The Return of the IPv4 Shortage

Opinion: Do you think that the address shortage is an urban legend? It may not be.

Most people have long considered it a myth.

Many years ago I was told dismissively, by smart people, that "well never run out of IP addresses!" But now people who really should know not only see it happening, they see the pool of IPv4 addresses exhausting in "late 2009 / early 2010." Yikes! Thats just around the corner!

What exactly will happen then? Geoff Huston, who has had a number of senior positions in the administration and design of the Internet over the years, says that when that happens one or more of the RIRs (Regional Internet Registries) will receive a request to allocate an address and will not be able to because their pool will have run out. There are five RIRs for different regions of the world. They get addresses in blocks from the IANA, and in turn parcel them out to ISPs, hosting services and other large networks.

Huston runs a site that models (through the daily running of a script based on new data each day) the end of the IPv4 world and predicts, on 8-8-2007, that the IANA pool will exhaust on April 27, 2010. The RIRs will run out on February 14, 2011. Youd better run out now and buy up all the addresses you can get before the hoarders get them all.


To read more about whats driving the IPv6 impetus, click here.

The answer to this problem, IPv6, is about 12 years old, and the fact that it has not been widely deployed yet is a bad sign. What kept the problem in check for all those years was NAT (Network Address Translation), which drastically decreased the need for genuine IP addresses. The idea was that NAT would buy us enough time to transition to a place where IPv6 was mainstream.

IPv6 is not a backwards-compatible protocol. In other words, IPv4 hosts cant talk directly to IPv6 hosts. Huston describes the generally-proposed transition plan, which involves dual-protocol stacks and a lot of complicated software. Basically, the idea is to get hosts to try to use IPv6 and to fall back to IPv4. Huston points out the obvious, that the environments which must implement all this complexity are resistant to change.

Huston argues that since IPv6 adoption wont be coming, like the cavalry, in the nick of time, were going to need far more intensive use of NAT in order to make do, because our appetite for IPv4 addresses has not slowed.

IPv4 isnt the only scarce resource of this type. Huston also argues that weve got a problem with AS number depletion, which could happen in the next decade. AS (Autonomous System) numbers uniquely describe a network connected to the Internet for routing purposes. Like IPv4 addresses, AS numbers are assigned by the IANA in blocks to the RIRs, who, in turn, parcel them out to applicants. AS numbers are 16-bit integers, so there are about 64K of them, and about 44,000 have already been allocated to RIRs. There are people working on this problem too, and its easier to see it being solved.


Click here to read about how Apple shut down the IPv6 security hole.

What happens when the IPv4 addresses run out? When a good or a service becomes scarce, it doesnt disappear. The price of it goes up. I dont understand the mechanics of how it will happen, but it seems to me that some form of "gray market" has to appear. And, its not just inevitable that the price of an address will be set by the market, its basically fair. And these prices will be tempered by the fact that IPv6 will be there on the horizon. The more IPv4 prices go up, the more of an incentive there is to adopt IPv6.

ARIN (the American Registry for Internet Numbers, the North American RIR) recently issued a statement decrying the possibility of speculators driving the price of addresses and vowing to maintain an open and "democratic" (huh? I dont remember voting for anyone in ARIN) allocation process. "The current resource management mechanism is fully sufficient to address the upcoming shortage of IPv4 addresses, and a continuation of sober and responsible enforcement will ensure continued maximum benefit to and protection of the entire Internet community."

Im sure they mean well, but I dont like the sound of this.

Id feel a lot better about things if I saw some visible moves to IPv6 where it matters, like in Linksys routers and products like that. Of course, that would only be useful if ISPs pushed their users to adopt IPv6 too. But none of these things seem likely to happen while IPv4 addresses are still as plentiful as, for example, oil. Perhaps it would be better for the price to start going up sooner rather than later.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers blog Cheap Hack

More from Larry Seltzer