(Almost) All You Need To Know About IPv6 359
Butterspoon tips us to an article in Ars Technica titled "Everything you need to know about IPv6." Perhaps not quite "everything"; the article doesn't try to explain the reasons behind IPv6's meager adoption since its introduction 12 years ago. But it should be regarded as essential reading for anyone overly comfortable with their IPv4 addresses. Quoting: "As of January 1, 2007, 2.4 billion of those [IPv4 addresses] were in (some kind of) use. 1.3 billion were still available and about 170 million new addresses are given out each year. So at this rate, 7.5 years from now, we'll be clean out of IP addresses; faster if the number of addresses used per year goes up. Are you ready for IPv6?"
Meager adoption (Score:5, Insightful)
Widespread NAT
Running out of IPv4 (Score:1, Insightful)
No. No. NO. Behind every router you can have an independent network, with as many machines as you want. Most small networks have users on the IPs 192.168.0.n or 192.168.1.n or 10.0.0.n. There are probably tens of thousands of machines using these addresses - but they do not conflict, because they are not using that address on the same global network.
As the number of used IPv4 addresses go up on the global internet, the number of routers - and so numerically isolated networks - will also increase. Even if it comes to the point where city areas or even ISPs have their own routers, it is still farcically easy to set up more and more networks that are independent of each other except at their shared contact point of the greater web.
The only way we can run out is if we put all devices onto the same network, which in itself only invites exploitation and problems.
It's not going to happen.
Re:Meager adoption (Score:2, Insightful)
And frankly, sticking things behind a nat works out really well for a lot of devices. Either you provide a firewall for your printers etc, or you nat them and you avoid the question of routability on the internet. Frankly, I like having a lot of stuff on private ips, and there are plenty of those to go around for many organizations.
Not that you shouldn't still firewall, but for households, small business, dumb devices, nat works very well.
Running out? (Score:2, Insightful)
It had never been routed across the public net. I'd be prepared to bet there's a lot of companies that decided they 'were a major entity' and grabbed a big chunk of address space, back in the day when the IPv4 address space was 'more than anyone would ever need'.
I'd be prepared to bet there were a huge amount of 'entities' in the same situation. I mean, there's only a relatively small list that acutally need many at all, most can get by with a couple for DNS servers, a couple for mailservers, a couple for web servers and maybe a few for other 'key' internet thingummies. But 254 is way more than _most_ companies actually need.
Re:All you need to know... (Score:5, Insightful)
MIT (I know they make use of public IPs, but 16 million addresses?)
Haliburton (!)
Bolt Beranek and Newman Inc (?)
Ford Motor Company
This [iana.org] website has an updated list. There are a lot more on the list who have waste space, I just don't feel like going through all of them.
MIT and Apple (Score:5, Insightful)
As of January 1, 2007 too many IP addresses were in (some kind of) use by Apple and MIT who have entire class As but don't need that kind of address space. In 7 years when we are approaching what this particular author believes will be the end of the road for IPv4, those two (and anyone else with too many unused addresses) should be mandated to give them up so that everyone else can use them.
IPv6 won't be in wide use until the ISPs drop their ridiculous additional IP charges. They make a good bit of money through that so I assume they will be the absolute last people to switch over. Because most residential connections are on Comcast and other providers that don't want anything to do w/making less money, there's no way that this will happen w/o a fight.
Address scarcity will not drive adoption of IPv6 (Score:3, Insightful)
I think we have much more pressing problems. I seriously question whether or not our advanced technological society will last long enough to exhaust the currently available address space, and even if the prediction is true, and we approach that state within the next 7.5 years, it is more likely that measures will be taken to ensure that abandoned or underutilized address space is reallocated.
Re:MIT and Apple (Score:4, Insightful)
IPV6 handles routing almost automagically. We should see fewer problems with chunking and "wasted" IP addresses. And of course, there are many other benefits. I honestly can't wait for the day when IPV4 is a terrible memory.
IPV4 + RFC1918 != IPV6, NAT / Proxy saved IPV4 (Score:5, Insightful)
When I say direct consumers as it relates to IPV4 the two largest consumers are Internet service providers and large corporations.
I remember when I started my first ISP. Everyone that dialed up to our modem bank was assigned a public IPV4 IP address. Later as higher bandwidth solutions arrived it was nothing for an ISDN user to have a
Now that has changed. Generally unless you pay extra you are going to have a RFC1918 (IP addresses that have been mutually agreed upon to be private). With this type of IP address nobody from the Internet can initiate communication to and of your equipment. These IP addresses are not routed on the public Internet. When you initiate an outbound communication to some server on the Internet your ISP will do a hide NAT to get you out to the Internet.
A hide NAT is when many systems using private address space all use the same IP address as their source when they leave their ISP. So, instead of the good ol (not so good) days where ever user needed a public IP address now an ISP can hide thousands of customers behind a single IP address.
Large corporation use similar techniques. They realized that not ever computer on ever desk need a public IP address. Again, they could use hide NAT and let them all use RFC1918 (private IP space) and when they would go out to the Internet they could either be hidden behind an IP or use a proxy. Also, almost simultaneously the idea that not all the servers in your data center needed a public address either. Your web and mail servers might but their back end database servers wouldn't. These wouldn't even require NAT because for security reasons it is just better if the have no interaction with the public Internet. The web servers could communicate with them with a physical separated network or internal routers could route their traffic to the proper location within their corporate infrastructure.
Two factors drove this movement. First was the fear of running out of IPV4 addresses. Arin and the like were doing there best to scare consumers into rationing their allocation in fear of not being able to get another. Second came from network security. Firewalls and proxy servers and the like were being implemented more rapidly than ever before. This was partly in response to the ever expanding IT bubble that many were sure would grow indefinitely and the majority was due to the realization that without proper security the bad guys would enter you system and start poking around. A system (server environment) can never be made 100% secure but the more money you are willing to spend on security the higher you raise the bar for a potential black hat hacker. As you increase security you make those that don't easier targets so a hacker would go after the easiest to penetrate rather than the more secure environments. This feeds upon itself. There will always be hackers and network security will have to continually evolve.
But back to IPV4. Looking at the current utilization of IPV4 as to what it was say in 1990 you see a completely different picture. The current picture is what was the promise of IPV6 and that is that it doesn't look like we will be running out in the foreseeable future. It's true with IPV4 we don't have enough public IP addresses so that everyone can have all their kitchen appliance connected to the Internet with a public IP. I have listened to many people tell the analogy that IPV6 has enough IP space so that every grain of sand on the planet Earth could have it's own IP address. Well, the truth is that we don't need that many, not anywhere near that many. And though it's true that IPV6 has more features t
NAT Translation is Dead On. (Score:5, Insightful)
The article does a great job of presenting the debate. In every talk, you should tell the audience what you are going to tell them, then tell them, then tell you what you told them. In this case, the author took the novel and interesting approach of using a Slashdot summary of the subject, linking to a previous discussion and paraphrasing it. I present the summary and the expansion side by side to highlight their ingenious rhetorical style:
"Use NAT, n00b. All 1337 of my Linux boxes share a single IP and it's safer, too!"
"NAT is not a firewall."
"NAT sucks."
"You suck."
Thanks for the shoutout, Ars. The explanation of various non free software limitations for using IP4/IP6 and partial explanation of why those systems may need firewalls to begin with is sure to add to the human body of knowledge and foster civilized conversations. After reading the article, it's all clear to me, for sure not at all. Respeckt!
Re:Running out of IPv4 (Score:5, Insightful)
And it's oh so delightful when you have to connect to heterogenous networks who are both using the same private IP scheme. Or when you have to VPN into your office from a customer network and you're both using the same scheme. Or when you have to VPN through a NAT firewall.
Re:All you need to know... (Score:5, Insightful)
Re:What they DID leave out (Score:3, Insightful)
Re:Meager adoption (Score:3, Insightful)
20 years ago, though, the people who were doing this sort of thing knew at least a LITTLE something about computers and networks. Now that it's got mass adoption, of course people don't know how to do things. That's really a big part of the reason that malware propagates so easily in the first place.
Even so, there have been attempts to address it using uPNP. And uPNP is a security hazard, much like running without a firewall. Shocking, eh?
Re:Meager adoption (Score:5, Insightful)
Re:Meager adoption (Score:2, Insightful)
Personally, I give them better odds with the dhcp/firewall/nat setup.
Rearrange those deck chairs... (Score:4, Insightful)
Re:Meager adoption (Score:5, Insightful)
Erm, that's easier said than done. A normal residential IPv6 allocation will be a /64 prefix, which means you are allocated a 64-bit prefix, and you can select any address in the remaining 64-bit address space. So you'd have 18446744073709551616 addresses to scan to find all the hosts on the network. Assuming that the hosts have Privacy Extensions turned off, and that they are all autoconfiguring based on their MAC addresses, you know that the 12th and 13th bytes are 0xFF and 0xFE respectively. That still leaves 48 bits of address space, or 281474976710656 addresses. Good luck.
Re:Running out of IPv4 (Score:2, Insightful)
It is only FAIR to move to IPv6 for the sake of developing countries that will someday find their way onto the Internet in increasing numbers.
You are right in saying that the math in the article is wrong in a sense in that it assumes a linear trend - that 170 million is constant. I would think that if anything the number of IP addresses allocated would increase, not decrease. If at the current trend we will run out in 7.5 years, I think the actual would be less.
What makes this hard to believe is that more is not being done about this. But maybe the people managing it all have their eye on it and ipv6 deployment is on schedule. You would hope that at the very least new device installs would be ipv6 capable.
Re:Meager adoption (Score:2, Insightful)
I am certain there will still be ways to find addresses every once in a while, but it will make things far more difficult. Especially if most computers have something as simple as windows firewall which will make a computer seem to not even be at that address (doesn't respond to pings or anything). You can sometimes trick computers into revealing themselves, but still, the extra work to do that would mean scanning the 2^64 address would take even longer.
I expect there might become a market for selling lists of verified IP addresses, just like there is for email addresses now.
Re:IPV4 + RFC1918 != IPV6, NAT / Proxy saved IPV4 (Score:3, Insightful)
You may get away with it for a while, but wait until your company merges with another company that uses the same private IP addresses. You'll change your mind quickly.
Globally-unique addresses should be used on anything that interacts with the internet. Anything else is a cheap hack that will bite you in the ass eventually.
I realize that some are forced to NAT because IP4 sucks. But to choose NAT for "security" reasons when real addresses are an option is, well, ignorant.
Re:All you need to know... (Score:4, Insightful)
"Eats up about 5 years of your IT budget"
In that case I pity your IT budget. If your IT staff actually knows what they're doing it doesnt need to cost much. Or anything. The difficult part isnt rolling out IPv6, it's ending IPv4. And you can let that take care of itself by letting the unsupported things die of old age.
"they don't run servers"
Server in the realm of networking isnt the hardware you put in a big room somewhere. Client software like netmeeting is a 'server'. Backup software, configuration software, etc, etc.
Put your company behind a NAT. Then explain to your boss why he cant connect with netmeeting to the CEO of a newly acquired company. Try to integrate networks after mergers. Put your network behind a nat, and eventually you'll need to do the IPv6 installation _anyway_ to get some new functionality.
NAT doesnt solve the same problems that IPv6 does; it's at best a temporary stopgap measure.
Reasons for meager adoption. (Score:3, Insightful)
Try to get a page from Slashdot's servers using IPv6 - that is to say, using IPv6 format packets, NOT IPv4 packets.
Then ask yourself again why IPv6 is NOT being adopted.
(NOTE: You can replace Slashdot with CNN, Digg, or whatever other mainstream site floats your boat.)