Why Should I Consider IPv6?

A lot of people are talking about IPv6, but I’m using IPv4 and quite content. I have plenty of public addresses. As long as I’m not a large multi-national corporation, internally I have lots of room with private addresses. I keep hearing all this buzz about IPv6, but why should I care? What value does IPv6 bring to me?

As part of a series I would like to address 4 popular questions, one per blog post:
1. What’s wrong with IPv4?
2. What’s causing the Internet to grow and are these things I care about?
3. Is IPv4 address depletion a problem that could impact me?
4. Is a new solution warranted and does it bring any value to me?

Part 1 – What’s wrong with IPv4?

IPv4 was standardized in 1981 with 213 nodes on the Internet. Back then, an addressing system capable of dealing with 4 billion nodes seemed excessive. However, as the Internet started rapidly growing, it became apparent that this would not be enough. In order to slow the depletion of address space while a next generation solution was developed some conservation techniques were introduced:
• VLSM – Allow arbitrary power of 2 address assignment versus Class-based method
• NAT in tandem with private address space (RFC 1918)
• The “Scarcity” Mentality

Problems with the conservation techniques

If you look at an addressing system like the Postal system, you can see that it scales in an essentially unlimited fashion. No one worries about unused addresses on a street or whether we’ll run out of addresses. By contrast, with IPv4 in modern times there is a relatively limited number of addresses. For example, when you create a DMZ with public addresses – how big do you make it? What about your wireless networks? How much fun is it if you don’t make them big enough and have to resize? Wouldn’t it be nice if we had an addressing system more like the postal system?

If we look at the number of unique nodes attached to the Internet, we’re already past 11 billion in an addressing system only designed for 4. This requires NAT to group pools of users behind a single or overloaded set of addresses. At a small scale, this can be workable. However, as the ratio of users per IP continues to grow, problems begin to arise. In APNIC and RIPE (which are in depletion mode), IPv4’s continued growth is forcing the deployment of Carrier Grade NAT. And even in North America, carriers like AT&T and Verizon are already deploying CGN in anticipation of depletion for ARIN next year (2013). Because there aren’t enough IPv4 addresses, scarce public addresses must be shared with larger and larger groups of people. This causes several challenges including performance, security, and cost. It turns out that CGN tends to degrade or break video, gaming, and peer-to-peer applications. As more and more users are grouped behind a single IP address, the security implications also grow. A single user among thousands can get a whole group blacklisted. If your company blocks a bad IP, it may be blocking thousands of customers. Finally, it turns out that CGN is expensive to deploy and support. The irony is that it’s cheaper to for carriers to migrate to IPv6 then to deploy CGN.

On the internal network side, NAT has resulted in virtually all organizations using the RFC 1918 address space. This means that everyone uses overlapping networks. As a consequence, it causes interesting problems when providing remote access user VPN connectivity. It also makes mergers and acquisitions painful, frequently forcing renumbering or double NAT. Each B2B connection also becomes a chore, often requiring creative or double NAT solutions. And what’s frequently not accounted for is the operational overhead and cost of this approach. How much time is wasted trying to understand and troubleshoot creative NAT deployments? Is this really where we want to focus precious support and engineering time?

Engineering Power!  I want to keep IPv4!

Perhaps the biggest problem with IPv4 that is amplified by the above points is the creation of a scarcity mentality. Instead of creating networks with plenty of room for growth there is far too much time spent on optimizing subnet sizes. In the physical world, getting an address isn’t a big deal. How many streets do you need? How many numbers? No problem – here you go. But in the virtual world, IPv4 has become a stranglehold sucking up far too much time and talent that would be better spent elsewhere. Don’t think you’re caught up in the scarcity mentality? How about a /16 for each network? Too much? Too “wasteful?” Where I grew up we used 5 digit street addresses. That allows 100,000 homes per street where there were at most 10. How can we justify that waste? Easy – because addresses should be plentiful and size shouldn’t matter.

Agree, disagree?  Please leave a comment and share your thoughts.

References

Chris Grundemann’s presentation on CGN from the NAv6TF
The Total Cost of Ownership of CGN by Lee Howard of Time Warner
An IDC study showing it’s cheaper for carrier’s to deploy 6rd and transition to IPv6 than to sustain CGN
Cisco’s Visual Network Index tracking Internet Growth

 

James Small

James Small

James Small is a Sr. Consultant at CDW where he does Network/Security Architecture and Engineering as well as evangelizing IPv6. In addition to following the latest I-D's from IETF v6 WGs, he also enjoys watching his oldest play hockey.
James Small

Latest posts by James Small (see all)

  • http://twitter.com/kiwigeraint Geraint Jones

    The biggest issue I see with v4 in the short term is the growth of routing tables. As RIR’s start rationing space and allocating out of returned space carriers will have have their hands tied and will end up injecting /24’s into the global table because they will be getting given the scraps of what’s available. Sure Moore’s law is making processing ever cheaper, but there are a lot of players out there who run old kit because they cannot afford newer.

    • James Small

      Geraint – as you mentioned, modern hardware can cope with the prefix growth. A more challenging problem is the lack of sufficient address space in IPv4. I had to qualify the beginning of the article with as long as you’re not a large multi-national – that’s because many large companies have exhausted the private address space. Once you get to this point you are either stuck with using non-advertised address space and hoping you never have to do business with the owner or double NAT. As you continue down this path you get to the point that the large carriers did about 10 years ago – the realization that its cheaper to deploy IPv6.

  • http://phoneboy.com phoneboy

    You can opine about the technical benefits of IPv6 all you want. Technical benefits are the wrong argument to make to the C Suite, who don’t know IP from IPX. They see IPv6 as something with no real tangible benefit to them or the business. And, for the most part, they’re right.

    My theory is that we won’t see mass IPv6 adoption until pr0n goes IPv6 only.

    • James Small

      I agree that the case for IPv6 must be tailored to the audience. This series is targeted at a technical audience although I will also cover business benefits. Keep reading the next 3 posts and then let me know if you still believe there are no business benefits.

  • Patrick Klos

    The way you talk about “scarcity mentality” makes it sound as if the scarcity is only perceived? Isn’t it more accurately a “scarcity reality”? The Internet really is running out of IP addresses. Organizations are having to be more prudent with their limited allocations. These network engineers will breathe a sigh of relief when they can stop fooling around with IPv4 networks and start doling out IPv6 only subnets, but that day won’t be here for a while, and cannot even be considered until everyone starts getting on the IPv6 bandwagon. It’s a good thing that large web sites are supporting both IPv4 and IPv6, helping support and bring attention to the issue.

    • NeilTAnderson

      I think in the internal network case, it’s also a bit of a mentality. There are plenty of clients that I have worked with who _perceive_ a scarcity of internal addresses because they have policies around their use of RFC1918 addresses. Actually it’s pretty hard to max out the 10.0.0.0/8 space, but there are a lot of organisations out there who think they’re nearly there.

      • http://www.klos.com/ Patrick Klos

        Interesting. I was trying to understand how big a company has to be to use up 16 million “internal” IP addresses, but my exposure to companies anywhere near that size is extremely limited, so I’m sure there are many factors I couldn’t even conceive of.

        Out of curiosity, I just looked up “largest employer in the world”, and according to Wikipedia, it’s the United States Department of Defense, with 3.2 million employees. Now, I suspect the DoD has plenty of public IP addresses to suit their needs, but they could still set up an “internal” network and give 4 IP addresses to each employee and still not run out! The largest private employer seems to be Walmart with 2.1 million employees, but I’m sure many (if not most) of those employees don’t need IP addresses of their own, let alone several of them.

        So how is any organization using up 16 million private IP addresses?!? Good question – I have no answer.

        • NeilTAnderson

          It’s not as straight forward as employee number though. Apart from anything else, no-one uses the 10 network as a /8 (that I’ve ever seen). Certainly plenty of clients I work with who set policies around the minimum subnet size. In larger environments there’s usually routing policies in place about the minimum size of the subnet.

          So you actually have the scarcity mentality both ways: /16 is too much because it wastes space for a subnet that’s going to have about 30 hosts on it, /27 is too small because a bunch of /27 routes fill up the routing table and affect core router performance.

          • James Small

            “/16 is too much.” The fact that we’re debating about optimal subnet sizes is further proof that IPv4 is overtaxed. We need an addressing system where address space is so vast that there’s no point in discussing it. Everyone gets a standard huge size that’s inexhaustable and we all focus on more interestinig things. :-)

          • NeilTAnderson

            Agreed!

        • James Small

          See my above comment on using up the private address space – it’s actually not that hard for a large organization. The DOD is an especially interesting example as they started deploying IPv6 in the early 2000’s. As for devices per person, the Yankee Group estimates it will be 10 by 2015. And as you know you can’t get perfect utilization of a subnet. With wireless especially where you have constant flux I doubt you could even achieve 50%. We’ll dig into all of this more in the coming posts.

      • James Small

        @Neil – actually there are many large multi-nationals who have run out of private addresses (all 10/8, 172.16/12, and 192.168/16). BYOD has put a tremendous strain on large organizations – we’ll talk about this more in future posts. Also, this is not speculation I know first hand.

        • NeilTAnderson

          I’m currently working for an organisation that has “exhausted” the private IPv4 space, so I’m not saying it’s not possible. My point is that it’s the subnet assignment policies that have caused the exhaustion, not the idea that every RFC1918 address is in use. I’m willing to bet that none of the multi-nationals you refer to are using 10/8 as one flat subnet.

          While BYOD is a factor here, there are relatively simple solutions to that whereby the BYOD network is segmented and given an overlapping address space. IPv6 is the strategic solution to all of these problems though.

  • Zac Barnard

    I think it will be quite interesting over the next few years. When ISP customers get fed up with their internet not working there will be enough motivation to purchase IPv6 capable CPE and migrate to an IPv6 enabled ISP. Gamers will be the first group to migrate across as they are usually very fussy about the quality of their internet connections.

7ads6x98y