Beating the Crunch

The Internet Protocol, the basic building block of our online world, needs an overhaul

IMAGE: HARRY CAMPBELL

As the Internet rapidly becomes the way to communicate, cyberspace is getting crowded. Millions of computers and networks effortlessly exchange vast amounts of information using the Internet Protocol. Yet IP has a shortcoming. Each networked device needs to have a unique number to distinguish it from every other device on the Internet. Otherwise, your e-mail, Web pages, instant messages, and the like might be delivered to someone else’s computer on the other side of the world. Unfortunately, the Internet is running out of these numbers.

Each unique number is known as an IP address, and in the IP scheme that runs today’s Internet—known as IPv4, for Internet Protocol version 4—each address is stored in 4 bytes and is a 32â''bit binary number. This means there are 232, or just over 4 billion, unique numbers available. Unfortunately, there are already more than 6 billion people on Earth, and although not everyone has an Internet-connected computer, the rest of us are making up for them with our servers, personal computers, PDAs, mobile phones, and so on. And even in poorer regions of the world, Internet use is exploding. Last summer, China, with a quarter of the world’s population, surpassed the United States as the country with the most Internet users. The day will come when the world simply runs out of IPv4 addresses.

And that’s only one of the ways in which IPv4 is falling behind the times. IPv4 calls for very little in the way of  security standards, which is one of the reasons security on the Internet is tough to enforce. If security were woven more deeply into the Internet’s very fabric, malicious hackers would have a much harder time trying to do any damage. An additional protocol, IPsec, helps with Internet security today, but it is not a mandatory part of IPv4. That gives worms, viruses, spyware, and other malware plenty of wiggle room. IPv4 has very little support for real-time applications—telephony, videoconferencing, online games, live sports-watching, and so on—that do not tolerate transmission lags of even a few hundred milliseconds. Although such services are available today, reliability is not guaranteed, so dropped or stuttering connections are common.

Fortunately, there’s an alternative: Internet Protocol version 6 (IPv6), which boosts the number of addresses up to 2128. This number is so large that we have no words to describe it, but by one estimate there would be more than 2000 addresses for every square meter on Earth. Besides providing more addresses, IPv6 offers greater security (for example, mandatory use of IPsec), and it has features that improve real-time applications.

But migrating the Internet to IPv6 is proving to be painfully slow. Originally, that was because it took a long time for computer scientists and engineers to hammer out the details. During that initial delay, a stopgap, called Network Address Translation (NAT), did such a good job of relieving the need for more IP addresses that it has become a permanent part of the IPv4 landscape. And it lets the administrators of the world’s biggest networks continue to put off the dreary task of changing over to IPv6.

But this is shortsighted, and here’s why. NAT takes advantage of the fact that most networks don’t have very complicated routing needs. A home local network, for example, really needs only a few internal addresses—a computer here, a laptop there, maybe a printer—and has to show only one address to the outside world.

So a router using NAT uses just one IP address for all the computers on its local network. It forms an interface between a small local network and the Internet at large. It takes each local computer’s packets—say, a request for a Web page—and creates a unique way, internal to the small network, of addressing that computer before sending the packets over the Internet. When a Web page comes back, it does so in the form of packets that contain not just the router’s public IP address but the unique addressing information of the local network as well. That way, the NAT router knows which computer on its local network will get the forwarded packets.

This number is so large that we have no words to describe it, but by one estimate there would be more than 2000 addresses for every square meter on Earth

While NAT greatly alleviated the address crunch, its benefits do not come without cost. NAT gets in the way of direct, computer-to-computer communication, which is needed for gaming, video, and other applications. Security suffers as well: IPsec doesn’t work well with NAT.

Even more important, a computer inside the NAT gateway must initiate all connections. It cannot respond to a packet simply sent to its local network’s public IP address, because the router has no way of knowing which computer it should forward the packet to. So it can be very difficult for two devices, both behind NAT gateways, to communicate with each other (for example, two phones trying to establish an IP telephony call). NAT, in a way, has created a two-tier Internet, where some machines can initiate and accept connections while others can only initiate them.

So will the Internet and your home or work computer ever move to IPv6? That’s difficult to say. Most of the Internet routers that your data travels through can now accommodate IPv6. For some years, leading manufacturers such as Alcatel, Avici, Cisco, Juniper, Lucent, and Nortel have been adding the necessary software to their wares. All the leading operating systems—such as Windows, Mac OS X, and Linux—support IPv6, and the U.S. Department of Defense has mandated IPv6 for its own networks by 2008.

Yet a June 2005 survey by Juniper Networks, Sunnyvale, Calif., found that ”few organizations are in the process of migrating from the current standard of IPv4 to the improved IPv6.” For one thing, IPv6 is not backward-compatible with IPv4. This means companies will have to support two protocols simultaneously. For another thing, end users will hardly notice when they’re on an IPv6 system rather than on an IPv4 system. While a seamless transition is normally a good thing, it means that the benefits will appear to be slight at first, and the true value—such as being able to improve security and real-time communications—will appear only over a long period of time. This is hardly the way to motivate cash-strapped IT departments (let alone individual users) to switch to IPv6. So instead of moving to IPv6 in one giant leap, enterprises, carriers, and Internet service providers will add support for IPv6 to their networks but move users only when the time comes to replace or upgrade their systems.

IPv4 and IPv6 may have to coexist for a decade or more. IPv4 can finally be jettisoned only when all carriers, ISPs, routers, switches, firewalls, and servers accommodate packets that use IPv6.

Asia will probably lead the way. Demand for IPv6 is highest there, says Tony Downes, principal technologist at Data Connection Ltd., a London-based maker of networking and communications products. Asia’s rapid adoption of the Internet also means there’s less legacy hardware to deal with, which, Downes notes, is important, because the transition to IPv6 will likely require new hardware as well as new software.

There’s no way around it: IPv6 is happening, from Akihabara to the Pentagon, but the benefits will be slight at first, and patience is required.

About the Author

Nicolas Boillot is a principal in Hart-Boillot LLC, a Waltham, Mass., marketing company that specializes in technology markets.

Advertisement
Advertisement