Last updated at Thu, 31 Aug 2017 14:24:40 GMT
On Sept 24th, ARIN announced it had finally run out of IPv4 addresses. The open pool of IPv4 addresses is now gone, and the only way to get them now is via a transfer from another party who owns them or IP ranges which are returned to ARIN.
The switch to IPv6 is imminent. Once switched, the number of available public addresses available will be roughly 4.2 x 10^37. This will be more than capable of handling our need for interconnection for decades.
What Does This Announcement Mean?
This means we have reached the limit of what 32-bit addressing can give us, about 4.2 billion things. The projections on Internet Of Everything devices however number 25 billion by 2020. This means that we will likely be playing a shell game for a while of using the open IPv4 addresses while trying to build and deploy IoE devices at breakneck speeds. But eventually, we hit a wall.
Where Did All The IPv4 Space Go?
By 1995, the last restrictions on using the Internet to carry commercial traffic were lifted, allowing for the emergence of the modern day internet, which continues to evolve. Likely in anticipation of this, the Department of Defense becomes the owner of the largest number of IPv4 addresses, with over 218 million usable. This is just over 5% of the total IPv4 addressable space.
The rest of it is used by innovations within an information revolution, which we are currently (still!) in the middle of. Globalization, commercialization, e-business and mobile technologies are the biggest drivers of IP use. Innovations like cloud computing, the Internet Of Everything, and a voracious appetite for data all lead to the inevitability of using up a finite resource.
How Should Organizations Proceed?
The most obvious answer is making the switch to IPv6 as soon as possible. But, the switch to IPv6 is not easy, and many companies have not even started. Adoption is slow and no one is yet ready to “turn off” IPv4. That's going to take a lot of agreement among a lot of people. Just a few of the issues at risk are software compatibility, replacement costs of hardware, and ease of use/deployment based on current skill and knowledge.
The DoD started working on an IPv6 implementation in 2003. They sought to demonstrate IPv6 viability for all network backbones by 2008, and implement. Of course it took until 2012 for the government to decide it had met the initial goals! But the point is, they had proven IPv6 is viable, and then they disabled the functionality. So the DoD backbones still use IPv4, which is more limited, hampers their innovation and impacts the DoD's very specialized version of the Internet of Everything.
As software consultants, we will often cite IPv6 as a security concern and suggest that organizations disable IPv6 services. This is not because we think IPv6 is less secure. We understand that organizational maturity is a key factor in securing an enterprise of any size, and complications with understanding and managing IPv6 increase the attack surface for threat actors. It's simply too large a negative risk to manage and secure IPv4 and IPv6 in parallel. Until the entire enterprise is ready to make the switch, which for some could take many years, we will continue to recommend this.
It's estimated that 15%-20% of allocated IPv4 addresses are not being utilized. That means the shift to larger spaces will likely take some time. It also opens up the possibilities of IPv4 marketplaces, similar to what we have today with domain names. ARIN has already said they will not limit the number of transfer requests as of Sept 24. The DoD might also start releasing unallocated space back if they make the full switch to IPv6. This would breathe some limited life into the kicking corpse of IPv4.
Unfortunately, none of this is optimal, and certainly not desirable. But there is hope. Requirements to be “IPv6 ready” have been in place for all systems being placed on the DoD networks, including commercial products, for quite some time. This has spurred a number of organizations to work towards this goal in order to keep their business relationships with the DoD. In this regard, the DoD actually inspires change and progress to be made. We just need now to lead a charge to make the switch in the commercial industrial space.
The Next Steps
The right thing is to start planning your IPv6 transition now.
- First and foremost, start documenting your network requirements. For any organization which seeks to increase its maturity we find a lack of documentation being the biggest contributing factor to security posture. Organize your network assets, classify them using a simple classification scheme, and identify which assets are IPv6 ready. For the ones that are not, make sure that your equipment refresh plans include IPv6 support. Also ensure your current and future purchase pans include this.
- Document your IPv6 allocated and unallocated space, to prepare your addressing plan. This will be instrumental in helping you make the transition when you are ready.
- Educate yourself on IPv6! The assumptions of IPv4 do not always exist in IPv6.
- Work with your providers on IPv6 requirements. They need to support it, and they need to support you.
- Test your plans and assumptions! Monitor for reliability and performance – in test and production
- Advertise in DNS by updating with AAAA records pointing to IPv6 addresses
For more information on making the switch to IPv6, TeamARIN has some great information and resources for you.
This post was co-authored by Joel Cardella and Cindy Jones. You can reach us on Twitter at @JoelConverses and @SinderzNAshes.
EDIT: Corrected Cindy's twitter handle!