IPv4 exhaustion and the way forward

Guillermo Cicileo

HOW  ARE  INTERNET  ADDRESSES  ASSIGNED?

IANA

AFRINIC APNIC ARIN LACNIC

ISP

Usuario  Final

Usuario  Final

ISP Usuario  Final

RIPE

IANA (Internet Assigned Numbers Authority)actualmente bajo la responsabilidad de ICANN(Internet Corporation for Assigned Names andNumbers)

Allocation of Internet number resources

Regional  Internet  Registries  -­ RIRs

IPv4 exhaustion

• Starting 2011, IANA depleted its IPv4 central stock

RIR IPv4  resources

APNIC Last  /8  since April  2011

RIPE Last  /8  since Septembrer  2012

LACNIC Stage  2  of  IPv4  exhaustion  since  June   2014

ARIN Depleted  its  IPv4  stock  on July   2015

AfriNIC It’s  the  only   RIR  with  IPv4 addresses   available

Why do we say IPv4 is exhausted?

• More restrictive policies for IPv4 assignment• Before: assignment based on organization

needs– Organization size, adequate justification of need

• Now: maximum block is /22 (1024 addresses)– Independent of organization size, type, coverage,

etc

APNIC  Region

RIPE  NCC  Region

Allocated IPv4 Addresses (total)

0

50

100

150

200

250

300

2005 2006 2007 2008 2009 2010 2011 2012 2013 2014

Allocated  IPv4  Addresses   (Millions)

Allocated  IPv4  Addresses  (Millions)Fuente:    www.potaroo.net

Daily assignment rate

Fuente:    www.potaroo.net

LACNIC  IPv4  exhaustion2015-­10-­23:

0.134  /8s

2247680IPv4  addresses

End of  stage 2  modelo  1:  2015-­12-­30modelo  2:  2015-­11-­28modelo  3:  2015-­11-­05

WHAT TO DO NOW?

Connected users and devices growth

Three possible options

• Carrier grade NAT / Large scale NAT– No large-scale growth

• Secondary markets of IPv4 addresses– Increasings costs & short term solution

• IPv6 deployment with possible transition techniques: NAT64/DNS64, 464XLAT, MAP, dual stack with CGN

What are ISPs doing in LAC?

• Most of the ISP are deploying CGN for massive access:– In the mobile network– In the residential network (xDSL+HFC)– When users have problems with CGN, they

assign a public IP• For corporate access: usually public IP

addresses are used• Not a good solution

CGN problems

• Sharing one IP address implies a change to the point to point IP communication model of Internet

• ACLs (access lists) filters have collateral effects– Blocking some "bad" traffic may block also "good" clients

• Problems to identify IP use: it will be necessary to store IP+ports to know who is behind an IP address

• NAT boxes have problems with large number of sesions

• Some applications do not work trough CGN• Geolocation problem: customers from different

countries may share the same IP address

The  answer  is  IPv6

• Designed  during  the  90s  is  the  definite  solution  to  address  shortage

• What’s  different? Too  much  larger  address  space:  128  bits– 2^128  >  3,40*10^38  IP  addresses

• One  single  LAN  can  have  many  more  addresses  than  the  current  Internet

• An  ISP  may  have  2^32  subnets  (the  same  address  space  that  the  whole  current  Internet)

Important: both protocols will coexist for long time• There is no migration but a gradual transition• A number of transition techniques have been

defined– At the beginning were based on a mostly IPv4

Internet• Dual Stack• Variety of tunnels

– Currently thought for an IPv6 Internet• Translation: NAT64/DNS64• 464XLAT, MAP-T, MAP-E, DS-Lite & more

IPv6 deployment(wrt IPv4)

Content in IPv6

• People usually say: “there’s no content on IPv6”

• That’s a misconception:– At least half of the content accessed from

different networks and countries is already on IPv6

– Traffic is what matters, not the nominal number of websites

– Most of CDNs, Google, Youtube, Netflix, Facebook, etc, are already on IPv6

Deploying IPv6 now

• CGN will be less loaded– More than half of traffic will go through IPv6– Apps that don’t work behind CGN will go native

on IPv6– Apps that use a lot of sessions will go native on

IPv6• Less problems with users, fewer complaints

to help desk

Other posibilities

• Deploying 464XLAT on mobile network– Dual translation for allowing IPv4-only apps to

work– No more necessary to have dual stack– IPv6 only network on the mobile

• Deploying IPv6 only Datacenters– Using NAT64 or 464XLAT it’s an option– See draft-ietf-v6ops-siit-dc-03

• SIIT-DC: Stateless IP/ICMP Translation for IPv6 Data Centre Environments

IPv6 is a must

• Internet growth continues– IPv4 exhaustion is a consequence of Internet

success– New regions impose an increasing demand– New devices allways connected and globally

accesible• Address shortage it’s a limiting condition for

Internet growth and development– IPv6 is ready– It’s the only protocol designed to replace IPv4

Thanks…