A lot of people are talking about IPv6, but I’m using IPv4 and quite content. I have plenty of public addresses. As long as I’m not a large multi-national corporation, internally I have lots of room with private addresses. I keep hearing all this buzz about IPv6, but why should I care? What value does IPv6 bring to me?
As part of a series I would like to address 4 popular questions, one per blog post:
1. What’s wrong with IPv4?
2. What’s causing the Internet to grow and are these things I care about?
3. Is IPv4 address depletion a problem that could impact me?
4. Is a new solution warranted and does it bring any value to me?
Part 1 – What’s wrong with IPv4?
IPv4 was standardized in 1981 with 213 nodes on the Internet. Back then, an addressing system capable of dealing with 4 billion nodes seemed excessive. However, as the Internet started rapidly growing, it became apparent that this would not be enough. In order to slow the depletion of address space while a next generation solution was developed some conservation techniques were introduced:
• VLSM – Allow arbitrary power of 2 address assignment versus Class-based method
• NAT in tandem with private address space (RFC 1918)
• The “Scarcity” Mentality
Problems with the conservation techniques
If you look at an addressing system like the Postal system, you can see that it scales in an essentially unlimited fashion. No one worries about unused addresses on a street or whether we’ll run out of addresses. By contrast, with IPv4 in modern times there is a relatively limited number of addresses. For example, when you create a DMZ with public addresses – how big do you make it? What about your wireless networks? How much fun is it if you don’t make them big enough and have to resize? Wouldn’t it be nice if we had an addressing system more like the postal system?
If we look at the number of unique nodes attached to the Internet, we’re already past 11 billion in an addressing system only designed for 4. This requires NAT to group pools of users behind a single or overloaded set of addresses. At a small scale, this can be workable. However, as the ratio of users per IP continues to grow, problems begin to arise. In APNIC and RIPE (which are in depletion mode), IPv4’s continued growth is forcing the deployment of Carrier Grade NAT. And even in North America, carriers like AT&T and Verizon are already deploying CGN in anticipation of depletion for ARIN next year (2013). Because there aren’t enough IPv4 addresses, scarce public addresses must be shared with larger and larger groups of people. This causes several challenges including performance, security, and cost. It turns out that CGN tends to degrade or break video, gaming, and peer-to-peer applications. As more and more users are grouped behind a single IP address, the security implications also grow. A single user among thousands can get a whole group blacklisted. If your company blocks a bad IP, it may be blocking thousands of customers. Finally, it turns out that CGN is expensive to deploy and support. The irony is that it’s cheaper to for carriers to migrate to IPv6 then to deploy CGN.
On the internal network side, NAT has resulted in virtually all organizations using the RFC 1918 address space. This means that everyone uses overlapping networks. As a consequence, it causes interesting problems when providing remote access user VPN connectivity. It also makes mergers and acquisitions painful, frequently forcing renumbering or double NAT. Each B2B connection also becomes a chore, often requiring creative or double NAT solutions. And what’s frequently not accounted for is the operational overhead and cost of this approach. How much time is wasted trying to understand and troubleshoot creative NAT deployments? Is this really where we want to focus precious support and engineering time?
Engineering Power! I want to keep IPv4!
Perhaps the biggest problem with IPv4 that is amplified by the above points is the creation of a scarcity mentality. Instead of creating networks with plenty of room for growth there is far too much time spent on optimizing subnet sizes. In the physical world, getting an address isn’t a big deal. How many streets do you need? How many numbers? No problem – here you go. But in the virtual world, IPv4 has become a stranglehold sucking up far too much time and talent that would be better spent elsewhere. Don’t think you’re caught up in the scarcity mentality? How about a /16 for each network? Too much? Too “wasteful?” Where I grew up we used 5 digit street addresses. That allows 100,000 homes per street where there were at most 10. How can we justify that waste? Easy – because addresses should be plentiful and size shouldn’t matter.
Agree, disagree? Please leave a comment and share your thoughts.
Chris Grundemann’s presentation on CGN from the NAv6TF
The Total Cost of Ownership of CGN by Lee Howard of Time Warner
An IDC study showing it’s cheaper for carrier’s to deploy 6rd and transition to IPv6 than to sustain CGN
Cisco’s Visual Network Index tracking Internet Growth