ipv4 address exhaustion and ipv6
play

IPv4 address exhaustion and IPv6 Glen Turner 2008-11-21 AIS IT - PowerPoint PPT Presentation

Oct 25, 2023 •474 likes •1.18k views

IPv4 address exhaustion and IPv6 Glen Turner 2008-11-21 AIS IT managers' meeting aar net Australia's Academic and Research Network IPv4 address format Internet protocol v4 addresses are 32 bits long They are divided into three parts

  1. IPv4 address exhaustion and IPv6 Glen Turner 2008-11-21 AIS IT managers' meeting aar net Australia's Academic and Research Network

  2. IPv4 address format ● Internet protocol v4 addresses are 32 bits long ● They are divided into three parts Network Sub-network Hosts ● The parts are of variable length so that none of the few 32 bits are wasted

  3. IPv4 address exhaustion ● The pool of new IPv4 network addresses is emptying. It will empty in 2012 See ipv4.potaroo.net

  4. What is likely to happen? ● Underutilised addresses will be sold ● ISPs will run network address translation ● Some ISPs will offer IPv6

  5. Market for IPv4 addresses aar net Australia's Academic and Research Network

  6. Rationale for a market ● Even after 2011, ISPs need IPv4 addresses ● Current address allocations are under-used by sites they have been allocated to ● So ISPs could encourage assignees who can easily give up their allocations to give their allocations to the ISP, who can use the addresses more efficiently ● “encourage” = pay cash

  7. Who owns addresses? ● In the beginning they were allocated to sites – Unsustainable routing table growth, as one entry per site in core routers – “Portable” between ISPs ● Regional internet registries allocate to ISPs, who allocate to customers' sites – One entry per ISP in core routers – “Non-portable” between ISPs

  8. Checking address allocation $ whois 129.127.0.0/16 inetnum: 129.127.0.0 - 129.127.255.255 netname: ADELAIDE descr: University of Adelaide country: AU admin-c: LC457-AP tech-c: LC457-AP tech-c: SB248-AP status: ALLOCATED PORTABLE remarks: This object was transferred from ARIN database remarks: on 11 December 2002 mnt-by: APNIC-HM changed: hm-changed@apnic.net 20021211 changed: hm-changed@apnic.net 20040926 changed: hm-changed@apnic.net 20041214 source: APNIC

  9. mnt-by and portable addresses ● Who can make changes? ● The people in the mnt-by field ● If this is not correct or updates using that maintainer are not secure then your address allocation can be altered without your agreement ● You can – and should – protect your maintainer record by requiring a password for changes or, better still, requiring a GPG signature

  10. Contracts and non-portable ● Non-portable addresses do not belong to the site ● But site's have a significant investment in their allocated addressing ● The ISP could remove this allocation and assign it to another use – No need for the ISP to do this – Until they run out of addresses themselves ● Future contracts with ISPs need to spell out addressing more specifically

  11. Trading addresses ● When originally allocated, the regional routing registries explicitly said that IP addresses would not be tradeable ● They're changing their mind, and the routing registries will eventually act as a registry for address ownership rather than address allocation ● Addresses will be worth money – You may be wish to sell all or part of your addresses and move to NAT – You may need to buy addresses if you need a public address

  12. Network address translation Technology aar net Australia's Academic and Research Network

  13. How does NAT work? ● Inspect outgoing traffic – Collect ( src_addr , src_port , dst_addr , dst_port ) ● Re-write src_addr to my exterior interface, find an unused source port on my exterior interface and re-write src_port to that ● Record these addresses and ports in the expectation table (150.101.30.33, 20000, (10.1.1.1, 10000, 202.158.201.38, 80) 202.158.201.38, 80) (150.101.30.33, 20000, 10.1.1.1, 10000, 202.158.201.38, 80)

  14. How does NAT work? ● Inspect incoming traffic ● Is the incoming ( src_addr , src_port , dst_addr , dst_port ) in the expectation table? ● Re-write the dst_addr and dst_port to the original values in the table (202.158.201.33, 80 (202.158.201.38, 80 150.101.30.33, 20000) 10.1.1.1, 10000) (150.101.30.33, 20000, 10.1.1.1, 10000, 202.158.201.38, 80)

  15. Wrinkles with NAT ● Some protocols embed IPv4 addresses – These need to be rewritten too – May be complex and thus dangerous to do in the forwarding plane ● eg: SNMP uses ASN.1 encoding ● Some protocols embed forthcoming connection information ● FTP, Cisco Skinny, a lot of multimedia ● These wrinkles are handled by “NAT modules” – inspect the traffic, add entries to the expectation table

  16. Problems with NAT ● Complex – Forwarding plane moves from ASIC to CPU ● Jitter and complexity attacks – Some packets need a lot more work than others ● Exploits of code with errors – Complex code, so errors certain ● Huge amounts of state – Abundant opportunity for resource exhaustion ● Timeouts – Some traffic simply isn't suitable: low-power devices, sensors, episodic multimedia

  17. Benefits of NAT ● Has lead to the widespread deployment of stateful, deep packet inspection firewalls – Although coding inspection for NAT and firewall can require choices, so NAT is not the best choice of DPI firewall ● Which is why defence runs real addresses ● Reduced the rate of IPv4 address exhaustion, delaying the crisis until now

  18. Network address translation Economics aar net Australia's Academic and Research Network

  19. “Carrier-class NAT” ● If ISPs run out of addresses, they can use network address translation

  20. Implications ● The edge of the customer is no longer globally reachable – as it is no longer a globally-unique address ● The customer cannot run web servers, e-mail, etc ● But schools like to have their resources hosted on-site – That's where the users are ● But also like to have their resources accessed across the Internet

  21. Implications ● So to continue as things are, ISPs will need to allocate an increasingly-scarce IPv4 address to the school's network edge ● The ISP will charge the school for this – Since the ISP themselves will need to pay for addresses ● The worst-case figure I've seen from an educated industry participant is $1,000pa – But no one really knows

  22. Design implications ● Increased complexity and storage of NAT is expoitable – A less robust Internet ● Latency will increase – These will be expensive boxes, so there will be only a few in a ISP's network – Gamers will love IPv6 ● There is no end-to-end visibility

  23. No end-to-end visibility ● We're sort of used to that: sharing photos on Flickr rather than on a home router ● Real IPv4 addresses are already special – Skype supernode – Who wants to volunteer to run a real IPv4 address in a NAT world? ● Some applications work better when all participants are reachable – peer-to-peer protocols – large videoconferencing

  24. The “walled garden” ● Telcos maximise profits by charging users the value of the service, not the cost of provision – This is why ISD phone calls used to be charged for at outrageous rates, even though costs are <$0.01/ min – It's why telcos try to do exclusive content deals ● In interests of other vendors to team with the telco rather than with the customer ● The customer-built Internet broke this – Telco customers built it, so their interests ruled – Telcos reduced to being low-rent packet shifters

  25. The return of the walled garden? ● Potential for Evil ISPs to move the Internet from a low-rent transport to a walled garden where the only services available are those selected by the ISP ● eg: – SIP is the protocol used for phone calls – Let's not run the NAT module for SIP and friends – Customers will need to use our voice service – No other voice service can be easily accessed (and doing so is arguably “hacking”) – Evil ISP charges VoIP packets at higher rate than other packets

  26. IPv6 aar net Australia's Academic and Research Network

  27. Where is AARNet? ● Native IPv6 service to our customers – Not-for-profit education and research, health, cultural institutions ● IPv6 broker – A best effort service to the greater community, especially developers ● Low deployment by customers – Didn't used to matter: by definition research has low initial usage – Slowly becoming a strategic issue, and we're trying various approaches to see what will fix that

  28. IPv6 Technology aar net Australia's Academic and Research Network

  29. IPv6's design goals ● In short, fix the problems with IPv4, so: ● Larger addresses ● Automated configuration – No manual configuration or central servers ● Secure communications ● Remove poor ideas

  30. Larger addresses ● Larger, 128 bits ● Plenty of addressing allowed a waste/simplicty trade-off ● So fixed network, subnet, and host boundaries are seen by sites – 48 bits Network – 16 bits Subnetwork – 64 bits Host

  31. Larger addresses, subnetworking ● 16 bits of subnetwork address ● Small sites will treat this as 2 16 (~65,000) subnets ● Complex sites will use about 4 bits to identify campuses and 12 bits for subnets within that campus

  32. Textual representation ● Each 16 bits is in hexadecimal and separated from the next using “:” – 2001:388:1:2020:200:e2ff:fea5:80ff – Unlike most hex, leading zeroes are dropped ● The left-most run of zero-valued groups can be abbreviated as “::” – Makes sense for describing ● Subnets 2001:388:1:2020:200::/64 ● Routers addresses 2001:388:1:2020:200::1/64 ● Subnets described using prefix-length rather than a subnet bitmask

Recommend

Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr.

Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr.

802.16 IP Telephony Lab Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr. Quincy Wu solomon@ipv6.club.tw Graduate Institute of Communication Engineering National Chi Nan University 1 1

943 views • 77 slides
IPv6 @ Navneet Nagori Network Engineering Why IPv6 IPv4 exhaustion Cost - Buying

IPv6 @ Navneet Nagori Network Engineering Why IPv6 IPv4 exhaustion Cost - Buying

IPv6 @ Navneet Nagori Network Engineering Why IPv6 IPv4 exhaustion Cost - Buying address costly , Provider supported NAT, Abuse Identification, Port exhaustion, User share address New Devices IPTV, Mobile Network, home

528 views • 21 slides
IPv4 address exhaustion and IPv6 Glen Turner 2008-12-09 AARNet staff meeting aar net

IPv4 address exhaustion and IPv6 Glen Turner 2008-12-09 AARNet staff meeting aar net

IPv4 address exhaustion and IPv6 Glen Turner 2008-12-09 AARNet staff meeting aar net Australia's Academic and Research Network IPv6 policy Going forward, we seek to support IPv6 to the same extent as we support IPv4. Exceptions require

631 views • 52 slides
IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4 exhaustion (link to RIRs and highlight relevant trends for your region) Regional Internet Authorities are in various phases of IPv4 exhaustion

486 views • 13 slides
1. IPv6 address (abbreviated representation) 2. IPv6 address (abbreviation and expansion

1. IPv6 address (abbreviated representation) 2. IPv6 address (abbreviation and expansion

1. IPv6 address (abbreviated representation) 2. IPv6 address (abbreviation and expansion practice) 3. IPv6 advantages over IPv4 4. IPv4 address structure 5. IPv6 address structure IPv4 Address 32 bit address (computer stores information

655 views • 53 slides
IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address IPv4 allowed for 4.3 billion possible addresses, IPv6 allows for 340 undecillion addresses 3.40E38, 7.9E28 more than IPv4 addresses, ~ 4.8x10

1.07k views • 28 slides
Real World IPv6 Presentation at AusNOG 01, Sydney November 2007 1 The Sky is falling ...

Real World IPv6 Presentation at AusNOG 01, Sydney November 2007 1 The Sky is falling ...

Real World IPv6 Presentation at AusNOG 01, Sydney November 2007 1 The Sky is falling ... Regional registry IPv4 address exhaustion predicted at 3 July 2011 Getting IPv4 address space from the registries will get progressively harder

398 views • 22 slides
AARNet's experience with IPv6 Glen Turner 2007-11-20 Australian 2007 IPv6 Summit aar net

AARNet's experience with IPv6 Glen Turner 2007-11-20 Australian 2007 IPv6 Summit aar net

AARNet's experience with IPv6 Glen Turner 2007-11-20 Australian 2007 IPv6 Summit aar net Australia's Academic and Research Network Motivation Universities take a long time to turn around IPv4 address exhaustion, an iceberg? Want considered

712 views • 23 slides
Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4 addresses have 32 bits only not enough for 1 IP address per person dynamic IPs, NAT, Manual configuration time consuming (in larger

655 views • 16 slides
IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool IPv4 with NAT/Tunnels But we can use IPv4 and NAT or Tunnels!!! Yeah, right IPv6 IPv6 Readiness Laptops, pads, mobile phones, dongles,

477 views • 19 slides
At which IPv6 stage are you? Scared The address is too long! All my IP addresses are

At which IPv6 stage are you? Scared The address is too long! All my IP addresses are

At which IPv6 stage are you? Scared The address is too long! All my IP addresses are traceable! Angry It's a conspiriacy there is no IPv4 shortage! As long as I get an IPv4 address I don't care! Nobody is using it anyway! Confused

863 views • 48 slides
IPv6 The Big Picture Rob Evans, Janet Rob.Evans@ja.net Reminder of IPv4 address allocation

IPv6 The Big Picture Rob Evans, Janet Rob.Evans@ja.net Reminder of IPv4 address allocation

IPv6 The Big Picture Rob Evans, Janet Rob.Evans@ja.net Reminder of IPv4 address allocation Top level: IANA Internet Assigned Numbers Authority Number of IPv4 addresses left: 0 Next level: Regional Internet Registries AFRINIC

168 views • 14 slides
Flexible IPv6 Migration Scenarios in the Context of IPv4 Address Shortage

Flexible IPv6 Migration Scenarios in the Context of IPv4 Address Shortage

Flexible IPv6 Migration Scenarios in the Context of IPv4 Address Shortage I-D.boucadair-behave-ipv6-portrange and I-D.boucadair-softwire-dslite-v6only Softwire WG Interim Meeting-BEIJING, September 2011 M. Boucadair et al.

583 views • 41 slides
Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com When will IPv6-only deployment happen? Hypothesis 1 1st node is All IPv4 nodes dual-stack speak also IPv6 IPv4-only IPv4 &amp; IPv6 IPv6-only

675 views • 25 slides
Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible

Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible

Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible with IPv4. Alain Durand The Internet must support continued, un-interrupted growth regardless of IPv4 address availability DISCLAIMER:

614 views • 17 slides
IPv6 Transition Revisit Davey Song BII Foresee and imply IPv6 is a long way to go? What if

IPv6 Transition Revisit Davey Song BII Foresee and imply IPv6 is a long way to go? What if

IPv6 Transition Revisit Davey Song BII Foresee and imply IPv6 is a long way to go? What if ? Global IPv6 Development and Efforts On Feb, 3, 2011 IANA announced the exhaustion of its IPv4 pool Followed by APNIC at 19-Apr-2011, and

254 views • 24 slides
SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36, London, January 2017 Incremental IPv6 deployment in DC IPv4-only IPv4-only + IPv6 via NAT/proxy/etc Dual-stacked public frontend, IPv4 BE Full

550 views • 15 slides
dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R.

dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R.

dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R. Asati, C. Xie, Q. Sun 2011-11-12 Introduction The dIVI-PD is an extension of stateless IPv4/IPv6 translation with address sharing RFC6052:

890 views • 15 slides
IPv6 in Cellular Networks LACNIC 28 Montevideo, Uruguay September 2017 Jordi Palet

IPv6 in Cellular Networks LACNIC 28 Montevideo, Uruguay September 2017 Jordi Palet

IPv6 in Cellular Networks LACNIC 28 Montevideo, Uruguay September 2017 Jordi Palet (jordi.palet@theipv6company.com) - 1 Need to support IPv6 IPv4 exhaustion Sharing IPv4 (CGN) is not enough and is problematic Increase in

593 views • 45 slides
Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic

Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic

Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic ac7vity Geoff Huston APNIC February 2012 The IPv4 Table: 2004 - now The IPv6

770 views • 47 slides
Address scarcity, NAT, and IPv6 CSCI 466: Networks

Address scarcity, NAT, and IPv6 CSCI 466: Networks

Address scarcity, NAT, and IPv6 CSCI 466: Networks Keith Vertanen Fall 2011 Overview Handling IPv4 address scarcity Address space

766 views • 33 slides
Eduardo Barasal Morales Tiago Jun Nakamura Natal, RN | 23/08/17 IPv6 on the last mile with PPPoE

Eduardo Barasal Morales Tiago Jun Nakamura Natal, RN | 23/08/17 IPv6 on the last mile with PPPoE

Eduardo Barasal Morales Tiago Jun Nakamura Natal, RN | 23/08/17 IPv6 on the last mile with PPPoE - tutorial Agenda Motivation PPPoE SLAAC DHCPv6-PD Experiment Motivation IPv4 address exhaustion Improve the

625 views • 29 slides
Inferring Internet Server IPv4 and IPv6 Address Relationships Robert Beverly, Arthur Berger ,

Inferring Internet Server IPv4 and IPv6 Address Relationships Robert Beverly, Arthur Berger ,

Inferring Internet Server IPv4 and IPv6 Address Relationships Robert Beverly, Arthur Berger , Nicholas Weaver , Larry Campbell Naval Postgraduate School Akamai ICSI/UCSD rbeverly@nps.edu, awberger@mit.edu February 7, 2013

323 views • 19 slides
1 IPv6 Packet Format IPv6 Packet Format 40 Byte minimum 0 8 16 31 Mandatory fields

1 IPv6 Packet Format IPv6 Packet Format 40 Byte minimum 0 8 16 31 Mandatory fields

IPv6 IPv6, MPLS History Next generation IP (AKA IPng) Intended to extend address space and routing limitations of IPv4 Requires header change Attempted to include everything new in one change IETF moderated Based

506 views • 5 slides

More recommend