IPv6 Still Hotly Debated

inkslinger77 writes "A significant stumbling block to IPv6 adoption may be IPv4 loyalists who are keen to keep the old protocol in preference to the 'new improved' version, according to a Computerworld Australia article. The article covers the views of Cisco's senior technical leader for IPv6 technologies, Tony Hain and Geoff Huston, a senior Internet research scientist from Asia Pacific Network Information Centre (Apnic)." From the article: "Go to your favourite venture capitalist and say 'I want to be an ISP'. By the time he stops laughing and [finds you want to run] IPv6 - the discussion gets terminated. No one wants to hear this. IPv6 is well ahead of adoption in this market so everyone is deferring. No one is running IPv6, because there is no business case for it ... if we really wanted to leave a legacy to our children we'd review the crap we have today which is pretty ghastly ..."

Me too

[Phroggy (441)]

To be honest, IPv6 never really made sense to me either. I mean, OK, so we're running out of IP addresses and we need more... but as more and more companies are turning to NAT instead of using public IPs behind a firewall for internal services, some IP blocks are being freed up, and it looks to me like there are still a HUGE number of reserved subnets [iana.org] out there.

But assuming we really do need more IPs, why IPv6? Why 128 bits instead of, say, 64? Why build the functionality of DHCP, which (mostly) works perfectly well* and is extensible enough to support cool stuff that hadn't been thought of when IPv4 and DHCP were invented (e.g. WPAD, netbooting), into IP? What's the deal with including your MAC address as part of your IP address?

Going with the assumption that the problem really is as bad as people say it is (China has a gazillion people and more of them are getting online, and it'd be great if my refrigerator had a web-based interface I could access remotely without setting up port forwarding or a VPN, etc.)... I'm not convinced that IPv6 is the right solution to the problem. It just seems to be the only solution anyone has offered, and a lot of money has been spent bringing it closer to reality.

So, convince me: why is IPv6 the right answer to the problem?

* Off-topic, but can someone explain to me why (at least with ISC dhcpd) I can't assign IPs on two different subnets on the same physical LAN? Can this be done with a different DHCP server? Is there any kind of limitation to the protocol that makes this impossible, or is it just an implementation problem?

Re:Me too

[mboverload (657893)]

> Why 128 bits instead of, say, 64?

Exactly what I'm asking. From wikipedia:

The primary change from IPv4 to IPv6 is the length of network addresses, with IPv6 addresses being 128 bits long (as defined by RFC 2373 and RFC 2374). This corresponds to 32 hexadecimal digits, which are normally used when writing IPv6 addresses. Each hexadecimal digit can take 16 values (see combinatorics), resulting in a total of 1632 (340 undecillion) addresses. IPv6 addresses are usually composed of two logical parts: a

Re:Me too

[MightyMartian (840721)]

NAT really isn't anything more than a kludge, and despite a lot of work done to make some of the finickier protocols work through it, the point behind IPv6 is to create an address space sufficiently large that we don't have the provisioning problems that are evolving now. Is it overkill? Well, for 2005 there's no doubt. But IP4 was probably massive overkill in 1980. The point here is that these artificial limits we've set (640k, IP4, two-digit years) eventually lead to very big hastles, and if we're going to have to find some new way to enlarge the address space, why not do it right?

Re:Me too

[exaviger (928938)]

Nicely put, just to stengthen your point - a little historical snippet "In the early days of mainframe computing, resources were at a premium. Memory was expensive, disk storage was limited and input devices constrained. Every programming method was used that made efficient use of each component. One of the methods used was to truncate the year value to a two digit number for entry, storage and processing. This saved space and saved on the associated cost of storage and processing. After all, why enter and store the century portion of the date when it will always be 19? Right? It would be decades before the year 2000. By then, all the programs and hardware being used would be obsolete and replaced with newer equipment and programs." Do we not learn from our mistakes? Calling IPv6 overkill is silly, why should we not overkill? Why not make sure that for the next century every electronic device will be able to have its own unique IP address. NAT is all good and well but what about the growing number of mobile devices, what about some services that dont work behind NAT? Who knows what will happen in 5,10,50 years. Soon every single vehicle, vending machine, traffic light and any other electronic device will require and IP address be it public or local. I am all for IPv6!

Re:Me too

[eric76 (679787)]

You realize IPv6 has more IP's then there are atoms in the universe, right?

Just think of all these worms scanning blocks of IP addresses somewhat randomly for vulnerable machines. It's a target rich environment.

Now imagine that we were using IPv6 instead. With a random approach to scanning, many of those worms would take years before they happened to locate an actual computer.

Of course, those writing the worms would have to switch to non-random techniques. But someone who is reasonably careful (i.e. didn't use Internet Exploder and Outhouse Express), they could have a system wide open to exploitation without it ever being exploited.

Re:Me too

[gclef (96311)]

You know, every time I hear that argument, I want to ask this: yeah, but can your switch/router store that many incomplete arp entries for all the hosts that got scanned but aren't there? I suspect the first time someone really does a big sequential scan of IPv6 space (non-firewalled, like customer DSL or Cable space), you'll see some very unhappy network engineers trying to figure out why their big 6500's are running out of RAM.

Re:Me too

[eric76 (679787)]

Security by obscurity is not the answer

I hate that phrase. While true, it is very misleading since obscurity does contribute to security.

It should be "Security by obscurity is not the TOTAL answer.

Security by obscurity is a necessary and vital part of security. By reducing the likelihood of computers being randomly attacked over the Internet, there would be an increase in security. It would not provide absolute security, but it would help.

If you think about it, when you use passwords, you are using security by obscurity.

For that matter, when you use a public key that is the product of two very large primes, you are using security by obscurity. With increases in techniques and hardware, that obscurity is greatly reduced overtime and the security suffers.

Re:Me too

[nizo (81281)]

Yeah but visitors from parallel universes need IP numbers too.

Re:Me too

[lostboy2 (194153)]

Just for fun, I did some math:

If there are 1 trillion people in the world and each of them is assigned 1 trillion new IPv6 addresses every day, it will take over 931 billion years to use up all of the possible addresses.

        3.4 x 10^38 / (10^12 x 10^12 x 365) = 9.315 x 10^11

By comparison, the sun might swallow the Earth [nasa.gov] in 4 to 5 billion years.

Re:Me too

[Ancient_Hacker (751168)]

Uh, no. The universe has around 10^85 atoms (plus or minus a few orders). 2^128 is approximately 10^38. A much smaller number. About 10^63 times smaller. You can only assign IP addresses to each atom in New Jersey.

Re:Me too

[Kadin2048 (468275)]

This is a misunderstanding, and has been debated elsewhere: NAT offers no security by itself, it's because normally NATs have a firewall effect at the same time that they create the illusion (and in some cases reality) of security.

There's no reason why using IPv6 with a firewall wouldn't be just as -- and probably more -- secure. Especially because you wouldn't have to spend time configuring the NAT functionality and could instead configure it as a single-purpose stateful firewall.

It is possible -- although you probably wouldn't want to -- to create a situation using static NAT without any firewalling effect that leaves your computer just as open to attack as it would sitting on the public net. Likewise it's possible to assign every computer on a LAN a globally routable IP address and secure them using a properly designed firewall (that's actually how my company is set up).

If your comment had just said you didn't want your fridge and toaster exposed to the internet without your trusty Linux firewall between it and the internet, I would heartily agree. Although I don't doubt some would argue for you about choosing Linux over BSD. :)

Re:Me too

[MicahStevens (878958)]

You can hack through a NAT, not being l33t, I'm unfamiliar with the exact practice, but I've seen security reports about this.

My real point is though, If you have a device like your toaster on the internet, and it's vulnerable to an attack that a firewall fixes, the problem is with your toaster, not the internet. That whole example is totally weak.

Why do you want to connect your toaster to the internet, so that you can connect to it, right? Or make connections out from the toaster. Either way, you need port

Re:IPv6 is good, but so is NAT

[rpresser (610529)]

NAT is actually solves a secondary problem: allowing individuals to have their own home network without having to register each of their computers with some sort of central authority. Almost all IPv6 advocates say that NAT won't be supported as part of the protocol, which is not such a bad thing if you see NAT simplay as a solution to solves address space issue, but it isn't if you see it as a solution allowing individuals to allocate their own addresses, without having to go through the bureaucratic process of registering each one. I feel that in missing this fact is actually a real issue and one that needs to be dealt with - if there already is a solution to this, then no one I have asked has yet provided me with one.

**You have missed the point entirely**

Forcing everyone back into the bureaucratic process is exactly what the designers want to do. Imagine how much less money would be made by cell phone companies if you could pick up any phone and it would automatically choose a phone number, then register your name with a decentralized directory so anyone who wanted to reach you could. Instead, you have to pay that $50 activation fee, plus a sizable portion of every month's cell phone bill, just for the privilege of being told when and where you can make telephone calls. That is the ideal that our IPv6 overlords are shooting for. I for one welcome them.

It's supposed to be Overkill

[Pii (1955)]

Overkill is exactly the point.

The previous poster asked Why 128 bits instead of, say, 64?

The amount of work required to jump to 64 bit addressing or 128 bit addressing is identical. Since you're going to have to re-write everything anyway, you may as well figure in a ridiculously large address space, because not doing so saves you nothing.

Additionally, the routing table saving offered cannot be understated. With huge swaths of continguous address space, you can (hypothetically) represent an entire continent as a single aggregated routing entry (The more granular routing information would only be seen locally.), and the number of unique addresses within that range would be virtually inexhaustable.

Overkill is a good thing when it doesn't cost you anything.

Not me too

[mwood (25379)]

Is there an echo in here? "We'll never run out of [2^N for any value of N] addresses". Yes we will. There are people who are scheming to put every bloody light switch and kitchen appliance on the Internet. There are people designing applications to run on microscopic hosts that will be scattered like seeds, by the thousands or millions.

It's 128 bits instead of 64 so we don't have to go through this again in five years.

Remember, the Internet *core* used to run over 56kb/s lines -- the same speed as those $20 modems that individuals are throwing away by the basketful today because they're unbearably slow for *personal* use. It's *hard* to plan well for that kind of growth. Better to waste a couple of bits than have to waste the whole thing and do it over.

Re:Me too

[cnlohfin3109 (758597)]

IPv6 gives us more then just more address space. The ip is designed heirarchally(sp) which will help _significantly_ with routing, decreasing tables etc. Not to mention not wasting time havening to check checksums all the time... cause there is none! Its silly if we get into the terabit speeds and still wasting so much time just tring to route the ethernet frames, not to mention the sheer processing power required by a router for those speeds.

Are we ready to surrender anonymity on the net?

[schwaang (667808)]

What's the deal with including your MAC address as part of your IP address?

Yeah this looks like a serious privacy issue that most people haven't woken up to yet.

A MAC address is (usually) a globally unique identifier. How long before someone big builds a database relating MAC to user identity (Microsoft, your ISP, law enforcement, whoever).

At that point, no matter where you connect your laptop from, your traffic can be identified as yours. Be it for the purpose of advertising, tracing communication, or other data mining.

So the question is, are we ready and willing to surrender anonymity on the net?

Re:Are we ready to surrender anonymity on the net?

[Halo- (175936)]

A couple of points:

1) With a static IP, especially if you have a DNS name to go along with it, you leave just as big of a footprint, if not more. (Since I've only got the one directly addressable IP, I might as well get a name to go with it, right? And then use something like DynDNS? Well, unless I register by proxy, I have to give my name, address, phone, etc...)

2) MAC address, while theoretically static, can easily be changed in most OSes and hardware. For example, my LinkSys router has an option to "clone MAC address" in the setup. The problem with changing your MAC address is that the prefixes indicate the vendor, and that might get you in trouble with someone who "owns" that prefix. (I doubt it though)

3) There is nothing preventing you from NAT'ing IPv6, and I suspect some people probably will simply for the quasi-deny-all-in firewall effect. Moreover, if you really want to be anonymous, IPv6 makes it much easier to implement things like "onion routing" because it's a lot easier for individuals to set up persistant servers.

The point is, you can control the "MAC" portion of the address, and the "public" portion is just as visible (or not) as with IPv4. Hell, you could change your MAC address every coupla minutes for a REALLY long time without ever repeating one if that's what you wanted. (Persistant connections be damned...)

Something I don't get...

[Analise (782932)]

Why the emphasis on NAT boxes saving the day? Why do people think they're so wonderful and with them, we don't need no stinkin' ipv6? I mean, yeah, they've been useful and I'm not disputing that, but I'm not sure they were ever intended as anything beyond a stopgap measure until something better could be found. Not to mention that, as I understand it, they actually impede certain methods of communication over the Internet (anything that needs a real end-to-end connection, I think).

Yes, ipv6 still has a ways to go, but I honestly think it's a much better alternative than sticking with what we've got. We're going to have to do somethinga bout it anyway, since there are plenty of people already starting to use it, or will be in the future.

Re:Something I don't get...

[Daedala (819156)]

Sometimes, it's good that NAT impedes some forms of communication. Like, say, exploits.

Re:Something I don't get...

[MightyMartian (840721)]

One does not need NAT to lock up vulnerable ports. I have a Linux-based firewall that covers my public IP Windows boxes, and it works fine.

No, wrong.

[Kadin2048 (468275)]

I beg to differ. I question whether you're serious or a troll, but I'll respond anyway and give you the benefit of the doubt.

Lots of companies which are big enough to have their own Class-A allocations assign all of their clients globally routable addresses. I can tell you this from personal experience.

They don't use personal firewalls, obviously, and I have no idea why you think this is related. Using a personal firewall at the client level has nothing to do with IP address allocation or NAT. You can assig

Two reasons.

[khasim (1285)]

#1. It allows you to run multiple boxes at home WITHOUT having to pay extra for a "family" connection plan.

#2. Cheap and easy way to block worms and such.

Re:Two reasons.

[Kadin2048 (468275)]

Neither of these points are really arguments for the current system, if anything they're good arguments against it, and in favor of IPv6.

#1 is nothing but a direct consecquence of the current shortage of IPv4 addresses. Under IPv6, there'd be no reason why every device on your network couldn't get a separate "real" address. The way they're handed out -- using a hierarchy instead of finite blocks -- would allow your ISP to let your home DHCP router hand out globally addressable IPs if it was set up correctly. Assuming your ISP doesn't suck, that is, and that's really not the fault of the IP system, one way or the other.

#2 is pretty frightening, because it shows a misunderstanding of what NAT is and a certain amount of laziness about security in general. That said, there's no reason why you couldn't get a 'firewall in a box' that would provide just as much (or as little) security without the NAT facility. It's just that right now when you go and buy a "home firewall" from Linksys, it almost always includes NAT by default (because of point #1, the pressure by ISPs on home users to only have one IP address due to limited supply). There's no reason why this needs to be true, however, and the security comes from the firewall effect and not the address translation itself.

"IPv4 loyalists"

[FirienFirien (857374)]

What are the chances that the term "IPv4 loyalists" includes those who just have no reason to make the effort to shift to the new system? Considering the number of [people, admins, even that amusing case where MS didn't patch its own servers] who don't even download security patches - the shift to a parallel system while the old system still works fine just isn't going to happen in droves.

Re:"IPv4 loyalists"

[Phisbut (761268)]

the shift to a parallel system while the old system still works fine just isn't going to happen in droves.

The real question though is "Do we really want to wait until the old system finally breaks and nothing works anymore before making the change?". The old system still works, but we know it won't work forever, and we know we need to change it. Why wait till it breaks?

(Obligatory car analogy) When you put gas in your car, there's still gas left in it, so it can still work. Yet you don't wait till you go dry to put some more gas in.

Re:"IPv4 loyalists"

[jd (1658)]

Define "no reason".

• Security: IPv6 mandates IPSec (which encrypts ALL streams, ALL of the time, so contextual information can't be used for cracking as it can with SSH or SSL streams, which are generally only used for specific segments of a transaction).
• Authentication: X.509 within IPSec and the use of Extended Authentication protocols in IPv6 guarantee that all endpoints are who they say they are.
• Fragmented Packets: Firewalls don't handle fragmented packets well, as there is no header to check for later fragments. Fragmenting and re-assembly also adds latency. IPv6 defines per-connection MTUs, guaranteeing ALL packets are the largest supported between any two endpoints without fragmentation.
• Latency: IPv6 headers don't have as many entries and are heirarchical, which makes routing much faster and much simpler. The lack of fragmentation and the presence of auto-MTU also helps.
• Multicasting: IPv6 mandates multicasting and has a decent range of addresses for it.
• Anycasting: IPv6 mandates service location and resource location abilities, which means no more hunting for printers, routers, DNS servers, SMTP servers, POP/IMAP servers...
• Autoconfiguration: IPv6 uses autoconfiguration for routing and addressing as a standard, in a manner (almost) guaranteed to be free of conflicts and absolutely guaranteed to be fully scalable.
• Mobility: IPv6 mandates the ability for nodes or even entire networks to be totally mobile (ie: switch upstream routers without losing connectivity or existing connections) with upstream optimization of routing.
• Advanced Headers: IPv6 allows an arbritary number of extended headers to be attached to packets, with controlled responses for unknown extended headers.
• High Availability: IPv4's High Availability mechanisms require a lot of fancy manoevering, because the MAC address (used by switches) and the IP address (used by remote systems) are dissociated and ALL parties to a type of data have to agree on the failover for it to work. Hotswapping is extremely difficult and even hot standby is hard enough to be uncommon. IPv6 strongly couples MAC and IP addresses, both for autoconfiguration and mobility, allowing instantaneous, lossless failover with very minimal complexity or overhead and no patent problem.
• Tunneling: There is no agreed method of tunneling in IPv4 and the de-facto method (GRE) is detested by many network admins. IPv6-over-IPv6 is to be a universal standard.
• Clusters: Infiniband cooperates well with IPv6, making it possible for nodes within a cluster to directly access IP-based resources. Infiniband requires capabilities that are not guaranteed present in IPv4 stacks or IPv4 networks (such as multicasting) which means Infiniband cannot reliably treat IPv4 networks as extensions.
• Reachability: IPv6 can reach all IPv4 nodes, with only trivial conversion to make allowance for the different header structure and the lack of intelligence in IPv4 networks, so any client-only machine or network could be converted tomorrow without anyone noticing. Small numbers of IPv6 machines can be exposed to IPv4, making it possible to have DMZ servers on an IPv6 network visible to IPv4, so any server could be converted tomorrow without anyone noticing. The backbone could be left as long as you like. Because IPv6-over-IPv4 is also defined, if both servers and clients are IPv6 then the backbone could be ignored forever without significant impact.

All told, I'm not convinced that there are that many people who genuinely have "no reason" to shift to the new system. All I am convinced of, so far, is that there are plenty of people who have absolutely no reasons at all but plenty of excuses. Let's look at something, here. Say Comcast converted its entire cable network to IPv6, would you care or even notice? Probably not. Their routers hide their network from your computers, so your computers wouldn't see the difference. It would be

One Reason Alone is Enough

[Nom du Keyboard (633989)]

One reason alone is enough to make IPv6 a "good idea." Permanent static IP addresses for everything.

I, for one, will welcome the end of the NAT kludge.

Re:One Reason Alone is Enough

[denis-The-menace (471988)]

One reason alone is enough to make IPv6 a "good idea." Permanent static IP addresses for everything.
I, for one, will welcome the end of the NAT kludge.

And your ISP will charge you for each Address you use!
NAT let's you use ONE IP from you ISP and have as many Internal IPs as you which without being gouged.

Re:One Reason Alone is Enough

[hey (83763)]

That's what firewalls are for. Not NAT.

Re:One Reason Alone is Enough

[jafiwam (310805)]

As far as repelling random unsolicited traffic is concerned, NAT is the equivalent of a firewall already.

NAT and simple port forwarding for those rare hosted services are all that 99.5% of the population needs. ISPs and businesses are all different. But even probably 80% of the businesses I deal with, NAT with NO port forwarding works just fine.

Of course if you are allowed and able, running a mail server at home is fun.

But get serious, NAT is an effective firewall for most people. Just like the random Ch

Market Forces

[bizitch (546406)]

Just like anything else, market forces will dictate when this gets adopted.

Are we really running out of IPv4 numbers? The market will tell us.

Is there a killer app for IPv6? The market will tell us.

Can we ram IPv6 down everyone's throat? The market will retailiate and hit back.

BTW - what's with this "wont somebody please think of the children" bullshit about? If we need to get to IPv6 - we'll get to it - relax already!

Market? Or cynical manipulation?

[DoctorNathaniel (459436)]

"The death of IPv4 has not really killed the Internet. In fact, far from it, we've managed to make an industry around it."

In other words, by keeping IPv4, we can sell NAT boxes (which we're already selling in huge numbers.. the wireless network hub in my den is a prime example.) Cisco has a big investment in building hardware to take care of IP space limitiations.

"You will still be able to get addresses, if you pay for them, because a market will appear."

In other words, this damned internet isn't making us enough money, because IP addresses are free. We want people to start trading them, so we can get commissions on the sales.

It's clear that this is "good buisiness" for the big internet companies: why invest in a new system that will make users's lives cheaper and easier when we can continue to sell patches on the old stuff, and make a market so that we can start charging the freeloaders?

It's also clear to me that the only way IPv6 will get adopted is if public bodies start using them and demanding their use. For instance, if Internet2, the US military, or all of .gov start adopting, then it will get off the ground. Of course, this is unlikely to happen because Cisco doesn't sell IPv6 switches.

I'm no expert, but to my cynical eye it looks not like market forces, but like the usual problems with capitalism exploiting a local maximum and avoiding short-term risk.

----Nathaniel

Re:Market Forces

[tenchiken (22661)]

A few things to remember, this isn't the first time that technical purists have tried to change the underlying protocol for the internet for logistical reasons. The first Attempt [wikipedia.org] at replacing TCP/IP internet wide was far more braindead then IPv6 (packet size of 53 bytes? Yeah, let's ship everything around in a packet size that not only is not a power of two, it's a large prime number! Oh and for traffic control, let's just drop everything into a leaky bucket!)

However, it's been clear ever since IPv6 was i

Three Items: Vista, Home Autmation, and Search.

[CDPatten (907182)]

Windows Vista will make IPv6 the protocol of choice. You can bind IPv4 and IPv6 in different orders on the NIC and it will enable great support for the protocol. They are even talking about having it running as part of the default install.

MS is developing Vista to enable programmers to push Home Automation. One thing they are doing is adding in that area is the functionality for IP's to securely be handled like a plug and play device. This isn't for printers on a network; it's for all the appliances in your house. IPv4 just doesn't work well for home automation. Also another sign is the majority of GE prototypes all are geared towards IPv6 not IPv4.

The regional specs that come with IPv6 are also huge things for MSN, Google, and Yahoo. It will allow your search (and Ads for that matter) results for a "pizza place" to give you the ones in your area without any additional info.

Vista will start the ball rolling, and the other two items will make the transition come very quickly. Security is also nice, and will help stop allot of traditional hacking, but the end user doesn't get excited about that. They will get excited about the other stuff though.

Two years from now we will start to see IPv6 becoming very common.

The IPv4 scarcity issue is a myth

[Snarfangel (203258)]

There are plenty of addresses in northern Alaska that aren't being used. "Peak IPv4" indeed.

Geoff Huston's changing story

[wayne (1579)]

Geoff Huston is the one mentioned in this article that IPv4 address exhaustion isn't a problem. It isn't a problem because scares IP addresses lets ISP charge more. I'm not sure that consumers would agree with this logic.

In July 2003, Geoff said that IPv4 addresses will run out in two decades [potaroo.net].

About two years later, Goeff says that IPv4 addresses will run out in just one decade [potaroo.net].

So, if even very anti-IPv6 folks are saying that IPv4 addresses will run out sooner than expected, I think it is time to start preparing to the conversion.

Why doesn't Slashdot support it yet?

[caluml (551744)]

calum@www1 calum $ ping6 www.slashdot.org
unknown host
calum@www1 calum $

Cmon, Slashdot. insmod ipv6.o

Re:Why doesn't Slashdot support it yet?

[Slowping (63788)]

which leads to the question... if Slashdot converts to IPv6 and only accepts IPv6 connections, how quickly would the rest of the Internet get changed?

NAT is not the answer!

[kasparov (105041)]

Anyone who has to deal with SIP absolutely hates NAT. SIP [faqs.org] is a VoIP protocol that is pretty much where everything is headed. Some instant messenger clients/servers even use it. And it is most definitely not NAT-friendly. In SIP, the call setup information and the media can travel differnt paths. This means that endpoints can comunicate directly without having to send media through a central location. Since the SIP message contains a description of what ports to expect the audio to arrive on in the body of the packet, NAT boxes will generally block the media coming from the other device. 90% of the problems that VoIP providers end up having to deal with is NAT-related.

You have to go to all kinds of lengths (using special session border controllers, media proxies, etc.) to be able to support SIP calls where one or both parties are behind a NAT. It is awful. NAT is a hack--a useful one in certain situations, but still a hack.

Two big issues

[augustz (18082)]

One is, despite the claims that IPv4 will run out in the next "x" years and companies will be screwed, that never happens.

Worst case, folks will figure out how to get by on 1-2 ip addresses, or pay more than the $1/month or so to get an extra. There are TONS of unused, unrouted addresses out there through the entire hierarchy, from subnets, class b's etc.

Second, IPv6 and you can what? If I run IPv6 only, I need to at some point tunnel to IPv4 (and often get an IPv4 address anyways) to connect to the rest of the net. If I run just IPv4, I can connect to everything, and the first person who develops google that is IPv6 ONLY is going to have very few users.

In other words, the business case is flat out not there.

Also, I never understood why IPv4 wasn't just a subset of IPv6? Why can't my existing IPv4 addresses also be IPv6 addresses with a standard prefix? Maybe this has changed, but when IPv6 came out it looked like that wasn't part of it.

If my address was a subset, my ISP could create IPv6 endpoints for my address along with the IPv4 routing, even if I hadn't upgraded. They'd just strip the prefix and forward to me.

Re:Two big issues

[hpa (7948)]

Also, I never understood why IPv4 wasn't just a subset of IPv6? Why can't my existing IPv4 addresses also be IPv6 addresses with a standard prefix? Maybe this has changed, but when IPv6 came out it looked like that wasn't part of it.

They are, the prefix is ffff::/96. In addition, there is 6to4, which lets you use your IPv4 address as a 48-bit IPv6 prefix, 2002:<IPv4 address>/48.

The problem is... who will deploy the first IPv4-unreachable Internet service?

IPv6 Considered "Production Grade"

[netrangerrr (455862)]

At Tuesday's IETF meeting in Vancouver the vote for consensus was many for and none against elevating the IPv6 Protocol Standards from "draft Standard" to "Internet Standard" and make them part of the everyday production Internet. The IPv6 WG is even shutting down as it has accomplished its mission and designed a good working protcol. The wired and wireless networks provided for the engineers at the IETF is running IPv6 and we are regularly using it to get information from our working group colloboration sites like: www.v6ops.euro6ix.net/

Don't fear, the IETF V6 Operations (V6OPS) team and the IPv6 Forum will continue work to better clarify how to deploy IPv6 and to help build new network services around the new features. Most of the new network services groups in the IETF are basing new services on the features of IPv6 - early examples are Mobile IPv6 (MIPv6) and Network Mobility (NEMO) both of which are being extended to offer IPv4 access through IPv6 tunnels in order to get IPv4 native service through IPv4 NAT.

If you actually have useful comments or design alternatives for IPv6, bring it up in IETF working group mailing lists [http://www.ietf.org/html.charters/wg-dir.html%5D [ietf.org]. If you don't understand because of FUD, please read up on our North American IPv6 Task Force website website [ www.nav6tf.org/ ] or the similar European/Asian sites.

So get this...

[Whafro (193881)]

Even my stupid IT Director thinks that IPv4 is sufficient...what a loser.

The Real Truth

[Nom du Keyboard (633989)]

The real truth is that IPv4 addresses currently have value due to scarcity. An IPv4 address range has a tangible value that can be sold, rented, leased, or hoarded. With essentially unlimited IPv6 addresses the value of IPv4 address space loses virtually all of its value, static IP addresses shouldn't command any premium anymore, and the barrier for entry of new ISP's is diminished. Certainly the current power structure likes things just as they are.

"We happen to work in an industry that survives on complexity, address scarcity and insecurity," Geoff Huston, senior Internet research scientist at Apnic, said. "This is where the margins come from, and we are not innovators in this industry any more. We've learnt that optimism doesn't create a business case. All those people disappeared along with the dotcom boom," he said.

That is a stupid statement. It would be more accurate to say either "limps along" or "thrives" instead of "survives" in this context. The steam engine industry undoubtedly felt the same way about the internal combustion engine when it was first proposed.

Of course, Ipv6 isn't enough. It's not enough until every atom in the Universe can have it's own unique IP address, after which we can discuss the strings that create them.

Oh, so many comments....

[slappyjack (196918)]

IPv6 vs. NAT
These are two distinctly different things. Nat takes one public IP address and translates it to many private IP addresses. THese are not two competing technologies, and you can use NAT with an IPv6 address. In reality, there isnt a debate here. Its a weak argument for those that want to keep things whe way they are.

IPv4 addresses an a commodity
Greedy Fuckers. Pure and simple. The basic interenet and all its various little noodly bits were created but university and governmetn organizations and then just loosed on the planet essentially for free. Yes, you had to buy some hardware to use it, but the shit works without you having to pay for a damn thing but your connection.

I have nothing against the idea of capitalism where you get paid for something you create, but hoarding a commodity that is out there for the collective good as a whole is just shitty. In very few cases is there a justification for the belief that "I must make ALL of the MONEY and IT MUST HAPPEN RIGHT NOW and YOU CANNOT HAVE ANY."

As an added bonus, this sort of behavior helps keep the "have nots" in the "have not" category, which just generally pisses them off unnecessarialy.

needing a publically available address
No, obviously we all do not have to have public IP addresses - not yet, anyway. Saying you don't now or never will shows a pretty big lack of foresight. You don't KNOW that there wont be an application that needs publically available addresses to work well andd that NAT just won't cut it. Why don't you know? Becuase someone will eventually come up with sommehting new, and it'll be good and important. People always do, eventually.

I realize that if you really wanted to have everything you own connected to the internet you could just use NAT and then if you wanted to talk to your refridgerator you sould just use "the fridge port" but its adding a level of complexity that could possibly get in the way of something on down the line.

This would slow down address scanning worms, neh?
if a worm's gotta look at giant chunks of addresses to find other victims, wouldnt this just slow down their epread a little?

then again, what the fuck do i know?

Re:NAT Separation Good???

[hpa (7948)]

NAT and firewalling are completely separate things. Since they're done at network boundaries, they are usually combined in one device, but they don't have to be.

NAT is a pretty bad thing. Unfortunately the IPv6 people haven't considered the requirements for managing that large of an address space except by hierarchy (which breaks as soon as you want to have a backup link to another ISP), so I fear we'll still have to have NAT in an IPv6 world.

Re:IPV6 128 bit addresses make no sense

[Jerry Coffin (824726)]

I don't see why IPV6 needs to have 128 bits for addresses.

128-bit addressing isn't really necessary -- but it makes life really simple. With IPv4, you have a subnet mask (that AFAICT, 90% of people never quite understand) that tells how much of your address is devoted to the local subnet, and how much isn't. With IPv6, this has simply been fixed at 64 bits apiece, so using it, nobody ever has to figure up a subnet mask again.

A better question would be to turn this around: what would we really gain by reducing the addresses from 128 bits to 64 bits? We'd save 128 bits per packet. Even over a 28.8K dialup line, that's approximately 4 milliseconds per packet. However, IPv6 increases the maximum packet size you can reasonably use, so unless you really need to send lots of tiny packets, its addressing overhead may well be lower than with IPv4. In most cases, you gain a bit, and even in the worst case you lose very little.

If you're doing things like VoIP, IPv6 helps a lot more: in IPv4, QoS was hacked on after the fact (and has never really worked very well), but in IPv6, it's part of the base protocol.

Personally, I think we need to consider the source of TFA: Cisco and APNIC. Cisco is the leading provider of IPv4 routing (etc.) equipment by a wide margin. APNIC derives it "power" largely from the scarcity (and therefore value) of IP addresses.

A shift to IPv6 gives other router manufacturers a much better chance of gaining market share over Cisco -- about the best Cisco can hope for is to maintain their current position, but in reality they're likely to lose at least a little. Cisco has only to look at what happened to Lucent when the market shifted from ATM to IP to see how badly a technology shift can hurt even a huge market leader.

APNIC stands to lose even more: rather than a chance of losing market share, they face a near certainty that a large part of their power base simply ceases to exist.

Looking at it from this (admittedly cynical) direction, what are the chances that they were going to write an article in favor of IPv6, regardless of its merit?

--
The universe is a figment of its own imagination.

Re:Backwards compatible? Er... yeah.

[Jearil (154455)]

I'd like to reiterate what the parent says about v4 compatible v6 addresses. I've had to study RFC2373 (http://www.faqs.org/rfcs/rfc2373.html [faqs.org]) and the people who designed IPv6 didn't do it without consideration of the current system and how a transition would go. In fact, a lot of effort went into making it possible to transition to a larger address system while using both systems at the same time.

It's actually similar to how the x86 archetecture has advanced. When we moved up to 32-bit CPUs, in order to access the upper bits, new registers were created to address those upper bits while the lower ones stayed. An older 16-bit program would merely only use the lower bits, ignoring the upper ones since it wasn't designed to use them.

IPv6 allows for the last 32 bits to be used as an IPv4 address. You can even write out an IPv4 compatible IPv6 address using a combiniation of both hex and dotted decimal. eg: 0:0:0:0:0:FFFF:129.144.52.38 which in IPv6 can be compressed to ::FFFF:129.144.52.38 and which an IPv4 device would see it as merely 129.144.52.38. The idea being, when transferring over, only devices that actually need IPv4 compatibility would have an IPv6/IPv4 address. Quick example using NAT technology:

Say I have an office with 500 devices that need net connections. Now I also have a remote office with another 200 devices. These devices all like to connect to each other.. with various servers and services on each that make using NAT translation a PITA, but also buying 700 IPv4 addresses is mighty expensive. Now most of these devices are for internal use.. (I'll get to that). Now we do have 5 web servers that need to be accessed by people outside of the company (sales servers with web pages to sell stuff or show off our company). We give all 700 devices IPv6 addresses so that they can access each other over the internet. We give those 5 that need to be seen by everyone IPv6 addresses that have IPv4 mappings so that everyone can see them. We can get a few IPv6 addresses with IPv4 mappings to act as a NAT-like access point for internal devices to get to external IPv4 places for say viewing web pages or the like from internal machines.

But now one has to think.. why would we need 700 externally accessable devices? Isn't that a security nightmare? Managing all of them so that they don't get hit by a worm or such could really suck... but why do those devices have to be computers? What about VoIP phones or something similar?

I currently manage a VoIP setup that I implimented and support myself, and let me tell you.. NATs SUCK for VoIP. SIP hates it.. works half the time and the other half no go. If two devices are behind NATs, plain and simple they cannot talk to each other. If they have external addresses on most phones you can just dial straight to the IP address of another VoIP phone without even needing an intermediate server.. which can be handy at times.

It's just a minor example and I'm sure it can be picked apart and made to work on IPv4 (I've been doing such). But the time/cost savings of IPv6 along with just the mirade of possibilities it brings shouldn't be thrown aside because it would be "too hard" or "too expensive". The cost isn't as high as a lot of people think.. most are just afraid because they don't know anything about IPv6 and what you can do with it in reguards to IPv4. And of course no one knows, because no one is going to train in an area that has no use currently, which will remain that way until people educate themselves in it.

Re:So how do I get PI addresses for IPV6?

[nsayer (86181)]

Anyone with a single globally routable IPv4 address can have a /48 IPv6 prefix right now, today. Check out 6to4.