Federal Agencies Must Use IPv6 by 2008 295
MoiTominator writes "The White House Office of Management and Budget announced on Wednesday that all federal agencies must deploy IPv6 by June 2008. So far, Defense is the only agency which has made any progress toward implementing the new protocol." From the article: "While we know that IPv6 technologies are deployed throughout the government we do not know specifically which ones, how many there are, or precisely where they are located...For cost, the agencies must report on estimates for planning, infrastructure acquisition, training and risk mitigation."
Well, IPv6 is nice (Score:2, Interesting)
Re:Not ready for Prime Time (Score:4, Interesting)
IPv6 has such a large address pool to allow autoconfiguration of addresses for now and in the future. It basically redifines the whole issue of keeping up with who has which IPs. Just keep up with their network number and autoconfig the rest.
While the addresses may be 4 times the size and the header is twice the size, the header itself can be processed and delivered faster.
Likely future events... (Score:3, Interesting)
Re:Not ready for Prime Time (Score:4, Interesting)
Wrong. Recent IOS releases still have the same problems, they are also quite catastrophic from a usability point of view in comparison with the IPv4 features.
3) Memory and CPU performance hasn't been a major issue with most routers in a long time, especially BGP routers.
This is always an issue, as memory costs money. The global routing table has just passed the RAM barrier a few months ago for many routers; most Cisco routers holding that table now require 512MB minimum route memory. (of course it also depends on what else the router has running, but as a general rule, the mark was hit.)
Either way, IPv6 means more memory and resource requirements, which in turn means a lot of investment with no return. That's why IPv6 will only come when it has become absolutely necessary. Which will take a few years still. So no, it is not "ready for prime time".
Re:ATTENTION SLASHDOT READERS (Score:2, Interesting)
Re:Not ready for Prime Time (Score:1, Interesting)
In a world where an ever increasing percentage of IP traffic is streaming, the MTU is becoming irrelevant, and the header size a huge burden.
Re:Not ready for Prime Time (Score:3, Interesting)
Thing is it'll never be absolutely necessary here in the US, at least not for a long time to come. Enough kludges have been developed for NAT that it's "good enough" for the time being, espeically to IT managers facing the hard choice between sticking with NAT or dumping a metric ass-ton (roughly equivilant to an Imperial crapload) of money into an IPv6 infrastructure.
The "prime time" buzzword has been an excuse for the last few years, even though no one can really give a hard definition of what "prime time" is.
Re:Mac OSX has had great IPv6 for a while (10.2)! (Score:5, Interesting)
The tin foil hat brigade is on the march, again.
If you want an "anonymous" IP address, there is nothing to prevent you from using a sooper-sekret random number instead of the interface's MAC. See RFC 3041 [ietf.org].
Re:Not ready for Prime Time (Score:3, Interesting)
Re:Nice to see that... (Score:4, Interesting)
Basically, install an IPv6 stack on everything you can and use IPv6 ready software/hardware over IPv4. Eventually upstream people will see IPv6 all over the place using Toredo, and implement an IPv6 network.
My school runs on IPv6, along with a few others in the area, and our upstream provider is already implementing an IPv6 network for us.
NAT-PT for linux (Score:2, Interesting)
I don't think anyone wants go through the
pain of double stacks. So to run a ipv6
only network, and connect it with both
v4 and v6, you would need a v6tov4 nat
device (nat-pt). I haven't seen anyone
offering that, at least no linux based solution
(some *bsd might be able to do that, not sure).
Missing improvements (Score:5, Interesting)
A) A protocol between the ordinary level2 and IP(level3) (Could be named layer 2.5) that takes care of error-corrections via retransmissions. Not replacing TCP's error-correcting retransmissions, but in addition to those. The reason is that most lost packets are lost packets on a single link because of load issues and such, and not because a whole link falls and breaks a route. In those cases, it is very inefficient to retransmit the whole route, and to add a huge latency-overhead to the packet transmission.
B) Get rid of the silly "port" concept. Ports are just internal-computer addresses, and as such, should simply be part of the address itself. There should be no reason to distinguish between the network address and the host address and thus subnets were created, and that separation no longer exists. Just the same, there should be no reason to distinguish between net/host address an application addresses. Removing the "port" concept and placing it as part of the IP address itself has the following benefits:
I) UDP becomes redundant to IP itself, the whole protocol is about adding the port address and can be discarded.
II) DNS entries can point to applications and not hosts. This would allow www.server.com and www2.server.com to point to different webservers in the same computer. This would allow to discard the "virtual web hosts" feature. It would also allow to support multiple servers of any type (ftp, smtp, etc) on any host, all pointed by dns, without messing with the port supplied to the user.
III) An internal network can route the same application address to any host it chooses, easing the distribution of load. It would also not expose to the external world how applications are served on which hosts.
Anyhow, I look forward to seeing those features in IPv7.
Re:Not ready for Prime Time (Score:2, Interesting)
Still, someone typing fast, who knows what he wants to say and has the foresight to spot something he wants to comment on in the mysterious future might pull this off.
Re:Nice to see that... (Score:1, Interesting)
Re:Missing improvements (Score:3, Interesting)
However, with B you certainly have a valid point!
How inconvenient it is that you cannot set an MX record to another port than 25... or tell the requester that www2.example.com is on port 8080.
That could be fixed in DNS, of course (and it is fixed by the SRV extension to DNS which only Microsoft seems to have taken up).
Of course your method will require a modification to DNS anyway because you want to lookup name+service pairs in DNS now (you want to get different adresses returned for domain.tld when asked for WWW service than when asked for FTP service, for example).
Re:NAT (Score:3, Interesting)
Home users would buy a hardware firewall with routing and DHCP, plug it in, and get a home network that doesn't allow incoming connections by default.
Almost. The box wouldn't do DHCP, because it wouldn't know what IP addresses to hand out. DHCP service could be provided by the ISP, but since we're talking about IPv6, it's more likely that DHCP would simply disappear, and the machines would use autoconfiguration.
Another GOSIP? (Score:5, Interesting)
GOSIP (Government OSI Profile, and the acronym was used separately by the US and UK) was a requirement to implement the OSI protocol stack by some date in the 1980s. It was a procurement requirement: Every system bought by the feds as of a certain date had to have OSI. Unless it got a waiver.
Some people took this to mean that the government would transition from TCP/IP to OSI by then. And this would lead the world to OSI. And so they invested heavily in OSI. (Remember DEC?) Come to think of it, the way the lead story is written here, you get the same impression, that by 2008 the feds really will be using IPv6.
But that's not what GOSIP meant. It meant that the equipment had to have OSI available, not that the government would actually use it. Having OSI was a checklist item. And eventually it got discarded, because nobody would actually use it; TCP/IP did the job well enough, and some of the early OSI implementations were, to be polite, a pile of crap. But a pile of crap still meets the checklist for an option that won't be used!
IPv6 is somewhat dumber, protocol-wise, than OSI. It has been around for well over a decade, solving non-problems with non-solutions, ignoring problems of the public Internet that developed since then, while promising higher overhead, obsolesence of equipment, difficult management and transtion, and more money for Cisco. So unless you're Cisco, there's no reason to go there. And nobody is going there.
Microsoft will meet the checkoff, as will other vendors, but I predict that in 2009, IPv6 will still see little use, even by the feds. Perhaps if we're lucky somebody will be talking about really fixing the problems in the current protocol stack, rather than going with a hack that was created for internal political reasons at IETF before the Internet was even open to the public.