There Is No Plan B, the Ugly Transition To IPv6 717
An anonymous reader writes "The Internet is running out of IPv4 addresses — not at some point in the future, but right now. But the only solution to the problem, IPv6, is just now really starting to be deployed. That's why we're all in for some tough times ahead."
/: No AAAAnswer (Score:0, Informative)
# nslookup -type=AAAA slahsdot.org ns2.dsredirection.com
Server: ns2.dsredirection.com
Address: 204.13.160.55#53
*** Can't find slahsdot.org: No answer
Re:When is /. going to get an IPv6 address? (Score:5, Informative)
Running IPv6 on a webserver means cutting of a chunk of your users with broken IPv6 setups. That is why you see a lot of http:://ipv6.google.com [http] style sites, but hardly anybody having a AAAA record on their main domain.
Re:Reclaim Some? (Score:5, Informative)
True, that is obligatory. Map of the Internet [xkcd.com]
Re:Reclaim Some? (Score:3, Informative)
Here you go... [xkcd.com]
And here... [isi.edu]
Re:Reclaim Some? (Score:5, Informative)
I've wondered why this hasnt been done sooner. There are some relatively small groups out there with class A blocks (16.7m) still. Make those who own these blocks justify their use. I believe back when the internet was just a wee bub, IP addresses were handed out to anyone who wanted them. And some companies just took huge chunks.
Have a look at this list for starters http://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks [wikipedia.org] or http://abhishek.nagar.me/content/class-ip-address-and-owners [nagar.me]
Some organizations, such as Stanford University, formerly using 36.0.0.0/8, have returned their allocated block to assist in the delay of the exhaustion of addresses. Perhaps some others could follow in their steps.
Re:Reclaim Some? (Score:5, Informative)
ICANN considered this option, but decided that it didn't extend the deadline out far enough to be worth the costs.
http://blog.icann.org/2008/02/recovering-ipv4-address-space/ [icann.org]
Re:NAT (Score:5, Informative)
what limitations? my iphone is on NAT. what will IPV6 allow me to do on it that i can't do now
The original idea of the Internet was a network of peers. Every address was globally routable, and any machine could host content.
There are obvious security issues with this... Which is why we've got firewalls... But there wasn't really anything standing in the way of you hosting a game server, or website, or whatever on your home machine.
NAT now stands in the way of you doing this. NAT has destroyed the whole "network of peers" thing.
NAT is fine for simply consuming content. For your iPhone, for example, I doubt if it's an issue. And if you're just loading up random web pages at home, or connecting to WoW, or whatever - you'll be fine.
But if you want to host a web page at home you're going to have to not just open the ports in your firewall, but forward the traffic from your outside IP to the inside IP. And if you want a second box to serve up a web page too? Too bad. You only get one port 80 per IP address, and you've only got one globally routable IP address.
Again, if all you're doing is consuming, this isn't all that much of a problem. But then you aren't a peer, either.
Where this starts to be more of an issue is with various devices that we now want to be able to communicate with remotely. It's becoming more and more common for people to want to remote into home computers. Or maybe program a DVR remotely. Or maybe some utility company wants to be able to check your electric/water meter remotely.
Being able to host your own content is becoming more important, not less. And shoving everything behind NAT is becoming more of a problem, not less.
Re:Reclaim Some? (Score:4, Informative)
Your comment kinda reminds me of those who say "analog television frequencies aren't being used any more". And then they suggest using them for cellular phones/internet. But the reality is that those frequencies ARE being used: By digital television (channels 2-51) and Emergency Radio (52-59) and cellphones (60-69)(approximately). Every inch of space is assigned.
Umm, NO. Thin slices of the same spectrum are being used by digital TVs. LOTS of the space, though not contiguous, are not being used by it. That's why the FCC is going to allow others to use that unused 'white space' between the thin slices used by digital TV btoadcasts.
http://www.dailytech.com/article.aspx?newsid=14497 [dailytech.com]
Not nearly every bit of the spectrum is being used, or assigned.
Re:NAT (Score:4, Informative)
You have 65,000 inbound ports. You can't possibly be peering with more then 1000 or 2000 other torrents anyway without completely destroying your bandwidth. Further, there is nothing that says SSH has to run on port 22. You just like it to because it's easy. There's no reason you can't NAT to 100 servers for SSH, run 50 webservers (with both SSL and non-SSL ports), torrent to 5000 of your best friends and still have 59,000 ports left to play with. And a translation table with 5000 entries isn't beyond the capabilities of anyone that might actually have the much infrastructure running behind the device.
Re:When is /. going to get an IPv6 address? (Score:5, Informative)
heise.de, a major German tech news site ran a test for precicely that reason about two weeks ago: they added an AAAA to heise.de in addition the normal AA record. Out of the thousands of visitors they have each day less than 10 were unable to reach that site in that configuration and wrote in about their problems and only one turned out to be unfixable because of a router misconfiguration somewhere else in the network.
Counter-anecdote. I've been running v6 at home for about a year now with absolutely no problems (Hurricane Electric, seriously, you guys kick ass). But I decided I wanted to add a new private 802.11n router to my network, so I went and picked up a DIR-625, which is a lower-end, 2.4Ghz-only 802.11n-capable D-Link WAP.
Now, I have a *slightly* unusual setup, in that I have a dedicated firewall (m0n0wall, you guys also kick ass), and I wanted this private, WPA2-secured AP to sit on my internal network and basically bridge the wireless pool directly to my network (no, in an enterprise scenario, I wouldn't advise this, but at home, with a properly secured WAP, I think it's safe). Furthermore, the firewall sends out v6 router advertisements, and I use simple v6 auto-configuration, so that any device connected to my LAN or existing 802.11g WAP automatically gets v6 connectivity (the latter is open and sits in its own DMZ). All of this works perfectly.
So I plug in the WAP so that the LAN-side of the device is connected to my network (this bridging the networks), and then connect to it with my laptop... and my v6 connectivity is shot. Attempts to connect to any v6 hosts time out. Odd. So I check my routes, and lo and behold, inexplicably, I have a default v6 gateway route that corresponds to a *loopback* address. A little digging, and I discover this POS AP is sending out router advertisements, and advertising it's *loopback address* as the gateway address. Buh??
So naturally I log into the AP and make sure v6 is disabled. Except it is. And it's *still sending out radv messages for it's loopback address*. The solution? I had to reflash the blasted thing and replace D-Link's firmware with dd-wrt.
Now, this is an incredibly common piece of consumer-grade hardware. And their IPv6 implementation is, apparently, horribly broken. If I were a regular user, and, say, Google, advertised AAAA records for www.google.com, I would've been unable to hit their website. So can you really blame service providers for choosing to either a) not advertise AAAA records for their services, or b) only do so to whitelisted ISPs?
Re:Reclaim Some? (Score:5, Informative)
"which thanks to compression looks as fast as 500k DSL"
hahaha, no.
Re:The IPv6 nightmare begins with it's design... (Score:5, Informative)
The problem with the approach is that it's very difficult to do in a way that doesn't break backwards compatibility, and if you're going to break compatibility then you may as well fix other things at the same time.
Didn't have to be that way. We could have had an IPv5 with all the addresses and none of the backwards compatibility issues if not for special interests in the IETF:
http://bill.herrin.us/network/ipxl.html [herrin.us]
Gets my vote for IPv7...
Re:Procrastination (Score:2, Informative)
Taxes almost never go lower. They always trend higher.
They do? [typepad.com]
Re:We are not running out, we are being stupid (Score:3, Informative)
Why shouldn't he have 4 or 5 addresses? Most colo providers will either allocate a /30 or /29 to your machine, and there are very good reasons for this.
Playing the "conserver ipv4 IPs!" game is ridiculous when there's a standard right there that will completely remove these type of concerns. It's time to move on.
Re:Procrastination (Score:1, Informative)
So they give out a /30. 8 addresses, again the first and last are unusable, and the first available is the CPE router. 3 out of 8 or 27% of the addresses are lost in routing.
This is not the case with an intelligent ISP.
I have 8 addresses allocated to me, all are usable, and the configured gateway for all of these is x.x.x.1 with a subnet mask of 255.255.255.0.
So, the ISP only loses 3 addresses for every 256, just like before, and can serve many small customers more efficiently.
Re:Reclaim Some? (Score:4, Informative)
You do realize that the very same page is also compressed when using DSL, right? Or do you mean you use some kind of proxy service which does lossy compression on all images? Well, then it's still not gonna give you the same user experience as a DSL connection which is ten times faster.
There is no way a 56k or slower modem "looks as fast as 500k DSL".
Re:When is /. going to get an IPv6 address? (Score:1, Informative)
Chicken and egg kind of problem. As long as few hosters advertise A and AAAA records for the same domains, users are going to suspect that the web site is at fault even though it's really due to a problem with the users' local IPv6 configuration. Heise ran a test to find how many users could be getting that misconception and the test result was much better than they had expected. "Thousands of visitors" is a bit of an understatement, btw: Heise.de has an Alexa traffic rank of 587 (29 in Germany). On a typical day, 0.2% of all internet users visit heise.de. If a web site of that size can switch on IPv6 and get only a negligible number of problem reports, then it makes other sites hesitation look like procrastination, not caution.
The only way to work out the kinks of IPv6 is to use IPv6, and it looks like that is possible without breaking much. This experiment (and now live configuration) should encourage more sites to just go for it.
Re:Reclaim Some? (Score:3, Informative)
images are compressed to 10% original size.
The vast majority of images are already (compressed) JPG. If they could be compressed another 90% (which they can't be!) then everyone would do it and 500kbps would still seem faster than 50kbps dial-up.
Re:Reclaim Some? (Score:3, Informative)
What do you call these then? They look like ISPs to me:
http://free.aol.com/thenewaol/plan_choice.adp [aol.com]
http://www.getnetscape.com/ [getnetscape.com] (AOL owns Netscape ISP)
Re:When is /. going to get an IPv6 address? (Score:3, Informative)
Minor correction: I think you mean A record [dnsuniversity.com] rather than AA. AA [aa.org] is something else ...
Re:Ford (Score:3, Informative)
The security issues only exist if the network people shouldn't be doing security anyway. NAT just happened to provide a decent level of protection for machines behind the firewall. A simple set of v6 rules can provide exactly the same protections.
Block inbound connections, inbound SYN,ACK packets that don't match an outbound SYN, and UDP unless there was a matchong outbound UDP first.
Meanwhile, by not re-writing every packet passing through, the firewall can handle a lot more traffic for the same resources.
It's a problem with infrastructure. (Score:3, Informative)
I own blocks of IPv4 addresses, yes a query to ARIN produces my name. I own many Domain Names (my DNS bills are substantial). I also own several IPv4 blocks because I purchase a business account for my home internet connection; these ones aren't ownership, but part of product agreement from the ISP I go through. I have co-los directly connected into Yahoo's backbone in the NBC building downtown San Diego. I have considerable network resources, for personal use and as nerdy as it is... I'm proud.
The IPv6 problem largely persists because there is 0 infrastructure support. When I say infrastructure, I mean everything from the AT&T copper telecommunications level all the way to the consumer level Service Providers like Cox Cable or Road Runner services. Almost all "IPv6" solutions a consumer can find is nothing more than a IPv6 WAN configuration scheme between you and your ISPs first router and their router does IPv6 to IPv4 translation for all requests. Some companies might have their own IPv6-to-IPv4 translators on the routers facing their upstream providers... again this isn't connected to a IPv6 "internet". The IPv6 support found in software primarily seems to most revolve around one requirement "translation to IPv4".
I know this might hurt a lot of feelings. Bind Ping, a lot of FOSS software has "native" IPv6 support and I'm not debating this. What I'm pointing out is none of it is anything more than experimental code as there is no real means of testing any of it on a real life network. I have faith in it, yes but I have a hard time thinking it could have been extensively tested on a real network.
I realized all of this after trying to get my co-los on a hardcore, pure, real-life IPv6 network with network addresses and all services go. Even up to the point where IPv4 wouldn't work at all. It logically can't be done at this point in time; there are no big time upstream providers in Southern California that can provide a real IPv6 link, even to businesses such as mid-sized ISPs let alone to consumers. This is the problem, without infrastructure support... all we are doing is translation and pseudo-WANs running on top of IPv4.
All the telecommunication companies need to jump on board. All the major universities need to abandon IPv4 for communicating with each other (effectively converting the major backbone of the internet to IPv6). We need the translators to be in primarily reverse, IPv4-to-IPv6 instead of IPv6-to-IPv4. We need all the major ISPs to start offering IPv6 to the consumer. This is the easy part I think, consumer doesn't care or know the difference.