The case against IP 6: When scarcity can be a good thing

With IP 4's limited range of public IP addresses and free IP 4 addresses becoming scarce it makes sense that the world should migrate over to IP 6 ASAP ... or should it?

What's an IP address anyway?

A bit of background for those who did not know that the internet predated the world wide web by a good two decades or more:

IP addresses are kind of like a physical street address. You write a physical address of a place anywhere in the world on the front of an envelope, put an appropriate stamp on it and then one or more postal services around the world will cooperate with each other to, hopefully, get your envelope to the "TO" address you specified.

A public IP address identifies a "place" (e.g. a web server) on the internet where internet "data packets" can be sent. There's a lot of different protocols that can be used to send data across the internet but at the lowest levels they are all based on a simple principle: The internet is basically one huge "data packet" delivery network and, just like an envelope, every data packet has a "TO" address embedded in it at a special location in the data packet header and like many envelopes there is also a "FROM" address indicating where this packet is coming from. The job of the 'data packet routers' that power the internet is to route data packets along a variety paths to other routers towards their final destination given by the "TO" address.

That's basically it. I've just described the lowest level of the internet in one paragraph.

Why would we run out of IP addresses?

In IP version 4, the well established, universal Internet Protocol version that every device on the internet supports today, each IP address that appears as a TO or FROM address in the header of those data packets is stored in just 4 bytes which is essentially a 32 bit long integer.

The maximum number of unique values that can be stored in a 32 bit integer is 2 ^ 32 = 4,294,967,296! 

The internet standards declare certain ranges of addresses within this 4,294,967,296 range as 'internal' IP addresses - your data packets can't reach a device on the public internet if you specify at "TO" address which is one of these declared internal IP addresses: every packet routing device on the public internet has been coded so as NOT to pass on any packets with a "TO" address which is within any of the declared 'internal' IP address ranges. 

So the maximum number of public addresses is reduced by the number of declared 'internal' addresses (and some other complex technical issues which we don't need to visit here) so let's just say there's "about" 4 billion public IP addresses all up.

Back in the early days of the internet 4 billion seemed like an incredibly large number but now that the internet has really kicked on suddenly ... not so much.

Every publicly accessible device on the planet needs a public IP address. This means publicly accessible websites like google, Facebook, your employer's website, your own website, mail servers etc., all need a public IP address or, in the case of the "big boys", a range of IP addresses.

With many billions of devices on the internet why haven't we broke the internet yet?

Even though there's roughly 7 billion people on the planet everyone seems to be having no problem with using the internet with their multiple devices. You can post a message to someone's Facebook Messenger account half way across the world and their smart phone will instantly "Ping!" them to tell them they've received your post. That might appear like their device is accessible to you or, at least, Facebook from anywhere in the world and you might think their device would need a public IP address for this to happen but, fortunately, with 7 billion people on the planet it is not required for every person's device to have its own publicly accessible IP address!

In regards to websites needing a public IP address - they don't actually need their own unique IP address - they can share IP addresses. Many web hosting companies will locate many smaller websites at the same public IP address. That used to be an issue when it came to SSL/TLS certificates that allow for the HTTPS instead of HTTP URLs and give you the comforting 'Padlock' icon in your browser but for many years now SSL/TLS certificates can work without requiring a unique public IP address for every domain name they secure.

In fact not every worker's PC in an office building needs their own public IP address. In the very early days many organizations actually used to do this but the world soon realized that this was a very bad idea because the organization's potential "attack surface" exposed to hackers become orders of magnitude larger than if the organization only had a few publicly accessible devices.

To avoid this dangerous exposure of internal devices via public IP addresses inside an organization we have the now ubiquitous technology known as 'masquerading firewalls': It allows only a few public facing devices to have "exposed" public IP addresses and everyone else sits nice and safely behind a firewall using those 'internal' IP addresses we spoke of earlier - to which no one on the public internet (e.g. hackers) can send data packets directly.

While improving security 'masquerading' had the side effect of each organization requiring far less public IP addresses than would otherwise be necessary.

What about home internet connections?

Up until relative recently in the history of the internet home internet connections were assigned public IP addresses by their ISPs when ever they connected - this consumed a lot of public IP addresses but in recent years new ISP connectivity technology means that ISPs only need to grant home connections 'internal' IP addresses. It means that their home modem/router is no longer directly publicly accessible from the internet but, again, that's an excellent security feature.

For others who might need a public, unchanging (static) IP address most ISPs offer that option for a small extra monthly fee. This is only necessary for people who want to host, for example, a web server or mail server from their home.

Internet advancements lead to less public IPs required

So what we have is improvements in internet technologies that have both:
  1. Increased security by shielding end user devices both at home and within organizations by assigning them private IP addresses instead of public IP addresses
  2. Decreased the demand for public IP addresses

So what does IP 6 do differently?

Unfortunately IP 6 does a lot of things differently. If all IP 6 did differently was use, no correlation intended, say 6 bytes instead of IP 4's 4 bytes for the TO and FROM IP addresses in every internet data packet it would have been much easier for device manufacturers, software developers and operations teams to adopt but noooooo...

Why would the committee who work on such things make such a trivial, small change that gets us a greater range of public IP addresses very simply when they could change *a lot of things* and make it so much harder for the world to adopt it?

If IP 6 had 6 bytes instead of IP 4's 4 byte IP addresses it would have given the world 65 thousand times the 4 billion public IP 4 addresses we have now. 6 bytes is 48 bits so 2^48=281,474,976,710,656. So about 281 trillion!

Having such a plentiful range of public IP addresses would have been sufficient one would think.

But no, clearly bigger is always better so IP 6 went with a 16 byte IP address - that's a massive 128 bits.

I once heard a professor say that a storage unit that is 128 bits long can store one of 2^128 unique values which gives you enough range to allocate a unique integer to EVERY ATOM IN THE UNIVERSE!

To say the IP 6 committee made sure the universe will never, ever run out of public IP addresses is an understatement. We would actually need more universes to use up that range.

The law of scarcity: bigger is not always better

So, clearly, as time went by masquerading technologies intended to increase internet security actually tempered the ever growing need for more IP 4 public IP addresses and so the internet still works, luckily!

So what's so bad about IP 6 having such a big range of available public IP addresses?

Funny enough, it's once again about security. You may have heard of White lists/Black lists which are lists of IP addresses that a certain device or software will always ALLOW or DENY access to.

These are essential in so many areas of today's internet:
  1. Logon access denial: too many failed attempts to log on from a particular IP address starts to look like some 'bot' attempting a brute force attack on the system. A good system will lock out that IP address by adding it to a permanent or temporary 'deny list'.
  2. Website screen scrapers: some 'bot' apps scan the content of certain websites to try to extract data that they do not wish to spend time or money obtaining in more honest ways. The website administrator can manually or automatically set up blockers that block access to such actors based purely on their IP addresses.
  3. Website search engine bots: if these are drawing too many resources they can be blocked by IP address.
  4. Email SPAM avoidance. You may have heard of IP reputation in the realm of email SPAM filtering. If too much SPAM is generated from a particular IP address it is assumed to be controlled by a SPAMMER/hacker and so earns a bad reputation by the large network of email monitoring services. Many SPAM filters will use that 'reputation' level to determine if you receive email from that IP address in your Inbox, in your SPAM folder or whether it's sent straight to trash.
There are many more cases where IP filtering/blocking is used but the important point is IT WORKS BECAUSE IP 4 ADDRESSES ARE SCARCE!

Scarcity increases value

IP 4 addresses are scarce and like anything that is scarce, like gold, it has much greater value than something that is abundant - like IP 6 public IP addresses. As world governments print more and more money they reduce it's scarcity and by doing so, deflate its value.

It's the old law of supply and demand in practice: Under IP 4 the supply of public IP addresses is very scarce but their demand is high so they become very valuable. It's hard to get your ISP or IP registrar to just give out even a tiny bunch of IP addresses at a time because they are so scarce.

Not so with IP 6 with it's 2^128 possible range... IP 6 public IPs are essentially worthless - they are like a crypto currency where miners can generate 1 new coin every millisecond on a PC with a 486 CPU - the coins end up totally worthless.

If hackers or spammers had unlimited access to large ranges of public IP addresses they would simply run their nefarious activities and eventually get their IPs all blocked or denied or have their SPAM reputation eroded but they would not care. Due to the massive amount of available IP 6 public addresses they would simply request another million every week, day or hour as required. They're virtually infinite, so can't be too expensive.

Have a thought for all those IP blocking tools I mentioned above. Instead of keeping a database of, possibly, thousands of 'naughty' public IP addresses they need to potentially keep a database that's large enough to store a unique number for every atom in the universe...

This would create an almost impossible burden on website administrators, operations staff and mail service operators of maintaining the list of all those 'bad' IP addresses which could likely hit the millions, billions or possibly trillions!

However, in the IP 4 world this can't happen because IP 4 addresses are scarce and very valuable. Organizations don't just hand them out like there's no tomorrow. Under IP 4 spammers, hackers etc., find it impossible to acquire large numbers of public IP addresses so their activities can be limited to some extent.

Stay safe. Stay valuable. Stay small.

Contrary to popular belief  bigger is not always better. Smaller is more efficient and, above all, much safer. IP masquerading technologies are protecting more devices and requiring much less public IP addresses than before. The fear of running out of IP 4 IP addresses and the measures taken to overcome that fear, i.e. an infinite range of IP 6 addresses, needs more rational thought and careful consideration of all the consequences and subsequent devaluation that unlimited supply brings.

Comments

Popular posts from this blog

Java package name structure and organization - best practice and conventions

Classic software engineering mistakes: To Greenfield or Refactor Legacy code?

How to reset MySQL 8 root password on CentOS 7 and 8