People who got addresses in the 80s and 90s did so under a certain set of conditions. They've implemented their infrastructure accordingly. I don't believe that they should then be forced to undergo substantial financial cost because the world has lagged in implementing an available solution. For example: you've had to justify your use of IPv4 to your upstream - but have you implemented dual-stack IPv6 in parallel?
Implementing NAT for those who have /8 would probably only postpone the problem for a few months at the rate that IPv4 is currently being exhausted. Soon we'll have ISP level NAT, and we'll see all sorts of applications breaking (because they are behind multiple layers of NAT, and at both ends). NAT is not a solution, and won't extend IPv4 address lifespan for any significant period of time. We have 1-2 years of IPv4 address allocation left (depending on what region you are in), and then it's IPv6 onwards. Start preparing. Cheers Ken -----Original Message----- From: James Hill [mailto:james.h...@superamart.com.au] Sent: Monday, 7 February 2011 3:27 PM To: NT System Admin Issues Subject: RE: [semi-OT] Last IPv4 address blocks assigned Now I'm with you, "hand them back" helped me see what angle you were coming from. There has been an increasing squeeze on IP address allocation for a few years now. Whenever I've had to request public addresses over the last few years I've had to list what they were going to be used for. So basically I've had to justify the need. It most certainly hasn't been a free run in my experience and hence why I object to those who have used excess seemingly "freely" for a long time now. I never disagreed that NAT wasn't the long term solution, but I'm still sticking to my belief that poor usage of the available address space has resulted in a shorter lifespan for it. -----Original Message----- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, 7 February 2011 4:22 PM To: NT System Admin Issues Subject: RE: [semi-OT] Last IPv4 address blocks assigned NAT is a workaround that is merely extending the problem. NAT didn't exist until very recently, and NAT will go away once we have IPv6 And secondly, it's not the "big players" that have been having a free run - anyone small or big could have asked for IP address space at any time. It's only become a problem now because we are running out, and no one's been actively migrating to IPv6. NAT is NOT the solution. Forcing costs onto one group of people who've followed the rules, so as to allow everyone else to prolong the agony, is just making the situation worse. CIDR: http://en.wikipedia.org/wiki/CIDR. CIDR will not work if we take random chunks of address space and just "hand them back" to be re-used somewhere else. Cheers Ken -----Original Message----- From: James Hill [mailto:james.h...@superamart.com.au] Sent: Monday, 7 February 2011 2:05 PM To: NT System Admin Issues Subject: RE: [semi-OT] Last IPv4 address blocks assigned NAT doesn't work for all things. > No of course not but that's not an excuse for it to not be used. Surely it > can be used for the majority of traffic? Universities also have the type of applications that simply exceeded the capabilities of most commercial network devices. When I worked at a Uni, AARNET was already in the gbps speed, and that was quite a while ago. > I highly doubt that there aren't commercial devices that can handle this now > and for the last several years. ISP's had to be using something all these > years. Because they don't have to. You're not any more entitled to the space as the next person. > This is the REAL issue. They don't have to so they don't care. They were > allocated excessive IP's and so they never had to design their networks in > any other manner. IPV6 may have been around for a long time but it wasn't suitable for use 10 years ago or even now in some cases. > Because it wasn't the standard and everything that goes along with that. > Apps, operating systems etc that just didn't support it and some that still > don't. If it was the way to go why didn't uni's implement it solely 10 years > ago? Lastly, a Class C is only 256 addresses. In Australia (I used to work at UNSW), we have Unis that have 10,000+ staff, and 30,000+ students. That's bigger than most companies, and most ISPs. A Class C (256 addresses) would simply be way too small for that type of organisation. FWIW we had two Class Bs. > I'm not denying that it isn't a big network and that there isn't a > requirement for more public IP's. But even then not all of those staff and > students are active on the network at the same time. It's also clear (as per > Jack's email) that many of the public IP's are NOT in use. Huh? What are you talking about. This isn't a problem for the Uni. It's a problem for the majors at peering points. CIDR (for example) doesn't work unless there's a hierarchical address space. > You'll need to explain where you are coming from on this one before I can > comment. In particular who you regard as majors/peering points. James. -----Original Message----- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, 7 February 2011 2:38 PM To: NT System Admin Issues Subject: RE: [semi-OT] Last IPv4 address blocks assigned NAT uses ports - there's a limit of about 65,000 of those per NAT device. And why should Universities have to configure NAT? We've had IPv6 for 10+ years now. Maybe people should get around to migrating. Getting some IP address space back from a Uni is going to postpone the problem by a day or two at most. And lastly, there's the complexity of routing. You can't just take random bits of address space hacked out from existing netblocks and efficiently put them into routing tables. Cheers Ken -----Original Message----- From: James Hill [mailto:james.h...@superamart.com.au] Sent: Monday, 7 February 2011 11:30 AM To: NT System Admin Issues Subject: RE: [semi-OT] Last IPv4 address blocks assigned It's always amazed me that universities don't seem to know how to configure NAT. If all of the uni's and big businesses that have ridiculous amount of public ip's learned how to use NAT then the V4 space would have lasted longer. It would have been easier for organisations that actually needed more public IP's to get them too over the last few years. -----Original Message----- From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Saturday, 5 February 2011 1:20 AM To: NT System Admin Issues Subject: Re: [semi-OT] Last IPv4 address blocks assigned Ouch! I would say at least 30,000 to 40,000 user machines plus things like servers, HPCC farms, appliances, and VMs. We have a student population of about 47,000 plus about 11,000 staff, though not all of those users are on campus at any given moment. There's no NAT on campus so unless you set up a NAT device yourself you're going to get a public IP. Our dormitory population is about 18,000 - each of those machines receives an IP from the dormitory DHCP range, which is protected by the campus border firewall/IPS. Wireless machines also receive externally facing IPs but are shielded by the border systems as well. (And, of course, lots of students have wireless laptops or things like iPods, etc.) Staff machines can either be DHCP or static; static addresses are publicly accessible by default while DHCP ranges are protected by the border unless requested otherwise. Obviously not every student is online at any given moment, but their IP reservations are protected by the campus DHCP servers for something like 3 months from last activity - just long enough that you have to get a new reservation when you come back from summer break. The campus backbone network is where things get interesting - we've just been upgraded to 10Gb for building interconnects with most buildings at 1Gb internal networking and our fibre network extends into some areas of downtown Lansing (the local hospital, for instance) as well as to some of our satellite sites around the state. It's a big network, even if my little departmental piece of it isn't so vast. ---- Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 2/4/11 9:57 AM, "Martin Blackstone" <mblackst...@gmail.com> wrote: >50 > >-----Original Message----- >From: Crawford, Scott [mailto:crawfo...@evangel.edu] >Sent: Friday, February 04, 2011 6:55 AM >To: NT System Admin Issues >Subject: RE: [semi-OT] Last IPv4 address blocks assigned > >out of curiosity, how many computers does that serve? > >________________________________________ >From: Kramer, Jack [jack.kra...@ur.msu.edu] >Sent: Friday, February 04, 2011 8:13 AM >To: NT System Admin Issues >Subject: Re: [semi-OT] Last IPv4 address blocks assigned > >The nice thing about being at a public university - 520,000 IP addresses. >(Michigan State has 35.8 through 35.15.) I wonder if we can sell them? >It'd help make up for state budget cuts. > >---- >Jack Kramer >Computer Systems Specialist >University Relations, Michigan State University >w: 517-884-1231 / c: 248-635-4955 > > > > >On 2/3/11 5:43 PM, "Ben Scott" <mailvor...@gmail.com> wrote: > >> It's official. Today (Thr 3 Feb 2010), IANA delegated the last free >>IPv4 address blocks to the Regional Internet Registries. There are no >>free blocks left. >> >>http://arstechnica.com/tech-policy/news/2011/02/river-of-ipv4-addresse >>s >>-of >>ficially-runs-dry.ars >> >> It will doubtless take a little time for those blocks to trickle >>down to actual network operators. And, of course, just because >>address space is assigned doesn't mean it's used; some "idle" blocks >>may be released or even sold. >> >> But any which way you slice it, the writing on the wall is clear: >>Getting public IPv4 addresses is going to become increasingly >>difficult. >> >> Welcome to IPv6. Hope you brought your helmet. >> >>-- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
