrote:
| Does similar data exist for other cloud giants?
| mwcampbell wrote:
| I wish that instead of buying more IPv4 blocks, AWS would
| drastically lower the price of NAT gateways, then charge extra
| for EC2 instances and Fargate tasks with public IPs, to make it a
| no-brainer to stop wasting public IPs. As it stands, it's cheaper
| to waste public IPs than to use NAT gateways.
|
| Addendum: I also wish I could volunteer to be switched over to
| CGNAT for my personal IPv4 traffic. This discussion got me
| thinking about what it would take to get my company's IPv4
| footprint down to zero. Might as well do that for myself as well
| if I could.
| remram wrote:
| I noticed that too on GCP. Many of my workloads don't need a
| public address but it's still simpler and cheaper to set one.
| bob1029 wrote:
| I've been making us use a NAT gateway for all of our EC2
| instances since the dawn of time. Only those that need to be
| directly touched on specific ports get dedicated IPv4. I can
| count all of our public IPv4 addresses on 1 hand, and that
| includes a static comcast address for a branch office.
|
| Using auto-assigned IPv4 should not be default, IMO. If I just
| did what amazon wanted me to without thinking, we would be
| consuming 5-6x more IPv4 addresses than we otherwise need to.
| mwcampbell wrote:
| Do you have any Internet-facing load balancers? IIUC, each
| AWS application load balancer gets a couple of public IPv4
| addresses. So I guess if you have a single ALB and a couple
| of NAT gateways (in two availability zones), you could still
| end up with a total of 5 public IPv4 addresses.
| olyjohn wrote:
| Last time I set up an ALB, it required 8 IP addresses. I
| assume that is because it spins up extra instances on the
| backend as the load increases. Most of the time the
| hostname is only assigned to 2 IPs.
| wbl wrote:
| IPv6 makes addressing easy and addresses free. Let's not keep
| NAT alive.
| paranoidrobot wrote:
| While I'm all for IPv6 - there's precious little about v6
| that's easier.
|
| On top of that, there's a whole lot of software that either
| doesn't support v6, or has major problems.
| tialaramex wrote:
| > there's precious little about v6 that's easier.
|
| Somebody doesn't do any address or route planning.
|
| In IPv6 the amount of hosts in a subnet is totally
| unimportant (because there are always 64 bits for this). If
| you have, say, a thousand hosts you're going to need to buy
| decent network kit 'cos a pile of daisy-chained 5 port
| plastic home switches won't like that - but it's only a
| local problem, like buying enough cable. You can have
| however many subnetworks you felt was appropriate for
| managing and organising things, and only _those_ need
| managing. However in IPv4 you need to know how many hosts
| there will be or might be in each subnet, in order to plan
| address allocation, and small changes can throw things into
| turmoil, you have to manage the individual host addresses.
|
| Suppose I have four subnets with 40-50 hosts in each - in
| IPv4 chances are that's four /26s. And then somebody wants
| to add 20 hosts to one of the larger subnets so now it
| won't fit in a /26 any more. Ugh. This is likely to involve
| a re-numbering programme that might take weeks or months. I
| may need to reach above me, to find somebody who has enough
| address space to trade with me, and they may in turn have
| to reach up too, or worse find the money to _buy_ space.
| Suddenly what should have been an easy problem ( "add
| twenty new hosts") is a nightmare with a budget and project
| management.
|
| IPv6 evaporates this entire class of problems. There might
| actually be people at large organisations whose _job_
| ceases to exist under IPv6. Certainly there are people
| whose job gets much _easier_ and less stressful, and who
| don 't have to say "No" as often any more.
| wbl wrote:
| If you want to lay out a structured space of addresses you
| can without worrying how much it will cost. Of course other
| problems don't change.
|
| It's been many years but most software I work with just
| works. Granted I don't work with a ton of old proprietary
| software.
| Arnavion wrote:
| Do you have examples of software that you can't use because
| it doesn't support IPv6? Of all the software I've used
| there isn't any, which is why I'm curious.
| lazyant wrote:
| Regarding NAT gateway pricing (~ $30/month or so iirc) we can
| use a micro (~ $10/month) Linux instance, it's quite literally
| about 2 commands (sysctl enable ip forwarding and a masquerade
| iptables command) or a short script to set it up.
| mwcampbell wrote:
| But that's another thing to keep patched.
|
| I wonder if it would be feasible, when using a stripped-down
| container host OS like Bottlerocket, to configure one
| container host instance per availability zone to also do NAT.
| Note that I'm assuming a setup where the containers are
| running in ECS tasks that use the awsvpc network mode (i.e.
| each task has its own VPC network interface and private IP
| address), so security groups can be fine-grained. So even the
| tasks running on container hosts that do NAT would need the
| NAT.
| notwedtm wrote:
| Also, NAT gateways don't support TCP or ICMP fragementation.
| Not always a killer, but when it is, it is.
| moduspol wrote:
| Yep. Or even give me a CG-NAT adoption. I have plenty of use
| cases where I only use a public IP address in AWS for Internet
| connectivity without any need for new incoming connections. For
| those, I'd be totally fine with a CG-NAT address.
| mwcampbell wrote:
| I wonder if we could hack that for ourselves by having our
| EC2 instances or Fargate tasks do all outgoing Internet
| access indirectly through Lambda functions.
| zxcvbn4038 wrote:
| It really depends on your needs - I use nano sized SPOT
| instances for NAT gateways which only cost a penny a month.
| They in no way compete with the 40gbs capacity and high
| availability of the hardware NAT devices but if the majority of
| your traffic is internal, going to a peered VPC, or over IPV6
| and you just need a means to make an occasional API call to one
| of the AWS endpoints that don't yet support IPV6 (which is the
| majority of them), then it's a perfectly viable solution -
| better then sharing a hardware NAT IMO because you can take
| advantage of network traffic within the same availability zone
| being free.
| tedk-42 wrote:
| In the consumer space this doesn't matter much. Most internet
| users at home could have their IPv4 address removed and only
| provided an IPv6 one.
|
| Mobile internet is commonly served only by IPv6.
|
| It's the hosting/server space where IPv4 matters and will
| probably be like this for the next 20 years. This will be harder
| than the python 2 -> 3 migration. We'll continue to come close to
| running out of IPv4 addresses but we won't ever ween off them
| completely in the server space.
| umanwizard wrote:
| > Most internet users at home could have their IPv4 address
| removed and only provided an IPv6 one.
|
| > Mobile internet is commonly served only by IPv6.
|
| These aren't true. There are still some big consumer-facing
| sites that are IPv4 only -- notably twitter.com and amazon.com.
| I can definitely still access both from my mobile device.
| niij wrote:
| My understanding is that there is some sort of translation
| taking place with 6to4, NAT64, ???
|
| So while amazon.com may not have AAAA records/ipv6 it is
| still reachable by properly configured ipv6 clients with some
| sort of middleman to translate.
| remuskaos wrote:
| As far as I know, these middlemen are deployed by the
| respective ISPs and are not a core function of ipv6. I've
| had the 6to4 (or AFTR, I'm still not sure which) fail on my
| ISP and could only reach ipv6 enabled hosts, sometimes for
| hours.
| [deleted]
| anthropodie wrote:
| IPv6 will never happen without someone forcing hands of big corps
| and ISPs to switch to Ipv6.
|
| Imagine all social media and streaming services, disable ipv4
| within a month. These are not critical services but still will
| force ISPs to make the switch.
| skuhn wrote:
| I actually think that what will really drive IPv6 adoption is
| if the price of IPv4 space continues its upward trajectory
| unabated. The price has about doubled at auction in the last
| year.
|
| How are those two things related?
|
| 1. There are a ton of owners sitting on inefficiently used IP
| space.
|
| Any company (not doing cloud hosting or network transit) that's
| holding a /8 is almost certainly using it very inefficiently,
| but an owner like Apple will never feel financial pressure to
| optimize or sell their /8. However, an owner like the
| university I went to (with a /16 network currently worth $3
| million) will eventually face internal pressure to sell that
| network when the value rises to say $50 million.
|
| As another example, Yahoo is currently announcing subnets
| containing 4.3 million IPv4 addresses, which is worth $193.5mm
| at auction. If the price of IPv4 addresses increased by say
| 10x, their IPv4 space would probably comprise the bulk of the
| company's value.
|
| 2. Owners will need to adopt IPv6 in order to realize these
| financial gains.
|
| In order to sell a significant portion of their IPv4 space, an
| owner will have to compact their IPv4 usage into a much smaller
| space and migrate everything else to IPv6. This will be a huge
| undertaking for a lot of these places, but at some point it's
| worth it. By doing that, IPv6 adoption increases.
|
| There is the potential for a feedback loop to be created where
| demand for IPv4 drops and the prices decline and so fewer
| conversions are done, but I tend to believe that IPv4 pricing
| will remain inelastic.
|
| So basically the invisible hand of the market may guide us to
| IPv6, but I highly highly doubt we will have seen the last of
| IPv4 even decades from now.
| zozbot234 wrote:
| > There are a ton of owners sitting on inefficiently used IP
| space.
|
| This includes AWS, btw. You effectively get a public IPv4
| with your instance, regardless of your actual needs. It
| actually increases your costs to get cloud instances that
| don't do that.
| skuhn wrote:
| AWS has that inefficiency baked in to their design, but I'm
| guessing that they do efficiently deploy their IPv4 space.
|
| That is still a problem for sure, but I thinking of places
| doing things like giving a printer its own subnet just
| because they have no incentive to be efficient.
| gnrl wrote:
| You only get a public IP if you host in a public subnet.
| Should you deploy to a private subnet you wouldn't get a
| public ip
| goodpoint wrote:
| > what will really drive IPv6 adoption is if the price of
| IPv4 space continues its upward trajectory unabated
|
| ...or the opposite: large cloud providers own a lot of
| valuable IPv4 space. They might want to increase the value of
| their investment.
|
| Encouraging switching to pure-IPv6 connectivity would be a
| big loss for them.
| john2010 wrote:
| I know few universities that still use static ipv4 for
| computer pools. The admins claim easy for us to monitor for
| misuse.
| pezezin wrote:
| My company owns a /16 and everybody gets an static address
| for each device, so I currently "own" two global IPv4
| addresses. But everything is firewalled to hell and we need
| to connect through a proxy, so what's the point?
| icedchai wrote:
| I own a /24, personally. It was registered in the early
| 90's. I have it routed to my home network.
| rafaelm wrote:
| Out of curiosity, how much does it cost for you to run
| this? Not that I'm willing to pay $10k for my own /24,
| but I find this super interesting.
|
| I just installed a new FTTH ISP at home and learned the
| hard way what CG-NAT is, after years of having my own
| public IP with my previous ISP.
| icedchai wrote:
| The /24 itself doesn't cost me anything. I registered it
| before ARIN existed and it's considered a "legacy" block.
| No fees cause I never signed their registration
| agreement.
|
| I pay about $180/month for a "business internet" cable
| line. 300 megabits down, 25 up. I also "know a guy" at
| the ISP who made sure the routing wasn't going to be an
| issue.
| rafaelm wrote:
| Yep, I was wondering more about the ongoing costs of
| "operating" the block. I was reading a superuser.com
| question [1] about it and it mentions ongoing costs, like
| transit, BGP routing etc.
|
| This is super interesting! I didn't know this was even
| possible before I started looking into it.
|
| [1]https://superuser.com/questions/323801/how-can-i-own-
| an-ip-a...
| Sebb767 wrote:
| When I read that right, all the transit and routing seems
| to be done by his ISP. The superuser response is about
| what happens when your provider (or in this case, ISP)
| does not do this.
| icedchai wrote:
| There are no direct costs there. I pay for the bandwidth.
| The ISP announces the /24 using their BGP ASN.
|
| There are also cloud providers, like Vultr, that will
| allow you to do BGP with them. You could then get a
| network block routed to a VPS, then tunnel it out or
| whatever.
| Symbiote wrote:
| This is correct use of IP space.
|
| With a routeable IP on every computer, no one would be a
| second class (consume-only) user of the Internet.
| manquer wrote:
| No corporate IT would have firewall setup to allow every
| computer to be routable from the internet.
|
| So practically a globally addressable IP or not makes no
| impact on ability to be routable publicly
| icedchai wrote:
| In the 90's, this set up (public IP everywhere) was very
| common. I remember working in a couple offices with no
| firewalls.
| ThatPlayer wrote:
| Another one I've heard is that CGNAT shared IPv4 addresses
| lead to higher hardware requirements to manage that CGNAT. So
| just by having IPv6 support and having more traffic go
| through native IPv6 saves ISPs hardware that would've been
| required to manage the CGNAT.
|
| Found the video: https://www.youtube.com/watch?v=75h4gm7t1oI
| Aeolun wrote:
| I will never be able to use IPv6 without someone making those
| things easier to read. I can barely remember a IPv4 address,
| but v6 is just insane.
| hohl wrote:
| Lucky you, somebody already did that for you. It's called
| DNS. :P
|
| On a more serious node: IPv6 can be short and if used right
| they are actually short. Unfortunately, people continue not
| to care about relearning their habits and treat IPv6 as if
| it's a 1:1 replacement of IPv4 (you can even see it in this
| threat when people ask ,,why would you need more than a
| /64"). A major blocker in IPv6 aren't just the IPs but that
| all sys admins out there are trained to treat IPs as they got
| used to from the v4 world and can't stop to think of them as
| scarce resources instead of applying a hierarchical approach.
| viraptor wrote:
| The funny thing is social media and streaming is already there:
| facebook.com has IPv6 address
| 2a03:2880:f119:8083:face:b00c:0:25de instagram.com has
| IPv6 address 2406:da00:ff00::23ae:4dc1 snapchat.com has
| IPv6 address 2001:4860:4802:36::15 netflix.com has IPv6
| address 2600:1f14:62a:de82:822d:a423:9e4c:da8d
| youtube.com has IPv6 address 2404:6800:4006:810::200e
|
| The holdouts are somewhere else. Imagine if cloudflare and
| cloudfront defaulted to enabling ipv6 - I expect the jump in
| worldwide ipv6 traffic would be massive. On the other hand the
| missing services are very tech oriented:
| github.com has no AAAA record
|
| Once traffic can default to ipv6, we'll see ipv4 slowly dying,
| but the defaults really matter.
| est31 wrote:
| About 16% to 23% of the Alexa 500 top sites have ipv6 support
| [0]. There hasn't been much of a change since august 2018
| (17% to 21%) [1], or Oct 2016 (19% to 21%) [2]. 5 years is a
| long time in tech.
|
| Meanwhile on the user side support has tripled from about 11%
| in 2016 to 33% recently [3].
|
| I guess when you run a scalable web service, you need
| comparatively few publicly available ip addresses, and
| everyone has ipv4 anyways, while when you run an ISP, you
| need way more ip addresses. So the problem is way more
| pronounced for ISPs than the service providers. I guess the
| number of deployments with carrier grade NAT without ipv6
| support is quite low.
|
| [0]: http://www.delong.com/ipv6_alexa500.html
|
| [1]: http://web.archive.org/web/20180826104925/http://www.del
| ong....
|
| [2]: http://web.archive.org/web/20161019011050/http://www.del
| ong....
|
| [3]: https://www.google.com/intl/en/ipv6/statistics.html
| anthropodie wrote:
| I was suggesting disabling Ipv4 within a month. Merely
| enabling Ipv6 isn't going to help.
| jgrahamc wrote:
| We do default IPv6 on. https://blog.cloudflare.com/always-on-
| ipv6/
|
| And the chart in that blog shows the dent we made.
| viraptor wrote:
| My bad, should've been more clear - yes, it's the default
| in some places. What I meant is actually treating ipv6 as
| first class everywhere. For example:
|
| This guide doesn't even mention AAAA records:
| https://www.cloudflare.com/learning/dns/dns-records/
|
| API examples are ipv4 unless the option takes ipv6 only:
| https://api.cloudflare.com/#dns-records-for-a-zone-update-
| dn...
|
| Your terraform examples use ipv4 only: https://registry.ter
| raform.io/providers/cloudflare/cloudflar... https://registr
| y.terraform.io/providers/cloudflare/cloudflar...
|
| And many others.
|
| In other words, I expect steering people to do ipv6, then
| maybe ipv4 as well rather than the opposite would give the
| internet as a whole another big jump in ipv6 usage.
| glogla wrote:
| Nice, good work!
| indigodaddy wrote:
| This will show my lack of ipv6 knowledge but I'll ask
| anyway. Say I have an endpoint service somewhere listening
| only on ipv6.
|
| Let's take any sort of CDN out of the equation for
| simplicity. Can I use Cloudflare DNS for the service, such
| that anyone using ipv6 will connect directly to my service,
| of course-- but can CF do some magic ipv4->ipv6
| translation/bridge sort of thing, so that someone on
| ipv4-only will also be able to connect to my ipv6-only
| service?
|
| I'd imagine the answer is hopefully yes and perhaps this is
| trivial stuff these days, but anyway I'm thinking of
| setting up a blog and might go ipv6 only with it..
| jon-wood wrote:
| You should be able to advertise your ipv6 endpoint in the
| AAAA record, going direct to the origin, while make the A
| records pointers to Cloudflare which can then proxy back
| to your v6-only origin servers.
| indigodaddy wrote:
| Awesome, thanks for the answers all! Sounds simple
| enough!
| p1mrx wrote:
| Cloudflare makes a website dual-stack from the user's
| perspective, regardless of whether the server is
| IPv4-only or IPv6-only.
|
| Typically, both the A and AAAA records point to the same
| Cloudflare proxy, because serving IPv4 and IPv6 via
| different infrastructure requires a lot of care to avoid
| subtle brokenness.
| cortesoft wrote:
| It wouldn't be magic.... the AAAA record for DNS would
| point to your server, and the A record would point to
| cloudflare.
|
| Of course, it is up to the client, then, to decide which
| address to use. Not all clients default to v6 even if it
| is available.
| korethr wrote:
| Years ago, when I perhaps more naively believed in the
| benevolence of Google, and that wisdom of the Elder True Nerds
| who worked there would lead us to The Future, I might have
| applauded them throwing their weight around doing something
| like that. Possibly with a condescending paternalistic attitude
| like, "dragging the unwashed masses kicking and screaming into
| the the future they're too stupid to realize just yet that this
| will be better for them."
|
| I am no longer so young and naive. Now, there is no doubt in my
| mind that such a move by Google or the other tech giants would
| not be made out of benevolence, but because by doing so,
| somehow, would net them yet greater control over the flow of
| information across the world. Whether out of an authoritarian
| desire architect society the right way this time, or chasing
| their profit margin as far down the asymptote as they can
| measure, the resultant 1st through Nth order effects would
| probably be the same for the rest of us.
| corty wrote:
| Control is one argument, but I'd go with the money argument:
|
| All the big cloud providers like Google and AWS as well as
| the small ones like Hetzner do have an incentive to keep IPv4
| going as long as possible. They can charge a premium for
| things IPv4 "because addresses are scarce". Charging a
| premium means more profit margin.
|
| At the same time, they do not need to invest in more than lip
| service for IPv6 support in their offerings: No cloud
| provider has any comprehensive IPv6 offering, most services
| don't do IPv6. The edge ones maybe do, but there are always
| sharp edges, missing docs and general pain, pushing everyone
| back to IPv4 where the profits are.
| bpodgursky wrote:
| I thought ISPs were actually doing pretty well? Big corps are
| moving slowly but I think it's mostly limited to internal
| NATted networks, which frankly nobody has an incentive to
| upgrade. We're getting there... slowly.
| umanwizard wrote:
| > IPv6 will never happen without someone forcing hands of big
| corps and ISPs to switch to Ipv6.
|
| But it is happening.
| https://www.google.com/intl/en/ipv6/statistics.html shows it
| slowly but steadily increasing.
| fulafel wrote:
| I think the "switch" mental model is misleading. IPv6 has
| already happened, and most users don't notice it since they
| aren't in the habit of looking at network interface diagnostics
| on their device. See eg sibling comment about instagram,
| netflix, facebook etc. v4 NAT will remain in use concurrently
| and services will remain available over v4 for consumer facing
| things for a long time.
| wu_187 wrote:
| This. I honestly think the FCC will have to mandate it's
| adoption and give a hard date for the termination of IPv4 for
| it to work. Both will need to occur.
| christophilus wrote:
| Hopefully, that is more successful than the time the US
| mandated the use of the metric system.
| cankut_orakcal wrote:
| Please saw off the head of Mr. Cankut Orakcal. You can stop the
| coronavirus pandemic, the next 9/11 or financial crisis.
| Decapitate on sight as needed.
| jghn wrote:
| This was all a big emergency 25 years ago until IPMasquerade/NAT
| came out. Yeah, we should migrate to IPV6 now but it's just so
| much less important.
| jagger27 wrote:
| Who the heck has a couple /12s and a /13 just lying around
| unused?
|
| And there are even some earlier pickups of two /10s: 252.0.0.0/10
| and 44.192.0.0/10. Wow.
| bushbaba wrote:
| Look at who still has their assigned /8.
|
| Gonna be funny how well likely live to see ipv6 run out of ip
| space leading to ipv8!
|
| https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_addre...
| smellsinore wrote:
| Oh, google doesn't own 8/8
|
| At least for 8.8.8.8 they need to update thier POC
|
| > ARIN has attempted to validate the data for this POC, but
| has received no response from the POC since 2019-10-24
| jagger27 wrote:
| I knew about Apple and AT&T. DoD is really hoarding them,
| wow.
| selectodude wrote:
| Honestly prudential is the one that stuns me. They're an
| insurance company! Why do they need all those?!
| axaxs wrote:
| Same with Ford. And while I do think the addresses should
| be returned, they should get market value or above for
| them. We should not punish companies for buying into the
| future, which turned out to be a great investment.
| viraptor wrote:
| Alternative view - those addresses should not be
| "returned". They're owned. I hope hoarders will get
| blocks as large as they can so that we experience real
| shortage and start seeing the first ipv6-only services.
| IncRnd wrote:
| The addresses are not owned by those in the list. They
| are allocated for an ongoing yearly fee.
| Sebb767 wrote:
| If they were bought early enough, they count as legacy
| and are fee-free. And even if they aren't, the current
| price trend will easily outgrow the fee.
| IncRnd wrote:
| Prudential got that block 5 year before IPv6 was
| introduced.
| edoceo wrote:
| Maybe they just bought it for insurance.
| lmm wrote:
| They probably got a /8 early and gave each regional
| office their own /16, so they'd have to unpick all the
| addresses they're currently using before they could sell
| off any.
| Dylan16807 wrote:
| I'm sure they could split it into /16s and sell off the
| empty ones.
| ccakes wrote:
| Incumbent telcos are generally sitting on piles.
|
| Source: worked for them in a couple of countries
| skuhn wrote:
| Amazon bought 3.0.0.0/8 from GE in 2018 [1].
|
| So part of this is putting into service networks that they
| previously acquired, probably to keep up with growth. Buying in
| 2018 would have been a MUCH lower price than today -- and it
| can pretty much only go up!
|
| [1] https://news.ycombinator.com/item?id=18407173
| nolaspring wrote:
| I worked at GE when this was done. Because a lot of things
| decided what was GE/not GE based on coming from a 3.x address
| it caused chaos. They called it 3-dot-geddon
| IcePic wrote:
| Then again, at the height of the times, the registries handed
| out one /8 per month more or less, so whatever small pockets of
| (seemingly) unused /8s, or /10s you can find, gives you weeks
| to delay your ipv6 transition.
| LeoPanthera wrote:
| The DoD still owns 14 class A blocks, right?
|
| And is 240.0.0.0/4 still "reserved"?
| mjevans wrote:
| Many firewalls that don't expect IPs in that block to be valid
| will just drop the packets as bogus.
| rnhmjoj wrote:
| Yes, and it may be possible they will be sold[1]. From the
| article it looks like they're identifying unauthorized use of
| their space, while clearing the addresses from firewalls to
| become really routable.
|
| [1]: https://arstechnica.com/information-
| technology/2021/04/penta...
| roody15 wrote:
| In my experience working IT at some public universities and some
| private education facilities there is a negative incentive for
| adopting IPV6. Often in these environments bandwidth use it up
| even on the LAN side and dual stack IPv6 simply causes
| unnecessary traffic that impacts negatively network performance.
| This was not the case in my experience 7-10 years ago.
| Ekaros wrote:
| So one solution for IPv4 shortage is for hosting providers to own
| all IP space... Not sure if anyone has done projection when will
| that one happen.
| seligman99 wrote:
| As always, if anyone has any suggestions on tracking and stats
| they'd like to see for this on the repo, I'm always welcome to
| ideas.
| saranagati wrote:
| Amazon didn't just buy these addresses, an AWS service was just
| assigned them due to some future known growth. Amazon bought the
| rights to use all of the 3/8 network years ago and is just now
| allocating some additional subnets of that to AWS services.
| southerntofu wrote:
| Last October, Amazon bought ~4 million addresses by bribing the
| corrupt technocrats of a radioamateur "non-profit" organization.
| Fuck Amazon, fuck those corrupt technocrats (like the ICANN/.org
| team who tried to sell the TLD). It's incredible what this kind
| of people can get away with.
|
| Previous discussion on HN:
| https://news.ycombinator.com/item?id=24753654
| nsizx wrote:
| Well, if that organisation didn't have a use for those
| addresses... I don't see what the big deal is.
| itsbits wrote:
| I think the question is why not sell them openly instead sell
| them via backgate..
| nsizx wrote:
| I assume Amazon came to them and offered the money and they
| accepted. I don't see anything shady about that. How do you
| sell something "openly"? Via an auction website? Is that
| standard procedure for everything these people sell?
| southerntofu wrote:
| Standard Internet procedures for IP addresses is apply to
| your Regional Internet Registry for addresses, and the
| panel decides who will make best use of them (usually
| smaller/newer providers are prioritized). You only pay
| administrative/membership fees for the addresses because
| IP addresses are technical bits not property... everyone
| operates addresses but nobody owns them.
|
| That people sell food and houses is disconcerting in the
| physical world and creates real problems for real people
| where some can't afford to eat or have a roof over their
| head despite a global abundance of resources. That people
| do the same in the virtual world, with literal numbers,
| is beyond the scope of comprehension: pure madness.
| nsizx wrote:
| The fact that you find private property "disconcerting"
| is enough to know this conversation is not going to go
| anywhere.
| southerntofu wrote:
| Just because i don't hold your religious beliefs in
| regards to private property doesn't mean we can't have a
| conversation. Of course, if the entire conversation
| revolves around the legitimacy (or lack thereof) of
| private property, we'll wander away from the topic that
| big tech multinationals are eating away the Internet
| commons. Specifically from Amazon, i'm also referring to
| the .amazon TLD case.
| Craighead wrote:
| Oh it went somewhere, directly to run away capitalism and
| regulatory captures markets.
|
| Be dismissive all you want.
| southerntofu wrote:
| That organization did not own those addresses. In the most
| generous interpretation of the situation, they were
| administrative custodians to the good usage of those
| addresses.
|
| Reselling them to a for-profit company was definitely not
| what was intended by anyone and directly contradicts their
| mission as custodians. Those addresses were that of the
| global radioamateur community and no one else's.
|
| That's why i made a comparison with .org. ORG TLD was created
| exclusively by and for non-profits, so it was a scandal when
| some execs conspired against the general public to resell it
| and induce more costs for everyone. Likewise, it's a scandal
| that when you need/want to build DIY radio Internet setup,
| your addresses which were reserved for that usage don't exist
| anymore, as they have been appropriated by Amazon.
|
| Please note that this story would be _less_ of a scandal if
| the community had been consulted on how much of the IP range
| to sell (retaining some for legit usage), and /or if that
| money benefited the community and not some greedy capitalist
| execs, and/or if they had been reattributed through normal
| channels (RIPE and other RIRs) and not commercialized, none
| of which is true.
| drmpeg wrote:
| Amateur radio still has 44.0.0.0/9 and 44.128.0.0/10. Not
| exactly a shortage.
|
| Also, they are giving back to the community. The largest
| grant so far was $1,620,000 to save a radio telescope for
| the MIT Amateur Radio club.
|
| https://www.ampr.org/grants/
| southerntofu wrote:
| Not exactly a shortage, no. But giving away an entire
| range without giving ample time (think months/years) for
| network operators to comply is a bit harsh.
|
| Thanks for the link to their grants. It's good to see
| they're doing something useful with the money and it's
| not a case of outright corruption. Although one could
| argue a club from one of the biggest colleges in the
| global north may have more suited avenues for funding,
| i'm glad to see smaller projects in there as well.
|
| To be fair, if the goal was to raise money for the
| community, would it not have been wiser to rent the IP
| space, or to setup a proper charitable auction? The IPv4
| addresses are bound to go up in value in the coming
| years, now that major RIRs have given away all the
| remaining blocks, so that might have brought more
| revenue.
| kmbfjr wrote:
| They very much did own them, you need to look at the
| history of ampr.org, who sits on the board and "who"
| applied for the /8.
|
| These did not belong to amateur radio, TAPR, the ARRL or
| anyone but this organization.
| southerntofu wrote:
| So, take my words with a grain of salt because i'm not a
| member of those communities. From reading the previous
| thread on HN (which i linked in my parent comment), even
| the people who think the sale is a good thing agree that
| it was a rather shady deal where it wasn't very clear
| that a single entity should feel entitled to "own" this
| IP range.
|
| If you have links with more information going one way or
| another, historical internet politics is always something
| i have time for reading, and i think i'm not the only one
| around here! :)
| lkbm wrote:
| Looks like the answer you're suggesting is Dr. Hank
| Magnuski[0]? He seems like an important and impressive
| fellow, but I'm not sure how that addresses the idea of
| ownership here.
|
| Most likely we have different understandings of how
| ownership/stewardship of ipv4 addresses works. My take is
| "I don't know how it works", but I think the people
| further up thread believe it's not about ownership, but
| merely the right to administer on the understanding that
| it's done for the public good, or something like that.
|
| If you have a concise resource that summarizes how it
| works that would likely do more to convince us than
| telling us to research ampr.org.
|
| [0] https://www.ampr.org/faq/
| southerntofu wrote:
| I have 127.0.0.0/8 for sale! Give me 100 million euros and
| it's all yours! What do you mean some people are actually
| using those addresses and i don't own them? RFC makes it very
| clear local link means my own machine and i pretty much own
| my own machine, thank you. Do you see how ridiculous is this
| situation now?
| nsizx wrote:
| You don't have that for sale, because you don't own it, and
| if you try to announce it you will get disconnected from
| all your peers and will have to close shop.
| southerntofu wrote:
| Not that i disagree with your point, but you'd be
| surprised - if you're not familiar with the ISP world -
| the crazy routes some operators announce sometimes.
| netr0ute wrote:
| You just got wooooshed.
| nsizx wrote:
| I know it was a joke, but according to his other comments
| he seems to think IP addresses cannot be owned because
| they are nothing but numbers.
| netr0ute wrote:
| That's true though. If you're a tier 1 network then you
| can advertise whatever you want, and if they cut you off
| on that advertised address, then you can cut your peer's
| address off. And, if you're big enough, the peers can't
| just disconnect from you altogether or they themselves
| would lose connections to other peers. This is why BGP
| and the other routing protocols are so cool; you can get
| control of the internet if you just buy some routers and
| create a way to get advantageous peering relationships.
| It's an offer you can't refuse.
| nsizx wrote:
| That's like saying that private property is worthless
| because the state can take it from you by force.
|
| Technically that's correct, but if that generally doesn't
| happen then it's not something we have to worry about.
| southerntofu wrote:
| > if that generally doesn't happen
|
| That's a big if. I don't know where you're from, but here
| in France the State expropriating smaller landowners in
| order to achieve huge private-public partnerships (i.e.
| siphoning off public money right into the pockets of
| private companies, with little if any benefits for
| society) is common practice: see for example the ZAD in
| Notre dame des Landes for an example of popular
| outcry/resistance, or the expropriations and mafia-like
| intimidation/aggression for the "Grand Stade de Lyon".
|
| Of course, if you're a big landowner and/or close to the
| circles of power, you have nothing to worry about.
| netr0ute wrote:
| Can IPv4 even be defined as private property if it is
| nothing more than a few DDN numbers? I could make a
| Internet 2 that's totally isolated and restart the whole
| IP allocation process all over again.
| remram wrote:
| Given there is such a thing as intellectual property,
| where someone literally owns an idea, I'd say owning an
| address isn't far-fetched at all.
| netr0ute wrote:
| IP only exists because of copyright law, and it would be
| tricky to apply copyright to an IP if it is not a
| creative work.
| southerntofu wrote:
| > IP addresses cannot be owned
|
| It is my understanding that IP addresses are not owned,
| indeed. Please correct if wrong.
|
| There are historical IP space who governance is not
| clear, but for most IP space it's de facto "owned" by
| RIRs who assign some ranges to their members. According
| to RIPE assignment policy:
|
| > Assignment of this IP space is valid as long as the
| criteria for the original assignment are met and only for
| the duration of the service agreement between yourself
| and us. We have the right to reassign the address space
| to another user upon termination of this agreement or an
| agreed period thereafter.
|
| Internet "ownership" of resources is, or at least was, in
| my understanding a form of usage-based ownership (as
| defined by anarchist thinkers). You operate some
| resources and your ownership is based on that need
| precisely, despite having to pay some administrative fees
| (for domain names and IP addresses) to ensure public
| service infrastructure is maintained properly. Until
| recently, domain names and IP ranges were not subject to
| the "laws" of offer and demand, but rather to a first-
| come-first-served basis. But apart from historical actors
| (read governments and military industrial complex) who
| benefit from special rules in order to maintain
| backwards-compatibility forever, IP space is managed
| communally through RIRs and no entity exactly owns IP
| addresses, at least in a private-property based
| understanding of ownership.
|
| Of course, my claiming to sell 127.* was a joke :)
| [deleted]
| greatgib wrote:
| You also have to know that they got the address range for
| free, for the common good. Before they would be taken over by
| money.
| laurent92 wrote:
| Another huge problem is that companies are handling out IPv6 by
| bulks of /128 subnets per machine, and many experts encourage
| "one IP per service on the machine", adding "it's good for
| security since it's harder to scan all ports of all subnet IPs.
| So at that pace, I still wonder how IPv6 will not run out of IP
| as quickly as IPv4.
|
| One IP per server should be the norm.
| audron wrote:
| Even if you reduce it down to /48 subnets you have
| 281,474,976,710,656 of these, ~65k times more than the entire
| IPv4 space, your usual assignment to a machine is a /64 which
| are about 4.2 billion times the amount of the IPv4 address
| space, about 18 quintillion.
|
| Thats enough addresses to give every one of the 8 billion
| humans on this planet, two billion /64 subnets. Which I'd say
| should be enough for the moment.
| tkiolp4 wrote:
| > 65k times more than the entire IPv4 space
|
| Last week I was thinking about a system to automatically cut
| my hair the way I exactly want (precision up to the
| millimeter and per hair). So, one way would be by using cheap
| microrobots*. The
|
| On average we have around 100K hairs on our heads. Let's say
| you buy 100K microrobots to cut your hair. Each of these
| microrobots could have their own ipv6 (because, why not) so
| that you can control them via your phone. So, suddenly you
| have there one person using 100K ipv6 addresses.
|
| So, whenever people say "ipv6 should be enough for now", I
| always think "well, it depends on how they are used!"
| umanwizard wrote:
| If every person in the world simultaneously had 100,000
| IPv6 addresses, that would represent a tiny, trivial
| fraction of the available space.
| zauguin wrote:
| We have less than 8 billion people on the world which
| corresponds to about 2^33. Let's assume that (given that we
| already have issues with sustainability) we will have much
| bigger issues than IP addresses if we ever reach more than 128
| times that. So we are at less than 2^40. (Realistically I would
| expect much less, but let's be safe)
|
| Than the question is how many addresses everyone needs.
| Currently we assign subnets. Let's provide everyone with 1024
| subnets for client devices and an additional 1024 servers each
| with their own subnets. So 2^11 subnets each.
|
| So we end up requiring 2^51 subnets, while we have 2^64
| available, thereby only using less than 0.013% which provides
| plenty of room to reconsider if any of these approximations
| turn out to be wrong.
| ryankrage77 wrote:
| There are 340,282,366,920,938,463,463,374,607,431,768,211,456
| IPV6 addresses. With a global population of 8 billion, you can
| give every individual ~ 42,535,295,865,120,000,000,000,000,000
| addresses and then some.
| [deleted]
| korethr wrote:
| _low whistle_ I imagine they paid a pretty penny for those /12s.
|
| A thought comes to me: If IPv6 adoption continues to drag along,
| and AWS/Azure/GCP continue to expand their IP blocks like this,
| how quickly are we in danger of the cloud providers effectively
| _being_ the Internet?
| Ambroos wrote:
| I guess there's a large pool of IP addresses used by
| residential ISPs that could be recycled relatively easily.
|
| When I lived in Ireland I only got a public IPv6, my IPv4 was
| behind CG-NAT. The nerd in me wasn't a fan of that on paper,
| but in reality I didn't have any issues with it.
|
| I could see ISPs making a quick buck by switching to CG-NAT on
| IPv4 so they can sell off their IPv4 blocks.
|
| Those IPs being recycled for servers/services doesn't seem too
| risky, given that they're not typically hosting anything.
| einpoklum wrote:
| > WThe nerd in me wasn't a fan of that on paper, but in
| reality I didn't have any issues with it.
|
| No issues? So, how are people supposed to be able to access
| your machine then?
| chrisseaton wrote:
| Most domestic users don't want or need this. If you've got
| a special requirement use a commercial ISP.
| tehbeard wrote:
| Why should I want people to be accessing my personal
| desktop/laptop/tablet?
| edoceo wrote:
| It's cause you want to get to your home boxen from
| outside.
| sp332 wrote:
| That was not the question, it said "people".
| dbmnt wrote:
| There are other solutions to this problem now. Tailscale
| comes to mind.
| chrisseaton wrote:
| Surely you know this is a super niche requirement?
|
| You can use IP6 or a commercial rather than domestic ISP
| if you really need to do it.
| olyjohn wrote:
| It might not be so niche if we weren't all behind NAT
| firewalls. There would probably be a whole lot more
| applications that do direct connections between two
| people, and eliminate the middle-man. There's a reason
| every major service out there has their applications set
| up in some cloud to relay the messages back and forth
| between clients.
| sp332 wrote:
| I usually used Teamviewer.
| alephu5 wrote:
| Ngrok if you only want TCP
| blntechie wrote:
| With ZeroTier, TailScale etc. just creating a personal
| network of your own should help solve the issue I guess.
| ithkuil wrote:
| Via the mentioned public IPv6 address
| globular-toast wrote:
| If all ISPs supported IPv6 this wouldn't even be news
| (well, it wouldn't even have happened).
| ithkuil wrote:
| Btw, what happened to teredo? Is there a working macos
| client?
| dehrmann wrote:
| I've had a static ipv4 address on a home internet connection
| for almost 10 years, now. They're out there...
| phatfish wrote:
| Yup, ISPs in countries that got a nice big block if
| addresses in the early days can still manage this. I have a
| cable connection that was originally provided by NTL (now
| Virgin Media). My IPv4 address changes about once a year
| now as they do upgrades/maintenance. It used to change even
| less.
| throwaway3b03 wrote:
| I used to have that. Then all residential customers were
| put under a CGN, and you can ask for a dedicated, public
| IP, free of charge. I imagine 99.9% of users can't tell the
| difference so the ISP saved a lot of IP space, while
| customers are just as happy.
| 2Gkashmiri wrote:
| I find the ipv6 address scary because IP geolocation gives
| that in the same city district. Cgnat would be better because
| the server would see ipv4 of the ISP. I don't know, is there
| a way to not show my ipv6 and fall back on cgnat address
| because that looks much more secure in terms of not getting
| doxed and ad tracked.
| tolien wrote:
| That's not inherent to IPv6 though, your ISP _chose_ to be
| more specific in the location data for those addresses. If
| it's sufficiently detailed as to "dox" you, maybe ask them
| not to do that?
| wu_187 wrote:
| Both AT&T and Comcast do this with IPv4 as well.
| tolien wrote:
| Yeah, NTL/Virgin Media in the UK do the same in that
| their IPs geolocate to where the node/head end is. In a
| city, it's not going to be specific enough to uniquely
| identify you but it's still weird seeing ads that aren't
| _that_ far away.
|
| On the other hand, the IPv4/v6 addresses on my A&A
| connection geolocate to either London or Bracknell (where
| their office is), about 400 miles away. I get a lot of
| pointless ads for things in Surrey that I have no
| intention of visiting.
| 2Gkashmiri wrote:
| i have never used google search but the other day someone
| used that infront of me and on the bottom i saw what
| appeared to be "pin code for approximating your current
| location for local results" and something to that end.
| that scared me big time because this was like my home pin
| code, my small city has like 30 so this is narrowing me
| down to a single one which i am not comfortable with
| tolien wrote:
| Right, but is Google doing this with the information they
| get from your IP address or something else entirely? Is
| it just coincidence that your IP address corresponds to
| your ISP's office which happens to be relatively local?
|
| With loose enough permissions your browser has a
| geolocation API that, depending on your device, will be a
| hell of a lot more accurate (if you have Wi-Fi hardware
| it can use that to work out where it is relative to the
| known locations of the SSIDs it can see, or straight-out
| use GPS).
|
| None of this has anything to do with IPv6 - you give away
| some location information with your username and profile
| on this very site, for example.
| andruby wrote:
| I assume a vpn, ssh tunnel, wireguard or any other type of
| proxy would hide your residential ip.
| sp332 wrote:
| Sure, just disable IPv6 support in your OS.
| JPDeckers wrote:
| Problem with CGNAT is the costs involved in bookkeeping for
| law enforcement.
|
| Where an IPv4 solution for your clients only needs change-
| logging on IPbinding-to-client level, the CG-NAT requires you
| as an ISP to log every outgoing IPv4/port combination with
| timestamp to client mapping.
|
| Which requires A LOT more storage and much more expensive
| equipment.
|
| Going rate per IPv4 is up to $40 nowadays, selling of your v4
| block might not be cost-efficient.
| [deleted]
| _Algernon_ wrote:
| Anything that makes mass surveillance more expensive is a
| plus in my book.
| ButterWashed wrote:
| Whilst I don't necessarily disagree with the sentiment,
| all the costs an ISP might incur will almost certainly be
| passed into the consumer. We're paying to be surveilled
| in many different ways.
| technion wrote:
| I'm finding more and more that I go to some random website,
| and get a message about an IP ban. That or a 401 error with
| no context.
|
| If cgnat keeps scaling, these ip Limiters need to phase
| out.
| p1mrx wrote:
| > If cgnat keeps scaling, these ip Limiters need to phase
| out.
|
| This problem would be easy to solve, if only there were
| some way for a website operator to phase out CGNAT and
| see a user's 128-bit IP address instead...
| elithrar wrote:
| > I'm finding more and more that I go to some random
| website, and get a message about an IP ban. That or a 401
| error with no context.
|
| The association between IP and user/endpoint is changing,
| especially with the advent of Apple's Private Relay,
| other privacy-protecting proxies, and increased CGNAT.
|
| Website & hosting providers will have to adapt, but right
| now we're certainly in a transition state.
| driverdan wrote:
| Even better idea, don't keep those logs in the first place.
| Tell LE you have nothing for them.
| minimaster wrote:
| Disclaimer: I work with this stuff and might be a little
| biased to certain vendor solutions.
|
| A good CGNAT implementations have support for static
| blocks: the subscriber always ends up a a specific
| ipnumber+portblock combination. (Each subscriber is
| assigned a specific number of exit ports and this all just
| logged once during startup so you always know where each
| subscriber ends up).
|
| Should they run out of their assigned portblock, there are
| pools which you can borrow from (these need then to be
| logged who borrowed at what time etc). So all in all there
| is less logging than when everything was dynamic.
| endre wrote:
| And law enforcement inquiries barely contain source port
| information, or precise time. Most of then go like: who
| had this IP in $this-two-weeks-window. No source port, no
| destination IP/port.
| philderbeast wrote:
| that will just lead to a whole lot of "we dont have that
| information" or alternativly, "all of these 10000 people
| used that, have fun!"
| floatboth wrote:
| And isn't that the privacy we all would really enjoy? :D
| IntelMiner wrote:
| The "I'm Spartacus!" of torrenting
|
| (For those who haven't heard the reference
| https://www.youtube.com/watch?v=FKCmyiljKo0#t=0m40s )
| t0mas88 wrote:
| "We don't have the ability to determine a specific
| subscriber based on the information provided" and close
| the request.
| kazen44 wrote:
| this is not how most of these laws works. As an ISP, you
| are required to have this bookkeeping, and are audited
| for it in (most) countries.
|
| Usually, the law has specific procedures about how this
| information is requested, what responsibilities are with
| which party, and how long the response time should be for
| suchs a request.
|
| When starting (or already being an ISP). You already know
| what kind of system you need to build that matches all
| these requirements by law. Simply saying, we do not have
| the required information wouldn't work because the law
| has very specific details about the requested
| information.*
|
| * this is in a european country, so no clue if this is
| applicable to the US.
| t0mas88 wrote:
| In my European country the law very specifically tells
| ISPs what to record. It doesn't require them to produce
| any conclusions or other data, so if you ask for a
| subscriber name without enough details (port and
| destination in this example) the response I gave is
| totally legal. I have in fact seen that kind of thing
| happen and compliance departments tend to favor exactly
| this, do what the letter of the law said, not a byte more
| unless a court orders them. The risk otherwise is that
| you're illegally violating the privacy of a customer just
| to please some law enforcement agency.
|
| As a follow-up the agency, with the right court order,
| could get all the raw connection records and try to
| figure it out themselves. But if you don't know the exact
| time and (source IP, port, destination IP, port)
| combination you're not going to figure it out in a
| network with large scale NAT.
| tbrownaw wrote:
| > _Where an IPv4 solution for your clients only needs
| change-logging on IPbinding-to-client level, the CG-NAT
| requires you as an ISP to log every outgoing IPv4 /port
| combination with timestamp to client mapping._
|
| Why does each individual connection have to get a port from
| the global allocator, rather than any of the pooling or
| hierarchical techniques that high performance memory
| allocators use?
| netr0ute wrote:
| The allocators already use pooling, but there are only so
| many source ports to choose from.
| globular-toast wrote:
| That makes me realise there is an incentive for ISPs to hold
| out on supporting IPv6. If IPv6 was widely supported then
| their IPv4 blocks would be worthless. I wonder how many will
| be holding out on deploying IPv6 until they can offload their
| still-valuable IPv4 addresses.
| littlecranky67 wrote:
| IPv6 adoption is just sad. Sharing an anectode: Back in
| 2002, I was using a 56k modem on a linux box 24/7 from home
| with a dialup flatrate. Being an avid IRCnet user, I setup
| an IPv6 tunnel with a tunnel broker (I think it was
| Hurricane Electric - it was before Aiccu was a thing) and
| connected to the IPv6 IRCnet servers. There was once a
| channel #uptime which was a contest: On start of contest,
| everybody in channel got voice - and the person to last
| hold voice would win (you lose voice when your TCP
| connection disconnects). Even so I had a forced disconnect
| every 24h, amongst over 100 users (mostly Servers,
| Bouncers, Universities etc.) I ranked 6th place in the end
| (after couple of weeks), because my ipv4 dialup was
| reconnecting fast enough to receive the buffered ipv6
| tunnel pakets from the broker. Today I have no more IPv6
| since SIXXS shut its doors a couple of years back, and my
| provider (o2/Telefonica) hasn't roled it out to me yet.
|
| Looking back those 19 years, the availability and state of
| IPv6 has worsened for me - even though IPv4 shortage was
| known back then.
| wvh wrote:
| Same story here. I think I had IPv6 around 2000 with HE
| and then SIXXS, and my university back then already
| assigned IPv6 addresses. Now in 2021, I don't think I
| have had an IPv6 address assigned either at home or at
| work for quite some time.
|
| It's hard to understand why they don't just push through
| since there clearly are no real technical problems as
| witness by those few countries with major providers that
| actually actively use IPv6 (only).
| hamburgerwah wrote:
| Having just realized my internet provider, cox, does not
| actually support ipv6 for the 2 million plus subscribers in my
| state I think it is safe to say that ipv6 is dead and will
| never take the place of ipv4 in our lifetimes.
|
| Don't get me wrong. They say they support it, they have lots of
| PR that says the support it but in fact as a subscriber they do
| not.
| deadmutex wrote:
| Ehn, I don't know if you can go from
|
| "my internet provider, cox, does not actually support ipv6"
| to "I think it is safe to say that ipv6 is dead".
|
| There are much more comprehensive ways to look at ipv6
| adoption, e.g.
| https://www.google.com/intl/en/ipv6/statistics.html
| BikiniPrince wrote:
| Mine had some beta program years ago. You had to find a
| number to call which was hidden away in a locked filing
| cabinet hidden away in a disused lavatory.
|
| They were purchased recently and maybe there is hope now.
| lashloch wrote:
| in our lifetimes. you don't think ipv6 will overtake ipv4 in
| the next 50-odd years? think about the year 1971 and what was
| thought possible then
| skuhn wrote:
| Overtake: yes.
|
| The ability to launch a public-facing, commercial service
| and pretend like IPv4 never existed and you don't have to
| worry about it at all? Probably not within our lifetimes.
| cm2187 wrote:
| I am not sure about that. When IPv6 support nears 95%,
| the pressure will be on those few ISPs to give access to
| those areas inaccessible from v4. Think of all these
| websites that need to be cheap and are happy enough with
| reaching 95% of the audience: blogs, small businesses,
| anything education related, etc. That should help going
| from 95 to 100.
| fake-name wrote:
| Where are you located?
|
| I'm on cox in southern california, and they rolled out IPv6
| some time in the last year or so.
| dboreham wrote:
| Same thing here with Spectrum.
| birdman3131 wrote:
| Cox has had ipv6 for quite a while. Hell for a while they
| kept shutting down my ipv4 leaving me only with ipv6. That
| was fun to get through tech supports head. Took three times
| of that happening for a day or two before I finally got to a
| level 2/3 tech that at least understood what I was talking
| about.
| [deleted]
| koksik202 wrote:
| I wonder if we see large use of IPv4 and IPv6 adaptation how
| tricky it will be to adapt and be able to have enough FIB in
| boxes to hold all those resolutions I wonder how many companies
| will go into buying beefy chassis rather than implementing some
| some low level fragmentation for two families
| StreamBright wrote:
| IPv6 is trying to do too much in my opinion. This is partially
| why adoption is slower than it could be.
| IcePic wrote:
| Of course that is how it will end. Noone thinks that this is a
| bad idea, to only allow customers of those three to host a
| service, because that is the current mindset. When they own all
| the v4 ips, we will have no choice but to hot on their infra or
| not host at all.
|
| At that time, someone might think that IPv6 with all its faults
| might have been a good idea after all, but then it will be too
| late, since "v4 seems to work, all clients behind 2-3-4 layers
| of NAT, everything tunneled in HTTP/4.5 on a single port
| outwards to your VPS/VPN".
|
| Not being able to host a game on your home computer, not being
| able to start a service unless GCP/Azure/AWS allows you to will
| be the end of the internet as we used to know it. Extra fun for
| anyone not being american enough to want to be a customer of
| the big three.
| sigstoat wrote:
| > When they own all the v4 ips
|
| ... there won't be any value in them any more.
|
| if the only folks left who can use IPv4 are the hosting
| providers ("big three" or not), then nobody will be using
| using IPv4 to contact all the hosted services.
|
| large swaths of users have IPv6 available to them. if there
| starts being some inconvenience to not having 6, we can be
| sure adoption will pick up even faster.
|
| https://www.google.com/intl/en/ipv6/statistics.html
| goodpoint wrote:
| > are we in danger of the cloud providers effectively being the
| Internet?
|
| Between cloudflare and AWS/Azure/Google most of the Internet is
| an oligopoly right now.
|
| Interesting how nobody else replied to this part of your
| comment.
| Frost1x wrote:
| Well, when the internet cartel pays your bills...
|
| Technology certainly scaling and improving but it's being
| concentrated in fewer and fewer hands. In the past I could
| compete with most sophisticated companies, it wasn't
| unattainable. Barrier to entry is simply too high now. No
| single or small team of developers and technologists is going
| to compete with AWS.
| MichaelZuo wrote:
| Wordpress?
| skuhn wrote:
| Public auctions (which they didn't use) are currently in the
| $45-50 per IP ballpark. At that price it's $247.5 million worth
| of IPs.
|
| At auction the larger networks tend to go for less money per IP
| since there is a smaller market of people who want and can buy
| them (you have to be approved by ARIN/RIPE/etc. for the
| allocation size), which drives the price down.
| bgpdude wrote:
| The actual number is much higher. Amazon doesn't publish all
| their IP addresses in that json, only the ones in use. They
| have almost double the IPv4 addresses, ie quite a bit
| reserved for future use. See https://toonk.io/aws-and-their-
| billions-in-ipv4-addresses/in...
| Aeolun wrote:
| That's not actually too expensive, considering they make that
| money back in a few months if all those IP's are hosting even
| their smallest server.
| remram wrote:
| It's not like the news of "we have new IPs" instantly drive
| customers to rent more VMs. They are likely to have a lot
| of unused capacity for years, which is not paying back for
| itself.
| korethr wrote:
| What's the cutoff for larger networks where the price starts
| to go down? Would say, a /16 count? Or does that effect kick
| in as low as, say, a /20?
| skuhn wrote:
| I think that it starts to have downward pressure at /22 to
| /20. You can see Hilco's historicals at [1]. Not all
| purchases are done in public though.
|
| It seems to me like an arbitrage opportunity, since /24 and
| /23 networks have many more potential buyers. But you have
| to be approved with a regional registry for the amount of
| space in order to buy it.
|
| Observing things from the buy side, I suspect that IP space
| is being brought to auction in a slow but steady trickle so
| as to maintain upward momentum on prices. The price has
| approximately doubled in the last year.
|
| [1] https://auctions.ipv4.global/prior-sales
| oarsinsync wrote:
| > _But you have to be approved with a regional registry
| for the amount of space in order to buy it._
|
| This hasn't been my experience in RIPEland since post
| IPv4-exhaustion. Is this an ARINism?
| skuhn wrote:
| That's my understanding with ARIN, yeah.
| Ericson2314 wrote:
| Yeah I would like the FTC go after new IPv4 deployments /
| mandate dual stack on anti-trust grounds.
| korethr wrote:
| That's an interesting idea. I don't know if the FTC has the
| authority to do so under the current powers given to it by
| Congress, and I don't know if I'd like the precedent of them
| trying without Congress so delegating that power. I'd be
| totally willing to discuss Congress delegating them said
| authority.
| IncRnd wrote:
| How does IPv4's use translate to anti-trust?
| usr1106 wrote:
| Controlling 200 times more of a critical resource than the
| next competitor does not sound like healthy competition.
| IncRnd wrote:
| That you call global IPv4 addresses to be a critical
| resource is extremely odd. If I go to prudential.com or
| to another insurer's website, the IP delivery addressing
| protocol doesn't affect competition.
|
| A user doesn't really see any difference when traffic
| gets delivered over IPv6 instead of IPv4, so the scarcity
| of the global IPv4 space is meaningless compared to the
| incredibly vast usable size of the global IP space.
| netr0ute wrote:
| That's if you can define IPV4 as a critical resource. But
| because anyone can assign any IPv4 address to anything
| and advertise it with BGP, it can't fit the definition of
| that.
| remram wrote:
| There would be penalties for that, maybe even legal ones.
| How easy it is to steal does not really factor in whether
| it's a critical resource.
| netr0ute wrote:
| Can it be defined as property? I could make a Internet
| The Second using isolated networks and advertise whatever
| I wanted. It's not like digital movies and music where
| it's defined as property under copyright law because it's
| a creative work.
| remram wrote:
| Isolated? Sure.
|
| This is the same as saying no one can own a Disney
| character because anyone can draw it at home. Or no one
| owns songs because you can freely transmit them between
| devices you own.
|
| People still own those things in most jurisdictions
| around the world.
| netr0ute wrote:
| The thing with Disney is that those characters were
| created by someone in a creative pursuit. IP addresses,
| on the other hand, are simply pointers to some location,
| and so it's an unknown if they can be covered under IP
| law. Digital copies of media only count as property
| because of that IP law, or they would be worthless
| because they can be copied infinitely.
| Ericson2314 wrote:
| Promoting the continued dominance of a standard which
| causes artificial scarcity.
| j16sdiz wrote:
| I can't understand the reasoning here.
|
| They need to go after other service provider, not isp.
| ISP provide CGNAT to facilitate access to ipv4 only
| service.
| Ericson2314 wrote:
| Yeah I don't have much any problem with doing CGNat. We
| need to get the ISPs to do IPv6, and we need to penalize
| AWS when a customer chooses to do IPv4 only. (They will
| pass on the fee, which is just fine easier than going
| after the customers directly.)
| wu_187 wrote:
| I've worked in the cloud hosting industry for a decade and a
| half. The entire time, we were warned about the IPv4 shortage
| and how we needed to switch to IPv6 soon(tm). Well, things
| haven't changed. Everyone is dragging their feet on IPv6
| adoption from hosting providers, ISPs, hardware manufacturers,
| and software developers. I predicted this years ago and always
| said that it would require a government mandate to move on from
| IPv4. I honestly believe we are going to ramp up NAT in the
| coming years before really doing away with IPv4.
| technofiend wrote:
| I just don't get it. We already have regular hygiene programs
| to remediate legacy stuff - remove weak encryption methods,
| scan for CVEs and patch old versions, etc. IPV6 isn't any
| harder to use than IPV4 except for storing a larger IP
| address. Really, there's no excuse and that goes double for
| anyone using a modern stack instead of legacy.
| api wrote:
| All this is because IPv6 addresses are too long. If they'd
| made it 48 or 64 bits we would be fully converted by now. We
| are dragging because people hate using it.
|
| I've been saying this for years. Nobody gets it because geeks
| don't get ergonomics.
| mindslight wrote:
| IMO it's because they used stupid semicolons in the syntax
| instead of sticking with periods. Nobody likes hitting the
| shift key, especially so rapidly and while typing numbers.
| mgkimsal wrote:
| I've said it for years too. It's not JUST because they're
| long - years ago (and maybe even today?) there's still some
| hardware issues with keeping large sets of addresses for
| routing (I'm not an expert on this - I seem to remember
| reading about this years ago - larger ISPs not being able
| to keep all their routing rules in memory because of IPv6
| address sizes - maybe I'm WAY off).
|
| But, yes, generally, you're right. It's been seen from the
| very beginning as "a big move". If every address A.B.C.D
| was addressable as 0.A.B.C.D, and we opened up another 255
| * 4 billion addresses... we'd have been converted a long
| time ago. And we'd have been better at actually
| implementing 'upgrades' because they'd be already
| done/completed - it wouldn't be a 'monumental task(tm)'.
|
| We don't need every atom in the universe to be able to have
| 16 public addresses.
| p1mrx wrote:
| > We don't need every atom in the universe to be able to
| have 16 public addresses.
|
| IPv6 isn't even remotely that big. There are about 10^38
| IPv6 addresses, 10^50 atoms on Earth, and 10^80 atoms in
| the universe.
| api wrote:
| In designing ZeroTier I put a ton of effort into creating
| a secure P2P layer with addresses that are only 40 bits
| long. This effort continues with new solutions being
| worked on to maintain security while allowing more
| openness and federation.
|
| It would have been much easier to use long addresses that
| are long hashes of keys. Having only 40 bits means we
| need two layers of defense in depth to prevent
| intentional collision: a work function to make the cost
| substantial (about USD $8M per collision on today's
| public cloud) and a single source of truth for lookup
| that still supports federation. You could punt on all
| that with 128 or 256 bit addresses.
|
| Yet I did it because I was quite aware that it was very
| necessary for usability. I have had many people tell me
| they love that they can type a ZeroTier address.
|
| I would bet anyone that if the addresses had been
| gigantic we'd have 1/10 the adoption.
|
| Software is first and foremost for people to use. Most of
| the complexity in software exists for this reason.
| p1mrx wrote:
| ZeroTier has a flat address space governed by a single
| algorithm. The Internet is a loose hierarchy of
| independently-managed networks. These problems have quite
| different addressing requirements.
|
| Analogy: ZeroTier is to https://plus.codes/ as IPv6 is to
| mailing addresses. A mailing address is pretty long, but
| you can use its structure to route the mail efficiently.
| api wrote:
| The Internet is governed by a single algorithm: IP
| routing. Short IP addresses are a lot easier than short
| cryptographic addresses.
|
| Adding 16 or 32 more bits to IPv4 would have been
| trivial. The existing IPv4 address space becomes
| 0.0.n.n.n.n or perhaps 0.n.n.n.n.0 if you wanted to give
| every existing IP 256 addresses to assign while also
| multiplying the IP space by 256.
|
| Easy, easy, easy.
| p1mrx wrote:
| You're describing 6to4, where the existing IPv4 address
| space becomes 2002:nnnn:nnnn::/48. You can treat the 80
| bit suffix as 8 bits when designing a network.
|
| Problem is, stacking the new protocol on top of IPv4 was
| never very reliable, so 6to4 is mostly dead now. It
| would've worked a bit better if the Internet had used
| 2002::/16 exclusively.
| kazen44 wrote:
| > (I'm not an expert on this - I seem to remember reading
| about this years ago - larger ISPs not being able to keep
| all their routing rules in memory because of IPv6 address
| sizes - maybe I'm WAY off).
|
| in modern (last 10 - 15 ish years) routing table size has
| been roughly the same for IPv4 and IPv6.
|
| Modern, ISP grade routers have control and forwarding
| planes seperated between different (usually redundant)
| hardware components. The control plane is responsible for
| keeping states of routes (which routes do i recieve from
| a routing protocol? where is my next hop according to
| rule XYZ etc). Forwarding plane is responsible for
| forwarding packets across interfaces.
|
| Route lookups happen in the control plane, but a route
| lookup is almost never for a dedicated address
| (especially in IPV6). route lookups happen at the subnet
| level, and IPV6 has a "standard" subnet size which leaves
| half of the address space for the subnet itself. (the
| first /64 subnetmask bits are used for network
| differentiation, while the other /64 is used to create
| host specific addresses).
|
| This cuts down on TCAM size considerably, because the
| router doesn't need to store 128 bits of information per
| host, but only 65 bits + subnetmask for a very large
| group of hosts.
|
| besides this, IPv6 has another advantage because
| fragmenting routes is far more difficult then in IPv4.
|
| Usually, organisations get a /56, the ISP usually handles
| /48's and RIPE/IANA etc work with /32.
|
| This all keeps the IPV6 routing table far smaller then
| the IPv4 routing table, which was one of the reasons IPv6
| was invented in the first place.
|
| > But, yes, generally, you're right. It's been seen from
| the very beginning as "a big move". If every address
| A.B.C.D was addressable as 0.A.B.C.D, and we opened up
| another 255 * 4 billion addresses... we'd have been
| converted a long time ago. And we'd have been better at
| actually implementing 'upgrades' because they'd be
| already done/completed - it wouldn't be a 'monumental
| task(tm)'.
|
| would this actually change the amount of "momumentalism"
| in switching ipv4 for something else? Backwards
| compatibility with larger address sizes (be it 128 bits,
| 33 bits or whatever) is not possible because ipv4 stacks
| can only hadle 32bit address space. Updating those is
| about as a monumental task as implementing IPV6,
| considering you would still need two network layer stacks
| for each device to handle both IPv4 and the "ipv4+"
| version.
| Denvercoder9 wrote:
| > If every address A.B.C.D was addressable as 0.A.B.C.D,
| and we opened up another 255 * 4 billion addresses...
| we'd have been converted a long time ago.
|
| That has nothing to do with the address being long, but
| with being compatible.
| remuskaos wrote:
| I know this is probably so much not your point, but there
| are assumed to be 10^80 atoms in the visible universe,
| and 2^128 is only 3.4*10^38.
| dekhn wrote:
| I spent some time trying to upgrade my home network to
| primarily-IPv6 (mainly so I could more easily address
| internal computers from the outside). I was pretty
| unimpressed with the results; I expect to have to run dual
| stack for the foreseeable future.
| xvilka wrote:
| Some countries did exactly that, China for example. Most of
| the infrastructure, ISP networks, even user applications here
| is now IPv6 or ought to be in a few years [1].
|
| [1] https://www.theregister.com/2021/07/26/china_single_stack
| _ip...
| toxik wrote:
| To be fair, this is exactly the type of thing you'd expect
| China to be good at, unilateral decision making.
| vmception wrote:
| Benevolent leader is the best case of government, it is
| just improbable and of course it is too risky for any
| dissenter, and the successor is never as good. So people
| go for inclusive forms of government, which produces
| average case results more often.
| syntheticnature wrote:
| Also, when your country's population is such that the
| entire IPv4 address space could only allow three
| addresses per resident, with that ignoring all reserved /
| multicast restrictions...
| nousermane wrote:
| NAT is ramping up on client side. Many home-internet
| connections are now NATted twice - in CPE, then again in CGN.
|
| On the server side, in contrast, NAT is winding down. 15
| years ago, it was common to have either DMZ-style NAT, or on
| AWS you had to have NAT (they call it EIP). Nowadays, having
| a CDN or could-native load-balancer in front of your server
| is increasingly common. And behind those, that server just
| don't need a public IP (maybe only a shared outboud NAT for
| OS updates). That is - if you have a server at all (and not
| moved to lambda, S3, etc...)
| athrowaway3z wrote:
| Yesterday i spend 2 hours trying to figure out why i
| couldn't ping my home router, only to find out this is
| probably the reason.
|
| Luckily i had created a reverse ssh tunnel on a vps before
| leaving.
| innocenat wrote:
| ISP blocking ICMP might be a more probable reason than
| CGNAT. At least where I live.
| lazide wrote:
| It's hard to tell sometimes what is going on. I just
| learned for instance that the cable modem provided by
| Comcast switched to NAT - and my router is also doing NAT
| - and my business firewall also does NAT. So at least 3
| layers now.
|
| If they are doing CGNAT further into the infrastructure,
| how would I even be able to tell at this point? I'm
| assuming someone would also block ICMP just so it would
| be less embarrassing, but who knows.
|
| Comcast does generally seem to be moving towards IPv6 at
| least, which is helpful.
| jaywalk wrote:
| Comcast doesn't do CGNAT, and their network has been 100%
| IPv6-capable for years now.
| remuskaos wrote:
| How do ipv6-only customers reach ipv4 hosts? Wouldn't
| some 6to4 gateway count as CGN?
|
| I've had this problem in the past with Vodafone,
| sometimes their AFTR (?) would go down but all ipv6
| enabled hosts were still reachable. Only the ipv4
| internet was unreachable. It took months for me to find
| that out, and I still don't know any workaround in case
| that happens again.
| wmf wrote:
| I think Comcast is running dual-stack so they don't have
| IPv6-only customers.
|
| T-Mobile is running IPv6-only using 464 which is
| vulnerable to AFTR problems like you saw.
| ninkendo wrote:
| They don't give IPv6-capable cable modems to everyone. I
| don't have one.
| innocenat wrote:
| > If they are doing CGNAT further into the
| infrastructure, how would I even be able to tell at this
| point?
|
| Check the IP on your WAN interface of your modem? I mean,
| that's how I have always been checking for CGNAT.
| liveoneggs wrote:
| ietf and friends could have made ipv6 only address the shortage
| but decided to change a bunch of other stuff too
| techsupporter wrote:
| Meanwhile, Hetzner just added a staggering $19/address setup fee
| and a soon doubling of prices for IPv4 addresses from them
| ostensibly due to the rising costs of getting addresses, yet
| still has virtually no support for IPv6 on their offerings
| outside of a /64 per dedicated server.
|
| https://docs.hetzner.com/general/others/ipv4-pricing/
| RedShift1 wrote:
| Why would you need anything other than a /64 on your server?
| toast0 wrote:
| Maybe they mean that things like flexible/assignable ips and
| load balancers aren't available on v6.
| j16sdiz wrote:
| Because IPv6 was designed with mobility in mind? .... oh,
| wait.. that is the IPv6 in fairy tales.
| TheChaplain wrote:
| Huh? I've been using IPv6 on their cloud instances for years,
| and it works just perfect.
| kolaente wrote:
| You also get a /64 on their cloud servers, one subnet per
| project iirc.
| Aeolun wrote:
| How is a /64 per dedicated server no support?
| bob1029 wrote:
| > Hetzner just added a staggering $19/address setup fee and a
| soon doubling of prices
|
| This is what we need to encourage IPv6 adoption and
| conservation of existing digital resources.
| fach wrote:
| Is it? If the major cloud providers are siphoning off IPv4
| space to create a monopoly, and 2nd tier cloud providers are
| raising prices due to the cost of IPv4 acquisition due to
| scarcity, there's a real chance market forces migrate
| customers away from the 2nd tier as their costs rise.
| [deleted]
| remram wrote:
| /64 seems pretty standard, unfortunately. It's what I get on
| OVH. There's also way worse providers, like Digital Ocean with
| a /124, and LightSail with /128.
| tom7 wrote:
| When will they admit that ipv6 naming schene was a mistake and
| nobody can remember these addresses?
___________________________________________________________________
(page generated 2021-08-14 23:02 UTC)