John Curran is an American film director and screenwriter.
• Luc Besson (Luc Besson is a French film director, writer, and producer. He is known for directing and produci...)
• Nicolas Winding Refn (Nicolas Winding Refn is a Danish film director, screenwriter and producer. He is known for direct...)
• Sam Esmail (Sam Esmail is a film director.)» All Film director Interviews
EDIT - AMA is over. Thanks for all your questions! Keep the conversation going here on Reddit & for more information on how to make your website available over IPv6 check out: http://teamarin.net/get6/
Hi everyone, With less than 48K IPv4 addresses remaining in the ARIN free pool, it is imperative that we prepare for the next generation Internet Protocol – IPv6. The latest ARIN IPv4 inventory is available at: https://www.arin.net/resources/request/ipv4_countdown.html
I am looking forward to answering your questions about IPv4 depletion, IPv6 adoption, and how this will impact the Internet community. AMA!
Would you rather fight an IPv4-quantity of horse-sized ducks or an IPv6-quantity of duck-size horses?
An IPv6 quantity of anything is lethal... gimme the 4.b billion horde of huge ducks, and perhaps something sharp to wield!
IPv6 is clearly the direction we want to be heading, but the allocation and assignment policies people are deploying will probably mean we'll end up with a HUGE table size which will even further constrain resources in ASIC driven routers.
What is ARIN (and the other RIRs) doing to try and prevent needless deaggregation of prefixes into the DFZ?
It's a real problem - in the short term, we need to accommodate both the IPv4 and IPv6 tables in parallel, and things are going to get tight.
I'm not actually worried about the IPv6 routing table (even though each entry can be larger in size) because the number of issued IPv6 blocks is still likely to be quite small compared to the decades of IPv4 address issuance.
However, IPv4 is going to be a big problem in the interim, as parties start valuing unique public addresses and don't really care about the minimize size... i.e. if you can acquire a /28 and have a unique presence on the Internet, why pay more to get a /24? In the end, it's going to be up to the ISPs to decide what is the minimum size "customer Bring-Your-Own-Address (BYOA)" that they're willing to route....
Thanks for doing this AMA!
Is there any sort of plan for reclaiming the unused portions of the /8s and such that big companies bought up in the beginning?
We've actually been reclaiming unused IPv4 space for a while, with some very good results. We would have run out years sooner, if it were not for organizations such as BBN, the US DoD, Stanford, Interop, and others who returned unneeded address space as a result of these efforts. You can read more about that here - https://www.icann.org/news/blog/recovering-ipv4-address-space
Two important things to keep in mind - 1) we were issuing IPv4 space in 2010 and more than 10 /8's per year, so recovering another handful doesn't change IPv4's outlook in the least, 2) this is further shown by IPv4's 4.3 billion total address space compared with 7+ billion people on the planet... we literally can't provide for one always-on device for everyone here via IPv4 (let alone their home, work, cloud, etc. demands)
What do you see happening once the "official" source of IPv4 addresses run dry? I've heard speculation about black markets and prices for IPv4 addresses skyrocketing etc, what's your take?
As for IPv6, are there currently any big hurdles standing in the way of rapid, worldwide adoption? Any technical challenges? Or perhaps security related?
Thanks for taking the time!
While black market transfers are possible, the reality is that we already have today an IP transfer market which is working well, and completely legitimate. Folks that wish to transfer addresses can do so, both within the ARIN region, and to/from other regions in accordance with policy. Given that, there's not a lot of reasons to try and work around the legitimate transfer process, unless you are trying to bypass the policies, and the risk one takes is that nearly anyone can sell repeatedly to multiple buyers if they're not going to update the registry... not a reasonable risk that most businesses will take.
> What is your favorite drink, and why is it scotch?
In the morning, coffee. Lot's of coffee - I prefer fresh latte or expresso, but will drink nearly anything caffeinated at 5 AM.
In the middle of the day, more coffee.
At night, more coffee, and an occasionally gin and tonic or expresso martini (see a pattern here?)
Will there be any action taken against organizations that lied in order to get large amounts of additional IPv4 space prior to exhaustion? I know of one VPS provider that was just acquired purely because they had a /18 they never even dipped in to.
If a party engaged in a request with ARIN and supported via fraudulent statements, place bring it to our attention (https://www.arin.net/resources/fraud/), as we do investigate and will correct any updates that were made as a result.
Note that acquiring a company for its IPv4 resources is not contrary to policy... ARIN will work with the combined entity to make sure that it puts the number resources to use or transfers to someone who can use them in a timely manner.
As someone who was not even aware that we are running out of IPv4 addresses how will this affect me and what will be different with IPv6 compared to IPv4?
King - I do hope you are not an Internet Service Provider and just hearing about this now. If that's the case, my advice is to change professions quickly. ;-)
Otherwise, if you're just an typical organization, it's good to know that many of the folks accessing your website today are coming over mobile devices that actually connected to the Internet via a slightly different protocol (i.e. IPv6) You're website is likely connected only via IPv4. This should remedied as it will provide for more direct connections with better performance, and really is not much work. Talk to you IT department (or if you are the IT department, then go online to
Thanks for having this AMA. My questions are regarding enterprises.
1) With the recent exhaustion of IPv4 space, is it realistic for enterprises to buy on the secondary IPv4 market, or should companies expect for their not to be any remaining space for sale/lease on these markets as well?
2) When do you feel that enterprise adoption will occur, relative to the service provider adoption, as well as an actual timemframe (i.e. 1-3 years out)?
It's important to realize that it's the public Internet that's moving to IPv6; enterprises should make their public websites IPv6 reachable, but it's entirely up to each organization whether they deploy IPv6 on their internal networks. It's going to be a long-time until we see services and resources that are IPv6-only on the Internet, so it's required that enterprises deploy IPv6 to all their desktops today.
(Mind you, we've done exactly this at ARIN, and many forward-looking firms are doing the same.)
How many everyday appliances have or use up an IPv4 address? What is your expectation on them (newer versions being sold) being able to switch to IPv6?
Sorry if my question doesn't make sense. This joke applies to me: How many software developers did tt take to change the lightbulb? None - that's a hardware problem.
I look at "network" and hardware the same way.
It's an interesting question... The fact is that most devices today don't make use of IP addresses, but that is rapidly changing. We see IP addresses being used in home applications and home automation, automobiles, and even things like power meters. I don't know how big a trend this will become, or what the total demand will be, but it's pretty clear that IPv4 isn't going to handle the job given it's limitations. The good news is that folks working on the areas of highest growth (such as mobile devices and sensors) are well aware of this fact, and basing their standards on IPv6.
Thanks for doing this, and for all the stuff that you organize!
How is the new fee schedule progressing? I'm an XX-Small ISP, eager and ready to go dual-stack, but I still can't get any IPv6 allocation without being bumped into a more expensive category.
Everyone has seemed to agree for a while that this needs to be fixed. I remember there was a goal for ARIN's Finance Committee to have a proposal by April, but there's been no mention of it in the board's agendas or minutes.
It's frustrating to be ready to go, see ARIN's social media campaign for IPv6 kick into high gear, and be stuck waiting. $500 is not throwaway money.
We will be reviewing several options for new fee at the ARIN Member Meeting which will be taking place in Montreal in October... removing disincentives for IPv6 deployment has been acknowledged as a prime consideration and so you should be pleased with the results.
Why is there a significant perceived culture difference between RIPE and ARIN? Where RIPE is viewed as generally useful and involved in the community, and ARIN is somewhat aloof?
Okay, you use "involved" and "aloof" as characterizations, and I guess, I don't really see "aloof" as being applicable...
(of course, I'm in the middle of doing an AMA on reddit, so it's fairly hard to feel 'aloof' at this moment...)
ARIN is a very focused Regional Internet Registry, and as a result, we don't try to be an all encompassing focus point for everything Internet in our region. Other RIRs have different approaches, and are not only the registry for their region, but serve to be the primary operator forum for their region, and the place where all Internet policy dialogues take place, etc.
ARIN's focus is the result of the guidance from the community and the Board over the years... it has resulted in a smaller RIR, but hopefully one that is more approachable, at least as far I've heard from the community.
I seriously doubt people will start accepting longer prefixes that /24 in IPv4 in the foreseeable future. Having said that, I can imagine hitting 1 million FIB entries (v4+v6) before the end of the decade. That's... Scary.
So, a major customer comes to an ISP which is completely out of addresses (or has some, but will provide them 4 for their business connection), and that customer says "route the /26 I have obtained or I'll get my 1Gb connection from your competition"
What happens next?
And some pancakes, and some hoi sin sauce?
With IPv4 depletion effectively upon us (186 /24's as of right now) what do you think the future of ARIN looks like, in terms of the public policy meetings, advisory council, NRO council, and other outreach programs?
Thanks, and I'll see you in Montreal!
Long-term (5+ years), we're not likely to need the same level of policy process support (in terms meetings and online discussion) as we do today, but we'll still need an accurate registry and publication/update services, etc. We'll still be doing outreach, since there's huge Internet and it will take a while before everyone understands the IPv4 -> IPv6 transition. Finally, to the extent that governments and civil society seek to engage with the technical community, we serve as a point of contact for discussing matters of Internet coordination and governance.
So, Akamai got a
/10 not too long ago. What gives?
Parties get address space after providing a request with appropriate backup documentation... ergo, this is pretty routine stuff.
Thanks for doing the AMA. You do exemplary community outreach. What are your thoughts on taking a block of IPv6 space and allowing it to be managed via a blockchain. With a space that doesn't seem to have the same exhaustion constraints as IPv4 it seems an ideal candidate as a way to manage space in a more efficient way than the current process.
To me it seems like a worthwhile experiment if we choose a block that is both large enough and small enough to see how it could work.
Is this something that you would be interested in further exploring?
(Oh, and Hi John, long time no speak :)
Justin! Great to hear from you, and you ask an excellent question.
I do think that it would be interesting to explore such a technology for issuing and administration of IPv6 address blocks, but it needs to be rolled out in parallel with an infrastructure for negotiating and settling the routing of IPv6 prefixes, since presently ISPs "automatically" tend to route address blocks issued by the RIRs (and have the ability to negotiate policy and thus indirectly control why and how many of these address blocks are issued); in a world where anyone's cable modem (or cell phone) can obtain IPv6 block, we may not know how to route all of these entries since results in an effectively "flat" routing table, without the benefit of ISP aggregation that is the default today.
What effect, if any, will this have on Law Enforcement in the realm of digital investigations? As a member of a regional ICAC Taskforce, we routinely use IP's in our investigations.
Excellent question... We've one significant issue for law enforcement that comes out of the ISP switch to IPv6, that in fact may not be obvious at first glance. In the past, when parties sought their next IPv4 address block from ARIN, we asked them to show utilization of their prior IPv4 allocations. In generally, this effectively meant that ISPs needed to have entries in the registry (ie. "SWIPs") that reflected all of the assignments made, in order to show the appropriate level of usage of their existing blocks. One useful side-effect of this approach to address management is a Whois directory that has entries that reflect organizations using the address blocks, and even if these entries only got put in place when the ISP came for their next block (6 months or a year later), they at least got made eventually.
Under IPv6, we're not expecting ISPs to come back for an additionally block very frequently. In fact, in some cases, it might be the grandson of the ISPs founder who be coming back to ARIN, because of the rather IPv6 allocation sizes. Faced with updating many years of assignment records, or simply setting up a new entity and getting fresh block, one can imagine that there's not a lot of incentive to update the public registry records, and that's potentially a significant impact for law enforcement. It's unclear whether addressing this is something that can effectively be done by the RIR community or whether it ultimately is a public policy question that needs further discussion.
will IPv4 remain as a legacy protocol, or will it be phased out and unsupported at some point in the distant future...?
Well, do you happen to know anyone using DECNET, SNA, X.25, or IPX? I do, and yet most people would say these are all "legacy" networking protocols.
I expect to see IPv4 live a very long life, but entirely in closed and private environments (much like the folks still doing a little X.25 today)
What's your all-time favorite number, and why?
There's no place like 127.0.0.1
Thanks for taking the time to chat. I am a young network/systems administrator who is looking to move forward in my career to management and diversify in other aspects of the industry as well.
Could you provide us some knowledge on your technical and career background? What reccomendations or advice do you have for network administrators and engineers to continue to grow and develop, given the path you see our technology taking in the future?
So, my particular background is that I managed to get my hands on a Radio Shack TRS-80 in my early teens, and was addicted to computers ever since. I had already written several programs for pay before leaving high-school, went to UMass Amherst where I worked for the University computing center and that led to a career as a system programmer and eventually network programming.
My advice is very simple: never stop learning, read everything, and give each job 110%, no matter how routine or trivial it might seem.
One cannot make luck, but you can make opportunities happen by being prepared and always giving your all.
In particular, in this industry right now, the folks who are becoming IP6 experts are going to be in very demand for the next few decades, and I have little doubt that those who put the effort in to become expert will have little trouble finding opportunities. Hope this helps, and drop me an email if you want chat further!
Scotch is pretty good, and I'll certainly sip on a peaty pour, but you've really got to know your audience when asking questions. ;-)
Actually, there is certain secret wg that appears at conferences from time to time, and I've been known to slip in and find a scotch or two!
Does that count as treason or something? You're upgrading the world to IPv6, yet you like the IPv4 loopback address more...
In IPv6, I'd have go with fe80::C0DE:54C0:FFEE
I find that I can remember a few IPv4 addresses, but find it impossible to memorize any IPv6 addresses. Considering that DNS is not a perfect solution for this issue, what methods are you and your team using today to deal with this new level of complexity?
I've got nothing here... I'm afraid you'll have to deal with the longer addresses and trying to remember them. Perhaps carry a small note pad? ;-)
In an ELi5 manner, what does IPv4 and IPv6 mean to an average Internet user? What is it, and what does running out mean for us?
What are some changes that will stem from this?
Thank you for doing this AMA!
> In an ELi5 manner
For the average Internet user, there is no change.
Besides the inevitable depletion of IPv4 addresses, will there be any further incentives towards pushing providers, service operators, etc, to handle and serve IPv6? Will there ever be requirements to make providers transparent as to when they will roll out IPv6, if their network is still IPv4 single stack?
There are still many providers, notably ISPs, which I deal with on a daily basis who do not, and will not offer IPv6 even to larger organizations presently. Some service providers also include Datacenters. Some providers have been spending years in "IPv6 testing" phases, but have not disclosed much of anything besides "We're working on it" for up to several years. A lot of this boils down to residential services, and I'm sure the last thing any of us will want is Carrier-grade NAT.
On a final note, networks I've helped to build and maintain have been operating with IPv6 for the better part of this decade. Feels going being able to reach ALL of the public Internet.
Another excellent question... I'll note that ARIN is trade association which parties voluntarily participate in - you agree to follow the policies and you get your address space. We've worked hard to make it easy to get IPv6 blocks, but your question seems to go beyond that into what incentives might government (or others) being to bear on this transition?
Some countries have used tax incentives or regulation to incent or require deployment of IPv6, and while those are certainly a possibility, it's not clear whether it's ARIN's job to advocate for such... For example, we have worked with the US government regarding IPv6 awareness, and as a result, those who provide services to the USG as a vendor find themselves rolling out IPv6; similar. it's quite possible that encouraging more market demand for IPv6 in other communities (financial, education) is the best path to getting more ISPs see the need for supporting IPv6.
The time to offer a discount for ipv6 addresses was years ago, not after v4 ran out. What institutional hurdles prevented a more proactive approach to getting people to move to ipv6?
Agreed! In fact, we had an IPv6 fee waiver in place for many years for those who wished to get involved and start their deployment. At this point, ARIN needs to encourage IPv6 deployment but also needs to have a fee schedule which provides financial stability to the organization throughout and after the IPv4/IPv6 transition.
Back story. Have a quick read, and understand basically nothing has changed since.
Yes, we all proposed this back in 2007/8, and the folks in the IETF observed that many IP code stacks would not deal with using the class-E addresses as general purpose space. Mind you, that was nearly a decade ago, and it could have probably been fixed by now, but the RIRs were told that it would be better to focus on IPv6.... so that's what we've been doing.
Given that there's now major push by mobile operators in North America to use IPv6 for mobile devices, you pretty much have to deal with IPv6 whether you like it or not, and even if we had the additional class-E space today, it wouldn't make such difference to what the what organization faces in terms of getting ready their public-facing systems for IPv6 access.
First off, thanks for hosting this AMA.
Second off, how will this transistion affect the normal PC user like me? Will I lose internet service at any point or have to register myself for a new IPv6 adress before using the internet? Also, how would this affect servers such as website servers or video game servers?
If you're connected to the Internet already, the IPv6 change probably won't affect you directly. When you move or change providers, be aware that your new Internet connection (cable, fiber, etc.) has a good chance of supporting IPv6, and as such, your laptop and similar devices might use IPv6 to talk to the Internet. For many people, this will (and is) going unnoticed... folks with mobile phones today often don't know that they're already using IPv6 (e.g. some 20% and growing of the queries to google are IPv6 today)
You mentioned video game servers, and that does cause me to raise one item for you to consider... if you are on a home connection and an active gamer, you will want to be aware of whether you are using IPv4 or IPv6, as there are circumstances where one might be faster than the other. Choose your connection accordingly and happy shooting!!
> Or is the policy "Once allocated, never questioned"?
That's not the policy now, but it was basically the policy when that space was assigned, and they're grandfathered in. The legacy space is basically untouchable unless the owners decide to sell it or return it.
So, both the DoD (via the DISA organization) and the US government (via OMB/GAO) have already engaged in audits of address space, and as noted earlier, the DoD returned several IPv4 /8 address blocks several years ago, based on their anticipated needs.
What's your opinion on 6to4?
Is it a useful tool for migrating to IPv6, or is it a way of letting ISPs be lazy and keep holding onto IPv4?
I've run several nationwide ISPs, and each one has their interesting challenges in handling network growth. If an ISPs chooses to use 6to4 as part of their solution, so be it.
(My angst is with those ISPs who don't do anything to support IPv6 at all...)
there may be an astronomical number of individual addresses, but huge swaths will still go unused. If you get a /64 because you want to do stateless autoconfig, and put 4 devices on the subnet, you just wasted 2^64 -4 addresses
As noted by the previous replies, there's quite a few IPv6 addresses, and even with generous policies, I don't expect us to be worried about IPv6 runout for centuries to come (and if we do somehow manage to have a problem at that point, I don't expect, even with the best healthcare, for it to be my issue...)
Do you think a more centralized trading system/market (or mandatory publication of the price of v4 block trades) would allow for a more transparent pricing of v4 space? Would that help industry with planning for the rising cost of v4 space vs the cost of deployment of v6?
Do you think we'll see back-door 'leasing' (of larger blocks) of v4 space via assignments?
We actually don't need a more centralized trading system to get the transparency... if the community wants reporting of pricing with transfers, then it's a simple policy to require such... This has been discussed and folks have traditionally come down against it, as it is more useful to have updated registry records than create incentives for parties to instead "lease" or otherwise go with off-book transactions.
I do believe we're seeing some of these leasing arrangement happening today, as service providers seek to have more protection for their growth than the present 2 years that can be obtained under the transfer in this region. Whether that's a desirable outcome or not is a community call, not my particular role to take a stance on!
The provider complies with the contract. The peers they have are under no obligation to accept those prefixes. They may be able to petition their upstreams to add them, but a "le /25" filter is pretty much ingrained within most networks standard configurations AFAICT.
Everyone is correct so far, but it's at the top that this will change and then quickly move downstream... I know of no ISP that will refuse take smaller routes if a major ISP backbone insists on it in order to keep the session going...
Given that most routers currently NAT IPv4, and most consumer devices depend on that for security, do you foresee security problems when home and small business users suddenly have all of their devices routed on the internet directly? Any advice to mitigate potential problems?
Please keep security distinct from the question of NAT and addressing. The fact is that home routers have firewalls which provide the same protection either way. If you want incoming connections, then you have them turned off by default and this same result as you have with NAT. The folks at CEA have standards for IPv6 home routers addressing this very issue. http://www.internetsociety.org/deploy360/blog/2014/01/ces-2014-cea-announces-ipv6-specification-for-consumer-electronics/
Agreed. There is also, oh, 2 billion IPv4 addresses still not in use. Those addresses are being sold at a cost near what the Registries charge and in some cases with rights to own the addresses as assets.
There's many IP address that don't show in the public routing table today, and indeed, some are not in use - some are in use entirely private applications. If you are an ISP, that means there is an option of continuing to grow you network via IPv4, if you arrange to obtain the use of these numbers.
Mind you, it's not exactly a prudent long-term strategy, but may make sense for some providers as part of their overall plan.
Sure, I'm aware. It was an answer for a layman. We're still talking about inconceivably large numbers here. If the standard allocation strategy remains /48s, 1/8th of (to account for the /3) 2^48 is plenty big enough for every organization ever imaginable to get one.
I'm someone who thinks the allocation strategy is hugely wasteful and conceptually similar to allocating "class A" blocks to everyone who wanted one all those years ago. IPv6 still has plenty of room.
The most useful thing to keep in mind is that IP address blocks are like slices of pie; i.e. we allocate in units which are effectively angle of the slice, not a specific number of IP addresses. This means that the size of the slice matters, and with big enough slices, we can again run out...
Remember, there are the same number of IPv4 /24's as there are IPv6 /24's...!