We've known we would run out of IPv4 addresses since 1981, when the Internet Protocol was standardized. The numbers dictate that there will never be more than 4,294,967,296 different IPv4 addresses. (4 billion and change being the number of combinations that can be made with IPv4's 32 address bits). Before 1993, addresses were given out in very large blocks because of technical limitations in routing protocols. This limitation was lifted, but around the same time, the Internet started to become more mainstream, requiring more and more addresses.
This was also the moment the IETF realized that at some point, we'd run out of IP addresses. Its estimated date for the well to run dry was 2005. Although they got the year wrong, they were right about their notion that 32 bits wasn't enough for the decades to come.
The invention of network address translation (NAT), which allows multiple systems to share a single address, has been credited for stretching the life of IPv4, but two other technologies were also very important. Variable length subnetting makes it possible to give different subnetworks the appropriate size address block, and ethernet switching made it possible to have much larger subnets, reducing wasteful subdivision of networks.
The well is running dry
Next year could very well be the last year that large Internet Service Providers can obtain IP addresses under the rules that have been in effect for more than a decade, however. Let's have a look at the current state of the IPv4 address space first, and then see what's in store in the near future.
The Internet Assigned Numbers Authority (IANA) keeps track of the IPv4 address space in what are known as /8 blocks (hereafter referred to as /8). This slash notation is simply a way to specify address ranges. A /8 is all the addresses starting with a given 8-bit value. There are 28 (256) of those blocks, in five classes:
Class A: 0 - 127 Class B: 128 - 191 Class C: 192 - 223 Class D: 224 - 239 Class E: 240 - 255
Class D is used for multicast, where a single packet is sent to multiple receivers. Class E has been "reserved" since the dawn of time, so overzealous system designers have sprinkled their code with checks that refuse these addresses. It's often only a handful lines of code, but there is no way to update all those systems before we need those addresses, so class E can never be deployed for general use. Class A holds three /8s that can't be used. 0.0.0.0 refers to the default route, and taints the entire 0/8 block. 10/8 is used for private addressing, and the localhost address 127.0.0.1 makes 127/8 unusable. So that leaves 221 usable /8s in class A, B and C space. Their current status is 101 allocated, 92 legacy, and 28 unallocated.
Allocated means given out under (some variation of) the current rules by one of the five Regional Internet Registries (RIRs). Legacy are mainly the /8s given directly to the US government (about 10 of them) and the likes of IBM, Apple, DEC, HP, and MIT, or class B networks (/16s) given to universities and somewhat smaller organizations. The unallocated blocks are the ones that are completely unused. They represent the main source of free IPv4 addresses, forming the IANA global pool (graphical representation). However, in addition to the IANA global pool, each block delegated to a RIR has a little unused space as people give back address space, or larger amounts in the blocks that the RIRs are currently drawing new delegations to ISPs from. (We'll ignore the fact that some end users also get addresses directly from RIRs for simplicity.) There is also unused space in the class B legacy blocks. Which brings the total amount of unused IPv4 address space, in millions of addresses, to:
(For the accountants among us: 2919 + 788 = 3707 while 221 X 224 ?106 = 3707.764736.)
So how far will those 788 million addresses take us? Basically, the amount of address space given out per year was 10 /8s in 2005 and 2006 and nearly 12 in 2007 and 2008. Assuming no big changes, that would give us almost four years before we've used up those remaining 788 million addresses (47 /8s). However, there is a deal between IANA and the RIRs that each of the RIRs gets one of the final five /8s. When the global pool reaches five /8s, each RIR gets one, the pool will be empty, and that's that.
The RIRs maintain nine months worth of address space. When they dip below that, they request two new /8s from IANA. For ARIN and the RIPE NCC, that's around two /8s, but for APNIC it's more like four, as APNIC needs to satisfy the insatiable thirst for IPv4 addresses that China has developed in recent years. LACNIC uses about half a /8 in nine months, and AfriNIC only a couple million addresses.
So in two year's time, the RIRs will get their final /8s. At that point, the situation for each of the five RIRs will be very different. Because AfriNIC has such a slow burn rate, it will be able to continue business as usual for a good number of years, unless Africa suddenly starts using up a lot more address space. The situation for LACNIC will be similar, but to a lesser degree. The three other RIRs will have about 1 to 2 years worth of regular address space and used scraps in legacy space left.
But... the question is whether the RIRs will have the courage to continue burning the address space they still hold when it's clear that they won't be receiving any more. ARIN will. "Yes, ARIN will continue to provide address allocations to ISPs as long as it has address space available," says ARIN president and CEO John Curran. "ARIN will set aside a '/10' address block from that final block which will only have allocations made out of it for purposes of facilitating IPv6 deployment, but the remainder will be made available."
I'm not so sure. The trouble is that the address allocation policies for each RIR are set by the "community". Having followed this process for the RIPE and ARIN regions for some time in the past, I think it's very likely that new, more restrictive policies will be created as the amount of free IPv4 address space dwindles. So we are more likely to find ourselves in a situation where there is (some) IPv4 address space left, but almost nobody will be able to get any of it because the bar is set so high. In fact, some people argue that we're already there, as large telcos forego using public address space for things like 3G service without even bothering to try to get sufficient address space for these services.
Considering the fact that only one percent of the 2,500 or so ARIN members get more than 80 percent of the address space that ARIN gives out, it makes sense for the other 99 percent to push through a policy change that effectively makes it impossible for the broadband ISPs and wireless carriers to get more addresses, allowing ARIN to continue operations at 20 percent capacity for years to come. Of course, when the one percent fat cats see this coming, they may go for broke and put in a last, huge request. The RIRs do check requests, but they have little recourse against consistent lying.
In the long run that won't work for ISPs, because invariably, they'll need to come back for more address space. At this point, the RIR checks whether the previous allocations are used in accordance with the policies. If not, no new addresses. Of course this mechanism doesn't really work for a last request.
When we reach the point that the half-million or larger blocks that the big ISPs need are no longer available, or are too hard to get, it will still be possible to get the small blocks of address space necessary to host services, so services can probably stay on IPv4 indefinitely. The ISPs, on the other hand, need a continuous supply of fresh addresses to connect new customers.
Some have suggested that making IP addresses a tradable commodity could solve this problem. Apart from the question of whether entities such as the US government (150 million+ addresses) and HP (33 million addresses) that have been sitting on huge amounts of addresses deserve a huge windfall, I don't think this will work. Someone who wants addresses for a 19" rack full of servers in a data center will be happy to pay $1, $10, or even $100 per address. The Comcasts, Deutsche Telekoms, and Softbanks of this world will never pay anything like that, even if they were prepared to buy dozens of small blocks rather than get whatever they need for (pretty much) free. Also, if HP wanted to sell off 16/8, the addresses that were once given to DEC, it would have to perform a huge audit to make sure there aren't any firewall rules or application filters that treat 16/8 as special before it could release these addresses. So the price of the addresses would at least have to cover such an audit.
Either by choice or otherwise, the big ISPs will soon have to stop giving each customer an IPv4 address of his or her own. Giving those customers just IPv6 is not an option, as the majority of the services are still IPv4-only and many IP-capable devices that don't run a full operating system (smartphones, VoIP phones, webcams) don't support IPv6. So that means stretching the existing IPv4 addresses in some way through "carrier grade NAT" (CGN).
But won't existing IPv4 users be sitting pretty? Maybe, maybe not. Some ISPs may take away addresses from existing users to provide their CGNs with enough addresses. Client-server applications such as the Web and e-mail will work just fine through CGNs and IPv6-to-IPv4 translators, but peer-to-peer applications such as VoIP and BitTorrent, not so much. Maybe the ISPs will care about that, maybe not. Even those of us who still have unencumbered IPv4 addresses at that point will start feeling the pain, as more and more of the peers we want to talk to are sitting behind largely impenetrable CGNs.
So enjoy your peer-to-peer applications while you can; their expiration date will be coming up not long after 2010.
Further reading: Predicting the End of the World.
reader comments
63