UK's 'Unallocated' IPv4 Block Actually In Use, Not For Sale 203
jimboh2k writes "The UK may have 16.9 million 'unused' IPv4 addresses but according to the department that owns them, they're not for sale. The Department of Work and Pensions says it would be too expensive to reallocate those addresses and, even if it did, it would not stave off IPv4 address exhaustion by much."
The addresses in question are being used for a new internal government network. Of course, why that project wasn't built using IPv6...
Let the home office keep them (Score:4, Insightful)
Changing the contract will cost them at least 20% more than the current overrun.
"new internal government network" (Score:3, Insightful)
To me that means they should all be 10.x.x.x, and some IT workers are completely and totally incompetent.
Re:Enlighten me please (Score:4, Insightful)
You might not, but lots of enterprise hardware would have to be replaced. This stuff has long life times and as the old gear dies off, ipv6 will come with the replacements.
Re:Enlighten me please (Score:5, Insightful)
For a home user it is not all that much of an issue, if you are running a remotely recent OS then it is probably already IPv6 capable. At worst you may need to replace your modem/router box, and those who would have trouble with this are likely to be with an ISP that takes care of such matters for them.
When you are dealing with large scale infrastructure and corporate networks however, things become a little more difficult. At that scale the assumption of running a recent OS doesn't always hold, so you have software updates to worry about which incurs at least a time cost (and time is money). Also the possibly replacing your router becomes replacing racks worth of managed switches, routers, dchp servers and so on. That's not even beginning to take into account all of the legacy software that expects IPv4 and requires it in order to work.
So, yeah. Simple for home/small business users, but a major project for the IT guys who make things work behind the scenes. Fortunately said tech guys should have been working on getting ready for this for a while already; just like when they made sure that the world didn't fall over at the turn of the millenium.
Re:"new internal government network" (Score:2, Insightful)
Remember that this /8 was allocated many years before the publication of RFC1918, to which you refer.
Re:Enlighten me please (Score:4, Insightful)
Re:Enlighten me please (Score:5, Insightful)
A few places
1: routers need to both understand IPv6 AND be able to forward it quickly. If the hardware forwarding engines can't handle the larger v6 addreses then a software update won't help you much.
2: any application software that needs to communicate over IPv6 needs to use the new v6 capable APIs. Converting software can be a pain either because it requires significant changes to support IPv6* or because the vendor is being a PITA and wants to tie in v6 support to an expensive upgrade you don't want. Or worse a v6 upgrade may simply not be available at all requiring the software to be replaced completely.
3: while windows XP has some IPv6 support it's not ready for an IPv6 only world.
*Some examples:
* There is no direct IPv6 equivilent to WSAAsyncGetHostByName so any app that needs to perform lookups in the background will need to be converted to use threads for name lookups.
* In windows XP it is not possible for one socket to listen for both IPv4 and IPv6 so apps that previously only listened on a single socket may well need design changes to allow them to listen on multiple sockets.
* Any app that stores IPv4 addresses in a binary form or a fixed-width text feild will need data format changes
This old tale again? (Score:1, Insightful)
Company 2 says, "Well, I won't give back my unused addresses because it's not like a few
Company 3 says, "Well, I won't give back my unused addresses because it's not like a few
Company 4 says, "Well, I won't give back my unused addresses because it's not like a few
Company 5 says, "Well, I won't give back my unused addresses because it's not like a few
And 250 companies later
Company 255 says "Well, I won't give back my unused addresses because it's not like a few
And there you have it. A couple
Re:Enlighten me please (Score:5, Insightful)
Because nobody has any real interest in changing to IPv6. Everybody has a working IPv4 infrastructure, and isn't interested in spending money to change over because they have no idea of how that's going to make anything better.
IPv6 has been coming "real soon now" almost as long as I can remember. And people have mostly been saying "I don't see any good reason" for just as long.
For large organizations, changing to this is one of those things that nobody can figure out why they'd go through the time and expense.
I know a lot of people on Slashdot look at IPv6 as some serious awesomeness that everybody should be jumping at. But, really, if you have thousands of machines already running IPv4, that 10.0.0.0 address is just fine for now and there's simply not a compelling reason to start undertaking the transition.
What's the benefit? What reason would a large corporation find that makes them decide to go through the pain of transitioning? By the time you invest in changing everything over and going through all of the expense and disruption ... in what way would companies be looking at getting an ROI from this?
I just can't see why people think organizations should be undertaking this, because I don't see the pay off and the business case to be made for it.
Re:Enlighten me please (Score:3, Insightful)
I have a hard time imagining that upgrading an internal network to IPv6 would cost more than what selling an IPv4 /8 block on the open market would net.
It doesn't matter because this is a government organization. If they sell the IPv4 block the proceeds will not go into the same account that is used to fund an IPv6 conversion. The cost of an IPv6 conversion would mostly be the salary cost of the personnel doing the conversion. Governments don't pay salaries using money from "selling stuff". If they allowed that, it would open the door to all sorts of corruption.
They should sell it anyway (Score:5, Insightful)
Re:Enlighten me please (Score:5, Insightful)
Hardware is cheap if you're talking about a single thing, but the time to do this is pretty expensive.
I worked on a project last year to upgrade a single enterprise-critical application -- we spent over $250K on hardware, and another million on manpower for the project.
I've heard that rolling out Win 7 to replace XP is costing several hundred thousand per day in terms of resource costs, but that's quite removed from the source.
Most organizations would likely spend huge amounts of money transitioning their infrastructure and applications to IPV6, probably with a lot of pain points, and at the end of the day ... what has the money bought you? Is your network faster? Is it more reliable? Are your operating costs lower? Are you more profitable?
Or have you sunk a bunch of money into something which a bunch of networking geeks think is sexy but nobody else can figure out why they've even bother?
In the end, it seems like a lot of work and overhead for something which seems to have some very vague short-term benefits ... and "ZOMG, you won't need to do NAT any more as everything in the world can have an IP address" is one of those reasons that usually makes me go "and then what?". People are still going to want to NAT their internal stuff behind a firewall anyway.
I'd love to hear some compelling reasons for a company to do this. But to date, I haven't heard any. Other than the size of the address space, I don't actually know what problems IPv6 solves. The fact that companies don't seem to be flocking to it tells me I'm not the only one.
Re:Doesn't work. (Score:5, Insightful)
Unless all systems attached are on the same subnet... And that plays hell with routing, causes congestion... There are reasons the 10.x is non-routed. It was aimed at large local networks - like a node cluster. Sucks when you have to go past a router. That requires routable numbers.
BS you can route subnets of 10.x on your private networks just fine. You just can't advertise them on the public internet.
The real problem comes when you are trying to link together a load of sites that are already using some part (or even all, it's a class A block so the default netmask is 255.0.0.0) of 10.0.0.0/8 for their local private network. It is likely that some users will need access to both the national network and existing local private networks. So if you use private IPs for your network you are stuck either trying to find a subset of 10.x that none of the sites are using (can work but there is no gaurantee there will be any such space and it's a problem if you want to add more sites later). Renumbering machines unrelated to your network at various sites so they don't clash with your network or using some horrible NAT hacks.
Re:Let the home office keep them (Score:2, Insightful)
It is much newer than IPv4. The *real* question is one that should be asked of the people asking the *dumb* question, and that is: if you have 16.9 million addresses already bought and paid for, then why would you use IPv6?
IPV4 was designed for government use (Score:5, Insightful)
I think what people have forgotten here is quite how old the internet is, for how long the British have been involved in it, and how tightly integrated into British government it has been for a long, long time.
I'm sure Slashdotters don't need a history lesson on the origins on the internet; as a cold war military network designed to re-route traffic in the event of a nuclear strike on what would otherwise be single points of failure. What readers might need a reminder on, is the UK aspect of this early history.
Whilst the internet began as a US-only operation, within only a handful of years this had spread to the US' closest NATO ally, the British. Given that even us Brits cheerfully admit that, from a NATO perspective, our island is essentially a 700-mile long aircraft carrier in the North Atlantic that can never be sunk, the involvement of the UK in the early days of the internet should come as no surprise. It's also well known that both American and British universities got in on the act fairly quickly, initially from the perspective of military research; most British universities were either directly addressable or a short hop through a gateway from the internet by the early 1980s. Other close NATO allies, notably the Canadians, ditto.
What's not so well understood is that, as absolutely certain first exchange targets, the British had an extremely highly developed government continuity strategy for nuclear war. Some parts of this have come to minor public attention in the form of amusingly retro nuclear bunkers that have been re-purposed as museums, archives or modern telecoms junction points (look up the codenames Guardian, Anchor and Kingsway) with varying degrees of practicality. There are some very chilling bits like the "Protect and Survive" videos (now on Youtube) that frankly still scare me silly and we'd all rather forget. Further, there other parts such as the RSG Regional Seats of Government which remains partially, or perhaps even largely, obscured by national secrecy (and probably rightly so).
This stuff was set-and-forget, it's original design brief was that you wouldn't be able to call the IT department if the IT department had been killed in the first strike, it had to work and remain working without significant intervention.
Understand that concept - understand that the internet has been at the heart of the most serious British government infrastructure for around 40 years - and you begin to understand why /8 IPV4 address blocks have been, often literally, hard-wired in to the British government. This network was the network we would rely on, to survive. It was the one thing the British government could depend upon. It was the one thing which, when planning IT infrastructure, the government could be absolutely certain about.
Having that level of certainty allowed us to build other infrastructure around it, such as the PSN Public Services Network,
To those arguing that it's just a bunch of router reconfigurations... this is not your piddling little /24 home office network. Nor is it simply a bunch of VPNs linking regional offices over a few leased lines. This is not even one IT-savvy megacorporation like IBM. This is a nuclear-war-proof combined civilian and military network which over 40 years has been integrated into every government department and every local government office in a country of 70 million people. It's in the job centres, the benefits offices, the local tax offices, the post offices, the village doctors' offices. It's throughout public service departments which are staffed by people who, on the whole, are pretty good civil servants but who don't actually have a reason to need to know how it all hangs together, and in the vast majority weren't around when it was plumbed in.
Would this cost more than the value of the address space to reconfigure to 10.x.x.x or IPV6? Crikey, yes, Ten times yes. Magnitudes of scale yes.