Just how many IPv6 addresses are there? Really?


When I began this article I planned to debunk a couple of myths show that the number of IPv6 addresses is not really as huge as people made out. I have logic to show that really there is only a small fraction of the 340 undecillion possible IPv6 addresses that will ever be used.

But that number is still so huge it makes precious little difference to the vast number of available IP addresses, and any service provider that thinks that they shouldn’t be planning to give every tiny customer a /48 slice of the IPv6 address space should think again. You can and you should. There is enough /48 IPv6 address prefixes available to give every person on the planet about 4000 allocations before IANA has to release some more of the 80% of the space which is still undefined!

So, brave reader, read on if you want to see the logic of my miserable attempts to make the numbers any less bewildering.

Here are the myths I set out to debunk:

  1. There are 3.4×10^38 IPv6 addresses.
  2. It would take three times the age of the universe to actually scan all the IPv6 addresses on a 48 bit IPv6 subnet if you were scanning at a million addresses per second.
  3. Service Providers will not have enough IPv6 addresses to allocate /48 IPv6 prefixes to small businesses and home users. (Indeed, I’ve already written a post about a proposal to allocate /56 prefixes to such users)

Myth 1: 340 undecillion IPv6 addresses.

You may have heard that the new IPv6 addressing scheme now finding its way into the Internet will allow the Internet to grow to a massive 340 undecillion addresses. That theoretically is true. 2 raised to the power of 128 is indeed 340,282,366,920,938,463,463,374,607,431,768,211,456. But quoting this figure ignores two important facts.

Firstly, the IANA has only released a portion of the IPv6 address space for public addressing. As per RFC 2374 (obsoleted by RFC 3587) all public IPv6 addresses have the first three bits set to 001. This means in a practical sense, all Public IPv6 addresses
a) begin with either a 2 or a 3 as the most significant hexadecimal digit, and
b) the first hextet of the address will be 4 hexadecimal digits long.

You can tell that 1234:5678:9::A and 234:5678:9::A are not a valid public IPv6 address simply because the first begins with a 1 and the second has only 3 digits in the first hextet.

In any case, this little fact means that the number of addresses is now reduced to 2^125.

Wow. That didn’t help to make it easier to understand did it? 2^125 is still a very big number – about 4.2×10^37 It barely knocked one of the 38 zeros off. We are down to 42 undecillion from 340 undecillion.

Key takeaway:
All valid IPv6 host addresses begin with a hextet of 2xxx: or 3xxx:

But there is another thing to consider. All subnets are to have 64 bit masks, even if it is a point-to-point link, which will only ever have a maximum requirement of two addresses, so we can subtract 2^63 addresses from the total pool size for every point-to-point subnet that will be deployed, which will be many thousands.

But even if every network in the world was a point-to-point network and we are only using 2^125 addresses, that’s enough for 2^62 point-to-point networks. 4.6×10^18 – enough for 7.7×10^8 for every person on the planet.

So I’m not even going to attempt to see what tiny difference this makes to the total number of available addresses. No matter how to try to shave it down, there are plenty of addresses.

Myth 2: It would take three times the age of the universe to actually scan all the IPv6 addresses on a 48 bit IPv6 subnet if you were scanning at a million addresses per second.

I recently heard a quote from the esteemed Geoff Huston that it would take three times the age of the universe to actually scan all the IPv6 addresses on a 48 bit IPv6 subnet if you were scanning at a million addresses per second.

This got me thinking. Could this be true? I thought I’d check out the maths, and hopefully come up with a more comprehensible number.

A 48 bit mask on an IPv6 address splits a 128 bit address into 65,536 (2^16) networks, each with 2^64 possible hosts. And indeed, if you assume that it is possible to use all 2^64 addresses in a subnet, it would indeed take 38 billion years to scan all possible addresses. Given that the universe is believed to be about 13.7 billion years old, then Geoff’s claim seems vindicated.

But then I started thinking, “hang on, if those subnets are using automatic addressing, then some of the bits are predictable, so maybe the figure is something more reasonable”.

Let me explain. Most of these subnets will use SLAAC (StateLess Automatic Address Configuration) which builds the 64 bit node IPv6 address from the device’s MAC address, by sticking a fixed 16 bit pattern of 0xFFFE in the middle of the device’s MAC address (and flipping the IG bit as well, but that has no impact on the number of addresses). So this little implementation means that we can reduce the pool size to 2^48 for every subnetwork configured using SLAAC.

In fact, we can subtract even more from this pool, because we know MAC addresses have a specific format where the first 24 bits identify a manufacturer (Actually, only 22 bits identify the manufacturer, 2 bits are reserved). This “manufacturer’s ID” is known as an OUI (Organization Unique Identifier). There are not anywhere near 2^22 manufacturers of networking equipment on the planet, so maximum number of IPv6 addresses per SLAAC subnet is more like 2^22 x (the number of registered vendor OUIs). If we assume there are about half a million (say 2^19) registered vendor IDs, then we could reduce the scan to a mere 2^(22+19) = 2^41 addresses.

Yes! Gotcha Geoff.

But then I did the calculations on scanning 2^41 addresses at million addresses per second, and the answer is more like a mere 69,683 years!

So another debunking failure!

Key takeaway:
Each IPv6 subnet will have a massively huge IP address space that makes scanning much more difficult than it is today. But don’t get too complacent. Gordon “Fyodor” Lyon of Nmap fame tells how devices can be discovered simply by sending a Multicast to the all-nodes multicast and have the devices respond to identify themselves. And if they don’t answer the first time, ask again with a parameter error in the question, and nodes will respond to let you know that you have a parameter error.

Myth 3: Service Providers will not have enough IPv6 addresses to allocate /48 IPv6 prefixes to small businesses and home users

This is my success story. This myth is easy to debunk.

I’ve explained earlier that RFC 2374 defines public addresses as being in the range 2000:: to 3FFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF. This gives us 2^125 Public IP addresses.

The same document describes a site topology which says that “sites” are allocated 48 bit prefixes (/48) that they can further sub-device into /64 bit subnets.

So in effect it espouses that IPv6 address assignments be allocated to users in blocks of /48 – meaning the customer has a massive 2^80 IP address allocation to play with. Much more than the entire IP v4 network of today.

Some service providers can’t comprehend this, and are fearful that if they allocate /48 prefixes to end users like ADSL customers, they will surely run out of addresses like they did with IPV4

Here is the maths.

Given that the first 3 bits of a public IPv6 address are always 001, giving /48 allocations to customers means that service providers will only have 2^(48-3) or 2^45 allocations of /48 to hand out to a population of approximately 6 billion people. 2^33 is over 8 billion, so assuming a population of 2^33, there will be enough IPv6 /48 allocations to cater for 2^(45-33) or 2^12 or 4096 IPv6 address allocations per user in the world.

And when all of the 8 billion people on the planet have used their 4000 site address allocations, there are plenty more addresses left in the pool that have not been defined.

Key takeaway:
Service providers have no reason not to plan to allocate /48 address blocks to end customers. Allocations of /64s should be left to the consumers. Service providers must think in terms of /48s

Conclusion:

Here are the myths I set out to debunk:

  1. There are 3.4×10^38 or 340 undecillion IPv6 addresses.
  2. It would take three times the age of the universe to actually scan all the IPv6 addresses on a 48 bit IPv6 subnet if you were scanning at a million addresses per second.
  3. Service Providers will not have enough IPv6 addresses to allocate /48 IPv6 prefixes to small businesses and home users. (Indeed, I’ve already written a post about a proposal to allocate /56 prefixes to such users)

And my results:

  1. There are only 4.2×10^37 42 undecillion IPv6 addresses currently defined and usable.
  2. With a bit of creative programming, it would only take 69000 years to scan all the IPv6 addresses on a 48 bit IPv6 subnet if you were scanning at a million addresses per second.
  3. Service Providers have to stop worrying about running out of addresses and plan for /48 allocations to end user.
About these ads

About RedNectar Chris Welsh

Professional IT Instructor. All things TCP/IP, Cisco or VoIP
This entry was posted in IPv6, opinion. Bookmark the permalink.

9 Responses to Just how many IPv6 addresses are there? Really?

  1. David says:

    Yes, but is scanning a million addresses per second a realistic upper limit if people have 300 exabytes per second connections? What if we develop recusively self improving artificial intelligence that results in a technilogical singularity and it wants to use the mass of all planets in the solar system to create a dyson sphere or a matrioshka brain. Suppose it wants to use addressable nanotechnology to control the grey goo it is using to build it. I did some calculations and the mass of the solarsystem excluding the sun is roughly 2.6*10^27 kg. Even if there were 2^128 addresses, there would be about 1.3*10^10 addresses per kilogram which is only 13 addresses per microgram. Maybe there is a good reason NOT to allocate a lot a the address space to the humans. We don’t know what the world will be like 50 or 100 years from now.

  2. David A. Bandel says:

    OK, first, you need to read RFC 6177 (BCP 0157). You don’t need to allocate a /48 to everyone. In fact, a /60 is recommended for residences. But, they will likely only ever use a /64 unless they have multiple routers and are routing internally (figure the odds on that for most residences, and even most small businesses). Just BCP, but you can allocate anything you want as long as it’s at least a /64.
    Second, (don’t recall the RFC off the top of my head, but I can find it again if you can’t), a /127 now _is_ recommended for PTP links. You don’t need to use a /64. I have been using a /112 for routing purposes, but that’s just in case I have multiple interfaces. I use /127′s for tunnels.
    The biggest win with IPv6 is no more NAT. That always caused no end of problems. Now folks will have to learn to deal with firewalls (packet filters) again, but that’s another story.

    • rednectar says:

      Good comment. I agree RFC 6177 does not promote /48s for households – I commented on this back in 2011. However, I want to push the point that there are still enough addresses even if we allocate every household/business a /48.

      It is RFC 6164 that suggest using /127 for Inter-router links, but this is NOT suggesting that customers be allocated a /127 slice, although I am fearful that some service providers may take it this way. What SHOULD happen is that the customer is allocated a /48, and from within the allocated space, I get 2^16 /64 subnets. The point of FRC 6164 is to say that when assigning addresses to point-to-point links, you should use /127 masks. This could be that you take one of your /64 subnets and carve it into 2^62 /127 subnets, OR you allocate each point-to-point link a /64 slice, but only use 2 addresses, leaving the rest unused and routed to nul. Like you, I think something a bit larger than /127 is good practice because it allows for some test addresses.

      As for the end of NAT – we will see. I have great hopes for LISP (still in draft form – find links to the latest drafts here) but it seems to be taking a LONG time to get anywhere.

  3. Jake says:

    Great and thorough post! Thanks! One tiny correction you might want to post for future readers looking for a reference is that RFC 3587 obsoletes 2374. :-)

  4. jimcolv says:

    You are a brave soul for trying to tackle that one. Whenever I try to explain IPv6 to my students, there is always one that tries to challenge the notion that we will exhaust IPv6 in our lifetime ( I’m in my early 30′s). I always go back to that original figure and then I tell them, even if we tried to exhaust the address pool, it is still not plausible. The one thing we should be concerned with as it pertains to IPv6 are the vulnerabilities that were mentioned about possible attacks being tunneled through IPv6 onto IPv4 networks.

Comments are closed.