One year ago today, at 12:36pm EDT, Facebook On This Day reminds me, John Curran announced that the last IPv4 address block in ARIN's Free Pool had been assigned. How's that been workin' out for everyone? Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
On 25/09/2016 01:54, Jay R. Ashworth wrote:
One year ago today, at 12:36pm EDT, Facebook On This Day reminds me, John Curran announced that the last IPv4 address block in ARIN's Free Pool had been assigned.
How's that been workin' out for everyone?
If you'll all indulge a bit of a RIPE-centric reply on this; I've was allocated a /22 from around half-way through 185.169.0.0/16 last week (185 being RIPE's final /8). Assuming that RIPE are allocating sequentially - and I believe they are - This means that they have consumed around 66.5% of their final /8. They started allocating from this in September 2012, which suggests a reasonably low consumption rate but the RIPE final /8 will be exhausted in around two years time. I can't find an equivalent ARIN page of "how much we've allocated from our last /8" - the statistics show that just over 2x /16s worth have been assigned/allocated between January 2016 and July 2016, so a lower rate by some margin than RIPE - but there are of course policy differences at play there. Now the operational question of "How has this affected us" is probably best answered with "We've had to pay real money for IPv4 addresses since then." What may be much more interesting is what happens when the fairly ready supply of IPv4 addresses in the secondary transfer market starts to dry up. Just throwing additional money at the problem will probably not be an effective or viable solution then. I'm sure that Geoff Huston has a much more accurate and colourful set of predictions than my back-of-envelope calculations for those interested! Paul.
On Sunday, September 25, 2016, Paul Thornton <paul@prt.org> wrote:
On 25/09/2016 01:54, Jay R. Ashworth wrote:
One year ago today, at 12:36pm EDT, Facebook On This Day reminds me, John Curran announced that the last IPv4 address block in ARIN's Free Pool had been assigned.
How's that been workin' out for everyone?
If you'll all indulge a bit of a RIPE-centric reply on this; I've was allocated a /22 from around half-way through 185.169.0.0/16 last week (185 being RIPE's final /8).
Assuming that RIPE are allocating sequentially - and I believe they are - This means that they have consumed around 66.5% of their final /8. They started allocating from this in September 2012, which suggests a reasonably low consumption rate but the RIPE final /8 will be exhausted in around two years time.
I can't find an equivalent ARIN page of "how much we've allocated from our last /8" - the statistics show that just over 2x /16s worth have been assigned/allocated between January 2016 and July 2016, so a lower rate by some margin than RIPE - but there are of course policy differences at play there.
Now the operational question of "How has this affected us" is probably best answered with "We've had to pay real money for IPv4 addresses since then." What may be much more interesting is what happens when the fairly ready supply of IPv4 addresses in the secondary transfer market starts to dry up. Just throwing additional money at the problem will probably not be an effective or viable solution then.
I'm sure that Geoff Huston has a much more accurate and colourful set of predictions than my back-of-envelope calculations for those interested!
Paul.
For your use case , would ipv6 solve anything? Think it is fair to say big content and big eyeballs have moved to IPv6 (notable exceptions exist) http://www.internetsociety.org/deploy360/blog/2016/08/facebook-akamai-pass-m...
On 25/09/2016 17:29, Ca By wrote:
For your use case , would ipv6 solve anything?
Think it is fair to say big content and big eyeballs have moved to IPv6 (notable exceptions exist)
http://www.internetsociety.org/deploy360/blog/2016/08/facebook-akamai-pass-m...
Yes of course. Let's make the assumption that these people are happily v6 enabled but need to support v4 for the foreseeable future. Take, for example, large hosting environments. NAT isn't an option, nor is v6 only at this point. For them, the only option to provide unique v4 addresses for customers is to purchase it. We may be in luck, and the v6 tipping point happens before the transfer market runs out of reasonably-priced supply, and our hypothetical example above can default to v6 only. If that happens, fantastic - but I'm not sure I'd bet on it, even given the improved v6 takeup in the past year or two. Paul.
On Sunday, September 25, 2016, Paul Thornton <paul@prt.org> wrote:
On 25/09/2016 17:29, Ca By wrote:
For your use case , would ipv6 solve anything?
Think it is fair to say big content and big eyeballs have moved to IPv6 (notable exceptions exist)
http://www.internetsociety.org/deploy360/blog/2016/08/facebo ok-akamai-pass-major-milestone-over-50-ipv6-from-us-mobile-networks/
Yes of course. Let's make the assumption that these people are happily v6 enabled but need to support v4 for the foreseeable future.
Take, for example, large hosting environments. NAT isn't an option, nor is v6 only at this point. For them, the only option to provide unique v4 addresses for customers is to purchase it.
We may be in luck, and the v6 tipping point happens before the transfer market runs out of reasonably-priced supply, and our hypothetical example above can default to v6 only. If that happens, fantastic - but I'm not sure I'd bet on it, even given the improved v6 takeup in the past year or two.
Paul.
I think how this will work out is that IPv4 becomes decoupled from hosting / cloud, and those IPv4 service have to be shared via L7 load balancing and / or CDN that has ipv4. Meaning hosts have ipv6 and need to subscribe to "ipv4 as a service " I think the big networks are sharding based on ip protocol. Here is stack for ipv4 (decling use), here is a stack for ipv6 (increasing use, over 50% of all traffic in many cases today, especially mobile) The idea of dual stack probably wont last long. The service is available as dual stack, but the back end is real ipv6 and magic hack ipv4. Just $0.02 on trajectory
On Sun, Sep 25, 2016, at 18:29, Ca By wrote:
Think it is fair to say big content and big eyeballs have moved to IPv6 (notable exceptions exist)
http://www.internetsociety.org/deploy360/blog/2016/08/facebook-akamai-pass-m...
Big, yes, many - not really. While looking in the flow logs I could see the same (bandwidth intensive) destinations again and again. It's like ~4-5 destinations doing at least half of the IPv6 traffic.
In message <1474836642.4090975.736557521.25674A77@webmail.messagingengine.com>, "Radu-Adrian Feurdean" writes:
On Sun, Sep 25, 2016, at 18:29, Ca By wrote:
Think it is fair to say big content and big eyeballs have moved to IPv6 (notable exceptions exist)
http://www.internetsociety.org/deploy360/blog/2016/08/facebook-akamai-pass-m...
Big, yes, many - not really. While looking in the flow logs I could see the same (bandwidth intensive) destinations again and again. It's like ~4-5 destinations doing at least half of the IPv6 traffic.
But it shows that if you turn on IPv6 on the servers you will get IPv6 traffic. We are no longer is a world where turning on IPv6 got you a handful of connections. There are billions of devices that can talk IPv6 to you today the moment you allow them to. Can all your customers talk IPv6 to you? No. It the proportion of customers that can talk IPv6 to you increasing? Yes. Is somewhere between 11-14% worldwide enough for you to invest the time to turn on IPv6 enough? It should be. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Sun, Sep 25, 2016, at 23:27, Mark Andrews wrote:
But it shows that if you turn on IPv6 on the servers you will get IPv6 traffic. We are no longer is a world where turning on IPv6 got you a handful of connections. There are billions of devices that can talk IPv6 to you today the moment you allow them to.
I know, but for the "server guys" turning on IPv6 it's pretty low on priority list.
Can all your customers talk IPv6 to you? No. It the proportion of customers that can talk IPv6 to you increasing? Yes.
My customers are eyeballs. Residential ones have dual-stack by default, business - some have, some don't and some explicitly refuse (or ask for v6 to be disabled).
Is somewhere between 11-14% worldwide enough for you to invest the time to turn on IPv6 enough? It should be.
Since they (the 11-14% worldwide) do have IPv4 anyway, some consider it's not worth; at least not yet. The issue with IPv6 deployment it's not as simple as some people suggest. It's not a technical problem either, but it's a big one.
On Sep 25, 2016, at 3:58 PM, Radu-Adrian Feurdean <nanog@radu-adrian.feurdean.net> wrote:
On Sun, Sep 25, 2016, at 23:27, Mark Andrews wrote:
But it shows that if you turn on IPv6 on the servers you will get IPv6 traffic. We are no longer is a world where turning on IPv6 got you a handful of connections. There are billions of devices that can talk IPv6 to you today the moment you allow them to.
I know, but for the "server guys" turning on IPv6 it's pretty low on priority list.
Which is a selfish, arrogant, and extremely short-sighted and unenlightened view of self-interest. (see below)
Can all your customers talk IPv6 to you? No. It the proportion of customers that can talk IPv6 to you increasing? Yes.
My customers are eyeballs. Residential ones have dual-stack by default, business - some have, some don't and some explicitly refuse (or ask for v6 to be disabled).
If you don’t want to face an escalating nightmare for supporting those businesses in the last category in the future, you should probably be educating them today. Sure, go ahead and do what they want, but at least make a stab at letting them know why this might not be such a great idea going forward.
Is somewhere between 11-14% worldwide enough for you to invest the time to turn on IPv6 enough? It should be.
Since they (the 11-14% worldwide) do have IPv4 anyway, some consider it's not worth; at least not yet.
This is a circular argument… The 11-14% still have IPv4 through various increasingly fragile and unscalable mechanisms mainly to deal with servers that haven’t deployed IPv6 yet. If all the servers they want to reach had IPv6, it would be relatively easy and highly desirable for their ISPs to turn off their IPv4 relatively quickly. OTOH, the server guys (mostly) can’t get to pure IPv6 because of the lagging eyeball networks that don’t universally deploy IPv6 to all of their customers. It’s like a perverse form of constructive resonance where each one feeds on the other in an escalating destructive cycle. Unfortunately, the ones suffering are not the ones causing the problem, so it becomes another typical example of what is classically known as the “toxic polluter” problem of capitalist economies. (Absent regulation or morality, dump your toxic waste in such a location as it doesn’t cause you a problem, without regard to the impact on others is the most cost effective solution to the problem)
The issue with IPv6 deployment it's not as simple as some people suggest. It's not a technical problem either, but it's a big one.
For the vast majority of networks, it’s not a big problem, but it hasn’t achieved adequate visibility as a business continuity risk, so it continues to plod along and laggards continue to inflict remote damage. The good news is that as more and more of the larger content and eyeball networks deploy more and more IPv6, the remaining laggards will rapidly become less and less relevant until it’s no longer worth holding up progress on the internet just for the sake of keeping them connected. They will become a series of disconnected IPv4 islands in an IPv6 ocean that passes them by as they sail off into obscurity. Owen
In message <1474840690.4107784.736591409.28E807DF@webmail.messagingengine.com>, "Radu-Adrian Feurdean" writes:
On Sun, Sep 25, 2016, at 23:27, Mark Andrews wrote:
But it shows that if you turn on IPv6 on the servers you will get IPv6 traffic. We are no longer is a world where turning on IPv6 got you a handful of connections. There are billions of devices that can talk IPv6 to you today the moment you allow them to.
I know, but for the "server guys" turning on IPv6 it's pretty low on priority list.
Are those server guys interested in stopping attacks without collateral damage? You can't say that a IPv4 address == 1 customer today. Any protection measures you put in place based on IPv4 addresses are likely to affect more than one customer.
Can all your customers talk IPv6 to you? No. It the proportion of customers that can talk IPv6 to you increasing? Yes.
My customers are eyeballs. Residential ones have dual-stack by default, business - some have, some don't and some explicitly refuse (or ask for v6 to be disabled).
Lots of residentual customers don't have a unshared IPv4 address. The only reason you are seeing IPv4 from them is that the ISP has had to spend money working around the sheer lazyness of content providers in not providing IPv6.
Is somewhere between 11-14% worldwide enough for you to invest the time to turn on IPv6 enough? It should be.
Since they (the 11-14% worldwide) do have IPv4 anyway, some consider it's not worth; at least not yet.
Actually almost all of the world does not have complete IPv4, they have a subset of IPv4. You have just got used to not having complete IPv4.
The issue with IPv6 deployment it's not as simple as some people suggest. It's not a technical problem either, but it's a big one.
In most cases it is just a matter of turning it on. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Mon, Sep 26, 2016, at 01:01, Mark Andrews wrote:
In message <1474840690.4107784.736591409.28E807DF@webmail.messagingengine.com>, "Radu-Adrian Feurdean" writes:
I know, but for the "server guys" turning on IPv6 it's pretty low on priority list.
Are those server guys interested in stopping attacks without collateral damage? You can't say that a IPv4 address == 1 customer today. Any protection measures you put in place based on IPv4 addresses are likely to affect more than one customer.
To put in context, I live and work in France, where NO mobile operator provides IPv6, but they do use CGN. Wired-line operators (some, not all) barely start deploying CGNAT on some of the new customers. Pro/business access operators MUST provide IPv4 in order to be able to survive. Things will probably change, but this is the situation today. So "1 IPv4 = several customers" it's either mobile (with no alternative and separate abuse handling process) or negligible.
My customers are eyeballs. Residential ones have dual-stack by default, business - some have, some don't and some explicitly refuse (or ask for v6 to be disabled).
Lots of residentual customers don't have a unshared IPv4 address. The only reason you are seeing IPv4 from them is that the ISP has had to spend money working around the sheer lazyness of content providers in not providing IPv6.
Lots of residential customers still do here.
Is somewhere between 11-14% worldwide enough for you to invest the time to turn on IPv6 enough? It should be.
Since they (the 11-14% worldwide) do have IPv4 anyway, some consider it's not worth; at least not yet.
Actually almost all of the world does not have complete IPv4, they have a subset of IPv4. You have just got used to not having complete IPv4.
The issue with IPv6 deployment it's not as simple as some people suggest. It's not a technical problem either, but it's a big one.
In most cases it is just a matter of turning it on.
... and in some of those cases turning it on is subject to a "change request" that requires validation from some level of management that requests the answers to questions similar to following : "What do we gain from this ? What does it cost to turn on ? What does it cost to support the new feature ?". Giving acceptable answers to people that don't necessarily understand IPv6 (some of them having spent their entire life in "IPv4-only, behind NAT" environments) is not that obvious, and this is the core of the "non-technical problem". You probably don't have to deal a lot with this kind of people....
ARIN exhausted their last /8 about a year ago. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Paul Thornton" <paul@prt.org> To: nanog@nanog.org Sent: Sunday, September 25, 2016 11:19:01 AM Subject: Re: One Year On: IPv4 Exhaust On 25/09/2016 01:54, Jay R. Ashworth wrote:
One year ago today, at 12:36pm EDT, Facebook On This Day reminds me, John Curran announced that the last IPv4 address block in ARIN's Free Pool had been assigned.
How's that been workin' out for everyone?
If you'll all indulge a bit of a RIPE-centric reply on this; I've was allocated a /22 from around half-way through 185.169.0.0/16 last week (185 being RIPE's final /8). Assuming that RIPE are allocating sequentially - and I believe they are - This means that they have consumed around 66.5% of their final /8. They started allocating from this in September 2012, which suggests a reasonably low consumption rate but the RIPE final /8 will be exhausted in around two years time. I can't find an equivalent ARIN page of "how much we've allocated from our last /8" - the statistics show that just over 2x /16s worth have been assigned/allocated between January 2016 and July 2016, so a lower rate by some margin than RIPE - but there are of course policy differences at play there. Now the operational question of "How has this affected us" is probably best answered with "We've had to pay real money for IPv4 addresses since then." What may be much more interesting is what happens when the fairly ready supply of IPv4 addresses in the secondary transfer market starts to dry up. Just throwing additional money at the problem will probably not be an effective or viable solution then. I'm sure that Geoff Huston has a much more accurate and colourful set of predictions than my back-of-envelope calculations for those interested! Paul.
On 9/25/16 9:19 AM, Paul Thornton wrote:
I can't find an equivalent ARIN page of "how much we've allocated from our last /8" - the statistics show that just over 2x /16s worth have been assigned/allocated between January 2016 and July 2016, so a lower rate by some margin than RIPE - but there are of course policy differences at play there.
ARIN's last /8 was run to zero last year. Anything since then has been randomness from the waiting list such as: https://www.arin.net/announcements/2016/20160902.html ~Seth
On 25/09/2016 18:40, Seth Mattinen wrote:
On 9/25/16 9:19 AM, Paul Thornton wrote:
I can't find an equivalent ARIN page of "how much we've allocated from our last /8" - the statistics show that just over 2x /16s worth have been assigned/allocated between January 2016 and July 2016, so a lower rate by some margin than RIPE - but there are of course policy differences at play there.
ARIN's last /8 was run to zero last year.
I win the d'oh prize for failing to notice that, although I do have some vague recollection of "Hmm, that will be interesting" now that I think about it. This explains why I thought that ARIN allocation graph looked so random. Interesting times. Well, as I said in another post on this thread, lets hope the v6-as-default tipping point comes sooner rather than later. Paul.
On Sun, Sep 25, 2016, at 19:40, Seth Mattinen wrote:
ARIN's last /8 was run to zero last year.
Anything since then has been randomness from the waiting list such as: https://www.arin.net/announcements/2016/20160902.html
.... and a slightly more restricted "really last" /10 : 23.128.0.0/10 (so-called "to facilitate IPv6 deployment") ....
On Sep 25, 2016, at 10:19 AM, Paul Thornton <paul@prt.org> wrote:
On 25/09/2016 01:54, Jay R. Ashworth wrote:
One year ago today, at 12:36pm EDT, Facebook On This Day reminds me, John Curran announced that the last IPv4 address block in ARIN's Free Pool had been assigned.
How's that been workin' out for everyone?
If you'll all indulge a bit of a RIPE-centric reply on this; I've was allocated a /22 from around half-way through 185.169.0.0/16 last week (185 being RIPE's final /8).
Assuming that RIPE are allocating sequentially - and I believe they are - This means that they have consumed around 66.5% of their final /8. They started allocating from this in September 2012, which suggests a reasonably low consumption rate but the RIPE final /8 will be exhausted in around two years time.
I can't find an equivalent ARIN page of "how much we've allocated from our last /8" - the statistics show that just over 2x /16s worth have been assigned/allocated between January 2016 and July 2016, so a lower rate by some margin than RIPE - but there are of course policy differences at play there.
The reason you can’t find such a thing is because ARIN doesn’t have a last /8 policy, per se, like RIPE and APNIC. Instead, ARIN set aside blocks well before the last /8 for critical infrastructure (Key high-level name servers, IXPs, etc.) and IPv6 transition. The IPv6 transition space has a pretty limited set of valid use cases as does the critical infrastructure block, so ARIN is probably allocating those relatively slowly, but they aren’t coming from the “last /8”, to the best of my knowledge. The last /8 was allocated business as usual from the free pool and may well have provided the last allocation from the “virgin free pool” (as opposed to reclaimed blocks).
Now the operational question of "How has this affected us" is probably best answered with "We've had to pay real money for IPv4 addresses since then." What may be much more interesting is what happens when the fairly ready supply of IPv4 addresses in the secondary transfer market starts to dry up. Just throwing additional money at the problem will probably not be an effective or viable solution then.
IMHO, sane organizations see this writing on the walls and are deploying IPv6 at an increasing rate. If people act at a responsible pace, they should be able to get IPv6 deployed before we run out of readily available secondary market supply. If not, then, well, it’s not like they didn’t have 20+ years warning so I don’t exactly feel a great deal of sympathy for their self-inflicted wound(s).
I'm sure that Geoff Huston has a much more accurate and colourful set of predictions than my back-of-envelope calculations for those interested!
Yep. IPv6 is the present. IPv4 is the past. The sooner we get more networks to regard the world in this way, the quicker life gets better for everyone. Owen
participants (8)
-
Ca By
-
Jay R. Ashworth
-
Mark Andrews
-
Mike Hammett
-
Owen DeLong
-
Paul Thornton
-
Radu-Adrian Feurdean
-
Seth Mattinen