Re: [RRG] IPv4 shortage, new features and IPv6 inevitability

[Robin Whittle <rw@firstpr.com.au>]

* IPv6 transition mechanisms.

* Ping surveys of IPv4 and how well the space is used at present.

* Therefore, with NAT, how much scope is there for continuing
  to rely on IPv4?


Hi Iljitsch,

LISP, eFIT-APT, Ivip and TRRP are perfectly capable of slicing a /8
or any other length prefix into as many /30s or even /32s as you
like - without any extra burden on the BGP system.

Regarding my comment that this number of long prefixes wouldn't fly
with the current BGP-only routing architecture, but would be fine
with one of these ITR-ETR schemes, you wrote:

>> With the existing reliance on BGP alone, that would lead to a 
>> completely unsustainable explosion in the number of prefixes.
> 
> An interesting thing about BGP is that if you break it, you see 
> that immediately. That means you'll revert back to the previous 
> configuration within minutes. So anything that has enough impact 
> to really break BGP simply won't be deployed.

Your response doesn't seem to relate to my intended meaning.


>> I think the continuing need for IPv4 address space, including 
>> smaller chunks of it with greater use of NAT, will continue for
>>  the foreseeable future - 5 to 10 years at least.  Having an 
>> IPv6 address does not alter the need of the vast majority of 
>> users for direct (or via NAT) access to IPv4.
> 
> It's interesting to contrast the situation the big content 
> players are in versus the one ISPs are in. As a content network, 
> you need very little IPv4 space. Moving to IPv6 is pretty much a 
> binary thing: you either enable it or you don't. So for content 
> people enabling IPv6 is hard and sticking to IPv4 is easy. ISPs 
> on the other hand needs lots of fresh IPv4 space to connect new 
> customers, but they are in the position to roll out new 
> deployments for new users and keep existing customers on existing
>  stuff so they don't have to go to IPv6 wholesale at once. So for
>  ISPs sticking to IPv4 is going to be problematic due to the 
> depletion while introducing IPv6 is relatively easy.

I don't think it is "easy" for ISPs to deploy IPv6 to their
customers.  Few seem to do it.  Getting the address space is easy,
but upgrading and/or managing the routers, billing systems, security
arrangements, DNS, making sure all servers are dual stack etc. is a
lot of work.

The support costs would be massive.

The hapless ISP would get all manner of calls when users don't
understand what IPv6 means, when something doesn't work etc. - even
though the problem is likely to be in their application, their OS,
or the remote host and nothing to do with the ISP's service.

Having an IPv6 address or /64 does not alter the fact that virtually
all end-users - individuals, corporate networks etc. - still need
IPv4 space just as much as they do without the IPv6 space.


> So we'll probably see a world where more and more eyeballs are on
>  IPv6 (which means in practice either IPv6-only with 
> proxies/NAT-PT or IPv6+IPv4/NAT dual stack) while most of the 
> content will stick to IPv4-only for a much longer time.

Can you give me an example of a set of proxies which provide
adequate support for ordinary home or office users who need to
communicate with IPv4 hosts, but who have only an IPv6 address?
Protocols to be supported (in a way that bog-standard Windoze apps -
probably not IPv6 aware - will work) include:

  HTTP, HTTPS
  SMTP, POP3 IMAP4
  FTP, SSH
  IRC
  (Any number of streaming media protocols.)
  (Any number of instant messenger protocols.)
  (Any number of VoIP systems, including Skype.)
  (Any number of P2P filesharing systems.)
  (Any number of commercial games.)
  etc.


> Any claims of 5 or 10 years or even longer is highly suspect 
> because I don't see a quantitative basis for it. My best 
> guesstimate about the IPv4 depletion is that we'll run out in 
> 2012, so yes, in 5 years most people will still be running IPv4. 
> But if good transition mechanisms are available, it will be easy 
> to move to IPv6-only while still having access to IPv4 resources 
> and then a significant number of people could be living on an 
> IPv6-only network fairly soon.

I still don't see how this is going to happen - there are no good
transition mechanisms.

There probably cannot be any good transition mechanisms.


>> Iljitsch, despite what you wrote and what quite a few people 
>> believe about IPv6 and about IPv4 utilization, still I believe 
>> (for all the reasons I stated) that IPv6 offers no short to 
>> medium term (1 to 5 years) benefit to ordinary Internet users 
>> (and therefore their ISPs) compared to the costs of adopting 
>> it.
> 
> The benefit is that you get to connect new users to the network 
> for more than just the next 5 years.

Virtually no ordinary users will do something tricky and/or costly
now - or accept a lower grade of service - for the sole benefit of
themselves or someone else in 5 years time.

I don't see what use an IPv6 address is to ordinary users.

After years of global publicity, some folks today might walk to the
shops instead of driving, or run their air-conditioner or heating
system a bit less comfortably, in the hope that this will reduce
global warming in the years to come.  They might be motivated by
concrete goals - perhaps remote in time and space - such as saving
someone from drowning in Bangladesh or saving their own home from
being ripped apart as hurricanes / tropical cyclones move further
towards the poles.

But how much consciousness raising would be required to get a
sizable proportion of ordinary end-users to pay for an Internet
service with massively reduced connectivity, year after year, for
the good feeling they get knowing they are no longer reliant upon,
or burdening, the dear old battlefield IPv4.

They would never do it if they knew how sparsely IPv4 address space
was used.

> Building a house also doesn't give you an immediate benefit: it 
> costs a lot of money while building but you can't start living in
>  it until you're done. But houses are built every day.
> 
> The costs of adopting IPv6 are quite small, especially if you 
> take enough time to do it.

I don't see why most users, business or home-based, would spend any
time on it.


>> I still believe that for the next 5 to 15 years most users will
>>  find it better to squeeze more usage out of IPv4 address space
> 
> That only prolongs the pain.

This is probably true - but I think that NAT and ITR-ETR schemes
will bulldoze a path in front of the great majority of users
(billions of dollars worth of paying customers) smoothing the way so
that at no point is there a bump big enough to motivate users to do
something tricky and expensive (in terms of time and attention, if
not upgrades to software) such as getting IPv6 space and software
which can use it.


> Worst case would be that address policies become very strict and
>  people spend enormous amounts of time and money getting a few 
> IPv4 address but we don't really "run out" so IPv6 deployment 
> doesn't happen.

I think this is what will happen.

> We need fresh IP addresses to be available one way or the other,
>  without that, we'll all be wasting a lot of time and money on 
> addressing that could have gone to something productive.

There are endless addresses available behind NAT, and most client
software works fine in the majority of NAT settings.  It
is a horrible kludge, but this is the situation.  ISPs, network
managers and DSL modem providers who foist unfriendly NATs on people
need to change their ways.  End-users need to be wary of plugging
NAT box into NAT box.


>> I see no consensus at all on what needs to be done regarding 
>> IPv4 address depletion.
> 
>> I think you imply that we all agree the answer is to move to 
>> IPv6.
> 
> Knowing that something needs to be done and agreeing to do it 
> aren't the same thing.

I assume you are implying that the solution to the IPv4 address
depletion problem is to move everyone to IPv6 addresses - which is
what I understood from your earlier message:

> Ah, but that's a solved problem. RRG = research, IETF = 
> engineering. IPv4 depletion = operation. We all know what needs 
> to be done here. A wise man once said: just do it.


>> The trouble is, as I outlined above, IPv6 only solves the IPv4
>>  address depletion problem once everyone - or almost everyone -
>>  has moved to IPv6.
> 
> That's why we still need to work on transition mechanisms in the 
> IETF. Dual stack isn't it.

OK, so you agree that adoption of IPv6 requires more work in the
IETF - which I understand as contrary to your earlier statement that
"We all know what needs to be done here".

I don't think there ever will be a transition mechanism which solves
the problem that:

1 - Most of the world uses IPv4.

2 - The central purpose of the Internet is to allow direct,
    unmediated (though NAT is a form of mediation) host-to-host
    communication on a global scale.

3 - Hosts without an IPv4 address can't communicate with hosts
    with an IPv4 address, except perhaps via a small number of
    complex, kludgy, "proxy" systems for a handful of protocols.

This has nothing to do with IPv6.  It is a failing of IPv4 that
without an IPv4 address, there is no conceivable seamless upgrade
path from it to some other address system and set of protocols.


>> I think it was a mistake for IPv6 to have such long addresses, 
>> adding to the length of every packet.  64 bits should have been
>> fine
> 
> That wouldn't have made any difference to our deployment issues, 
> it would just have meant no CGA/HBA or stateless autoconfig. The 
> real answer is of course that addresses need to be variable 
> length.

I see some sense in "variable length addresses", in that a pure
"IPv6" system could then communicate with IPv4 addresses, without
requiring a dual IP stack.  This, I imagine, would reduce the
headaches of trying to write an application which works seamlessly
in IPv4 only, IPv6 only and dual stack mode.

Still, I don't see how this hypothetical "IPv6" host could
communicate with an IPv4 host without an IPv4 address.


>>> I'm not convinced. The issue isn't the number of places that 
>>> need an address block, but the number of places that need an 
>>> individual address.
> 
>> I think it is both, although NAT tends to reduce the quantity 
>> of addresses each end-user network needs.
> 
> You assume a model where it would be possible for every device 
> that connects to the network to get an individual public address.

I would really like every device to have an individual public
address, but that is not possible without everyone upgrading to IPv6
or something better.  Because NAT compatibility is now so ubiquitous
in applications, and since NAT has some attractions in terms of
reducing attacks, I don't assume this is a requirement for most
users.  I figure most users would rather have one or more behind-NAT
addresses on IPv4 than only have an IPv6 address, no matter what
proxies were available.

My understanding is that servers need to have public addresses and
that suitably designed client and peer-to-peer applications can run
fine on a host behind NAT as long as they can use external servers
to coordinate their communications with other such peer-to-peer
software on other hosts behind NAT.  (Though some NATs are hostile
and make things really difficult, or impossible.)

The application has to figure out on its own that it is behind one
or more NATs, and figure out how to fight its way out, and tickle
the NAT(s) in whatever way they individually require to keep the
translation stable.  This is a nightmare, but humans have already
adapted to it - or reached some kind of accommodation with it.

(Some of your comments generally agreed to and not quoted here.)


>>>> 5 - IPv4 address space utilisation could easily be improved
>>>>  if there were suitable policies and slicing and dicing 
>>>> technologies. Ping responsive host rates in advertised 
>>>> space are around 4%:
> 
>>> Meaningless. First of all, they also pinged unrouted space.
> 
>> It is not meaningless.  My survey and the much better work at 
>> USC ISI:
> 
>> http://www.isi.edu/ant/address/ 
>> http://www.firstpr.com.au/ip/host-density-per-prefix/
> 
>> both surveyed address space which was advertised in BGP.
> 
> I asked the guy from ANT, he said that they also pinged unrouted 
> space.

  http://www.isi.edu/~johnh/PAPERS/Heidemann07c.pdf

    We determine the currently assigned address space from
    IANA [http://www.iana.org/assignments/ipv4-address-space].

  This list is actually a superset of the routable addresses,
  since addresses may be assigned to registrars but not yet
  injected into global routing tables [23].

You are right - they pinged unrouted (= unadvertised) space too.
The result (Table 1, November 2006) is 102.96 million Acks.

My random sampling ping survey in March 2007 extrapolates to 107.96
million Acks, with a single ping probe.  At that time 1,694,827,520
addresses were advertised.

This is:

  6.37% of advertised space.

  4.38% of space assigned by RIRs to ISPs and end-users

  2.89% of the 222 /8 prefixes which ultimately can, or I think
        should, be assigned to end-users.

Even if these ping surveys only show half or a third the addresses
which are actively used, this is still a low rate of address
utilization.


>>>> So there is plenty of room for improvement.
> 
>>> No. Any effort spent on getting back IPv4 space for new uses 
>>> is wasted effort, because we need to move to IPv6 in the 
>>> slightly longer run anyway.
> 
>> Geoff Huston estimates 5 to 20% utilization.
> 
> Could be. I'm pretty sure that many ISPs never bother to reuse 
> old address space when customers leave etc but simply request new
>  stuff.
> 
> The real question is: why is the utilization so low?

OK - I am glad you agree the utilization rate is low.

> And is that reason still present today?

As long as it is easier to apply for and get more space, rather than
 use existing space more densely, utilization will be low.  That
will be increasingly difficult over the next few years.

Also, some organisations are simply sitting on huge slabs of space
they were given in the early 1990s.


> If so, what would we need to do to overcome that factor? And if 
> we do that, how much extra IPv4 time would that give us?

It depends on how much more NAT can be used, and how small a piece
of address space can be used to supply entire end-user networks.
This in part depends on there being a slicing and dicing scheme
which does a much finer job than the current BGP system.


> We already see that ARIN doesn't want to reclaim any of the 
> legacy class A address space, even though that only means 40 
> instances of administrative work for 650 million IPv4 addresses -
>  a pretty sweet deal compared to pretty much any other effort 
> that you can think of.

I haven't been following this - it is hard to understand their lack
of motivation to do this.

I doubt that space will remain barren for long after the fresh space
runs out and people start scrambling for IPv4 space, asking
questions about how it is currently used and forking out real money
to get what they need, or what makes them feel secure.


>> IPv6 is years - probably decades - away from being sufficiently
>>  widely and robustly deployed in applications and OSes.
> 
> Nonsense. I'll prove it to you by turning off IPv4 right now on 
> my system and sending you this message running IPv6-only using 
> only software that came with my Mac and a dual stack server 
> elsewhere on the network.

Email is probably the easiest major form of communication which
could be handled by an IPv6-IPv4 proxy, dual-stack server etc.

> I'm not saying it's possible to turn off IPv4 today without any 
> impact on functionality (I can't print or use my instant 
> messaging client right now for instance) but we've come a long 
> way since when I started with IPv6 and I could only do ping6 and 
> traceroute6.

Coming a long way is very different from arriving.


>> But why would I, or most other end-users (and their ISPs) get 
>> IPv6 connectivity, ensure our most important devices, hosts 
>> OSes and applications are IPv6 compatible, when there is no 
>> benefit now or in the next few years over continuing to use 
>> IPv4 and leaving my computer undisturbed?
> 
> Forget end-users.

OK.  I am chiselling out IPv6's gravestone - leaving a blank for the
'x' - in readiness for whenever the life-support is disconnected.

                 -------------
                /             \
               /     IPv6      \
              /                 \
             |   1996 - 201x     |
             |                   |
             |       RIP         |
             |                   |
             | Forget end-users  |
             |     -IvB 2007     |
             |                   |
             |                   |
             |                   |
      ___.~\|//-=\\~|/..\|/_\\||//~,___




> They don't know about this stuff.

They shouldn't have to know or care about IPv4, IPv6 or anything
else.  They want to do IM, P2P, VoIP etc. with their friends,
relatives, business contacts etc. all over the world with not a clue
or a care about how the technology works.  They want to be able to
reach every website in creation, without any glitches, slowdowns or
fuss.


> ISPs will start at some point but they're going to wait some more
> because if you have the choice between spending money now or
> spending it tomorrow, the latter is usually a no-brainer.

This condition will persist.

Widespread IPv6 adoption is not inevitable in the foreseeable future.

I rest my case.


   - Robin


--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg