Accelerating IPv6 Adoption With Proxy Servers

jgarzik writes "IPv6 presents a catch-22: the most popular web sites on the Internet don't have any incentive to switch to IPv6 until a large portion of their userbase is on IPv6, and their user base does not have a large incentive to switch to IPv6 until many of the popular Internet destinations support IPv6. My proposed solution is simple: Configure a proxy server that serves IPv6 requests, passing those requests through to underlying IPv4-only servers that not have yet been transitioned to IPv6. This article describes how to configure Apache's proxy server to fill this role, and suggests a few ideas for use."

But wait:

[Trejkaz]

Is it just me? I can't see any AAAA records for ipv6.org itself. I would have thought they would be the FIRST to change.

What about dhcp?

[Mustang Matt]

It seems to me that it would be really useful if the little off the shelf linksys/dlink/netgear/etc. routers did ipv6. I don't see it really being used until hardware starts using it.

On top of that it's my understanding that NAT should go away with ipv6. What is everyone with an internal network to do for IPs then? I've heard you can get free ipv6 blocks right now but they can be revoked once everything goes "live" but I don't want to deal with that.

Ultimately I guess I really want NAT ipv4 for inside my network until my hardware can hand out ipv6 addresses that I own forever.

Not a Catch-22

[back_pages]

IPv6 presents a catch-22: the most popular web sites on the Internet don't have any incentive to switch to IPv6 until a large portion of their userbase is on IPv6, and their user base does not have a large incentive to switch to IPv6 until many of the popular Internet destinations support IPv6.

Nice try, but that's not a Catch-22.

A Catch-22 is when the solution creates the problem. From the book (yes, there was a book) if the doctor diagnosed you as crazy, you didn't have to fly any more bombing missions. The catch was that you would have to be diagnosed crazy by a doctor to want to fly more bombing missions. Thus, by achieving the status of "unfit to fly", you were actually certifying yourself to fly.

What we have here with IPv6 is two parties with no immediate reward for an investment. If one of them stepped forward, the other would step forward, and the world would enjoy IPv6. There is nothing about this that is remotely close to a Catch-22.

IPv6 Needs a Killer App

[That's Unpossible!]

That killer app may be VoIP. If everyone wants their own IPv6 phone number.

Or that killer app may be someone coming up with an awesome spam/virus/security solution that requires features found in IPv6.

But just wanting people to switch for no good reason will never work. Market forces...

Where can I sign up?

[T-Ranger]

And get me some IPv6 addresses? Which, if any, ISPs/hosting companies support IPv6? Who do I talk to to reserve me a chunk of space so when my bacasswords ISP gets in line, I can get me some public IPs for my boxen at home?

Re:Most people don't care about IPv6

[DAldredge]

There are just a few other reasons to switch to IPv6...

http://www.ipv6forum.org/navbar/events/birmingham0 0/presentations/YanickPouffary/sld025.htm [ipv6forum.org]

Also, from another site:

*
A powerful addressing scheme that makes possible the allocation of public addresses to every device inside home networks

*
A protocol specification more powerful thanks to the extension headers

*
Restore the end-to-end of the Internet and facilitate the peer-to-peer communications

*
Simple: Plug and Play (thanks to stateless autoconfiguration)

*
A larger range of services to propose to customers

*
Security is natively defined in the protocol

*
IP mobility optimized

*
Multicast mode easier to deploy

*
(For the ISP, routing process more efficient)

Re:What about dhcp?

[kkane]

Oh, yeah, I forgot one more point:

Whether or not your "prefix" changes each time will be much the same as whether or not your single IPv4 address changes each time you connect. Either your ISP statically assigns you one (perhaps for an extra fee), or it doesn't. But that 64-bit prefix will be your global identifier that gives you an address space, much as the single IPv4 address is your global identifier now, except your address space is only 1 address.

IPv6 as a "solution" to NAT?

[venomkid]

This may be a bit OT, but I'm reading many people talking about NAT like it's some horrible thing.

As a longtime NAT user I like the fact that just one of my computers is hooked to the real internet and the others can't be diddled by outside computers.

Even if I had unlimited IPs, I'd still probably do it this way.

multicast?

[Doc Ruby]

Most people know that IPv6 delivers a bigger address space, and IPSec security. But what ever happened to its multicast tech? Is anyone sending a single multimedia stream over IPv6 to multiple recipients, without having a separately addressed packet stream like in IPv4? That feature would be the most timely, arriving just as large audiences are developing for online streaming multimedia content.

IPv6

[strider_starslayer]

People will use IPv6 when they need it; when every device you have needs it's own internet connection, and routing/NAT will no longer do- providers will switch to IPv6, it'll happen basically overnight, though the use of a consortium.

And even then most people will just take there shiny IPv6 address, NAT it and use IPv4 internally.

Re:What about dhcp?

[Izago909]

Fun stuff when the feds want to know who's been downloading mp3s over your hotspot and you honestly can't tell them :)

Actually, from a legal standpoint, the buck would stop with you. All they would have to prove is that your negligence aided and abetted in a crime. Do you think that the RIAA cares that grandma didn't download that new Brittney song? No, of course not. They can still sue her because it's her internet connection and her responsibility. It's sort of like lying by omission. NAT does not help you because your real IP address still terminates at your router. Anyway, in a civil case, the burden of proof is on you to show that you were not the one who commited the act.

Re:What's the rush?

[tepples]

A purpose for NAT is the closed-by-default firewall that its common implementations provide as a useful side effect.

Re:Most people don't care about IPv6

[Izago909]

See comment here. [slashdot.org] NAT has nothing to do with people running thier box with admin access rights. It has nothing to do with people who blindly open attachments, or do not use a good firewall, or do not use an AV program. NAT is a flase sense of security.

Re:IPv6 as a "solution" to NAT?

[kkane]

NAT's big shortcoming is that it's a hassle when you want one of your inside hosts to be able to receive connections from the outside like a server.

I think something will still exist like this for IPv6, but now you'll actually have more addresses when you want outside computers to be able to access an internal host. So it'll be up to you whether or not an outside host can diddle on the inside, which it wasn't before.

In IPv6, NAT will be to address the security issue you mention, rather than the shortage of address space that caused its inception in IPv4. It's the latter issue in which IPv6 is a solution.

What problem?

[Zaffle]

Seriously, what problem is this solution solving?

I run ipv6 here at my site, every PC ont the LAN is using it.

Inside the LAN its almost totaly native IPv6. Only the printers are IPv4 only. When surfing the web, the users browser does a AAAA DNS lookup, if it succeeds, then it does a native IPv6 connection. If you try to connect to IPv4 only site (very common), then the PC initiates an IPv4 connection. Our Internet router provides the IPv6 tunnel and does NAT'ing for IPv4. Its all totaly transparent, requiring no end-user setup or mucking around with.

I regularily use IPv6 websites, and I don't notice that they are IPv6 unless a) the website notifies me I'm connecting over IPv6 (eg http://www.ipv6.org/) or b) i look at the traffic going through.

The only thing I could do to "improve" the situation here would be to have my ISP IPv6 aware, so I didn't need to use a tunnel broker.

The way that would work would be the ISP would issue a single IPv4 address and a IPv6 prefix on connect. Then the would would be a great place :)

All my applications I write are IPv6 aware, infact they are primarily IPv6 applications with fallback to IPv4.

Most applications you use today are IPv6 aware. The next step for IPv6 is hosting companies and ISPs proving IPv6 natively. This will happen once the backbone routers are fully IPv6 aware.

Nick

IPv6 is getting a jumpstart.

[Ungrounded Lightning]

At the current rate of non-progress, IPv6 will never reach critical mass. IPv6 needs a jumpstart.

IPv6 is getting its jumpstart. From the upcoming mobile IP vendors. They want IPv6 for tracking their phones/modems (for which they can't buy enough IPv4 address space to be confident of not hitting a wall). So they have made it a checkbox on equipment acquisition (i.e. you don't sell 'em a router unless it has IPv6 - period).

Since they're talking equipment purchase totaling into the billions this is NOT something the equipment vendors are ignoring.

Once there's a bunch of endpoints out there that can only be reached by IPv6 (or NAT/tunnel servers bridging to it) there will be a lot of pressure to migrate the rest of the net.

It's called a "viscious circle" or "chicken &

[Ungrounded Lightning]

Subject line says it all.

Re:Word of warning

[linsys]

Either he didn't read the article or he has NO idea what a reverse proxy server is.

The reason that people implement reverse proxy servers it to protect the systems "behind" them, you want EVERYONE to use your proxy server because it appears to be the "real" system as far as "internet users" are concerned.

I have implemeted reverse apache proxy servers to protect insecure IIS systems from many kinds of attacks.

Looks like most of these posts are gonna explain why a proxy server is a bad idea, bla bla bla because everyone will use it, well GOOD YOU WANT THEM TO USE it so they can get to your system.

Re:Why would a residential customer WANT a /64?

[TheRaven64]

I would guess that the killer app for IPv6 would be instant messaging. A lot of people use it, and a lot of them use it to send files. Configuring a client to be able to receive files from behind a NAT can be a pain (how many home users know enough to set up port forwarding?). The same is true, although to a lesser extent, of peer to peer file trading clients (which are certainly popular amongst the less technically competent). Anything that requires the user to be able to accept incoming connections is trivial with IPv6, and complicated with IPv4+NAT (even with UPnP, which is by no means universal).

Varaible-length addresses

[cronie]

Maybe they will dump fixed 128-bit addresses, and make them variable length instead, so that new addresses may be allocated where they are needed...

This is really a terrific idea... Picture higher-level routers that only recognize the first IPv4 part of the address and pass packets on to the leaf routers. Such a protocol would require only minimal and thus cheap upgrade of firmware for most hardware on the Internet, not to mention that their 32-bit CPU's would still perfectly do the job.

And so the whole address space would become a tree, just like the domain name system.

(After all, for simplicity of the user-end routing devices, each node's MAC address can be appended to the 4-byte IP address, for example, which will turn IPv4 into the forgotten IPX... The first 2-3 bytes of the MAC address can be changed in each node to reflect the local tree structure in your LAN/WAN. Something like NAT, but with a bit more complicated IPX-like structure in your private network... TCPX?)

As for other "benefits" of IPv6... Autoconfiguration is dangerous since it can be spoofed in large and weakly controlled LAN's. I never really trust DHCP, UPnP and other "smart" guys and try to avoid them whenever possible.

Re:Most people don't care about IPv6

[LoveMuscle]

Bulllarky about the major telecoms.. I work for a major hardware supplier (we make the MSM's that go into most CDMA cellphones), and I am specifically working on implementing IPv6 in our software. It is the major telecoms that are pushing us to do it, not the other way around. (One starts with a V... the other starts with an S..)

They want to start rolling out services that will require full time IP connectivity to EVERY phone. If you start doing the math thats a major chunk of the IPv4 address space. Their only option is IPv6. IMO the major telecoms are going to be the FIRST folks to adopt this wholesale...