UK Government Owns 16.9 Million Unused IPv4 Addresses 399
hypnosec writes "The Department of Work and Pensions in the UK has a /8 block of IPv4 addresses that is unused. An e-petition was created asking the DWP to sell off the block to ease the IPv4 address scarcity in the RIPE region. John Graham-Cumming, the person who first discovered the unused block, discovered that these 16.9 million IP addresses were unused after checking in the ASN database."
Who cares (Score:5, Insightful)
Just apply the real cure already... This is so ridiculous.
Re:Who cares (Score:5, Insightful)
I know IPv6 is needed, and it'll be great having disposable addresses to throw at any device. I'll be certainly happy to get rid of NAT in many circumstances, but OTOH, IPv6 is going to suck. I have tens of IPs in my head, which I access daily by memory. IPv4 addresses are easy to remember, easy to pass over the phone, easy to type, and easy to operate (i.e, calculate things such as masks in your head, etc). IPv6 is going to make it way harder, and that's not taking into account he migration process ...
Re:Who cares (Score:5, Informative)
Dude, it's time to learn how to set up DNS. Honest, it's not that hard. Your DHCP server can automatically update the DNS for you. Try it—you'll like it!
Re: (Score:3, Interesting)
I think you'll find that this complaint comes mainly from folks that do know how to set up DNS.
The real difference isn't realizing that we have DNS, it's that with IPv6 and no more NAT, devices will do DNS and it won't be such an annoyance.
Re:Who cares (Score:4, Interesting)
Re:And have they got DNSUpdate in IPv6? (Score:4, Interesting)
Use radvd instead of DHCP6. That way IP addresses are predictable and unique, as long as you use /64 subnets which is standard practice with IPv6.
You can take a machine's MAC address and predict its IPv6 suffix perfectly. Add it to your /64's prefix and you know your IP. radvd and your clients will figure the same IP out on their own.
Comment removed (Score:5, Interesting)
Re:Who cares (Score:4, Funny)
that's the price of progress
Re: (Score:3)
that's the price of progress
Why not make them human readable? Keep the hex numbers in the background but have a human readable translation for them in the foreground? IIRC, it's just the same 256 characters as IPv4 but there's 8 octets instead of 4. Obviously 255.255.255.255.255.255.255.255 is not ideal but I'm sure someone can come up with a better system.
Re:Who cares (Score:4, Interesting)
Like RFC 1751 (http://tools.ietf.org/html/rfc1751) for instance :)
Although it does tend to come up with sequences that have some comedy smutty parts.
Re: (Score:3)
Just start working with it. You will find that cut and paste works in the cases where you really have to put in an IPv6 address—it's what I do. If you really have to type in an IPv6 address, it _is_ a pain in the neck, but it's also a rarity. I think the major modern operating systems support DHCPv6 at this point, so DNS updates will work if you require DHCPv6. If you just set everything up to use ND, of course that won't update the DNS unless you also have a pretty fancy Windows/Active Direct
Easy to remember (Score:3)
Re: (Score:3)
Re: (Score:2)
Custom hosts files will probably go far for this. Instead of keeping a txt file or something of your ipv6 ips. Throw them all in your hosts file.
Re:Who cares (Score:5, Informative)
IPv6-addresses can actually be much easier to remember than IPv4. Why? Because there is a system to it.
Here in the RIPE region there is only three possible prefixes for any address: 2001::, 2003:: and 2a0x::
In practice you are only working with one or a few ISPs. This means the first two blocks are always going to be the same. My ISP has 2001:1448::.
We got a /48. We happens to be number 201. So our addresses are all starting with 2001:1448:201::.
Everything from that point on is something I decided. If I want easy to remember addresses I would choose easy to remember addresses. My primary server could be 2001:1448:201::1. I would remember it as the ::1 server.
It is true that if you let your hosts autoconfigure to a random interface identifier that will be impossible to remember. But there is nothing stopping you from using manually configuration or DHCPv6 to number your hosts in a human friendly manner.
Slashdot post in 2022 (Score:5, Funny)
"The Slashdot user known as bbn has a /48 block of IPv6 addresses that is unused. An e-petition was created ..."
Re: (Score:3)
We got a /48. We happens to be number 201. So our addresses are all starting with 2001:1448:201::.
When you've got a block that's bigger than the entire IPv4 Internet, you know you're cool.
Re: (Score:3)
Er this is completely standard. I've been on native IPv6 for two years now, on my standard residential $29.95/month DSL plan, and also have a block way bigger than the entire IPv4 internet. Though mine's only a /56 rather than a /48 (oh noes, only 4,722,366,482,869,645,213,696 globally-addressable IPs for my home LAN??)
That's the whole beauty of IPv6 :)
Re: (Score:2)
My DHCP server is a crappy consumer appliance that can't update DNS from DHCP without unsupported and buggy third-party firmware hacks. I think the majority of internet users are in the same situation.
Re: (Score:2, Redundant)
No, in the late 90s, most Internet users connected via dial-up and didn't have a router at all.
Of the three or four cheap routers I have tested, from different manufacturers, using different chipsets and different operating systems, none have used DHCP information to answer DNS queries.
Re:DHCP6 preferable to autoconf (Score:5, Informative)
What's wrong with manually assigning IPv6 addresses? That works just the same as it did with IPv4:
iface eth0 inet6 static
address 2001:6a0:114::9
netmask 64
gateway 2001:6a0:114::1
iface eth0 inet static
address 192.168.0.9
netmask 255.255.255.0
gateway 192.168.0.1
You just get a much bigger range to choose from, which you may use or not.
Re: (Score:3)
DHCP6 is if you are anal and want to explicitly exclude giving routable addresses to random devices.
The thing that's frequently missed is that you don't have the necessary CERT to do an update to the local DNS server, if you want your machine to update DNS automatically, then you need to have a CERT for a DNS server where you do have update rights.
Practically, this comes down to my laptop always being named "mylaptop.mygroup.mycompany.com" because I put the IPv6 stateless autoconfiguration address into the
Re: (Score:2)
The problem is, DNS is like USB, and IPv4 is like RS232. If you're anywhere close to being right, you can probably get ipv4 (or a real serial port set to 9600-8-N-1) to work well enough to give you clues about what the real problem is. In contrast, DNS (like USB) tends to just fail hard and catastrophically, giving no obvious clues about what might actually be wrong.
Re: (Score:2)
For me it's not the "hard and catastrophic" failures that are a problem - it's the subtle ones. For example a recent customer environment - DNS lookup for a particular server returned the wrong IP. It worked perfectly, and fast, except that the data was wrong. It took nearly a week of debugging firewalls, routing tables, services and app configuration to figure it out - and the problem was actually caused by OpenDNS and its filtering.
When you look at "64.27.80.4" and compare it to "67.215.2.41" the differen
Re: (Score:3)
Re:Who cares (Score:4, Insightful)
Yep. Been on native IPv6 for 2 years now and I have not ONCE needed to memorise, copy down or type/enter a IPv6 address for any reason. This is a non-issue.
Re: (Score:3)
> I am yet to see DNS fail badly. I have seen plenty of people who don't understand it say it does, when the problem is invariably routing or a firewall.
Note the key phrase, "who don't understand it" and its modifiers "routing or a firewall". There's a HELL of a lot of people who happen to fall into that category, and whose frustration goes off the scale when something fails to work because the slightest configuration problem will break it, and if you manage to avoid a subtle semantic bug in a zonefile s
Re:Who cares (Score:5, Interesting)
mysql> select count(host) from systems;
| count(host) |
498 |
1 row in set (0.00 sec)
(stupid slashdot thinks mysql's output are junk characters)
Since most of those 498 servers I manage are behind NAT and have dynamic public IPs, I do have a system to track them (not ddns, but a homemade solution), and I have scripts in place that allow me to get any server's IP. Combine that with shell expansion and I can ssh root@`gethost customer_id server_id` and similar stuff. That doesn't mean you don't have to deal with IP addresses anyway, and it doesn't mean doing ifconfig eth0 2001:0db8:85a3:0042:0000:8a2e:0370:7334 is gonna be easy. Imagine debugging a routing table! Imagine reading the output of tcpdump with such meaningless addresses. IPv6 is gonna be a PITA.
/etc/hosts instead (Score:3)
I don't want somebody knowing who I'm looking up so I downloaded the entire DNS and dumped it into my /etc/hosts file. I feel so safe now....
Re:Who cares (Score:4, Interesting)
Re:Who cares (Score:5, Informative)
Calculating masks in your head will still be a more difficult task
Why would you do this, unless you work for a large ISP?
With IPv6, everyone uses /64 for each broadcast domain, cutting the address exactly in 1/2. It is easy.
Devices that need statics are DNS servers and routers, and neither should be changed fequently. Also, you're likely to use simple addresses for them, so it will be:
NetworkPrefix::1, Network::2, Network::3, etc.
For me, I have 2601:d:881:b::1 for a default gateway, and 2601:d:881:b::101 for my DNS server #1, and 2601:d:881:b::102 for DNS server #2.
That isn't hard to remember, and it isn't hard to type. What exactly is the problem?
Re:Who cares (Score:5, Insightful)
I think you need to ask yourself why you have to remember all those IP addresses. I'll bet that in each one could be dispensed with if you had the motivation to work out a DNS-based way to access these systems — with the possible exception of the DNS servers themselves.
Re: (Score:3)
IPv6 doesn't force you to use the autoconfig addresses, so with strategic use of shortening the addresses and assigning easy ones they're not really that much more difficult to remember than v4 addresses if you really insist on avoiding dns.
You can get away with something like 2002:0ca5:01f3:1::1 which means you'll basically just have to remember your routing prefix and then whatever addresses you decide yourself.
Re: (Score:3)
So, write a script to preprocess the logs, replacing the IPs with names?
Re:Who cares (Score:5, Interesting)
Re: (Score:3)
I know I'm a bit of a nerd, but I know my prefix (2001:470:XXXX::) and after the double double colon I am master of my domain, so my website lives on ::10, the mailserver on ::20 etc. If you can remember a ipv4 address, ipv6 shouldn't be more difficult, in general.
Managing your addresses (Score:3)
First things first - for IPv6, DHCP6 is a better idea than DHCP4 was for IPv4. Use that to manage your addresses. You can assign certain addresses (or ranges) as static, certain address ranges as dynamic, and be off to the races. No need to struggle w/ subnetting the way you did in IPv4.
Next thing - if it's important for you to remember your IPv6 address, remember that the first 12-16 digits (depending on what your ISP gives you) are gonna be common. You then have the remaining 16 digits. If it's imp
Re: (Score:3)
Is abc1:2345::10 that much harder? Ok, solution:
In your OS, set an environment variable that persists across logins:
6NET=abc1:2345
Then when using networking tools:
ping %6NET%::10
Was that so hard?
Re: (Score:3)
You're missing the oppurtunity to use hexidecimal characters in memorable ways in your IPv6 addresses though:
2001::FEED:FACE:DEAD:BEEF (For non-vegans)
2001::C0DA:0B0E:BA55:C1EF (For musicians)
2001::CA11:D011:FACE:BABE (For a good time)
2001::FEE1:DEAD:BABE:B00B (For necrophiliacs)
Re:Who cares (Score:5, Funny)
Well, windows not being able to get into the internet is a big advantage of IPv6!
Re:Who cares (Score:5, Informative)
I won't even get into how IPv6 makes it much easier to track you.
Because that's nonsense? (Almost) Everybody implements the privacy extensions [wikipedia.org], so your world-visible address is random and changes every 10-ish minutes.
Re: (Score:3)
> Which says "Privacy extensions do little to protect the user from tracking if only one or
> two hosts are using a given network prefix, and the activity tracker is privy to this
> information. In this scenario, the network prefix is the unique identifier for tracking."
No different than right now. That depends on whether or not the ISP hands you a dynamic IP address or a static IP address. Static IP addresses will allow/encourage people to set up servers. Most ISPs do not like that. So I expect dyna
Re:Who cares (Score:5, Insightful)
Yes. In IPv6, a home internet connection generally has a rarely-changing prefix that can be converted to a name and address with the ISP's cooperation.
But in IPv4, a home internet connection generally has a rarely-changing prefix that can be converted to a name and address with the ISP's cooperation.
How is IPv6 worse?
Re:Who cares (Score:5, Informative)
When IPV6 is what we have to work with, we will be swarmed by those bastard botnets with no way to block that many IP addresses that will be used to attack.
You'll probably want to just block the prefix rather than the address, which is just as easy under v6. In fact, having sparsely populated address space is good for security since it makes blindly scanning addresses much less effective for the malware.
ith it either.
Imo the botnet criminals have been trying to force the use of IPV6 by getting all new ranges of IPV4 allocated as soon as possible.
Huh? Botnets run on existing machines (frequently home PCs), how does that have anything to do with IPv4 exhaustion?
Rather than IPV6 globally and IPV4 internally, I think IPV6 should be what the countries that attack us, who just happen to have very large populations, can use for themselves.
Why do you want to penalise the "good countries" by forcing them to stay on an obsolete protocol? (that said, a good number of attacks against my servers come from the US)
In IPv6, defense is easier than attacks (Score:3)
Blocking a prefix, and thereby a whole host of IP addresses is easy. Targeting a specific IP address out of 18,446,744,073,709,551,616 is hard if they are static, and impossible if they are dynamic. In fact, blocking works better in IPv6 than it does in IPv4.
Re:Who cares (Score:5, Insightful)
When IPV6 is what we have to work with, we will be swarmed by those bastard botnets with no way to block that many IP addresses that will be used to attack.
Don't block the address, block the prefix. Block a /64 and you're probably blocking a consumer endpoint. With IPv6, addresses are allocated hierarchically, so this becomes even easier. Just shorten the prefix and you'll eventually get the whole ISP. This makes it very easy to block ISPs or even countries that harbour spammers.
Additionally, it becomes much easier for a home user to identify attacks at the router. If you pick a random 32-bit number, odds are that it is a valid IPv4 address. Pick a dozen and you've almost certainly found one that's a home Internet connection. That makes it very easy for malware to spread. Pick a random 64-bit number, and if you're very lucky it's an IPv6 subnet that has some computers on it. Now you have to pick another 64-bit number to find one of the computers on it. For a home Internet connection, most users will be using under 50 of these (and rotating them quite frequently), so you end up with a 50 in 2^64 chance of getting the right one. After a few tries, their router's firewall will notice the suspicious behaviour (lots of connection requests to nonexistent addresses) and block your /64.
Re: (Score:3)
Re: (Score:3)
ranges were given out like candy to anyone who asked in the early days of the web. Corporations, Government and Academics made a land grab because they were the only people who could use the resource at the time.
Remember in the early days of the internet there was only Class A, Class B and Class C (equivilent to /8, /16 and /24 nowadays), so if you were too big for a class C then you got a class B and if you were too big for a class B then you got a class A. This lead to many allocations being far bigger than they actually needed to be.
I've heard that Glasgow Uni has a /8 that's never had more than 10 addresses exposed to the Internet.
Sounds like it was either a myth or it was given back years ago. I don't recall ever seeing them on the /8 allocation list.
Re:Who cares (Score:5, Insightful)
As any climate scientist will tell you, the ability of people to deny impending disaster is remarkable, especially when doing something about it costs money. That includes people on Slashdot, who keep telling me that the whole address depletion thing is bogus, that we can keep going indefinitely by discovering unused blocks and using existing blocks more efficiently.
A few years ago, I was part of the product team that was working on a new Sun server. Now, every Sun server comes with an ILOM (Integrated Lights Out Manager), a little embedded Linux system that lets an administrator manage the server remotely. Naturally, the ILOM has its own network interface — but the one planned for this system did not support IPv6. I pointed out all the IPv4 address exhaustion issues, but was basically told to mind my own business. "No customer demand for this feature." Never mind that a few years down the pipe, customers would be very unhappy they didn't have it.
Re: (Score:2, Funny)
Oops, I mentioned global warming, I guess that makes me a troll.
Re:Who cares (Score:5, Funny)
No, that doesn't, but acting like the issue is settled and done with does. Pick something less controversial and more agreed on next time. There are plenty of examples you could have used to support your point which are not politically charged topics.
In other words, play it safe - use gay marriage as your example next time.
Re: (Score:2)
Straw man argument. If you, in your individual data center/office/etc are able to exhaust all of the private ip blocks for your management network that has no business facing the Internet, you have way more hardware than you really need and should probably consider virtualization, blades or some other method of reducing your server footprint.
All that extra power usage contributes to global warming, after all... ;)
Re: (Score:3)
Except for the fact that, when an emergency comes, the budget magically opens and people stop counting their pennies.
That would mean that if/when the IPv4 crunch comes to a point where we HAVE to confront it, IT dept's will get fresh new budgets to buy the NEW Sun server that *does* have IPv6 functionality.
I'm not saying omitting it was a good idea, but cynically it might make sense.
Re: (Score:3)
Despite being in the business, your forgot one important thing: B2B hardware and software vendors almost universally design products only according to what their customers are actually asking for. It's not quite like the consumer sector where a company designs something new and tries to convince the masses that they need it via marketing. The enterprise is different. If
Re: (Score:2)
To apply the fix, everyone involved must cooperate and spend a lot of money upgrading.
The alternative is to carry without ipv6: this will create an artificial scarcity of ipv4 addresses. They will become more and more valuable, so existing businesses will be able to make more and more money renting them out: as no more are available, nobody else will be able to join the cartel to get a slice of the pie.
So: the choice is: spend a lot of money on ipv6 now to help the customer, or screw the customer over and h
Make them dual-stack use only (Score:3)
Since it's been discovered, what they should do is break it up into, say ~65k blocks of 256 addresses each, and sell them only to customers who have IPv6 transition plans. In other words, these addresses should only be used to enable dual-stack for customers who have taken the initiative in moving to IPv6.
That forces people to move seriously towards IPv6 - starting w/ the telecom vendors, such as BT, Vodafone, et al. That way, the migration, instead of being pushed out, gets expedited.
Indeed, that sho
Re: (Score:3)
The migration is being obstructed by people with hoards of v4's they got back when the addresses were plentiful, as well as ISPs that find more profit in milking their IP space for all its worth and making people pay for a business connection to get out of NAT...and also enforcing "no servers allowed" in their residential contracts.
Nowadays, stashes of v4's are a gold mine and people holding them are not going to let their windfall go without a fight. Instead, they are going to squat on them, and milk thei
I believe... (Score:5, Funny)
So it's going to be IPv5 for me, while you suckers make a mess of IPv6!
Re:I believe... (Score:5, Funny)
Re: (Score:3)
The worst is that if you upgrade right now, you just know they'll drop the price right after you get IPv6.
Re: (Score:3)
If you code in a C-based language:
00 is 00st
01 is 00nd
10 is 10rd
11 is 11th
Which was the parent's point.
Re: (Score:3)
There are over 10^50 atoms on earth. v6 is big it ain't that big.
Re: (Score:3)
There are no True IPV4/IPV6 NAT or PAT protocols; how am I supposed to set up a proper DMZ without that?
Firewalls between physical connections.
Say you have 2 networks A and B. A has a firewall on it which goes in from the internet. It blocks all traffic to or from any non A address. The connection between A and B goes through a firewall. That firewall blocks any traffic to or from B that's not routed to A.
Must be a UK citizen to sign the petition. (Score:2)
You have to be a UK citizen to sign the petition so please sign if you can.
Sell the Addresses? Don't Give Them Ideas (Score:5, Insightful)
An e-petition was created asking the DWP to sell off the block to ease the IPv4 address scarcity in the RIPE region.
Why not just ask them to do the right thing and give them back to RIPE? I mean seriously, what kind of example are we trying to set here? Or maybe someone's just trying to bootstrap a market for IPv4 addresses in order to cash in on the increasing scarcity....
... In any case, encouraging profit from a public resource like this is a terrible idea.
This is exactly what markets are good at (Score:2)
Markets aren't perfect, but efficiently allocating scarce resources is one thing they do well. When you have a quasi-governmental body decide who should get IPs, you end up with situations like this, where people need them can't get them and people who have them don't need them.
Re:Sell the Addresses? Don't Give Them Ideas (Score:5, Insightful)
Giving away a block of IPv4 addresses worth about $1 billion is the same as literally giving away $1 billion of taxpayers' money. I don't think that would be doing "the right thing" for the people of the UK.
Re: (Score:3)
Re:Sell the Addresses? Don't Give Them Ideas (Score:5, Insightful)
The amount it cost in 1994 is irrelevant in the decision about what to do with it now.
If it can be sold for $1 billion, then giving it away for nothing is equivalent to giving away $1 billion.
Re: (Score:2)
Why not just ask them to do the right thing and give them back to RIPE?
The right thing to do is switch to IPv6. Who cares if they have a lot, we have a plan where everyone can have a lot.
Re: (Score:2, Informative)
RIPE's terms and conditions prohibit selling IP addresses. RIPE actually has the power to take them back if they're unused and they're needed - and they are needed, RIPE just allocated its last block!
In this instance, I shall be voting for RIPE to do just that.
Re: (Score:3)
Screw that. My government (that is to say- the taxpayer, i.e., me) owns a £1 billion asset they probably didn't know they had. And you want them to give them away to companies, corporations, private citizens and whatnot for free?
Let's reserve our favorite numbers now! (Score:5, Interesting)
I'll take:
I'm sure there's an algorithm or list that could tell me all of the possible "desirable" IPs in the /8, but, due to the fact that we shouldn't be greedy, and the completely arbitrary relation to the number 4 for IPv4, and the fact that it's an election year here in the US, I propose that we Slashdotters limit ourselves to four a piece, and leave the remainder to Reddit and 4chan. Or something.
Re:Let's reserve our favorite numbers now! (Score:5, Funny)
You can have 51.51.51.51, but I've got dibs on 0x33333333.
Re:Let's reserve our favorite numbers now! (Score:5, Interesting)
http://0x33333333 [Enter]
You sneaky bastard :D
I'm rolling Microsoft-style (Score:3)
I call dibs on B16B:00B5!
51st State? (Score:3)
Would privatisation of the DWP's 51.0.0.0/8 block be the first or last step to the 51st State [wikipedia.org]?
Really? (Score:2)
How did nobody notice this until now? There isn't that many public /8 blocks (125 or less since the 10 and 127 blocks are for special purposes and 0 is unusable) and they've been trying to recoup unused /8 blocks for over a decade so is this really a new discovery?
Re:Really? (Score:5, Funny)
Re:Really? (Score:4, Interesting)
The only thing that makes this slightly newsworthy is this about a cash strapped sovereign government sitting on a sizable pool of "spare" IPv4 space that has suddenly become a much more valuable commodity following the recent announcement that RIPE is now down to its final
relatively common (Score:5, Insightful)
This sort of thing is relatively common, it's probably used internally as a routable address space, but not intended for use on the public Internet. (Saves have to deal with multiple uses of rfc1918). This sort of thing is very common in the government (though usually much less than an /8). They can't use a consistent rfc1918 address space internally as whenever the government changes it's priorities, work units will shuffle between departments. You'll probably find that this address space is now used by many departments, and trying to move all users over to another range will cost more than they can recover from selling the /8
Answer is obvious.... (Score:2)
Re: (Score:2)
And once again (Score:2, Funny)
The nuttiness of allocation (Score:2)
My boss had an entire class C for about 10 years+ with on average maybe 7-8 employees over that time and a web footprint no bigger than a basic corporate contacts website. He probably could have held on to it, too if he didn't see the expense as a waste of money when he was looking to streamline.
Some of that 51.0.0.0/8 actually is in use (Score:5, Informative)
Local government network admin here. Parts of the 51.0.0.0/8 address space is in our internal routing table, because it's used for shared private networks between different government organisations. Just because it's not in the public Internet routing table doesn't mean it's not used.
Granted perhaps not the whole /8 is in use (I only see 3 x /16s out of a possible 256 in my routing table at present), but who's to say other sectors which I don't have network connectivity to aren't using it.
We're actually pushing for and slowly enabling IPv6 internally on our core and servers where we can, rather than delay the inevitable. This is despite our organisation ourselves owning a whole public /16 block, yet have maybe only 10-15k addressable nodes max across all our networks we control at present. It will take us much much longer to re-IP/re-subnet the entire network more efficiently so some of that space can be returned to RIPE, than for it to be reallocated and used up after returning, due to old systems and old proprietary software in use. Not to mention the resources required to do such a massive task.
Personally I think the people asking for addresses to be returned by any organisation (supposedly) not using them (including all the other apparently wasted /8 allocations out there) are not looking long term enough. IPv6 is the way to go.
Re: (Score:3)
If you need a /8 for private addresses, use 10.0.0.0/8. That's what it's bloody there for.
> Personally I think the people asking for addresses to be returned by any organisation (supposedly) not using them (including all the other apparently wasted /8 allocations out there) are not looking long term enough. IPv6 is the way to go.
Consumer internet IPv6 adoption rates are atrocious across the globe. VPSes and dedicated servers require dedicated IPs, and even shared hosting requires a dedicated IP for SSL i
Re: (Score:3)
APNIC have been on their last /8 policy for nearly a year and a half. RIPE have now entered their last /8 policy.
That means no more than 1024 IPs per organisation, ever.
So once existing allocations are exhausted, right now, in Europe, Asia, or the Pacific, any new ISP will not be able to have more than 1024 customers online at the same time without NAT. Any new datacentre or VPS provider will not be able to have more than 1024 active services, at all (since NAT would not be an acceptable solution for server
Not publicly routed doesn't mean unused (Score:5, Informative)
Just because this block is not public does not mean it is unused.
The UK Government has a huge darknet [wikipedia.org].
A great opportunity (Score:3)
Re:Propaganda (Score:5, Insightful)
Re:Propaganda (Score:4, Insightful)
"The way it was meant to" was specified by a bunch DARPA funded geeks who design their tech for a small network where all the admins knew each other. They had no concept of operating a network with large numbers of users, many of them malicious
Whenever I hear "the way it was meant to" I run the other direction. It's always based on some lame notion that things were perfect in the past, even though people in the past were also whining about "the it was meant to."
Re: (Score:2)
If we solved IPv4 exhaustion using NAT, we would divide the Internet into people with public IP addresses and people without public IP addresses. Those without public IPs can't run servers on the standard ports, possibly can't run servers at all, and are limited in their ability to use peer-to-peer protocols.
It's not true that "all current needs are solved by NAT".
Re: (Score:3)
Having a public IP that changes from time to time is mildly annoying but can be worked arround with stuff like dyndns.
Not having a public IP at all is much worse.
Re: (Score:2)
It's a bit late to say "ignore IPv6 completely". IPv4 has already run out, and IPv6 is already deployed in production.
But if you stop swearing at IPv6 and start making coherent evidence-supported arguments against it, maybe people will start listening to you in time for IPv8.
Re: (Score:3)
Load balancing/failover between different ISPs:
IPv6 - ISP cooperation and 1300EUR/year,
IPv4 - NAT router with software that supports this (for example pfsense) - can be completely free and does not need ISP cooperation or knowledge.
I actually did the load balancing between two connections from the same ISP. I had DSL and could access a WiFi AP (legally), but WiFi was not very reliable. Pfsense could load balance both connections and give me faster torrents (if WiFi worked) or was just the same as with only
Re:16.777 != 16.9 (Score:5, Funny)
Someone used the Imperial IP which is slightly bigger than the Metric IP, hence the result is 16.9.
Re:16.777 != 16.9 (Score:5, Funny)
Ah, the widescreen version.
Re: (Score:2)
Re: (Score:3)
This is very true. IBM has 9.x.x.x. So the way they may have originally configured it may have been have 9.x.x.x to their central router, and then subnet it from that point throughout the company worldwide. So that every separate LAN within IBM would have a certain number of users. Now, if they were asked to return what they were not using, they'd have to totally re-configure their subnet centrally, and it would be a nightmare to pull off. And for what - so that other people can use them?
Agreed that