November 17, 2014
In a recent InformationWeek commentary headlined The IPv4 Sky Really Isn't Falling, Lawrence Garvin writes: "We've been hearing for years that we're running out of IPv4 addresses. But we're not running out -- they're not all in use." Garvin asserts that the depletion in IPv4 addresses is artificial.
That's simply not true, and I'm here to tell you why.
Here's the reality: The region served by my organization, the American Registry for Internet Numbers (ARIN), the group that administers IP address space in the US, Canada, and much of the Caribbean, will deplete its remaining pool of unassigned IPv4 addresses in the very near future. The numbers are what they are. Available space is running out, and the number of IPv4 addresses available in this region will reach zero soon.
[For a different perspective, see The IPv4 Sky Really Isn't Falling.]
Garvin may not have been aware, but the Asia-Pacific, Europe, and Latin America regions already have run out. ISPs in those regions now are changing how they connect new customers. IP addresses can be shared in some cases, but there are limits to such approaches. This means that mobile and other fast-growing service providers are already switching to IPv6 to connect customers, even though there are still IPv4 addresses available in the ARIN region.
The transition from IPv4 to IPv6 is underway, and though there's no need to panic, it's still important to incorporate the implications of this transition into planning processes now. For many CIOs, the long-running nature of this transition might imply no impact to current public-facing Internet services and infrastructure, but that's not the case. It's why major companies (including Google, Facebook, and Cisco) have deployed IPv6 for their public services. Ignoring the IPv6 transition puts organizations at a disadvantage against their more forward-thinking competitors, as the Internet moves on without them.
ISPs are the main consumers of IP address space, as they make use of additional IP address blocks to connect new customers. Throughout the history of the Internet, ISPs have routinely come to the Internet number registry system to get IP address space, and there has always been space available. They received unassigned address space from the central free pool, used it to connect additional customers, and then repeated the process when they needed more IP addresses. You can find an excellent tabular history of the utilization of the IPv4 address space here.
The rate at which IP addresses are being used has been increasing over time for two main reasons: More devices are physically connected to the Internet, and those devices are online (and thus need an IP address) more often. Technologies to share IP addresses (such as NAT) presume that devices are on the network only part-time, but that's no longer the case in our increasingly connected world. From 2000 to 2010, the allocations of IPv4 address space from the central free pool averaged more than 160 million each year. This growth has depleted the central IPv4 free pool, thus forcing ISPs and other organizations to make more efficient use of what's left.
As Garvin points out correctly, a handful of very large IPv4 address blocks (i.e., "Class A" or "/8" in CIDR notation) aren't active on the public Internet. The very large assignments from the earliest days of the Internet consisted of about 16 million addresses each, and (excluding reserved values) 125 of them were available for general use, accounting for about 2 billion IP addresses total. The vast majority of the large "Class A" blocks are in use on the public Internet today. A recent analysis suggests that only about 15 of these address blocks were largely unused as of 2014. Having 15 of these large blocks unused may seem like enough room for growth, but it pales in comparison to the requirements of the ISP community for adding customers. Even if all those addresses were immediately put to use, it wouldn't meet even three years of the average demand as noted above, and service providers need to invest in infrastructure based on a far longer return on investment.
In the meantime, it's still important to make efficient use of IPv4 addresses. Address holders who don't need their IPv4 addresses have always been encouraged to return them. In fact, many organizations, including the US Department of Defense, Bolt Beranek & Newman, and Stanford University have returned significant amounts of IPv4 address space. Also, policies have been established that support transferring address space to parties in need, creating a secondary market.
But recovered and transferred space won't be enough to change the Internet's trajectory toward IPv6. At best, it provides transitional options.
The move to IPv6 already is underway. Whether you realize it or not, an increasing number of devices connected to the Internet via IPv6 already are accessing your public-facing web servers. These accesses appear as IPv4 to websites that aren't IPv6-enabled, as a result of translation by service provider gateways. The potential negative impacts of that indirect path include degraded performance and incomplete user metrics.
The timeline and business case for deploying IPv6 in your enterprise network are under your control, but the public Internet is already deploying IPv6. Keeping current with this change requires organizations to enable IPv6 for their public-facing services.
Apply now for the 2015 InformationWeek Elite 100, which recognizes the most innovative users of technology to advance a company's business goals. Winners will be recognized at the InformationWeek Conference, April 27-28, 2015, at the Mandalay Bay in Las Vegas. Application period ends Jan. 16, 2015.
About the Author(s)
You May Also Like
Q3 Threat Horizons Report
3 Real-World Challenges Facing Cybersecurity Organizations
Responsible data use: Navigating privacy in the information lifecycle
The Definitive Guide to Understanding IP Addresses, VPNs and their Implications for Businesses
Top Six Recommendations to Improve User Productivity with a Hybrid Architecture