Back to Contents

Getting Around the IPv4 Shortage

We have been running out of IPv4 addresses for a while, and asking for a subnet from any ISP is also becoming difficult and expensive. There’s definitely a need for IPv6 implementation as soon as possible, but we’re still a long way off.

Some people feel that IPv6 doesn’t compare to IPv4. We’re not going to tackle that here, but we’ll point out their differences briefly through this tweet by ARIN:

 

 

The major problem with IPv6 addresses is that consumer-facing ISPs aren’t exactly handing them out like candies. Aside from this, businesses are also finding it strenuous to get an IPv6 subnet due to long forms and a lot of red tape.

For instance, ISPs normally require businesses to disclose the details of every computer that will be using the IPv6 addresses. Businesses also need to outline what each of these computers will be used for. That’s a very tedious requirement, even for medium-sized organizations.

ISPs may be facing the same challenges that VPN providers are having since providing IPv6 support requires new infrastructure which can be quite expensive.

Thankfully, there are still ways to get around this IPv4 shortage since the world clearly isn’t ready for IPv6 yet.

NAT – IPv4 vs. IPv6

Network Address Translation (NAT) was primarily developed to address the shortening lifespan of IPv4 addresses. With NAT, there is a need for only one IP address, which is assigned to a router. All devices behind this IP address are accessible through different ports.

 

 

The absence of NAT in IPv6 has been a cause for concern for some businesses and IT experts since the additional layer provided by NAT makes network connections more secure. Thus, peer-to-peer communication (which is a major characteristic of IPv6) is not possible with IPv4 since NAT requires that a server goes through a translation layer to address another server.

Using reverse proxies

Reverse proxies work like NAT, but on a different level. They are mostly used by websites to direct traffic and protect their main server. A reverse proxy does the following:

  • Accepts all traffic: Reverse proxies get hold of all traffic towards a server which has a single IP address.
  • Reads the host header: A reverse proxy decides which back-end server connected to the IP address should receive the request. It does this by reading the host header present in HTTP, or Server Name Indication (SNI) in HTTPS traffic, then comparing that header with their configurations.
  • Routes traffic: The reverse proxy then sends the request to the appropriate server.

One of the advantages of web traffic reverse proxies is that they provide a faster user experience since they cache static content. When a familiar request comes in, reverse proxies can search for the response within its cache memory so that they can immediately send something back without having to route the traffic to the back-end server.

Reverse proxies are also widely used to detect packet content inspection and denial of service attacks. They further allow SSL front-end on websites that don’t have native support for SSL; this can be done through free open-source software called NGINX. The video below explains how to configure NGINX as a reverse proxy on CentOS with SSL:

 

 

Commercial reverse proxies are also available, such as Barracuda NG Firewall, Citrix NetScaler VPX, and Smoothwall UTM.

Beating the IPv4 scarcity

Currently, most IP registries have run out of public IPv4 addresses. ARIN ran out of them in 2015, RIPE in 2012, APNIC in 2011, AFRINIC will be done within 2019, and LACNIC is on its last few millions. There will come a time when IPv4 addresses will be completely used up, and we really need to move on to IPv6 addresses. That’s still far from happening.

NAT and reverse proxies are just some technologies that help us beat the scarcity of IPv4 addresses. For instance, it used to be that sites that want SSL are required to have its own IP address. Needless to say, this used up a lot of IPv4 addresses. However, thanks to SSL and reverse proxies, one IP address can already be used by several SSL sites. NAT has the same effect.

For now, we just need to use IPv4 wisely and take advantage of technologies that help us conserve and prolong its life until IPv6 is implemented.

 

Categories: Proxy Help,

Jeff M