TechOpsGuys.com Diggin' technology every day

22Oct/10Off

IPv4 address space exhaustion – tired

Just saw YASOSAIV6 (Yet another story on Slashdot about IPv6)..

They've been saying it for years, maybe even a decade? That we are running out of IPs and we need to move to IPv6. It's taken forever for various software and hardware manufacturers to get IPv6 into their stacks, and even now most of them haven't seen much real world testing. IPv6 is of course a chicken and egg problem.

My take on it, from a technological standpoint I do not look forward to IPv6, not at all. Really for one simple reason - IPv4 IP addresses are fairly simple to remember, and simpler to recognize. IPv6 - forget about it. I'm a simple minded person and that is a simple reason I don't look forward to IPv6.

I don't have a problem with Network Address Translation (NAT), it's amazing to me how many people out there absolutely despise NAT, I won't spend much time talking about why I think NAT is a good thing because I have better things to spend my time on :) [And yes when I'm not using NAT I absolutely run my firewalls in bridging mode again for simplicity purposes]

I don't believe we have an IPv4 crisis yet, sure IANA or whoever is the organization that assigns IP addresses says we are low on that free pool but guess what, service providers around the world have gobs of unused IPs. I talk to service providers fairly often and none of them are concerned about it, they do want you to be smart about IP allocation however. I suppose if your some big company and want to get 5,000 IP addresses you may need to be concerned, but for smaller organizations who may need a dozen or two dozen IPs at the most - really nothing to worry about.

One thing I think could free up a bunch of IPs and allow IPv4 to scale even further is to somehow fix the SSL/TLS/HTTPS protocol(s) so that it can support virtual hosts (short of using wild card certs). I'm sure it's possible but it won't be easy to get the software out to the field to all the various edge devices in order to be able to support it. One company I worked at needed about a hundred IPs JUST for SSL (wild card certs were not an option at the time due to lack of client side support).

I know we'll get to IPv6 eventually, and I'll accept that when we get there, though it may be far enough out that I don't deal with lower level stuff anymore so won't need to be concerned about it, I don't know.

TechOps Guy: Nate

Tagged as: , Comments Off
Comments (3) Trackbacks (4)
  1. “fix the SSL/TLS/HTTPS protocol(s) so that it can support virtual hosts (short of using wild card certs).”

    In case you haven’t found out about it in the meantime, there is a solution. It’s called SNI, Server Name Indication. Check out https://sni.velox.ch/

    The usual problem is support across all browsers, most notably breakage in IE on XP.

  2. No I did not heard about SNI, that looks really neat though! thanks for the info

  3. I thought I heard about technology like SNI several years ago and kept looking for signs of it in Apache and other things but could never find it, good to know that it’s still out there and available, I guess we just need to wait for the older legacy platforms to fade away and we can really start wide scale deployments.

    One more question is whether or not the big appliance load balancers support this or not, since that’s what I use when hosting SSL on anything sizable rather than hosting directly on apache(which I only really do for personal stuff). At least it gives me a technical term that I can use to ask their teams whether or not they do support it and if not when they will.