THE VIEW FROM INSIDE

Let's let the sysadmins worry about IP addresses

Walter R. Houser

Does Cisco Systems Inc.'s Steve Deering really think that the sky is falling when it comes to Internet addresses and the latest IP version?

Deering was the keynote speaker at October's Next Generation Internet conference, sponsored by the Space and Naval Warfare Systems Command and the Armed Forces Communications and Electronics Association [GCN, Nov. 8, Page 1]. A senior engineer for Cisco of San Jose, Calif., Deering is one of the principal authors of the NGI Protocol.

'If managers of government Web sites want to retain transparent connections with the public Internet, they had better start worrying about IP Version 6 readiness,' noted the GCN story that detailed Deering's comments.

Well, I'm such a manager. Should I worry about IPv6 readiness before or after Jan. 1?

I find an interesting similarity between the year 2000 issue and NGI problems. Both resulted from design compromises made years ago. Cobol programmers never imagined that two-digit date codes would be used for 30 years. Likewise, Internet engineers of the early '80s thought that 4 billion IP addresses would be plenty.

No one had anticipated that large organizations would gobble up addresses by the millions: utility companies for remote controls, hospitals for patient monitoring devices, and service providers for the disks and CD-ROMs they drop into every household mailbox like confetti.

Running on empty

About five years ago, members of the Internet community began to predict the unthinkable: The supply of IP addresses would be exhausted. The Internet Engineering Task Force developed ways, such as the Dynamic Host Configuration Protocol (DHCP), to ration addresses. Still, idle addresses were pulled into service by market demand.

Eventually, IETF redesigned the IP address structure to make it large enough to accommodate seemingly every molecule in the known universe. The result is IPv6.

Now that NGI is upon us, I asked Deering whether my beleaguered Web colleagues and I should be worried about his dire prediction. The number of IP addresses we use is trivial compared with the burgeoning growth in devices being added to the Internet. Besides, we webmasters are rarely masters of this, or much else in our precarious careers.

'I'm glad to see the word get out so federal agencies can plan for the transition,' Deering said. 'However, I wasn't happy to see the estimate that the NGI protocol will be up to 10 times more costly than the year 2000 transition.' The Commerce Department last month pegged the U.S. total at $100 billion.

'The year 2000 effort and the IPv6 issue are not comparable,' Deering said. 'Agencies will be able to keep their IPv4 architectures for as long as their address space holds out. It's not really necessary to rush to the lifeboats just yet. There will be no magic Day 1 that everyone has to fear and dread. It's our job in the IETF to see that the transition causes minimal disruption of services at a reasonable price.'

For agencies that feel an address crunch, network address translation (NAT) at firewalls and gateways will allow reuse of addresses currently behind other firewalls, Deering said. He advised agencies that have not implemented DHCP to do so, unless they have a plentiful supply of IP addresses.

But, Deering warned, neither NAT nor DHCP does anything to make more addresses available for Web servers, which require globally unique, stable addresses.

NAT destroys global uniqueness; DHCP destroys address stability. Those techniques provide more addresses for client devices that do not need uniqueness or stability, he said.

If the situation at my agency is typical, webmasters have little if any influence over the disposition of IP addresses. Like any lowly PC user, I get my IP address assignment from the network administrator and learn to love it.

The people who need to worry are those buying electronic devices, medical equipment, smart buildings and the like. With every electrical outlet getting an IP address, it's little wonder that those little octet strings are going like hotcakes.

Deering reassures webmasters that existing Web servers can continue to use their current IP addresses indefinitely. Protocol translation technology, similar to the address translation technology that many people use to stretch their IP address space, will support interoperation between new and old IP versions for as long as necessary, he said.

So if someone calls from the secretary's office asking if IPv4 is a threat to the department's Web pages, tell that person not to panic'at least not yet. Then tell them to call the network administrator.

Walter R. Houser, who has more than two decades of experience in federal information management, is webmaster for a Cabinet agency. His personal Web home page is at www.cpcug.org/user/houser.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above