Something Dumb
September 26, 2005 on 3:25 pm | In Insider View, Rants by Josh Jones |
We use a lot of IPs. Over 14,000 currently, with more and more every day.
Fortunately, there are a lot out there (over 4 billion, even before IPv6), so we really aren’t in any great danger of running out.
Except we are!
You see, even though there theoretically are 4 billion IP addresses, it isn’t just a big pool of digits for any web host to dive in and scoop up whatever they want, whenever they want, however they want, whomever they want.
Instead, you have to apply to your Regional Internet Registry when you want more, in a process somewhat similar to that of registering domain names. However, because IPs are in relatively short supply (only 4 billion, as opposed to the almost one GOOGOL possible .com domain names) you can’t just buy as many you want! You actually have to apply and prove that you’re deserving of more IPs.
That’s a good thing though… the Internet would be in big trouble if say Microsoft decded to buy up all the remaining IPs in the world! IPs aren’t nearly as expensive as domains (you can get a “/14″ (262,144 IPs) for $18,000/year .. just 7 cents each!)… so in theory, Microsoft could buy ALL existing IPs for about $250M/year. For a $40B company, I think that might be worth it to basically OWN THE INTERNET!
To I guess prevent this from happening, and to keep people from being careless and wasteful with such a limited resource, ARIN will only let you get more IPs if you’ve already used 80% of the ones they’ve assigned to you. To prove it, you have to send them a report of the IPs in your last allocation and how they’re being used, which they even then check!
That seems fine and dandy, except for just one problem. The threshold isn’t 80% of your total IPs, it’s just 80% of the last allocation you received.
Which is why we’re in trouble!
We’re well over 80% utilization for ALL our IPs, and because of the exponential nature of our growth, and the sometimes slow process of getting more IPs from ARIN, we feel now is the time to get more IPs so we don’t run out (which would be… very bad).
The last time we applied for some IPs, we asked for a “/19″ (8192 IPs), but they only gave us a “/20″ (4096). This means that they won’t approve our application for more IPs until we have only 819 left. Which therefore means, we really can’t get more IPs until we’re 95% full… cutting it a little close, ですね?!
And, 819 IPs may sound like plenty, but really it’s not, because for ease of administration we allocate chunks of our own IPs among our various services. So there are chunks of IPs that are reserved for web servers, chunks reserved for https and anonymous ftp, chunks reserved for mail servers, chunks reserved for database servers, and so on and so on.. and if ANY of these chunks run out we start to have problems and have to allocate them another chunk (which is generally 256 or 128 IPs all at once).
What to do?
Well, there’s only one thing to do, which is pretty silly, and is what we’ve done.
We’ve used a lot of our newest allocation of IPs on things that already had IPs assigned from our original allocations! We then freed up the old IPs and are going to keep available a huge chunk of emergency IPs from that. We’ll only use those IPs if we ever run out of IPs in our newest allocation before ARIN assigns us some more.
By moving IPs from our original allocations to our most recent one, we were just able to get our usage up to 80.1%! So we’ve submitted our application, which will hopefully go through with plenty of time before we have to start delving back into our old IP space. We’ll probably be fine.
It’s just annoying to have to do such a meaningless re-ordering of our network, just because ARIN goes by 80% utilization of your last allocation, instead of your entire allocation.
Funk dat!
C’mon ARIN, change dat!
15 Comments
Sorry, the comment form is closed at this time.
Categories:
Archives:
- May 2008 (2)
- April 2008 (2)
- March 2008 (3)
- February 2008 (5)
- January 2008 (7)
- December 2007 (3)
- November 2007 (3)
- October 2007 (5)
- September 2007 (3)
- August 2007 (4)
- July 2007 (4)
- June 2007 (7)
- May 2007 (3)
- April 2007 (3)
- March 2007 (8)
- February 2007 (4)
- January 2007 (6)
- December 2006 (5)
- November 2006 (2)
- October 2006 (4)
- September 2006 (4)
- August 2006 (5)
- July 2006 (3)
- June 2006 (3)
- May 2006 (5)
- April 2006 (6)
- March 2006 (7)
- February 2006 (6)
- January 2006 (8)
- December 2005 (7)
- November 2005 (5)
- October 2005 (8)
- September 2005 (19)
- August 2005 (11)
- July 2005 (4)
Other Sites
- DreamHost Status - An off-network page for all DreamHost Announcements! (Not as silly as this blog.)
- DreamHost! - The host behind the blog.
- Forum - Discuss DreamHost and web hosting!
- Web Control Panel - Manage your account.
- Wiki - On DreamHost and web hosting.
Powered by WordPress. Pool theme by Borja Fernandez, modified by DreamHost.
Entries and comments feeds.
^Top^
I had no idea of these perils of web hosting. Thanks for another informative and fun post!
Now if you would only update more often so I have something to do all day instead of work…
Comment by Spiffness — September 26, 2005 #
Muahahahahahahaha…. My plans for constructing the ultimate evil webhost, based on the plans of the ultimate good webhost, are almost complete because of this blog!!!
Step 1 for nightmarehost(TM)> buy cheap webhost servers!
Step 2 for nightmarehost(TM)> move the IPs funky all around to mess with the grand IP god’s head… Arin…
Comment by Daniel — September 26, 2005 #
Wow, I never even thought about the fact that there are only so many IP addresses. I love entries like these. =D
Comment by Pange — September 26, 2005 #
Just be glad you have control over your networks and servers. I work for a very, very large ISP, and we’ve had to have customers renumber a few times.
We’re talking years, here.
Not cool.
Comment by Adam — September 26, 2005 #
I can tell you something even dumber.
I work for a large company where we are deploying IPv6 on our network. I have a number of application servers on the network which have need for IPv6 services, so I applied (internally) for addresses for them.
Now, keep in mind that for each of my app servers my current IPv4 addresses are a /30 network (which gives you two usable IPs). This is perfect - one IP for the router I’m connected to, and one for my app server. No waste.
The IPv6 allocations I received for EACH app server were for a /64 network. That’s a 64-bit address space. So that’s the entire public internet today (32 bits) SQUARED. For ONE app server.
Let me restate this using some actual numbers.
Today’s entire public internet: 4,294,967,296 (approx 4.3 billion IPs)
Each of my app servers (one physical system): 18,446,744,073,709,600,000 (which, unless I’m counting wrong, is something around 18.5 PENTILLION addresses).
Anybody want to guess how we got into the IPv4 shortage problem in the first place? You guessed it - giving away big blocks too freely at the beginning because “hey there’s four billion of these things - we’re not going to run out!”
Adam: I can sympathize with you. We’ve had to renumber customer and internal networks many times to accomodate ARIN’s draconian justification policies.
Comment by darkwing duck — September 26, 2005 #
Darkwing duck, using /30 addresses internally is actually much more wasteful than you think — because for each of those servers, you have two usable addresses and two entirely unusable addresses (the network address and the broadcast address). In general, if you put all the servers in the same larger subnet, you’d be a lot better off. Likewise, there’s no reason why you can’t have all the app servers on the same /64 IPv6 network — the choice of allocating an entire /64 for each app server was one that you (or your organization) made, not the IPv6 gods.
Comment by Jason — September 26, 2005 #
Oh, and even if (using /64 delegations) you cut the IPv6 network address space in half, there would be 2.2 x 10^20 (220,000,000,000,000,000,000) addresses for every square inch of the Earth’s surface. One of the primary goals of IPv6 wasn’t to solve the issue of limited address availability, but rather to make network routing easier by trying to avoid address fragmentation within organizations; in that vein, 128-bit addresses were chosen (since they allow many, many orders of magnitude more addresses than are needed, meaning that organizations can be given address blocks that are likewise many, many more addresses than they need).
Comment by Jason — September 26, 2005 #
So if Microsoft could just re-allocate their latest allocation of IP’s, and request another batch, and keep re-allocating and requesting, they could soon buy them all out?
Comment by C Montoya — September 26, 2005 #
Hmm, theoretically I guess they could!
But hopefully ARIN would notice and figure it out… of course, if they just did it based on total usage, that couldn’t happen!
I guess an argument against total usage is that it makes it harder to compile the report, and harder for ARIN to check. However, anybody making a report has an automated way to do it (nobody wants to do even 4,096 IPs by hand), and ARIN only randomly checks various IPs for accuracy, so having the full report wouldn’t really add any work for anybody (besides the poor script creating the report)!
Comment by josh — September 26, 2005 #
Jason,
I agree that in general, /30 is wasteful, but the point of these allocations is that the address must be portable from one physical location, and network, to another. So I can pick up a host in Boston and move it to Minneapolis if necessary and keep the same IP, even if nothing else moves. Since this geographic portability and address stability happens to be important to the application, a /30 is the best approach that we’ve found to do it.
I understand it’s my own people’s fault for allocating a /64 - that’s why I made the point of saying I applied for the IPs internally :-)
I see your point about address fragmentation, and I’m sure this is the motivation my local admins had behind their allocation practice. They’re allocating out of a /48 network, I believe.
josh,
ARIN is almost certainly using automated tools to check. I don’t know what they do - just a ping? If it’s just a ping, it’d be trivial to fake allocations. Just put a ton of IPs as virtual interfaces on some box and they’ll all respond, even if you don’t use them.
A guy I worked with in the mid-90’s completely defrauded ARIN when they started requiring these justifications. He sent them detailed, but wholly fabricated documentation of our allocations, including invented conversations between real and fictional employees discussing various allocation issues. I found it amusing that he chose to make me the company’s resident jack@ss and most of the profanity-laden comments had my name attached. He got the allocation he requested (easily 2-4 times what we really needed).
Comment by darkwing duck — September 26, 2005 #
HOLY CRAP! Unlimited domains? Why’d this happen quietly?
And the panel is cooler too?
Comment by Zach — September 27, 2005 #
I though Al GORE own the internet
;D :P ;)
Comment by Denis — September 27, 2005 #
Wait wait wait. I have the Sweet Dreams account. It says I have unlimited domains.. WHAT? Is that true? I dont have to buy any more booster packs for more domains??? Is that a mistake?
Comment by Chris — September 28, 2005 #
*head explodes*
Comment by Jennifer — September 28, 2005 #
No mistake there?
Comment by Dmitriy — December 19, 2005 #