Skip to content

Instantly share code, notes, and snippets.

@simonster
Created April 19, 2017 20:21
Show Gist options
  • Save simonster/e22e50cd52b7dffcf5a4db2b8ea4cce0 to your computer and use it in GitHub Desktop.
Save simonster/e22e50cd52b7dffcf5a4db2b8ea4cce0 to your computer and use it in GitHub Desktop.
Next Generation MITnet

To the members of the MIT community:

We are writing to inform you of plans to upgrade the MIT campus network, and in particular to upgrade MIT to the next generation of Internet addressing. (Please note that no action is required on your part.)

Machines on the Internet are identified by addresses. The current addressing scheme, called IPv4, was specified around 1980, and allowed for about 4 billion addresses. That seemed enough at the time, which was before local area networks, personal computers and the like, but the Internet research community recognized around 1990 that this supply of addresses was inadequate, and put in place a plan to replace the IPv4 addresses with a new address format, called IPv6. IPv6 uses a 128-bit address scheme and is capable of 340 undecillion addresses (340 times 10^36, or 340 trillion trillion trillion possible IP addresses). This stock of addresses allows great flexibility in how addresses are assigned to hosts, for example allowing every host to use a range of addresses to make tracking more difficult. With IPv6, we need not worry about the proliferation of smart phones, the Internet of Things, or whatever comes next.

While IPv4 is still the workhorse of Internet addressing, IPv6 is coming. All major operating systems and devices already support both IPv4 and IPv6. Many of the large Internet Service Providers are supporting IPv6, and major content providers are moving to support IPv6, and so it is time to upgrade the MIT network for the future and make our network IPv6-capable.

For most users, this upgrade will be transparent. Once we upgrade our network infrastructure, most computers will start using IPv6 addresses automatically as appropriate. We will have to make some upgrades to our infrastructure, and the plans for this are under way.

MIT’s excess IPv4 capacity As we plan our migration to IPv6, it is appropriate for MIT to consider its own stock of IPv4 addresses. While the Internet is running out of addresses overall, MIT actually has a large surplus. MIT helped lead the development of the Internet from the 1970’s onward, and David Clark, a Senior Research Scientist at our Computer Science and Artificial Intelligence Lab (CSAIL) quickly saw the importance of these addresses and requested an early allocation of them, both to support research and eventually to support all of computing at MIT. We hold a block of 16 million IPv4 addresses.

Fourteen million of these IPv4 addresses have not been used, and we have concluded that at least eight million are excess and can be sold without impacting our current or future needs, up to the point when IPv6 becomes universal and address scarcity is no longer an issue. The Institute holds a block of 20 times 10^30 (20 nonillion) IPv6 addresses.

As part of our upgrade to IPv6, we will be consolidating our in-use IPv4 address space to facilitate the sale of MIT’s excess IPv4 capacity. Net proceeds from the sale will cover our network upgrade costs, and the remainder will provide a source of endowed funding for the Institute to use in furthering its academic and research mission.

Given the source of these new funds, we believe that MIT should use them, whenever possible, to support activities focused on the future of the Internet and the global cyber-infrastructure. Our intention is not only to advance our own agenda, but to help shape the future of the on-line world. For instance, non-technical issues are now shaping the future of the Internet as much as, if not more than, technical innovation. Because finding funding for research and education in these areas can be difficult, using MIT’s IPv4 proceeds to support such efforts could benefit all future Internet users. David Clark has agreed to lead an advisory group to assist us in determining how best to proceed with this effort. We will be asking the MIT community for suggestions and proposals.

Migration plan Over the next twelve to eighteen months, IS&T will be upgrading MITnet equipment and architecture to enable support for IPv6 devices, hosts, and networks, as well as IPv4. IS&T will provide a building-by-building schedule for updating IP addresses of the Institute’s networked devices and hosts.

John Charles is available to answer any questions you may have.

Sincerely,

Martin A. Schmidt Provost

Israel Ruiz Executive Vice President and Treasurer

@miiitstud
Copy link

@simonster My system does not support IPv6, does that mean that it will simply stop working with the network when this move is made?

@l1n
Copy link

l1n commented Apr 20, 2017

@miiitstud Not OP but it looks like MIT is moving to dual v4/v6 networking, so you should be fine.

@i336
Copy link

i336 commented Apr 20, 2017

I'm not at MIT, but we're talking about a huge institution with all manner of networked hardware - everything from networked SCADA/HVAC (on dedicated nets/VLANs, I would hope), to embedded controllers in years-old lab equipment, to retrocomputing groups - and I am 100% confident IPv4 will remain available to those who need it.

This may be in the form of locally-deployed switches that concentrate a group of physically-close IPv4 devices, or the ability to request MIT's backbone handout an IPv4 address to your MAC.

Don't forget, MIT has reserved slightly less than 8 million IPv4 addresses to for their public pool. I can see the network engineers thought carefully about this; I can't honestly see worst-case requirements for IPv4 requiring more than 8mil addresses even over the next 15 years.

Finally, note the "as well as IPv4" at the end of the text.

I am super happy to hear about this (and if anyone wants to reference other wholesale IPv6 changeovers they're aware of here, I at least certainly won't complain, and would welcome any links). IPv6 has been on the threshold of adoption for decades+ now, and getting it into a research and academic environment like MIT exposes the next generation of graduates to the real-world challenges of v6 networking. That's honestly really really good.

@bwanaaa
Copy link

bwanaaa commented Apr 20, 2017

how much can you get for an IPv4 address that is sold by the hallowed birthplace of the ARPANET?

@dehnert
Copy link

dehnert commented Apr 20, 2017

My system does not support IPv6, does that mean that it will simply stop working with the network when this move is made?

What do you mean? I think basically every modern OS supports it (see https://en.wikipedia.org/wiki/Comparison_of_IPv6_support_in_operating_systems; Vista was 10+ years ago, and OSX and Ubuntu added support 5+ years ago) and the limiting factor is generally the ISP, so once MIT adds support your system might start working with IPv6. (In addition, of course, MIT's not actually getting rid of IPv4 -- enough websites are still IPv4-only, I believe, for that to be crazy.)

@andrew-ayers
Copy link

Just throwing something out here (ignore and berate as necessary), and I am not a stakeholder in any way to this, but why does MIT need such a large block of IPV6 addresses, when they only used 1/8 of their IPV4 capacity? I can't envision how big 20 nonillion, but it sounds like a huge number (I'm being a bit facetious here; I know it is fairly tiny compared to the entirety of the IPV6 address range)...

Will there simply be a repeat of the same scenario in the far future (I know that's not likely - but bear with me here)? What percentage of the currently used 2 million IPV4 addresses actually needed to be public facing (and not behind a NAT)?

It bothers me that in the early days of the internet, there was this "gold rush" of certain organizations that wholesale grabbed huge swaths of the IPV4 space, then didn't release them when it became clear that the public internet was going to need them (ie - after 1994 or so). Most, if not all of them, never even came close to using their block completely. I'd daresay that in many cases those addresses used didn't even need to be "public accessible", but that is only a guess of course.

Despite the fact that the new IPV6 range MIT has reserved is tiny compared to the total range, I have to wonder if that range won't be underutilized as well? In a way, this seems like a case of pre-optimization, at the expense of the wider community. Again - I realize that the block is tiny comparatively. But think about it in terms of the past:

Had MIT only reserved a smaller block (and had all those other organizations had done the same) and had allocated IPs been only used for public-facing usages, and other means used (NAT, etc) for internal-facing purposes - IPV4 could have potentially been extended for a longer period of time. I similarly wonder if a smaller IPV6 couldn't have been selected instead, and then use NAT in IPV6 to extend from there? Then again, I am not a network engineer (that should probably go without saying - ha!), nor can I envision a case or need where 20 nonillion addresses need to be public facing (maybe one address per atom that make up the simulated neurons in a super-neural-net of the future? I dunno) - but that's likely a failure of my imagination.

I guess the upside of all this is to be thankful that the original designers had anticipated this land-grab early, and came up with a plan and executed on it to mitigate the issue in the end. Something tells me, though, that even this vast swath of land will be gobbled up in the same wholesale manner faster than we think, and we'll just be back at the drawing board with this same kind of issue in the future.

I don't keep up on this stuff though, and I likely won't be around - perhaps there's already a plan out there for the next IPVxx version, where this time, "it will be fixed" - again forgetting just how the human race seems to operate. Perhaps what is needed is some kind of address space that self-expands as limits are approached, or is somehow fractal in nature, or something - so that it really would be fixed for now and forever (or maybe such a system isn't possible).

@mlyle
Copy link

mlyle commented Apr 20, 2017

Just throwing something out here (ignore and berate as necessary), and I am not a stakeholder in any way to this, but why does MIT need such a large block of IPV6 addresses, when they only used 1/8 of their IPV4 capacity? I can't envision how big 20 nonillion, but it sounds like a huge number (I'm being a bit facetious here; I know it is fairly tiny compared to the entirety of the IPV6 address range)...

@andrew-ayers I don't think MIT's allocation is as large as said in this snippet-- but even if it was-- IPV6 is big enough for more than 10,000,000 allocations the size of MIT's claimed allocation. As opposed to the situation in IPv4, where MIT had 1/223rd of the space.

The whole point of IPV4 is there's oodles of space available and it's possible to give everyone huge blocks, which in turn can be assigned with a lesser degree of care.. Everyone who gets a "standard" allocation from a tunnel broker gets a /64, or 10^19 addresses. (e.g. my home network).

(It looks like to me in actuality that all MIT addressing is in actuality 3ffe:1ce1:0, which is a /48 ... which IPv6 has 65536 times as many of as it has IPv4 addresses... so in theory every person on earth could run 50,000 things the size of MIT's IPV6 usage before we'd get low on space)...

@lluchs
Copy link

lluchs commented Apr 20, 2017

Address count in IPv6 allocations is generally a red herring. IPv6 addresses are 128 bit long, but only the first 64 bit are allocated and the end systems decide on the rest themselves.
So every end system has more IPv6 addresses available than the total number of IPv4 addresses. There's no concern at all about IPv6 addresses running out.

@OverlordQ
Copy link

@andrew-ayers, because when all of the original /8's were given out, millions of networked devices was unthinkable. So there was no 'gold rush', it was a 'this is more than anyone could ever need'

@generalgau
Copy link

640kb is enough for anyone.

@CyBeRoni
Copy link

It looks like to me in actuality that all MIT addressing is in actuality 3ffe:1ce1:0, which is a /48

3ffe::/16 was the old 6BONE allocation. No prefixes from this allocation are active at this moment, and it will be a while before we get to it again. Any current allocation starts with 2.

MIT's actual current IPv6 allocation is 2603:4000::/24.

@shirleymarquez
Copy link

MIT had about 700 IPv4 addresses for every human being associated with the Institute (undergraduate and graduate students, faculty, and staff - about 23,000 total). After the selloff it will only have 350 address per human being. And many of those humans aren't even using public IP addresses; most client computers (desktops, laptops, tablets, phones) use local addresses that go through network address translation (NAT) to reach the public internet. (Only computers that provide services that are meant to be accessed from an area larger than the local LAN need addresses from the public pool. Providing internet access via NAT does use up some public addresses, but the ratio is at least 10 clients per public address. The utilization will vary: a small classroom may only have a few clients, while the network for a large lecture hall or a dormitory floor could have hundreds.) The transition to IPv6 should be complete long before all of MIT's IPv4 addresses get used up, even after giving up half of them.

Source for the number of people at MIT: http://web.mit.edu/facts/faqs.html

@CyBeRoni
Copy link

Only computers that provide services that are meant to be accessed from an area larger than the local LAN need addresses from the public pool.

That is neither how the internet was designed, nor how MIT runs its networks. For the most part, MIT does not use NAT for computers connected to its networks regardless of whether or not those computers are "providing a service".

@AbrahamYChen
Copy link

As an alumnus of MIT, I believe that it would be prudent to share the following Internet development results with the community:

https://tools.ietf.org/html/draft-chen-ati-adaptive-ipv4-address-space-03

The work, abbreviated as EzIP (Easy IPv4) will not only resolve IPv4 public address pool exhaustion issues, but also largely mitigate the root cause to cyber security vulnerabilities, plus open new possibilities for the Internet, all within the confines of the IPv4 domain . These should relieve much of the IPv4 address shortage pressure as well as the consequent urgency to roll out the IPv6.

I look forward to thoughts and comments.

Abe (2018-07-07 11:10)

@AbrahamYChen
Copy link

Our study now indicates that there is practically no need to go to IPv6. Since EzIP can multiply each public IPv4 address by 256M (Million) fold without affecting current equipment, this enables over 75% of nations to serve their respective countries starting from one IPv4 address that is already assigned to that nation.

Essentially, the CIR (Country-based Internet Registry) model proposed by ITU-T based on IPv6 a few years ago can now be stealthily implemented under IPv4, even without forming the sixth RIR at all.

Thoughts and comments would be much appreciated.

Abe (2018-08-18 18:02)

@JasonHuangJiaCheng
Copy link

My company would like to acquire some of these IPv4 address, may I ask whom should I contact with? Thank you

@ak2766
Copy link

ak2766 commented Jan 26, 2020

Despite the fact that the new IPV6 range MIT has reserved is tiny compared to the total range, I have to wonder if that range won't be underutilized as well? In a way, this seems like a case of pre-optimization, at the expense of the wider community. Again - I realize that the block is tiny comparatively. But think about it in terms of the past:

That 20 nonillion is no small number no matter the fraction of the total range - they've done the math already. This equates to 64 times what the math dictates should be the allocation for MIT based on the 166 acres of land that it occupies. So, is this a good thing or bad thing? I'll leave that to those much better at analyzing such things.

@liangtongzhuo
Copy link

wow, ipv6 Now support is increasing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment