AWS adds an extra 5.5M IPv4 addresses
low whistle I imagine they paid a pretty penny for those /12s.
A thought comes to me: If IPv6 adoption continues to drag along, and AWS/Azure/GCP continue to expand their IP blocks like this, how quickly are we in danger of the cloud providers effectively being the Internet?
I've worked in the cloud hosting industry for a decade and a half. The entire time, we were warned about the IPv4 shortage and how we needed to switch to IPv6 soon(tm). Well, things haven't changed. Everyone is dragging their feet on IPv6 adoption from hosting providers, ISPs, hardware manufacturers, and software developers. I predicted this years ago and always said that it would require a government mandate to move on from IPv4.
I honestly believe we are going to ramp up NAT in the coming years before really doing away with IPv4.
NAT is ramping up on client side. Many home-internet connections are now NATted twice - in CPE, then again in CGN.
On the server side, in contrast, NAT is winding down. 15 years ago, it was common to have either DMZ-style NAT, or on AWS you had to have NAT (they call it EIP). Nowadays, having a CDN or could-native load-balancer in front of your server is increasingly common. And behind those, that server just don't need a public IP (maybe only a shared outboud NAT for OS updates). That is - if you have a server at all (and not moved to lambda, S3, etc...)
Yesterday i spend 2 hours trying to figure out why i couldn't ping my home router, only to find out this is probably the reason.
Luckily i had created a reverse ssh tunnel on a vps before leaving.
ISP blocking ICMP might be a more probable reason than CGNAT. At least where I live.
To be fair, this is exactly the type of thing you’d expect China to be good at, unilateral decision making.
Also, when your country's population is such that the entire IPv4 address space could only allow three addresses per resident, with that ignoring all reserved / multicast restrictions...
All this is because IPv6 addresses are too long. If they’d made it 48 or 64 bits we would be fully converted by now. We are dragging because people hate using it.
I’ve been saying this for years. Nobody gets it because geeks don’t get ergonomics.
I wonder if we see large use of IPv4 and IPv6 adaptation how tricky it will be to adapt and be able to have enough FIB in boxes to hold all those resolutions I wonder how many companies will go into buying beefy chassis rather than implementing some some low level fragmentation for two families
I guess there's a large pool of IP addresses used by residential ISPs that could be recycled relatively easily.
When I lived in Ireland I only got a public IPv6, my IPv4 was behind CG-NAT. The nerd in me wasn't a fan of that on paper, but in reality I didn't have any issues with it.
I could see ISPs making a quick buck by switching to CG-NAT on IPv4 so they can sell off their IPv4 blocks.
Those IPs being recycled for servers/services doesn't seem too risky, given that they're not typically hosting anything.
Problem with CGNAT is the costs involved in bookkeeping for law enforcement.
Where an IPv4 solution for your clients only needs change-logging on IPbinding-to-client level, the CG-NAT requires you as an ISP to log every outgoing IPv4/port combination with timestamp to client mapping.
Which requires A LOT more storage and much more expensive equipment.
Going rate per IPv4 is up to $40 nowadays, selling of your v4 block might not be cost-efficient.
Disclaimer: I work with this stuff and might be a little biased to certain vendor solutions.
A good CGNAT implementations have support for static blocks: the subscriber always ends up a a specific ipnumber+portblock combination. (Each subscriber is assigned a specific number of exit ports and this all just logged once during startup so you always know where each subscriber ends up).
Should they run out of their assigned portblock, there are pools which you can borrow from (these need then to be logged who borrowed at what time etc). So all in all there is less logging than when everything was dynamic.
And law enforcement inquiries barely contain source port information, or precise time. Most of then go like: who had this IP in $this-two-weeks-window. No source port, no destination IP/port.
"We don't have the ability to determine a specific subscriber based on the information provided" and close the request.
that will just lead to a whole lot of "we dont have that information" or alternativly, "all of these 10000 people used that, have fun!"
And isn't that the privacy we all would really enjoy? :D
Anything that makes mass surveillance more expensive is a plus in my book.
Whilst I don't necessarily disagree with the sentiment, all the costs an ISP might incur will almost certainly be passed into the consumer. We're paying to be surveilled in many different ways.
I'm finding more and more that I go to some random website, and get a message about an IP ban. That or a 401 error with no context.
If cgnat keeps scaling, these ip Limiters need to phase out.
>
Where an IPv4 solution for your clients only needs change-logging on IPbinding-to-client level, the CG-NAT requires you as an ISP to log every outgoing IPv4/port combination with timestamp to client mapping.Why does each individual connection have to get a port from the global allocator, rather than any of the pooling or hierarchical techniques that high performance memory allocators use?
I've had a static ipv4 address on a home internet connection for almost 10 years, now. They're out there...
I used to have that. Then all residential customers were put under a CGN, and you can ask for a dedicated, public IP, free of charge. I imagine 99.9% of users can't tell the difference so the ISP saved a lot of IP space, while customers are just as happy.
Yup, ISPs in countries that got a nice big block if addresses in the early days can still manage this. I have a cable connection that was originally provided by NTL (now Virgin Media). My IPv4 address changes about once a year now as they do upgrades/maintenance. It used to change even less.
> WThe nerd in me wasn't a fan of that on paper, but in reality I didn't have any issues with it.
No issues? So, how are people supposed to be able to access your machine then?
Via the mentioned public IPv6 address
If all ISPs supported IPv6 this wouldn't even be news (well, it wouldn't even have happened).
With ZeroTier, TailScale etc. just creating a personal network of your own should help solve the issue I guess.
I usually used Teamviewer.
Why should I want people to be accessing my personal desktop/laptop/tablet?
It's cause you want to get to your home boxen from outside.
Surely you know this is a super niche requirement?
You can use IP6 or a commercial rather than domestic ISP if you really need to do it.
There are other solutions to this problem now. Tailscale comes to mind.
Most domestic users don’t want or need this. If you’ve got a special requirement use a commercial ISP.
That makes me realise there is an incentive for ISPs to hold out on supporting IPv6. If IPv6 was widely supported then their IPv4 blocks would be worthless. I wonder how many will be holding out on deploying IPv6 until they can offload their still-valuable IPv4 addresses.
IPv6 adoption is just sad. Sharing an anectode: Back in 2002, I was using a 56k modem on a linux box 24/7 from home with a dialup flatrate. Being an avid IRCnet user, I setup an IPv6 tunnel with a tunnel broker (I think it was Hurricane Electric - it was before Aiccu was a thing) and connected to the IPv6 IRCnet servers. There was once a channel #uptime which was a contest: On start of contest, everybody in channel got voice - and the person to last hold voice would win (you lose voice when your TCP connection disconnects). Even so I had a forced disconnect every 24h, amongst over 100 users (mostly Servers, Bouncers, Universities etc.) I ranked 6th place in the end (after couple of weeks), because my ipv4 dialup was reconnecting fast enough to receive the buffered ipv6 tunnel pakets from the broker. Today I have no more IPv6 since SIXXS shut its doors a couple of years back, and my provider (o2/Telefonica) hasn't roled it out to me yet.
Looking back those 19 years, the availability and state of IPv6 has worsened for me - even though IPv4 shortage was known back then.
I find the ipv6 address scary because IP geolocation gives that in the same city district. Cgnat would be better because the server would see ipv4 of the ISP.
I don't know, is there a way to not show my ipv6 and fall back on cgnat address because that looks much more secure in terms of not getting doxed and ad tracked.
That’s not inherent to IPv6 though, your ISP
chose to be more specific in the location data for those addresses. If it’s sufficiently detailed as to “dox” you, maybe ask them not to do that?
Both AT&T and Comcast do this with IPv4 as well.
Yeah, NTL/Virgin Media in the UK do the same in that their IPs geolocate to where the node/head end is. In a city, it's not going to be specific enough to uniquely identify you but it's still weird seeing ads that aren't
that far away.
On the other hand, the IPv4/v6 addresses on my A&A connection geolocate to either London or Bracknell (where their office is), about 400 miles away. I get a lot of pointless ads for things in Surrey that I have no intention of visiting.
i have never used google search but the other day someone used that infront of me and on the bottom i saw what appeared to be "pin code for approximating your current location for local results" and something to that end. that scared me big time because this was like my home pin code, my small city has like 30 so this is narrowing me down to a single one which i am not comfortable with
Right, but is Google doing this with the information they get from your IP address or something else entirely? Is it just coincidence that your IP address corresponds to your ISP’s office which happens to be relatively local?
With loose enough permissions your browser has a geolocation API that, depending on your device, will be a hell of a lot more accurate (if you have Wi-Fi hardware it can use that to work out where it is relative to the known locations of the SSIDs it can see, or straight-out use GPS).
None of this has anything to do with IPv6 - you give away some location information with your username and profile on this very site, for example.
I assume a vpn, ssh tunnel, wireguard or any other type of proxy would hide your residential ip.
Sure, just disable IPv6 support in your OS.
> are we in danger of the cloud providers effectively being the Internet?
Between cloudflare and AWS/Azure/Google most of the Internet is an oligopoly right now.
Interesting how nobody else replied to this part of your comment.
Well, when the internet cartel pays your bills...
Technology certainly scaling and improving but it's being concentrated in fewer and fewer hands. In the past I could compete with most sophisticated companies, it wasn't unattainable. Barrier to entry is simply too high now. No single or small team of developers and technologists is going to compete with AWS.
Public auctions (which they didn't use) are currently in the $45-50 per IP ballpark. At that price it's $247.5 million worth of IPs.
At auction the larger networks tend to go for less money per IP since there is a smaller market of people who want and can buy them (you have to be approved by ARIN/RIPE/etc. for the allocation size), which drives the price down.
That’s not actually too expensive, considering they make that money back in a few months if all those IP’s are hosting even their smallest server.
What's the cutoff for larger networks where the price starts to go down? Would say, a /16 count? Or does that effect kick in as low as, say, a /20?
I think that it starts to have downward pressure at /22 to /20. You can see Hilco's historicals at [1]. Not all purchases are done in public though.
It seems to me like an arbitrage opportunity, since /24 and /23 networks have many more potential buyers. But you have to be approved with a regional registry for the amount of space in order to buy it.
Observing things from the buy side, I suspect that IP space is being brought to auction in a slow but steady trickle so as to maintain upward momentum on prices. The price has approximately doubled in the last year.
[1] https://auctions.ipv4.global/prior-sales
>
But you have to be approved with a regional registry for the amount of space in order to buy it.This hasn’t been my experience in RIPEland since post IPv4-exhaustion. Is this an ARINism?
That's my understanding with ARIN, yeah.
Yeah I would like the FTC go after new IPv4 deployments / mandate dual stack on anti-trust grounds.
That's an interesting idea. I don't know if the FTC has the authority to do so under the current powers given to it by Congress, and I don't know if I'd like the precedent of them trying without Congress so delegating that power. I'd be totally willing to discuss Congress delegating them said authority.
How does IPv4's use translate to anti-trust?
Controlling 200 times more of a critical resource than the next competitor does not sound like healthy competition.
Promoting the continued dominance of a standard which causes artificial scarcity.
I can't understand the reasoning here.
They need to go after other service provider, not isp.
ISP provide CGNAT to facilitate access to ipv4 only service.
ietf and friends could have made ipv6 only address the shortage but decided to change a bunch of other stuff too
IPv6 is trying to do too much in my opinion. This is partially why adoption is slower than it could be.
Having just realized my internet provider, cox, does not actually support ipv6 for the 2 million plus subscribers in my state I think it is safe to say that ipv6 is dead and will never take the place of ipv4 in our lifetimes.
Don't get me wrong. They say they support it, they have lots of PR that says the support it but in fact as a subscriber they do not.
Ehn, I don't know if you can go from
"my internet provider, cox, does not actually support ipv6" to "I think it is safe to say that ipv6 is dead".
There are much more comprehensive ways to look at ipv6 adoption, e.g. https://www.google.com/intl/en/ipv6/statistics.html
Mine had some beta program years ago. You had to find a number to call which was hidden away in a locked filing cabinet hidden away in a disused lavatory.
They were purchased recently and maybe there is hope now.
in our lifetimes. you don't think ipv6 will overtake ipv4 in the next 50-odd years? think about the year 1971 and what was thought possible then
Overtake: yes.
The ability to launch a public-facing, commercial service and pretend like IPv4 never existed and you don't have to worry about it at all? Probably not within our lifetimes.
I am not sure about that. When IPv6 support nears 95%, the pressure will be on those few ISPs to give access to those areas inaccessible from v4. Think of all these websites that need to be cheap and are happy enough with reaching 95% of the audience: blogs, small businesses, anything education related, etc. That should help going from 95 to 100.
Cox has had ipv6 for quite a while. Hell for a while they kept shutting down my ipv4 leaving me only with ipv6. That was fun to get through tech supports head. Took three times of that happening for a day or two before I finally got to a level 2/3 tech that at least understood what I was talking about.
Same thing here with Spectrum.
Where are you located?
I'm on cox in southern california, and they rolled out IPv6 some time in the last year or so.
Last October, Amazon bought ~4 million addresses by bribing the corrupt technocrats of a radioamateur "non-profit" organization. Fuck Amazon, fuck those corrupt technocrats (like the ICANN/.org team who tried to sell the TLD). It's incredible what this kind of people can get away with.
Previous discussion on HN:
https://news.ycombinator.com/item?id=24753654
Well, if that organisation didn't have a use for those addresses... I don't see what the big deal is.
I think the question is why not sell them openly instead sell them via backgate..
I assume Amazon came to them and offered the money and they accepted. I don't see anything shady about that. How do you sell something "openly"? Via an auction website? Is that standard procedure for everything these people sell?
Standard Internet procedures for IP addresses is apply to your Regional Internet Registry for addresses, and the panel decides who will make best use of them (usually smaller/newer providers are prioritized). You only pay administrative/membership fees for the addresses because IP addresses are technical bits not property... everyone operates addresses but nobody owns them.
That people sell food and houses is disconcerting in the physical world and creates real problems for real people where some can't afford to eat or have a roof over their head despite a global abundance of resources. That people do the same in the virtual world, with literal numbers, is beyond the scope of comprehension: pure madness.
The fact that you find private property "disconcerting" is enough to know this conversation is not going to go anywhere.
You also have to know that they got the address range for free, for the common good. Before they would be taken over by money.
That organization did not own those addresses. In the most generous interpretation of the situation, they were administrative custodians to the good usage of those addresses.
Reselling them to a for-profit company was definitely not what was intended by anyone and directly contradicts their mission as custodians. Those addresses were that of the global radioamateur community and no one else's.
That's why i made a comparison with .org. ORG TLD was created exclusively by and for non-profits, so it was a scandal when some execs conspired against the general public to resell it and induce more costs for everyone. Likewise, it's a scandal that when you need/want to build DIY radio Internet setup, your addresses which were reserved for that usage don't exist anymore, as they have been appropriated by Amazon.
Please note that this story would be less of a scandal if the community had been consulted on how much of the IP range to sell (retaining some for legit usage), and/or if that money benefited the community and not some greedy capitalist execs, and/or if they had been reattributed through normal channels (RIPE and other RIRs) and not commercialized, none of which is true.
Amateur radio still has 44.0.0.0/9 and 44.128.0.0/10. Not exactly a shortage.
Also, they are giving back to the community. The largest grant so far was $1,620,000 to save a radio telescope for the MIT Amateur Radio club.
https://www.ampr.org/grants/
They very much did own them, you need to look at the history of ampr.org, who sits on the board and “who” applied for the /8.
These did not belong to amateur radio, TAPR, the ARRL or anyone but this organization.
I have 127.0.0.0/8 for sale! Give me 100 million euros and it's all yours! What do you mean some people are actually using those addresses and i don't own them? RFC makes it very clear local link means my own machine and i pretty much own my own machine, thank you. Do you see how ridiculous is this situation now?
You don't have that for sale, because you don't own it, and if you try to announce it you will get disconnected from all your peers and will have to close shop.
In the consumer space this doesn't matter much. Most internet users at home could have their IPv4 address removed and only provided an IPv6 one.
Mobile internet is commonly served only by IPv6.
It's the hosting/server space where IPv4 matters and will probably be like this for the next 20 years. This will be harder than the python 2 -> 3 migration. We'll continue to come close to running out of IPv4 addresses but we won't ever ween off them completely in the server space.
Meanwhile, Hetzner just added a staggering $19/address setup fee and a soon doubling of prices for IPv4 addresses from them ostensibly due to the rising costs of getting addresses, yet still has virtually no support for IPv6 on their offerings outside of a /64 per dedicated server.
https://docs.hetzner.com/general/others/ipv4-pricing/
Why would you need anything other than a /64 on your server?
Maybe they mean that things like flexible/assignable ips and load balancers aren't available on v6.
Because IPv6 was designed with mobility in mind? .... oh, wait.. that is the IPv6 in fairy tales.
Huh? I've been using IPv6 on their cloud instances for years, and it works just perfect.
You also get a /64 on their cloud servers, one subnet per project iirc.
How is a /64 per dedicated server no support?
IPv6 will never happen without someone forcing hands of big corps and ISPs to switch to Ipv6.
Imagine all social media and streaming services, disable ipv4 within a month. These are not critical services but still will force ISPs to make the switch.
I actually think that what will really drive IPv6 adoption is if the price of IPv4 space continues its upward trajectory unabated. The price has about doubled at auction in the last year.
How are those two things related?
1. There are a ton of owners sitting on inefficiently used IP space.
Any company (not doing cloud hosting or network transit) that's holding a /8 is almost certainly using it very inefficiently, but an owner like Apple will never feel financial pressure to optimize or sell their /8. However, an owner like the university I went to (with a /16 network currently worth $3 million) will eventually face internal pressure to sell that network when the value rises to say $50 million.
As another example, Yahoo is currently announcing subnets containing 4.3 million IPv4 addresses, which is worth $193.5mm at auction. If the price of IPv4 addresses increased by say 10x, their IPv4 space would probably comprise the bulk of the company's value.
2. Owners will need to adopt IPv6 in order to realize these financial gains.
In order to sell a significant portion of their IPv4 space, an owner will have to compact their IPv4 usage into a much smaller space and migrate everything else to IPv6. This will be a huge undertaking for a lot of these places, but at some point it's worth it. By doing that, IPv6 adoption increases.
There is the potential for a feedback loop to be created where demand for IPv4 drops and the prices decline and so fewer conversions are done, but I tend to believe that IPv4 pricing will remain inelastic.
So basically the invisible hand of the market may guide us to IPv6, but I highly highly doubt we will have seen the last of IPv4 even decades from now.
> what will really drive IPv6 adoption is if the price of IPv4 space continues its upward trajectory unabated
...or the opposite: large cloud providers own a lot of valuable IPv4 space. They might want to increase the value of their investment.
Encouraging switching to pure-IPv6 connectivity would be a big loss for them.
> There are a ton of owners sitting on inefficiently used IP space.
This includes AWS, btw. You effectively get a public IPv4 with your instance, regardless of your actual needs. It actually increases your costs to get cloud instances that don't do that.
AWS has that inefficiency baked in to their design, but I'm guessing that they do efficiently deploy their IPv4 space.
That is still a problem for sure, but I thinking of places doing things like giving a printer its own subnet just because they have no incentive to be efficient.
Another one I've heard is that CGNAT shared IPv4 addresses lead to higher hardware requirements to manage that CGNAT. So just by having IPv6 support and having more traffic go through native IPv6 saves ISPs hardware that would've been required to manage the CGNAT.
Found the video: https://www.youtube.com/watch?v=75h4gm7t1oI
I know few universities that still use static ipv4 for computer pools. The admins claim easy for us to monitor for misuse.
My company owns a /16 and everybody gets an static address for each device, so I currently "own" two global IPv4 addresses. But everything is firewalled to hell and we need to connect through a proxy, so what's the point?
This is correct use of IP space.
With a routeable IP on every computer, no one would be a second class (consume-only) user of the Internet.
No corporate IT would have firewall setup to allow every computer to be routable from the internet.
So practically a globally addressable IP or not makes no impact on ability to be routable publicly
The funny thing is social media and streaming is already there:
facebook.com has IPv6 address 2a03:2880:f119:8083:face:b00c:0:25de
instagram.com has IPv6 address 2406:da00:ff00::23ae:4dc1
snapchat.com has IPv6 address 2001:4860:4802:36::15
netflix.com has IPv6 address 2600:1f14:62a:de82:822d:a423:9e4c:da8d
youtube.com has IPv6 address 2404:6800:4006:810::200e
The holdouts are somewhere else. Imagine if cloudflare and cloudfront defaulted to enabling ipv6 - I expect the jump in worldwide ipv6 traffic would be massive. On the other hand the missing services are very tech oriented:
github.com has no AAAA record
Once traffic can default to ipv6, we'll see ipv4 slowly dying, but the defaults really matter.
This will show my lack of ipv6 knowledge but I’ll ask anyway. Say I have an endpoint service somewhere listening only on ipv6.
Let’s take any sort of CDN out of the equation for simplicity. Can I use Cloudflare DNS for the service, such that anyone using ipv6 will connect directly to my service, of course— but can CF do some magic ipv4->ipv6 translation/bridge sort of thing, so that someone on ipv4-only will also be able to connect to my ipv6-only service?
I’d imagine the answer is hopefully yes and perhaps this is trivial stuff these days, but anyway I’m thinking of setting up a blog and might go ipv6 only with it..
You should be able to advertise your ipv6 endpoint in the AAAA record, going direct to the origin, while make the A records pointers to Cloudflare which can then proxy back to your v6-only origin servers.
I was suggesting disabling Ipv4 within a month. Merely enabling Ipv6 isn't going to help.
Years ago, when I perhaps more naively believed in the benevolence of Google, and that wisdom of the Elder True Nerds who worked there would lead us to The Future, I might have applauded them throwing their weight around doing something like that. Possibly with a condescending paternalistic attitude like, "dragging the unwashed masses kicking and screaming into the the future they're too stupid to realize just yet that this will be better for them."
I am no longer so young and naive. Now, there is no doubt in my mind that such a move by Google or the other tech giants would not be made out of benevolence, but because by doing so, somehow, would net them yet greater control over the flow of information across the world. Whether out of an authoritarian desire architect society the right way this time, or chasing their profit margin as far down the asymptote as they can measure, the resultant 1st through Nth order effects would probably be the same for the rest of us.
Control is one argument, but I'd go with the money argument:
All the big cloud providers like Google and AWS as well as the small ones like Hetzner do have an incentive to keep IPv4 going as long as possible. They can charge a premium for things IPv4 "because addresses are scarce". Charging a premium means more profit margin.
At the same time, they do not need to invest in more than lip service for IPv6 support in their offerings: No cloud provider has any comprehensive IPv6 offering, most services don't do IPv6. The edge ones maybe do, but there are always sharp edges, missing docs and general pain, pushing everyone back to IPv4 where the profits are.
I think the "switch" mental model is misleading. IPv6 has already happened, and most users don't notice it since they aren't in the habit of looking at network interface diagnostics on their device. See eg sibling comment about instagram, netflix, facebook etc. v4 NAT will remain in use concurrently and services will remain available over v4 for consumer facing things for a long time.
I will never be able to use IPv6 without someone making those things easier to read. I can barely remember a IPv4 address, but v6 is just insane.
Lucky you, somebody already did that for you. It‘s called DNS. :P
On a more serious node: IPv6 can be short and if used right they are actually short. Unfortunately, people continue not to care about relearning their habits and treat IPv6 as if it‘s a 1:1 replacement of IPv4 (you can even see it in this threat when people ask „why would you need more than a /64“). A major blocker in IPv6 aren‘t just the IPs but that all sys admins out there are trained to treat IPs as they got used to from the v4 world and can‘t stop to think of them as scarce resources instead of applying a hierarchical approach.
This. I honestly think the FCC will have to mandate it's adoption and give a hard date for the termination of IPv4 for it to work. Both will need to occur.
Hopefully, that is more successful than the time the US mandated the use of the metric system.
I thought ISPs were actually doing pretty well? Big corps are moving slowly but I think it's mostly limited to internal NATted networks, which frankly nobody has an incentive to upgrade. We're getting there... slowly.
As always, if anyone has any suggestions on tracking and stats they'd like to see for this on the repo, I'm always welcome to ideas.
Who the heck has a couple /12s and a /13 just lying around unused?
And there are even some earlier pickups of two /10s: 252.0.0.0/10 and 44.192.0.0/10. Wow.
Oh, google doesn't own 8/8
At least for 8.8.8.8 they need to update thier POC
> ARIN has attempted to validate the data for this POC, but has received no response from the POC since 2019-10-24
I knew about Apple and AT&T. DoD is really hoarding them, wow.
Honestly prudential is the one that stuns me. They’re an insurance company! Why do they need all those?!
Same with Ford. And while I do think the addresses should be returned, they should get market value or above for them. We should not punish companies for buying into the future, which turned out to be a great investment.
Alternative view - those addresses should not be "returned". They're owned. I hope hoarders will get blocks as large as they can so that we experience real shortage and start seeing the first ipv6-only services.
They probably got a /8 early and gave each regional office their own /16, so they'd have to unpick all the addresses they're currently using before they could sell off any.
I'm sure they could split it into /16s and sell off the empty ones.
Prudential got that block 5 year before IPv6 was introduced.
Maybe they just bought it for insurance.
Amazon bought 3.0.0.0/8 from GE in 2018 [1].
So part of this is putting into service networks that they previously acquired, probably to keep up with growth. Buying in 2018 would have been a MUCH lower price than today -- and it can pretty much only go up!
[1] https://news.ycombinator.com/item?id=18407173
Incumbent telcos are generally sitting on piles.
Source: worked for them in a couple of countries
The DoD still owns 14 class A blocks, right?
And is 240.0.0.0/4 still "reserved"?
Many firewalls that don't expect IPs in that block to be valid will just drop the packets as bogus.
Another huge problem is that companies are handling out IPv6 by bulks of /128 subnets per machine, and many experts encourage “one IP per service on the machine”, adding “it’s good for security since it’s harder to scan all ports of all subnet IPs. So at that pace, I still wonder how IPv6 will not run out of IP as quickly as IPv4.
One IP per server should be the norm.
We have less than 8 billion people on the world which corresponds to about 2^33. Let's assume that (given that we already have issues with sustainability) we will have much bigger issues than IP addresses if we ever reach more than 128 times that. So we are at less than 2^40. (Realistically I would expect much less, but let's be safe)
Than the question is how many addresses everyone needs. Currently we assign subnets. Let's provide everyone with 1024 subnets for client devices and an additional 1024 servers each with their own subnets. So 2^11 subnets each.
So we end up requiring 2^51 subnets, while we have 2^64 available, thereby only using less than 0.013% which provides plenty of room to reconsider if any of these approximations turn out to be wrong.
Even if you reduce it down to /48 subnets you have 281,474,976,710,656 of these, ~65k times more than the entire IPv4 space, your usual assignment to a machine is a /64 which are about 4.2 billion times the amount of the IPv4 address space, about 18 quintillion.
Thats enough addresses to give every one of the 8 billion humans on this planet, two billion /64 subnets. Which I'd say should be enough for the moment.
> 65k times more than the entire IPv4 space
Last week I was thinking about a system to automatically cut my hair the way I exactly want (precision up to the millimeter and per hair).
So, one way would be by using cheap microrobots*.
The
On average we have around 100K hairs on our heads. Let’s say you buy 100K microrobots to cut your hair. Each of these microrobots could have their own ipv6 (because, why not) so that you can control them via your phone. So, suddenly you have there one person using 100K ipv6 addresses.
So, whenever people say “ipv6 should be enough for now”, I always think “well, it depends on how they are used!”
So one solution for IPv4 shortage is for hosting providers to own all IP space... Not sure if anyone has done projection when will that one happen.
Does similar data exist for other cloud giants?
This was all a big emergency 25 years ago until IPMasquerade/NAT came out. Yeah, we should migrate to IPV6 now but it's just so much less important.
