The Grill: John Curran

The guardian of North America's Internet addresses warns that the IPv4 pool is drying up fast. He explains why he thinks companies ought to start IPv6 upgrades now.

As president of the American Registry for Internet Numbers (ARIN), one of several regional Internet registries, John Curran oversees the issuance of Internet addresses for most of North America. The problem: IP Version 4 Internet addresses are going, going, gone. And users who get new IPv6 addresses could have a lousy experience when visiting Web sites that haven't been updated for IPv6 -- and they may not even know why. Curran explains when the world will run out of IPv4 addresses and what it takes to upgrade to IPv6.

Why are we running out of Internet addresses? We created IPv4, a 32-bit IP address architecture, more than 30 years ago. IPv4 gives a total of about 4 billion possible addresses. That seemed like a lot, but when you think about it now, with the number of people on the planet, the pervasive nature of the Internet and the number of devices each one of us has, 4 billion is a fairly small number.

In the early '90s we realized that at the rate the Internet was going, we were going to run out of address space, and [so we] came up with a new protocol, IPv6. We standardized that in the mid-'90s. The heavy work of designing the protocols has been done.

How long will it be before the inventory of remaining IPv4 addresses is depleted? Based on how quickly we are drawing numbers out of the pool, we estimate that we have about 560 days left.

Then what? People have compared this to a Y2K event, but this big event will happen much more incrementally. You'll see the largest carriers run out of IPv4 addresses and start connecting customers with IPv6. This will happen in the background.

It's much more of a creeping change, and it's easy to ignore. It will be very subtle when it occurs, and companies will be caught off guard.

How many Web sites have enabled IPv6 so far? Right now, between 3% and 4% of Web sites out there have IPv6 turned on. That's not where we should be, because we're getting up now to the point of transition. It's a scant two years away.

Is anyone paying attention to this issue? Yes. The network providers, the national backbones. They need access to new addresses to add new customers. Effectively, the Internet becomes full. So they have to learn to connect customers up with IPv6, they have to run IPv4 and IPv6 in parallel, and they have to learn how to put gateways in that map IPv6 customers back to IPv4 Web sites, to the old Internet.

Sounds like an ISP problem. Why should businesses care? When an organization or company or business attempts to access your site and you only support IPv4, their ISP will most likely run them through that translation gateway. That will make it look like they're coming to you via IPv4, but they'll be relying on that carrier's gateway.

The customer will come at your IPv4 Web site with an IPv4 address that's shared in the cloud with all of that ISP's other IPv6 customers. When that customer accesses your Web site, he's going to see slower performance than if he's connecting directly via IPv6. Sites with streaming audio or video in particular may have performance issues. Performance will vary depending on how many people are going through that gateway.

Your IPv4 Web site will still be connected to the Internet, but a growing portion of the Internet will be using a protocol that you're not running. A decade out, you may find yourself sitting in an Internet backwater.

What do people need to do to be ready? The public Internet is what's going IPv6. If you have a public Web site, all you need to do is enable IPv6. You just add another protocol over the same wires, through the same firewalls, through the same router.

You turn on IPv6 on the Web server, on the router, and make sure the carrier has configured it. It's not that hard at all. It's configuration work.

Will this require equipment changes? Almost all of the major operating systems have IPv6 support. All of the major router equipment and firewalls support it. It may not be the same set of features, it may not be the same performance, but for leading vendors' equipment, you will find IPv6 already installed and waiting to be enabled.

Why aren't more organizations migrating? It's something that's truly optional, that isn't going to be noticed, but could have side effects. For example, when you configure it, if you don't get the firewall rule right, you may expose your company to security issues. Why would you take the risk of impacting production earlier than you absolutely have to?

So you have to look at the security implications. Your external network goes through firewalls -- security equipment. You need to make sure you have the same functionality with IPv6.

You also have to look at your infrastructure. Let's say someone calls into your help desk and tries to enter his IP address, and instead of four groups of numbers separated by periods [as for] an IPv4 address, it's IPv6 -- extremely long, all hexadecimal -- and the help desk can't enter it into their help desk software because the field isn't big enough.

Tools that report where customers are coming from by IP address may fail because an IPv6 address is 40 characters long in some cases.

It's still about a year and a half away. Why not wait until then to address the issue? Wait 18 months, and you might find yourself with thousands of other folks who are trying to solve the same problem. The price you'll pay to get experienced help at that point will be much higher.

Copyright © 2010 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon