Number crunch: the struggle to upgrade the Internet from IPv4 to IPv6 :: The Future of the Internet

Number crunch: the struggle to upgrade the Internet from IPv4 to IPv6

January 10th, 2011 | by jz | Published in Future of the Internet | 1 Comment

[cross-posted at the CDT blog]

How the Internet is running out of room, and what we must do about it

“CDT Fellows’ Focus” is a series from CDT that presents the views of other notable experts on tech policy issues. This week, CDT Fellow Jonathan Zittrain and Leslie Daigle write about the end of IPv4 address space. Guest posts featured in “CDT Fellows’ Focus” don’t necessarily reflect the views of CDT; the goal of the series is to present diverse, well-informed views on significant tech policy issues.

The Internet’s framers famously designed it without predicting much about how, or how much, it would be used. For example, the network’s capacity was conceived less in a count of precisely how many could participate at once – the way traditional phone circuits worked – and more in flexibly divisible bandwidth. As that bandwidth got saturated, it would degrade gracefully: data might move slower for everyone, but no one would get an “all circuits are busy” message. In ways large and small, what animates Internet protocol design is a procrastination principle: if something can work well, it doesn’t have to be perfect, and not every problem or limit must be anticipated and preempted. Potential but still speculative flaws can be fixed later – possibly somewhere other than inside the network.

Unfortunately “later” is arriving now for a crucial piece of the Internet: its ability to tell one attached device from another. Internet architects designed a simple way to identify participating computers and route data among them: assign each a unique number: an Internet Protocol (IP) address. No IP address, no delivery. The routers in between you and your friend use your friend’s number the way a postal service would – the number says something about where she is. That’s made possible because IP addresses are clustered together, just like street addresses grouped in a ZIP or other postal code.

The system has an Achilles’ heel: there are a limited number of numbers. It might seem that you could add 1 to whatever the last number is and keep going, but there’s a hard cap in venerable Internet Protocol Version 4 (IPv4): 4 billion IP addresses, which the Internet is outgrowing in much the same way that applications outstripped the original 64K of memory expected for a PC running Microsoft DOS. There is now general agreement among Internet technologists that the end days are upon us: the last block of fresh IPv4 addresses will likely be allocated to the Internet’s North American address warehouse in early 2011, to be passed out to Internet Service Providers here by mid- to late-2011.

Worse, because of the clustering of addresses, we can’t squeeze the last bit of digital toothpaste out of the tube as fresh numbers become scarce. There’s a gray market for chunks of already-allocated numbers despite restrictions against selling them – and some telecommunications providers are rumored to have been purchased only for their numbers! – but such used numbers carry their own risks. Anyone who has inherited the former phone number of a pizza shop will appreciate that some numbers are less desirable than others. Moreover, some IP addresses have at one time been the source of cyberattacks, or hosted politically sensitive content, and the resulting blocking of traffic originating from them by various ISPs is rarely revisited by those ISPs. (Who wants an old Wikileaks IP address?)

Running out of fresh numbers will not stop the Internet from working. But, unchecked, it will greatly complicate growth. As new computers and devices come online, something has to give – making more use of existing addresses, or finding a new way to address things.

In the first category – making do – the procrastination principle has bought us some time. Enterprising engineers developed an ingenious baling-wire-and-twine workaround to the one-number-per-computer rule. Known as network address translation, or NAT, it allows the holder of a single IP address to share it among a group of computers. This happens nearly every time you hook up a wireless router and access point at home: your ISP only gives you one number, and you use your inexpensive router to share it with everyone who connects to your network. Cable and DSL ISPs are considering the same thing to put larger networks of multiple customers behind a single address, at least as an interim measure. Unfortunately, like most such workarounds, it doesn’t really work as well as having one number per machine: the fancy footwork required to share a number around can limit the kinds of applications you can run, and greatly increase the complexity of some software, such as Skype Internet telephony, if it’s to work at all. NAT has bought us some time – much of Qatar has been known to share one IP address – but it’s spackle covering a rapidly-rusting architecture stretched far beyond its creators’ wildest ambitions.

Which brings us to a more comprehensive solution. Internet technologists did not sit idly by when it became clear IPv4 could not last. Over a decade ago, they specified its successor, IPv6 (don’t ask what became of IPv5), with a few hundred trillion trillion trillion addresses. Such huge swaths of address space promise something even better than a well-functioning market for valuable but limited assets: abundance so great that no market is required, only careful administration. Unfortunately, for IPv6 to work, nearly every piece of networking software and hardware from one end of a data transmission to the other needs to be upgraded. If just one link in the chain hasn’t been upgraded to understand the new numbers, IPv4 will still have to be used.

The idea for transition was that systems would work with both protocols for awhile, and gradually IPv4 would end not with a bang, but with a whimper – fading away like, say, the telegraph or telex addresses that used to share letterhead with telephone and fax numbers. However, even though many operating system and hardware vendors have been anticipating IPv6 for years (current Mac and Windows systems now support it out of the box), there are still gaps in available products and little business dependency on it, and there has been remarkably little deployment. This is consistent with the procrastination principle: the only networks that have deployed IPv6 are those that have found a business model for which it as a requirement. And, because the benefits are, generally, global rather than local to one network, the procrastination principle becomes a Prisoner’s Dilemma: we’re all better off if we all move to IPv6, but the worst case is if you pay to move while others don’t. So why not wait – forever, if others act similarly – for everyone else to do it before making the investment?

We’ve spent a decade with few networks taking the plunge to deploy IPv6.

This holding pattern is not likely to persist. With the larder dry, in the absence of fundamental innovation in Internet Protocol, we’d see an unfortunate ramp up in the use of NAT and its complications, coupled with parties’ tussles over existing ‘pure’ IP addresses like rats fighting over crumbs. Demonstrated shortcomings of the type of IPv4 address sharing include degraded performance of network-intensive web services: web pages where different pieces show up slowly, rather than seamlessly. Customers will not see a poor network connection – they will perceive poor service from the product or company.

More directly, IPv6 is gaining ground among new entrants (who have little choice), so the days of an all-IPv4 Internet are numbered. In developing its broadband strategy, India went for IPv6. New industries looking at wide scale networking are also looking to IPv6 in order to have access to adequate address space, and to be able to build novel network architectures, unencumbered by the structural assumptions needed to support address sharing.

The best future for the Internet is for all networks to deploy IPv6, and pay the price of working in a dual IPv6 / IPv4 world for a period of transition. If companies wait until the business impacts of degraded IPv4 network experience or the identification of opportunities to work with new (IPv6) networks are upon them, the need to make a transition more quickly than a multi-year equipment refresh cycle will likely be more costly and difficult. So how to encourage enough entities to take the plunge?

One way out of a classic problem demanding collective action is through regulation. A government can incent or compel everyone to contribute. However, this would require coordinated regulation across boundaries not recognized by network traffic – the intricacies are daunting, and for the Internet without precedent. And if successful, governments might gain an appetite for controlling the direction of an Internet which previously managed growth and innovation through elective uptake. Few are enthusiastic about mandated transitions.

Another way out is through leadership by big players. For example, governments aren’t just regulators of information technology, they’re purchasers of it. By insisting that government- and military-run subnetworks are IPv6, they’ll stimulate demand for the newer technologies and encourage intertwined private parties to follow suit. The US government’s Office of Management and Budget followed just such a route in 2005, requiring all government services to be IPv6 capable by 2008. In September, Vivek Kundra crystallized requirements for government websites to be IPv6 capable.

China has been leading IPv6 adoption for years, in part because it may otherwise feel the IPv4 number crunch most acutely, and perhaps because the government has determined that it’s in the country’s best commercial interests. Some large companies have placed bets on an upgrade. Google has been public about its activities to deploy IPv6, and a business rationale to not be last to market with IPv6 support.

A cold calculus on such investments for many Net-connected enterprises may indeed suggest holding off. But what has made the Internet better than the more proprietary networks that it eclipsed is that its participants have had a sense of stewardship of the space, justifying the absence of government planners and sheriffs, or a single corporate umbrella. Engineers from the public and private sectors labor on Internet protocols with loyalty to a network functioning as a commons, not simply to their employers’ particular business models. An investment in IPv6 from enough corners is sensible if each corner decides to factor in the benefit to the overall ecosystem – not just itself.

If such capacious thinking comes through, the Internet won’t run out of space – and we can go back to procrastinating on its future.

Jonathan Zittrain is Professor of Law and Professor of Computer Science at Harvard University, where he co-founded its Berkman Center for Internet & Society. He is a member of the Board of Trustees of the Internet Society. Leslie Daigle is Chief Internet Technology Officer for the Internet Society.

Responses

Feed

Tweets that mention Number crunch: the struggle to upgrade the Internet from IPv4 to IPv6 :: The Future of the Internet — And How to Stop It -- Topsy.com says:

January 10th, 2011 at 9:56 pm (#)

[...] This post was mentioned on Twitter by Jose Afonso Furtado. Jose Afonso Furtado said: Number crunch: the struggle to upgrade the Internet from IPv4 to IPv6,by Jonathan Zittrain (@zittrain) http://bit.ly/dOQSnN [...]

Blog

The Future of the Internet: Five Years Later

In 2008, The Future of the Internet called attention to a “sea change” in the way consumer devices interact with the Internet. “The future is not one of generative PCs attached to a generative network,” the book warns; “it is instead one of sterile appliances tethered to a network of control.” In response to the security threats posed by malicious third-party code, increasing numbers of users will likely gravitate towards gadgets “tethered” by continuous communication between product and vendor. And this proliferation of tethered computing—the “appliancization” of PCs—will deal a serious blow to the principles of generativity and free expression that drove the early Internet.

Since the publication of The Future of the Internet, the ethos of strict appliancization has taken a new turn. In 2011, Professor Zittrain wrote an update on the book’s message: “at the time of the book’s drafting, the alternatives seemed stark: the “sterile” iPhone that ran only Apple’s software on the one hand, and the chaotic PC that ran anything ending in .exe on the other. The iPhone’s openness to outside code beginning in ’08 changed all that. It became what I call “contingently generative” — it runs outside code after approval (and then until it doesn’t).” This trend towards contingently generative models continues into the present day, and represents a shift similar in many respects to the one The Future of the Internet predicted.

Jon Brodkin and Peter Bright’s Ars Technica op-ed on the Microsoft Metro app store offers some valuable commentary on a big development in this “sea change.” The article recognizes that “Microsoft is imitating Apple in one very bad way, by limiting the distribution of Metro applications to a Microsoft-controlled app store… by bringing Windows to tablets, Microsoft could strike a blow for openness in a market dominated by a closed system. Instead, Microsoft is bringing the same restrictions found on iPads to both Windows tablets and PCs.” As forecasted by The Future of the Internet, devices that only run approved code are gaining popularity. Metro, the curated user interface that has found its way onto Microsoft’s tablets and PCs (in the case of the PCs, alongside a fully-functional desktop mode capable of side-loading non-Windows Store applications), won’t run applications from outside the Windows Store. Moreover, the apps available through the Store are subject to a bevy of restrictions on content. With these restrictions on installable applications come the restrictions on generativity that The Future of the Internet anticipated: “lock down the device, and network censorship and control can be extraordinarily reinforced.” And, as the Ars Technica piece observes, the Windows Store’s rules would exclude critically-acclaimed content like the video game Elder Scrolls: Skyrim, simply for its PEGI 18/ESRB M rating. It isn’t hard to extrapolate, as Brodkin and Bright do, that these rules could give rise to debacles similar to Apple’s (repealed) ban of a satire app developed by a Pulitzer Prize winner.

Though the Windows Store’s restrictions resemble Apple’s policies in many ways, there is a crucial difference: Metro-running Windows 8 products are designed as PC replacements, rather than sui generis devices like the iPad. And since Windows desktops have long been preferred gaming platforms, the theoretical exclusion of content like Skyrim from the Windows Store makes Windows 8’s emphasis on the Metro interface particularly jarring.

With Metro, Microsoft has made a decisive move towards contingent generativity. Brodkin and Bright note that “there are security benefits to a closed app store model, particularly for less tech-savvy users who may not understand all the dangers on the Web. There are also, arguably, convenience benefits; end-users can be reasonably confident that the apps they download will work correctly and be at least marginally useful…But while these security and convenience benefits might be enough to justify the existence of a curated app store, they don’t justify the decision to make that store the only option for all users. Informed users should be allowed to install applications from wherever they want.” Brodkin and Bright prefer a system like Gatekeeper, a fixture in newer versions of Apple’s OS X, from Mountain Lion forward. Gatekeeper gives users the choice to restrict their operating system to App Store apps and outside apps that have been signed with Apple-issued Developer IDs, or open up the device to all programs, whether or not they’ve been vetted by Apple. The “Future of the Internet” Blog is fairly enthusiastic about Gatekeeper: about a year ago, a post here suggested that “the middle ground of allowing non-App Store signed code may represent the best of both worlds.” But we were quick to warn that Gatekeeper strikes a tenuous balance: “one small tweak — lose that Control-click for sideloading — and OS X could fully merge with iOS, both in functionality and in security methods.” Metro’s riff on content control could be just that sort of tweak—especially given recent speculation that Microsoft may dump desktop mode in Windows 9, leaving only Metro.

Moreover, a contingently generative business model like the Windows Store’s carries some ethical implications that, while not damning, are certainly worth examining. Distribution systems like the Windows Store, Apple’s App Store, and the Android Market receive 30% of the sales revenue from applications sold in their stores (in the Windows Store, this cut drops to 20% after an app reaches $25,000 USD in revenue). Further restrictions on side-loading in new operating systems would drive a great deal of business towards big companies’ proprietary marketplaces—and with that traffic would come big payouts. With the uptick in store traffic that tighter gatekeeping would engender, it’s easy to imagine the equilibrium of Mac’s OS X Gatekeeper being forsaken for more restrictive, and more lucrative, operating systems. To analogize, a la The Future of the Internet: when the company that makes your computer requires you to install programs through their official store, it isn’t so different from the company that makes your toaster forcing you to buy from their bakery—and taking a cut out of every bread purchase you make.

Even though Windows 8 PC users can still make use of a fully-functioning desktop operating system, Microsoft’s failure to include a side-loading option for the heavily-emphasized Metro interface—particularly in devices marketed as PC replacements—is a step in the wrong direction. It’s also an indication that the seas are changing in the way The Future of the Internet predicted. Given that Android’s more open approach to outside applications [1] still leaves the Android Market increasingly economically viable, Ars Technica is right to voice its disappointment in xenophobic operating systems like iOS and Metro.

- Ben Sobel, Kendra Albert, and JZ

[1] Though the Google Play approach to openness is far from perfect! Ad-Blocking apps were recently pulled from the Play Store, in a move that will come to illustrate just how viable it is to distribute a side-loaded Android app without any help from the Play Store.

Rock star RA wanted

I’m seeking a full-time one-year rock star research associate to engage with a variety of projects and classes, with a broad opportunity to immerse in cyberlaw and Internet topics. Blurb below, with more information on how to apply at <http://cyber.law.harvard.edu/getinvolved/jzra>. …JZ

–

Professor Jonathan Zittrain of Harvard Law School, the Harvard Kennedy School of Government, the Harvard School of Engineering and Applied Sciences, and the Berkman Center for Internet & Society, seeks a full-time research associate in Cambridge, MA for a period of one year, beginning no sooner than June 1, 2013.

This position requires the ability to absorb large amounts of written and other media materials from various sources (including but not restricted to: original sources, scholarly articles, news articles/blogs, interviews, databases) in a short amount of time, critically analyze that material and render it forward. This could take the form of prep materials for panels, conferences and presentations; article outlines; fact checking materials; original article or paper drafts; slide decks or other digested forms. The research assistant should be prepared to help prepare materials for class sessions and syllabi, lead discussions and work with project managers to accomplish research-related goals.

Research is often self-directed with little outside guidance beyond broad outlines and themes (though occasional targeted research assignment for a specific fact or image can be expected, and feedback is provided), so the ability to quickly critically appraise sources and identify interesting, relevant and original paths is essential. Wide-ranging interests and the ability to work on almost any issue or topic that arises is a plus, as is an ability to ramp up quickly on unfamiliar fields or topic areas. Excellent writing and editorial skills with an attention to detail are also required.

This job is an ideal opportunity for those interested in future graduate school or law school studies, whether currently admitted or still applying to such programs.

Over the course of the year, a motivated individual will sharpen and focus his or her research agenda and make valuable contributions (in his or her own name) to the field of cyberlaw and beyond, while being exposed to interesting thinkers in academia, industry, and government. A research associate in this position will work very closely with Professor Jonathan Zittrain and his team, assisting in a variety of research areas, e.g. ubiquitous human computing, mesh networking, and cybersecurity, as well as on topics around access to knowledge and open scholarly publishing under the auspices of the Harvard Law School Library.

The position will not start before June 1, 2013. As with all Berkman staff positions, this is a term position, ending June 30, 2014.

F-T: Don’t sue over tweets

I just published a short piece in the F-T in the wake of legal threats against users who tweeted or retweeted a link to a BBC report of child abuse that turned out to be wrong. Here’s the full text –

Those who didn’t see the false child abuse accusations against Lord Alistair McAlpine on an ill-considered BBC documentary may have instead heard about them through social media. This week, London’s Metropolitan Police suggested they might file charges against those Twitter users who sullied the reputation of the retired Conservative politician by knowingly repeating the lie that he was a child abuser. But the police may be less fearsome to the average BBC-linking tweeter than Lord McAlpine himself. Read more »

Taking More than Candy from a Baby

Update – 10/17/2012: The parties involved in the lawsuit – Speak for Yourself and SCS/PRC reached a settlement, allowing the app to remain in the Android and iOS app stores. More at the Nieder family blog.

Original Post:

Generativity hasn’t had a poster child — until now.

Meet Maya, a four-year-old child who could lose her ability to speak with the elimination of an app from the iOS App Store.

As detailed in the Nieder family’s original blog post on the subject, Maya uses Speak for Yourself (SfY), an iPad app that serves as an “augmentative and alternative communication” (AAC) device. Before finding SfY, Maya had tried multiple AAC devices, but hadn’t found one that worked for her. Read more »

“Unabomber manifesto tied to tech news headlines”

When you see the headline “Powerful ‘Flame’ cyberweapon tied to popular Angry Birds game,” does it cause you to think that there is actually some connnection between the recently discovered malware Flame and Angry Birds? That would be entirely reasonable, but wrong. Read more »

About Jonathan Zittrain

Jonathan Zittrain is Professor of Law at Harvard Law School and co-founder of the Berkman Center for Internet and Society at Harvard Law School

Tweets from Z

An error has occurred, which probably means the feed is down. Try again later.