Saturday, January 08, 2011

Imminent Death of the Net Predicted

I didn't know that it was coming this soon, but in mid-February, the Internet will run out of addresses.

My blog post's title is a bit tongue-in-cheek. People have been talking about the net not being able to handle the growth rate for decades. The address space exhaustion is going to take some work to deal with, but it's not going to cause things to grind to a halt.

There's already some great resources to explain this to people who don't know about the problem:
What I couldn't find is an answer to my friend's question, "What will happen when we run out?" Nobody knows for sure, but here's a basic rundown.

Internet addresses are globally administered by IANA. They give blocks of addresses to the regional groups, RIRs. These cover continent-sized areas, like Europe, Asia/Pacific, North America, etc. The RIRs give blocks to the local registries (LIRs), which are usually large ISPs, but may also be large organizations (like Stanford, although that's mostly because they were one of the first places on the Internet).

Once IANA runs out (which is the event in February), then the individual regions can't get more addresses. The first to run out will be APNIC (Asia/Pacific), in about eight months or so (we're guessing; nobody can be sure). Then APNIC won't be able to give out new addresses to its LIRs. When an LIR can't get new addresses, it can't attach new customers. Its customers are mostly small ISPs or companies.

So there's a trickle in the "supply chain" before things get to the end users. You won't see problems until it gets down to this level, although you may see some changes as ISPs hurriedly try to prepare (with IPv6; I'll get to that in a minute).

Once a small ISP runs out, then it can't put new servers on the Internet: that means no new web servers, no new mail servers, nothing. (To a limited degree, it's possible to piggyback these on existing servers in some cases.) The ISP can attach new home customers (who don't use servers) for a little while, but if they attach too many, then people won't be able to connect. (A home ISP tends to hand out addresses for two hours at a time, as long as the customer's router or computer is on.)

At that point, to deal with that, they'll probably start putting large blocks of home customers behind NATs. NATs let several computers use the same IP address. However, you can't have a server behind a NAT, it can be unreliable, and a lot of games, video or voice chat programs, file-sharing programs, etc. don't behave well with NAT. Because APNIC is running out of addresses, much of Russia and China are already behind regional NATs.

There's also a possibility that organizations will start trading small blocks of IP addresses. (Nobody "owns" them; they're allocated by IANA.) However, routers will have a hard time keeping up with that (a router is designed to think in large blocks, and lots of tiny blocks can be a problem); this might make the Internet more flaky.

I don't really know how the situation is going to be for end users. There'll be some hiccups, but it'll probably come down to just a little bit of reconfiguration; your ISP will tell you to do it, and you'll have some notice. If you've got a particularly old router, you may end up having to replace it.

Ultimately, the solution is to go to IPv6. This has a lot more addresses: 3.4x10^28; that's enough for every gram of matter on Earth to have 10 addresses. (The current mechanism, IPv4, has about 4 billion addresses.) However, IPv6 adoption has been slow, because customers aren't asking for it. Most devices support IPv6, but some don't. Not many websites are currently equipped for IPv6; you have to have IPv4.

I migrated my home network to IPv6 yesterday, and it was a breeze. Right now it's just to get a dancing turtle on Kame's website, but I recommend that my techie friends with a home network do the migration. Even though your ISP probably doesn't provide IPv6 connectivity, there's still peers all over the place that'll give you tunnels.

IPv6 Certification Badge for piquan
For the technically-minded among us,I actually did the migration twice: once using 6to4 for connectivity with the Anycast2002:c058:6301:: peer for 6to4. Then, I did it again using a tunnel (using FreeBSD's gif interface, which also works on OS X) that I got for free from Hurricane Electric's website. The tunnel is faster (23ms ping time vs the 6to4 peer's 96ms), and their website walks you through the process; it's got easy instructions for Windows, OS X, Linux, BSD, or whatever else you've got.

No comments: