Moving to IPv6: Now for the hard part (FAQ)

Today is the beginning of the end of the Internet as we know it.

That's because the rules that govern how data is sent across the Net, a standard called Internet Protocol version 4, just became significantly more obsolete. The central Net authorities just handed out the last batches of IPv4 addresses at a ceremony today in Florida, beginning the cascade of scarcity that eventually will mean the computing industry must make the painful transition to the newer but incompatible IPv6.

It's not an urgent problem for average consumers with broadband or even for many businesses with lots of servers. But it is a problem of unprecedented magnitude since ultimately it involves anything that touches the Internet, from the lowliest smartphone to the most powerful router shuttling data packets.

"This is the first definitive sign we are going to have a completion of IPv4. We've run out of the pool at the central level," said John Curran, chief executive of the American Registry for Internet Numbers (ARIN), a group that received one of the last batches of IPv4 addresses. "It doesn't mean there are no IPv4 addresses available. This is not the absolute end, but this is the definitive point where people know that we are indeed going to run out of IPv4 addresses and that they need to begin the planning for how to operate their businesses without receiving additional IPv4 addresses."

Consequently, a lot of changes will arrive in coming days, months, and years. Here's a look at what's happening as the tech industry grapples with IPv4 exhaustion and the transition to IPv6.

What is an IP address?
An Internet Protocol address is simply a big number that identifies a computer on the Internet. Packets of data sent across the Net include the destination address. When you send an e-mail or watch an online video, any number of computers, switches, routers, and other devices scrutinize the IP address on these packets and forward them along to their eventual destination.

IPv4 addresses are 32-bit numbers, meaning that there are 4.3 billion possible addresses. IPv6 addresses are 128-bit numbers, meaning that the number of possible addresses soars vastly higher to 340,282,366,920,938,463,463,374,607,431,768,211,456, or 340 undecillion for short.

The first big problem with the change from IPv4 to IPv6 is that one variety of IP data can't travel on a network set up to handle the other variety. That means, for example, that a home computer and Internet service provider using IPv4 can't easily reach a Web server using IPv6, or a mobile phone connected to the Net with IPv6 can't reach a Web server available only over IPv4.

The second big problem is that even though IPv6 was standardized more than a decade ago, there hasn't a strong incentive for IPv6 upgrades. Why should Web sites pay for new hardware, software, network equipment, and testing if almost nobody is using IPv6 yet? And why should people switch to IPv6 if there are no Web sites with IPv6 content? It's the IPv4 exhaustion that's finally providing the necessary incentive. There were some nice new features such as built-in secure networking that could have attracted people to IPv6 faster, but "everything that was really useful, people backported to IPv4," said John Heideman, who studies networks at the University of Southern California.

Isn't 4.3 billion an awful lot of IPv4 addresses?
It is, but the way the Internet is structured today, it's not enough.

Vint Cerf, now an Internet evangelist at Google, picked the 32-bit address space decades ago when the Internet was a mere experiment. In an interview earlier this year, he said, "Who the hell knew how much address space we needed?"

In the Net's early days, vast tracts of this address space were handed out to those who showed interest--IBM, Stanford University, and AT&T's Bell Laboratories, for example. In the 1990s, a more conservationist approach arrived, but the Net being a foundation now for so much commerce, education, government, entertainment, and communication, addresses are still being consumed fast.

The IPv4 space is divided into 256 sections. Each one, called a /8 or slash-eight, has 16.8 million IP addresses. But while 84 million addresses may seem like a lot, the world consumed 319 million IP addresses in this way last year. And though many organizations have more IPv4 addresses than they need, it's not a trivial matter to reassign them to another party; it may requires extensive network updates that assign thousands of devices new numbers to free up an uncluttered expanse, for example.

Here's a revealing statistic about how efficiently the IPv4 address space is used, though. Heideman, who regularly surveys the entire IPv4 Internet through an exhaustive two-month census, just announced his latest findings: "Maybe 14 percent of the addresses are actually in use."

Full utilization is unrealistic, since some wiggle room to deal with changes is necessary, but, he said, "14 percent seems low. We probably could easily do twice that." Here's the catch, though: it's not free to shuffle IP addresses around, especially to do so dynamically to account for changing demand. "The challenge is the higher and higher we push utilization, the greater overhead there is to manage that space," Heideman said. "It's important to weigh that against doing something like IPv6 where management becomes very easy."

Unfortunately, given the hardware already installed today, there's no graceful way that IPv6 could have been engineered for a more graceful transition. When moving an address space from 32 bits to 128 bits, "that's something you cannot graft on," said Asif Hazarika, senior product manager for network operating system maker IP Infusion.

Who's running this show anyway?
Brace yourself for some bureaucracy-flavored alphabet soup. Here goes:

At the highest level, the Internet Corporation For Assigned Names and Numbers (ICANN), a non-profit group set up in the 1990s by the U.S. Department of Commerce, governs the Internet's inner workings. An ICANN group called Internet Assigned Numbers Authority (IANA) holds the central supply of IPv4 addresses. As demand arrives, IANA hands out /8s to five more non-profits called regional Internet registries (RIRs), each of which handles a different geographic domain in the world and which belongs to a group called the Number Resource Organization (NRO).

All these groups are Webcasting a press conference and ceremony today to mark IANA's allocation of the last five /8s. Under pre-established rules, each of five RIRs gets one /8 apiece, and the move was triggered when the Asia-Pacific region's RIR snapped up two blocks of IPv4 addresses.

Once an RIR has a batch of IP addresses, it leases them out to companies such as Internet service providers and mobile phone network operators. ISPs and Web hosting companies, in turn, offer IP addresses as part of their services to customers that need to put their computers on the Net. Sometimes ISPs and carriers assign IP addresses dynamically, pulling one from the pot as needed when home routers or smart phones attach to the Net. Sometimes IP addresses are permanently assigned, as in the case of servers that need a fixed address for reliable Web access.

When will we really run out of IPv4 addresses?
Even though IANA is handing out the last batches of IPv4 addresses now, it'll be a while before they actually come close to running out. "In ARIN, we expect six to nine months before we don't have addresses generally available for signup," said ARIN's Curran, who runs the RIR for the United States and Canada. Then it'll take some more time for the ISPs to run through their supply.

So although supplies are tightening now, it's likely there will be IPv4 addresses still available at the retail level in 2012. As they get scarcer, though, expect the price of an IPv4 address to go up--at least until the IPv6 transition is mostly over and done with.

The problem varies according to what your needs are. A company with a few Web servers doesn't need many externally facing IP addresses, and internal networks aren't generally affected by the IPv4 shortage. A major wireless carrier has a bigger problem on its hands, with a burgeoning customer base using smartphones to check e-mail, play networked games, and post Facebook status updates. And large ISPs that offer Net access to millions of homes and businesses are likewise constrained.

What about all those companies with millions of extra IPv4 addresses?
Some that got IPv4 addresses for free, including Stanford, BBN, Interop, and the Defense Department, have voluntarily returned IP addresses they don't need. But there are lot more organizations that arguably don't, and it's up to them to decide what to do. Among those with a /8's worth of IPv4 addresses are the U.S. Postal Service, airline operations support company SITA, Prudential Securities, pharmaceutical giants Merck and Eli Lilly, the Massachusetts Institute of Technology, IBM, Apple, Xerox, AT&T, Level 3 Communications, General Electric, Ford Motor, and Halliburton.

Part of Curran's job at ARIN is to call such companies and tell them, "You have address space. You're not using it. If you can return it, you should," Curran said. "But I also say in same breath, there will be demand for these. If you hold onto them, you may decide to monetize them."

In the early days of the Internet, addresses were allocated in only three sizes: /8 chunks with 16.7 million addresses, /16 chunks with 65,536, and /24 chunks with 256. "For any sizable corporation or university getting involved, it was really easy to explain that 64,000 was not enough. So you'd get the next block up, 16 million," Curran said. In the 1990s, a new system arrived called Classless Inter-Domain Routing (CIDR) that permitted much finer gradations of allocation, but not before many /8s were out of circulation.

Can't we use NAT to get out of this bind?
Network address translation, or NAT, lets a group of computers share the same publicly visible IP address, and if you have more than one computer or phone attached to your home wireless network, you're almost certainly using it there. A variation called carrier-grade NAT operates similarly but at a higher level, a whole Internet service provider.

There are problems with NAT, though. It's tough to set up peer-to-peer connections; intermediate routing devices introduce complexity, points of failure, and communication delays; and NAT can obscure useful information such as the general physical location of a person on the Internet who might want local services. And though it can extend IPv4's useful lifespan, it comes with management expenses of its own--especially for ISPs and carriers managing large numbers of devices connecting to the Net.

"In the long term, connecting millions of subscribers with IPv4 becomes an exercise in diminishing returns," Curran said.

What does the average person have to do?
Not much--at least initially.

Most reasonably modern hardware is OK. Versions of Windows since Windows XP Service Pack 1 can handle IPv6. Mac OS X has had support since version 10.2. New iPhones and Android phones are likewise equipped, and Verizon is requiring any phones using the LTE version of 4G networks to have IPv6 support. The bigger problem comes with home networking products. In order to get an IPv6 connection to the Internet, people need an IPv6-capable cable or DSL modem and wireless router. Those are the exception rather than the rule today in electronics stores, in part because ISPs don't usually offer IPv6 support in the first place.

So initially, it'll be business as usual for the average person. In all likelihood, ISPs will start adding new capacity with IPv6 and supplying compatible network gear to new customers. Upgrading likely will take place later, but the details are fuzzy so far. "We have not yet developed our business plans for how to get customers IPv6-capable cable modems," said Jason Livingood, executive director for product platform engineering at Comcast, one of the largest ISPs.

Having IPv6 customers will pose some problems, since an IPv4-only server has no way to talk to computer with an IPv6 address. Thus the preferred solution will be a "dual-stack" approach in which a computer speaks either IPv4 or IPv6 as necessary. "Native dual stack is superior to tunneling or doing one or more NATs in the network; direct, native access is faster and does not break certain applications, therefore resulting in a better end-user experience.

Will the Net break because of this?
No, though some hiccups and slowdowns are possible.

That's because there will be strategies such as proxies, translation, and tunnels to help IPv4 and IPv6 get along. For example, a person at home whose ISP assigned an IPv4 address, could try to reach an IPv4-based Web site. But the route in between might require IPv6, in which case hardware would have to wrap up the IPv4 data in IPv6, deliver it to the other side, then unwrap it for delivery to the other computer. That would have to be repeated for each packet of data sent in either direction, slowing network performance and increasing complexity.

Or take the case of an IPv6 phone trying to reach an IPv4 service on the Net. "These IPv6 phones have no way to contact the rest of the Internet on IPv4 unless you put a proxy in there. As soon as you do, you have a lot of overhead," said David Siegel, vice president of IP services product management at network expert Global Crossing.

What about all those "reserved for future use" IPv4 addresses
If you look at end of the IANA list of IPv4 allocations, you'll see 16 /8s--that's a sixteenth of the entire IPv4 address space--that are reserved for "future use." This might be a good time use use them, right?

Alas, wrong. Those addresses were reserved when the Internet Engineering Task Force (IETF) set up a standard for IP multicast, a technology to broadcast data to many recipients across the Internet. With multicast, a content provider sends data to a particular "rendezvous" IP address, and recipients listen for packets sent to that address. That means that a TV station sending data to 1,000 watchers only needs to send one stream of data rather than 1,000. When the IETF set up the standard, it set aside 16 /8s for some future version of the technology that thus far never was used. The standard was baked into network routing hardware, though, meaning it can't be used for other purposes now, IETF Chairman Russ Housley told CNET:

The address blocks at the end of the address range were set aside for multicast in 1989. Within the multicast addresses, 240/8 through 255/8 were set aside for future approaches to multicast. However, all Internet routers know that 224/8 and above are multicast addresses, so they cannot be repurposed as traditional IPv4 addresses. If this were a viable way to avoid the IPv4 address space exhaustion, it would have been done a decade or more ago.

How long will it take companies to move to IPv6?
For customers Global Crossing is helping with the transition, the answer ranges from a couple months to years, Siegel said.

It's not as hard for companies that don't have many operations visible over the public Internet and don't have a big appetite for new IPv4 addresses. Carriers and ISPs, with a greater constraint on IPv4 addresses, have to move faster. "We're seeing mobile phone use and broadband deployments to the home being big drivers" for IPv4 demand, Curran said.

There are plenty of hurdles in the way. IPv6 is simply not as mature as IPv4 when it comes to product support, and people aren't as familiar with factors such as new network security options. Hardware and software support for IPv6 has been coming for ages--router maker Juniper Networks first added support in 2001, and networking rival Brocade did so then, too, for example. But it's not always complete support.

"One customer in the media and entertainment industry has been in the process for over a year," Siegel said. But their Cisco routers, while supporting IPv6 at the high level, can't do some tasks such as helping to balance network loads across many servers or using Cisco's proprietary IEDRP--Enhanced Interior Gateway Routing Protocol--to route data around the network, he said. "Their whole IPv6 installation has stalled. We're back at the vendor trying to get these feature requests bumped in priority so the customer can implement IPv6. Until that time, they have two choices. They either don't implement it, or they remove features from their network that are currently supported [with IPv4]."

The earliest IPv6 adopters that Brocade has seen are content delivery networks such as Limelight Networks, which announced IPv6 support last year for its technology to distribute customers' data across the global Internet, said Ken Cheng, vice president, service provider products at Brocade. Those CDN companies could become more important since they can provide an easy way for companies that lack IPv6 support on their Web sites to get it. Essentially, it would become the CDN company's problem.

Google and Facebook have relatively aggressive IPv6 migration plans, with services available over the next-gen network today, and Yahoo plans to start making its move later this year. Those companies will help iron out expected IPv6 bugs on June 8 during an event called World IPv6 Day. Though many others offer some IPv6 services, today it's relatively unusual for Web companies. Often it's complicated to add, requiring a new IPv6-facing front end to run alongside the older IPv4 servers.

Even though many people don't need to have IPv6 up and running immediately, there's no time like the present to get cracking, Siegel said. "Everyone responsible for managing an Internet network should make a commitment, rip the Band-Aid off, start planning the migration, and just do it."