Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
The Internet

Why You Shouldn't Worry About IPv6 Just Yet 425

Posted by CmdrTaco
from the more-worried-about-a-sandwich dept.
nk497 writes "While it's definitely time to start thinking about IPv6, it's not time for most to move up to it, argues Steve Cassidy, saying most can turn it off in Windows 7 without causing any trouble. Many network experts argue we're nearing network armageddon, but they've been saying that for years.'This all started when Tony Blair was elected. The first time. Yep, that's how long IPv6 has been around, and it's quite a few weeks ago now.' He says smart engineering has avoided many of the problems. 'Is there an IPv6 "killer app" yet for smaller networks? No. Is there any reason based on security or ease of management — unless you're running a 100,000-seat network or a national-level ISP — for you to move up to it? No. Should you start to do a bit of reading about it? That's about the stage we're truly at, and the answer to that one is: yes,' he says."
This discussion has been archived. No new comments can be posted.

Why You Shouldn't Worry About IPv6 Just Yet

Comments Filter:
  • Beware (Score:4, Interesting)

    by Un pobre guey (593801) on Wednesday August 18, 2010 @01:18PM (#33290772) Homepage
    Word on the street is that some major cable/internet providers and content delivery networks (CDNs), and I do mean major, are quickly moving to get limited availability online to major customers within the next 12 months or so, and general availability by early- to mid-2012.

    Procrastinate at your peril.
  • Re:I have read it... (Score:0, Interesting)

    by Anonymous Coward on Wednesday August 18, 2010 @01:27PM (#33290880)

    Part of the problem here is that some people don't realize that NAT != Firewall. Because NAT happens to prevent certain kinds of packets from getting to a system inside the NAT appliance, a lot of people think that is the only way to do a firewall. Just wait for the hue and cry when they try to phase out well-known ports ...

  • Re:Excuse me? (Score:5, Interesting)

    by Again (1351325) on Wednesday August 18, 2010 @01:32PM (#33290960)
    And here is a nice looking countdown until the moment the sky finishes falling. http://inetcore.com/project/ipv4ec/en-us/index.html [inetcore.com] I don't know how accurate it is but it is fun to watch.
  • Re:I have read it... (Score:3, Interesting)

    by bersl2 (689221) on Wednesday August 18, 2010 @01:36PM (#33290998) Journal

    You can deny all incoming TCP SYN segments and all incoming UDP and ICMP traffic if you so desire, then punch holes at the router's firewall when needed. This will give you essentially the same effect as NAT under IPv4. Also, use the privacy extensions of IPv6, whose random addresses on my machines last for about a day until being replaced, and are valid for incoming traffic for 6 days thereafter.

    NAT is still a cancer upon networking. It partially intertwines mechanism and policy, which is a backwards step.

  • Re:I have read it... (Score:5, Interesting)

    by mlts (1038732) * on Wednesday August 18, 2010 @01:43PM (#33291106)

    The sooner we get to IPv6, the better. If not, if someone wants a static IP, much less a /29 subnet with five usable host IPs, they will be paying through the nose, for it just due to artificial scarcity.

    I just fear that companies are going to spend big bucks for routers that can do NAT traversal (dev subnet gets NATted to another subnet which then gets translated to the outside IP), as opposed to going to IPv6 where one can keep firewalls up and the traffic isolated and secure, but keep NAT is an option, not a must-have. If a company is worried about the IPv6 stack having issues, just use IPv6 as an edge routing protocol and keep the internal network on v4 and use Toredo. Yes, this is still not optimal, but it is better than dealing with having to bid for v4 statics so one can have their own webserver online.

  • by wvmarle (1070040) on Wednesday August 18, 2010 @01:46PM (#33291144)

    Is there really anything to worry about?

    Afaik all modern Linux distros are fully up to the task of IPv6. TFS mentions even Windows can do it.

    At this moment I am connecting my computers to the Internet via a wifi router/firewall - not likely this is going to change. Router is old, may not do IPv6 yet. My ISP also doesn't. But I guess the time will come that ISPs start to switch.

    Will it really make a difference for me as end-user? Is my browsing going faster? Will I get less spam in my mailbox? Will it be easier to find the information I am looking for on the net? Probably none of the above.

    At the moment I know I'm on IPv4 but on a daily basis I don't care as it just works. I don't know my IP address, it's not important to me what it is really. My home and office networks are internally IPv4, wouldn't make a difference if it's IPv6 except that addresses get harder to enter in BIND but that's one-off only. I suppose my uplink there also uses IPv4, not v6. I always approach my web site and mail server by entering an URL, not entering an IP address. Again what would I care? Let DNS take care of that part.

    Don't get me wrong I understand it's time to move on: we run out of address space, soon there are more devices/networks connected to the Internet infrastructure than that there are unique addresses to find them. But from an end user perspective... I say let the ISPs take care of that. It's their job. Get me the connection, make sure your hardware works, preferably understands both IPv6 and IPv4 (backwards compatibility; and mostly it's not broken in the first place), and use on your network whatever works best.

    There is always the talk of IPv6 will give any ISP subscriber a complete range of addresses instead of just one, so you can connect every computer, printer, whatnot directly to the Internet. I don't understand why an end user would want to connect their printer directly to the Internet. Their second computer maybe if they have one (makes torrenting easier) but then you lose the benefit of a hardware firewall in between. Simply because of security for my home network I prefer a single point of entry, not a dozen. Much easier to keep an eye on. So one external IP address is simply enough for most of us.

    So while IPv6 is important for developers and ISPs, for the end user it's not. I totally agree with this Steve Cassidi that it's simply not something to worry about. He says not yet, I'd argue not ever, unless you're developing network gear/software or work for an ISP or so.

  • by Anonymous Coward on Wednesday August 18, 2010 @01:51PM (#33291206)

    If you disable IPV6 on Windows 7, you loose the Homegroup functionality. So "saying most can turn it off in Windows 7 without causing any trouble" is far by a mile!

  • by hairyfeet (841228) <bassbeast1968&gmail,com> on Wednesday August 18, 2010 @02:26PM (#33291712) Journal

    Actually I'd say that in this case "Microsoft has it covered" hits the nail square on the head, and for the reason many here bitch about MSFT in the first place...backwards compatibility. I know lots of folks here like to bitch their asses off about "all the cruft" caused by backwards compatibility, but here is a damned good reason why MSFT has it, because many businesses keep older hardware for quite awhile and MSFT by and large was and is a business OS first and foremost.

    Thanks to backwards compatibility I can give my business customers Windows 7 Pro with XP Mode and that ancient software they use in accounting keeps right on ticking. Thanks to backwards compatibility I can play most of my old games even on Windows 7 HP X64, and thanks to backwards compatibility when IPV6 is the norm those with older IPV4 stuff will be just fine, MSFT has got you covered.

    It is all about picking the right tool for the job. You want bleeding edge? Go with a Mac. Jobs HATES old tech and tosses it quicker than anybody else. Need to squeeze that last point of performance out of that server? Take Linux, strip that sucker down like a used Buick and turn it into a hot rod. Need to be able to run your old stuff as well as the new? Go MSFT, who knows businesses will hang onto older shit much longer than average folks and therefor supports it longer. Considering how many routers we have out there that won't run IPV6 and whose companies will likely never give a firmware update to (why should they? It makes you buy a new one if they don't) I'm all for backwards compatibility.

  • by certsoft (442059) on Wednesday August 18, 2010 @02:47PM (#33291970) Homepage
    I saw a presentation given by the president of ARIN recently on the Research Channel. He predicted that IPV6 and IPV4 will run in parallel for about a decade, so I don't see corporations giving up their IPV4 address space anytime soon.
  • by Vancorps (746090) on Wednesday August 18, 2010 @02:47PM (#33291976)

    That's cute, you think DNS solves his problem. Hate to break it to ya but often in testing you don't want your host to have a name until it's ready for production. Then of course there are times when DNS breaks due to service lockup or someone misplacing an encryption key. It's adding complexity back to a system that is supposed to reduce complexity plain and simple.

    Kind of a moot point really anyway as a lot of network devices don't register hostnames with DNS anyway. I know none of my IP cameras do, although they don't even support IPv6 but they're on a separate network so no big deal. Oh wait, my printers don't register their names either, oh wait, my phones don't either and btw, none of them support IPv6.

    The only place it makes sense in most environments right now is at the edge or in server to server communications since auto-provisioning is vastly simplified. At least a lot of my newer switches support IPv6 management addresses.

    Until all the little nitpicky issues like that are resolved you can expect a lot of legitimate resistance to the adoption of IPv6. A lot of my firewalls don't support it although my newest ones finally do. Firmware upgrades on every device that currently works just to make them work with IPv6 is going to look like a waste of time. We already have an IPv4 address or 12 to the Internet, that means it will be a while before we're forced to upgrade internally.

  • by Anonymous Coward on Wednesday August 18, 2010 @03:02PM (#33292158)

    You can't recycle IP addresses because it's a lot more work then you think it is that could be spent simply putting more machines on IPv6. A lot of router hardware has be set to direct traffic a specific way with those IPs so if it requires changing router settings / hardware anyway what's the point?

  • I agree... (Score:1, Interesting)

    by Anonymous Coward on Wednesday August 18, 2010 @03:27PM (#33292564)

    NAT breaks the end 2 end nature of the network especially when deployed at large scales. There just isn't enough IPs for the numbers of people and devices coming online. Its really not a conspiracy its just basic math. Mobile and the rise of emerging nations is putting more strain on the remaining unallocated IPs today than at any time in history.

    Everyone should have the opportunity to publish data from their machines or host a game server or accept direct connections for data transfers with others. Its about freedom and choice and this does have value to people.

    Its not about NATing your own networks to conserve space within your household or company or overlapping addresses in an internal network. The issue is that when we run out its about a NAT for your whole neighboorhood and you loosing any ability to accept incoming connections period.

    People are exceptionally bad at acting now to avoid problems in the future. The issue is that if you take TFA's advice and wait until it starts to become a problem then and only then start to deploy IPv6 then what have you gained by your procrastination? Another fire to put out?

    ISPs, network equipment vendors and software houses no longer have a choice. Several have already lost sales, market position and future business from being lazy WRT IPv6 deployment as large forward thinking organizations plan resources for the future.

    Privacy extensions WRT SLAAC are avaliable and enabled by default on at least windows vista to prevent the external leakage of local MAC address issue raised in TFA.

  • Re:I have read it... (Score:3, Interesting)

    by Spazmania (174582) on Wednesday August 18, 2010 @03:31PM (#33292670) Homepage

    Having worked for as a software developer for comScore, a major web metrics company, I can tell with absolute certainty that the concerns about anonymity and IPv6 stateless autoconfiguration are neither paranoid nor ignorant. Privacy extensions (RFC 3041) help but they create a problem inside the large enterprise where the sysadmin wants to track his users while denying Internet-based entities the ability to do the same.

  • by 0100010001010011 (652467) on Wednesday August 18, 2010 @03:39PM (#33292784)

    Bonjour (ZeroConf) does do this automatically. Since I just use the bonjour name (server.local, mac.local, plug.local, etc). However the problem arises with Linux when it insists on trying IPv6 first.

    I went out and spread the word about Ubuntu to my girlfriend. The install went ok. But the second she started it up the first complaint was that browsing the web was slow. So I go diggind and find out it's IPv6's fault. Apple's figured out how to make the internet not suck and use both, why the hell can't Linux? Even a cron job once a day, if it can get to google via ipv6 enable it. If not, disable it.

    Until this is resolved I'm definitely not suggesting Ubuntu for any one else, just because I don't want to have to help them solve it or risk them trying to type in some "cryptic" commands on their own. (Not to mention, one suggested method didn't work).

  • by FoolishOwl (1698506) on Wednesday August 18, 2010 @03:46PM (#33292876) Journal

    The v6 address space is an order of magnitude greater than the v4 space, so doing this is a drop in the bucket. That would solve the whole problem.

    Twenty-nine orders of magnitude, if I did the math right.

  • by FoolishOwl (1698506) on Wednesday August 18, 2010 @03:51PM (#33292958) Journal

    IPv6 and IPv4 will have to run in parallel, with most systems using dual-stacking, so a system will need both an IPv4 address and an IPv6 address. So, we'll still need a lot of IPv4 addresses available to manage the transition to IPv6

    If each node has a unique IPv6 address, but it's mostly just routers using globally unique IPv4 addresses, with most nodes using RFC1918 addresses, perhaps it won't be too horrible.

  • Re:I have read it... (Score:1, Interesting)

    by Anonymous Coward on Wednesday August 18, 2010 @04:02PM (#33293128)

    "If you want to use NAT and non-routable IPs for whatever reason, however misguided, there is nothing in IPv6 preventing you from doing so, see also FC00::/7 link-local addresses"

    True, but in reality, very few pieces of network equipment have figured out all the problems with IPv6 in combination of a NAT. There are literally centuries of man years invested in figuring out those problems with IPv4. For example, try using FTP over IPv6 through a NAT or make a phone call with SIP. Good luck. You better have a amazing firewall.

    A *HUGE* fundamental problem with IP standards is that the religous zealots in the IETF have refused to acknowledge that protocols need to work through NATs. They simply ignore the problem and hope it will go away. That leads to broken protocols like SIP that require a masters thesis to figure out how to pass it through a NAT: www.cs.columbia.edu/sip/drafts/Ther0005_SIP.pdf

    If they would just require protocol authors to address the near UNIVERSAL existence of NATs in the corporate world, we'd could avoid man-centuries of future work in the networking field.

  • Just for perspective, a long time ago (late 1970s or early 1980s), I was talking with an IBM support person in Portland OR. According to him over 1/2 of all IBM installations in his area were still running the original DOS/360 [wikipedia.org], which had been EOL'd and dropped from support ten years before. Those folks had stuff that ran fine on their old machines, and saw no reason to upgrade hardware or software.

  • by Bert64 (520050) <bert AT slashdot DOT firenzee DOT com> on Wednesday August 18, 2010 @04:26PM (#33293520) Homepage

    Those PCs will sit there looking for an ipv6 router, effectively the same as an ipv4 client looking for a dhcp server... If there is nothing there to answer the request, they will keep sending it but never acquire an address and therefore never try to use the protocol in question.

    The only time you would ever have a problem is if someone installs a device that answers those requests with invalid responses (eg it advertises an ipv6 route that doesn't go anywhere, which clients then try to use and have to wait while it times out)... The exact same problem could occur if you install a rogue ipv4 dhcp server.

    If your clients only know about ipv4 then they won't be able to access any ipv6 services except via a proxy (you cant nat from v4 to v6 but you can go the other way round). its quite possible to use ipv6 internally, with a gateway that provides a nat-pt service that effectively works just like ipv4 nat, except that the internal addresses are ipv6.

    As a network engineer, you really should already know all of this, although you're already several steps ahead of most of the network engineers i know who don't even realise ipv6 exists.

    When it comes to uses, a lack of conflicting addresses is the biggest use, a lot of small company or individual networks are interconnected via vpn links and MANY use the same ipv4 address ranges, ranges such as 10.0.0.0/24 or 192.168.0.0/24 are popular... it's not uncommon that people have been forced to renumber their home networks because they conflict with the work vpn for instance, and i know companies who have vpn links to other organisations and all kinds of extremely complex nat rules to get around duplicate use of the same internal addresses. V6 solves this by ensuring that everything has its own globally unique address...
    It's also a common misconception that v6 addresses are more open than nat, yes they *can* be openly routable but typically you would configure your internal addresses with a statefull filter to not permit inbound connections and only permit data which is part of already established outbound connections - effectively the same as ipv4 nat but without the extra complexity.

  • Re:I have read it... (Score:3, Interesting)

    by idontgno (624372) on Wednesday August 18, 2010 @04:52PM (#33293866) Journal

    Topology hiding.

    My hypothetical organization is NATted. How many computers are on my network? You can't tell. Or, at least, I'm not just giving away that information.

  • Re:Well (Score:3, Interesting)

    by swordgeek (112599) on Wednesday August 18, 2010 @05:11PM (#33294124) Journal

    Don't know where in the world you are, but...

    I work for an ISP. We're busy pushing HARD to get IPv6 out into the wild. Our first set will be the cable set-top-boxes, then internet cable modems. Internally, we're moving some of our systems to IPv6.

    We don't make money off of selling you IPs, we make money by selling you bandwidth. We limit IPs because we have to (with IPv4). Moving to IPv6 is going to be a royal pain in the ass for us, but we NEED to do it. You "forcing" us is laughable - we'd love to be there already, and we're only not because it's a huge undertaking in addition to our normal day-to-day operations.

  • Re:I have read it... (Score:3, Interesting)

    by Spazmania (174582) on Wednesday August 18, 2010 @05:49PM (#33294530) Homepage

    I was being sarcastic. I know the IPv6 NAT isn't in Linux yet. That was my point. IPv6 will be more deployable once NAT is not only possible at the technical level but also available in the products I routinely use.

  • Not Hard? BWAHAHA! (Score:3, Interesting)

    by billstewart (78916) on Thursday August 19, 2010 @02:12AM (#33298070) Journal

    The problem isn't just your SOHO router, though that's actually a very big problem for ISPs.
    And the problem isn't just ISP and enterprise routers that are much slower at routing IPv6 than IPv4 (the longer address space is a problem even if you weren't using ASICs to do the routing, which you were.)
    And the problem isn't just application systems like MySQL that don't have native IPv6 address handling APIs.

    Think about every application you've ever written that stores IPv4 addresses in a 32-bit integer, either in working variables or in databases, or displays them to a user as a 15-character dotted-quad string, or sends an A-record query to a DNS server to get an IP address, and every application your ISP might be using to keep track of what equipment is where with what addresses on it, and every network management application your company or ISP is using to monitor equipment health or configuration. Now go fix them all to store both IPv4 and IPv6 addresses. Preferably before the people who want to access your website only have IPv6 at home.

Whoever dies with the most toys wins.

Working...