IPv4 Comes to an End Cesar Diaz cesar@lacnic.net Addressing in the - - PowerPoint PPT Presentation

IPv4 Comes to an End

Cesar Diaz cesar@lacnic.net

Addressing in the Internet

• Devices on the Internet need to have unique

addresses in order to be reachable from each

• ther

– We have long put up with NAT, which up to a point subverts this principle

• Address allocations are made hyerarchically

– IANA -> LACNIC -> [your ISP here]

IPv4

• There are 4,294,967,296 IPv4 addresses (32

bits long) but not all of them can be used

• Looks like a lot, right? But... World population

currently stands at just over 6 billion people

• Mobile penetration 87%, Internet penetration

35%

• We all normally use more than one IP address

(possibly 4)

• They don't seem to be that many now!

Internet Number Resource Management

IANA ¡ ARIN ¡ ISP ¡ End ¡users ¡ LACNIC ¡ NIC.br ¡ ISP ¡br ¡ NIC.mx ¡ ISP ¡mx ¡ ISP ¡#1 ¡ APNIC ¡ LIRs/ISPs ¡ RIPE ¡NCC ¡ LIRs/ISPs ¡ AfriNIC ¡

Historical Facts

• 1983 Research network for ~ 100 computers
• 1992 Internet is open to the commercial sector :

– Exponential growth – IETF urged to work on a IP next generation protocol

• 1993 Exhaustion of the class B address space

– Forecast of network collapse for 1994 ! – RFC 1519 (CIDR) published

• 1995 : RFC 1883 (IPv6 specs) published

– First RFC about IPv6

Evolution of the IPv4 Pool

• Remember

– IANA

• IANA assigns** /8 blocks to the RIRs

– The RIRs

• Assign blocks of varying sizes to their member
• rganizations
• Members which are in turn ISPs then assign space to

their customers

Evolution of the IPv4 Pool

• Run-out dates:

– IANA ran out of free /8 blocks in January 2011 – APNIC was the first RIR to run out of IPv4 later in 2011** – RIPE NCC ran out of IPv4 in 2012**

• Expected run out dates:

– LACNIC is expected to run out of IPv4 between LACNIC is expected to run out of IPv4 between May and July of 2014 - DONE May and July of 2014 - DONE

Evolution of the IPv4 Pool

Some%me ¡between ¡ May ¡and ¡July ¡2014 ¡

IPv4 Exhaustion

• IPv4 resource management is governed by

policies

– These policies are created and approved by the community through a bottom-up process – LACNIC acts as the steward of this process and applies the policies for managing resources

• Before runout time addresses are assigned

according to a needs-based needs-based set of criteria

• Does IPv4 exhaustion mean that the free pool

reaches zero ? NO NO

IPv4 Exhaustion

• When the aggregated free pool reaches the

equivalent of a /11 (~2 million addresses), new policies come into effect

• What follows is a two-tiered phase

– Soft-landing period – Resources for new entrants – Final exhaustion

• IPv4 assignment ceases to be needs-based

– Even if an organization justifies need, only a fixed size prefix will be allocated

Soft Landing

• The first period after exhaustion is the soft

landing period

• A /12 is available for soft landing
• New or existing

New or existing organizations can get up blocks up to /22 in size up to /22 in size every six months six months if properly justified

• This means

– Up to a single /22 (1024 addresses) every six months – 1024 blocks available

New Entrants

• After the soft-landing pool is exhausted, a

second /12 is made available exclusively to new market entrants

• Every new

new organization will be able to request up to a /22 every six months every six months

THE WAY FORWARD – IPV6

So… What Next ?

• Some argue you can take a pill and keep

doing business as usual

– The pill known as carrier grade NAT

• But the rest of the world seems to be

agreeing that the way forward is via IPv6

• There is good, bad and ugly in all this
• Let’s take a look at both

The Good: An End-to-End Network

• Every device talks freely to each other.

Almost no middleboxes, except at the very edge of the network

The Bad: A CGN-”enabled” Network

• Devices communicate via middleboxes

almost always

The Bad: Network Address Translation

• Allows sharing a single public IP address

among several devices

• Does not scale

2801::17 ¡

CGN ¡

Home ¡ NAT ¡

(Some) Issues with NAT

• When handling security

– When blocking one user's “malicious” traffic, we also risk block traffic from many “good” users. – In order to identify which user accessed which services logging the IP address is no longer enough, we also need to log port numbers.

• When scaling

– NAT “boxes” are limited in the number of simultaneous users they can handle. – Harder generally harder for Internet Content Providers (i.e. geolocation, sessions based on IP, etc.)

(Some) Issues with NAT

• With service quality

– Port forwarding will become increasingly difficult to manage for users and ISPs (big impact for gamers for example) – Service calls will go up – The CGN box becomes a single point of failure

• This means

– Service quality as perceived by users will deteriorate – ISPs costs will increase in the long run

The Good: IPv6

• IPv6 with its 128 address space solves all our

addressing needs for the foreseeable future

• 2ˆ128 IP address or 3.4 x 10ˆ38
• (340,282,366,920,938,463,463,374,607,431,768,

211,456 IPs)

• Restores the end to end nature of the Internet

– This means no single points of failure, no accidentally filtering out innocent users, etc.

• So why hasn’t the world done it already ?

– A long story – However, IPv6 is being deployed as we speak However, IPv6 is being deployed as we speak

IPv6 Deployments

• Content providers:

– Google, Facebook, Yahoo! and several CDNs have deployed IPv6

• Access providers:

– USA: Comcast, T-Mobile – Europe: Free.fr – In our region: Telefónica Perú

Global IPv6 Traffic

• As seen by Google

Global IPv6 Traffic

• What happens if you enable IPv6 to an
• therwise unsuspecting group of users ?
• Between 15% and 40% of your traffic will be

Between 15% and 40% of your traffic will be

• ver IPv6
• ver IPv6
• This means

– This portion of traffic will not need NAT – This portion goes up as more and more networks deploy IPv6

The Ugly: We will need a bit of NAT

• Sadly, we as a community have ignored this

for so long that some form of NAT will be needed

• By the time IPv4 is completely exhausted

there still will be a lot of IPv4-only content out there

• Our users, even if on IPv6, will want to access

it

The Ugly Network of the Future

• Hopefully only for the immediate future!

IPv4-­‑only ¡host ¡ IPv6-­‑enabled ¡ host ¡

FINAL CONCLUSIONS

On IPv4 Exhaustion

• IPv4 will run out for our region during 2014,
• ur estimate is between May

May and July July

• After exhaustion, the policies governing the

remaining stock will be radically different

• Networks will need to keep growing

nevertheless, so investments will need to be investments will need to be made made

On Carrier Grade NAT

• No, it’s not a magic pill
• No, it’s not business as usual
• It is going to be expensive, and it will be an

investment without much return on it

On Transition to IPv6

• It’s the only path forward with a future
• The rest of the world is deploying it
• It also will be expensive, but the costs tend to

go down as deployment progresses

THANK YOU!