Re: [nznog] Oh dear, no more room on the intarweb
I'm sure majority of the devices would be added on an internal network such as telstra clears cable tv (digital) and cable modems (management), only 1 live ip is assigned for internet services. From memory a few mobile providers assign you a internal ip too and you're nat'ed out to the net. But yeah IPv6 is just around the corner. Thanks Barry
http://www.techweb.com/wire/networking/187200459
-- Juha Saarinen www.geekzone.co.nz/juha www.computerworld.co.nz
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
On Sun, 2006-05-07 at 17:02 +1200, barry(a)unix.co.nz wrote:
But yeah IPv6 is just around the corner.
http://www.potaroo.net/ispcolumn/2003-07-v4-address-lifetime/ale.html Given that it's 15-20 years before the sky falls roughly speaking, and we've had IPv4 for about the same amount of time, I think it's a fairly stunning achievement for a technology to have a lifetime of 40-50 years. cheers jamie
Jamie Baddeley wrote:
On Sun, 2006-05-07 at 17:02 +1200, barry(a)unix.co.nz wrote:
But yeah IPv6 is just around the corner.
http://www.potaroo.net/ispcolumn/2003-07-v4-address-lifetime/ale.html
Given that it's 15-20 years before the sky falls roughly speaking, and we've had IPv4 for about the same amount of time, I think it's a fairly stunning achievement for a technology to have a lifetime of 40-50 years.
I couldn't agree with Jamie more... Just diverting back to the original thread, there has been discussion about implementing IPv6 for how long now ? To me it's like talking about the second coming... Anyway, what doesn't support IPv6 now ? I'm picking that what doesn't support IPv6 now is more than likely to be either upgraded or in the bin by 2008. Hey, we got through the "Y2K Bug", PCB scare, Asbestos scare, surely Pink Batts must be next... :) Just another thing to keep us employed...
On 7-May-2006, at 11:09 , Lindsay Druett wrote:
Just diverting back to the original thread, there has been discussion about implementing IPv6 for how long now ? To me it's like talking about the second coming...
IPv6 has been well-and-truly implemented. It's the deployment that's missing. To replay a conversation that we had in Wellington earlier in the year: Deployment costs money; money requires budget; budget requires either revenue or cost reduction (or both). Who is willing to pay more for IPv6, given that pretty much the only extra content available for your money will be a lonely, somewhat poorly-animated Japanese turtle? (Don't all shout at once.) Joe
MEMEMEMEMEME!!!!! --bill On Sun, May 07, 2006 at 11:30:38AM +0300, Joe Abley wrote:
On 7-May-2006, at 11:09 , Lindsay Druett wrote:
Just diverting back to the original thread, there has been discussion about implementing IPv6 for how long now ? To me it's like talking about the second coming...
IPv6 has been well-and-truly implemented. It's the deployment that's missing.
To replay a conversation that we had in Wellington earlier in the year:
Deployment costs money; money requires budget; budget requires either revenue or cost reduction (or both).
Who is willing to pay more for IPv6, given that pretty much the only extra content available for your money will be a lonely, somewhat poorly-animated Japanese turtle? (Don't all shout at once.)
Joe
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
On Sun, 7 May 2006, Jamie Baddeley wrote:
On Sun, 2006-05-07 at 17:02 +1200, barry(a)unix.co.nz wrote:
But yeah IPv6 is just around the corner.
http://www.potaroo.net/ispcolumn/2003-07-v4-address-lifetime/ale.html
Given that it's 15-20 years before the sky falls roughly speaking, and we've had IPv4 for about the same amount of time, I think it's a fairly stunning achievement for a technology to have a lifetime of 40-50 years.
A dynamicly updated version is here (the version above is 3 years old): http://bgp.potaroo.net/ipv4/ "The date predicted by this model where the IPv4 unallocated address pool will be exhausted is 09-Sep-2011. A related prediction is the exhaustion of the IANA IPv4 unallocated address pool, which this model predicts will occur in 27-Aug-2012. " The article says a lot more than that. I think the big thing is that as the cost of IPv4 stacks falls the demand for IPv4 addresses will increase to a point that the current allocation policy can not sustain. This will result in a lot of NAT, a move to IPv6 or a combination of both. For example, here is an interesting wee talk about the $100 laptop project that mentions at the end that one problem they may have is find the IP addresses to put 10 million laptops all running mesh networking on. http://www.linux-pm.org/docs/pm-summit-0406-olpc.pdf -- Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ "To stay awake all night adds a day to your life" - Stilgar | eMT.
On Sun, 2006-05-07 at 20:10 +1200, Simon Lyall wrote:
On Sun, 7 May 2006, Jamie Baddeley wrote:
On Sun, 2006-05-07 at 17:02 +1200, barry(a)unix.co.nz wrote:
But yeah IPv6 is just around the corner.
http://www.potaroo.net/ispcolumn/2003-07-v4-address-lifetime/ale.html
Given that it's 15-20 years before the sky falls roughly speaking, and we've had IPv4 for about the same amount of time, I think it's a fairly stunning achievement for a technology to have a lifetime of 40-50 years.
A dynamicly updated version is here (the version above is 3 years old):
Good Lord, what a lot of graphs :-)
"The date predicted by this model where the IPv4 unallocated address pool will be exhausted is 09-Sep-2011. A related prediction is the exhaustion of the IANA IPv4 unallocated address pool, which this model predicts will occur in 27-Aug-2012. "
"..This particular model predicts that the use of the unadvertised address pool to sustain further growth on the IPv4 public Internet may provide addresses to meet demands until 25-Mar-2027..." I suspect we're underestimating the responses that come about from managing what we currently have. But bringing the timeline forward to 2012 is an excellent way to draw that out. A part of me thinks that directly addressing 10 million laptops would be a really bad idea. There's a lot of opportunity in 10 million to have some less than secure systems introduced into the 10 Million mesh. Botnets ahoy! I think reality, sad though it may be, NAT and associated common security infrastructure will be deployed more widely as a result. But if someone managed to combine the Japanese Turtle with BadgerBadger, then yeah sure, IPv6 has some applications that may give someone a reason to pay for it :-) Aside from 'space' what does IPv6 give us that we can't currently do? Bugger all IMHO. Yes, there's some security aspects, but damn there's a bit of extra overhead too. jamie
On 7-May-2006, at 11:44 , Jamie Baddeley wrote:
Yes, there's some security aspects,
Assertions that "IPv6 gives you security!" can generally be treated with the contempt normally reserved for "IPv6 gives you quality of service!" Nobody should read my doom-saying and conclude that I dislike IPv6 for any particular reason. I think it's fun to play with; I just don't see a business reason for the average ISP or enterprise to worry about it, today. "We will need this in 10 years, so we should start learning about it now" is an argument, I guess, but most ISPs of my acquaintance are more concerned with staying business for the next five years than they are with optimising their costs in ten. Joe
On Sun, 2006-05-07 at 12:00 +0300, Joe Abley wrote:
On 7-May-2006, at 11:44 , Jamie Baddeley wrote:
Yes, there's some security aspects,
Assertions that "IPv6 gives you security!" can generally be treated with the contempt normally reserved for "IPv6 gives you quality of service!"
Nobody should read my doom-saying and conclude that I dislike IPv6 for any particular reason. I think it's fun to play with; I just don't see a business reason for the average ISP or enterprise to worry about it, today.
Exactly.
"We will need this in 10 years, so we should start learning about it now" is an argument, I guess, but most ISPs of my acquaintance are more concerned with staying business for the next five years than they are with optimising their costs in ten.
HTTP, IM and P2P all showed a doubling of bytes transfered over the protocol every 2 weeks for at least 6 months. In the case of HTTP and P2P they became the dominant amount of traffic for some networks inside that 6 months. *If* IPv6 ever grows a killer app (big if...) an ISP may discover that it's traffic is all inside IPv6 tunnels, and their traffic engineering no longer works. An Enterprise may discover they are unable to firewall inside IPv6 traffic. Everyone may discover that their traffic monitoring software no longer reports useful results (Why is 60% of my traffic protocol 41?). "We'll just firewall all IPv6" just makes everyone's Internet slow. You might have less than 6 months to deal with this. IPv6 is dissimilar enough from v4 to require some retraining. (What happened to all the ARP messages? Why don't I need DHCP? Why *do* I need DHCP? Why are addresses that begin with Fe80: special? 2002:? 3ffe:? What's the deal with RFC1918? Is it normal my machine has nearly 100 IPv6 addresses on a single interface? Why doesn't doing the obvious ping of a link local address work? Why shouldn't I assign ...:feed:cafe:babe:f00d as an address to a machine? Given a mac address, what IPv6 address would be dynamically assigned to this host? What's the story with DAD? and what's he doing on my network? I have an MTU of 576 on a link, what happened to my v6 traffic? Would it be better if it was 1000, 1100, 1200, 1300, 1400, 1500? How am I going to remember all these v6 addresses? What's the v6 address for localhost? What's the broadcast address on a v6 network? How do I enable v6 on the various host types inside my network? More importantly, quick, how do I turn it off again? If I have an IPv6 address on an interface, does that mean I can talk to v6 hosts on the Internet? Why does connecting to some hosts on the internet now take a long time, it didn't yesterday! What changed? My network is v4 only and has a NAT box in front of it to protect me from malicious traffic, how come all of these machines can talk to v6 machines on the internet? How come v6 machines on the internet are successfully talking to them! Whats the story with Site locals? Where's all this multicast traffic come from? What's the HD ratio, and is it important to me? How do I multihome? What's a home agent good for and why does my machine want one? Who's IKE and what's he doing in my kernel? What's the v6 equivilent tool for <x>? How do IPv6 only hosts talk to a IPv4 only host? How do IPv4 only hosts talk to IPv6 only hosts? Someone once said IPv6 gave me {security, QoS, addresses} for free, are they lying? misinformed? or is there some tiny element of truth? What are the pitfalls with v6 addresses and DNS? Do I need to update my resolvers? What's ULA, do I need it? Should I give dialup users a /20, /32, /48, /56, /64, /120, /127, or /128? What about DSL users? What about colo'd users? What about my fridge? Given an IPv6 address, can you derive it's MAC address? What are the privacy implications of this? How are these addressed? What's 6to4? ISATAP? 6over4? Teredo? SHIM6? Are these acronyms going to haunt my nightmares? How do I do NAT in an IPv6 world? What's AH and why is that going to mean I can't screw with my users traffic anymore? What's ESP and is that going to make firewalling troublesome? And what's the story with QoS? How on earth am I going to find 2**108 customers in two years to keep APNIC happy?)
Joe Abley wrote:
On 7-May-2006, at 14:16 , Perry Lorier wrote:
How on earth am I going to find 2**108 customers in two years to keep APNIC happy?)
Actually all you need is a plan to connect 200 end-users, for the record :-)
And I have a plan to be ruler of the galaxy in the next two years. It doesn't mean it's going to happen - oh dear!
Perry Lorier wrote:
*If* IPv6 ever grows a killer app (big if...)
Microsoft (quiet everyone... stop giggling!) thought P2P would be the Killer App for IPv6. http://www.microsoft.com/technet/itsolutions/network/p2p/default.mspx Maybe they still think that.
IPv6 is dissimilar enough from v4 to require some retraining. (What happened to all the ARP messages? Why don't I need DHCP? Why *do* I need DHCP? Why are addresses that begin with Fe80: special? 2002:? 3ffe:? What's the deal with RFC1918? Is it normal my machine has nearly 100 IPv6 addresses on a single interface? Why doesn't doing the obvious ping of a link local address work? Why shouldn't I assign ...:feed:cafe:babe:f00d as an address to a machine? Given a mac address, what IPv6 address would be dynamically assigned to this host? What's the story with DAD? and what's he doing on my network? I have an MTU of 576 on a link, what happened to my v6 traffic? Would it be better if it was 1000, 1100, 1200, 1300, 1400, 1500? How am I going to remember all these v6 addresses? What's the v6 address for localhost? What's the broadcast address on a v6 network? How do I enable v6 on the various host types inside my network? More importantly, quick, how do I turn it off again? If I have an IPv6 address on an interface, does that mean I can talk to v6 hosts on the Internet? Why does connecting to some hosts on the internet now take a long time, it didn't yesterday! What changed? My network is v4 only and has a NAT box in front of it to protect me from malicious traffic, how come all of these machines can talk to v6 machines on the internet? How come v6 machines on the internet are successfully talking to them! Whats the story with Site locals? Where's all this multicast traffic come from? What's the HD ratio, and is it important to me? How do I multihome? What's a home agent good for and why does my machine want one? Who's IKE and what's he doing in my kernel? What's the v6 equivilent tool for <x>? How do IPv6 only hosts talk to a IPv4 only host? How do IPv4 only hosts talk to IPv6 only hosts? Someone once said IPv6 gave me {security, QoS, addresses} for free, are they lying? misinformed? or is there some tiny element of truth? What are the pitfalls with v6 addresses and DNS? Do I need to update my resolvers? What's ULA, do I need it? Should I give dialup users a /20, /32, /48, /56, /64, /120, /127, or /128? What about DSL users? What about colo'd users? What about my fridge? Given an IPv6 address, can you derive it's MAC address? What are the privacy implications of this? How are these addressed? What's 6to4? ISATAP? 6over4? Teredo? SHIM6? Are these acronyms going to haunt my nightmares? How do I do NAT in an IPv6 world? What's AH and why is that going to mean I can't screw with my users traffic anymore? What's ESP and is that going to make firewalling troublesome? And what's the story with QoS? How on earth am I going to find 2**108 customers in two years to keep APNIC happy?)
OuchOuchOuch! :) -- Juha Saarinen www.geekzone.co.nz/juha www.computerworld.co.nz
On 7/05/2006 9:00 p.m., Joe Abley wrote:
Nobody should read my doom-saying and conclude that I dislike IPv6 for any particular reason. I think it's fun to play with; I just don't see a business reason for the average ISP or enterprise to worry about it, today.
The reason today for using a real IP address is (or should be) to see and be seen by the rest of the intraweb. If you don't need to be seen then RFC1914 will be fine, if you do, only IPv4 will cut it. Most (well me anyway) will probably not want their fridge (or car brakes) directly accessible by umpty million hackers.
"We will need this in 10 years, so we should start learning about it now" is an argument, I guess, but most ISPs of my acquaintance are more concerned with staying business for the next five years than they are with optimising their costs in ten.
Even when we 'run out' will those with IPv4 addresses shift to IPv6 because newbies can't get any more? Not likely unless there were some compelling reason - like ICANN started withdrawing IPv4 addresses. Even charging for them (Xtra charge $5pm for a static IP) doesn't stop demand. The thing that stops IPv6 is partly the need but mostly that there is no migration path. Now if there were some 'magic' IPv6 addresses that could be seen....... Bob
Robert Gray wrote:
On 7/05/2006 9:00 p.m., Joe Abley wrote:
Nobody should read my doom-saying and conclude that I dislike IPv6 for any particular reason. I think it's fun to play with; I just don't see a business reason for the average ISP or enterprise to worry about it, today.
The reason today for using a real IP address is (or should be) to see and be seen by the rest of the intraweb. If you don't need to be seen then RFC1914 will be fine, if you do, only IPv4 will cut it.
Most (well me anyway) will probably not want their fridge (or car brakes) directly accessible by umpty million hackers.
Then why on earth wouldn't you employ a firewall to protect your fridge/car brakes while allowing access to other parts of your network that you DO want to communicate to the outside world directly ? -- Steve.
On 8/05/2006 8:26 a.m., Steve Phillips wrote:
Then why on earth wouldn't you employ a firewall to protect your fridge/car brakes while allowing access to other parts of your network that you DO want to communicate to the outside world directly ?
Exactly. You'd do more than just a firewall, you'd want some of authentication device as well as a system to integrate control over a range of devices, hence the use of RFC1918 would be perfectly acceptable for the fridge, car brakes and so forth. In this way most would be happy with a single (maybe two but probably not) real IPv4 address Bob
Robert Gray wrote:
On 8/05/2006 8:26 a.m., Steve Phillips wrote:
Then why on earth wouldn't you employ a firewall to protect your fridge/car brakes while allowing access to other parts of your network that you DO want to communicate to the outside world directly ?
Exactly.
You'd do more than just a firewall, you'd want some of authentication device as well as a system to integrate control over a range of devices, hence the use of RFC1918 would be perfectly acceptable for the fridge, car brakes and so forth.
In this way most would be happy with a single (maybe two but probably not) real IPv4 address
I'm glad to see you've migrated from RFC1914 addresses (How to Interact with a Whois++ Mesh) for the purposes of this discussion. Still, I'm a little puzzled why a single IPv4 address (with lots of NAT behind it) is really any different from a single IPv6 prefix with lots of bits on the right hand side.
Andy Linton wrote:
Still, I'm a little puzzled why a single IPv4 address (with lots of NAT behind it) is really any different from a single IPv6 prefix with lots of bits on the right hand side.
Isn't that based on the assumption that NAT somehow constitutes a "firewall"? -- Juha Saarinen www.geekzone.co.nz/juha www.computerworld.co.nz
On 8/05/2006 9:06 a.m., Andy Linton wrote:
I'm glad to see you've migrated from RFC1914 addresses (How to Interact with a Whois++ Mesh) for the purposes of this discussion.
It was early :)
Still, I'm a little puzzled why a single IPv4 address (with lots of NAT behind it) is really any different from a single IPv6 prefix with lots of bits on the right hand side.
Mostly because I can access the former from (I'm guessing here) several million internet cafes and mobile networks around the world. The latter I can access from...... any advance on none? Bob
On Mon, 8 May 2006, Robert Gray wrote:
You'd do more than just a firewall, you'd want some of authentication device as well as a system to integrate control over a range of devices, hence the use of RFC1918 would be perfectly acceptable for the fridge, car brakes and so forth.
But that breaks down when you assuming one company is running my fridge and another is monitoring my car brakes. You have 20 companies using some sort of authentication mechanism against your firewall which probably gets a little hard from the average man in the street.
In this way most would be happy with a single (maybe two but probably not) real IPv4 address
Don't forget to add another IP for every WIFI capable cell phone in the household, plus anything else that is mobile. You do realize the world population is over 6 billion right? Quite a few of thsoe can scape enough togeather to afford a cellphone or home computer. Random stat: "BMI forecasts the total number of mobile subscribers in the [asia] region to reach 1.75 billion by 2010" -- Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ "To stay awake all night adds a day to your life" - Stilgar | eMT.
On 8/05/2006 11:35 a.m., Simon Lyall wrote:
But that breaks down when you assuming one company is running my fridge and another is monitoring my car brakes. You have 20 companies using some sort of authentication mechanism against your firewall which probably gets a little hard from the average man in the street.
Fair point, I guess it depend on what the point of it all is. I was coming from the view that users would use 'their' internet connection for their own purposes, turn the heater on before they get home, see if there cold beer in the fridge, stuff like that. I'm not sure I'd want to have outside companies accessing my domestic gear (to see how much and what type of beer we bought or to upgrade the ABS software on the brakes or whatever) except at a time and in a manner to suit me. Perhaps other might be happier with this?
Don't forget to add another IP for every WIFI capable cell phone in the household, plus anything else that is mobile.
I have several SIP phones (one wifi after Jonny's excellent talk). They all work fine across NAT and are as good if not better than the landline whose days are happily numbered.
Robert Gray wrote:
On 8/05/2006 11:35 a.m., Simon Lyall wrote:
Don't forget to add another IP for every WIFI capable cell phone in the household, plus anything else that is mobile.
I have several SIP phones (one wifi after Jonny's excellent talk). They all work fine across NAT and are as good if not better than the landline whose days are happily numbered.
I've been reading this week that there are about 1 billion fixed phone line and around 2 billion cellphones in the world. And if we get to the point where each of these need an IP address...
On 8/5/06 12:50 PM, "Andy Linton"
Robert Gray wrote:
On 8/05/2006 11:35 a.m., Simon Lyall wrote:
Don't forget to add another IP for every WIFI capable cell phone in the household, plus anything else that is mobile.
I have several SIP phones (one wifi after Jonny's excellent talk). They all work fine across NAT and are as good if not better than the landline whose days are happily numbered.
I've been reading this week that there are about 1 billion fixed phone line and around 2 billion cellphones in the world. And if we get to the point where each of these need an IP address...
Nokia, for instance, seem quite keen on the idea. v6 makes a lot of sense if you are going to put VoIP in a cellphone. Following on from that: NAT, as is well known, does not play well with some protocols (or vice versa, depending on your point of view). One of these is SIP. There are ways around this; they are messy and expensive and difficult to maintain. Now, if you start using SIPS (secure SIP), application level gateways for SIP/NAT simply become impossible. While this is not YET a significant problem... -- Michael Newbery IP Architect TelstraClear Limited Tel: +64-4-920 3102 Mobile: +64-29-920 3102 Fax: +64-4-920 3361
participants (12)
-
Andy Linton -
barry@unix.co.nz -
bmanning@vacation.karoshi.com -
Jamie Baddeley -
Joe Abley -
Juha Saarinen -
Lindsay Druett -
Michael Newbery -
Perry Lorier -
Robert Gray -
Simon Lyall -
Steve Phillips