[menog] IPv4 March 2011 depletion

[Brian Candler]

On Mon, Nov 15, 2010 at 07:44:57AM -0800, Owen DeLong wrote:
> Again, I'm not understanding the need to phase a subnet. I can understand
> phasing large or complex environments by doing them a subnet at a time,
> but, phasing within a subnet strikes me as a recipe for greater pain and
> complexity with minimal benefit in most environments. Especially in a
> residential environment.

If you don't offer the option to plug in new V6-only devices, then people
won't switch their networks to V6-only, because it involves reconfiguring
everything they already have.

You're then hoping that new customers are where V6 deployment takes place. 
This may work in some places, but I think not where Internet is close to
saturation already.

> > As for enterprises, most have already deployed RFC1918 and NAT44 widely.  So
> > whilst turning on native IPv6 alongside it ought to be moderately easy, it
> > also doesn't yet offer any particular business reason to do so.
> > 
> Key word being yet. However, if you wait until the need arises, you are going to be
> way behind the power curve trying to catch up.

Most places where I've worked spend money when there is a recognised need
and not before.

About 10-15 years ago, in the UK it was common for dial-up Internet access
products to offer static IP addresses.  Gradually there was a shift to a
lower grade of service, by sharing addresses through dynamic pools.  For
anybody who cared, they could work around it (e.g.  using dynamic DNS), or
pay extra for a static IP.

What I foresee over the next 3-5 years is a gradual acceptance of a lower
grade of service, where many people end up behind LSN.  For those who care,
they can work around it (e.g.  upstream ISP offers inbound HTTP proxy and
SMTP proxy and/or port forwarding), or pay extra for a real IP.

Certainly there are market segments which are interested in direct
peer-to-peer applications: in particular, gamers and illegal filesharers. 
Given that filesharing accounts for a large % of traffic today, that might
be enough to swing a sizeable proportion of traffic (if not users).  It will
be an interesting way of selling V6 to governments.

The rest of us sit behind NAT44 today, and a whole bunch of third-party
services have sprung up to support it - things like 'logmein' and instant
messaging servers.  These meet-me servers aren't just workarounds.  They add
their own value by managing authentication and brokering access between
endpoints - the sort of things people are very bad at doing themselves.

Speaking for myself: I do use dynamic DNS with inbound port forwarding in
order to ssh to my box at home.  If I end up behind LSN, then yes I'd like
my ISP to offer me one port on a real IP address which forwards to me.  As
this is likely to be on a static IP, this would actually be an improvement
for me.

Deploying V6 at home doesn't benefit me, even if my ISP offered it, because
it's not reachable from anywhere that I care about (*).  That's the
chicken-and-egg situation which dual-stack has spectacularly failed to
address.  Oh, and it would cost me money to replace my router too, and time
to reconfigure every device on my LAN.

You can call me cheap, clueless and lazy. The question is, how many other
people are there like me?  :-)

> I don't see how the loopback idea really helps conserve address space.

It saves the wastage from allocating 2^N IPs to each VLAN, sometimes more
than twice the space required to allow for easy future growth.  If you're
using lots of small subnets then the wastage from broadcast and network
addresses is also significant.

By putting real IPs on servers as loopbacks, with static routes in your IGP,
you can deploy individual IPs where you need them.  If you want to
aggregate, you can still do it at a higher level (e.g.  per POP)

> >> Again, can you cite any specific example of equipment which breaks if IPv6
> >> is turned on, or, is this pure speculation on your part?

To be absolutely clear: no, I cannot give you a specific example of this.

I think you're right that a device which doesn't understand V6 at all is
unlikely to break when IPV6CP is turned on.  I think that a device with a
partial or broken V6 implementation may well do stupid things when V6
packets start to flow, in the same way as some routers when presented with
DNSSEC packets do stupid things.  But no, I have not met one, because I've
not been turning on V6.

Anyway, selective enabling of V6 is straightforward to implement, so that
part doesn't worry me.

Regards,

Brian.

(*) OK, I'm a techie, and from my laptop I could probably use a tunnel
broker to get home if I could be bothered.  I couldn't use it from someone
else's PC where I have an ssh client but nothing else.