America Runs out of Internet Addresses

Fibre optics

Today, the American Registry for Internet Numbers (ARIN) ran out of spare IP addresses. This is almost exactly three years after the European registry (RIPE NCC) and leaves Africa as the only region still able to freely supply addresses. From today, apart from a few exceptional cases, ISPs, data centres, etc. will be unable to get any new IPv4 addresses.

What does this mean for the ICT teams of UK schools?

There's no need to panic - the internet isn't suddenly going to stop working and this isn't going to have any immediate effect on school networks. It does, however, mark yet another inevitable step on the road towards deploying IPv6 across all networks. Indeed, the European registry ran out of addresses three years ago and we've yet to see much impact from service providers running out of addresses in the UK.

What is the problem?

Just like people, in order for computers to talk to each other they must understand the same language or protocol. For the past 32 years, the protocol used on the internet has been Internet Protocol version 4 (IPv4). IPv4 allows for about 3.7 billion computers to exist on the internet, each with a unique address. This seems like a lot of computers, but over that time the internet has gone from a few computers in a few universities to almost every home, office and school. At the same time, rather than a family owning at most one computer, each person now owns several internet connected devices - its common for one person to own a laptop, smart phone, tablet and smart TV. Whilst you may think an internet connected kettle is a stupid idea, the "Internet of Things" is poised to take off and that will only increase the number of devices connected to the internet.

Over the years, policy changes such as Classless Inter-Domain Routing (CIDR) have been employed to conserve addresses. And network address translation (NAT) has extended the number of devices that can be connected by allowing internal networks to reuse addresses. Estimates for the number of devices currently connected to the internet vary wildly from around 5 billion to 18 billion, with some forecasts suggesting that there will be as many as 25-75 billion internet connected devices in five years time.

What is the solution?

Some 17 years ago, Internet Protocol version 6 (IPv6) was designed as a successor to IPv4. The IP address shortage had been foreseen and the new protocol was designed to be capable of supporting an almost unimaginable number of connected devices. The designers also learnt lessons from the existing protocols and used the opportunity to fix a few things that IPv4 got wrong and add a few enhancements.

However, IPv6 and IPv4 are not compatible. A computer on an IPv4-only network cannot communicate with a server on an IPv6-only network. So the entire internet needs to upgrade. This has been gradually happening for well over a decade, already.

How will the future play out?

Predicting the future is a fool's game, but there are a few things we can say. At the moment, most internet providers have plenty of IPv4 addresses. That said, some residential ISPs are starting to show signs of introducing Carrier Grade Network Address Translation (CGNAT) to conserve IP addresses. Schools often need to have multiple IP addresses in order to make internal services available to external users, such as staff and students working at home and it may start to become harder to get more to accommodate new services.

The people immediately affected will be data centres. Companies providing internet based services will start to have problems getting enough IP addresses for their servers. Multiple servers will end up being forced to share IP addresses with inevitable availability and performance problems. We could well end up with a situation where services are slower and less reliable when accessed over IPv4. The big companies like Google and Microsoft will be ok, but small start-ups may end up offering IPv6-only services. Imagine if one of those start-ups comes up with a killer app that everyone wants, but can only be used over IPv6 - anyone who hasn't rolled out support on their network will be pressured into rapid unplanned upgrades.

All of this will be a gradual process but no one can predict how quickly this will happen, so ICT managers do need to be aware and plan for the future.

What will become of IPv4?

IPv4 isn't going away for the time being, and many services are already available using both IPv4 and IPv6. The most likely setup in the future will be for most networks to use both IPv4 and IPv6 concurrently, known as "dual stacking". The IPv4 addresses will often be hidden behind CGNAT systems, with reduced functionality, and be used to access remaining IPv4-only services. The IPv6 addresses will be used in preference wherever possible.

Eventually, the cost of maintaining legacy IPv4 systems will outweigh the benefit of any remaining IPv4-only services. But this isn't likely to happen for decades - IPv4 will be around for a long time to come.

But I like NAT!

Network address translation (NAT) has been in widespread use for the past 20 years and a lot of people have grown up with networks that have to use NAT in order to access the internet. However, NAT isn't usually needed for IPv6 networks. NAT is often seen as a security measure, so the prospect of not using it any more can be scary.

The first thing to realise is that NAT itself isn't providing the security. NAT relies on a firewalling technology known as stateful packet inspection (SPI). An IPv6 network would still use stateful packet inspection between the LAN and the internet, and this would provide the security usually attributed to NAT.

Doing away with NAT actually turns out to be beneficial on a number of counts. Peer to peer applications, such as internet telephony, can be unreliable when NAT is involved, and compromises have to be employed to work around these problems. If NAT is not used, many of these problems simply go away. Ensuring that addresses remain untranslated also makes debugging network problems far easier.

Lastly, NAT does still exist under IPv6, but is usually only used in niche situations, such as for load-balancing several independent internet connections. Care has to be taken to only use these techniques on certain traffic, to avoid breaking peer to peer applications.

What steps should ICT managers be taking?

Nothing will change rapidly, so there is no great pressure to rush through big changes. But no one can predict exactly how quickly this will change, so it is definitely worth keeping this in mind when buying new equipment, learning about IPv6 and planning for the future. Our research indicates that around 70% of school ICT managers in the UK have not thought at all about what will be required to support IPv6!

Every mainstream operating system has had IPv6 enabled by default for many years, so there isn't much you need to do with the workstations, tablets, phones, etc. Connect a modern device to an IPv6-enabled network and it will just work without the user even noticing.

Although IPv6 has been around for a long time, there is still a lot of networking equipment about, which has no or poor support for it. If you're buying brand new equipment, it would be short sighted to not check how well it supports IPv6. You may end up having to upgrade it prematurely later. The ideal would be for all equipment to fully support IPv6, but in some cases lack of support isn't a big deal. You're still going to be able to use IPv4 internally for the foreseeable future, so an IPv4-only printer would be fine as it will only be accessed from internal systems. Equipment that is required to handle internet traffic will eventually need to handle IPv6 though - layer 3 switches, your web filter, etc.

An often overlooked gotcha is that some equipment has fast dedicated hardware to handle IPv4, but older and lower spec equipment might not have the same for IPv6. IPv6 traffic could end up handled by slower software instead, resulting in a lower than expected performance.

If you're switching ISP, check whether they support IPv6. Spending thousands of pounds installing a new leased line that won't support IPv6 could be a concern. Even if you're not switching ISP, it's worth enquiring about the status of their IPv6 rollout. BT, for example, provide IPv6 connectivity as standard on new leased lines - you don't even need to ask.

If you've got all of the above sorted out, draw up a plan and seriously think about starting to roll out IPv6 across your network. You've got plenty of time to resolve any unexpected problems that come up. Its a good idea to start with your internet border and work into the LAN - an IPv6 enabled web proxy can provide access to IPv6 only websites even if your workstations are still on an IPv4-only network.