IPv6 Adoption Up 300 Percent Over 2 Years 425
Mark.J - ISPreview writes "The Number Resource Organization, which is made up of the five Regional Internet Registries, has revealed that the rate of new entrants into the IPv6 routing system has increased by 300% over the past two years. The news is important because IPv4 addresses (e.g. 123.23.56.98), which are assigned to your computer periodically, are running out. IPv6 addressing (e.g. 2ffe:1800:3525:3:200:f8ff:fe21:67cf) was invented as a longer and more secure replacement." IPv6 is still gaining ground slowly, particularly in the US.
what's that ip address? (Score:1, Interesting)
Re:That looks silly.. (Score:3, Interesting)
The way it actually looks, why not just use MAC addresses?
IIRC, it does. I thought it appended the MAC address to the first part of the IP, and the second part is assigned(statically?) by the DHCP(?) server.
Re:IPV4 addresses are NOT running out (Score:2, Interesting)
rewrite? What world are you living in where you didn't already have to do that? The corp where I work has a huge number of ip4 addresses, and we actually average about 1 per business unit...That's not even 10% of our assigned ips. Even if we wanted to put more things directly on the net, we'd never be able to afford the corporate mandated security architecture for every exposed machine.
Sounds to me like you're the one living in hobby-land. Most machines don't need an externally accessible IP.
Re:IPV4 addresses are NOT running out (Score:3, Interesting)
There's no reason every person on earth needs an IP. Nat+uPNP is perfectly capable and 100% backwords compatible.
Yeah, unless you still hold out hopes that the internet could live up to its original promise of being a network of peers, where a person's home computer could be their server when they are out.
Throwing people behind ever increasing layers of NAT erodes the functionality of the internet. If your goal is simply to disprove that IP addresses are running out, that may be acceptable. If you don't want to turn the internet into a series of essentially uni-directional gateways, then it isn't.
I want a static IP. And it's not even an unreasonable request, we have the solution right here, it's just going to take time to get adopted. So what's yer beef?
Re:up 300%? (Score:5, Interesting)
Make it work! (Score:3, Interesting)
I seriously considering setting up my internal network for IPv6 and trying to get connected to the web via IPv6, but ran into so many roadblocks that I just gave up.
It's no wonder adoption is so slow if this is the way things are.
The potential of IPv6 is kinda scary. (Score:5, Interesting)
And everyone who's a network admin knows that it is.
You're right, 100%, and I fully support IPv6 adoption end to end, because I know managing port assignments is a pain in the ass for non-UPnP compatible apps, and the problems that NAT has created. Even more absurd is the solutions to those problems (e.g. Skype-style) that are more like hacks than fixes.
NAT has created a very lazy fix to the problem of network security and filtering. If you're behind NAT, you're not addressable unless UPnP or an explicit port forward does it for you, and that's extremely convenient.
In a situation where every single computer in a network is internet addressable (something not always desired in business, which is probably the reason IPv6 adoption is so slow), you have to implement a very strict firewall to block and filter unsolicited traffic to those machines. If you're NATing them, as long as your network is physically secure, you don't have a problem.
This puts a lot less stress on network security than there should be in a business environment, and much less attention to what should or shouldn't be allowed through a local firewall, let alone a site firewall.
I'll stop ranting, but the point is that NAT has created an artificial deficit of proper network security, and I fear that when IPv6 becomes ubiquitous, NAT will linger on as a replacement for real security. The skills required to secure a fully addressable network of machines simply aren't needed in the majority of current environments because making every host in a network internet addressable today is simply not an option.
Re:IPV4 addresses are NOT running out (Score:4, Interesting)
Or intelligently design protocols to assume that not everyone has a direct IP back to them? In the early days of online gaming, one had to forward easily a half-dozen ports (UDP, and maybe 3 ports TCP) to play online. These days, it's normally 1 UDP and 1 TCP port, if that.
IPv6 won't change any of the issues seen with NAT. At best, you'll have a firewall blocking incoming connections to all but a single IP (the system providing the gateway and firewall), so you'll juat have huge spaces of IPv6 addresses that are unreachable anyways. So your toilet might have a real live IPv6 address, but it's not reachable outside the local network anyhow. Heck, that gateway may very well perform NAT on IPv6. To assume all the issues with NAT, firewalls, etc, go away magically by using IPv6 is naive - they're still going to be around. At the minimum, there's going to be firewalls up, and apps will still have to request people poke holes in it somehow. Most likely, nothing will change.
Despite having all these addresses available to them, most ISPs will probably just offer the user 1 or 2 IP addresses (though, an IPv4 and IPv6 address), and charge them an extra $5/month for another one. Or maybe they'll get a clue and give them a pile of addresses, to which the user will probably just stick a router in and use 1 address. And might as well stick all the machines behind it in the private address range anyhow.
IPv6 is important because we're running out of addresses (or some countries already have). But unless the protocol mandates things like evil bits and other junk, people are still going to put up firewalls, NAT-based routers, etc, and we're really just going to end up in the same situation we're in now. Everyone talks grand of "even your toilet can be connected", then it just takes someone to say "well, if it is, I don't want people to hack into it". IPv6 won't save us from buggy exploitable services, spam, OSes with poor default security, etc. The only thing it may save us from is that portscanning blocks of IPs got significantly harder, but botnets are good for that sort of thing. Heck, even exploits have seemed to work around the fact that a good chunk of people are behind a firewall.
Re:IPV4 addresses are NOT running out (Score:3, Interesting)
That only works so long that:
1. You're the only one who has this problem. Doesn't work when two other people are also going to share a connection.
2. You can convince everybody that they move to your server. There can be a serious hassle in getting maps, mods, patches and so on set up.
3. Your connection has enough bandwidth and low enough latency to work as a server.
I shouldn't have to deal with this nonsense. Without NAT everybody could just connect to everybody else and the problem wouldn't exist.
Phone numbers are NOT running out (Score:4, Interesting)
There's no reason every person on earth needs an IP.
There's no reason everyone needs their own phone number, either. In the old days, several houses shared the same phone number. Calls were distinguished by different rings. They got along just fine with that.
Re:IPV4 addresses are NOT running out (Score:2, Interesting)
Sounds to me like you're the one living in hobby-land. Most machines don't need an externally accessible IP.
You're precisely correct. However, this problem has nothing to do with externally accessible IP addresses. It's about connectivity and global uniqueness.
Let's say that I run the network for small company A. We used 10. private addresses for our network layout. My company get's bought by slightly bigger company B, that also uses 10. address space for their network. In all likelyhood, we're going to have address conflicts. So, I have 3 choices for integrating the 2 networks:
1. Renumber company A
2. Renumber company B.
3. Employ some kind of odd-ball double-NAT solution that makes both companies appear to have unique addresses from the other's perspective.
You can very easily see that the lack of globally unique IP addresses in this situation has created a huge mess that takes a lot of time and money to resolve. If both company A and company B used globally-unique IP address (v4 or v6!), this would have never been a problem. And both companies can very easily hide internally accessible and externally accessible hosts via routing and firewall policy.
In the company I work for, we deploy a VPN solution to allow 2000+ data gateways to connect to us to deliver data. Because each data gateway resides in a unique network often addressed via non-routable IPv4 addresses, I can never trust that the VPN IP that I assign to this data gateway will not conflict with the local network on which this is deployed. So, I got globally unique addresses from ARIN to do it. Guess what? I don't even advertise that route over BGP to the public internet! I only route it via my local AS. When people gather statistics by IPv4 usage, consider that there are quite a few of us who need globally unique IP space, but will never route that out publicly.
IPv6 is designed to provide a global pool of unique addresses so large that everyone can have a globally unique addresses, regardless of how one wishes to use it. This means that networks become an issue of connectivity, not one of address management.
The IPv6 working group almost got caught up in NAT mania: They initially created a reserved IPv6 space called "site local", which was designed to be treated in the exact same way as the current private address space. On further consideration, though, the working group decided that any "private" addresses are just silly and create more headache than what they are worth. The concept of "site local" simply means "I'm not going to advertise this route publicly". If you don't want to advertise your network over the public Internet, then just don't. Take your globally unique space and have fun with it.
Re:How IPv6 will happen, and why it hasn't yet (Score:2, Interesting)
I submitted this as an Ask Slashdot some time ago and it was rejected, but I'd really like opinions on it:
How much of a problem/obstacle to adoption is the need for humans to deal with a 128 bit address?
I can deal with xxx.xxx.xxx.xxx in my head where most of the x's are the same all the time, but yyyy:yyyy:yyyy:yyyy:yyyy:yyyy:yyyy:yyyy is simply too much.
Is it such a pain to deal with such long addresses that admins who would be configuring v6 "just because" don't? Those of you who have v6 networks, are there automated tools that keep you from ever having to key in an address, do you have the address range printed on your t-shirt, or what?
Would it have been better to use a smaller (40? 48?) bit range, and perhaps supplement that with an "extension" mechanism that could be appropriately sized for the network involved?
Re:IPV4 addresses are NOT running out (Score:4, Interesting)
The problem with IPv4 isn't really that we're running out of addresses, although that could become an issue in the near future. No, the problem is routing. Reallocating the remaining IPv4 addresses would mean abandoning any presence toward maintaining hierarchical subnets. High-level routers would need to know where to send packets based on not just the /8 or /16 prefix, but perhaps /24 -- or worse. That's potentially millions of additional records in every router, when we're already having trouble with an explosion of routing-table entries. IPv6, on the other hand, has enough bits in just the upper (network) portion of the address (/64) to permit purely hierarchical routing to the ISP level, which means that the routing tables become far simpler. There's no need for each router to know about dozens -- perhaps hundreds, or thousands -- of minuscule disjoint subnets serviced by each ISP.
The other advantages of IPv6, such as improved security and access to a routable /48 subnet for each local network, are merely bonuses. The routing issues alone are sufficient justification to migrate.