IPv4 Comes to an End Cesar Diaz � cesar@lacnic.net �
Addressing in the Internet • Devices on the Internet need to have unique addresses in order to be reachable from each other – We have long put up with NAT, which up to a point subverts this principle • Address allocations are made hyerarchically – IANA -> LACNIC -> [ your ISP here]
IPv4 • There are 4,294,967,296 IPv4 addresses (32 bits long) but not all of them can be used � • Looks like a lot, right? But... World population currently stands at just over 6 billion people � • Mobile penetration 87%, Internet penetration 35% � • We all normally use more than one IP address (possibly 4) � • They don't seem to be that many now! �
Internet Number Resource Management IANA ¡ ARIN ¡ LACNIC ¡ APNIC ¡ RIPE ¡NCC ¡ AfriNIC ¡ ISP ¡#1 ¡ ISP ¡ NIC.br ¡ NIC.mx ¡ LIRs/ISPs ¡ LIRs/ISPs ¡ End ¡users ¡ ISP ¡mx ¡ ISP ¡br ¡
Historical Facts • 1983 Research network for ~ 100 computers � • 1992 Internet is open to the commercial sector : � – Exponential growth � – IETF urged to work on a IP next generation protocol � • 1993 Exhaustion of the class B address space � – Forecast of network collapse for 1994 ! � – RFC 1519 (CIDR) published � • 1995 : RFC 1883 (IPv6 specs) published � – First RFC about IPv6 �
Evolution of the IPv4 Pool • Remember � – IANA � • IANA assigns** /8 blocks to the RIRs � – The RIRs � • Assign blocks of varying sizes to their member organizations � • Members which are in turn ISPs then assign space to their customers �
Evolution of the IPv4 Pool • Run-out dates: � – IANA ran out of free /8 blocks in January 2011 � – APNIC was the first RIR to run out of IPv4 later in 2011** � – RIPE NCC ran out of IPv4 in 2012** � • Expected run out dates: � – LACNIC is expected to run out of IPv4 between LACNIC is expected to run out of IPv4 between May and July of 2014 - DONE May and July of 2014 - DONE �
Evolution of the IPv4 Pool Some%me ¡between ¡ May ¡and ¡July ¡2014 ¡
IPv4 Exhaustion • IPv4 resource management is governed by policies � – These policies are created and approved by the community through a bottom-up process � – LACNIC acts as the steward of this process and applies the policies for managing resources � • Before runout time addresses are assigned according to a needs-based needs-based set of criteria � • Does IPv4 exhaustion mean that the free pool reaches zero ? NO NO �
IPv4 Exhaustion • When the aggregated free pool reaches the equivalent of a /11 (~2 million addresses), new policies come into effect � • What follows is a two-tiered phase � – Soft-landing period � – Resources for new entrants � – Final exhaustion � • IPv4 assignment ceases to be needs-based � – Even if an organization justifies need, only a fixed size prefix will be allocated �
Soft Landing • The first period after exhaustion is the soft landing period � • A /12 is available for soft landing � • New or existing New or existing organizations can get up blocks up to /22 in size up to /22 in size every six months six months if properly justified � • This means � – Up to a single /22 (1024 addresses) every six months � – 1024 blocks available �
New Entrants • After the soft-landing pool is exhausted, a second /12 is made available exclusively to new market entrants � • Every new new organization will be able to request up to a /22 every six months every six months �
THE WAY FORWARD – IPV6
� So… What Next ? • Some argue you can take a pill and keep doing business as usual � – The pill known as carrier grade NAT • But the rest of the world seems to be agreeing that the way forward is via IPv6 � • There is good, bad and ugly in all this � • Let’s take a look at both �
The Good: An End-to-End Network • Every device talks freely to each other. Almost no middleboxes, except at the very edge of the network �
The Bad: A CGN-”enabled” Network • Devices communicate via middleboxes almost always �
The Bad: Network Address Translation • Allows sharing a single public IP address among several devices � • Does not scale � CGN ¡ Home ¡ NAT ¡ 2801::17 ¡
(Some) Issues with NAT • When handling security � – When blocking one user's “malicious” traffic, we also risk block traffic from many “good” users. � – In order to identify which user accessed which services logging the IP address is no longer enough, we also need to log port numbers. � • When scaling � – NAT “boxes” are limited in the number of simultaneous users they can handle. � – Harder generally harder for Internet Content Providers (i.e. geolocation, sessions based on IP, etc.) �
(Some) Issues with NAT • With service quality � – Port forwarding will become increasingly difficult to manage for users and ISPs (big impact for gamers for example) � – Service calls will go up � – The CGN box becomes a single point of failure � • This means � – Service quality as perceived by users will deteriorate � – ISPs costs will increase in the long run �
The Good: IPv6 • IPv6 with its 128 address space solves all our addressing needs for the foreseeable future � • 2ˆ128 IP address or 3.4 x 10ˆ38 � • (340,282,366,920,938,463,463,374,607,431,768, 211,456 IPs) � • Restores the end to end nature of the Internet � – This means no single points of failure, no accidentally filtering out innocent users, etc. � • So why hasn’t the world done it already ? � – A long story � – However, IPv6 is being deployed as we speak However, IPv6 is being deployed as we speak �
IPv6 Deployments • Content providers: � – Google, Facebook, Yahoo! and several CDNs have deployed IPv6 � • Access providers: � – USA: Comcast, T-Mobile � – Europe: Free.fr � – In our region: Telefónica Perú �
Global IPv6 Tra ffi c • As seen by Google �
Global IPv6 Tra ffi c • What happens if you enable IPv6 to an otherwise unsuspecting group of users ? � • Between 15% and 40% of your traffic will be Between 15% and 40% of your traffic will be over IPv6 over IPv6 � • This means � – This portion of traffic will not need NAT � – This portion goes up as more and more networks deploy IPv6 �
The Ugly: We will need a bit of NAT • Sadly, we as a community have ignored this for so long that some form of NAT will be needed � • By the time IPv4 is completely exhausted there still will be a lot of IPv4-only content out there � • Our users, even if on IPv6, will want to access it �
The Ugly Network of the Future • Hopefully only for the immediate future! � IPv6-‑enabled ¡ host ¡ IPv4-‑only ¡host ¡
FINAL CONCLUSIONS
On IPv4 Exhaustion • IPv4 will run out for our region during 2014, our estimate is between May May and July July � • After exhaustion, the policies governing the remaining stock will be radically different � • Networks will need to keep growing nevertheless, so investments will need to be investments will need to be made made �
On Carrier Grade NAT • No, it’s not a magic pill � • No, it’s not business as usual � • It is going to be expensive, and it will be an investment without much return on it �
On Transition to IPv6 • It’s the only path forward with a future � • The rest of the world is deploying it � • It also will be expensive, but the costs tend to go down as deployment progresses �
THANK YOU!
Recommend
More recommend
