Federal Agencies Must Use IPv6 by 2008 295
MoiTominator writes "The White House Office of Management and Budget announced on Wednesday that all federal agencies must deploy IPv6 by June 2008. So far, Defense is the only agency which has made any progress toward implementing the new protocol." From the article: "While we know that IPv6 technologies are deployed throughout the government we do not know specifically which ones, how many there are, or precisely where they are located...For cost, the agencies must report on estimates for planning, infrastructure acquisition, training and risk mitigation."
Nice to see that... (Score:4, Insightful)
Re:What the hell? (Score:3, Insightful)
Progress in DoD (Score:5, Insightful)
This has appeared all along like a deliberate attempt to force a "technology refresh" that would be beneficial to major US networking companies than any real response to technical superiority of the IPv6 protocols.
If the technical merit were really there (many of the supposed IPv6 improvements have been backported to v4), my guess is a specific mandate wouldn't be necessary. Business would take care of it.
NAT (Score:5, Insightful)
Re:Not ready for Prime Time (Score:5, Insightful)
1) You're thinking older Cisco equipment. But, the same argument could be made for any number of enterprise/carrier routing vendors. If you have a router/multilayer switch designed for IPv4, you're going to have to either upgrade it with IPv6 ASICs, or replace it completely. That's part of the price of transisition, and there's no way around that.
2) No one with any level of education in the matter says "We're running out of addresses." We're running out of address SPACE. Big difference. The huge class A and B networks issued to large US corporations and the military means those countries who got online later on are losing out. Case in point...I was on the redesign team at a USAF base that had two class B networks -- for 30,000 customers.
And NAT is only a stopgap. You end up with a massive number of interoperability problems when you start NATing. With IPv6, there simply isn't the need for it, and you remove those problems.
3) Memory and CPU performance hasn't been a major issue with most routers in a long time, especially BGP routers. Massive OSPF networks, yeah, the Dykstra algorithm hits hard, but there are other, less CPU-intensive options like IS-IS, or just design your network right from the ground up and summarize properly.
Again, the problem we're going to run into here is the specialized memory used for wire-speed packet switching. But, if you're doing wire-speed, you're going to have to replace the ASICs anyway, so the TCAM gets replaced too.
4) You're right, minimum MTU size in IPv4 networks is 576 bytes. But that's a difference of 3.5% versus 7%. Not a major issue -- especially since most MTUs are in the range of 1250-1500, or even higher in pure GigE networks.
The road to IPv6 will be bumpy, but the only issue you mentioned with any real weight is the first, and that's an easy one. You just throw money at it.
Where the problem is going to lie is in long-haul data transport, IPv4 interoperability, and legacy application support. The network's the easy part.
Re:Not ready for Prime Time (Score:5, Insightful)
I see a lot of reasons to go IPv6, especially now China (1.3 billion people) and India (1 billion people) get connected.
Re:Mac OSX has had great IPv6 for a while (10.2)! (Score:3, Insightful)
And here shall commence the argument about whether or not anonymity on the Internet is a Good Thing or a Bad Thing.
Re:Not ready for Prime Time (Score:1, Insightful)
I beg to differ: NAT can do it, and well too (Score:3, Insightful)
Most surfers are considerably safer behind NAT anyway, as shielding incoming TCP connections on ports 135-139, 445 and 593 kills 9 out of 10 Windows remote exploits stone cold dead. Deploying technologies like uPNP in the ISP routers can negate the inability to accept incoming packets nmany low-grade server style apps (Messenger, VoIP)
In an ideal world yes, every device could be addressed by its own IP address, but in this world I don't want some cracker port-scanning my fridge and getting a backdoor through a butter overflow exploit.
I don't trust any modern operating system enough to run it without a hardware firewall device, and I always keep that (it's a linux-based consumer router) well-patched up to date and with all remote admin functions disabled and locked down.
As a regular fixer of friends PCs, I would love to see ISPs provide the option of fully-NATted connections. I'd recommend them. It'd save me so much time trawling eBay for bargain routers for my friends.
Re:NAT (Score:3, Insightful)
If NAT goes out of style, the home router people will just focus more on delivering good firewalls, and a lot of people (probably including me) will still buy them.
It will when major ISPs start supporting it (Score:3, Insightful)
Bring on the Vultures (Score:3, Insightful)
Consultant: Hey, buddy o'mine in the White House Budget office, lets do lunch.
WhiteHouse: OK
Consultant: You know, if you dont use IPv6, you're obsolete.
WhiteHouse: Really?
Consultant: Yep. You wouldn't want the (Commies|Al-Qaeda|Chinese|French) to be ahead of us, would you?
WhiteHouse: Hell no!
Consultant: Nobody is going to deploy IPv6 w/o a reason. It's hard to do.
WhiteHouse: Hmm, we need to do this, its a matter of Homeland Suck-your-ity. Can you help?
Consultant: Why sure, but you should make sure that only me and a few others are approved for this gig, you wouldn't want any incompatibilities, would you?
WhiteHouse: Damn straight, I think I'll have another Scotch.
Consultant: Go ahead, its on me. *evil cackle*
Re:Nice to see that... (Score:3, Insightful)
Re:It will when major ISPs start supporting it (Score:3, Insightful)
And the major reason the vast majority of the big isps don't offer it is because there is no demand for it. Anyone offering a useful service on the web can afford a few bucks a month for a static IPv4 address, and I don't see that fact going away, ever. So what do you get by going with IPv6? AFAICT, nothing but incompatibility problems.
IPv6 would have been better than IPv4, if we were building the internet from scratch. But Beta is better than VHS too, and I don't know very many people with Beta cassette players.
Re:Nice to see that... (Score:3, Insightful)
NAT, dynamic DNS, and all the other "hacks" which resolved the problems in ways which were backward compatible. Between NAT, dynamic DNS, and application level protocols to negotiate ports, we don't have merely 4 billion IP addresses, we have 28147 trillion, and that, to misquote Bill Gates, should be enough for anyone.
I'm not saying IPv4 is going to last forever. Like anything else, it won't. But I'm pretty convinced that IPv6 won't be the next widely adopted protocol after IPv4. To (properly) quote D. J. Bernstein, "The IPv6 designers made a fundamental conceptual mistake: they designed the IPv6 address space as an alternative to the IPv4 address space, rather than an extension to the IPv4 address space."
Re:Missing improvements (Score:5, Insightful)
A) Look for MPLS and its future succesor GMPLS.
B) The port concept is a TCP/UDP layer issue, not an IP issue. You can use lots of IPv6 addresses for the same device (IPv6 permits explicitly that) and just one port if that is what you prefer. I personally don't see the improvement. IP addresses are assigned to devices (in the IPv6 paradigm), ports are assigned to application uses. I personally beleive it is much straightforward this arrangement that an IP derived solution. At least now, you now port 80 means (at least should) web access.
Re:Nice to see that... (Score:5, Insightful)
Now think about this: there's an entire class A subnet allocated to MIT. There's quite a few class A subnets allocated for various US governmental institutions. There's a whole one for Apple computer.
But, there's just one for the entire African continent. Some ISPs in countries besides the US cannot give their customers a real IP address! There are not enough to go round. The way they have been allocated is clearly skewed.
So yes, lots of people stand to gain by having more addresses. They just happen to be in some of the poorer nations.
Re:Nice to see that... (Score:3, Insightful)
This is good news for Contractors (Score:4, Insightful)
Re:Benefits of IPv6 (Score:3, Insightful)
Yeah, because actually being able to have an address so people can connect to you over the Internet is a terrible thing... Better to have NAT where the Internet is only one-way, you can't provide anything, just be a mindless consumer of websites. And forget p2p, ftp, and all that crap. Oh and forget about the fact that corporations and universities in America each have as many addresses as the whole of Africa. As long as rich Americans have proper IP addresses, fuck everyone else.
First off, have you ever tried to enter an IP over a noisy phone connection? Now try it with eight 4-digit groups!
What the hell are you talking about? Perhaps you should get a better phone. I see no reason why we should put up with sub-standard Internet just so your tech-support job is slightly more convenient.
Second, Do you have any idea how many dark
With 128 bits, everyone could have millions of IP addresses. Every household could give every computer its own address, every corporation would have enough to go round. Not having to pay through the nose to ISPs just for single extra IP addresses. No shitty dynamic IP addresses. No shitty NAT. What about the people who have
Actually you may have a point. With American corporations/governments in control of the Internet, it will always be fucked up, with all the power and luxuries given to the rich American corporations, and everyone else getting shafted.
There is no IP shortage problem for now.
I take it you have your own IP address?
You CAN have IPv4 and IPv6 on the same network. (Score:5, Insightful)
What is stopping the implementation of IPv6 are those pesky legacy devices, legacy operating systems (ie Windows) and legacy hardware accelerated routers, and the fact the Internet being as big as it is - it's basically impossible to do a clean switchover, and there ARE problems when combining the two systems - even though you can have both on the same network, they won't be interoperable (=really bad).
Of course IPv6 has been designed to work around these issues as well as possible, but there will be issues eg getting a IPv4 machine to connect to a IPv6 one. And NAT has been the easier-to-implement short-term-solution for home 'puters etc...
Re:I beg to differ: NAT can do it, and well too (Score:3, Insightful)
The solution to that is to disable the services running on those ports. It will have the same effect. uPNP shouldn't be necessary.
Why does your fridge have open ports unless you want to use them? If you want to use them, why do you want them hidden behind nat?
I trust my linux box in the DMZ on my router. I keep it fairly up to date, within a week say. The ports I have open are open because I want them to be open, if I wasn't in the DMZ I'd just port forward them anyway. The only thing I'm any more vulnerable to is a tcp stack flaw.
I think such ISPs exist. They don't advertise the connection being nat because it's a bad thing. I am continually amazed by how many otherwise intelligent people have fallen for this "you need to be behind a router" crap. If you need a router, you're a complete idiot or running an OS written by one.
Re:Missing improvements (Score:3, Insightful)
As long as packet loss is temporary, then handling it at the TCP level is just fine. Yes, it occasionally introduces latency due to retransmission but it is worth it to keep the network simple. A simple network is more robust and more predictable, with cheaper hardware. Cheaper hardware means more hardware and more bandwidth, which then reduces latency and packet loss overall. This is the correct solution to packet loss problems.
Also, a big reason the Internet is as reliable as it is today is due to its inherent *unreliability*. It's a "worse is better" philosophy. When failures are an everyday occurrance, your failure-handling must be robust. This paradoxically makes the system as a whole more reliable. The Internet is the epitome of this philosophy. Packet loss is a natural and healthy thing for the Internet.
Re:NAT (Score:3, Insightful)
In cases where hosts are already connected when the router is turned on, this means that whatever device requests an IP address first would get connections forwarded to it.
And in cases where there's only one PC connected, that's probably because people are using it as a firewall *because* it does not forward incoming connections. I know a few people that recommend this.