# Just how many IPv6 addresses are there? Really?

#### swatkats

##### Keeping TE Alive!
Veteran
When I began this article I planned to debunk a couple of myths show that the number of IPv6 addresses is not really as huge as people made out. I have logic to show that really there is only a small fraction of the 340 undecillion possible IPv6 addresses that will ever be used.

But that number is still so huge it makes precious little difference to the vast number of available IP addresses, and any service provider that thinks that they shouldn’t be planning to give every tiny customer a /48 slice of the IPv6 address space should think again. You can and you should. There is enough /48 IPv6 address prefixes available to give every person on the planet about 4000 allocations before IANA has to release some more of the 80% of the space which is still undefined!

So, brave reader, read on if you want to see the logic of my miserable attempts to make the numbers any less bewildering.

Here are the myths I set out to debunk:

1. There are 3.4×10^38 IPv6 addresses.
2. It would take three times the age of the universe to actually scan all the IPv6 addresses on a 48 bit IPv6 subnet if you were scanning at a million addresses per second.
3. Service Providers will not have enough IPv6 addresses to allocate /48 IPv6 prefixes to small businesses and home users.
Myth 1: 340 undecillion IPv6 addresses.
You may have heard that the new IPv6 addressing scheme now finding its way into the Internet will allow the Internet to grow to a massive 340 undecillion addresses. That theoretically is true. 2 raised to the power of 128 is indeed 340,282,366,920,938,463,463,374,607,431,768,211,456. But quoting this figure ignores two important facts.

Firstly, the IANA has only released a portion of the IPv6 address space for public addressing. As per RFC 2374 (obsoleted by RFC 3587) all public IPv6 addresses have the first three bits set to 001. This means in a practical sense, all Public IPv6 addresses
a) begin with either a 2 or a 3 as the most significant hexadecimal digit, and
b) the first hextet of the address will be 4 hexadecimal digits long.

You can tell that 1234:5678:9::A and 234:5678:9::A are not a valid public IPv6 address simply because the first begins with a 1 and the second has only 3 digits in the first hextet.

In any case, this little fact means that the number of addresses is now reduced to 2^125.

Wow. That didn’t help to make it easier to understand did it? 2^125 is still a very big number – about 4.2×10^37 It barely knocked one of the 38 zeros off. We are down to 42 undecillion from 340 undecillion.

Key takeaway:
All valid IPv6 host addresses begin with a hextet of 2xxx: or 3xxx:

With the first 3 bits set to 001, and 64 bits reserved for the interface identifiers, that still leaves enough bits for 2^61 networks. Thats 2.3×10^18 – enough for 3.8×10^8 networks for every person on the planet.

But there is another thing to consider. All subnets are to have 64 bit masks, even if it is a point-to-point link, which will only ever have a maximum requirement of two addresses, so we can subtract 2^64-2 addresses from the total pool size for every point-to-point subnet that will be deployed, which will be many thousands.

But given the massinve number of possible network addresses (2^61), I’m not even going to attempt to see what tiny difference removing the wasted addresses in point-to-point subnets makes to the total number of available addresses. No matter how to try to shave it down, there are plenty of addresses.

Myth 2: It would take three times the age of the universe to actually scan all the IPv6 addresses on a 48 bit IPv6 subnet if you were scanning at a million addresses per second.

I recently heard a quote from the esteemed Geoff Huston that it would take three times the age of the universe to actually scan all the IPv6 addresses on a 48 bit IPv6 subnet if you were scanning at a million addresses per second.

This got me thinking. Could this be true? I thought I’d check out the maths, and hopefully come up with a more comprehensible number.

A 48 bit mask on an IPv6 address splits a 128 bit address into 65,536 (2^16) networks, each with 2^64 possible hosts. And indeed, if you assume that it is possible to use all 2^64 addresses in a subnet, it would indeed take 38 billion years to scan all possible addresses. Given that the universe is believed to be about 13.7 billion years old, then Geoff’s claim seems vindicated.

But then I started thinking, “hang on, if those subnets are using automatic addressing, then some of the bits are predictable, so maybe the figure is something more reasonable”.

Let me explain. Most of these subnets will use SLAAC (StateLess Automatic Address Configuration) which builds the 64 bit node IPv6 address from the device’s MAC address, by sticking a fixed 16 bit pattern of 0xFFFE in the middle of the device’s MAC address (and flipping the IG bit as well, but that has no impact on the number of addresses). So this little implementation means that we can reduce the pool size to 2^48 for every subnetwork configured using SLAAC.

In fact, we can subtract even more from this pool, because we know MAC addresses have a specific format where the first 24 bits identify a manufacturer (Actually, only 22 bits identify the manufacturer, 2 bits are reserved). This “manufacturer’s ID” is known as an OUI (Organization Unique Identifier). There are not anywhere near 2^22 manufacturers of networking equipment on the planet, so maximum number of IPv6 addresses per SLAAC subnet is more like 2^22 x (the number of registered vendor OUIs). If we assume there are about half a million (say 2^19) registered vendor IDs, then we could reduce the scan to a mere 2^(22+19) = 2^41 addresses.

Yes! Gotcha Geoff.

But then I did the calculations on scanning 2^41 addresses at million addresses per second, and the answer is more like a mere 69,683 years!

So another debunking failure!

Key takeaway:
Each IPv6 subnet will have a massively huge IP address space that makes scanning much more difficult than it is today. But don’t get too complacent. Gordon “Fyodor” Lyon of Nmap fame tells how devices can be discoveredsimply by sending a Multicast to the all-nodes multicast and have the devices respond to identify themselves. And if they don’t answer the first time, ask again with a parameter error in the question, and nodes will respond to let you know that you have a parameter error.

Myth 3: Service Providers will not have enough IPv6 addresses to allocate /48 IPv6 prefixes to small businesses and home users

This is my success story. This myth is easy to debunk.

I’ve explained earlier that RFC 2374 defines public addresses as being in the range 2000:: to 3FFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF. This gives us 2^125 Public IP addresses.

The same document describes a site topology which says that “sites” are allocated 48 bit prefixes (/48) that they can further sub-device into /64 bit subnets.

So in effect it espouses that IPv6 address assignments be allocated to users in blocks of /48 – meaning the customer has a massive 2^80 IP address allocation to play with. Much more than the entire IP v4 network of today.

Some service providers can’t comprehend this, and are fearful that if they allocate /48 prefixes to end users like ADSL customers, they will surely run out of addresses like they did with IPV4

Here is the maths.

Given that the first 3 bits of a public IPv6 address are always 001, giving /48 allocations to customers means that service providers will only have 2^(48-3) or 2^45 allocations of /48 to hand out to a population of approximately 6 billion people. 2^33 is over 8 billion, so assuming a population of 2^33, there will be enough IPv6 /48 allocations to cater for 2^(45-33) or 2^12 or 4096 IPv6 address allocations per user in the world.

And when all of the 8 billion people on the planet have used their 4000 site address allocations, there are plenty more addresses left in the pool that have not been defined.

Key takeaway:
Service providers have no reason not to plan to allocate /48 address blocks to end customers. Allocations of /64s should be left to the consumers. Service providers must think in terms of /48s

Conclusion:

Here are the myths I set out to debunk:
1. There are 3.4×10^38 or 340 undecillion IPv6 addresses.
2. It would take three times the age of the universe to actually scan all the IPv6 addresses on a 48 bit IPv6 subnet if you were scanning at a million addresses per second.
3. Service Providers will not have enough IPv6 addresses to allocate /48 IPv6 prefixes to small businesses and home users. (Indeed, I’ve already written a post about a proposal to allocate /56 prefixes to such users)
And my results:
1. There are only 4.2×10^37, 42 undecillion IPv6 addresses currently defined and usable.
2. With a bit of creative programming, it would only take 69000 years to scan all the IPv6 addresses on a 48 bit IPv6 subnet if you were scanning at a million addresses per second.
3. Service Providers have to stop worrying about running out of addresses and plan for /48 allocations to end user.