CES 2010: Interview with ARIN’s John Curran: We’re running out of addresses

John Curran, President and CEO of the non-profit American Registry for Internet Numbers (ARIN) took a few minutes out of his busy schedule to sit down with me and discuss a major problem the world is facing in the next two years. The Internet is running out of IP addresses–numbers computers use to contact each other on the Internet, but there is a solution. This solution is IPv6, an method of addressing which greatly expands the number of addresses available, which ensures that every computer, mobile phone, e-book reader, gaming console, refridgerator, and any other Internet-connected device can talk to each other.

ARIN is one of five Regional Internet registries (RIR) worldwide.  These RIRs are responsible for allocating IP address to Internet Service Providers (ISPs) and businesses. Each RIR has a set number of IP addresses which they are allowed to allocate. Some RIRs will run out of IP addresses before others, thus exacerbating the problem.

We’re running out
“But why are we going to run out?” the reader may ask. This seemingly succinct question necessitates an explanation of how the addressing on Internet works.

Each computer on a modern network has what’s called an IP address. When a computer wants to talk to another, it talks directly to that computer using its IP address (most of the time, it’s derived the number from a domain name using DNS).

IP addresses are a part of the TCP/IP protocol stack. This piece of software is an implementation of a set of standards of the same name. In TCP/IP, there are 232 addresses available for computers to use. That’s 4,294,967,296 addresses, or approximately 4.3 billion addresses. Keep in mind that TCP/IP was designed at a time where the number of computers on the Internet was less than 5,000. Inside that set of 4.3 billion addresses, there are several addresses which are reserved for use inside company networks. Companies are allowed to use these addresses without having to register them with an RIR. Sometimes, a computer inside a company has to talk to a computer outside on the public Internet. To do this, it has to talk to another computer in the way, called a gateway. This gateway uses a technology called Network Address Translation (NAT) to essentially make the target computer think that the gateway is talking directly to the user’s computer even though it’s actually talking to the gateway. A home router from Buffalo or ASUS or Linksys is an example of a gateway. A gateway can greatly increase the number of businesses which can use these private addresses, so the 4.3 billion address limit is actually higher, but not by a lot: less than a billion for sure.

However, the company does have to register certain other numbers with the RIR. These are called public IP addresses. Web sites, servers, and home routers all have public IP addresses. These addresses are assigned to the server or router or computer by an ISP or the business running the connection. There are so many people, so many business, so many computers which require public IP addresses that even with the aforementioned private addresses and NAT, the number of available addresses is diminishing.

Screen shot 2010 01 17 at 6.52.03 PM
Approximately 90% of all available addresses are allocated. The unallocated addresses are private addresses.

“We’ve allocated nearly 90% of available IPv4 addresses,” said Curran. “[The Internet] is treated as a utility, but it’s not quite as mature.” IPv4 is the name for the current version of IP, the version with 2^32 addresses. It was realized in the 1990s that IPv4 just didn’t have enough IP addresses. However, the problem of running out is occuring sooner than previously thought because of the explosion of mobile phones–all of which have their own public IP address.

“Imagine double NAT, manual configuration to avoid blocks and used IPs, or not getting IP,” Curran warned. This is what could happen if the Internet runs out of addresses. It would endless frustrate home computer users, and it’s a business’s IT guy’s nightmare. This is the future with IPv4.

IPv6 is the answer, and it has lot more addresses. A lot more. IPv6 supports 2128 addresses: 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses, or 3.4×1038. or 3.4 trillion trillion trillion thousands. To give a better idea of just how large that number is, it’s approximately 5×1028 (roughly 295) addresses for each of the roughly 6.5 billion (6.5×109) people alive in 2006, according to Wikipedia, or 252 (about 4.5×1015) addresses for every observable star in the known universe. By my own calculations, one billion addresses could be assigned per second for the next 10,790,283,070,806,014,188 millenia! This is enough to last us a very, very, very long time.

John Curran isn’t worried about big operating system vendors like Microsoft and Apple implementing IPv6. Windows has had production-quality IPv6 support since Windows XP Service Pack 1 in 2002 and enabled by default in Windows Vista. MacOS has had it since 10.3 in 2003. Linux has had support for it since 1996, and has been production quality since 2005. In 2008, the root name servers–the servers which are at the very core of the domain name system–were upgraded so that two computers talking IPv6 could talk to each other without having to talk IPv4 at any point, effectively indicating the Internet infrastructure’s readiness for IPv6.

John Curran, ARIN, and just about everyone else who cares is worried about the devices which companies are pumping out which might not have IPv6 support. They’re also worried about convincing web masters and server hosting companies to acquire IPv6 addresses so that their servers and other networking equipment can talk to the computers which may eventually get only an IPv6 address and thus be unable to talk to a computer which has only an IPv4 address.

Who’s responsible? Curran sees three major groups of people who need to push each other for IPv6 support: vendors, businesses, and high-end, tech-savvy Internet users. Many large vendors are ready for IPv6, but smaller ones haven’t taken the time or spent the money to ready their products. It’s up to businesses and tech-savvy consumers to push those vendors to support IPv6. It’s up to tech-savvy consumers to push businesses to support it, and it’s important for businesses and tech-savvy consumers to educate all consumers, not just the tech-savvy types.

Most mid-range consumers–the kind who buy a device, plug it in, and never mess with settings–shouldn’t have to concern themselves with IPv6 more than a checkbox item in a product’s description. If the user can’t get to an IPv6-only web site, well, there’s not much they can do except not use the web site or contact their ISP and ask why, only to be told that the ISP isn’t ready for IPv6 yet.

Fortunately, most folks who run servers can get IPv6 addresses for their servers by asking their datacenter or ISP for an IPv6 address and adding an AAAA record to their DNS server. ThinkComputers isn’t available via IPv6 yet, but may be in the future.

Do ISPs and self-hosted folks need to pay to get a set of IPv6 addresses? “There is no financial disincentive,” explained Curran. IPv6 addresses are provided for free to those who currently have IPv4 addresses. Folks who have nothing will need to pay for the addresses, though. For a hosting company or business which has just one public IP address, called a /32 address in networking lingo, that company would be allocated 18 quintillion IPv6 addresses.

About Author