I Remember When I Used a Public IPv4 Address

When was the last time you actually used a public IPv4 address?

I don't know about you, but it has been a long time since my laptop was assigned a public IPv4 address. Most of the time my laptop has a private RFC1918 IPv4 address. Rarely does my computer have a public IPv4 address for the purposes of creating IPv6 6to4 tunnels. Therefore, I must use IPv6 transition techniques that encapsulate my IPv6 packets in other forms so I can reach the IPv6 Internet. When was the last time that your individual laptop or desktop computer was assigned a public IPv4 address?

It occurs to me that I haven't used a public IPv4 address in quite some time. Rarely do I get assigned a public IPv4 address that directly connects me to the Internet. I am almost always on a private IPv4 segment that operates without IPv6. When I am "on the road" in hotels I am allocated only RFC1918 addresses behind their captive portal systems. When I am in client offices I am using private addresses tucked in safely behind a firewall that is performing NAT. 

While some 3G broadband wireless laptop card services like Verizon provide their customers with public IPv4 addresses. There are wireless service providers who provide private addresses for users. Many service providers are giving those 3G cards private IPv4 addresses. For example, Cricket assigns users of their A600 USB wireless interface private IPv4 addresses. However, some providers can provide a static public address for an additional fee. Sprint charges $3/month for a static public IPv4 address. However, when I use PdaNet and connect to the Internet through my Sprint phone I do get a public IPv4 address at no additional cost.

At my home I am behind a simple broadband router that performs NAT. My internal home network is in the typical range. The only public address is on the outside of my broadband modem. Whether you have a cable modem or a DSL modem the public address is on the outside of that device and the residential user gets assigned addresses. Therefore, if you hook up your own router behind that device your person router's external interface will have a address and the internal interface of your personal router will also use private address space. Thus you are behind at least two cascaded NATs. I realize that many service providers can provide a public IP address to customers but they typically charge for that service. Sometimes that public IPv4 address you get is subject to change at a moment's notice and is not necessarily permanently assigned unless you pay additional fees.

IPv4 Address Depletion

The reason that we see so much use of private IPv4 address ranges is due to the fact that pubic IPv4 addresses are becoming more precious. The IPv4 free pool is reducing and there are about 10-13% of the available IPv4 addresses remaining to be allocated. Service providers are concerned they won't have a sustainable business model for the future if they can't continue to allocate addresses to their customers. IPv6 is the only alternative but it is taking time for the transition to occur.

There are several good resources to consult regarding IPv4 address depletion. One of the key people focused on this issue is Geoff Huston and his page provides valuable statistics. Another good resource is Stephan Lagerholm's IPv4 Depletion page which now features a new dashboard of information calculated a variety of ways. IANA also provides information on the currently allocated IPv4 address space. The registries also have information on the IPv4 addressing crisis. ARIN sent out a letter to its member organizations reminding them about the IPv4 address depletion issue and encouraging organizations to start their IPv6 transition. The Number Resource Organization (NRO) also provides information about address usage.

IPv6 Dynamic Tunneling

When we consider the transition to IPv6 some of the transition techniques actually rely on the fact that you are using a public IPv4 address. Dynamic tunneling techniques like 6to4, Teredo and ISATAP actually embed the 32-bit IPv4 address within a 128-bit IPv6 address. Dynamic Tunnels are created automatically based on the addressing and routing. A dynamic tunnel is configured on a router and the other end of the tunnel is dynamically created "on the fly", depending on the destination IPv6/IPv4 address in the packet being forwarded. These dynamic tunneling techniques get around the administrative issues with having to maintain a large number of statically configured tunnels. Dynamic tunneling techniques can be used behind a NAT if they perform some type of encapsulation of the IPv6 packet or embed the IPv4 address within the IPv6 address. Techniques like 6to4 and Teredo can be used behind a NAT whereas ISATAP cannot. Below is a picture of the 6to4, ISATAP, and Teredo address formats.

Dynamic Tunnel Address Formats

If you are lucky enough to have a public IPv4 address then you can use 6to4 to connect to a public 6to4 relay to gain access to the IPv6 Internet.

A 6to4 (RFC3056) tunnel is a dynamic tunnel where the tunnel destination doesn't need to be determined ahead of time. A 6to4 tunnel is configured on a router or a computer and the other end of the tunnel is dynamically created "on the fly", depending on the destination IPv6 address in the packet being forwarded. 6to4 requires that sites us a globally unique address that starts with the prefix 2002::/16 and then the next 32 bits is the embedded IPv4 destination address. 6to4 relay routers use the IPv4 anycast address If you create a 6to4 tunnel to this IPv4 address and use a default route to send all IPv6 packets through this dynamic tunnel the "nearest" 6to4 relay router will unencapsulate the IPv6 packets and send them to the IPv6 Internet. You can configure the 6to4 tunnel directly within your IPv6-capable operating system or you can use a hardware device like an Apple Airport

Extreme or a Linksys WRT.

Therefore, if you want to be able to reach the IPv6 Internet when you have a private IPv4 address then you must use transition techniques that support going through a NAT. Teredo (RFC4380)works much the same way as 6to4 except that:

  • the IPv6 addresses utilize the 2001::/32 Global Teredo IPv6 Service Prefix,
  • the Teredo relay uses the DNS name teredo.ipv6.microsoft.com,
  • and Teredo packets are encapsulated inside IP packets using UDP port 3544.

The Teredo relay unencapsulates the IPv6 packets and forwards them to the IPv6 Internet.

Another technique you can use to reach the IPv6 Internet when you are behind a NAT is to use a Tunnel Setup Protocol (TSP) client. This software will encapsulate your IPv6 packets and send them to a tunnel broker that will unencapsulate your packets and forward them to the IPv6 Internet. Sometimes the TSP client software is available for free. I like the Freenet6 client, however, if you are in different continents you may prefer to use a TSP tunnel broker closer to you such as ja.net's IPv6 tunnel broker. SixXS maintains a list of TSP tunnel brokers around the world.

Someday I will be telling my grandchildren about the good-old-days when I used public IPv4 address space. By that time IPv4 addresses will be reserved for royalty and those in the entertainment business who can afford such luxuries. The rest of us will remain behind 4-layers of NAT. That is, unless the rebels rise up and transition to IPv6 first.


Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10