Derek Morr: June 2008 Archives
According to a recent report by Juniper research, a quarter of the Earth's population will be online by 2012. This will certainly be a great accomplishment and will measurably improve the quality of life for nearly two billion people.
But it's still only 25% of Earth's population. And by 2012, the IPv4 address space will almost certainly all be used up. Today, only 15% of it is left. There are just under 4.3 billion possible addresses in IPv4, of which 86% (3.7 billion) are available for common use (the rest are reserved for special use cases). So by 2012, 1.8 billion people will be using 3.7 billion addresses, or roughly 2 addresses per person. And that's before the widescale deployment of 3- and 4G cell phones, which will put even more pressure on the address space (4G cell phones will operate exclusively over IP).
This "plethora of addresses" isn't sustainable with IPv4. There are nearly 6.7 billion people on Earth. If less than a quarter of them are using 2 addresses per person, we'll need more than 13 billion IPv4 addresses to give everyone the same amount. But we don't have that many. Not even close.
Further, the number of IPv4 addresses per person is by no means uniform:
Countries with 1 IP per person are in green, those with 1 IP for every 10 people are in yellow, 1 IP for 100 people in orange, and so on
Nor is the geographic distribution of IP addresses. IP addresses are assigned by regional authorities, roughly one per continent:
These are percentages of the absolute number of IP addresses. They're not adjusted based on population.
North America has roughly half of the currently assigned addresses (the 27% that's directly assigned to it plus the 16% of legacy assignments, most of which are to U.S.-based organizations). Africa and South America combined have less than 5%. What's interesting is that North Americans don't make up the majority of Internet users:
I have serious concerns about the ability of developing nations to participate in a 21st-century economy with so few IP addresses per person. To me, the distribution of IP addresses (and, hence, internet access) isn't just a technical problem; it's a social justice issue as well. How are we going to get the remaining 75% of the people on the planet online? Are they going to have publicly routable addresses, or are we going to stick them behind multi-layer NAT and proxy servers, effectively relgating them to second-class status?
There is good news. It's precisely these areas that are experiencing the fastest Internet growth:
Still, it's not possible for Africa and South America to achieve address-per-capita rates comparable to Asia, let alone North America, with IPv4. There just isn't enough space left. IPv6 is the only real solution to this problem.
For the past few months, I've been keeping track of how many .edu domains have IPv6-reachable authoritative DNS. So far the results have been less than exciting: Less than 10% of Internet2 University Members had taken the plunge.
That's changed. We're now over the 10% threshold. Four more universities have IPv6 DNS:
- Columbia University
- University of California, Los Angeles
- University of California, San Francisco
- Virginia Tech
This means that 22 of the 212 Internet2 University members (or 10.4%) have IPv6-reachable DNS. Six months ago, that number was 5%. Doubling that in a few months makes me hopeful. I'm having a beer to celebrate.
I've noticed a clustering of .edu DNS. Typically one institution will provide DNS for many others. For example, UC Berkeley v6-enabled one of their DNS servers (adns2.berkeley.edu). That box also provides DNS for Columbia, UCLA and UC San Francisco. Likewise, the University of Orgeon provides IPv6 DNS for Portland State and Internet2. And Indiana University also provides for UIUC and U. Rhode Island. There are many more examples.
These clusters are both good and bad. They're good because they provide "easy targets" for IPv6 -- by IPv6 enabling a handful of machines, you provide maximum coverage. They're bad because, often, they're the only IPv6-enabled server for a domain -- if one server at Berkeley goes down, three other universities effectively drop off the IPv6 Internet.
But I'm still taking this as a win.
A few weeks ago, RIPE NCC, the "European" RIR, added a few more IPv6-enabled K root servers. As you may recall, back in February, IANA enabled IPv6 glue in the DNS root. With RIPE NCC's recent additions, there are now at least 33 IPv6-enabled root servers (out of 150 total servers). I say at least because I don't have any information on which J root servers have IPv6.
Here's a handy Google Map widget showing their locations:
View Larger Map
I was surprised to see so many servers in North America, since that region tends to lag behind Europe and Asia for IPv6 deployment. In fact, the Asia/Pacific region has the fewest number of IPv6 servers of any RIR:
|RIPE NCC||42 %|
While it's good to see more IPv6-enabled servers, the more important issue is increasing IPv6 traffic to the root. Just after the IPv6 glue was added to the root, the K root saw an almost five-fold increase in IPv6 traffic. However, this still only works out to 1.2% of its queries over IPv6:
The H root has similar results. While the number of IPv6 queries has steadily increased since February, 2008, it still receives less than 1% of its queries over IPv6:
The M root saw the same thing: Only 1% of their queries are over IPv6:
At RIPE-56, Geoff Huston gave a presentation comparing IPv4 -vs- IPv6 queries in APNIC's root servers. He found that IPv6 queries peaked at 1% of the total number of queries. Likewise, at the 2008 Global IPv6 Summit in Korea, it was revealed that Japan's authoritative servers get at best 1.4% of their queries over IPv6. And Japan was one of the first countries to add AAAA glue.
Comparatively speaking, there are only a handful of DNS servers on the Internet. It's fairly easy to get them IPv6-enabled. It will be a much harder task to IPv6-enable the billion+ PCs on the Internet (which is expected to double by 2014). And that number doesn't include non-PC devices, which make up an increasingly large number of network-attached devices. It's time to get to work, folks.
Next week, Educause is hosting a web seminar on IPv4 address delpetion. John Curran, the Chairman of the American Registry for Internet Numbers (ARIN), is the presenter.
This should be a good talk. Mr. Curran gave a similarly themed talk at the last Internet2 Members Meeting (his talk starts 17:40 into the video). It was a very accessible talk; I recommend anyone not familiar with IPv6 register for it.
A few months ago, Internet2 made one of their DNS servers reachable over IPv6. Their other DNS server (dns.internet2.edu) was still IPv4-only. That's now changed.
All of the authoritative name servers for internet2.edu are now reachable over IPv6. This has been a long time coming, and it's great to see it done:
I mentioned recently that I gave an IPv6 poster session at the Penn State WebConference. I've put the poster and handout online. I spoke to a couple of interesting people at the conference, and learned a lot about the web infrastructure at the University (there are more IIS and ColdFusion shops that I realized. Fortunately, both supports IPv6.)
In DNS news, the .dk (Denmark) and .nk (Saint Kitts and Nevis) top-level-domains are now reachable via IPv6. This brings the total to 190 of 269 TLDs that are reachable over IPv6.
The Economist, my favorite news magazine, ran a story on IPv6 in this weeks's issue. It's very well written for the non-technical reader. They use the analogy of a city water system to explain Internet addressing:
Nobody would expect a city water system designed for 1m residents to be able to handle a 1,000-fold increase in population in just a few years. Yet that is what the internet’s fundamental addressing scheme has had to accommodate.
Support for IPv6 is already baked into most popular operating-system software. It is incorporated into Windows XP and Vista, Mac OS X 10.3 “Panther” and later, and many flavours of Unix and Linux. But operating systems are only the taps of the plumbing system: a house’s other fixtures (like set-top boxes), inside pipes (broadband modems and routers), and feeder pipes (backbone routers) must also be upgraded for the full benefits of IPv6 to become available.
I sent the article to my parents to try to explain what I do at work.
As an aside, I think The Economist is, hands-down, the best news magazine you can get. Excellent coverage from a global perspective, and the editorals are just pithy enough to get a chuckle. It's a shame that the campus bookstore doesn't carry it (ironically, some of the convenience stores in town do).
There will be an extensive system of IPv6-enabled network-attached cameras deployed throughout Beijing for security. There will also be an IPv6-enabled smart building system. Additionally, there is an IPv6 version of the 2008 Olympics website at http://ipv6.beijing2008.cn/. Note that this site is IPv6-only. It's fantastic that there is more "content for normal people" on the IPv6 internet.
It's unfortunate that there has to be a seperate IPv6 URL for the site. In an ideal world, www.beijing2008.cn would have both A (IPv4) and AAAA (IPv6) records in DNS. But it's understandable why they chose to make a seperate site (just as Google did with ipv6.google.com). Many NAT routers don't handle AAAA queries properly, some web browsers don't fall back to IPv4 if IPv6 fails, and the Olympics' distributed web hosting provider (Akamai) doesn't support IPv6 yet.
The lack of support by Akamai is startling. I tried ping'ing the IPv4 and IPv6 sites from AS3999. Latency over IPv6 is about 270 ms. Over IPv4, it's less than 5 ms. The stark difference is because our upstream provider, the Three Rivers Optical Exchance (3ROX), has a local Akamai cache, so the IPv4 traffic doesn't even have to leave Pennsylvania. The IPv6 traffic, by contrast, has to cross North America to Seattle, go across the Pacific Ocean to Korea, and finally into China.
Interestingly, only the website is IPv6-enabled. The DNS and mail servers for beijing2008.cn are IPv4-only. Many sites are cautious about IPv6 due to fear of breaking web or mail services. Since DNS is considered "safe," most organizations start by IPv6-enabling their DNS servers. Only later will they adopt IPv6 for mail and web services. There was a nice presentation on this topic at last month's RIPE 56 meeting in Berlin: