|
Anyone who has been watching the technology industry for more than a couple of years quickly learns to recognize FUD: Fear, Uncertainty and Doubt. FUD is (apparently) widely believed to be an effective marketing technique, especially when it comes to security, privacy, or scarcity.
But the FUD often falls flat. Scarcity, in particular, is rare on the internet—even rarer than privacy or security. There’s constant FUD about scarcity of bandwidth, but the pipes get upgraded. Attempts to impose artificial scarcity through paywalls or other devices inevitably fail in the face of free alternatives. Even the scarcity of IPv4 addresses, which have indeed run out at the top, hasn’t affected end users at the bottom yet—and probably won’t, for a long time.
Saying that there aren’t any more IPv4 addresses is, quite simply, FUD. We all know it’s FUD because our computers can still connect to the internet. Repeating FUD simply dilutes the message, and often results in reporting which is just laughably wrong.
What’s actually happened is that ICANN, which assigns large ranges of IPv4 addresses to regional registries, has run out of ranges to assign. The regional registries, which in turn assign large blocks of IPv4 addresses to network providers in their region, have for the most part not run out—yet. But they will, eventually, and that’s forcing the network providers to be more cautious about assigning IPv4 ranges to their customers—including the access providers and hosting companies who in turn assign smaller ranges and individual IPs to mail, web, and other servers, and to end users.
What will have to happen between now and then is fairly clear.
First, services which rely on using multiple IP addresses to separate traffic will have to change their architecture. This includes many web hosting environments, because for a long time HTTPS required a separate IP address for each site—but that’s changed, it isn’t necessary any more. Multiple HTTPS sites can now share a single IP address.
It also includes ESPs, who tend to assign one or more IPv4 addresses to each customer that they send for in order to ensure that each has a distinct IP reputation, and to participate in Return Path Certification. But now, we’ve got domain reputation built on DKIM—you can have an effectively infinite number of different signing (d=) domains sent from a single IPv4 or IPv6 address. The big mailbox providers and MTA and filtering vendors have all been getting ready for this, but they can’t bring domain reputation to the forefront and deprioritize IPv4 reputation until the majority of legitimate, wanted mail is signed with DKIM. Similarly, Return Path can’t move our Certified program entirely to domains until both the senders and the receivers are ready for it—which is part of why we’re now requiring DKIM even for IP-based Certification. So, in effect, the ESPs and other large-scale senders have to switch to domains first.
(Many of us in the email industry expect that mail will continue to be transferred from system to system over IPv4 for the foreseeable future, but it’ll get tightened down over time.)
At the same time, customer premise equipment (CPE)—the routers and modems that connect end user networks to their access provider—need to be updated to use IPv6 correctly. Comcast, in particular, has been pushing CPE vendors to make this possible and running lots of tests. If you’re interested, we could cover this in a future article.
And finally, after all of that, we can start talking about deprovisioning the IPv4 addresses which are already out there in favor of moving everything to IPv6, rather than running both networks in parallel.
But, what will convince all of these companies—especially ESPs and hosting firms—to actually make this investment in their future? Maybe that’s where the FUD comes in—maybe they have to be scared into making the right decision. But I’d rather think that they’ll have the foresight to do it calmly, intelligently, all on their own—perhaps after this free training from MAAWG.
And if not, well…sometimes FUD comes true.
(This article was originally published on Return Path’s Received: blog.)
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byCSC
Sponsored byDNIB.com
Sponsored byRadix
Sponsored byVerisign
Switching to domains rather than IP (v4) addresses is not as easy as it might be. On the one hand, DKIM is not such a perfect and universally deployed tool, yet. On the other hand, scarceness makes IPv4 addresses more precious. The large availability of domain names resembles that of IPv6 addresses: there are too many of them. To use such identifiers effectively, we would have to switch to positive reputation rather than relying on black lists, which calls for two switches, not one.
The inertia in email modes of operations is staggering. I think everybody agrees that having reliable domain names as arguments on the HELO verb is an unthinkable daydream (I wrote a Verified Hello SMTP extension, which expired last year because nobody was interested in it—even if it provided for pre-fetching DKIM keys). Perhaps, we could stick to the convention that email relays use IPv4. What’s wrong with that? There are more IPv4 addresses than the amount of legitimate mail servers we’ll ever have, so we might plan to stick to them. By reserving each dismissed IPv4 address for email relays usage only, one day IPv4 will only be used for SMTP…
It's a neat idea. Mail servers will probably have to straddle both IPv4 and IPv6 for a long time, as my colleague Todd Herr wrote in an article last year: http://www.returnpath.net/blog/received/2010/08/ipv6-and-email/ From there, well...as you say, staggering inertia.
I've mentioned this issue at the Address Policy WG meeting at RIPE62, where they were finalizing the "last /8" allocation details. The chair answered that
LIRs may be more flexible, but it won't happen by chance that they all come out with uniform settings. Any idea who could make a coordination proposal about this issue?Two months after describing exhaustion of IPv4 as FUD, APNIC announced it reached its last available block of IPv4 addresses. APNIC did not even make it to world IPv6 day. Email serves more than just North America and uses more than just ASCII.