RE: Re[4]: national security
Michel, > > The organization has 800 hosts, all behind NAT (they have PA space, NAT > is there for renumbering ease), and there is only a small fraction of > servers that have one-to-one NAT and therefore require a public IP per > host. In your average 800 hosts network (if such a thing exists) it > turns out that a /26 would have been enough. > > Where's the catch? This organization gets a frac-DS3, and the network > administrator thinks "what the hell, I have 800 hosts and therefore I'll > request 2 class Cs anyway even if I don't need them, it does not cost > more, and who knows if I won't need them later". The organization does > get 512 addresses out of which it really uses 50, but the network > administrator likes seating on a cushion especially if it costs nothing. And in the real world i'm shelling out almost $100 US for barely half a gig of burst transfer and two v4 addresses, from two providers. i have 9 hosts altogether, NATed behind the two gateway machines, which route v6 address space to the remainder of the hosts. But guess what... if i want v4 addresses on all the hosts, i have to shell out almost as much as i am paying for the circuits, with no throughput benefit. At least using the NAT/v6 combo, i can see all of my hosts and use some of their services from part of the public internet (albeit not very much of it). > > IPv4 addresses _are_ a commodity; on cheap markets (home/soho) more > addresses means more money. > And its a sad state of affairs, just like the DNS. Its like we are saying: "Oh yes, yes indeed, the internet is for everyone, regardless of religion, race, creed, financial standing, or ideology, as long as you have a major credit card. If not, bugger off, we dont like your type." > On more expensive links (above T1) it still > means money but that money is washed out in the bottom line. When home > DS-3s are available for $79/mo, expect to pay more money if you need > more than a handful of addresses. See above. Whereas I have a free v6 /48, as i probably would have a free v4 allocation if i were in the game around the time i was getting my first trs-80 from santa. > Pre-CIDR blocks sell on eBay, this is a gray market that I would not > recommend going into but it does happen anyway. When IPv4 addresses > become scarce, we will find out that lots of people that have stockpiled > them would be ready to let half of their block go if there is a sound > financial reason to do so. How does one go about routing something like that? > > IPv4 address will never run out. They will simply be available to > whoever has money to pay for them. > No, but market pressures cited above will render v4 obsolete quicker. Scott > Michel. > > > sleekfreak pirate broadcast world tour 2002-3 live from the pirate hideout http://sleekfreak.ath.cx:81/
RE: Re[4]: national security
> [EMAIL PROTECTED] wrote: > I'm more than happy to accept any realistic projections > that point to a change in the burn rate - if you know of > something I've overlooked, please enlighten us The "savings" due to NAT might be underestimated, which in turn pushes the v4 exhaustion even further than anticipated. Rationale: NAT is here and here to stay. Nevertheless, allocation policies still consider the "one host - one IP" rule valid. In reality, this turns into the following situation that I have seen at many customers lately: The organization has 800 hosts, all behind NAT (they have PA space, NAT is there for renumbering ease), and there is only a small fraction of servers that have one-to-one NAT and therefore require a public IP per host. In your average 800 hosts network (if such a thing exists) it turns out that a /26 would have been enough. Where's the catch? This organization gets a frac-DS3, and the network administrator thinks "what the hell, I have 800 hosts and therefore I'll request 2 class Cs anyway even if I don't need them, it does not cost more, and who knows if I won't need them later". The organization does get 512 addresses out of which it really uses 50, but the network administrator likes seating on a cushion especially if it costs nothing. IPv4 addresses _are_ a commodity; on cheap markets (home/soho) more addresses means more money. On more expensive links (above T1) it still means money but that money is washed out in the bottom line. When home DS-3s are available for $79/mo, expect to pay more money if you need more than a handful of addresses. Pre-CIDR blocks sell on eBay, this is a gray market that I would not recommend going into but it does happen anyway. When IPv4 addresses become scarce, we will find out that lots of people that have stockpiled them would be ready to let half of their block go if there is a sound financial reason to do so. IPv4 address will never run out. They will simply be available to whoever has money to pay for them. Michel.
Re: Re[4]: national security
On Sat, 29 Nov 2003 22:17:41 GMT, Tim Chown <[EMAIL PROTECTED]> said: > The "at current burn rate" assumption is far from safe though... Oh? Have any better-than-handwaving reasons to suspect the current allocation rate will change drastically? I don't forsee the cellphone or embedded markets taking much IPv4 address space - both of those areas are already pointing to IPv6. Much of the world isn't online yet, but quite frankly, those areas have severe infrastructure and economic problems to resolve before they start chewing up a lot of address space (yes, China and India have enough warm bodies to burn out the address space - they don't have the monetary units to do so). I'm more than happy to accept any realistic projections that point to a change in the burn rate - if you know of something I've overlooked, please enlighten us pgp0.pgp Description: PGP signature
Re: Re[4]: national security
On Sat, 29 Nov 2003, Tim Chown wrote: > On Fri, Nov 28, 2003 at 03:15:04PM -0500, [EMAIL PROTECTED] wrote: > > On Fri, 28 Nov 2003 20:06:26 +0100, "Anthony G. Atkielski" <[EMAIL PROTECTED]> > > said: > > > > > 33 bits > > > > 8,589,934,592 times as many addresses. At current burn rates, it will take > > us some 20 years to go through the *current* free IPv4 space. And nobody's > > proposed any killer app that will take millions of times more address > > space. > > The "at current burn rate" assumption is far from safe though... As is the concept of IP address space as a commodity item. > > Tim > > sleekfreak pirate broadcast world tour 2002-3 live from the pirate hideout http://sleekfreak.ath.cx:81/
Re: Re[4]: national security
On Fri, Nov 28, 2003 at 03:15:04PM -0500, [EMAIL PROTECTED] wrote: > On Fri, 28 Nov 2003 20:06:26 +0100, "Anthony G. Atkielski" <[EMAIL PROTECTED]> said: > > > 33 bits > > 8,589,934,592 times as many addresses. At current burn rates, it will take > us some 20 years to go through the *current* free IPv4 space. And nobody's > proposed any killer app that will take millions of times more address > space. The "at current burn rate" assumption is far from safe though... Tim
Re: Re[4]: national security
On Fri, 28 Nov 2003 18:40:53 +0100, Iljitsch van Beijnum said: > a /48 further deminishes the available bits. The situation is most > notable in the case of a home user, who would get a single IPv4 address > but gets a /48 in IPv6. So we've quadrupled our address space (in bits) > for a 50% gain... (Obviously the situation is much better when looking > at a university that has a /16 now and also gets a /48 as well.) OK, so a /48 has 50% more bits than a /32. On the other hand, I've heard no *major* problems with end users getting their /32 from their provider, and there's 65,536 more /48s. Also, remember that many end users are getting *multiple* IP's from their provider for SOHO use, and they'll only need one /48. pgp0.pgp Description: PGP signature
Re: Re[4]: national security
On Fri, 28 Nov 2003 20:06:26 +0100, "Anthony G. Atkielski" <[EMAIL PROTECTED]> said: > 33 bits 8,589,934,592 times as many addresses. At current burn rates, it will take us some 20 years to go through the *current* free IPv4 space. And nobody's proposed any killer app that will take millions of times more address space. pgp0.pgp Description: PGP signature
Re: Re[4]: national security
On 28-nov-03, at 14:47, Anthony G. Atkielski wrote: I guess not because I have no idea what you're talking about. There is a natural tendency to think that by dividing a 128-bit address field into two 64-bit fields, the address space is cut in half (or perhaps not diminished at all). Ah, I see what you mean now. However, the devision is a done deal as RFC 3513 mandates that all unicast IPv6 addresses except the ones starting with the bits 000 must have a 64-bit interface identifier in the lower 64 bits. This has some important advantages, most notably it allows stateless autoconfiguration. (However, this could have been done with 48 bits too.) But it does have the downside you mention by only leaving 64 bits for numbering subnets. The practice of giving all sites a /48 further deminishes the available bits. The situation is most notable in the case of a home user, who would get a single IPv4 address but gets a /48 in IPv6. So we've quadrupled our address space (in bits) for a 50% gain... (Obviously the situation is much better when looking at a university that has a /16 now and also gets a /48 as well.) Putting a 64-bit crypto-based host identifier in the bottom 64 bits of IPv6 addresses shouldn't get in the way of regular IPv6 addressing mechanisms and/or operation. There is even a trick to make sure there is no overlap with either MAC addresses/EUI-64s on the one hand and most manually configured addresses and RFC 3041 on the other hand by only using EUI-64 compatible values with the universal/local bit set to globally unique, but with the group bit set. It's unlikely you'll have 2^64 countries to accommodate; and it's equally unlikely that each of these countries will have exactly 2^64 hosts (no more, no less) to address, so you are wasting many bits of the address field. The plan isn't to encode a country in the first 64 bits. However, together with someone else I came up with an unrelated proposal a while ago that does encode a country in the IPv6 address. (You can find it at http://www.muada.com/drafts/ under the name "gapi".) In this proposal we use 16 bits to allocate a /32 to regions with 250 - 500 thousand inhabitants, so there is no fixed boundary for the country number.
