UK's 'Unallocated' IPv4 Block Actually In Use, Not For Sale

jimboh2k writes "The UK may have 16.9 million 'unused' IPv4 addresses but according to the department that owns them, they're not for sale. The Department of Work and Pensions says it would be too expensive to reallocate those addresses and, even if it did, it would not stave off IPv4 address exhaustion by much." The addresses in question are being used for a new internal government network. Of course, why that project wasn't built using IPv6...

Let the home office keep them

[Anonymous Coward]

Changing the contract will cost them at least 20% more than the current overrun.

Re:

[arisvega]

Changing the contract will cost them at least 20% more than the current overrun.

Perhaps. But also:

Of course, why that project wasn't built using IPv6...

Because the administration wants proven techniques, and not to be a testbed for new technologies. "Big deal", the Slashdot crowd may say, "IPv6 migration is simple and costs effectively nothing". Again, perhaps: but try to see this from some department's/ministry's/government's point of view- all those stamps to be pressed, reports to be filed etc. Right now this particular department is probably not using the IPv4 addresses they own, and they see it as clever to keep them in stock for the

Re:Let the home office keep them

[bmo]

> and not to be a testbed for new technologies

But IPV6 is not new technology. The RFC is 14 years old, and current computer operating systems already speak it. An 11 year old operating system, Windows XP, speaks it. http://support.microsoft.com/kb/2478747 [microsoft.com]

The "install" is merely enabling what is already there.

> From their point of view, they are good for years to come so why change that.

But they aren't good for years to come. Once IPV6 comes out regularly, that horde of addresses will be worthless and they will be stuck with obsolete tech. No, wait, it's already obsolete.

--
BMO

Re:

[Anonymous Coward]

It is much newer than IPv4. The *real* question is one that should be asked of the people asking the *dumb* question, and that is: if you have 16.9 million addresses already bought and paid for, then why would you use IPv6?

Re:

[PhotoJim]

Because you can sell them for $1.6 billion US (1 billion pounds)?

Re:

[arisvega]

But IPV6 is not new technology.

Of course it is not. But I am talking about burreaucrats and government institutions, so -in a relative way as scaled by this audience- it is "new technology".

But they aren't good for years to come. Once IPV6 comes out regularly, that horde of addresses will be worthless and they will be stuck with obsolete tech.

Good luck telling them that: they will only listen to you when they reach a "why can't I surf the web?" situation.

Re:

[bmo]

Oh look, fear mongering from an AC.

Do you have a stack of IPV4 addresses for sale? Or perhaps you are an ISP manager wanting to continue raking in the bucks for all those static IPV4 leases?

>Anyone taking bets on how many bugs there'll be in the latest and greatest IPv6 stuff? And how many exploitable ones?

Did the bugs in BIND prevent people from using BIND? Did the bugs in BIND dissuade people from connecting to the net at all? No. And honestly, (here comes the analogy, but it's not a car analogy -

Re:Let the home office keep them

[ifrag]

One does not simply "file" a report in the UK.

...report to be filed, signed in triplicate, sent in, sent back, queried, lost, found, subjected to public enquiry, lost again, and finally buried in soft peat for three months and recycled as firelighters.

Enlighten me please

[zero.kalvin]

What's so difficult about switching to IPv6 ? I mean where the cost really is ? It is not like I have to buy all of my hardware again, it is mostly a software issue right ?

Re:Enlighten me please

[h4rr4r]

You might not, but lots of enterprise hardware would have to be replaced. This stuff has long life times and as the old gear dies off, ipv6 will come with the replacements.

Re:Enlighten me please

[Hatta]

Is there some reason "enterprise" hardware comes with firmware that can't be upgraded?

Re:

[firex726]

Someones going to have to foot the bill.

The manufacturer does not want to since the client company has already paid for the hardware ten years ago, so they'd have to pay Devs to update the firmware and not see any new sales.
But if they wait then those companies will have to foot the bill by buying the new model they are currently advertising.

You got companies who still use IE6 and XP, because they paid to have some proprietary app developed for that specific version, and don't want to have it redone to a mo

Re:Enlighten me please

[silas_moeckel]

Firmware sure but those asics that make networking kit fast not so much. A lot of the first gen stuff punted ipv6 stuff to the cpu fine if you just want the line item but worthless if you want to actually use it for production.

Re:

[unixisc]

They should have made some initial products based on FPGAs so that the fast networking could be achieved, albeit @ low volumes & @ a price. Once volume picked up and price pressures increased, they could optimize those designs and replace them w/ customized ASICs.

Re:

[Bronster]

Seems to me they sold a product and made money from it - so your "should have" probably doesn't carry much weight with them.

Re:

[silas_moeckel]

You do realize that fpga's were a lot more expensive and slower than a similar asic? A decade ago gigabit ports were high end layer3 switches were still a new idea and pushing the limits of what could be done. There customers wanted a check box and the companies gave it to them ipv6 works ont he devices just not line rate. If your still running stuff like cisco 6500 with sup 2's that kit is a decade old any only needs a replacement sup to enable ipv6 on the whole box or shift it to a L2 only role. Remembe

Re:Enlighten me please

[mwvdlee]

Upgrading IPv4-only firmware to handle both IPv4 and IPv6 may require more processing power and memory space than the hardware can provide.

Obviously the more expensive hardware would be able to cope, but those were more expensive so nobody bought them.

Re:

[asdf7890]

That only works if the hardware can cope with the new software. Firmware updates are usually intended to support bug fixes not major feature changes, so while a lot of hardware will have room for firmware a little larger than it is provided with (to support bug fixes and small new features) you'll not find a lot that has room for a whole new network stack, either in terms of non-volatile storage to hold the code and RAM needed while it is actually running. Much of that kit was bought years ago (for such amo

Re:

[unixisc]

Depends on how long some enterprises have had certain hardware. For instance, a certain router or switch may not have enough flash memory in it to store all the extra code that adds the required IPv6 support. Normally, such gear have adequate flash in them to support upgradability, but that's not universally true, and it's one of the first places that companies cut corners while developing cost down versions of their flagship products.

Re:

[jd2112]

And you are willing to spend a butload of money on an upgrade that offers little if any increase in functionality and will most likely introduce new bugs that will have to be dealt with.

Re:

[Sqr(twg)]

I have a hard time imagining that upgrading an internal network to IPv6 would cost more than what selling an IPv4 /8 block on the open market would net.

Re:

[ShanghaiBill]

I have a hard time imagining that upgrading an internal network to IPv6 would cost more than what selling an IPv4 /8 block on the open market would net.

It doesn't matter because this is a government organization. If they sell the IPv4 block the proceeds will not go into the same account that is used to fund an IPv6 conversion. The cost of an IPv6 conversion would mostly be the salary cost of the personnel doing the conversion. Governments don't pay salaries using money from "selling stuff". If they allowed that, it would open the door to all sorts of corruption.

Re:

[h4rr4r]

You can't sell ti though. You still need to have IPv4 support for the next decade or so.

Re:

[asdf7890]

I suspect you have never been exposed to civil service bureaucracy.

Re:

[Eraesr]

Call me naive. Perhaps I am because I don't know a whole lot about this subject, but couldn't companies just buy some kind of IPv6 router that can act sort of like NAT and assign IPv6 addresses to individual devices, but translate those addresses to IPv4 as data comes in? That way a company could just use IPv4 addresses internally and for the outside world, run everything through an IPv6 converter.

Re:

[Bert64]

Not really, you can do it the other way round but ipv4 has no way to address ipv6...
What you can do is run application level proxies for eg http...

Ofcourse there's no reason you can't dual stack your internal network, global ipv4 shortages aren't a problem if your using 10.x internally, and chances are anything you have which is old enough to not support ipv6 doesn't need to talk to the internet anyway...

Re:

[unixisc]

That is the solution that's called LS-NAT (Large Scale NAT), and it is a bitch to both implement & maintain. With it, one of the main reasons for going IPv6 in the first place - getting rid of NAT - is gone. A better solution is something called dual-stack lite, where the provider equipment is all IPv6 and that's what runs, but if a company is stuck on IPv4, that is tunnelled within IPv6 headers (the bundle being called softwires) and transmitted, and the IPv6 headers are removed @ the destination bef

Re:

[fast turtle]

It is sort of like 802.11n. There are no less than 8 flavors of it floating around out there at different data rates and ranges. Most of the endpoint stuff you get out there is 1 antenna and 150 data rate in the crowded 2.4 range. My point not only do you have to switch out there is a huge gulf between 'crap' and 'awesome'. This is going to suck. Do not be in such a hurry to switch out..

This is exactly why I don't even bother with 802.11n hardware. Most of it's using the crap 2.5GHz band instead of the 5GHz band that they simply drown each other out and actually go slower. In my location, I can see a grand total of 6 of those stinking 802.11n AP's and everyone of them is competing for the same bandwidth. It's why mine is set to the 802.11b speeds and you know what, I actually get close to the rated speed on the home network, even with the congestion we're seeing from the cheap "N" routers.

Re:

[PhotoJim]

The counter-analogy:

You got a car a long time ago, and didn't really use it much. You still have it. It still works perfectly. And you now need to use it a lot, so you plan to do so. However, you find out that while it cost you only a few tens of thousands of dollars to buy it, it's now a valuable valuable car on the open market and you could get a billion dollars for it.

Meanwhile, you can acquire the "new" car for a fraction of that cost. There's a learning curve, but you can afford to buy a lot of pr

Re:Enlighten me please

[PSVMOrnot]

For a home user it is not all that much of an issue, if you are running a remotely recent OS then it is probably already IPv6 capable. At worst you may need to replace your modem/router box, and those who would have trouble with this are likely to be with an ISP that takes care of such matters for them.

When you are dealing with large scale infrastructure and corporate networks however, things become a little more difficult. At that scale the assumption of running a recent OS doesn't always hold, so you have software updates to worry about which incurs at least a time cost (and time is money). Also the possibly replacing your router becomes replacing racks worth of managed switches, routers, dchp servers and so on. That's not even beginning to take into account all of the legacy software that expects IPv4 and requires it in order to work.

So, yeah. Simple for home/small business users, but a major project for the IT guys who make things work behind the scenes. Fortunately said tech guys should have been working on getting ready for this for a while already; just like when they made sure that the world didn't fall over at the turn of the millenium.

Re:

[jimicus]

just like when they made sure that the world didn't fall over at the turn of the millenium.

Back then there was a clear deadline that we all knew about and no practical way to stave it off.

Re:

[vlm]

What's so difficult about switching to IPv6 ?
I mean where the cost really is ? It is not like I have to buy all of my hardware again, it is mostly a software issue right ?

layer 1 and layer 2, yeah, Pretty Much software only. I say pretty much because there's a trend to F around with upper layer stuff in lower layer gear, think IP DHCP filtering in a "layer 2 smart ethernet switch"

The real killer is the cost of hardware accelerated layer 3 routing equipment that can insta-magically-switch ipv4 but drops down to software switching of ipv6. Luckily, normal size ipv6 bandwidth loads can be easily handled by commodity PC hardware doing solely software routing. Heck normal size

Re:Enlighten me please

[qwertphobia]

The software on my firewall (which is up-to-date) supports IPv6 in several ways. It can route IPv6 by OSPF. It can firewall and inspect IPv6 traffic. It can provide an IPv6 address to the management interface. It can use IPv6 to download software updates and signatures from the support portal. It can perform NAT6to4 to provide IPv6 connectivity to internal IPv4 resources. However it doesn't yet support Multiprotocol BGP, which is needed to route IPv6 by BGP. This is critical to us since we have multiple ISPs. I give this example because I have found most enterprise equipment "supports" IPv6 but not in a way that enables full replacement of IPv4 addressing with IPv6 addressing. Furthermore, we know how long government projects take to implement. If this one is just completed it probably started a decade ago...

Re:

[drsmithy]

What's so difficult about switching to IPv6 ? I mean where the cost really is ? It is not like I have to buy all of my hardware again, it is mostly a software issue right ?

If only it were that simple. Hardware is cheap.

Re:Enlighten me please

[gstoddart]

If only it were that simple. Hardware is cheap.

Hardware is cheap if you're talking about a single thing, but the time to do this is pretty expensive.

I worked on a project last year to upgrade a single enterprise-critical application -- we spent over $250K on hardware, and another million on manpower for the project.

I've heard that rolling out Win 7 to replace XP is costing several hundred thousand per day in terms of resource costs, but that's quite removed from the source.

Most organizations would likely spend huge amounts of money transitioning their infrastructure and applications to IPV6, probably with a lot of pain points, and at the end of the day ... what has the money bought you? Is your network faster? Is it more reliable? Are your operating costs lower? Are you more profitable?

Or have you sunk a bunch of money into something which a bunch of networking geeks think is sexy but nobody else can figure out why they've even bother?

In the end, it seems like a lot of work and overhead for something which seems to have some very vague short-term benefits ... and "ZOMG, you won't need to do NAT any more as everything in the world can have an IP address" is one of those reasons that usually makes me go "and then what?". People are still going to want to NAT their internal stuff behind a firewall anyway.

I'd love to hear some compelling reasons for a company to do this. But to date, I haven't heard any. Other than the size of the address space, I don't actually know what problems IPv6 solves. The fact that companies don't seem to be flocking to it tells me I'm not the only one.

Re:

[unixisc]

Actually, the incentives for doing this is... a negative disincentive for not doing it. After a while, when public IPv4 addresses become really scarce and getting new ones will be like pulling teeth, IPv6 will be something people will have to spend an arm & a leg for just to be able to expand a network. The reason this is becoming more critical is that even NAT wouldn't cover it - one would have to go into a second level of NAT to cover it.

So this is one of those cases where making a change is not g

Re:Enlighten me please

[petermgreen]

A few places

1: routers need to both understand IPv6 AND be able to forward it quickly. If the hardware forwarding engines can't handle the larger v6 addreses then a software update won't help you much.
2: any application software that needs to communicate over IPv6 needs to use the new v6 capable APIs. Converting software can be a pain either because it requires significant changes to support IPv6* or because the vendor is being a PITA and wants to tie in v6 support to an expensive upgrade you don't want. Or worse a v6 upgrade may simply not be available at all requiring the software to be replaced completely.
3: while windows XP has some IPv6 support it's not ready for an IPv6 only world.

*Some examples:
* There is no direct IPv6 equivilent to WSAAsyncGetHostByName so any app that needs to perform lookups in the background will need to be converted to use threads for name lookups.
* In windows XP it is not possible for one socket to listen for both IPv4 and IPv6 so apps that previously only listened on a single socket may well need design changes to allow them to listen on multiple sockets.
* Any app that stores IPv4 addresses in a binary form or a fixed-width text feild will need data format changes

Re:Enlighten me please

[rsclient]

Ick -- WSAAsynGetHostByName? In this day and age, you have a window handle lying around?

I'm the Program Manager for WinSock at Microsoft. Have you looked at GetAddrInfoEx? In Windows 8/Server 2012, the DNS team added some Async features into it. Even better, it will properly handle IPv6 AND international domain names.

And if you're doing the new "Runtime" programming for Windows 8, we done our best to make sure that most network programs never have to deal with IP addresses at all -- that means that new new RT apps should be IPv6 ready out of the box.

(We also do the dual-stack thing with our sockets, so listener sockets just specify a port (or service) to listen on, and we automatically listen to both IPv6 and IPv4. We updates .NET 4.5 in the same way to make dual-stack be simpler.)

Links: http://msdn.microsoft.com/en-us/library/windows/desktop/ms738518(v=vs.85).asp [microsoft.com]

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[petermgreen]

Ick -- WSAAsynGetHostByName? In this day and age, you have a window handle lying around?

Old habbits die hard and all that but even if i'm not using it in new code there is still a need to adapt old code. So far the only way i'd found to do an IPv6 DNS lookup in the background of an event driven program using the windows DNS code is to create a thread to do it and have that thread notify the main thread when the lookup completes.

Have you looked at GetAddrInfoEx? In Windows 8/Server 2012, the DNS team added some Async features into it.

No I hadn't heard of it but there is no way i'm making my code dependent on win8 in the forseeable future.

Re:

[unixisc]

Also, the standard has been evolving for quite some time, and has still not been frozen. It's true that a lot of the equipment doesn't natively support IPv6, and it's hard to argue that they should when they risk building in features or functions that may get deprecated. Like site local addresses.

Also, while a lot of concepts are similar, there are also a lot of brand new concepts that haven't really sunk in. Like, e.g., in IPv4, private IP addresses, such as 10.x.x.x or 192.168.x.x were used for sever

Re:

[fast turtle]

Interesting point that the IPv6 standard isn't even finalized and it explains why my ISP (TW) has stated they're not going to upgrade as yet, it's half baked.

Re:

[petermgreen]

But if someone is transitioning to IPv6 and has so far been having a network, say 10.1.x.x in his office, what does he use?

There are really three choices. Internet addresses, unique local addreses and link local addresses. Lets consider them individually

If it is highly unlikely you will ever change IPs (e.g. you have provider independent space or are strongly tied to your provider such that it is unlikely you will ever need to renumber) you may as well use internet addresses for everything. That way you are gauranteed uniqueness and if you decide to make something accessible on the internet later it's just a matter of changing

Re:Enlighten me please

[gstoddart]

What's so difficult about switching to IPv6 ? I mean where the cost really is ? It is not like I have to buy all of my hardware again, it is mostly a software issue right ?

Because nobody has any real interest in changing to IPv6. Everybody has a working IPv4 infrastructure, and isn't interested in spending money to change over because they have no idea of how that's going to make anything better.

IPv6 has been coming "real soon now" almost as long as I can remember. And people have mostly been saying "I don't see any good reason" for just as long.

For large organizations, changing to this is one of those things that nobody can figure out why they'd go through the time and expense.

I know a lot of people on Slashdot look at IPv6 as some serious awesomeness that everybody should be jumping at. But, really, if you have thousands of machines already running IPv4, that 10.0.0.0 address is just fine for now and there's simply not a compelling reason to start undertaking the transition.

What's the benefit? What reason would a large corporation find that makes them decide to go through the pain of transitioning? By the time you invest in changing everything over and going through all of the expense and disruption ... in what way would companies be looking at getting an ROI from this?

I just can't see why people think organizations should be undertaking this, because I don't see the pay off and the business case to be made for it.

Re:

[higuita]

hey, if you want to stay in ipv4, go for it, use a 10.0.0.0/8 for your internal network, use NAT, etc.

Now if you want to use a routable, public IPv4 class in your internal network, then you MUST migrate to IPv6. Not only you are laughing to all Asia countries with lack of IPv4 (and in a few months, several world locations) but in several months/few years you will to redo all that work to enable IPv6. They will spend more money doing twice. But hey, people are lazy and many thinks that "its not my money", so

Re:

[gstoddart]

They will spend more money doing twice. But hey, people are lazy and many thinks that "its not my money", so they dont care....

Well, so far, people aren't even doing it once. So they're not paying for it twice (yet).

The opposite of what you say is that companies don't want to spend money they don't see as providing a return. So when someone says "hey, we should spend money to go to IPv6", the company says "OK, what's in it for us" ... and if your entire answer is that there are starving children in Asia w

Re:

[djsmiley]

How many bits for a IPv6 IP vs a IPv4 IP?

Yes of course they should of thought about this before designing the hardware with a maximum ability to comprehend a ipv4 IP; but then again someone should of thought of the Y2K problem before 1998....

Re:

[cyber-vandal]

They did. I've worked on code that said something along the lines of "if year is less than 74 then century = 20". And it's "should've" or "should have" not "should of". Should of doesn't make any sense.

Re:

[leighklotz]

How many bits for a IPv6 IP vs a IPv4 IP?

Yes of course they should of thought about this before designing the hardware with a maximum ability to comprehend a ipv4 IP...

I remember having this discussion with people close to the principles about the NCP to TCP/IP transition when the 32-bit (four octet) address size was picked.
The sound bite was that it's bigger than the biggest European phone number, so they planned ahead for a time when there would be as many computers as phones, which seemed way enough. (Remember, NCP had a hosts.txt file that listed all the hosts.)

For DNS, they designed an hierarchical system, but events overtook the hierarchy and people got fetishistic

Re:

[erroneus]

re-training/education, software compatibilty, firmware compatibility...

At the office we are routinely turning IPv6 in order to make things work. (I'm not saying that's the right approach but turning it off on everything keeps things running.) IPv6 is a great idea but it's also very alien. Why didn't they just make it IPv4 with an added two bytes for addresses? I guess IPv4 is just too simple and needed to be made more complicated. It always make some people feel smart to know things everyone else doesn

Re:

[unixisc]

Adding even one bit would have caused the same scope of changes in everything listed above - all hardware, such as network printers, cameras, et al would have to get firmware updates to recognize this change (since it's in the header of the IPv4 protocol). Given that no matter what they did, a major change would be required, the IETF decided to bite the bullet, make the change but make it a huge change so that there may never need to be an incompatible upgrade to IPv6. If we ever have an IPv7, it would st

Re:

[erroneus]

Ah yes.... IPv8 (since we skipped IPv5 to go to IPv6) will IP over subspace carrier and will handle complication such as data arriving before it was transmitted.

Re:

[colinrichardday]

But even adding two bytes to IPv4 addresses would probably requiring extensive modifications of current hardware.

Hold out your teacup! ;)

[Medievalist]

What's so difficult about switching to IPv6?

It's not difficult any more. Nearly anything worth running has IPv6 support built in.

I mean where the cost really is? It is not like I have to buy all of my hardware again, it is mostly a software issue right?

Nope. It's a man-hours issue. Time is money; if you have people doing things (like reconfiguring networks that run fine on RFC1918 IPv4 address blocks) you have to pay them. Businesses that spend money on IPv6 conversions that aren't necessary are wasting

Re:Because sixxs is a pain in the ass to get

[petermgreen]

If you want a free v6 tunnel there are less elitist providers than sixxs. gogo6 (aka freenet6) even offer unauthenticated tunnels for individual machines* so you can just install their software and go.

Still I consider such tunnels as a tool for those who are interested in developing/testing IPv6 and maybe as a stopgap measure for a subset of end users who really need to reach v6 servers. If you are serious about v6 then you should be using a v6 capable ISP.

*If you want a prefix you have to create an account and authenticate to it but afaict creating an account with them is no big deal.

Re:Because sixxs is a pain in the ass to get

[higuita]

sixxs dont require a linkedin account (or something changed since i created mine and several friends accounts)

all you need is to say you want to test ipv6 on your home computer (or home network) and put your real info (name, email, etc)... that isnt much different from registering on any website.
Requiring real info is normal, as you will access the internet with their connections, its normal they want real info to contact you or to redirect any police request if you want to use their network for illegal activities

Re:Because sixxs is a pain in the ass to get

[Aighearach]

This is slashdot, everybody already knows to use Hurricate Electric [he.net].

"new internal government network"

[Anonymous Coward]

To me that means they should all be 10.x.x.x, and some IT workers are completely and totally incompetent.

Re:"new internal government network"

[Anonymous Coward]

Government workers are completely and totally incompetent.

FTFY

Re:

[neokushan]

Or by "internal" they mean "secret".

Re:

[backwardMechanic]

It's a bit less secret now.

Re:

[Chris Mattern]

They probably shouldn't have put the routers in the secret nuclear bunker. [typepad.com]

Re:

[Anonymous Coward]

Remember that this /8 was allocated many years before the publication of RFC1918, to which you refer.

Re:

[vux984]

Remember that the govt said it was being used for a 'new' internal network.

Calling an IT project "new", that predates RFC1918 is stretching "new" well past the breaking point.

Re:"new internal government network"

[QuantumRiff]

if you have connections to other networks, and/or vpn's, internal network IP's are a pain in the ass. How do you setup a VPN when both ends are using 192.168.1.x? easy, you overload NAT, so both sides see the other as a completely different subnet. Do that about 5 times, and then try to debug some firewall rules.. Many larger companies will now refuse to setup VPN's with companies that use reserved addresses, since its such a pain in the rear.

By using a valid IP address, your assuring that they are globally unique.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[QuantumRiff]

We have had 4 companies we connected to with VPN's over the last two years. All 4 of them were medical industry companies with > 2,000 employees. All four required we have our own valid, routable IP range to use before they would connect with us.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[firex726]

I'm curious about that too, I've heard some dumb reasons to try and justify a static IP use.

Re:

[Richard_at_work]

Thats a bit strong, considering you know fuck all about the project they are implementing - "internal" doesn't necessarily mean "private", and there are many ways in which public addresses are beneficial.

Re:

[Nimey]

Is sir unaware of what subnet masks and VLANs are for?

Re:Doesn't work.

[petermgreen]

Unless all systems attached are on the same subnet... And that plays hell with routing, causes congestion... There are reasons the 10.x is non-routed. It was aimed at large local networks - like a node cluster. Sucks when you have to go past a router. That requires routable numbers.

BS you can route subnets of 10.x on your private networks just fine. You just can't advertise them on the public internet.

The real problem comes when you are trying to link together a load of sites that are already using some part (or even all, it's a class A block so the default netmask is 255.0.0.0) of 10.0.0.0/8 for their local private network. It is likely that some users will need access to both the national network and existing local private networks. So if you use private IPs for your network you are stuck either trying to find a subset of 10.x that none of the sites are using (can work but there is no gaurantee there will be any such space and it's a problem if you want to add more sites later). Renumbering machines unrelated to your network at various sites so they don't clash with your network or using some horrible NAT hacks.

USternet

[matt007]

Well some old dinosaur US companies or even universities own a full Class A.... do you think they need the address space more than a government ?

IBM CSC Dupont MIT Ford Apple USPS... etc.

see the list at : http://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks

Re:

[firex726]

Yea, some of those will have so many addresses that they could assign a static IP to each node and still have left overs.

But then again it'd probably just delay things further. We're going to have to bite the bullet eventually.

What's in it for them

[Maximum Prophet]

The UK may have 16.9 million 'unused' IPv4 addresses but according to the department that owns them, they're not for sale.

Of course they're not for sale, no one in the department would get any benefit from selling them, and it would be more work if they did. Once the lobbyists get wind of this, someone higher up will get a campaign donation, and the block could be sold.

They should sell it anyway

[DrXym]

Sell the block for a billion or whatever it's worth, and use the money to build an IPv6 backbone for UK government services. That in turn would free up more blocks which they could continue to sell and continue to fund the transition with. Or they could sit on them and do nothing until the world switches to IPv6 and there is a glut of IPv4 addresses that nobody is interested in buying.

Re:

[gramty]

They can't sell them, they don't own them. the RIR (RIPE NCC) has very strict rules over the transfer of IPv4 addresses. If the currently end user no longer requires them they should are to be returned to RIPE for zero compensation, RIPE can then re-assign based on applications requirements and justification. The rules were brought in to prevent people setting up shell companies to land grab all the remaining address space once it became obvious it would be exhausted.

Re:

[Maquis196]

Not just that, but this /8 is probably worth more then the British gold reserve that a certain former PM sold for about 1/10th of its current price (hindsight eh?). Unless theyre really using a massive part of it, do as you say. Sell it whilst its worth something, pay some nurses and everyone is happy. (except everyone else who would want a slice of that 1B).

Told you so!

[Type44Q]

I called that one, right here [slashdot.org]! :p

I'll Do It

[bill_mcgonigle]

I'll take care of re-addressing into a /16 and we'll spit the proceeds of the /8 50/50, OK?

in the pre-NAT days....

[Larry_Dillon]

For those that remember the days before NAT was prevalent, this is what way IP addresses were supposed to be used.

IPV4 was designed for government use

[evilandi]

I think what people have forgotten here is quite how old the internet is, for how long the British have been involved in it, and how tightly integrated into British government it has been for a long, long time.

I'm sure Slashdotters don't need a history lesson on the origins on the internet; as a cold war military network designed to re-route traffic in the event of a nuclear strike on what would otherwise be single points of failure. What readers might need a reminder on, is the UK aspect of this early history.

Whilst the internet began as a US-only operation, within only a handful of years this had spread to the US' closest NATO ally, the British. Given that even us Brits cheerfully admit that, from a NATO perspective, our island is essentially a 700-mile long aircraft carrier in the North Atlantic that can never be sunk, the involvement of the UK in the early days of the internet should come as no surprise. It's also well known that both American and British universities got in on the act fairly quickly, initially from the perspective of military research; most British universities were either directly addressable or a short hop through a gateway from the internet by the early 1980s. Other close NATO allies, notably the Canadians, ditto.

What's not so well understood is that, as absolutely certain first exchange targets, the British had an extremely highly developed government continuity strategy for nuclear war. Some parts of this have come to minor public attention in the form of amusingly retro nuclear bunkers that have been re-purposed as museums, archives or modern telecoms junction points (look up the codenames Guardian, Anchor and Kingsway) with varying degrees of practicality. There are some very chilling bits like the "Protect and Survive" videos (now on Youtube) that frankly still scare me silly and we'd all rather forget. Further, there other parts such as the RSG Regional Seats of Government which remains partially, or perhaps even largely, obscured by national secrecy (and probably rightly so).

This stuff was set-and-forget, it's original design brief was that you wouldn't be able to call the IT department if the IT department had been killed in the first strike, it had to work and remain working without significant intervention.

Understand that concept - understand that the internet has been at the heart of the most serious British government infrastructure for around 40 years - and you begin to understand why /8 IPV4 address blocks have been, often literally, hard-wired in to the British government. This network was the network we would rely on, to survive. It was the one thing the British government could depend upon. It was the one thing which, when planning IT infrastructure, the government could be absolutely certain about.

Having that level of certainty allowed us to build other infrastructure around it, such as the PSN Public Services Network,

To those arguing that it's just a bunch of router reconfigurations... this is not your piddling little /24 home office network. Nor is it simply a bunch of VPNs linking regional offices over a few leased lines. This is not even one IT-savvy megacorporation like IBM. This is a nuclear-war-proof combined civilian and military network which over 40 years has been integrated into every government department and every local government office in a country of 70 million people. It's in the job centres, the benefits offices, the local tax offices, the post offices, the village doctors' offices. It's throughout public service departments which are staffed by people who, on the whole, are pretty good civil servants but who don't actually have a reason to need to know how it all hangs together, and in the vast majority weren't around when it was plumbed in.

Would this cost more than the value of the address space to reconfigure to 10.x.x.x or IPV6? Crikey, yes, Ten times yes. Magnitudes of scale yes.

But if it is an internal network...

[wisnoskij]

... They do not need top end internet addresses.
And 17 million of them?

Why does the government even have that many computers, and why does it sound like this is just one small subnetwork?

Re:

[firex726]

Reminds me of the switch over from Analogue to Digital TV transmission.

Of course most home users are already setup either directly or via their ISP. It'll be businesses with these $50,000 network equipment that wont want to move over due to the cost of buying new HW when they just got through paying off the old stuff.

Re:

[circletimessquare]

it's the only way to solve this problem.

Maybe the mandate can be sold to manufacturers first as an economic stimulus: think of all the new equipment that will be need to be built and all the old computers grandma still uses that will be replaced because they can't figure out how to run the windows update that force retires IPv4 and requires a trip into the control panel.

Re:

[Richy_T]

Except it's not really a problem which is why no one is particularly rushing to fix it.

Quit wanting the government to force other to do what you think is best. It's antisocial.

Re:

[circletimessquare]

if you don't understand why running out of IPv4 address space is a real and genuine problem, you shouldn't be posting on this particular website

Re:

[gstoddart]

Or we can keep dragging our heels and we will be talking about horrible kludges like NAT and an inelegant, hacky Internet address space for 5-10 years. I'm really sick of these stories on Slashdot. I'm not blaming Slashdot, I am sick of the existence of these stories in a community that isn't FORCED to do the brain dead obvious. Because no authority mandates the obvious.

Obvious? What's so obvious about it? If it was obvious, people would have switched by now.

But since people don't perceive it as better, o

Re:

[circletimessquare]

it is obvious

what is lacking is the existence of an authority to force the obvious change to happen. because centralized force is the only way to save us from bedlam and a hacky address space and NAT everywhere (not just within organizations, but across the internet address space, turning it into fiefdoms)

the problem some minds have with problems like this is they see only costs on one side of the equation, and in the shorterm

the costs of mandating the change: sudden, large, and then gone forever
the costs o

Re:

[gstoddart]

third lesson: sorry, but all I hear is screeching weasel, dial it back a little

For starters, WTF is wrong with NAT? I keep seeing people say this, and it mostly amounts to apoplectic bitching about how evil it is without anything coherent behind it.

You say it's obvious, and that there are good solid reasons why people should choose it -- and then you utterly fail to explain your case.

As I said, if I put you in a room with management to make your case as to why, you'd fail utterly. If you can't make your

Re:

[Bronster]

Long term something else may have replaced ipv6 - y'know, something actually massively better - not Blu-Ray better.

Companies which wait longer skip over an intermediate layer of pain in that case. Lucky for them.

Re:

[circletimessquare]

or: the television networks switching over to HDTV from analog.

grow up.

Re:

[circletimessquare]

no, i'm not happy, because you go to absurd thoughts. think about the switch from analog TV to HDTV. it was mandated, forced, on industry and individuals, to great expense, and led to a much better standard. and it was accomplished without concentration camps or secret police or whatever other absurd analogy you want to make, dumbass

Re:

[circletimessquare]

you don't appreciate or acknowledge the cost of a balkanized, NATted, hacky internet address space?

you are so allergic to a mandated switch you don't appreciate the benefits?

why do we have to deal with spastic hysterics like you on commonsense questions?

we're talking about a prudent obvious solution to a real problem, and you have to start WHARGARBBBLing about raids and detention like a paranoid schizophrenic moron

Re:

[circletimessquare]

the pipe won't be transparent, idiot, if it's NATted to high hell and balkanized because the name space is clogged out

and i'm a little general because i recognize the only way forward is to mandate the change

such fucking idiots on this site

Re:

[circletimessquare]

i'm not here to win over someone to a point of view. IPv4 name space is running out. IPv6 has to be mandated to fix the problem. there's nothing to win over or convince someone of. you either understand the fucking obvious or you are a fucking moron

Re:

[Bert64]

On the other hand, the government could simply start putting their own sites on ipv6 only... Anyone wishing to work with the government, to pay their taxes online, to win government contracts etc, would need to use ipv6. The US already does that to a small extent in that any equipment they procure must support v6, although they don't actually use it.

Re:

[unixisc]

This is absolutely right. This comment @ the end of the submission:

The addresses in question are being used for a new internal government network. Of course, why that project wasn't built using IPv6...

doesn't make sense. First of all, there is nothing indicating that IPv6 was not considered. But even if it was, it still makes sense to dual-stack them. Like I suggested in the previous thread on this story, even if they distribute it, they should do it to those already planning for IPv6. In other words, IPv4 addresses should only be sold to those willing to go IPv6 as well

Re:

[Dagger2]

It's not like a couple of /8s will make much difference either. One /8 lasts for about a month or so.

Giving back IP space is a waste of effort. Exert that effort towards your IPv6 migration instead.

Re:

[Bert64]

Well the lack of ipv6 adoption is caused by the exact problem...

Why should i expend the cost to implement it when noone else does?