oreilly.comSafari Books Online.Conferences.


Where Have All the IPs Gone?

by Michael W. Lucas

As hard as it is to imagine today, the Internet didn't always have IP addresses. (Dinosaurs didn't roam the land, but the Village People did.) Unix boxes used to be connected to each other via serial lines, using over UUCP or cruder protocols. You couldn't just hook up a machine to the local LAN or buy a T1; you needed to arrange for connectivity with your peers. You had to be a computer scientist to set up e-mail. To be on the Internet, you had to work in one way or another with the Defense Advanced Research Projects Agency (DARPA).

The original DARPA IP backbone was made of T1s and 56K lines, connecting a handful of universities, research institutes, and companies across the country. Rather than using DNS, one person maintained a central file of all systems on the Internet and distributed it manually. (This file survives today as /etc/hosts.)

This is the mindset where IP was introduced. If the Net had been a commercial entity from day one, we wouldn't have an IP shortage today.

Think about an IP address for a moment. It's a 32-bit number, meaning that there are billions of possible IP addresses. On a military research network with tightly restricted access, this is enough addresses for a long, long time. The network administrators could afford to be simultaneously generous and lazy.

Also this week:

IPv6: An Interview with ItoJun -- Hubert Feyrer interviews Jun-ichiro "itojun" Hagino, one of the core IPv6 developers involved with the KAME project.

You've probably heard of class A, B, and C addresses. A class A address has 16 million addresses, a class B has 65,000, and a class C has 256. These were the sizes the Internet Assigned Numbers Authority (IANA) issued way back then.

A large company, such as General Electric or Xerox, received a class A. Locations that were influential, but not necessarily large, also received a class A, as did important military sites.

Medium-sized companies and universities got class Bs. Class Cs were for any riffraff that wanted one, even for private individuals who managed to get a system on the Net.

It didn't matter if a multimillion-dollar company only had two machines on the Internet; they were big, they got a class A. After all, IP space was effectively infinite. It wasn't worth the trouble to develop a better allocation scheme. How many people could possibly want to be on a stuffy old military and research network, anyway?

In the early 90s, some bright boy started UUnet to sell commercial Net access. The results surround us today.

Over the last 10 years, it's become increasingly apparent that the original IANA IP administrators goofed. Badly. What should have been nearly infinite was largely exhausted before the party really got started.

Some companies have been responsible Net citizens, and have returned huge portions of address space to IANA. Others haven't. The Net as a whole can't go up to, say, an auto company, and declare "You're using NAT. You don't need that class A. Here's a class C." It simply isn't going to happen.

This sloppy allocation has been fixed today, thanks to CIDR (rfc1817). Anyone who has had to get a block of IP addresses knows the number of hoops you have to jump through for them.

Unfortunately, restraining growth isn't enough. An increasing number of devices need IP addresses. Today we find IPs on phones, PDAs, and computers. What happens when your refrigerator needs an IP to transmit your grocery order? What about when the computer chip in your shoes, tie, or watch needs to upload your notes to your home database? Today, the elderly use small radios or cellphones to call for help; tomorrow, these will be IP devices that continually monitor the wearer's health and have "911" on speed dial. Just as the barrier to entry on the Net has dropped to any doofus who can read a credit card, the barrier to IP is dropping to such a point where it'll become like dial-tone -- only surprising when absent.

Restricting supply simply isn't adequate, not when the demand is spreading like that infernal "All your base are belong to us" quote.

Worse, the original IP distribution was very U.S.-centric. It was a military network, after all. We would have no more set aside IP addresses for Korea, Japan, or South Africa, than we would have set aside nuclear missiles to fill our missile silos there. All those places are Net participants today. All suffer from the brutal shortage of IP addresses. The brutal shortage of IP addresses in Japan has forced them to deploy IPv6 in many places already.

The most obvious solution is NAT (Network Address Translators). NAT has limitations, however. It's great for outbound connections, but inbound ones are problematic. And certain protocols do not work over NAT. Encryption systems are first among them; a protocol that guarantees that a packet has not been tampered with is pretty much useless when used through a device whose entire purpose is to tamper with packets. SKIP and the AH aspect of IPSec are high on this list. With the advent of the modern script kiddie (something inconceivable on the original DARPA Internet), e-commerce, and the increasing importance of the Internet in daily life, this is absolutely vital.

If this continues, soon we'll be dropping entire nations behind NATs. States and cities will follow.

Further Resources from Daemon News

6to4 IPv6 Explained

IPv6 Behind a NAT

BSD in Japan

FreeBSD IPsec mini-HOWTO

NAT creates problems for many larger companies as well. If two companies are both using IP addresses reserved for private use (i.e., the "10" block), what happens when they want to connect their networks? Abruptly, they have to NAT what should be a completely private connection, or renumber everything.

The growth in IP devices and the difficulties with NAT create a serious corporate demand for more globally routable IP addresses.

That's where IPv6 comes in. IPv6 has benefits other than the massively increased address space, however, such as the built-in security model. IPv6 has great potential for behind-the-scenes infrastructure benefits, such as quality of service. Much like the replacement of the Internet-wide hosts table with DNS -- or issuing IPs as needed, rather than in monstrous class As and Bs -- IPv6 is simply doing something the way it should have been done the first time around.

IPv6 is coming. If the free software world doesn't keep up, we'll be left behind. AT&T, General Motors, and Parke-Davis aren't going to wait for us.

Michael Lucas is a Network Architect for the Great Lakes Technologies Group, which is simply a nice way of saying it's all his problem. He also writes the column, Big Scary Daemons.

Return to

Sponsored by: