|
Cover Story
January 2000
Maxed out
The inevitable IP address shortage.
Maury Wright, Executive Editor
I often wonder what a state-of-the-art PC might be like if it
didn't have to also support the first MS-DOS program ever written. What if the companies that drive the Wintel world ripped up the blueprint? What if, with no constraints, their engineers created the best PC possible with no limits on processor options and no need to support legacy software? Sure, I would have to buy a new system, replace all my software, and perhaps learn a new way of doing things. But maybe I'd be more productive. Maybe my system would never fall short of resources. Maybe I wouldn't need 256 Mbytes of memory. Maybe the revolutionary change would leave the business world better off.
Think about that hypothetical scenario. The PC has served us incredibly well, but surely it's not the best or most elegant architecture we're capable of devising. What's your vote—retrofit or replace?
Now, what if we ask the same question about the Internet? The Internet is actually older than the PC. People have subjected the Internet to far more retrofits and facelifts than the PC has endured. Many argue that the Net needs a major overhaul in order to support the future demands we're going to place on it.
Like the PC, the Internet isn't facing an immediate crisis. Despite some naysayers' claims, the Net won't just break down and stop working. At least not any day soon. Undoubtedly, the average user doesn't even realize that the Internet faces significant obstacles. But obstacles there are.
I need my space
Topping the list, a sort of housing shortage. Limited to a 32-bit address space, the Internet has a finite number of possible IP addresses. As the online population worldwide catches up with Europe and North America, we will run short. And that's despite stopgap measures such as NAT (Network Address Translation). Worse, new applications, such as mobile Net access and home networking, could vastly increase the world's appetite for addresses. The Internet also faces problems in security, routing, and installation complexity. Together, these problems limit the Internet's potential.
As the new millennium dawns, the Internet's brain trust must decide how to upgrade the Net's foundation: the venerable TCP/IP infrastructure. The powers-that-be can continue a 20-year process of retrofits, some of which have been extremely effective, and some of which have merely mitigated problems in the short term. Or, they can make a more revolutionary change and replace the current IPv4 (Internet Protocol Version 4) with IPv6, which has been in development for much of the past decade.
IPv6 offers a few significant advantages that simply cannot be spliced onto IPv4. Most significantly, IPv6 uses a 128-bit address space. Other examples include an end-to-end security feature called IPSec (IP Security) and automatic or plug-and-play installation, using node discovery and dynamic address assignment.
Other IPv6 features have already been tacked onto IPv4, with varying degrees of success. For example, take IP Multicast, which allows a single server to broadcast an audio or video stream to many different nodes. Multicast is an absolute requirement if the Internet is to support a growing base of streaming content. Though IP Multicast originated as part of the IPv6 project, close to half of the existing IPv4-based Internet can support it today.
Then there's QoS (Quality of Service), the ability to give time-sensitive data, like voice or video, an express ride to its destination. IPv6's creators included QoS from the start. A packet flow label in the address header ensures reliable delivery of streaming data, enabling applications such as VoIP (voice over IP). IPv4 retrofits provide QoS, but force routers and other equipment to open and examine the actual data payload of packets. Moreover, companies making routers and switches support different QoS techniques (see sidebar, "IPv6 resources").
What's the problem?
Sounds like a no-brainer; let's upgrade to IPv6. Unfortunately, logistic and technical roadblocks obstruct the path. For starters, the Internet is a huge entity. No one owns it or even has the power to control its direction. The IETF (Internet Engineering Task Force) shepherds the development of new technologies, but can't dictate how they're deployed by the thousands of organizations that control little pieces of the Internet.
A complete upgrade to IPv6 would be what engineers wryly refer to as "non-trivial." Every router, every PC, and every server owned by ISPs, corporations, universities, governments, and individuals would have to be replaced or upgraded. Typically, upgrades happen gradually, the way QoS and Multicast are seeping in. Individuals and businesses upgrade or replace network equipment and hosts (terms used for clients and servers in Internet parlance) one at a time. But IPv6 isn't backward compatible with IPv4, and no smooth transition path exists.
The barriers to an easy transition have some industry insiders wondering if IPv6 will ever be adopted, while others insist that the question is when and not if. The two sides disagree on whether IPv6 brings enough value to warrant the expense and time the transition would entail. Many believe IPv6 simply isn't revolutionary enough to justify the massive upheaval.
Address depletion
While IPv6 offers more than a larger address space, that feature appears to be the one most likely to force a change. IPv4 can theoretically address more than 4 billion nodes. IPv6 supports a number of addresses greater than 3 followed by 38 zeroes. Experts say every person on earth could have a personal IPv6 network, which could in turn have a number of unique addresses represented by 20 digits.
But is that overkill? According to whom you ask, we've already occupied between a quarter and half of the available IPv4 address space. The lower estimates count routable addresses, or in other words, active addresses. The higher estimates count addresses that have been allocated by the various agencies in charge of allocation. Many of these addresses are essentially sitting on the shelf at ISPs, corporations, and other organizations. The graph in Figure 1 (above), from Top Layer Networks, depicts the ongoing address depletion trend.
"We've already run out of addresses. Just look at how many people are deploying NAT."
Noel Chiappa, independent researcher |
|
The current depletion curve seems to indicate that any serious address shortage is far in the future. The curve ramped sharply upwards during much of the 1990s, but started to flatten out toward the end of the decade.
So are we really in danger? Ask Noel Chiappa, who invented the multiprotocol router while at MIT and has worked on numerous IETF initiatives. "We've already run out of addresses," he answers. "Just look at how many people are deploying NAT." Chiappa, currently an independent network-architecture researcher, happens to believe IPv6 doesn't offer sufficient benefits to merit a change. He prefers a more radical approach to a next-generation network.
But the point in Chiappa's comment is that the industry has already taken measures to prevent, or at least delay considerably, the day that the address well runs dry. In the early 1990's, the Internet transitioned to a more granular routing architecture called CIDR (Classless Inter-Domain Routing—often pronounced "cider"). Prior to CIDR, all subnets were assigned based on 1- to 3-byte boundaries, which meant that small and large organizations often received far more addresses than they required (see Connected: An Internet Encyclopedia, at www.freesoft.org/CIE/index.htm).
To further stretch the address space, the computer world has adopted NAT, in which a single host (with a single public IP address) conceals a host of other hosts. The hosts behind the gateway use private IP addresses; it doesn't matter if they duplicate addresses that exist elsewhere. NAT finds use in widely ranging scenarios, from connecting the private networks of huge corporations to allowing multiple PCs to share a home Internet connection (see "Inside the Digital Den"). In its purest form, NAT transparently alters address headers as packets pass through the gateway.
Panacea or poison?
But NAT is far from a panacea. In fact, it's almost pure evil in the eyes of some Internet purists. NAT violates one of the Net's basic tenets—that the source and destination hosts control communications between themselves. With NAT, all data passes through an intermediary, and NAT critics see that single point of failure as potential trouble. NAT can also cause huge logistical problems. For example, if you try to merge two private networks that previously existed behind NAT gateways, you may have to contend with duplicate addresses.
 GLOBAL IMPACT: Fred Baker heads the Internet Engineering Task Force. |
|
Web access and email get along fine with NAT, but other applications don't fare so well. Many newer and innovative applications actually place addresses inside the data payload. Moreover, some applications, such as security and videoconferencing, use encrypted data. A NAT box can easily prevent such applications from working properly. In fact, IPv6's IPSec can't be retrofitted to IPv4, due to the lack of a direct end-to-end connection. "The NAT problem is unbounded," says Fred Baker, IETF chairman and Cisco fellow.
"The NAT problem is unbounded."
Fred Baker, IETF chairman and Cisco fellow |
|
NAT might not even be up to the task of preserving address space. Should mobile Internet access take off, it's unclear whether NAT would be effective—especially when cellular handoffs take place as subscribers roam among different cells and service providers. Initiatives in development now dynamically reuse IP addresses as mobile devices connect and disconnect from the Internet. But as Baker points out, "you will still need a huge amount of addresses, just to support all of the subscribers connected at any specific instance."
Moreover, NAT can't head off escalating address requirements arising from the move to broadband connections. With dial-up modems, ISPs only need IP addresses for a fraction of their subscriber base, because they dynamically assign an address when a subscriber dials in. With an always-on broadband connection, such as a DSL (Digital Subscriber Line) or cable modem, each subscriber needs at least one unique address, potentially more. If home networking and automation take off, each subscriber may need a block of addresses (see sidebar, "The connected home").
Finally, new applications can eat up globs of address space. For example, IP Multicast needs a unique public address for every audio/video stream. The Multicast standard reserves a total of 268,435,200 IP addresses. Who knows what application will emerge next month, or next year, to devour even more?
Where to go
Most Internet experts agree that NAT is, at best, an interim solution to a future address shortage. But even the staunch proponents of IPv6 can't reach a consensus on how to proceed
The next big retrofit to IPv4 could be RSIP (Realm Specific IP—typically pronounced "are-sip"). According to your perspective, RSIP could be the start of a transition to IPv6, or a way to delay a transition while a more radical alternative is developed.
RSIP solves many of NAT's problems (with, of course, a few adverse side effects), but does no more than NAT to handle address depletion. Whereas NAT is transparent to the host, RSIP requires that each host participate in the process by which many hosts share one public IP address. In doing so, RSIP restores the ability to make end-to-end connections, thereby enabling applications such as IPSec and real-time video delivery.
In an RSIP scenario, the host makes a request to the RSIP gateway and retrieves instructions on how to address and format its outgoing packets. Still in development, RSIP could be deployed over the course of the next year. RSIP only works when the host behind the RSIP gateway instigates a session, but some say it can be extended to allow an external host to initiate a session.
Mike Borella, senior architect at 3Com and one of the leaders in the IETF RSIP development effort, believes the technology can lead the transition to IPv6. Most transition strategies include a mixture of three concepts:
Dual stacks, where hosts or routers have both IPv6 and IPv4 protocol stacks and can work on either type of packet.
Translation, which works like a NAT gateway, except that the gateway translates an IPv6 address to an IPv4 address.
Tunneling, in which IPv6 packets are encapsulated within IPv4 packets, so that IPv4 networks can connect IPv6 clouds.
The predominant theory concludes that a transition will move inward from the individual hosts (the PCs and servers) on the "edges" of the Internet (Figure 2, above). Adding dual stacks in those hosts will be relatively painless because it's a software upgrade. You can already buy IPv6 stacks for most Unix boxes. Microsoft, however, is dragging its feet on providing IPv6 support for Windows; it will first arrive in Windows 2000 (Windows NT). But at some point, the IPv6 stack upgrade will become essentially free, allowing organizations to create IPv6 clouds all around the edges of the Internet.
Unfortunately, upgrading routers to support IPv6 isn't so straightforward. Many existing routers use hardware-based schemes to speed packet processing. These will have to be replaced—a process many in the IETF expect could take more than a decade.
Of the ways to connect IPv6 clouds to the IPv4 infrastructure, Borella thinks the RSIP concept offers the best scenario. A dual-stack RSIP gateway could support end-to-end connections for hosts in the IPv6 cloud, whether the remote host speaks IPv4 or IPv6. The scenario would still require the RSIP gateway to perform tunneling in order to link two IPv6 hosts across what for some time will remain an IPv4 Internet. And the RSIP gateway could integrate NAT functions as well, so that RSIP can be deployed across connected hosts one at a time.
A tough sell
Others, such as Chiappa, see NAT, RSIP, and other retrofits as ways to delay the transition to IPv6. Chiappa points out that ISPs and corporate MIS managers—whose support would speed a brick-by-brick transition to IPv6—have no incentive to make the change. "If 5 or 10% of the managers upgrade to IPv6," he asks, "would they be better off?" And he's probably right in assuming the answer would be "No." You couldn't run IPv6-enabled applications in such a situation, except in cases where you knew for sure that both ends of a connection had been upgraded.
"IPv6 offers an opportunity to re-visit design of the basics of Internet protocol. To vastly expand the address base, to allow for more flexible address assignment policies, multicasting design, and security features to become basic components of the evolving Internet."
Vint Cerf, senior vice president for Internet architecture and technology, MCI WorldCom |
|
Chiappa also points out that IPv6 doesn't solve the biggest problem ISPs and MIS managers face. Routing-table entries have topped 70,000, and IPv6 doesn't solve that problem, he claims. According to the IETF's Baker, however, IPv6, does bring some benefits to routing (see sidebar, "The router debate" for Baker's take on routing issues). Chiappa believes technologies such as MPLS (MultiProtocol Label Switching), on which the IETF is working, could provide the answer. With MPLS, routers at the edge of the Internet attach tags or labels to packets, which allows routers on the major backbones to forward the packets without retrieving an address from a routing table. So far, MPLS has been seen mostly as a way to improve the operation of backbones, and companies like AT&T and MCI WorldCom are already deploying it. But Chiappa thinks it could be an important piece of an alternative to IPv6.
Even Chiappa concedes, however, that a 32-bit address space isn't large enough in the long term. Considering that IPv6 took more than five years to develop, most industry luminaries don't believe there's a viable alternative to IPv6.
3Com's Borella believes movement toward IPv6 will come suddenly, he just doesn't know when. Perhaps, he suggests, an application like Internet services for cell phones will explode overnight in a region like Asia, jumpstarting the process.
Advocates of IPv6 are also—finally—making an effort to promote the technology. In mid 1999, industry leaders formed the IPv6 Forum to educate everyone from MIS managers to end users. Vint Cerf, senior vice president for Internet architecture and technology at MCI WorldCom and a pioneer of the Internet, serves as honorary chairman of the group.
"IPv6 offers an opportunity to re-visit design of the basics of Internet protocol," Cerf says. "To vastly expand the address base, to allow for more flexible address assignment policies, multicasting design, and security features to become basic components of the evolving Internet. IPv6 also offers features that facilitate the deployment of new qualities of service, which are needed to serve an expanding array of applications...."
From a more pragmatic perspective, Jim Bound, senior member of the technical staff at Compaq and co-chair of the IPv6 Deployment Group claims, "IPv6 is the only solution to maintain the principles of end-to-end networking as we approach the next millennium." CV
IPv6 resources
6bone: A worldwide testbed developed to assist in the evolution and deployment of IPv6.
Connected: An Internet Encyclopedia: An online encyclopedia that's a great source for a refresher course on how the Internet works.
Internet2: A collaborative effort, by universities working together with partners in industry and government, to develop advanced Internet technology and applications vital to the research and education missions of higher education.
IP Next Generation (IPng): A site that chronicles the history and development of IPv6.
IPv6 Forum: An organization founded in mid 1999 to promote the adoption of IPv6 technology through education of everyone from the end user, to ISPs, to large corporations.
IPv6 Research & Education Networks (6ren): "6ren is a voluntary coordination initiative of Research and Education Networks that provide production IPv6 transit service to facilitate high-quality, high-performance, and operationally robust IPv6 networks."
TechEncyclopedia: A quick online resource for brief explanations of most any acronym used in the computer and Internet world.
The Internet Engineering Task Force (IETF): The organization that defines the standards and specifications that are ultimately implemented on the Internet including IPv6.
The IPv6 Channel: An information resource with information on the technology and links to news and events.
|
|
The connected home
Regarding the future of the typical home, expect it to have well more than one device linked to the Internet. You can argue that the number is under 10, implying that only PCs or other information appliances such as a set-top box or a dedicated email appliance will be jacked in. But I would argue that the number could reach the hundreds, with everything from the toaster to the spa linked in. In either case, homes could drive the need for billions of new IP addresses. Therefore, this vision of the connected home may play a key role in the move to IPv6 and will lead to the development of new types of home gateway products.
Today, the potential demand for multiple IP addresses in homes is limited to multi-PC dwellings. Moreover, as this "Inside The Digital Den" article points out above, most multi-PC homes can use a NAT gateway to share a single IP address. But NAT will ultimately have the same limitations in homes that it does in offices. I advocate the use of NAT in a multi-PC home today, because of the lack of other reasonably priced options. Moreover, NAT works fine for web surfing and email. On the other hand, NAT can clearly limit your ability to use applications like real-time video delivery on machines behind a NAT gateway. Going forward, these multimedia applications and others, such as voice over IP (VoIP), that use IP telephones almost certainly will boost the demand for IP addresses.
The situation only gets worse as you contemplate the connection of a front-door lock, a security camera, or a washing machine to the Internet. Security becomes a serious issue. Consumers will demand features like IPsec, the security scheme that's built into IPv6. You may want to authorize the power company to control when your washing machine runs if it results in reduced power bills. You certainly won't want some prankster turning up your spa for no reason, but you might want to do so before you leave the office after a long day.
So assuming for the moment that almost all things electrical will need to be linked to the Internet in the connected home, let's ponder how that might happen. The scenarios start with connecting every electrical device via Ethernet, with each device receiving a globally unique IP address. Despite the fact that Ethernet is dirt cheap, it really doesn't make sense to rely on Ethernet in place of other connections that already exist. Appliances will be linked by power-line communication schemes, and the home entertainment center will likely connect via an IEEE-1394 interface. Most likely, some type of gateway will serve as a hub or a bridge for a number of disparate physical interfaces.
I feel relatively certain that such a gateway will evolve over the next few years, but will it be a simple bridge that connects different physical interfaces or will it also add a logical abstraction layer between the Internet and a private home network? A simple bridge might do no more than provide a security firewall that links devices behind the gateway to the Internet with the connected nodes having globally unique IP addresses. Essentially, the power-line, 1394, RF or other networks would carry IP traffic. NAT proponents and the anti-IPv6 crowd would argue that the gateway should hide the IP addresses of the home nodes to preserve the address space—adding one layer of abstraction. But if the nodes don't have public unique IP addresses, do they need a TCP/IP stack at all? Some will surely argue that a network like CEbus (Consumer Electronics bus—www.cebus.org) or Echelon's (www.echelon.com) LonWorks is better suited than TCP/IP as an automation and control network.
I must admit that I'm wavering in my views. In the past I've advocated the LonWorks or CEbus approach in the pages of our sister magazine EDN. I've reasoned that adding TCP/IP to every electrical device is simply too costly, but the IC industry is trying to prove me wrong. Companies like Scenix (www.scenix.com) and NetSilicon (www.netsilicon.com) have single chips that handle TCP/IP chores and serve as the central processor for a product. These ICs are headed way under $5. Perhaps we can't justify TCP/IP in every light fixture, but we will be able to afford it in a washing machine, spa, dishwasher, or even a toaster.
Using a public IP address in each connected appliance provides one tremendous advantage—an appliance manufacturer can immediately ad automation functions to their products. For example, an oven manufacturer can add a TCP/IP stack and an embedded web server, and the user interface becomes nothing more than your existing web browser. Using a web browser locally or remotely, you could program the oven for a multi-step recipe, you could preheat the oven before leaving the office, or the oven manufacturer could perform remote diagnostics on a malfunctioning unit.
Once an appliance lives behind a gateway, however, we need new standards to ensure things work correctly. If the appliance still uses TCP/IP, perhaps a relatively simple NAT standard could allow remote access to an appliance. Should the appliance use a non-IP network like LonWorks, the gateway must somehow present a user interface for every connected appliance, necessitating more complex standards.
Echelon has by far the most technically capable control network technology available, but it's expensive and has almost zero market penetration in homes (see "Home invasion: commercial networks move in", EDN, July 8, 1999, pg 59). In November 1999, Echelon staged a demonstration from Northern California in which they performed a number of control functions on a home located in England. The demo could indicate that heavyweights Cisco (www.cisco.com) and Sun Microsystems (www.sun.com) support the Echelon scheme, as luminaries from each company spoke at the event. Moreover, Echelon has announced partnerships with both companies. On the other hand, it's hard to be convinced that LonWorks use is about to explode in homes, since no major appliance manufacturers have acknowledged plans to use LonWorks. You can buy LonWorks support in a few high-end appliances made in Europe.
I'm about ready to step up and say, "don't leave a TCP/IP stack out of my new refrigerator." Unfortunately, that route is far from trouble free, because until IPv6 rolls out to the masses, there aren't enough IP addresses for every fridge to have one.
Relief could come in the form of the Open Services Gateway Initiative (OSGi—www.osgi.org). OSGI is attempting to define an industry standard for a software gateway that supports e-service for consumer and office appliances. Presumably, OSGi will work with a choice of networks allowing options for IP, LonWorks, and others. Unfortunately, the effort is in the early stages, and does little to satisfy those of us who've been writing about and waiting for home automation for years. Stay tuned to our April issue for an article devoted to OSGi.
In addition to OSGi, there's a Japanese-led movement called the Echonet Consortium (www.echonet.gr.jp/english/1_echo/about3.htm) working on a layered standard. Little has been disclosed about the effort, but it appears to overlap with OSGi. While OSGi has roots mainly in the computer industry, Matsushita, Hitachi, Mitsubishi, and Toshiba lead Echonet.
Meanwhile, those among us that want to move forward with a connected home will be forced to do so with the help of some custom software and engineering work. Echelon has announced a gateway product that uses "Cisco Inside" technology and has an Ethernet plug on one side and a LonWorks plug on the other. Don't expect to deploy such technology without some software work. Other organizations like Panja (www.panja.com) have announced gateways between broadband Internet connections, home LANs, and the living-room entertainment system. Philips (www.philips.com) has demonstrated a similar gateway with integrated TV tuners and bridges to RF and 1394 networks. But both of these examples ignore the need for control network links.
|
The router debate
Editor's Note: Internet Engineering Task Force Chairman Fred Baker sent us the following email message containing his take on the routing issues raised above (in the section headed "A tough sell"):
One of the issues in the IPv4 vs IPv6 debate is the level of hyperbole in the
statements made on all sides. Identifying the IPv6 address as an improvement
because it has hierarchy is a strange statement, as it copies its notion of
hierarchy from IPv4's hierarchy, and it can be argued that the architecture in
RFC 2373 is a return to the type of hierarchy abandoned with the deployment of
CIDR. Similarly, saying that IPv6 does "nothing" to reduce the number of routes
advertised is an equally interesting statement.
It can be shown that the number of routes in an IPv6 router should, under the
present address architecture, be on the order of
the number of autonomous systems in the world plus
the number of customers that the given service provider has plus
the count of his own internal subnets.
I say that because the IPv6 addressing architecture proposes to give blocks of
addresses to each service provider (or at least each significant service
provider), and let them topologically delegate prefixes to their own customers,
and from their own prefix into subnets. There are about 6200 Autonomous
Systems (ASs)
at the moment. I have heard a number of estimates, some as low as a few hundred
routes in a backbone router, but I would guess this results in something on the
order 10,000 to 20,000 routes in a given backbone router. It could in turn be
reduced, perhaps. Some 3700 ASs advertise only one prefix. This may indicate
that they have done a good job of aggregation, but more probably means that
they are small service providers or edge-network companies with multi-homed
addresses. It could be that the ~500 transit ASs could be made to aggregate
those address spaces into their own—primary ASs delegating address space to
secondary or tertiary ASs.
That is very different from the IPv4 situation, where for historical reasons
many individual sites have their own unaggregatable addresses, some blocks of
addresses have geographical (e.g. "Europe," "Singapore," etc.) implications, and
some have topological implications. Yes, there are currently some 70,000 IPv4
routes in backbone routers. You can look at this in detail in
at www.telstra.net/ops/bgptable.htm.
Providing some quantifiable bound on the number of addresses advertised, as
opposed to having no obvious bound, seems like an improvement to me. It may not
be as much as is desired, but it is not "no improvement." I believe that it is
this aggregation that IPv6 proponents refer to when they talk about improving
routing; they have proposed no changes to the routing algorithms. Some routing
experts are very concerned about the structure of the routing system itself,
and have proposed alternative schemes; you might take a look at
www.ietf.org/rfc/rfc1753.txt as an example. As near as I can tell, the
proposals that are applicable to IPv4 would apply equally to IPv4 or IPv6, and
those that are not requiring a completely different address structure.
Personally, the issues I worry about in the global routing system relate to
algorithmic and procedural problems. Algorithmic problems in the Bellman-Ford
algorithm used by BGP (a routing protocol) cause a fair percentage of
addresses to be in a "hold down" state at any given time. Also, the
procedures by which address exchange
policies are managed which are readily automated but are often done by hand.
Neither IPv4 nor IPv6 inherently does anything about those issues, and the
solution to those issues could be applied to either address space with equal
ease.
|
|
