[vanzard]

This counter is completely inaccurate. I used to work for a company that was doing email marketing (I quit because I disagreed with their practices). My employer was buying about one /48 per week. What does this mean? We alone exhausted 2^80 ip addresses per week, or 2e18 addresses per second (that's 2 quintillion!). So this counter showing 2 addresses exhausted per second is wrong by an order of 1 quintillion.

In fact, with the proper paperwork you can still relatively easily buy an entire /40 or maybe even /32. With these practices, IPv6 WILL run out of addresses within the next 100 years. Well, to be pedantic, it will run out of allocatable subnets, but the vast majority of their addresses will remain unused.

[byuu]

I've wondered about that. My ISP gives me a /64.

On the one hand, it seems cheap to give me one-four-billionth of the relative amount of space as the one IPv4 address they give me.

On the other hand, I can't possibly imagine which consumer home network needs four billion times more IP addresses than all of IPv4 combined. (EUI-64 notwithstanding.)

It would seem like /112 would be way more than enough for home use (131,072 unique IPs), even for complex setups with lots of subnetting, and /96 for small business use.

I understand that giving out /64s will still take 4 billion times longer to exhaust all IPs than IPv4, but ... it still feels like they're being overly generous. 64-bit IPs would have more than enough to outlast our sun going supernova if we were smarter about allocating them.

[clinta]

This is part of the design of IPv6. There are (amost) never networks other than /64. This allows the possibility of generating addresses based on a mac address, and frequently changing addresses for privacy reasons.

Most devices will not work on a network with a mask longer than 64. The only common exception is point to point links between routers, which may be a /127.

Removing variable length subnet masks from end networks makes routing and configuration a lot simpler.

[asdfaoeu]

You say that but in a few years we'll probably be fighting neighbour discovery DoS attacks. /64 prefixes seem to be the worst thought out idea of IPv6.

[simoncion]

IIRC (and I may not RC), ND traffic is supposed to be constrained to a local link.

If this is true, then it would be totally safe to drop ND traffic that didn't originate on your network, and drop ND traffic that occurs on networks that you manage that have manually configured addresses.

So, how would you DoS anything other than your upstream router [0], or the nodes on your own LAN?

[0] Even this DoS seems trivially preventable by dropping ND requests that happen too frequently. If you assume that there is one router on each end of a link, then the rate of ND messages would have to be very low in the ordinary course of operation, no?

[peeters]

Honest question, how does privacy come into play here? If you're given a /64, even if you change the last 64 bits, isn't it trivial for someone to assume everything from the first 64 is you?

[simoncion]

Yeah. It is a trivial assumption. In my experience with Comcast Residential internet, one's IPv6 prefix remains the same for as long as one's IPv4 address, which is to say that they remain the same forever.

Comcast hands out allocations as wide as /60, but even this doesn't help much with privacy; if you're being unusually proactive with your network renumbering, that's only four bits of entropy that you're adding to your identifiers. :)

[shawkinaw]

Two things:

1. The /64 is the same for your whole local network. Granted that at home that is usually not many devices, but it's almost certainly more than one.

2. The /64 changes when you change networks, and unless you have a static IP address it will change for your home network too. On the other hand, if the low 64 bits is derived from your MAC address, it never changes (unless you replace your NIC of course.)

[simoncion]

> The /64 is the same for your whole local network.

This means that -at best- IPv6 "Privacy Extensions" give advertisers no more information than they get today with non-Carrier-Grade IPv4 NATs. That's not a big win, in my book. :/

[byuu]

I get that EUI-64 uses your 48-bit MAC address plus 16-bit "ff:fe" token. But I don't really understand why this matters.

First, why does your home office need globally unique identifiers for its devices? 48-bits seems really excessive. A CRC16 hash of the MAC should cover far more before a conflict arises than any home networking devices could handle anyway. (you're really unlucky if you hit a 1:65,536 conflict. But make it CRC32 if you're really worried about that.)

Second, how does having the MAC address make routing simpler? When a packet comes into the router, it has to have a table to say MAC A == LAN port B. So instead, you'd just have it be: IP A == LAN port B. In the reverse direction, the PC already has to ask the router "what is my IP prefix?", so why is that harder than it just asking "what is my IP?" and getting a full address from it?

Third, wouldn't temporary (privacy) addresses undermine this entire EUI-64 setup's efficiency improvements? Now you're back to randomized data in the low 64-bits, so the router and PC need to have some kind of negotiation to know the IP addresses just like before anyway.

Lastly, I do think it's a valid privacy concern. Now when you do something the government doesn't like and they show up, that IP address with your MAC in it lets them say "yep, this is the exact computer that was used." Before, there was the argument that it could have been a Wifi guest. Even worse, it could follow you between dynamic IP reassignments from your ISP, and even from switching to different ISPs.

So all that said ... it doesn't seem like we really need 18 quintillion addresses to do decent routing and subnetting. Just drop EUI-64 as a bad idea, and have 16-bits of randomized values for the home network. And when you go a small business, increase it to 24-bits. Fortune 500, 32-bits.

And now to make the whole system even better ... make most of the IPv6 values used by ISPs 0000, so you can collapse 80% of the address to ::

[simoncion]

> First, why does your home office need globally unique identifiers for its devices?

For the same reason that the original plans for the Internet ensured that every connected machine was a peer of every other: a network of peers easily allows for new and novel services on the network.

> Second, how does having the MAC address make routing simpler?

It doesn't.

> Third, wouldn't temporary (privacy) addresses undermine this entire EUI-64 setup's efficiency improvements?

That's not the point. The point of this setup is to provide a way for SLAAC to easily create a stable IPv6 address to make DNS forward and reverse mapping on the LAN easy to manage. There's also an alternative method for stable address creation that doesn't use the system's MAC address.

> Now you're back to randomized data in the low 64-bits, so the router and PC need to have some kind of negotiation to know the IP addresses just like before anyway.

You really need to read how SLAAC works [0]. In particular, pay attention to the Duplicate Address Detection section, and note how DHCPv4 uses a similar method for determining whether or not an IP in a pool is safe to hand out.

After you've read about SLAAC and DAD, read about Neighbor Discovery [1]. This stuff is more well thought out and less complicated than you seem to think that it is.

[0] https://en.wikipedia.org/wiki/IPv6_address#Stateless_address...

[1] https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol

[scurvy]

PtP links are subnetted /127, but they are allocated a /64.

http://bcop.nanog.org/index.php/IPv6_Subnetting

[simoncion]

The simplest way to allocate addresses on a LAN is something called SLAAC. To use SLAAC, an IPv6 router advertises a /64 on a LAN and connected machines automatically select addresses from that /64. So, -by design- the smallest general-purpose network will always be a /64.

The IETF recommends that ISPs hand out /52's to their customers. Why? IIRC, there are no specific examples in the RFC, but I've cooked up a likely scenario:

First, remember that traffic amongst machines in the same subnet never [0] touches a router. This means that traffic within a subnet can only be filtered by endpoints.

Now, imagine that -say- the Open Wireless Router Project [1] gets clever, recognizes that our ISP is allocating a /60 or a /52, automatically splits that into one /64 for each advertised SSID, then sets up firewall rules that create real "guest network" isolation (both from other SSIDs and from machines on the LAN), while still giving every connected machine a globally routeable address.

That would be nice, no? The beauty of it is that an end-user doesn't have to even be aware of IP networking for this to work!

The practice of automatically giving end-user sites the ability to create rather large numbers of subnets will inevitably give rise to consumer networking gear that allows for interesting, secure configurations while still ensuring that all machines on the Internet have a globally-routable IP address.

[0] Let's ignore encapsulation and tunnelling for a moment.

[1] https://openwireless.org/router/download

[unethical_ban]

IMO every edge user should be getting a /62 at the smallest, but a /60 seems doable. /64 is the smallest idiomatic subnet. So a /60 would grant 2^4 subnets for SOHO use. Frankly, no one really probably needs more than 3 (internal, DMZ and external) for even SOHO operations.

[worklogin]

While others are asking "Why is CompanyA buying a /48 a week?", my question is "Why isn't ISP-A asking CompanyA why they need a /48 a week?"

IPv6 operates in several of these hierarchical subnets. A /64 is the smallest, and is usually for customers and edges. A /48 or /52 is reasonable for a datacenter, as it provides up to 2^12 subnets.

But even then, doing a /48 per DC, there is no reason for not-Huge-Cloud-Provider to be gathering that much IP.

[mortenjorck]

This may actually be a situation the market can take care of: If you're an ISP that is hooking up spammers with a new /48 each week, that starts to reflect poorly on your /40.

[caf]

The same site has an alternate counter based on /48 allocation rates:

https://samsclass.info/ipv6/exhaustion-p.htm

[gruez]

>My employer was buying about one /48 per week

Why?

[tw04]

Because "email marketing" means "spammers". They were buying new blocks of IP addresses to try to evade blacklists. They are the scum of the internet, dumping their pollution far and wide because nobody is stopping them.

*to be clear, not all email marketers are spammers. But you can be damn sure anyone buying that many IP blocks is. There's literally no legitimate reason for them to need that many IP addresses.

[extesy]

My guess is that their subnets would be periodically marked as spammers in various black lists, so they would need new subnets to continue "email marketing".

[sbov]

1/week seems like a lot.

At the same time, where I work, at least with ipv4, we like to segment product by ip block. This way if one gets a bad reputation it can't adversely affect the others. This hasn't been an issue in practice, but its just an extra layer of protection we like to have.

I'm not sure if there's the same concern with ipv6 or not.

[simoncion]

Were they holding on to a /48 per week? If they were, I'd have to imagine that at some point a single company that's not in the ISP or hosting business would be effectively holding on to a /32 and some questions would be raised.