Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UK's 'Unallocated' IPv4 Block Actually In Use, Not For Sale

Unknown Lamer posted about 2 years ago | from the we're-really-out-folks dept.

The Internet 203

jimboh2k writes "The UK may have 16.9 million 'unused' IPv4 addresses but according to the department that owns them, they're not for sale. The Department of Work and Pensions says it would be too expensive to reallocate those addresses and, even if it did, it would not stave off IPv4 address exhaustion by much." The addresses in question are being used for a new internal government network. Of course, why that project wasn't built using IPv6...

cancel ×

203 comments

Sorry! There are no comments related to the filter you selected.

Let the home office keep them (4, Insightful)

Anonymous Coward | about 2 years ago | (#41385717)

Changing the contract will cost them at least 20% more than the current overrun.

Re:Let the home office keep them (1, Informative)

arisvega (1414195) | about 2 years ago | (#41386459)

Changing the contract will cost them at least 20% more than the current overrun.

Perhaps. But also:

Of course, why that project wasn't built using IPv6...

Because the administration wants proven techniques, and not to be a testbed for new technologies. "Big deal", the Slashdot crowd may say, "IPv6 migration is simple and costs effectively nothing". Again, perhaps: but try to see this from some department's/ministry's/government's point of view- all those stamps to be pressed, reports to be filed etc. Right now this particular department is probably not using the IPv4 addresses they own, and they see it as clever to keep them in stock for the time that they will need them. From their point of view, they are good for years to come so why change that.

Re:Let the home office keep them (3, Interesting)

bmo (77928) | about 2 years ago | (#41386983)

> and not to be a testbed for new technologies

But IPV6 is not new technology. The RFC is 14 years old, and current computer operating systems already speak it. An 11 year old operating system, Windows XP, speaks it. http://support.microsoft.com/kb/2478747 [microsoft.com]

The "install" is merely enabling what is already there.

> From their point of view, they are good for years to come so why change that.

But they aren't good for years to come. Once IPV6 comes out regularly, that horde of addresses will be worthless and they will be stuck with obsolete tech. No, wait, it's already obsolete.

--
BMO

Re:Let the home office keep them (0)

Anonymous Coward | about 2 years ago | (#41387285)

Get a clue. The first RFC may not be new. But the hardware/firmware/software implementing the latest RFCs required to get IPv6 working in the real world are certainly new.

Guess how many years it took before ISC-BIND and ISC-DHCPD became significantly less crap?

Anyone taking bets on how many bugs there'll be in the latest and greatest IPv6 stuff? And how many exploitable ones?

Re:Let the home office keep them (2, Insightful)

Anonymous Coward | about 2 years ago | (#41387343)

It is much newer than IPv4. The *real* question is one that should be asked of the people asking the *dumb* question, and that is: if you have 16.9 million addresses already bought and paid for, then why would you use IPv6?

Re:Let the home office keep them (0)

fast turtle (1118037) | about 2 years ago | (#41387083)

and the damn burecrats are falling down on the job. Instead of fighting against being the testbed, they should be fighting to see who gets to sign off on each/every phase. It's turf wars with Tom, Dick and Harry stabby Moe and Joe in the back while Robert and Michael get the credit for the success.

Don't those U.K. Burecrats know anything at all about turf power? Read the damn Retief Books idiots and maybe they'll finally get a clue

Re:Let the home office keep them (5, Funny)

ifrag (984323) | about 2 years ago | (#41387133)

One does not simply "file" a report in the UK.

...report to be filed, signed in triplicate, sent in, sent back, queried, lost, found, subjected to public enquiry, lost again, and finally buried in soft peat for three months and recycled as firelighters.

Enlighten me please (3)

zero.kalvin (1231372) | about 2 years ago | (#41385725)

What's so difficult about switching to IPv6 ? I mean where the cost really is ? It is not like I have to buy all of my hardware again, it is mostly a software issue right ?

Re:Enlighten me please (3, Insightful)

h4rr4r (612664) | about 2 years ago | (#41385753)

You might not, but lots of enterprise hardware would have to be replaced. This stuff has long life times and as the old gear dies off, ipv6 will come with the replacements.

Re:Enlighten me please (3, Interesting)

Hatta (162192) | about 2 years ago | (#41385871)

Is there some reason "enterprise" hardware comes with firmware that can't be upgraded?

Re:Enlighten me please (0)

Anonymous Coward | about 2 years ago | (#41385907)

Only if every hardware MFG'er is still in business and supporting EVERY piece of equipment they ever sold. >_>

Re:Enlighten me please (1)

jd2112 (1535857) | about 2 years ago | (#41387025)

And you are willing to spend a butload of money on an upgrade that offers little if any increase in functionality and will most likely introduce new bugs that will have to be dealt with.

Re:Enlighten me please (1, Offtopic)

firex726 (1188453) | about 2 years ago | (#41385929)

Someones going to have to foot the bill.

The manufacturer does not want to since the client company has already paid for the hardware ten years ago, so they'd have to pay Devs to update the firmware and not see any new sales.
But if they wait then those companies will have to foot the bill by buying the new model they are currently advertising.

You got companies who still use IE6 and XP, because they paid to have some proprietary app developed for that specific version, and don't want to have it redone to a modern versions.

Re:Enlighten me please (3, Interesting)

silas_moeckel (234313) | about 2 years ago | (#41385959)

Firmware sure but those asics that make networking kit fast not so much. A lot of the first gen stuff punted ipv6 stuff to the cpu fine if you just want the line item but worthless if you want to actually use it for production.

Re:Enlighten me please (1)

Anonymous Coward | about 2 years ago | (#41386037)

Think of the differences a bit like the Y2K bug with legacy hardware. If the inside of a router was a simple general purpose cpu there wouldn't be an issue but this is dedicated hardware that is designed to process 4 octet addresses. Besides that there is differences in routing configuration that wouldn't fit into the same memory spaces these devices have. It would be cheaper to replace the devices than try to produce an upgrade.

Re:Enlighten me please (0)

Anonymous Coward | about 2 years ago | (#41386195)

Sounds like a great idea, get on it and provide all the companies with free updates. Best of luck with the proprietary hardware.

Because that's what it will take--the manufacturers aren't going to do feature upgrades for old hardware, and companies aren't going to spend money on custom updates.

Re:Enlighten me please (3, Informative)

mwvdlee (775178) | about 2 years ago | (#41386275)

Upgrading IPv4-only firmware to handle both IPv4 and IPv6 may require more processing power and memory space than the hardware can provide.

Obviously the more expensive hardware would be able to cope, but those were more expensive so nobody bought them.

Re:Enlighten me please (1)

asdf7890 (1518587) | about 2 years ago | (#41386429)

That only works if the hardware can cope with the new software. Firmware updates are usually intended to support bug fixes not major feature changes, so while a lot of hardware will have room for firmware a little larger than it is provided with (to support bug fixes and small new features) you'll not find a lot that has room for a whole new network stack, either in terms of non-volatile storage to hold the code and RAM needed while it is actually running. Much of that kit was bought years ago (for such amounts of money that it surviving a decade was part of the plan) and back then and memory of most sorts was far more expensive than it is now.

Re:Enlighten me please (2)

Sqr(twg) (2126054) | about 2 years ago | (#41385881)

I have a hard time imagining that upgrading an internal network to IPv6 would cost more than what selling an IPv4 /8 block on the open market would net.

Re:Enlighten me please (2, Insightful)

ShanghaiBill (739463) | about 2 years ago | (#41386057)

I have a hard time imagining that upgrading an internal network to IPv6 would cost more than what selling an IPv4 /8 block on the open market would net.

It doesn't matter because this is a government organization. If they sell the IPv4 block the proceeds will not go into the same account that is used to fund an IPv6 conversion. The cost of an IPv6 conversion would mostly be the salary cost of the personnel doing the conversion. Governments don't pay salaries using money from "selling stuff". If they allowed that, it would open the door to all sorts of corruption.

Re:Enlighten me please (1)

h4rr4r (612664) | about 2 years ago | (#41386249)

You can't sell ti though. You still need to have IPv4 support for the next decade or so.

Re:Enlighten me please (1)

asdf7890 (1518587) | about 2 years ago | (#41386303)

I suspect you have never been exposed to civil service bureaucracy.

Re:Enlighten me please (0)

Anonymous Coward | about 2 years ago | (#41385963)

And lots of enterprise software as well with just as big of price tags on it.

Think of it this way. I have a car. It runs fine. Has a few dings and scratches. Gets 'ok' gas millage. It is paid for. Now lets replace it with another car. That does the same thing (gets me from here to there). Oh it has some cool new things and a bit better millage and can now use these cool roads dedicated just for the car (old roads not as much). However, now I have a payment. So I end up pretty much where I started and a payment.

It needs to happen. But it will be years before everyone is switched out. You are still hard pressed to buy a home router that has ipv6. Many may have it but it is hard to tell how good they are with it, or if they have it at all. Oh and the ones that DO have it clearly labeled are 100 USD and up... A few of those have terrible reviews. Sure you can flash your own and get it on a cheaper router. But I will go out on a limb and say most people are not going to want to bother with that...

It is sort of like 802.11n. There are no less than 8 flavors of it floating around out there at different data rates and ranges. Most of the endpoint stuff you get out there is 1 antenna and 150 data rate in the crowded 2.4 range. My point not only do you have to switch out there is a huge gulf between 'crap' and 'awesome'. This is going to suck. Do not be in such a hurry to switch out...

Re:Enlighten me please (1)

fast turtle (1118037) | about 2 years ago | (#41387201)

It is sort of like 802.11n. There are no less than 8 flavors of it floating around out there at different data rates and ranges. Most of the endpoint stuff you get out there is 1 antenna and 150 data rate in the crowded 2.4 range. My point not only do you have to switch out there is a huge gulf between 'crap' and 'awesome'. This is going to suck. Do not be in such a hurry to switch out..

This is exactly why I don't even bother with 802.11n hardware. Most of it's using the crap 2.5GHz band instead of the 5GHz band that they simply drown each other out and actually go slower. In my location, I can see a grand total of 6 of those stinking 802.11n AP's and everyone of them is competing for the same bandwidth. It's why mine is set to the 802.11b speeds and you know what, I actually get close to the rated speed on the home network, even with the congestion we're seeing from the cheap "N" routers.

Re:Enlighten me please (1)

Eraesr (1629799) | about 2 years ago | (#41386357)

Call me naive. Perhaps I am because I don't know a whole lot about this subject, but couldn't companies just buy some kind of IPv6 router that can act sort of like NAT and assign IPv6 addresses to individual devices, but translate those addresses to IPv4 as data comes in? That way a company could just use IPv4 addresses internally and for the outside world, run everything through an IPv6 converter.

Re:Enlighten me please (5, Insightful)

PSVMOrnot (885854) | about 2 years ago | (#41385819)

For a home user it is not all that much of an issue, if you are running a remotely recent OS then it is probably already IPv6 capable. At worst you may need to replace your modem/router box, and those who would have trouble with this are likely to be with an ISP that takes care of such matters for them.

When you are dealing with large scale infrastructure and corporate networks however, things become a little more difficult. At that scale the assumption of running a recent OS doesn't always hold, so you have software updates to worry about which incurs at least a time cost (and time is money). Also the possibly replacing your router becomes replacing racks worth of managed switches, routers, dchp servers and so on. That's not even beginning to take into account all of the legacy software that expects IPv4 and requires it in order to work.

So, yeah. Simple for home/small business users, but a major project for the IT guys who make things work behind the scenes. Fortunately said tech guys should have been working on getting ready for this for a while already; just like when they made sure that the world didn't fall over at the turn of the millenium.

Re:Enlighten me please (2)

jimicus (737525) | about 2 years ago | (#41386141)

just like when they made sure that the world didn't fall over at the turn of the millenium.

Back then there was a clear deadline that we all knew about and no practical way to stave it off.

Re:Because sixxs is a pain in the ass to get (1)

Anonymous Coward | about 2 years ago | (#41385845)

The biggest cost is that getting a sixxs tunnel is a royal pain in the ass as you not only need to set up a linkedin account but write a nice long essay about why you want it. How many people are going to go to that much trouble just to switch to ipv6?

Re:Because sixxs is a pain in the ass to get (3, Informative)

petermgreen (876956) | about 2 years ago | (#41386113)

If you want a free v6 tunnel there are less elitist providers than sixxs. gogo6 (aka freenet6) even offer unauthenticated tunnels for individual machines* so you can just install their software and go.

Still I consider such tunnels as a tool for those who are interested in developing/testing IPv6 and maybe as a stopgap measure for a subset of end users who really need to reach v6 servers. If you are serious about v6 then you should be using a v6 capable ISP.

*If you want a prefix you have to create an account and authenticate to it but afaict creating an account with them is no big deal.

Re:Because sixxs is a pain in the ass to get (3, Informative)

higuita (129722) | about 2 years ago | (#41386457)

sixxs dont require a linkedin account (or something changed since i created mine and several friends accounts)

all you need is to say you want to test ipv6 on your home computer (or home network) and put your real info (name, email, etc)... that isnt much different from registering on any website.
Requiring real info is normal, as you will access the internet with their connections, its normal they want real info to contact you or to redirect any police request if you want to use their network for illegal activities

Re:Enlighten me please (2)

vlm (69642) | about 2 years ago | (#41385849)

What's so difficult about switching to IPv6 ?
I mean where the cost really is ? It is not like I have to buy all of my hardware again, it is mostly a software issue right ?

layer 1 and layer 2, yeah, Pretty Much software only. I say pretty much because there's a trend to F around with upper layer stuff in lower layer gear, think IP DHCP filtering in a "layer 2 smart ethernet switch"

The real killer is the cost of hardware accelerated layer 3 routing equipment that can insta-magically-switch ipv4 but drops down to software switching of ipv6. Luckily, normal size ipv6 bandwidth loads can be easily handled by commodity PC hardware doing solely software routing. Heck normal size ipv4 bandwidth loads work fine when software switched now a days.

Re:Enlighten me please (3, Insightful)

qwertphobia (825473) | about 2 years ago | (#41385885)

The software on my firewall (which is up-to-date) supports IPv6 in several ways. It can route IPv6 by OSPF. It can firewall and inspect IPv6 traffic. It can provide an IPv6 address to the management interface. It can use IPv6 to download software updates and signatures from the support portal. It can perform NAT6to4 to provide IPv6 connectivity to internal IPv4 resources. However it doesn't yet support Multiprotocol BGP, which is needed to route IPv6 by BGP. This is critical to us since we have multiple ISPs. I give this example because I have found most enterprise equipment "supports" IPv6 but not in a way that enables full replacement of IPv4 addressing with IPv6 addressing. Furthermore, we know how long government projects take to implement. If this one is just completed it probably started a decade ago...

Re:Enlighten me please (1)

drsmithy (35869) | about 2 years ago | (#41385927)

What's so difficult about switching to IPv6 ? I mean where the cost really is ? It is not like I have to buy all of my hardware again, it is mostly a software issue right ?

If only it were that simple. Hardware is cheap.

Re:Enlighten me please (4, Insightful)

gstoddart (321705) | about 2 years ago | (#41386169)

If only it were that simple. Hardware is cheap.

Hardware is cheap if you're talking about a single thing, but the time to do this is pretty expensive.

I worked on a project last year to upgrade a single enterprise-critical application -- we spent over $250K on hardware, and another million on manpower for the project.

I've heard that rolling out Win 7 to replace XP is costing several hundred thousand per day in terms of resource costs, but that's quite removed from the source.

Most organizations would likely spend huge amounts of money transitioning their infrastructure and applications to IPV6, probably with a lot of pain points, and at the end of the day ... what has the money bought you? Is your network faster? Is it more reliable? Are your operating costs lower? Are you more profitable?

Or have you sunk a bunch of money into something which a bunch of networking geeks think is sexy but nobody else can figure out why they've even bother?

In the end, it seems like a lot of work and overhead for something which seems to have some very vague short-term benefits ... and "ZOMG, you won't need to do NAT any more as everything in the world can have an IP address" is one of those reasons that usually makes me go "and then what?". People are still going to want to NAT their internal stuff behind a firewall anyway.

I'd love to hear some compelling reasons for a company to do this. But to date, I haven't heard any. Other than the size of the address space, I don't actually know what problems IPv6 solves. The fact that companies don't seem to be flocking to it tells me I'm not the only one.

Re:Enlighten me please (4, Insightful)

petermgreen (876956) | about 2 years ago | (#41385933)

A few places

1: routers need to both understand IPv6 AND be able to forward it quickly. If the hardware forwarding engines can't handle the larger v6 addreses then a software update won't help you much.
2: any application software that needs to communicate over IPv6 needs to use the new v6 capable APIs. Converting software can be a pain either because it requires significant changes to support IPv6* or because the vendor is being a PITA and wants to tie in v6 support to an expensive upgrade you don't want. Or worse a v6 upgrade may simply not be available at all requiring the software to be replaced completely.
3: while windows XP has some IPv6 support it's not ready for an IPv6 only world.

*Some examples:
* There is no direct IPv6 equivilent to WSAAsyncGetHostByName so any app that needs to perform lookups in the background will need to be converted to use threads for name lookups.
* In windows XP it is not possible for one socket to listen for both IPv4 and IPv6 so apps that previously only listened on a single socket may well need design changes to allow them to listen on multiple sockets.
* Any app that stores IPv4 addresses in a binary form or a fixed-width text feild will need data format changes

Re:Enlighten me please (3, Interesting)

rsclient (112577) | about 2 years ago | (#41386691)

Ick -- WSAAsynGetHostByName? In this day and age, you have a window handle lying around?

I'm the Program Manager for WinSock at Microsoft. Have you looked at GetAddrInfoEx? In Windows 8/Server 2012, the DNS team added some Async features into it. Even better, it will properly handle IPv6 AND international domain names.

And if you're doing the new "Runtime" programming for Windows 8, we done our best to make sure that most network programs never have to deal with IP addresses at all -- that means that new new RT apps should be IPv6 ready out of the box.

(We also do the dual-stack thing with our sockets, so listener sockets just specify a port (or service) to listen on, and we automatically listen to both IPv6 and IPv4. We updates .NET 4.5 in the same way to make dual-stack be simpler.)

Links: http://msdn.microsoft.com/en-us/library/windows/desktop/ms738518(v=vs.85).asp [microsoft.com]

Re:Enlighten me please (2)

petermgreen (876956) | about 2 years ago | (#41387147)

Ick -- WSAAsynGetHostByName? In this day and age, you have a window handle lying around?

Old habbits die hard and all that but even if i'm not using it in new code there is still a need to adapt old code. So far the only way i'd found to do an IPv6 DNS lookup in the background of an event driven program using the windows DNS code is to create a thread to do it and have that thread notify the main thread when the lookup completes.

Have you looked at GetAddrInfoEx? In Windows 8/Server 2012, the DNS team added some Async features into it.

No I hadn't heard of it but there is no way i'm making my code dependent on win8 in the forseeable future.

Re:Enlighten me please (1)

unixisc (2429386) | about 2 years ago | (#41386765)

Also, the standard has been evolving for quite some time, and has still not been frozen. It's true that a lot of the equipment doesn't natively support IPv6, and it's hard to argue that they should when they risk building in features or functions that may get deprecated. Like site local addresses.

Also, while a lot of concepts are similar, there are also a lot of brand new concepts that haven't really sunk in. Like, e.g., in IPv4, private IP addresses, such as 10.x.x.x or 192.168.x.x were used for several purposes, be it home networks, VPNs, NAT extenders, et al. But if someone is transitioning to IPv6 and has so far been having a network, say 10.1.x.x in his office, what does he use? Link-local addresses? Site-unique addresses? Admin-local? Organization-local? (Note that there are multicast addresses for the last 2, but not unicast addresses).

I am a big supporter of IPv6 and want to see it start replaceing IPv4 in a big way, but there are several stumbling blocks towards getting there.

Re:Enlighten me please (5, Insightful)

gstoddart (321705) | about 2 years ago | (#41385971)

What's so difficult about switching to IPv6 ? I mean where the cost really is ? It is not like I have to buy all of my hardware again, it is mostly a software issue right ?

Because nobody has any real interest in changing to IPv6. Everybody has a working IPv4 infrastructure, and isn't interested in spending money to change over because they have no idea of how that's going to make anything better.

IPv6 has been coming "real soon now" almost as long as I can remember. And people have mostly been saying "I don't see any good reason" for just as long.

For large organizations, changing to this is one of those things that nobody can figure out why they'd go through the time and expense.

I know a lot of people on Slashdot look at IPv6 as some serious awesomeness that everybody should be jumping at. But, really, if you have thousands of machines already running IPv4, that 10.0.0.0 address is just fine for now and there's simply not a compelling reason to start undertaking the transition.

What's the benefit? What reason would a large corporation find that makes them decide to go through the pain of transitioning? By the time you invest in changing everything over and going through all of the expense and disruption ... in what way would companies be looking at getting an ROI from this?

I just can't see why people think organizations should be undertaking this, because I don't see the pay off and the business case to be made for it.

Re:Enlighten me please (1)

djsmiley (752149) | about 2 years ago | (#41385999)

How many bits for a IPv6 IP vs a IPv4 IP?

Yes of course they should of thought about this before designing the hardware with a maximum ability to comprehend a ipv4 IP; but then again someone should of thought of the Y2K problem before 1998....

Re:Enlighten me please (1)

cyber-vandal (148830) | about 2 years ago | (#41386667)

They did. I've worked on code that said something along the lines of "if year is less than 74 then century = 20". And it's "should've" or "should have" not "should of". Should of doesn't make any sense.

Re:Enlighten me please (1)

Anonymous Coward | about 2 years ago | (#41386011)

Hardware costs are not really the issue. The problem is the devices (servers, printers, TV-cameras, etc.). Reconfiguration of those devices are a huge pain. Sure, many of them can get a new IP-address with DHCP. But some of the devices have hard coded ip-adresses (they don't even use DNS), hosts-file finfiguration and so on. Some systems may have programs where the address is compiled into the executable. And no-one knows where the source is.

Also in many older systems, it is common that the communication flow is not documented. E.g. Imagine changing a assembly-line server to a new address and you don't reconfigure one of the many other systems it interfaces with (because you don't know the interface exists). If you are lucky it will fail with a boom, and you can fix it. If you are unlucky it will seem to work for weeks or months, until someone asks to see the log from the zyxxy-sensor data. The data are not present because the sensor was not reconfigured. Now, can you trust the procucts you manufactured over that period.

The business risks are huge when doing IP-address conversion in a complex environment.

Re:Enlighten me please (1)

erroneus (253617) | about 2 years ago | (#41386107)

re-training/education, software compatibilty, firmware compatibility...

At the office we are routinely turning IPv6 in order to make things work. (I'm not saying that's the right approach but turning it off on everything keeps things running.) IPv6 is a great idea but it's also very alien. Why didn't they just make it IPv4 with an added two bytes for addresses? I guess IPv4 is just too simple and needed to be made more complicated. It always make some people feel smart to know things everyone else doesn't. Hooray for elitism.

Hold out your teacup! ;) (1)

Medievalist (16032) | about 2 years ago | (#41386479)

What's so difficult about switching to IPv6?

It's not difficult any more. Nearly anything worth running has IPv6 support built in.

I mean where the cost really is? It is not like I have to buy all of my hardware again, it is mostly a software issue right?

Nope. It's a man-hours issue. Time is money; if you have people doing things (like reconfiguring networks that run fine on RFC1918 IPv4 address blocks) you have to pay them. Businesses that spend money on IPv6 conversions that aren't necessary are wasting money that could be better spent increasing profitability. There is no ROI on IPv6 for most businesses, only telcos and ISPs can get any return out of it. So nobody else cares.

If you're a startup building out a new network from scratch, you might bother with IPv6. But probably not even then, since you'll have to pay more for techs who are capable of doing it as fast and reliably as IPv4.

Large enterprises rarely permit change for change's sake. There has to be a compelling business advantage or the resources will be better used elsewhere. For example, if your ISP offered IPv6 at a discount over IPv4, then you'd light it up at your edge routers.

"new internal government network" (3, Insightful)

Anonymous Coward | about 2 years ago | (#41385741)

To me that means they should all be 10.x.x.x, and some IT workers are completely and totally incompetent.

Re:"new internal government network" (4, Funny)

Anonymous Coward | about 2 years ago | (#41385767)

Government workers are completely and totally incompetent.

FTFY

Re:"new internal government network" (1)

neokushan (932374) | about 2 years ago | (#41385779)

Or by "internal" they mean "secret".

Re:"new internal government network" (1)

backwardMechanic (959818) | about 2 years ago | (#41385869)

It's a bit less secret now.

Re:"new internal government network" (1)

Chris Mattern (191822) | about 2 years ago | (#41386787)

They probably shouldn't have put the routers in the secret nuclear bunker. [typepad.com]

Re:"new internal government network" (2, Insightful)

Anonymous Coward | about 2 years ago | (#41385859)

Remember that this /8 was allocated many years before the publication of RFC1918, to which you refer.

Doesn't work. (0)

Anonymous Coward | about 2 years ago | (#41385909)

Unless all systems attached are on the same subnet... And that plays hell with routing, causes congestion...

There are reasons the 10.x is non-routed. It was aimed at large local networks - like a node cluster.

Sucks when you have to go past a router. That requires routable numbers.

It is also very likely that the project started a long time ago and the department projected the need, then requested and obtained the network.

Re:Doesn't work. (1)

Nimey (114278) | about 2 years ago | (#41386167)

Is sir unaware of what subnet masks and VLANs are for?

Re:Doesn't work. (0)

Anonymous Coward | about 2 years ago | (#41386515)

I think what he was meaning is that 10.x is not globally unique. You may not get the device you're expecting. My ISP uses 10.x for routers. Any and all 10.x IP address that I try to contact will get routed internally only.

Re:Doesn't work. (4, Insightful)

petermgreen (876956) | about 2 years ago | (#41386237)

Unless all systems attached are on the same subnet... And that plays hell with routing, causes congestion... There are reasons the 10.x is non-routed. It was aimed at large local networks - like a node cluster. Sucks when you have to go past a router. That requires routable numbers.

BS you can route subnets of 10.x on your private networks just fine. You just can't advertise them on the public internet.

The real problem comes when you are trying to link together a load of sites that are already using some part (or even all, it's a class A block so the default netmask is 255.0.0.0) of 10.0.0.0/8 for their local private network. It is likely that some users will need access to both the national network and existing local private networks. So if you use private IPs for your network you are stuck either trying to find a subset of 10.x that none of the sites are using (can work but there is no gaurantee there will be any such space and it's a problem if you want to add more sites later). Renumbering machines unrelated to your network at various sites so they don't clash with your network or using some horrible NAT hacks.

Re:"new internal government network" (3, Informative)

QuantumRiff (120817) | about 2 years ago | (#41385935)

if you have connections to other networks, and/or vpn's, internal network IP's are a pain in the ass. How do you setup a VPN when both ends are using 192.168.1.x? easy, you overload NAT, so both sides see the other as a completely different subnet. Do that about 5 times, and then try to debug some firewall rules.. Many larger companies will now refuse to setup VPN's with companies that use reserved addresses, since its such a pain in the rear.

By using a valid IP address, your assuring that they are globally unique.

Re:"new internal government network" (1)

Ash-Fox (726320) | about 2 years ago | (#41385967)

Many larger companies will now refuse to setup VPN's with companies that use reserved addresses, since its such a pain in the rear.

Source?

Re:"new internal government network" (1, Informative)

QuantumRiff (120817) | about 2 years ago | (#41386055)

We have had 4 companies we connected to with VPN's over the last two years. All 4 of them were medical industry companies with > 2,000 employees. All four required we have our own valid, routable IP range to use before they would connect with us.

Re:"new internal government network" (1)

Ash-Fox (726320) | about 2 years ago | (#41386285)

That's not really enough to be considered 'many', assuming I could trust such information from further lack of published information references.

Re:"new internal government network" (0)

Anonymous Coward | about 2 years ago | (#41386173)

With the same logic I ended up working for a company where it had been decided to use public ranges for their internal networks, just to avoid the 192.168.0.0/16 or 10.0.0.0/8 routing issues in case of merges/acquisitions (which is similar to your VPN example).

Problem was these public addresses weren't theirs. It was fine at the beginning but then we started experiencing issues like one couldn't download patches from a big hardware/os vendor because their download site was in the "wrong" network range...

Re:"new internal government network" (1)

firex726 (1188453) | about 2 years ago | (#41385949)

I'm curious about that too, I've heard some dumb reasons to try and justify a static IP use.

Re:"new internal government network" (2)

Richard_at_work (517087) | about 2 years ago | (#41386019)

Thats a bit strong, considering you know fuck all about the project they are implementing - "internal" doesn't necessarily mean "private", and there are many ways in which public addresses are beneficial.

ipv6 only, don't be stupid (0)

Anonymous Coward | about 2 years ago | (#41385769)

Can only imagine what we would be saying if they had decided to build a new network with ipv6 only and forgo any ipv4 compatibility

Re:ipv6 only, don't be stupid (1)

sergioag (1246996) | about 2 years ago | (#41385915)

Obviously you haven't heard of 4in6, though a Dual stack approach (using 10/8) would be more convenient.

Re:ipv6 only, don't be stupid (1)

unixisc (2429386) | about 2 years ago | (#41386643)

This is absolutely right. This comment @ the end of the submission:

The addresses in question are being used for a new internal government network. Of course, why that project wasn't built using IPv6...

doesn't make sense. First of all, there is nothing indicating that IPv6 was not considered. But even if it was, it still makes sense to dual-stack them. Like I suggested in the previous thread on this story, even if they distribute it, they should do it to those already planning for IPv6. In other words, IPv4 addresses should only be sold to those willing to go IPv6 as well

USternet (3, Informative)

matt007 (80854) | about 2 years ago | (#41385843)

Well some old dinosaur US companies or even universities own a full Class A.... do you think they need the address space more than a government ?

IBM CSC Dupont MIT Ford Apple USPS... etc.

see the list at : http://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks

Re:USternet (2)

firex726 (1188453) | about 2 years ago | (#41385961)

Yea, some of those will have so many addresses that they could assign a static IP to each node and still have left overs.

But then again it'd probably just delay things further. We're going to have to bite the bullet eventually.

Re:USternet (0)

Anonymous Coward | about 2 years ago | (#41387389)

Those are multi-national corporations with at least one support center if not a development center in every country in the world. Add routers, servers, workstations, PC's, printers, scanners, and all sorts of experimental systems/hardware and the thousands of offices with thousands of devices will lead to the total number of IP addresses going into the millions.

I'm sick of these articles (0)

circletimessquare (444983) | about 2 years ago | (#41385875)

This is how it works in the grown up real world:

1. Governments mandate the switch to IPv6.
2. There is no #2.
3. It's that easy.

Unfortunately we live in a world where the words government and regulation are automatically evil amongst a certain loud and ignorant section of humanity. Companies will also howl and complain about the expense: yes, there is an expense you will take on, in the interest of the Internet still having address space to grow into. Grow up and deal with it, just like the networks did when we went to digital and 16:9, also mandated so there wouldn't be bedlam and babylon.

Imagine that: individuals (which means corporations to some people) FORCED (I said forced, yes) by government (yes, this is ok, you free market fundamentalist freaks) to sacrifice for the benefit of society.

*GASP* Horribbble evil! WHARAGARRBBBL....

Or we can keep dragging our heels and we will be talking about horrible kludges like NAT and an inelegant, hacky Internet address space for 5-10 years. I'm really sick of these stories on Slashdot. I'm not blaming Slashdot, I am sick of the existence of these stories in a community that isn't FORCED to do the brain dead obvious. Because no authority mandates the obvious.

Re:I'm sick of these articles (2)

firex726 (1188453) | about 2 years ago | (#41385977)

Reminds me of the switch over from Analogue to Digital TV transmission.

Of course most home users are already setup either directly or via their ISP. It'll be businesses with these $50,000 network equipment that wont want to move over due to the cost of buying new HW when they just got through paying off the old stuff.

Re:I'm sick of these articles (1)

circletimessquare (444983) | about 2 years ago | (#41386071)

it's the only way to solve this problem.

Maybe the mandate can be sold to manufacturers first as an economic stimulus: think of all the new equipment that will be need to be built and all the old computers grandma still uses that will be replaced because they can't figure out how to run the windows update that force retires IPv4 and requires a trip into the control panel.

Re:I'm sick of these articles (1)

Richy_T (111409) | about 2 years ago | (#41386341)

Except it's not really a problem which is why no one is particularly rushing to fix it.

Quit wanting the government to force other to do what you think is best. It's antisocial.

Re:I'm sick of these articles (1)

circletimessquare (444983) | about 2 years ago | (#41386535)

if you don't understand why running out of IPv4 address space is a real and genuine problem, you shouldn't be posting on this particular website

Re:I'm sick of these articles (1)

Soluzar (1957050) | about 2 years ago | (#41386321)

I'm still not convinced there was any benefit to the digital switchover for TV. The picture quality is worse in many cases, and the extra channels are nothing I couldn't get over satellite/cable anyway.

Re:I'm sick of these articles (0)

Anonymous Coward | about 2 years ago | (#41386269)

There is a #2, the #2 is unintended consequences. Those are:

  - Lost jobs, due to
  - Higher business expenses, due to
  - Forced changes

And:

  - Poorly done laws, leading to
  - Requirements that stay in place forever (and requirements that make no sense), leading to
  - Permanent stagnation in the market, leading to
  - Business leaving your country, leading to
  - Economic downturn, leading to
  - Lost jobs and lower wages

It was "that easy" when it came to saving gas in the 70s. Just make the highways 55 mph. How did that work out?

Re:I'm sick of these articles (1)

circletimessquare (444983) | about 2 years ago | (#41386409)

or: the television networks switching over to HDTV from analog.

grow up.

Re:I'm sick of these articles (2)

gstoddart (321705) | about 2 years ago | (#41386335)

Or we can keep dragging our heels and we will be talking about horrible kludges like NAT and an inelegant, hacky Internet address space for 5-10 years. I'm really sick of these stories on Slashdot. I'm not blaming Slashdot, I am sick of the existence of these stories in a community that isn't FORCED to do the brain dead obvious. Because no authority mandates the obvious.

Obvious? What's so obvious about it? If it was obvious, people would have switched by now.

But since people don't perceive it as better, or worth their time and money, they don't do it. Hell, you could say it's "obvious" that companies have yet to find a good enough reason to switch to it, which is why they're staying away in droves.

Frankly, I can't see companies doing away with NAT. Why the hell would I want my internal machines globally addressable? That always sounds like a stupid thing to me.

You act like it's so obvious, then fine Mr. Smarty Pants ... give me ten compelling reasons I could go to management to get funding for a project to do this. All reasons which are cool from a nerdy perspective but which don't translate into a business reason will be deemed irrelevant, as they clearly have to date which is why companies aren't doing it.

I really would love to hear your reasons. Because to date, I've always looked at it as "yeah, sounds cool, but what's in it for me?".

And I haven't really had a satisfactory answer yet. The most I ever get is people whinging about how evil NAT is -- which is mostly just geekery as far as I can tell.

Re:I'm sick of these articles (1)

circletimessquare (444983) | about 2 years ago | (#41386487)

it is obvious

what is lacking is the existence of an authority to force the obvious change to happen. because centralized force is the only way to save us from bedlam and a hacky address space and NAT everywhere (not just within organizations, but across the internet address space, turning it into fiefdoms)

the problem some minds have with problems like this is they see only costs on one side of the equation, and in the shorterm

the costs of mandating the change: sudden, large, and then gone forever
the costs of doing nothing: small, accumulative, accelerating forever to a permanent hobbling tax on the network's functions

first lesson: no choice has zero cost. so the choice is not between cost and no cost, but between the quality and quantity of cost. some minds don't grasps this, and only balk at the idea of any sort of cost

second lesson: looking at the problem shortterm and longterm. shortterm, the obvious answer is to do nothing. longterm, the obvious answer is to mandate the switch. there are many many examples from real life and politics, where the shortterm thinking dominates the longterm thinking and we all suffer for that. it's called kicking the can down the road. let someone else deal with the problem, even as the problem grows

Re:I'm sick of these articles (1)

fustakrakich (1673220) | about 2 years ago | (#41386561)

Tell you what, to save your poor old eyes the trouble, we'll ban all further publication of IPv4 related articles. Wouldn't want you climbing the embassy walls or anything, and certainly not in New York! And we can use asset forfeiture laws to raid every home and business and remove their obsolete routers. All other non-compliance will be met with indefinite detention. How's that? Happy?

Re:I'm sick of these articles (1)

circletimessquare (444983) | about 2 years ago | (#41386629)

no, i'm not happy, because you go to absurd thoughts. think about the switch from analog TV to HDTV. it was mandated, forced, on industry and individuals, to great expense, and led to a much better standard. and it was accomplished without concentration camps or secret police or whatever other absurd analogy you want to make, dumbass

Re:I'm sick of these articles (1)

fustakrakich (1673220) | about 2 years ago | (#41386801)

Easy to do with TV, as all that was required was letting the license expire and not renewing it. It doesn't work that way with the internet. Fortunately, maybe not for you, a license isn't required to operate on the network. So... your absurd idea can only be met with an absurd reply. Please, don't expect me to take you seriously...

Wow, it just goes to show you (-1)

Anonymous Coward | about 2 years ago | (#41385901)

What happens when you use a faggety ass set of measuring units.

why was the project not using IPv6? (1)

Anonymous Coward | about 2 years ago | (#41385937)

Well duh, they had a bunch of IPv4 addresses they could use, why not use 'em and save a bunch of hassle?

This old tale again? (1, Insightful)

Anonymous Coward | about 2 years ago | (#41385951)

Company 1 says, "Well, I won't give back my unused addresses because it's not like a few /16s would make much of a difference."
Company 2 says, "Well, I won't give back my unused addresses because it's not like a few /16s would make much of a difference."
Company 3 says, "Well, I won't give back my unused addresses because it's not like a few /16s would make much of a difference."
Company 4 says, "Well, I won't give back my unused addresses because it's not like a few /16s would make much of a difference."
Company 5 says, "Well, I won't give back my unused addresses because it's not like a few /16s would make much of a difference."
...
And 250 companies later
...
Company 255 says "Well, I won't give back my unused addresses because it's not like a few /16s would make much of a difference."
...
And there you have it. A couple /8s forever wasted because nobody looks beyond their own impact at the big picture. See also: Carbon emissions, littering, everyone else taking the bus, etc.

Re:This old tale again? (1)

Dagger2 (1177377) | about 2 years ago | (#41387379)

It's not like a couple of /8s will make much difference either. One /8 lasts for about a month or so.

Giving back IP space is a waste of effort. Exert that effort towards your IPv6 migration instead.

What's in it for them (1, Funny)

Maximum Prophet (716608) | about 2 years ago | (#41386001)

The UK may have 16.9 million 'unused' IPv4 addresses but according to the department that owns them, they're not for sale.

Of course they're not for sale, no one in the department would get any benefit from selling them, and it would be more work if they did. Once the lobbyists get wind of this, someone higher up will get a campaign donation, and the block could be sold.

So what? (0)

Anonymous Coward | about 2 years ago | (#41386033)

In years past the problem of running out of ipv4 addresses was a real and major concern.
Nowadays it is less so.

Nobody with current ipv4 addresses NEEDS to switch (with the exception of infrastructure providers.)
If you are adding a HOME network- your equipment will need to match the ISP you use, whatever it is.
If you are adding a business/corporate network- you start OFF with IPv6 and there are few upgrade issues.

If you have old ipv4 hardware, have a block of addresses already issued and are just completing your project NOW, well, keep going- its all your stuff.
I would be more concerned by the fact that it has taken you so long to complete the project.

They should sell it anyway (4, Insightful)

DrXym (126579) | about 2 years ago | (#41386059)

Sell the block for a billion or whatever it's worth, and use the money to build an IPv6 backbone for UK government services. That in turn would free up more blocks which they could continue to sell and continue to fund the transition with. Or they could sit on them and do nothing until the world switches to IPv6 and there is a glut of IPv4 addresses that nobody is interested in buying.

Re:They should sell it anyway (3, Informative)

gramty (1344605) | about 2 years ago | (#41386789)

They can't sell them, they don't own them. the RIR (RIPE NCC) has very strict rules over the transfer of IPv4 addresses. If the currently end user no longer requires them they should are to be returned to RIPE for zero compensation, RIPE can then re-assign based on applications requirements and justification. The rules were brought in to prevent people setting up shell companies to land grab all the remaining address space once it became obvious it would be exhausted.

Re:They should sell it anyway (1)

Maquis196 (535256) | about 2 years ago | (#41386971)

Not just that, but this /8 is probably worth more then the British gold reserve that a certain former PM sold for about 1/10th of its current price (hindsight eh?). Unless theyre really using a massive part of it, do as you say. Sell it whilst its worth something, pay some nurses and everyone is happy. (except everyone else who would want a slice of that 1B).

Told you so! (1)

Type44Q (1233630) | about 2 years ago | (#41386181)

I called that one, right here [slashdot.org] ! :p

What? (0)

headhot (137860) | about 2 years ago | (#41386187)

Why are they using public IPs for an internal network. Thats kinda retarded.

Re:What? (0)

Anonymous Coward | about 2 years ago | (#41386489)

Because some muppet IT outsourcing company must have told them that was the right thing to do cause thats how they do it!

and of course if ever one of the even more muppety out sourcing networking companies gets a firewall just a teensy bit wrong then suddenly all become addressable from the internet ... sheer genius.

Re:What? (1)

Anonymous Coward | about 2 years ago | (#41387037)

Why are they using public IPs for an internal network. Thats kinda retarded.

Because it's connected to other networks to which they have no control over the addressing? How do you connect two networks both using, say, 10.1.0.0/16 without a horrible NAT mess? (In reality it's often worse with companies finding ways to allocate most of 10.0.0.0/8 into a horrible mess for only a few thousand hosts). People need to stop thinking about it from an Internet-only perspective and think about private links between networks and it will become clear why many organizations need to use globally unique addressing on their networks.

Take IBM as an example... When you outsource with IBM you often establish a tunnel with them. Using the 9.x network ensures their network doesn't overlap with any of their customers. If they were using 10.x.whatever it would be a horrible two-way NAT nightmare. At least this way the worst case is a one way NAT with a customer using RFC1918 space--but if the customer uses globally unique addresses everything can be accessed directly AND FIREWALLED APPROPRIATELY.

When you think of GE, Ford, Du-Pont, etc they would all have had at one point large military contracts and trust me they couldn't successfully tunnel with the DoD using a mess of overlapping RFC1918 address space.

(and stop panicking about security... firewalls (including stateful) work exactly the same way with and without NAT). GE has their whole 3/8 block advertised and they're not carrying any extra risk just because a workstation or server has the same IP both on and off the Internet.

Again with the 16.9 million instead of 16.8 (1)

Anonymous Coward | about 2 years ago | (#41386291)

2**24 = 16777216 so where did the extra ~130k IP addresses come from?

IPv4 public addresses in gov internal network?? (0)

ruir (2709173) | about 2 years ago | (#41386425)

Something is escaping me...why do they need a whole /16 with IPv4 public addresses, when nowadays everyone uses RFC 1812 addresses in internal networks?

I'll Do It (1)

bill_mcgonigle (4333) | about 2 years ago | (#41386581)

I'll take care of re-addressing into a /16 and we'll spit the proceeds of the /8 50/50, OK?

Be Fair (0)

Anonymous Coward | about 2 years ago | (#41386605)

If you're going to grab networks that aren't BGP Advertised, take them all:

7/8 (ARIN)
9/8 (IBM)
11/8 (US Defense)
19/8 (Ford Motor Company)
21/8 (US Defense)
22/8 (US Defense)
25/8 (UK Defense)
26/8 (US Defense)
28/8 (US Defense)
29/8 (US Defense)
30/8 (US Defense)
31/8 (RIPE)
45/8 (Prudential Securities)
102/8 (AFINIC)
104/8 (ARIN)
179/8 (LACNIC)
191/8 (LACNIC)

and when are we going to do someting with 240/4? How many proposals have to be unfulfilled to use this resource when the resource is scarce? (I know, it'll take a while for some vendors to support this)

in the pre-NAT days.... (4, Informative)

Larry_Dillon (20347) | about 2 years ago | (#41386797)

For those that remember the days before NAT was prevalent, this is what way IP addresses were supposed to be used.

Maybe the network was built before IPv6... (0)

Anonymous Coward | about 2 years ago | (#41386877)

You know, like the EVERY OTHER FRIGGING NETWORK using IPv4?

jifrjioejrogjeojgeojogthghwtgng;erng;orjhg;hgehrtghewgerhgthiwghgthg;wrtg

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>