Level of IPv6 Usage Is Vanishingly Small 626
An anonymous reader writes "The impending IPv4 address allocation shortage has led to a lot of speculation on the future of IPv6 (including here). A new study says that Internet IPv6 migration is not just going slowly — it has basically not even begun. After spending a year measuring IPv6 traffic across 87 ISPs around the world, the study concludes 'less than one hundredth of 1% of Internet traffic is IPv6... equivalent to the allowed parts of contaminants in drinking water.'"
Why it doesn't matter (Score:5, Insightful)
Because it impacts the other guys, not me. It's the people in China and India and everywhere else that need addresses. Me? I've got a whole block right here.
Comment removed (Score:5, Interesting)
Should have gone to A.B.C.D.E.F.G format. (Score:5, Interesting)
We could have even just added a 3 more positions in the address and assumed a default of 1.1.1. as the default prefix if none was given. That would have given us 16 million * the current 4 billion addresses - 64 quadrillion addresses.
At the risk of repeating the 'no one needs more 640k', I'd have to say that I think 64 quadrillion is more than usable for the next several years. The upshot is that it would have been much easier to deal with that. From a pragamatic viewpoint, there's a whole lot of software out there invested in the dotted quad format. Modifying that to deal with a few more X.X.X places wouldn't have been as hard (think GUIs that check IP validity, for example) as moving to IPv6.
Lame excuses, perhaps, but I think we'd have seen much faster adoption to a format like X.X.X.X.X.X.X because it's an incremental, not radically different.
Re:Should have gone to A.B.C.D.E.F.G format. (Score:5, Informative)
IPv4 addresses can be represented in IPv6 as 0::10.10.1.12 (Or as 0::FFFF:10.10.1.12 in some cases.)
I don't see that using dots instead of colons makes a transition any easier.
Re:Should have gone to A.B.C.D.E.F.G format. (Score:5, Informative)
Really? The dots vs colons thing is the single most problematic thing I've encountered. No seriously - network level is easy, just upgrade firmware or hardware. It when working with configuration files and addresses that IPv6 sucks. Firstly, : was already very widely used used, for separating IPv4 address from port number.
Just using abcd.abcd.abcd.abcd.abcd.abcd.abcd.abcd would have meant that abcd.abcd.abcd.abcd.abcd.abcd.abcd.abcd:443
would have worked much like 123.123.123.123:443, though obviously distinguishably - hex and more sections.
People seem to have settled on enclosing the IPv6 address in square brackets to make it work reasonably parseably (given abbreviation, see below) into config files and urls and stuff, at least that seems to be the most widely used convention. i.e. [abcd:abcd:abcd:abcd:abcd:abcd:abcd:abcd]:443
It works okay, but it could have been simply avoided, damnit.
Secondly, the :0000:0000:000: to :: abbreviation rule was actually a terrible mistake. It makes parsers somewhat harder to write, and means that IPv6 addresses can't be munged with regexes nearly as handily as IPv4 addresses, which seriously inconveniences time-pressed sysadmins. Yes, Ipv6 address are long if unabbreviated. But without the abbreviation they would have been REGULAR.
What regex problem? (Score:3, Informative)
Looking at an app that uses regex to match both IP4 and IP6 precisely (as opposed to numbers and dots or hexchars and colons), the IP4 pattern is:
PAT_IP4 = r'\.'.join([r'(?:\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])']*4)
RE_IP4 = re.compile(PAT_IP4+'$')
and the IP6 pattern is:
RE_IP6 = re.compile( '(?:%(hex4)s:){6}%(ls32)s$'
'|::(?:%(hex4)s:){5}%(ls32)s$'
Re:What regex problem? (Score:4, Insightful)
Not any less handy? you have _got_ to be kidding. You expect people to whip that monstrosity up every fucking time they want to match for addresses? When working over a serial terminal on a barely-capable quirky embedded shell? And who the fuck compiles regexes? Programmers, that's who. This represents the core problem - IPv6 addressing seems to have been designed by programmers, not sysadmins.
Re: (Score:3, Informative)
And Slashdot chewed my url.
It should have been [::1]:8080
Re:Should have gone to A.B.C.D.E.F.G format. (Score:5, Funny)
Hmmm. Base 85, eh?
I hereby propose a closely related 40-character format, where each base85 value is represented by a pair of letters, consonant-vowel -
The "bananafofana" IPv6 address notation...
17 consonants: bdfghjklmnpstvxwz
5 vowels: aeiou
=> 85 distinct consonant-vowel pairs
(dropped c,r because of confusion possibilities with s/k,l. h is tricky for some non-english speakers, but it can typically be learned. I tend to think of x as the ch sound in irish/scottish "loch", but, well, it doesn't matter all that much.)
First, transform to base 85 is performed as per the RFC1924. Then,
rather than mapping to 85 different ascii characters, the 0-84 base85 digits are mapped to consonant+vowel pairs in consonants*vowels sequence i.e.
("ba" "be" "bi" "bo" "bu" "da" "de" "di" "do" "du" "fa" "fe" "fi" "fo" "fu" "ga" "ge" "gi" "go" "gu" "ha" "he" "hi" "ho" "hu" "ja" "je" "ji" "jo" "ju" "ka" "ke" "ki" "ko" "ku" "la" "le" "li" "lo" "lu" "ma" "me" "mi" "mo" "mu" "na" "ne" "ni" "no" "nu" "pa" "pe" "pi" "po" "pu" "sa" "se" "si" "so" "su" "ta" "te" "ti" "to" "tu" "va" "ve" "vi" "vo" "vu" "xa" "xe" "xi" "xo" "xu" "wa" "we" "wi" "wo" "wu" "za" "ze" "zi" "zo" "zu")
These pairs are then concatenated to give a 40 character nonsense word string -
So, for example, 1080:0:0:0:8:800:200C:417A => base85 4-68-70-46-66-12-63-31-61-19-4-37-53-75-0-58-57-65-34-51 (from the RFC)
=> [buvoxanevefitoketegubulipowabasosivakupe]
There, much better ;-)
Maybe spaces should probably be allowed between every 8 characters, just to make it a bit more legible. Especially out loud :-)
Q. Hey, what's that server's address, again?
A. [ buvoxane vefitoke tegubuli powabaso sivakupe ] !!!
Re:Should have gone to A.B.C.D.E.F.G format. (Score:4, Funny)
I like this one [ delusive sometime volatile tubelike pipeline ]
Re:Should have gone to A.B.C.D.E.F.G format. (Score:5, Funny)
[ buvoxane vefitoke tegubuli powabaso sivakupe ]
Why is it suddenly raining blood?
Re: (Score:3, Insightful)
We could have even just added a 3 more positions in the address and assumed a default of 1.1.1. as the default prefix if none was given.
Great, now the addresses are 7 bytes long and you still have to update all your routers and computers. What makes you think it'd be any easier?
Re:Should have gone to A.B.C.D.E.F.G format. (Score:5, Insightful)
Well that whole 640k thing with regard to IP addresses has been largely negated by the adoption of routers within the home. Back when cable/DSL adoption was first starting, many people would end up with a switch and then have to call up the ISP for a second IP address. And with several computers in every home these days (not to mention other devices that grab IP addresses - games consoles, WiFi cell phones, network printers, etc), that plausibly could have become a very big issue very quickly. I've got at least a dozen pieces of hardware that consume a local IP address (not to mention the two or three VMs I have going at any given time), and it's a very good thing they don't each consume a slot in the worldwide public address space.
For all practical purposes, even an A.B.C.D.E would probably be enough thanks to routers - that still gives us ~1 trillion unique IPs worldwide. Of course if we were to make the switch it would make sense to give us the additional headroom. I'm hardly intimately familiar with the inner workings of IPv6 but assume it has benefits beyond mere address space, but the added complication to sysadmins of dealing with something like "2001:0db8:0000:0000:0000:0000:1428:57ab" (thanks, Wikipedia) is simply a nightmare in the making. Four bytes versus sixteen? I can remember which computer is 192.168.0.11 on my local network easily enough (and could certainly remember my public IP if I were bothered, as it never seems to change despite not paying for static), but you can practically smell the smoke coming out of my head after just looking at that.
It's certainly forward-thinking, but having (estimated) fewer atoms in the universe than IPv6 addresses available is just slightly overkill, doncha think?
Re:Should have gone to A.B.C.D.E.F.G format. (Score:4, Interesting)
The first broadband ISP I ever had was Shaw Cable, and back then, there was no such thing as 'broadband routers' - heck, we couldn't even justify buying a switch, so we just used a 10baseT hub (ew).
Imagine my surprise when I found out that our networked Brother printer, which we had only used over Appletalk-over-Ethernet, had had a public IP address for a year. Fortunately, it seems that the printer designers had (for whatever reason) prevented printing/access from non-local subnets, limiting the number of people with access to it to somewhere around 64 or 128 (we weren't part of a full class C, for sensible reasons).
Oddly enough, the ISP wanted you to pay for extra IPs - but didn't require it. Honour system ftw.
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
This of course is only as far as the greedy, traffic blocking, no server, ass hat ISP's. Their are plenty of regional good ISPs that believe in providing
Re: (Score:3, Interesting)
Could you explain how that behavior would change at all with the advent of IPv6? I'm certainly not claiming you're wrong, but until I have a direct pipeline to the internet running to the house, I still have to go through some sort of ISP.
The no server clauses are absolutely BS, but my current ISP (Charter) doesn't seem to care, or at least do anything about it. I don't have a static IP (thanks, DynDNS), but they don't block incoming on port 80 so for demoing work to clients and accessing my local install
Re: (Score:3, Interesting)
I think your thinking is too limited. What about the rise of mobile devices? Billions of cell 'phones soon; I dread to think how many RFID chips. And who knows what else? These are things which really need globally unique IDs. IPv6 is intended to be overkill, so that whatever comes along it'll be able to cope.
Regarding the addressing issue which seems to concern so many people, DNS should handle most of it, (truly unique numbers actually make that simpler, I'd think). If you really need to speak to so
Re:Why it doesn't matter (Score:5, Insightful)
it impacts the other guys
It affects the other guys. This is Slashdot, not a marketing department or a boardroom. Let's use English instead of Marketese. Further reading. [mtholyoke.edu]
Re:Why it doesn't matter (Score:5, Informative)
Affect/effect are one of those amusingly nasty little hand grenades in English. Handy crib sheet:
Affect, n: emotional response. "The Minister for Granola appeared to be displaying flattened affect during his speech, leading to suspicions that he was abusing his own product."
Effect, n: causal result. "The effect of the proposed granola reform would be catastrophic."
Affect, v: alter. "The proposed reforms will affect the granola industry greatly."
Effect, v: put into immediate action. "If elected, I will effect sweeping reforms of the granola trade."
Stupid arbitrary units of measurements (Score:5, Insightful)
'less than one hundredth of 1% of Internet traffic is IPv6... equivalent to the allowed parts of contaminants in drinking water.'
Like that means anything to me. Can they compare that percentage in terms of the number of pages per Library of Congress?
Re:Stupid arbitrary units of measurements (Score:5, Funny)
No, because it's IPv6, you have to compare against the number of grains of sand on the planet.
Re:Stupid arbitrary units of measurements (Score:5, Funny)
Like that means anything to me. Can they compare that percentage in terms of the number of pages per Library of Congress?
Sure.
'That's like less than one hundredth of 1% of the number of pages in the library of congress.'
Re:Stupid arbitrary units of measurements (Score:5, Funny)
Well, if this sentence was in a book in the Library of Congress, IPv6 usage would represent its adoption lev
Re:Stupid arbitrary units of measurements (Score:5, Funny)
If you take all the IPv6 addresses and stood them end to end, they'd wrap around the globe six times!
The internet routers will carry 128 bits of address space. That is enough addresses to fill two thousand Olympic sized swimming pools!
The IPv6 address space is so huge, it would fill the Beijing Birds Nest.
Oh yeah, your mom is so fat, she weights more then an entire IPv6 /8.
Your mom is so fat, she needed the government to build IPv8 to hold all her IP addresses.
And an offtopic one I just though of: Your mom's sex tape is so nasty, even Pirate Bay banned her from their network.
Re: (Score:3, Informative)
You didn't read the article.. Only 3 voices cried out in terror!
The end is nigh? (Score:2, Interesting)
Re: (Score:3, Informative)
No, but you won't be able to make a site with a new ip-address, which is highly annoying. New people are not able to "join the internet" when the ISP runs out of IP-addresses. It's basically nasty.
That's why I hope they will be prepared when the time comes.
Re: (Score:3, Informative)
Caveat - only 1 HTTPS per IP. But that really isn't that big a deal either
Maybe a few of the Class A holders like Apple or IBM should give up some of their blocks. Take IBM as an example - they subclass internal networks so they have very very few 'real IP's routable.
Or maybe if they use the evil bit [wikipedia.org] within packets we could double our existing IP4 range!
Re: (Score:2)
And speaking of that, what WILL happen when we hit that last address?
The same thing that happened when there was no more new land.
Re: (Score:2, Interesting)
What WILL happen is "carrier-grade NAT" deployments inside service provider networks [networkworld.com].
Residential and personal mobile device customers can expect to pay extraâ" on the order of US$5-10 per monthâ" if they want a public, i.e. non-RFC1918, IPv4 address assigned to them. Also, don't expect the carrier-grade NAT to support any kind of port forwarding whatsoever. Lastly, you can expect the NAT to implement address/port-dependent endpoint filtering.
So, the writing for P2P applications like BitTorrent i
Re:The end is nigh? (Score:5, Insightful)
Read the article more carefully.
If the IPv6 transition never happens at all, which seems likely at this point, then the carrier-grade NAT engines are still needed for operating the IPv4-only networks we have today.
If the IPv6 transition actually does happen, somehow, then you're right. The carrier-grade NAT engines are only needed for IPv4-compatibility. In the unlikely event that IPv4 goes the way of the OSI stack, then maybe the NAT engines will be obsoleted. Not until then.
In any case, if you're using IPv4 now and you haven't started transitioning to IPv6, then you need to prepare for a future when most of your residential and mobile customers will be communicating with you from behind carrier-grade NAT engines that multiplex multiple customers behind a single address.
For example: identifying your customers by the IP address from which they connect to you has always been a bad idea, but it will soon be an extremely bad idea.
Re: (Score:3, Insightful)
Companies really want enough bit to organize their IP address block well. IPv6 threw in enough extra bits where that was easily possible, but the committee totally dropped the ball on providing an actual address model for companies to replace what everyone uses 10.x.x.x for.
What was needed was "first n bits tell you the size of all the following fields, next m bits are your ISP, next x bits are your company (the same value across several ISPs, if you pay for that), next y bits are yours to organize subnets
Re:The end is nigh? (Score:4, Interesting)
I disagree.
I used to run an amazingly high traffic site. It required quite a few GigE pipes to run the network. The datacenters combined would have required an OC192 to stay within acceptable growth potential.
I had the urge to switch or run IPv6 in parallel. I found out what was proposed to be mandatory was quite a bit harder than it appeared.
I never did find the clear path of "this is what you need to do."
The only way I found to get my traffic to other IPv6 users was to tunnel IPv6 over IPv4. If (if, if) we had done it, it would have likely swamped those gateway services. Sure, some people want to make it happen, but what happens when many multiple big companies do it. I know Google set up the IPv6 version of their site, but they have quite a bit of negotiation power. My negotiation power was in that I could say "I'm going to need lots of bandwidth, make it available to me", and the provider would ensure it was available and that the standard growth potential was available. We had our growth down to a science, almost so much as I could tell you our aggregate 95th percentile for 12 months in the future +-5%
If I, senior tech guy at a large bandwidth customer couldn't get it done, why do we think every home user, T1 user, and average Joe Slashdot User could get it done.
If IPv6 is what we're SUPPOSE to be migrating towards, a clear well defined path must be established, and some sort of encouragement must be provided.
IPv6 for us was just a play toy, even though I wanted it done. There was absolutely no demand for it. We were only using 6 to 8 /24's, so we weren't a huge burden on the available address space. Even still, I wanted to do it, and never got it done. Queries were left unanswered. No firm responses were ever given. Even the senior techs at the Tier 1 ISP's gave vague answers like "I think we can. Ya, we should be able to support it, but we don't know. We'll try to find out."
Now I work for a company with even less pull. We discussed it, but it's a much different product, and was put together in such a way that you can't be fuzzy with it's addressing. Things are very specific. Clients will connect to exactly where you tell them, and there's no room for "and you could do this...." I no longer have the opportunity to even attempt to switch, and since the client base isn't prepared, it won't happen.
I was looking forward to the change. I know there were neat proposals involved. Unfortunately, we were never able to implement it, and most people won't be able to.
Re:The end is nigh? (Score:4, Interesting)
If I, senior tech guy at a large bandwidth customer couldn't get it done, why do we think every home user, T1 user, and average Joe Slashdot User could get it done.
I got it done perhaps because I'm not running a giant network. I set up tunnels from Hurricane Electric [tunnelbroker.net] at home and at work, let our {Free,Open}BSD firewalls announce routes, and started using it. See my home page next to my name? There's no dancing turtle, but you can get to it over either protocol.
One of the huge wins for me as netadmin is that I can stop screwing around with port forwarding just to be able to SSH or make VOIP calls from home to work or vice versa. I'm loving me some end-to-end connectivity again.
Re: (Score:3, Interesting)
I've been thinking about this sort of thing for ages, mostly in conjunction with ponderances on things like interplanetary news.
Between Earth and Mars, you can't FTP - the RTT is so long that the protocol-specified maximum timeout expires before a response can be returned to you. Obviously loading up a web page would be a senseless waste of time. We would need a way of transporting or requesting information in batches in order to effectively communicate things like news between planets.
In my mind, while at
Re:My gut feeling? (Score:5, Insightful)
1) The world is document centric, not IP address centric. I want to access a collection of named documents and services from "slashdot.org". I dont care if these come to me by IPv4, NetBUI, IPX/SPX, Token Ring or Carrier Pigeon. I want to get "slashdot.org" and I want to make sure "slashdot.org" really is "slashdot.org" and not "somephishingsite.com"
So what you're saying is that you have no real reason to be anti-IPv6?
2) "End 2 End" isn't a selling point. I dont want my home network to be publicly visible.
So stick it behind a firewall that blocks incoming connections to all IP-addresses assigned to you unless you allow them?
3) Protocols that route around my desire for #2 succeed. All good P2P clients support UPnP. 3.1) Protocols that do not work with my desire for #2 fail. See Active FTP and the failed or failing IM networks and IM software that do not transfer files over NAT.
So, you'd rather have ugly workarounds than see the internet work the way it's supposed to work?
4) Those P2P clients are proof that how documents get to me are independent of the underlying link. I have no doubt that BitTorrent could be easily adapted to operate as a wire protocol on 802.11g or on top of IPX/SPX.
See answer to #1
5) If (and a big one) IPv6 got any traction, smart entrepenuers will began creating new services or modify existing ones like BitTorrent to operate and bridge IPv4 and IPv6. Really smart ones will most likely realize that once they abstract TCP/IP out of their design, they can do other "fun" things like implement their file sharing network directly over WiFI or some other mesh type network.
Have you even heard of the OSI model? Why in god's name would you want to have a Layer 3/4 P2P protocol? That's what TCP and IPv4/IPv6 are for.
/Mikael
Re:My gut feeling? (Score:5, Insightful)
I've noticed that most technical people pass through a phase where they want to do everything themselves, where writing to the bare metal is cool. We've all had that urge at one time or another. It takes a certain amount of humility and world-weariness to realize that there's plenty of good work that's already been done.
You know what would help? (Score:5, Insightful)
If people could actually get IPv6 service from their providers instead of having to route everything through congested tunnels, THAT would help.
Wait... (Score:3, Funny)
Let me get this straight... It's not a truck?
Re:Wait... (Score:4, Funny)
Let me get this straight... It's not a truck?
No it's like a truck, except you can't dump stuff on it like it's a big truck.
Re:You know what would help? (Score:5, Informative)
Re: (Score:3, Interesting)
If people could actually get IPv6 service from their providers instead of having to route everything through congested tunnels, THAT would help.
Myth: We need IPV6
Fact: PITA to use IPV6 so we use IPV4
There isn't really a shortage of IP addresses at all. There is an extreme waste of IP space.
Case in point, take China squandering class A after class A (x/8). Why not just NAT the typical home users? Could do the same in Chicago, NY, California and London too. I know businesses that still have /16 spaces when in fact a /24 would do. And any business today using network routable addresses internally, well, their incompetence shines through. 10/8
Re:You know what would help? (Score:4, Insightful)
any business today using network routable addresses internally, well, their incompetence shines through. 10/8, 192.168/16 and others, plenty of space
This is all well and good until you're setting up VPNs with your business partners; and if you're a large business, you not only use a lot of private address space, but you also have a lot of partners.
But that's okay, you can just renumber your entire network every time you find you've chosen the same private addresses as the company you're doing business with. Or you can set up some crazy NAT scheme so you can pretend they're on a different address space, giving you a whole new set of problems.
You're right in that the cost of actually changing to IPv6 right now far outweighs the cost of working around the problems caused by the limited address space, but it sure would've been nice if we'd had longer addresses from the start!
Reasons. (Score:5, Insightful)
The biggest reasons:
And probably many others. The bottom line is that right now today, there isn't a 'killer app' for IPv6.
Re:Reasons. (Score:5, Insightful)
Interestingly, Apple's AirPort Extreme/Time Capsule firmware does support IPv6 as local-link only, an IPv6 node, or tunnel to IPv6. It also includes an IPv6 firewall supporting incoming IPSec authentication and Teredo tunnels (to get through NAT).
Apple owns more than 10% of the retail WiFi N router market according to NPD [roughlydrafted.com].
Mac OS X, XP and Vista all support IPv6, but having support in the router is the important part. Enabling a significant percentage of users to flip on IPv6 and tunnel right through their legacy ISP is already possible. IPv6 just needs a killer app.
How about authenticated web apps? IPv6 secures traffic from the user to the cloud. That's something Apple has reason to push with MobileMe: "look at us, we have IPv6 security."
Look at what Apple's doing with Back To My Mac to support authenticated connections using Wide-Area Bonjour Dynamic DNS lookups. This could be done via IPv6 using direct addressing. Apple will end up selling more routers, MM subscriptions and IPv6 will get its foot in the door for others to use.
Will the iPhone Meet its Match from a Modern Day DOS? [roughlydrafted.com]
Re:Reasons. (Score:4, Funny)
I know I can't get IPv6 here. I've called my local cable company (CableONE) and they told me "Oh, that's not being implemented in the US. That's over in Asia."
But I must say that many new consumer routers advertise IPv6.
Re:Reasons. (Score:5, Informative)
There is a killer app, It's called
news.ipv6.eweka.nl
It has 120 (!) days retention, and comes to you at gigabit speed.
All for FREE if you use ipv6.
Re:Reasons. (Score:5, Insightful)
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
What's the downside? (Score:3, Interesting)
Between tunnel brokers [wikipedia.org] and 6to4 [wikipedia.org], really all of us who manage servers should have them on IPv6 in addition to IPv4. What's the downside to being ready?
Re: (Score:2, Funny)
Never do a job now that can be done tomorrow, never do a job that can be done on thursday tomorrow.
Re:What's the downside? (Score:5, Insightful)
What's the downside to being ready?
Because it's work. Work takes time. Time is money.
A certain product at a certain company (forgive my being vague, you know how these things are) has a network interface. This interface is currently IPv4 only, no IPv6 support. When anybody asks the design team why not, they say that no customers have asked for it. Somebody suggested that IPv6 was the sort of thing you want to support ahead of need, but these guys have a lot of deadlines to meet and not enough resources to meet them. They aren't about to spend time implementing features nobody's asked for.
Of course, the time will come when their customers realize they've put off changing over to IPv6 much too long, and will start crash programs to make it happen. They'll demand that this product start supporting IPv6 immediately, if not sooner. So the design team will begin their own crash program, and IPv6 support will be added to the product in a hurry. The implementation will probably cost more and be less robust (at least initially) than if they'd planned ahead.
But they have no incentive to plan ahead. It's a common pattern.
Mod parent up. (Score:3, Insightful)
And don't forget that it is one more thing that can go wrong.
Remember, you ALWAYS run the MINIMUM on your servers. If you don't absolutely need IPv6 today, then don't put it on.
Re: (Score:3, Insightful)
I don't really understand what your saying. IPv6 works perfectly fine on local networks for consumers. If ISP's implemented IPv6 coming out of cable modems and DSL bridges we could turn off DHCP and NAT effectively turning the home routers into level 2 switches. IPv6 works perfectly fine at level 2 (mac addressing). If they can't convert the cable modems and DSL bridges then they could just distribute a software package to install a 6to4 tunnel to their IPv6 network.
I actually looked at the issue, it's
So if IPv6 is a water contaminant.... (Score:5, Funny)
It is obvious (Score:3, Interesting)
Re:It is obvious (Score:5, Funny)
99% of IPv4 traffic is bittorrent.
Coincidentally, 99% of percentages seen in Slashdot comments are made up on the spot.
Uh, no, bad comparison (Score:2)
Not quite totally dissimilar to a good comparison.
The allowed amounts of dioxin, TCE, and many other chemicals is down in the parts per billion. So the comparison is off by about five powers of ten.
Not needed. (Score:3, Interesting)
Well at least not right now. With more allocation of IPV4 address we wouldn't be needed anytime soon. The company I work for has 56 public ip address for 3 webservers. The other 53 address are not even used, they are just parked for future use. If I was allowed to set the servers up the "right" way I wouldn't even need 3, just 1.
Re: (Score:2, Informative)
There should be a karma hit for not using the preview button. It should be -1, Dumbass.
That second line should read "With more intelligent allocation of IPV4 address we wouldn't be needing IPv6 anytime soon
Re:Not needed. (Score:5, Insightful)
Why is everyone so eager to use NAT? I've never quite understood this, once NAT use became widespread things became a lot more problematic, in my first year of college all the workstations in the computer labs (Ultra 5s and older Sparcstation 5s) had public IP addresses and the ISP I used gave all 10 Mbps customers 5 public IP addresses. I've recently started taking a few college courses again, the uni's labs are all NATed (so you can't access /tmp or /var on workstationname-57.lab04.cs.unidomain.tld from home any more, you have to dump the files on your NFS mounted 150 MiB home dir and then access that, great fun) and my current ISP gives each customer ONE public IP address, but I suppose I should consider myself lucky for not being NATed...
Seriously, we need to move back to an internet where a machine connected to the internet can almost always be assumed to have a proper, public, IP address. It would simplify a lot of things. Also, any trolls pulling out the "yuo cant has teh firawalls withouts teh NAT!!!11" crap can please not respond to this as packet filtering does not in any way require NAT. (Not directed at parent post, just tired of trolls and ignorant fools always using that argument).
/Mikael
Re: (Score:3, Insightful)
Very simple. I have zero interest in granting public IP's to my private home network. Not even for security reasons. My home devices and my address scheme are really just nobodies business.
Another reason people NAT is for address portability. There is *still* no way for small fish to get a IP that isn't bound to their provider.
The "Anti-NAT" crowd are just like the "never use tables" or "semantic web" or "console forever" crowd. They are all religious zealots with far to much time on their hands.
Re: (Score:3, Insightful)
What the hell? Did routers and firewalls all up and disappear with the advent of IPv6?
Re: (Score:3, Insightful)
I believe that to many people they never existed before (or without) NAT, they've just come to assume that NAT == "Hardware firewall" and no amount of explanation that packet filtering worked just fine for everyone before NAT came into widespread use seems to change their minds, it always comes back to "But, but, someone might see my computers...".
/Mikael
Re:I existed before NAT (Score:4, Informative)
And yet they're more secure than NAT, which you do trust?
Ever wonder how you're able to receive calls on Skype through NAT? I'll give you a hint: your network is not terribly private behind NAT ;). Private from TCP packets, sure, but NAT has to be incredibly stupid when it comes to UDP.
If you want to keep your network private, you should get a firewall that keeps your network private. NAT does not do that, but there are a lot of firewall implementations that will.
In short, when it comes to security, public IP + firewall > NAT.
Re: (Score:3, Insightful)
I still dont buy it. Sorry. It just feels so natural to place my network on private, publiclly unprofitable address that I feel it is insane not to. It is so damn intuitive to me, and probably alot of other people--it feels like a violation of our core being when we let our personal computers sit out on the big bad internet.
The "NAT is evil" argument just doesn't sit right. Sure it causes some pain, but only in stupid protocols that don't know how to use UPnP or do stupid things like active FTP.
If you c
Re:I existed before NAT (Score:5, Insightful)
If people like you ran the world, we'd still be afraid of using fire to cook meat, or of sowing grain to produce wheat. Fortunately, the world is usually run by people who apply reason.
The OP is right. Packet filtering has nothing to do with NAT, and it's only your paranoia (or trollishness) that's preventing you from seeing that.
Re: (Score:3, Insightful)
By far the biggest hole on your network is all the software you're running on your computers
Only because I've taken the steps to plug up the obvious stuff like making it almost impossible to route *into* my network. Now the attacks have evolved to work around the firewall/NAT.
probably much of it un-audited and capable of sniffing your "private" network
Audited, yes, but all of my computers are wide open and password free to improve the human factors like, say, the lady getting her pictures off my computer from the laptop (vista does act smart about this, btw, it keeps tract of the network you are connect to and can let you open or shut your "doors" based on your access poi
Re: (Score:3, Insightful)
You gonna use your ISP's proprietary block of IP addresses to number your corporate lan? You want every computer in your office to rely on your ISP not switching their IP addresses, not going bankrupt, etc? No thanks. On IPv4 and IPv6, the only way to ensure you dont have to renumber your intranet because of the whims of your ISP is to use private IP addresses.
Re:Not needed. (Score:4, Informative)
IPv6 has a feature that allows an admin to renumber an entire network quickly an easily.
See RFC2894
Re: (Score:3, Interesting)
Isn't this a problem with IPv4 renumbering also?
I've been through several internal network renumbering projects to go from globally routable to rfc1918 and also from one 1918 space to another in the case of merger and acquisition.
I would definitely use IPv6 router renumbering to help automate the process but it doesn't mean I don't need to understand the network flows either way.
Router renumbering lets you perform an add prefix operation to get both prefixs in use. Then you update DNS and wait for sessions
How many sites can you reach? (Score:3, Insightful)
measuring the percent of traffic is not very reliable. Thats like saying how much internet traffic is used for Vonage, or Slashdot.
More importantly, how many sites can be reached via IPv6? How many publish AAAA addresses in DNS? How many ISP's can route IPv6? I know that there is tunneling for running over IPv4, how much of that 99.99% of traffic might be doing that?
Makes me happy (Score:5, Interesting)
It may be just me, but I always felt IPv6 is a solution looking for the problem.
There is a reason IPv4 is so well entrenched. Other than availability of software, hardware and services, it is convenience of handling IPv4 in all those things. This is what permits developers to create all those wonderful products, administrators to effectively administer them and users to enjoy them. A primary reason to that is IPv4 address size - it is 32 bit which is natively handled by all current hardware, and easily remembered by humans (short term) in its quad decimal form.
IPv6 has neither of these features. It is difficult to deal with in software (I know, I do this for a living), does not fit into any native data type (and won't until we move to 128 bit architectures - which does not seem to be very soon), cannot be remembered or used by a human (so effective administration requires magic automatic tools), does not give itself with any convenience to routing related data structures (like radix trees). All this for dubious benefit of addressing directly (in non-hierarchical manner) of every toaster in the world. This is directly opposite to the way the Real World operates (i.e. your home has an address, but noone gets to talk to your toaster directly without going through you first.
If I were solving this, I'd suggest separate and non-directly routable IPv4 address spaces for separate countries (and, perhaps, for other entities). And lots and lots of NAT or proxying. Of course that is kind of what is happening anyway.
China would be happier that way too. In case of cross-border cyberattack, just cut external links and your country is self-sufficient and interconnected :)
Anyway, I am ready to bet some cash that IPv6 will never become a major transport protocol.
I know I will do whatever I can to keep it far far away.
Re:Makes me happy (Score:5, Informative)
It may be just me, but I always felt IPv6 is a solution looking for the problem. [..] And lots and lots of NAT or proxying.
And NAT is a problem masquerading as a solution.
Anyway, I am ready to bet some cash that IPv6 will never become a major transport protocol.
I know I will do whatever I can to keep it far far away.
And I'll keep on enjoying all the free services people provide for IPv6 enabled hosts.
Re:Makes me happy (Score:4, Insightful)
And NAT is a problem masquerading as a solution.
That depends upon your point of view. As the parent said (or at least alluded to), very few people have more than a handful of servers which need to be addressable from outside a private network [wikipedia.org] and fewer still have more than 255 (class C). Indeed, large portions of the existing address space are being wasted or not used efficiently already so why should I spend a dime to upgrade my equipment simply because other people are wasting addresses or are deluded by the relative importance of their toaster compared to the rest of the hosts on the public Internet? There is also the convenience (from a security and filtering point of view) with heirarchical centralized control of traffic and routing into one's private network. I don't know about you, but I don't wan't just anyone to communicate directly with the hosts on my private network so for me (and a great many other people as the adoption rate of IPv6 shows) the NAT IPv4 Firewall Router fits the bill nicely.
And I'll keep on enjoying all the free services people provide for IPv6 enabled hosts.
You do that, but don't whine because you cannot connect directly to a toaster on my private network because I choose not to upgrade my equipment. When the upgrade will earn me more money then and only then will I consider it. Until then it is machts nichts.
Re: (Score:3, Interesting)
IPv4 NAT is quite a nice fit for the issue of dealing with lots machines with dubious security wanting to run 'simple' protocols, in a world with limited public addresses available.
Having said that, at least part of the perceived "niceness" is psychological: it puts a real system boundary right at the point where one feels there's a trust boundary (the edge of the local network.) And it's beginning to look (according to Dan Kaminsky, amongst others, and not just since the recent hysteria) like that feeling
Re: (Score:3, Informative)
"[IPv6 addresses do] not fit into any native data type (and won't until we move to 128 bit architectures - which does not seem to be very soon)"
Wow are you serious? Never heard of structs? And we all know NAT is a very annoying 'solution'. I think the real problem with IPv6 is that is isn't sufficiently backwards compatible with IPv4 (hence all that 6-over-4 and 4-over-6 nonsense.
That and it isn't really needed yet.
Re:Makes me happy (Score:5, Insightful)
I usually do not reply to my own posts (or replies to my posts) on /., but this is one area where I think it may actually be important.
First of all, if I were to guess, I'd say that all those who replied while questioning my background don't actually do network development for a living. While I could start beating my own chest about how most of your traffic right now probably goes through something designed by me, that would be beside the point (and noone knows you are a dog on the Internet :) ).
That said, a few points specifically.
1) "Never heard of structs?". Structures are orthogonal to the size of IP addresses. You can represent IPv4 address as a structure (as original in_addr used to do, exactly because not all hardware supported 32 bit natively). You could do the same with IPv6 (or you can simply stuff it into 16 sequential bytes). What won't change is ability to perform operations directly on the data type. :) ). This is inefficient, prone to error and makes code less maintainable.
You can natively compare two v4 addresses by using a == b (which will translate into a single assembly instruction). You cannot do that on a 129 bit data item. Your choices are - memcmp, or defined operation (compare first 4 bytes, then next 4 bytes, then next, then next
2) Radix trees. Sure, anything can be stored in a radix tree with appropriately long prefix or appropriately large number of nodes in a prefix. What can't be done, however, is keeping this tree in memory (given current device and system memory sizes, which are in low gigabytes to a few dozen gigabytes). This problem is exacerbated by the fact that IPv4 address space is very compact of necessity (not too many holes, and everything is neatly CIDRed together), whereas IPv6 is of necessity full of holes (and designed to stay that way).
3) Performance is a relatively minor consideration in this.
As far as NAT goes - I firmly believe that solutions (in technology and elsewhere) are of two kinds - "organic", i.e. borne of and supported by needs and circumstances, and "artificial". Organic solutions are not always streamlined or pretty. Humans are a good example. A rock of salt is pretty darn inorganic (though I wouldn't want to stretch this analogy too far :) ) NAT is the former, IPv6 is the latter.
Re:Makes me happy (Score:5, Insightful)
While I could start beating my own chest about how most of your traffic right now probably goes through something designed by me, that would be beside the point (and noone knows you are a dog on the Internet :) ).
I don't know if you're a dog, but I do know that you haven't designed recent hardware, or you'd know that:
If you like simplicity and elegance and performance, you'd love IPv6.
Re:Makes me happy (Score:5, Insightful)
1. Not too many processors allow you to handle 1-bit or 4-bit structures, of which the IPv4 header contains many. The difference is the direction, not the direct handling.
2. Since IPv6 should have fewer exceptions to general cases, the number of nodes in the radix tree should be significantly lower, so giving you a net save.
3. Performance is so unimportant that IPv4 latency is one of the biggest things people loath and despise about IPv4. ATM is hardly a decent protocol, the payloads are absurdly small, but the latency is almost non-existent. As grids and clouds increase in usage, network latency is going to be the only latency that people will care about.
Re:Makes me happy (Score:4, Insightful)
You (and many people) are so accustomed to NAT you don't even see how wrong it is.
There is nothing really difficult to use IPv6 address instead of IPv4. Writing (or even using) a network application having to deal with NAT is a real pain.
Re: (Score:3, Insightful)
Re:Makes me happy (Score:5, Insightful)
If I were solving this, I'd suggest separate and non-directly routable IPv4 address spaces for separate countries (and, perhaps, for other entities). And lots and lots of NAT or proxying. Of course that is kind of what is happening anyway.
Eww. Lots of room for bugs and weird feature interaction in the design of protocols that have to punch through NATs, either that or everyone has to role out new helper modules / ALGs each time some wizzy new app is invented.
IPv6 is really a clean-up job. Combing the complexity back out of the network has got to be a win for reliability, ease of administration, and perhaps even security. I'm in favour, though I have to say I'm doubtful about it happening any time soon.
I think the most optimistic scenario is this: when IPv4 exhaustion hits, particularly in countries that have to yet to have their internet 'boom' and so will have a very low number of existing addresses per capita, obviously some sort ISP side NATing is going to be required. People may decide that they might as well implement IPv6 and TRT [wikipedia.org] anyway, particularly if they're deploying new hardware / software combinations (netbooks? set-top boxes?) and so can dictate IPv6-readiness. Hopefully once sufficient numbers of IPv6-only nodes are out there, it'll seem worthwhile rolling out IPv6 on servers.
The alternative, ultimately, is people auctioning off tiny IPv4 address blocks and exponentially bloating routing table sizes, or a horrible twisty unreliable world of multiple NAT or ALGs, where net neutrality is a quaint concept consigned to history ..
And yes, printable IPv6 addresses are ridiculous. Admins will have to get used to trusting DNS (or /etc/hosts) when configuring stuff .. :)
Re: (Score:3, Funny)
dont be so hard on him, you know how different it is to do prefix based forwarding with a radix structure on a 8-64 bit prefix instead of a 8-30 bit prefix?
Re:Makes me happy (Score:5, Informative)
One of the key features of ipv6 is simplified routing (it was pretty much the #1 design improvement), so the amount of processing routers have to do goes way down, in spite of the higher bit count.
Please read the first page of this:
http://en.wikipedia.org/wiki/IPv6 [wikipedia.org]
and of course more if you are seriously interested.
How to really accelerate the migration... (Score:5, Funny)
Re:How to really accelerate the migration... (Score:4, Insightful)
Make all porn only reachable through IPv6.
Did you check the post above you? [slashdot.org]
From the post's link:
We're taking over 100 gigabytes of the most popular "adult entertainment" videos from one of the largest subscription websites on the internet, and giving away access to anyone who can connect to it via IPv6. No advertising, no subscriptions, no registration. If you access the site via IPv4, you get a primer on IPv6, instructions on how to set up IPv6 through your ISP, a list of ISPs that support IPv6 natively, and a discussion forum to share tips and troubleshooting. If you access the site via IPv6 you get instant access to "the goods".
Unfortunately, that won't work, because it's not aimed to the industry. The ones who decide whether the public will use IPv6 or not are the ISPs, and better internet access is definitely NOT in their agenda (Hellooo Comcast!).
Solution looking for a problem (Score:2, Interesting)
Also, most of the world is using Windows XP. Can you show me where in my TCP/IP settings panel I am supposed to enter my IPv6 information? Exactly.
Re:Solution looking for a problem (Score:5, Informative)
Also, most of the world is using Windows XP. Can you show me where in my TCP/IP settings panel I am supposed to enter my IPv6 information? Exactly.
You don't. As is the benefit of IPv6, if it's installed it should be automagically configured. It shouldn't require manual configuration.
It also comes with a host of problems (Score:3, Interesting)
A simple one is just dealing with IP addresses. Not too bad to remember an IPv4, especially since in a given network most addresses are largely similar. An IPv6 one is rather more difficult, and much of the self similarity is gone since the MAC is embedded. Thus you have to start to have better management to deal with the numbers.
A bigger one is the cost of replacing high speed routers. Real high end gear tends to do things in ASICs. It's really the only way to achieve the speeds that people want. Doing it
Maybe it's like all the other "in 20 years" stuff (Score:3, Funny)
We'll be using IPv6 to run our fusion powered, flying cars to go to the moon [slashdot.org]?
Why bother? (Score:4, Insightful)
; > DiG 9.3.4-P1 > slashdot.org AAAA
; (1 server found)
slashdot.org. 3149 IN SOA ns-1.ch3.sourceforge.com.
hostmaster.corp.sourceforge.com. 2008080600 14400 1800 604800 3600
Go figure. This is why IPv6 isn't taking off and a pox on anyone who says otherwise. Trying to blame sysadmins for not deploying IPv6 is a downright insult. We're ready, Slashdot. Google's ready. A whole raft of other sites have connectivity and are ready. Looks like you're not.
So how do I switch to IPv6? (Score:5, Interesting)
I'm actually in one of the rare areas that have more than one ISP. We have three available here. Our current ISP doesn't implement IPv6, so I can't use it. I checked with the other two. Neither of them allows IPv6, either. None of the three admits to any plans to implement it.
Most people have only one ISP, of course. What incentive does that ISP have to permit IPv6? I mean, here where we have three ISPs, none of them has an incentive to do it.
I don't see how we can ever switch to IPv6 until the ISPs stop dropping all IPv6 packets, and start forwarding them properly. And that clearly ain't gonna happen without a bit of "government regulation" ordering them to do it or else. But with the current political setup here in the US, that ain't gonna happen, either.
Anyone have any idea how to persuade the ISPs to come around?
They both suck, but IPv6 has no excuse. (Score:3, Interesting)
Both IPv4 and IPv6 suck. IPv4 sucks because it should have been just: dest-address, source-address, ttl (byte), flags (byte), size (short). 12 bytes instead of 20. IPv6 sucks because it wants to be too much and at the same time, simply isn't modern enough. How's about variable length addresses (my home network needs only 1 byte) ? How's about flags that say something about the scope of the packet (I don't want these packets to make it accross a router; I wouldn't have to spec certain address 'areas' as 'special') ? Why drop ARP (really, it was just fine) ? What's with the f^@%ing jumbogram (4 gigabytes of payload ? What concentrator is going to cache 4 gigabytes of payload ?) ?
If you think it doesn't matter (Score:3, Insightful)
To the MANY who think a few nat devices makes it all better, please think again.
For one, most ISPs for home service already only give out 1 IP and we're still running out. Do you want your NAT to be behind another NAT (that you cxan't configure port forwarding on)?
Virtual servers don't help a lot either. Believe it or not, not everything on the net is a web server. Do you want to discover in a few years that you CAN NOT get a colo box hosted, but you are free to get a "virtual" home page on a one size fits all web server?
Unless IPv6 deployments get a lot more common, the other choice is to colo in IPv6 where perhaps one in a million people can even actually connect to it.
While we're not out of v4 addresses yet, actually getting a block from ARIN has become increasingly difficult unless you're AOL, Comcast, etc. Years ago, you could just ask for a class C and receive within a day. Now, you have to send in increasingly detailed "justifications" and they are increasingly likely to be found "insufficient". Next I suppose you'll have to include the results of your last colonoscopy as well. New customers want IP assignments NOW, but ARIN doesn't want to give them out until you can prove you have a current need for them. That pretty well assures that only large providers will be in the running. Don't you prefer a net where there are small and more responsive providers out there? Perhaps some who are a little less quick to automatically yank your site down if the *IAA grumbles that one file might be copyrighted?
As for why so many addresses this time rather than just adding an octet, consider that v6 has been specified for 10 years now and the adoption is pitiful at best. Do we really want to be right back here again in 2018?
Part of the freedom of the net is inextricably linked with the ability to get an IP address to be on the net with. If you don't want net access bottlenecked and controlled more than it already is, you should support a move to IPv6.
Re: (Score:2, Funny)
Comment removed (Score:4, Funny)
Re: (Score:3, Interesting)
Ever read mythical man month? IPv6 is a textbook example of the second system effect.