In principle there is no IPv4 exhaustion! - TCP-IP

This is a discussion on In principle there is no IPv4 exhaustion! - TCP-IP ; Dear Newsgroup Readers, Statistics show: http://www.internetworldstats.com/stats.htm 1,412,489,652 internet connected computers = IP addresses in use = 35% of 4,008,640,512 (2^32 minus multi cast + private networks) 65% of the IP's is still available, probably most of them in stock because ...

+ Reply to Thread
Results 1 to 20 of 20

Thread: In principle there is no IPv4 exhaustion!

  1. In principle there is no IPv4 exhaustion!

    Dear Newsgroup Readers,

    Statistics show:

    http://www.internetworldstats.com/stats.htm

    1,412,489,652 internet connected computers = IP addresses in use =
    35%
    of 4,008,640,512 (2^32 minus multi cast + private networks)

    65% of the IP's is still available, probably most of them in stock
    because companies have large ranges of unused addresses.

    In principle there is no IPv4 exhaustion yet, the stocks can last
    for several decades.

    Kind regards,

    Johan van der Galien.



  2. Re: In principle there is no IPv4 exhaustion!

    On Mon, 28 Jul 2008, in the Usenet newsgroup comp.protocols.tcp-ip, in article
    ,
    galien8@zonnet.nl wrote:

    NOTE: Posting from groups.google.com (or some web-forums) dramatically
    reduces the chance of your post being seen. Find a real news server.

    >Statistics show:
    >
    >http://www.internetworldstats.com/stats.htm
    >
    >1,412,489,652 internet connected computers = IP addresses in use


    From that web page:

    (4) Internet usage information comes from data published by
    Nielsen//NetRatings, by the International Telecommunications
    Union, by local NIC, and other reliable sources.

    but no actual details

    * RIPE NCC
    One of the four Regional Internet Registries (RIRs) providing
    Internet resource allocations, registration services and
    co-ordination activities that support the operation of the Internet
    globally.

    [...]

    * AfriNIC
    AfriNIC (in formation) for the purpose of managing the IP addressing
    in the African continent. In the future it is expected that African
    organizations that presently obtain IP address space from RIPE or
    ARIN will obtain the IP addresses space from the AfriNIC.

    RIPE still has a limited number of allocations in Africa, but they
    generally cover Europe, the Middle-East, and the former Soviet Union.
    AfriNIC has been in business for over three years.

    Page updated on 19 July 2008

    It would appear that the page is trying to gauge numbers based on
    marketing data or site visits. Such results are highly distorted by
    firewalls and proxies. It also doesn't appear to be checking all of
    the data it's publishing.

    >35% of 4,008,640,512 (2^32 minus multi cast + private networks)


    Use that search engine to find a copy of RFC3330. You're ignoring
    a few major blocks like LinkLocal, the loopback, and "this" network
    to name just three. There is also likely to be problems accessing
    240.0.0.0/4 with many operating systems.

    >65% of the IP's is still available, probably most of them in stock
    >because companies have large ranges of unused addresses.


    That's a pretty wild guess to make with no valid data to back it up.
    You may want to read RFC2050 to see how IP blocks are allocated.

    In your Friday response, you were thinking about using ping to gain
    further insight. I don't know about your setup, but a lot of network
    firewalls block pings because of abuse. DNS data has been used to
    get a feel for the size of networks, but that is now generally
    unavailable due to abuse. You may find archives of previous reports,
    but nothing recent.

    Old guy

  3. Re: In principle there is no IPv4 exhaustion!


    "Moe Trin" wrote in message
    news:slrng8sr2d.7u8.ibuprofin@compton.phx.az.us...
    >>65% of the IP's is still available, probably most of them in stock
    >>because companies have large ranges of unused addresses.

    >
    > That's a pretty wild guess to make with no valid data to back it up.
    > You may want to read RFC2050 to see how IP blocks are allocated.
    >

    The numbers are probably wrong but where I work we have all of 15.x.x.x and
    16.x.x.x and probably some more and I doubt we run 0x2000000 machines on the
    internet.

    Andrew



  4. Re: In principle there is no IPv4 exhaustion!

    In article ,
    andrew queisser wrote:
    >"Moe Trin" wrote in message
    >news:slrng8sr2d.7u8.ibuprofin@compton.phx.az.us...
    >>>65% of the IP's is still available, probably most of them in stock
    >>>because companies have large ranges of unused addresses.

    >>
    >> That's a pretty wild guess to make with no valid data to back it up.
    >> You may want to read RFC2050 to see how IP blocks are allocated.
    >>

    >The numbers are probably wrong but where I work we have all of 15.x.x.x and
    >16.x.x.x and probably some more and I doubt we run 0x2000000 machines on the
    >internet.


    Are you volunteering to return some of that address space?

    --
    -- Rod --
    rodd(at)polylogics(dot)com

  5. Re: In principle there is no IPv4 exhaustion!


    "Rod Dorman" wrote in message
    news:g6njep$q74$1@reader1.panix.com...
    > In article ,
    > andrew queisser wrote:
    >>"Moe Trin" wrote in message
    >>news:slrng8sr2d.7u8.ibuprofin@compton.phx.az.us...
    >>>>65% of the IP's is still available, probably most of them in stock
    >>>>because companies have large ranges of unused addresses.
    >>>
    >>> That's a pretty wild guess to make with no valid data to back it up.
    >>> You may want to read RFC2050 to see how IP blocks are allocated.
    >>>

    >>The numbers are probably wrong but where I work we have all of 15.x.x.x
    >>and
    >>16.x.x.x and probably some more and I doubt we run 0x2000000 machines on
    >>the
    >>internet.

    >
    > Are you volunteering to return some of that address space?
    >

    Me? I'm happy if I get a DHCP address each morning in my cube.



  6. Re: In principle there is no IPv4 exhaustion!

    > > Are you volunteering to return some of that address space?
    > >

    > Me? I'm happy if I get a DHCP address each morning in my cube.


    Whether HP returns any of the 15 it was allocated directly many years
    ago, or the 16 which it got with Compaq, which IIRC came with DEC who
    got it directly as many years ago is a decision that would be taken
    _many_ levels above the vast majority of those from HP posting in
    netnews.

    rick jones
    --
    The glass is neither half-empty nor half-full. The glass has a leak.
    The real question is "Can it be patched?"
    these opinions are mine, all mine; HP might not want them anyway...
    feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

  7. Re: In principle there is no IPv4 exhaustion!

    "andrew queisser" writes in comp.protocols.tcp-ip:

    > "Moe Trin" wrote in message
    > news:slrng8sr2d.7u8.ibuprofin@compton.phx.az.us...
    > >>65% of the IP's is still available, probably most of them in stock
    > >>because companies have large ranges of unused addresses.

    > >
    > > That's a pretty wild guess to make with no valid data to back it up.
    > > You may want to read RFC2050 to see how IP blocks are allocated.
    > >

    > The numbers are probably wrong but where I work we have all of 15.x.x.x and
    > 16.x.x.x and probably some more and I doubt we run 0x2000000 machines on the
    > internet.
    >
    > Andrew


    I see.

    http://www.iana.org/assignments/ipv4-address-space/ gives:


    015/8 Hewlett-Packard Company 1994-07 LEGACY
    016/8 Digital Equipment Corporation 1994-11 LEGACY


    There is also some other companies listed, whose are allocated before
    Regional Internet Registries (RIRs) existed.


    / Kari Hurtta


  8. Re: In principle there is no IPv4 exhaustion!

    On Tue, 29 Jul 2008, in the Usenet newsgroup comp.protocols.tcp-ip, in article
    , Rick Jones wrote:

    >>> Are you volunteering to return some of that address space?

    >>
    >> Me? I'm happy if I get a DHCP address each morning in my cube.


    Don't gauge IP usage by what you see locally. Your facility is only one
    of a number of sites running under the HP banner, and some of them are
    quite extensive in their use of IP. Do they need 2^25 addresses? I
    suggest few people at HP are able to answer that without a lot of
    discussion.

    >Whether HP returns any of the 15 it was allocated directly many years
    >ago,


    ARIN doesn't mention the date, but RFC0960 and RFC0990 suggest it's
    sometime in early-mid 1986.

    >or the 16 which it got with Compaq, which IIRC came with DEC who
    >got it directly as many years ago


    ARIN has that as May 18, 1989.

    >is a decision that would be taken _many_ levels above the vast majority
    >of those from HP posting in netnews.


    Address blocks as large as /8s have been returned for re-use in the
    past, but with the exception of 10.0.0.0/8 they were test or temporary
    assignments. One need only compare RFC0990 with the current web page
    from http://www.iana.org/assignments/ipv4-address-space. Such chunks
    are difficult to come by as there are only 44 world-wide - the last
    released was 73.0.0.0/8 in 2005. Prior to that, you are back in the
    early 1990s.

    Old guy

  9. Re: In principle there is no IPv4 exhaustion!

    On 30 Jul 2008, in the Usenet newsgroup comp.protocols.tcp-ip, in article
    <5d1w1bte75.fsf@Hurtta06k.keh.iki.fi>, Kari Hurtta wrote:

    >http://www.iana.org/assignments/ipv4-address-space/ gives:
    >
    >015/8 Hewlett-Packard Company 1994-07
    > LEGACY
    >016/8 Digital Equipment Corporation 1994-11
    > LEGACY
    >
    >There is also some other companies listed, whose are allocated before
    >Regional Internet Registries (RIRs) existed.


    And these happen to be two of them. If you look at the whois data,
    DEC goes back to 1989, but they're not including the data for HP. For
    that, you have to go back to the early 'Assigned Numbers' RFCs, such
    as RFC0990. Some of us go back even before that.

    Old guy

  10. Re: In principle there is no IPv4 exhaustion!

    On 2008-07-28 21:03:19 -0400, ibuprofin@painkiller.example.tld (Moe Trin) said:

    > That's a pretty wild guess to make with no valid data to back it up.
    > You may want to read RFC2050 to see how IP blocks are allocated.



    Great point. Some things I'd like to add, because IP address allocation
    is about much more than the mathematics of it:

    IP address space is not just a "toss-it-here / toss-it-there" resource.
    Routing issues, most especially cooperative efforts amongst ISP's to
    keep the network fabric together via BGP and sane Internet routing,
    complicate the issue of moving address space around. Mix in a little
    bit of corporations not wanting to make it easy for you to move around
    your connectivity, and you get about where we are.

    While it is accepted that it is an exceptionally poor security practice
    to use non-RFC1918 (public) address space inside a corporate network,
    many still do, and it can be a huge effort to rid yourself of public
    address space internally - infrastructure over years of run-time winds
    up collecting dependencies on particular IP addresses that are very
    hard to catch without a lot of time-consuming labor-intensive efforts.
    I went through this in the late 1990's with several large corporations
    - it's not fun.

    What IPv6 represents besides "unlimited" address space is also the
    potential to divorce IP address allocation from any particular
    corporate owner and place it back in the hands of a user, where you
    could buy a device that has an address assigned to it (yes, this has
    frightening privacy implications) - v6 is young enough to take turns
    away from it's practical implementation now to new and exciting places
    (warms up the packet sniffer).

    If anything, the OP's research will probably expose with a bit more
    detail what we already know - IPv4 address allocation is not uniform,
    lopsided, and sometimes even not fair.

    /dmfh

    --
    _ __ _
    __| |_ __ / _| |_ 01100100 01101101
    / _` | ' \| _| ' \ 01100110 01101000
    \__,_|_|_|_|_| |_||_| dmfh(-2)dmfh.cx


  11. Re: In principle there is no IPv4 exhaustion!

    On Fri, 01 Aug 2008 23:26:08 -0400, Digital Mercenary For Honor wrote:

    > While it is accepted that it is an exceptionally poor security practice
    > to use non-RFC1918 (public) address space inside a corporate network,
    > many still do, and it can be a huge effort to rid yourself of public
    > address space internally - infrastructure over years of run-time winds
    > up collecting dependencies on particular IP addresses that are very hard
    > to catch without a lot of time-consuming labor-intensive efforts. I went
    > through this in the late 1990's with several large corporations - it's
    > not fun.


    Although very true, one should also note that non-rfc1918 addresses are
    very useful when connecting to third parties. Whenever a generic
    infrastructure for connecting to third parties has to be set up, one has
    to decide how to address addressing conflicts (pun not intended), as the
    other parties may use the same rfc1918 addresses as you, or some other
    third party.

    That last situation, several third parties, requires the use of NAT
    somewhere, so you should always implement (a possibility to) NAT if
    implementing a generic third party connection infrastructure. But NAT
    comes with its own drawbacks.

    If you have the non-rfc1918 address space to spare, it is really tempting
    to put your servers/services on a non-rfc1918 address. This will at least
    mean you never have to do a double NAT, which is notoriously difficult to
    operate in some situations. It works OK most of the time, but you can
    really hit a brick wall sometimes, especially when one end doing the
    NATting is not under your control.

    Another use of non-rfc1918 addresses on a non public network is when
    carriers have to set up a generic infrastructure to carry traffic for
    customers who may use any rfc1918 address, so the carrier cannot use
    them. There probably are very good alternatives for this nowadays, but I
    still see two major carriers in the Netherlands do it this way.

    HTH,
    M4

  12. Re: In principle there is no IPv4 exhaustion!

    In article ,
    Digital Mercenary For Honor wrote:

    >IP address space is not just a "toss-it-here / toss-it-there" resource.
    >Routing issues, most especially cooperative efforts amongst ISP's to
    >keep the network fabric together via BGP and sane Internet routing,
    > ...



    >While it is accepted that it is an exceptionally poor security practice
    >to use non-RFC1918 (public) address space inside a corporate network,


    That is complete nonsense. The use of RFC 1918 addresses for private
    networks has no significant security implications. For example,
    that it is likely that some of HP's class-A IPv4 addresses are used
    inside HP's private corporate network is *not* a security problem and
    also probably solves some problems than happen when machines on
    two different corporate networks use RFC 1918 addresses.


    >What IPv6 represents besides "unlimited" address space is also the
    >potential to divorce IP address allocation from any particular
    >corporate owner and place it back in the hands of a user, where you
    >could buy a device that has an address assigned to it (yes, this has
    >frightening privacy implications) - v6 is young enough to take turns
    >away from it's practical implementation now to new and exciting places
    >(warms up the packet sniffer).


    One of the reasons that is even more wrong than the nonsense about RFC
    1918 addresses doing anything for "security" is alluded to the text
    quoted above about Internet routing. It has never been clear that the
    exhaustion of IPv4 addresses is a bigger problem than the exhaustion
    of free space in default-free router tables. THat the least significant
    bits of an IPv6 address often involve an IEEE MAC address is *not*
    anything like buying a device that has an address assigned to it. The
    privacy issues related to globally unique IEEE MAC addresses exist but
    are trivial compared to other privacy issues that exist with IPv4
    addresses. Privacy issues related to MAC addresses also exist
    wtih IPv4 addesses as demonstrated by the identification and arrest of
    some malefactors.


    >If anything, the OP's research will probably expose with a bit more
    >detail what we already know - IPv4 address allocation is not uniform,
    >lopsided, and sometimes even not fair.


    Nothing will be "exposed" to anyone with any real interest in the issues.
    You can't learn or "expose" much with 10 minutes of fact-free speculating
    and script writing. There are people who have been have been publishing
    observations of IPv4 address allocation and use for many years. For
    just as long, those observations have been combined with various
    assumptions to predict when the IPv4 space will be exhausted.
    You can see that with obvious search engine queries such as
    http://www.google.com/search?q=IP+address+exhaustion

    Raw data as well as discussions about router table space problems can
    be found with http://www.google.com/search?q=cidr+report

    As for decades of IPv4 addresses remaining, not even those who disagee
    with the sky-is-falling stories found with
    http://news.google.com/news?q=IP%20address%20exhaustion
    http://www.google.com/search?q=IP+address+doomsday
    agree with that.


    Vernon Schryver vjs@rhyolite.com

  13. Re: In principle there is no IPv4 exhaustion!

    Andrew,

    andrew queisser schreef:
    >>> 65% of the IP's is still available, probably most of them in stock
    >>> because companies have large ranges of unused addresses.

    >> That's a pretty wild guess to make with no valid data to back it up.
    >> You may want to read RFC2050 to see how IP blocks are allocated.


    > The numbers are probably wrong but where I work we have all of 15.x.x.x and
    > 16.x.x.x and probably some more and I doubt we run 0x2000000 machines on the
    > internet.


    Some time ago, I was in a conference on IPv6, and there was somebody
    from the ripe who mentioned a test-project to clear out one of the
    "legacy" class-A IP-address allocations to reuse it as a allocation
    usefull of a RIR.

    The outcome of the test was that the time needed to do this (identify
    the users, contact them, contact the end-users and migrate them to other
    IP-address ranges: renumber routers, adapt firewalls, change hosts,
    change DNS, ...) was close to two years; which is -in fact- about TWICE
    the time in which an address-space equivalent of a class-A in handed out
    by the RIPE.


    So, that's why the RIPE conciders reclaming these legacy allocation not
    a real option.


    I'll try find a reference to the this.



    > Andrew

    Cheerio! Kr. Bonne.

  14. Re: In principle there is no IPv4 exhaustion!

    Hi,

    > So, that's why the RIPE conciders reclaming these legacy allocation not
    > a real option.
    > I'll try find a reference to the this.


    Found it:

    http://blog.icann.org/?p=271
    http://www.cisco.com/web/about/ac123...fragments.html



    Concidering the fact that IANA now assignes more then one /8 to the RIRs
    and the amount of work involved (and hence, time needed) to reclame
    one class-A block; this is not a practicle solution.



    > Cheerio! Kr. Bonne.

    Cheerio! Kr. Bonne.

  15. Re: In principle there is no IPv4 exhaustion!

    On Sun, 03 Aug 2008, in the Usenet newsgroup comp.protocols.tcp-ip, in article
    <4895963c$0$2862$ba620e4c@news.skynet.be>, Kristoff Bonne wrote:

    >http://blog.icann.org/?p=271
    >http://www.cisco.com/web/about/ac123...sues/ipj_11-1/

    111_fragments

    >Concidering the fact that IANA now assignes more then one /8 to the RIRs
    >and the amount of work involved (and hence, time needed) to reclame
    >one class-A block; this is not a practicle solution.


    Renumber a /8??? Oh, what fun. "Hey, why is $IP_ADDRESS hard-coded
    into application $FOO? The author retired three years ago, any idea
    where the source-code is?" (I actually encountered this 2-3 years ago
    during a sub-net renumbering fiasco, and not only had the author
    retired, he was in a special care home suffering from dementia. Well,
    we needed to replace that unmaintainable application eventually, and
    it only took 15 months and _four_ retries to get the replacement up
    and running. This incident triggered a search throughout the company,
    and it turned up several other "similar" hard-coding problems.)

    http://www.iana.org/assignments/ipv4-address-space

    mentions the 14.0.0.0/8 recovery. The 'cisco' URL states:

    The five RIRs allocate addresses to network operators in their local
    regions. IANA allocated more than one /8 (16m IPv4 addresses) per
    month in 2007 and the rate of allocation is not expected to slow in
    2008.

    IANA actually released 13 /8s in 2007 (92/6 to RIPE in March and July,
    114/7, 116/6 and 120/8 to APNIC in January and October, and 186/7 to
    LANIC in September) and all but 95/8 already have assignments or
    allocations. That paragraph continues:

    The reclamation of Net-14 means there are now 43 unallocated /8s left.

    and that seems to be dated "March 2008". However, the IANA page only
    shows 39 such blocks as of 2008-05-27, and the four missing ones seem
    to be

    [compton ~]$ zgrep 2008 rfcs/ipv4-address-space.05.27.08.gz
    (last updated 2008-05-27)
    112/8 APNIC 2008-05 whois.apnic.net ALLOCATED
    113/8 APNIC 2008-05 whois.apnic.net ALLOCATED
    173/8 ARIN 2008-02 whois.arin.net ALLOCATED
    174/8 ARIN 2008-02 whois.arin.net ALLOCATED
    It was recovered in February 2008.
    [compton ~]$

    and yes, both RIRs are already handing out blocks from these four.

    "The recovery of these addresses offers some breathing room as the four
    billion addresses in IPv4 space are depleted, but it is only a temporary
    solution," added Roseman. "The real and lasting solution is the technical
    move to IPv6-the protocol that will make 340 trillion trillion trillion
    unique IP addresses available."

    And one is left to wonder how many million Windoz9x boxes (and other O/S
    of similar vintage) are still in use, and how they will deal with IPv6.

    Old guy

  16. Re: In principle there is no IPv4 exhaustion!

    Hey Moe,



    Moe Trin schreef:
    >> http://blog.icann.org/?p=271
    >> http://www.cisco.com/web/about/ac123...sues/ipj_11-1/

    > 111_fragments


    >> Concidering the fact that IANA now assignes more then one /8 to the RIRs
    >> and the amount of work involved (and hence, time needed) to reclame
    >> one class-A block; this is not a practicle solution.


    > Renumber a /8??? Oh, what fun. "Hey, why is $IP_ADDRESS hard-coded
    > into application $FOO? The author retired three years ago, any idea
    > where the source-code is?" (I actually encountered this 2-3 years ago
    > during a sub-net renumbering fiasco, and not only had the author
    > retired, he was in a special care home suffering from dementia. Well,
    > we needed to replace that unmaintainable application eventually, and
    > it only took 15 months and _four_ retries to get the replacement up
    > and running. This incident triggered a search throughout the company,
    > and it turned up several other "similar" hard-coding problems.)


    Well, working in a big company myself, I can very much understand this.

    As one of the articles on the "reclaim" excercise for net-14 showed, the
    very first problem the people at AINA faced was simply founding out who
    was actually using these IP-addresses.
    A lot of the companies who where originally given these addresses didn't
    exist anymore or had merged with other companies.

    And it's not because IP-addresses are not visible on the internet, that
    they are not used. It can be that they are used internally in a company;
    and if -all of a sudden- other people would start using these addresses
    on the internet, the company using internally would not be able to reach
    them anymore.



    BTW. A funny remark I came across lately:
    http://www.circleid.com/posts/google...nference_2008/
    (Google's IPv6 conference.

    Listen to Vint Cerf, about 13 min and 30 seconds into the start of the
    first video.


    Apparently, the descission to use 32 bits at IPv4 was actually taken by
    Vint Cerf as after a year-long discussion some 30 years ago if the
    address-lenght had to be 32 or 128 bits, or variable-lenght.

    So, Vint descided to go for the 32 bit range, as -as it was conceived-
    this was only for an EXPERMENTAL network for the US DOD (the original
    ARPA net).
    If this experimental network had showed the concept worked, they would
    do a "full scale" version of it (using 128 bit addresses).


    The problem is that this "experimental" network took off much faster
    then expected; and -before they pretty much realised it- it was to late
    to go back and so -30 years later- we are still stuck with it!
    :-)



    Anycase, it's funny to see how sometimes things get their own dynamics
    and start of by themselfs.
    (however, usually also leaving a hell of a cleaning-up job afterwards),
    as your examples shows.



    > Old guy

    Cheerio! Kr. Bonne.



  17. Re: In principle there is no IPv4 exhaustion!

    On Tue, 05 Aug 2008, in the Usenet newsgroup comp.protocols.tcp-ip, in article
    <48989cd5$0$2861$ba620e4c@news.skynet.be>, Kristoff Bonne wrote:

    [hard coded IP addresses in applications]

    >Well, working in a big company myself, I can very much understand this.


    Another one was the stupid license managers that were hard coded for
    host-id or MAC address.

    >As one of the articles on the "reclaim" excercise for net-14 showed,
    >the very first problem the people at AINA faced was simply founding
    >out who was actually using these IP-addresses.
    >A lot of the companies who where originally given these addresses
    >didn't exist anymore or had merged with other companies.


    Have a look at pages 181 to 185 of RFC1700. Some of those _people_
    don't exist any more.

    >So, Vint descided to go for the 32 bit range, as -as it was conceived-
    >this was only for an EXPERMENTAL network for the US DOD (the original
    >ARPA net).
    >If this experimental network had showed the concept worked, they would
    >do a "full scale" version of it (using 128 bit addresses).


    In a way, this is understandable. ARPA net was connecting mainframe
    computers (there really weren't that many other computers that had
    network connectivity at the time). The company I work for had four
    addresses, one of which was in regular use. It's a bit different now,
    as I've got four computers in my office, and all are networked. At
    the time, 4e09 addresses was more than enough. RFC0717 (July 1976)
    lists _four_ networks (out of 256 possible) each of which could have
    1.67e07 hosts. By January 1983, RFC0820 reports 72 networks by name
    and says there is actually 1097 total. But a month later, RFC0846
    lists only 325 hosts in the NIC hostname table of 18 February 1983.

    Old guy

  18. Re: In principle there is no IPv4 exhaustion!

    On 2008-08-02 09:57:02 -0400, vjs@calcite.rhyolite.com (Vernon Schryver) said:

    >> While it is accepted that it is an exceptionally poor security practice
    >> to use non-RFC1918 (public) address space inside a corporate network,


    Read me carefully, Vernon, I said that using public IP address space is
    a poor security practice.

    > That is complete nonsense. The use of RFC 1918 addresses for private
    > networks has no significant security implications. For example,


    Sorry, it does have security implications. My practical experience in
    SOC's, NOC's and a bunch of places where combinations of bad routing
    hygiene, old operating systems, and a few inventive tricks by some of
    Uncle Ivan's (Russian) best computer gurus compromised hosts "left" on
    public IP networks. The fact that BGP and your local Internet gateway
    router will not pass something that needs routing to 10/8 on the public
    Internet is a powerful and useful last-line-of-defense tool. Go take a
    look @ what a company called Lumeta does - let some of their geeks into
    a large corporate network, and you'd be surprised what you can get to
    leak out of the Internet gateways.

    > that it is likely that some of HP's class-A IPv4 addresses are used
    > inside HP's private corporate network is *not* a security problem and
    > also probably solves some problems than happen when machines on
    > two different corporate networks use RFC 1918 addresses.


    Right, because folks internally refuse to clean things up with often
    lame and stupid excuses, and a lack of a cohesive corporate addressing
    strategy - if Wall St. can do this, other companies can do this. Been
    there, seen it, done it. The rarer cases are claims that : "I can't
    clean this up, my machine was hard-coded, programmer is gone.".

    > privacy issues related to globally unique IEEE MAC addresses exist but
    > are trivial compared to other privacy issues that exist with IPv4
    > addresses. Privacy issues related to MAC addresses also exist
    > wtih IPv4 addesses as demonstrated by the identification and arrest of
    > some malefactors.


    We just have a difference of opinion. You have your opinion and
    expressed it, I have mine. I never believe I'm universally correct.

    > Nothing will be "exposed" to anyone with any real interest in the issues.
    > You can't learn or "expose" much with 10 minutes of fact-free speculating
    > and script writing. There are people who have been have been publishing
    > observations of IPv4 address allocation and use for many years. For
    > just as long, those observations have been combined with various
    > assumptions to predict when the IPv4 space will be exhausted.


    You assume I support the OP's position, I don't, I merely wrote about
    some other conclusion that can come from the OP's posting. I guess I
    hit a technical sore spot for you, do me a favor, calm down and realize
    that while we may disagree, I respect your opinion. Respect mine. Both
    of us are basing our opinions on real-world knowledge and years of
    experience.

    /dmfh

    --
    _ __ _
    __| |_ __ / _| |_ 01100100 01101101
    / _` | ' \| _| ' \ 01100110 01101000
    \__,_|_|_|_|_| |_||_| dmfh(-2)dmfh.cx


  19. Re: In principle there is no IPv4 exhaustion!

    Interesting story.

    I think this warrants a "recollection protocol" or so... to prevent ipv6
    becoming the same mess as ipv4

    Heck it could even be implemented for ipv4 but then everybody would have
    to support it unless ofcourse "big boss" is willing to break some
    non-cooperating people

    Though you seem to be a belgium that worries me a bit LOL.

    Bye,
    Skybuck.

    "Kristoff Bonne" wrote in message
    news:48959170$0$2850$ba620e4c@news.skynet.be...
    > Andrew,
    >
    > andrew queisser schreef:
    >>>> 65% of the IP's is still available, probably most of them in stock
    >>>> because companies have large ranges of unused addresses.
    >>> That's a pretty wild guess to make with no valid data to back it up.
    >>> You may want to read RFC2050 to see how IP blocks are allocated.

    >
    >> The numbers are probably wrong but where I work we have all of 15.x.x.x
    >> and
    >> 16.x.x.x and probably some more and I doubt we run 0x2000000 machines on
    >> the
    >> internet.

    >
    > Some time ago, I was in a conference on IPv6, and there was somebody
    > from the ripe who mentioned a test-project to clear out one of the
    > "legacy" class-A IP-address allocations to reuse it as a allocation
    > usefull of a RIR.
    >
    > The outcome of the test was that the time needed to do this (identify
    > the users, contact them, contact the end-users and migrate them to other
    > IP-address ranges: renumber routers, adapt firewalls, change hosts,
    > change DNS, ...) was close to two years; which is -in fact- about TWICE
    > the time in which an address-space equivalent of a class-A in handed out
    > by the RIPE.
    >
    >
    > So, that's why the RIPE conciders reclaming these legacy allocation not
    > a real option.
    >
    >
    > I'll try find a reference to the this.
    >
    >
    >
    >> Andrew

    > Cheerio! Kr. Bonne.




  20. Re: In principle there is no IPv4 exhaustion!

    On Jul 28, 3:34 pm, gali...@zonnet.nl wrote:
    > Dear Newsgroup Readers,
    >
    > Statistics show:
    >
    > http://www.internetworldstats.com/stats.htm
    >
    > 1,412,489,652 internet connected computers = IP addresses in use =
    > 35%
    > of 4,008,640,512 (2^32 minus multi cast + private networks)
    >
    > 65% of the IP's is still available, probably most of them in stock
    > because companies have large ranges of unused addresses.
    >
    > In principle there is no IPv4 exhaustion yet, the stocks can last
    > for several decades.
    >
    > Kind regards,
    >
    > Johan van der Galien.


    Dag.
    Ik gedink als U.

    I say, yes. Untill some moment I thought perhpas as you, following the
    figures simmilar to given by you.

    But, there are some details:

    1. When exhaustion of addresses will be happend it'll be very hard
    problem. And the soltion for such problem wouldf require some urgent
    measures. The problem may negatively affect some heavy problems as
    "digital divide". (Finally there are more people in this world than
    available number of IP-addresses. However if calculate the expression:
    256*256*256*256/12,000,000 perhaps there are few addresses for each of
    12,000,000 with no descrimination for their origin.)

    2. But personal computers and servers, there are other kinds of
    interent devices which in particular may not be connected directly to
    interent because IP address is given to computer.

    3. Shortage of IP addresses is not the only problem of IPv4. There are
    some limitations which result in some extra latency of the network.
    Too little data field may result of IPv4 results in improperly huge
    number of packets with their following managing, with spends of
    performance at routers servers, client hosts, and other kinds of
    equipment.


+ Reply to Thread