No IPv6 Doomsday In 2012

itwbennett writes "Yes, IPv4 addresses are running out, but a Y2K-style disaster/frenzy won't be coming in 2012. Instead, businesses are likely to spend the coming year preparing to upgrade to IPv6, experts say. Of course there's a chance that panic will ensue when Europe's RIPE hands out its last IPv4 addresses this summer, but 'most [businesses] understand that they can live without having to make any major investments immediately,' said IDC analyst Nav Chander. Plus, it won't be until 2013 that North America will run out of IPv4 addresses and there's no sense getting worked up before then."

Business as usual

[InterestingFella]

ISP's and hosting companies will not run out of IPs. This only means that the price per IP will start to slowly grow. Hell, every time I order server the companies still happily hand me over 5 IPs without me even asking for them. With a simple request I can also buy 256 ips for the price of $300 a year.

Re:Business as usual

[Anonymous Coward]

a Y2K-style disaster/frenzy won't be coming in 2012. Instead, businesses are likely to spend the coming year preparing to upgrade to IPv6

Sounds just like a Y2K-style disaster/frenzy.

Re:

[DamnStupidElf]

Sounds just like a Y2K-style disaster/frenzy.

Pretty much. It's a technical problem that is being solved incrementally over a period of years so that there aren't eventually widespread shortages or other major problems (NAT is pretty much the two digit year format). "Normal" people got frenzied over technical issues, but of course they'll also frenzy over some person on TV having a scripted event happen to them.

Re:

[Culture20]

It's a technical problem that is being solved incrementally over a period of years so that there aren't eventually widespread shortages or other major problems (NAT is pretty much the two digit year format).

NAT is more like checking the code to make sure a jump from 99 to 00 won't hurt anything, then sticking with the two-digit format. It's IPv4, but it's a semi-solution.

Re:Business as usual

[Columcille]

And the good news about this is "normal people" don't have a clue what you're talking about when mentioning ipv4 or ipv6. Tell them, "We're about to run out of IP addresses!" and they'll blink at you. Tell them, "No! PANIC! IPV4 IS ALL FILLT UP!" and they will call for some friendly people to take you to a padded room. Tell them, "Oh, and we have a problem with programs that use a two digit year instead of a four digit year" and they will build disaster shelters.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[geekprime]

That was a very profitable time for all my consultant friends and I.

I look forward to businesses putting it off till the last possible second and paying me double to do it RIGHT NOW!!!!!!

Re:

[SJHillman]

During an ISP changeover in March, we only needed one IP but the ISP gave us a block of 4. Hmm, maybe we can resell the extras...

Re:

[SJHillman]

On second thought, maybe I can finally get a static IP at home. Damnit Time Warner, let me have a static IP.

Re:

[pak9rabid]

You can...it's called Time Warner Business Class [twcbc.com]. And besides, with stuff like DynDNS, why do you even need a static IP for your home?

Re:

[SJHillman]

With stuff like DynDNS why do you need a static IP anywhere? It's useful for VPNing into my home network, setting up DNS (dynamic DNS only goes so far), hosting a webserver, etc... same as any commercial use for people that host stuff at home.

Also, you generally can't get Time Warner Business Class in an apartment.

Re:

[InterestingFella]

Get VPN connection from a company that offers static ip's to users, or host VPN server on your servers. Problem solved.

Re:

[pak9rabid]

Don't use a stupid VPN solution. Last I checked, OpenVPN works just fine over a dynamic IP.

Re:

[Culture20]

With stuff like DynDNS why do you need a static IP anywhere?

Whenever I'm SSH'd into work from home, I have to remember to run screen because my IP address changes almost nightly, and it seems to be always when I'm in the flow.

Re:

[noh8rz2]

always when I'm in the flow.

How odd that the ip change is in sync with your monthly hormonal cycle. Could it be pheromones?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[InterestingFella]

Of course I already know the answer to my question. It can be located above the '4' key on most keyboards...

Â? $ is on the side of '4' ;-)

Re:

[neokushan]

And there was me wondering what F3 did that was so special...

Re:

[Eevee]

t can be located above the '4' key on most keyboards...

Well, on my Dell keyboards it's the F4 key (slightly offset), but on my HP and Sun keyboards it's F3.

Re:

[DocSavage64109]

On my keyboard, it's a 7 key.

Re:Business as usual

[pak9rabid]

The question I'd like to ask is why don't they just hand out a static IP by default?

There's a few good reasons off the top of my head that I can think of:

• - Dynamic IPs cut a lot of bullshit out of support calls
• - DHCP servers hand out more information that just IPs (default gateway, DNS servers, domain, etc)
• - ISPs like to have the option of re-allocating blocks of IPs without having to call hundreds/thousands of customers to have them renumber their equipment

Re:Business as usual

[XanC]

DHCP can be used to hand out a static IP.

Re:

[jandrese]

Not easily if the end user is prone to changing out their hardware (plugging in only one thing at a time into the router, like the instructions told them to do).

Re:

[neokushan]

In the UK, Virgin Media (about the only Cable/DOCSIS ISP here) managed to do both incorrectly.
They don't give out static IPs, but they also don't like it when customers plug in different equipment. In "the old days" it was particularly bad, if a customer plugged in a device with a different MAC (e.g. they went from being directly connected to using a router) the DHCP lease refused to issue an IP until the host table on the UBR was flushed.
These days it isn't too bad, but there's still a 4-device limit and s

Re:

[ard]

Point being?

Re:

[Grishnakh]

But there seem to be strange intermittent problems doing so if you use a Cisco/Linksys E4200 router.

Re:

[Charliemopps]

#1. They don't want people hosting websites on their broadband connection
#2. They don't want people hosting FTP servers on their broadband connection
#3. Because service areas expand and shrink all the time. New subdivisions go in, routers get moved, equipment gets replaced. Static IPs make all this a pain. With Dynamic, they just unplug stuff, plug in new stuff, customers modem goes down for about 5seconds, comes back up and pulls a new IP. No call required.
#4. Fragmentation. This is something that phone co

Re:

[u17]

Because all sorts of services won't talk to you if you are on a spam blacklist. And pretty much all dynamic address pools are on such blacklists.

Re:

[GPLHost-Thomas]

5) someone else starts getting a bunch of connection attempts....

6) that someone else also runs a mail server, and it's replying "no such domain / user", and sender receives a bounce message

Re:

[morgauxo]

With any service I have used the DHCP server 'remembers' your MAC address and waits a considerable amount of time (days to weeks) for your return before giving the ip to someone else. unless the ip pool is close to exhaustion anyway...

Re:

[AliasMarlowe]

1. My router notifies DynDNS.org of my current IP as soon as it changes (while running) or is assigned (from router boot).
2. My IP has changed via DHCP precisely once in the last 5 years, when my ISP transferred me to a different service level (it did not change when the ISP was bought out 3 years ago)
Now, if anyone was accessing my site by raw IP address they would have had a hiccup a few months ago. But for anyone accessing it by DNS name, it was a doddle.

Re:

[EdIII]

I did not even bother. I got 16 static IP addresses on of my last orders and I told them flat out on the phone I only need 1. You can keep the other 15.

I ended up keeping 2 to split the network off, but let them keep the other 14.

How do you sell it anyways? It's not like I can call up the ISP and tell them to transfer 14 IP addresses to a different account like a telephone number.

Re:

[Aighearach]

he.net won't run out, because they're already ready with ipv6!

This story is actually great news for a lot of geeks, get your selves over to H.E. and get your free ipv6 certs in time for this wonderful pre-Y2K year of bounty!!!

Re:

[bbn]

If you are using Debuan/Ubuntu/etc just do this simple command:

sudo apt-get install gogoc

Tada! You got IPv6. Test it at http://test-ipv6.com/ [test-ipv6.com]

Re:

[klapaucjusz]

sudo apt-get install gogoc

More difficult to debug when it fails, but often yields better performance:

sudo apt-get install miredo

--jch

Re:

[Aighearach]

That isn't really going to help people get certs and make money, though.

And, if that's all you know is to run that command, you won't actually be able to complete the conversions well enough to be part of the frenzy, as that involves a lot more; dns, http servers and name based vhosting, smtp, etc

Re:

[Qzukk]

ISP's and hosting companies will not run out of IPs.

No, no, of course not.

This only means that the price per IP will start to slowly grow.

Yes, yes, of course it will.

Claiming that the second will prevent the other is like claiming that if I have an expensive enough metal detector I'll find the pirate treasure in my backyard. You can claim that the last IP will be held ransom for trillions of dollars and never sell, the counterclaim is that there's an upper bound to what people will pay for IPs, the price w

Re:

[bbn]

There is no such thing as the last IP. You can always take one from another customer that pays less. What, you thought that address you paid extra for was yours to keep for ever? Not so.

In some cases the address space is actually yours to keep. But even then, there will be a price where you will choose to sell it. And if not you, then someone else.

Re:

[tftp]

like claiming that if I have an expensive enough metal detector I'll find the pirate treasure in my backyard.

However strange that may sound, this is true, as long as there is at least one pirate treasure anywhere on this planet. Some digging may be required.

Artificial scarcity

[mcrbids]

Also, strangely, the need for additional IP addresses is also on the decline, as the ability to manage NAT traversal improves. Using technologies such as wildcard SSL certs with subdomains rather than individual certs for each IP address, SSL/TLS for HTTP, STUN for VOIP traffic, and so on gradually ease pressure on the need for public IP addresses.

I'm not saying that IPV6 is DOA, but the cost of IP addresses will grow slowly enough that the transition will take a very, very long time. Our colo hasn't yet an [heraklesdata.com]

Business opportunity

[ccguy]

Well, anyone looking to make some big bucks in the next 1-3 year should start learning IPv6. Nothing major needed, just setup a IPv6 network at home, if you can rent an external server with IPv6 in any of the many data centers that already offer it, and play with it.

It's not a lot of effort and there will be many highly paid job offers soon.

Re:

[rubycodez]

I doubt much "highly paid jobs", it'll just get thrown onto the backs of IT droids with the rest of the crap they have to do (speaking as one myself)

Re:Business opportunity

[SJHillman]

I think he means you can hire yourself out as an "IPv6 Changeover Consultant", spend ten minutes coming up with an IPv6 addressing scheme and then passing it on the the IT droids while taking the credit and the money.

Re:

[pak9rabid]

Lots of SMB's don't have "IT droids". This actually would be a good opportunity for people such as yourself to break away from the shackles of corporate IT and write your own ticket as a consultant/contractor.

Re:

[Aighearach]

That's how the free he.net cert works, they give you the lesson, and it involves setting up the tunnel and then configuring a local server to match each lesson.

Re:Business opportunity

[EdIII]

The problem is not learning IPv6. That's easy. At least to anyone with more than a little experience doing this. I was working before the Internet even came around and before Ethernet, so I don't see it as a big obstacle.

Where is all the fucking Enterprise hardware and firmware updates to support it?.

That's what needs to be solved. I could support IPv6 tomorrow if it was a simple firmware change. IPv6 will not be rolled out into Enterprise environments for at least 10-15 years completely. Reason why is simple. Not every network device supports it. I got clients that still have 5 years or more to go on lease contracts for huge printer and document systems. No IPv6 firmware updates in the pipeline that I know about.

Operating systems will be faster of course, but you need to cover all of the devices first.

My biggest issue is the routers themselves. If you are running a business or have branch offices, you are not, or should not, be doing that on any hardware you can pick up at BestBuy. Prosumer or higher routers that can set up multiple WAN ports don't have IPv6 yet. Perhaps the absolute newest ones might, but that could represent 20-30k in new equipment costs for a medium sized business with branch offices. For what? Just IPv6?

Unless the manufactures get off their asses, stop being greedy, and push out a firmware update for existing hardware to support IPv6 there will be a lot of people like me that have two choices:

1) Stay with IPv4
2) Spend tens of thousands of dollars on new hardware.

Tough situation.

P.S - Why do any of that until at least 1/3rd of all customers are using IPv6?

Way harder than a firmware update.

[Sycraft-fu]

For cheap consumer devices that do everything in software, sure a firmware update is all it would take, at least in theory (IPv6 can take more memory and CPU so on limited devices there might not be enough). However enterprise networking devices? They usually have to have parts replaced.

Reason is that to get the kind of speeds and latencies we want, you need ASICs, Application Specific Integrated Circuits. Those are just what they sound like: Devices designed to do a specific thing. That also means they aren't programmable. ASICs allow us to do stuff cheaper and faster than we could do in software.

A simple example is a gigabit switch. Crack one open and you see a very small little chip that handles all the switching. Now try it with a PC, stick in 8 gigabit cards and have it bridge between them. It'll overwhelm it, despite having a powerful CPU. Reason the switch can handle it is that little chip does nothing but switch packets. It is designed for only one task and does it well.

So enterprise stuff has this too, but some more complex ones. You get ASICs to speed up routing. Problem is if the ASIC was made for IPv4, it cannot be expanded to IPv6. You need a new one.

On the campus where I work they upgraded all the big routers to do IPv6 and it was pricey, seven figures even with our discounts. All the supervisor modules had to be replaced. Now yes, before that they could have technically turned it on, there was IPv6 for IOS on the older stuff. However it was all done in CPU, which is pretty limited on those routers. So if a couple people used it, it'd be fine. However if lots of people did, it'd crash the routers. The only way to give them the capacity to support it for everyone was to get new IPv6 hardware.

It isn't a matter of being greedy. As I said, Cisco would let you turn IPv6 on for many devices, like the 6500/7600s we use. It just couldn't accelerate it because it lacked the hardware. No magic fix for that.

Remember high end networking equipment isn't replaced often. You can leave it in place for over a decade. They aren't going to replace it all just for fun.

Re:

[Anonymous Coward]

A PC will handle layer 2 bridging just fine /w 8 ports. There really isn't a whole lot of effort involved in shoving packets around like that. Did you base your statement on actual observation or did you pull it out of your ass?

Those desktop 5 and 8 port switches from Linksys or whatever have "switch on a chip" type IC's because they're cheap, not because they're wonderfully efficient (though obviously lower power and better latency than a PCI bus)

Obviously in a datacenter, you want a real switch.. They're

Re:

[EdIII]

I can understand switches needing to be replaced, but that is typically less expensive than a router. That would not break us. Additionally, we can have a hybrid environment internally at least.

It comes down the router. I did not think about the ASIC only being able to handle IPv4. At least not on a multi-thousand dollar router.

You bring up a good point, and it is going to be very very hard to justify the expense for business until consumer adoption reaches a certain point.

It's like a major business pus

Re:Business opportunity

[klapaucjusz]

Where is all the fucking Enterprise hardware and firmware updates to support it?.

Most large companies have been requiring IPv6-capable gear for the last 4 years or so, while the DoD mandages IPv6 support since 2005.

Because of that, most recent hardware and software is IPv6-capable. Cisco IOS, for example, has been doing IPv6 since 2001. Microsoft servers have been able to work over IPv6 since Server 2003. Mac OS X since 10.4, Linux since the 2.4 series.

If you're still stuck with IPv4-only hardware or software, it's your fault.

--jch

Re:

[smpoole7]

> If you're still stuck with IPv4-only hardware or software, it's your fault.

See my next post. Some of us have networks that are composed of far more than just computers, switches and routers, dood. :)

Re:

[klapaucjusz]

we can't just 'toss this machine out and buy new' (it's a 175k machine) [...] newer versions of Windows don't support the software that run on these computers

So you invest $175,000 without making sure you'll get software updates?

I rest my case -- it's your own fault.

--jch

Re:

[GPLHost-Thomas]

I got clients that still have 5 years or more to go on lease contracts for huge printer and document systems. No IPv6 firmware updates in the pipeline that I know about.

We never asked that these migrate to IPv6. They are fine with v4.

Re:Business opportunity

[bbn]

HP did a quick one. We got a ton of IPv6 enabled HP 2910al HP layer 3 gigabit switches. Did I say layer 3? What I meant was layer 3 IPv4 and managed layer 2 IPv6 switches.

Yes, HP apparently figured the switch would qualify for all those government deals that mandates IPv6 support. I bet they were right. But the switches are just some very expensive managed switches for any IPv6 work. No support for routing IPv6 nor any other useful IPv6 support. But you _can_ telnet, ssh, SNMP etc to them using IPv6. The switch can be assigned an IPv6 address. So this qualifies for an IPv6 gold logo. They just do not advertise very loud that it is a logo for a "client"-device.

So does HP suck? Not especially so. It is the whole industry pulling this stunt.

Re:

[smpoole7]

> make some big bucks ...

Yes ... and no. It depends. Maybe. No way to predict it reliably for each geographic location. Frankly, for better or for worse (and just for the record, I think IPv6 rocks; I like it) ... that's not likely to happen for the vast majority of small-to-medium-sized private networks. Not if they're working fine now. You might can make a little money helping people go IPv6 on the Internet, but that's about it.

Our facilities are a case in point. We have so much IPv4 stuff, including

Re:

[interval1066]

The last few times I installed an os (which were Windows and Linux machines) they came with ipv6 stacks, and it seemed like very little configuration was nessessary. In fact, if I recall, the configuration instructions were how to turn the ipv6 stack off if you wanted to do that. It seemed to be on by default.

Re:

[klapaucjusz]

Linux configs vary a bit more in that v6 is not typically enabled by default

IPv6 is enabled by default on all Linux distributions known to me, and that has been the case for five years or so.

(Your confusion may stem from the fact that, unlike Windows, Linux distributions do not enable the Teredo protocol [wikipedia.org] by default. But that's a different matter.)

--jch

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Todd Knarr]

You're right about unused IPv4 space we can reclaim from people who aren't using those blocks. But multicast and class E? Trying to use those as unicast addresses would break most of the existing IP protocol stacks.

Me, I figure the gear will need to be replaced soon. There may be a question of whether it'll be next year or the year after, but I can see the writing on the wall now. Better to get everything started now when I don't have to rush.

When you get -40F winters and you know your furnace wasn't workin

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Todd Knarr]

See: flag day [retrologic.com]. Best avoided. You can't make the change simultaneously on every single computer connected to the Internet, and if you don't you're going to have random breakages from the point where you start until the point where the last computer's been patched. I'd rather not have frequent and unpredictable failures of the global Internet for 3-6 months.

Re:

[jandrese]

For what it's worth, IPv6 world day went quite smoothly back in June. My only complaint is that they turned IPv6 back off at the end of the day instead of leaving it on and getting people started with actually fixing their broken stuff.

Re:

[Todd Knarr]

Yep. Which is going to come back and bite them the day they don't have a choice, they have to have IPv6 turned on to talk to something they need to talk to. I'd rather find and fix the broken stuff over the next 6 months to a year, instead of a year from now when having it on's causing production outages and turning it off isn't possible.

Re:

[thue]

> Only the regional NICs have run out of blocks to distribute. No one has actually run out of IPv4 addresses.

APNIC is the only NIC which has run out of IPv4 adresses, on 14 April 2011. Surely there have been an ISP somewhere in Asia since then who wanted to use an IPv4 address, but haven't been able to. That should qualify as running out.

Re:

[delt0r]

My router is 3 years old from my ISP and it fully supports IPv6. Seriously what out there doesn't?

Re:

[jandrese]

Apparently Verizon still gives most FiOS customers IPv4 only routers because they're some custom conglomeration of an incredibly low end home router and in-home data-over-coax setup so they can sell you horrible movies at terrible quality and high prices on their PPV system.

Seriously Verzion, I know that PPV is supposed to be a big moneymaker for you, but why is it every time you advertise it, you're showing us movies that nobody could possibly want to watch? "Mr. Popplers Penguins, Watch this incredib

Re:

[Princeofcups]

This is just more attempts for the shill media to try to herd people into replacing their gear. It'll fail like the rest.

Agreed. The article should be "Almost no one is talking about IPv6." There are some places where it could be useful, such as universities and national labs, where most machines have their own IP on the internet. But most companies are ten dots behind firewalls. Hell, most home machine are 192s or 10.s behind firewalls.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[QuantumRiff]

From what I have seen, IPv6 is MUCH simpler in implementation.. the part that gets tricky, is working with hardware, and 30 years of businesses working around the limitations of IPv4..

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[bbn]

And when you are done reading it, you will realize that nothing in there was something you actually need to know.

Deploying IPv6 is dead simple. Really.

Having every subnet to be /64 means people will not need to understand concepts such as netmask.

Having automatic default routes means people will not need to understand routing even when configuring addresses manually.

Having no NAT means people will not need to understand NAT. Yes really. NAT is a complicated subject for the average user.

In general it can be

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[bbn]

Then realize that Windows clients default to link-local addresses

No Windows does not default to link-local addresses. Windows will _never_ use a link local address for accessing an internet site. No IPv6 enabled device would. If you actually read and understood that Wikipedia page, you would know why too.

How about XP clients not supporting DNS on v6?

XP clients has the needed support for DNS. Nobody would be crazy enough to deploy a pure v6 only network with XP clients on it. No home router on the marked operates in this mode. The XP clients will continue to lookup AAAA records using v4 and this works just fine.

It's not simple and it won't be simple in the near term for anyone who doesn't do this for a living

I thi

Re:

[am 2k]

Not to mention every single business that I've ever dealt with has some sort of proprietary in-house software for one need or another. If it's a networked application then it's running on IPv4 no doubt.

All Java apps magically support IPv6 without any changes to the code (unless the program does some IP trickery itself, like storing the IP address as text in a database field that only allows 15 characters max). HTTP clients and servers all support IPv6. That should take care of a lot of custom software.

Re:Silly

[jandrese]

In my experience the difficulty with IPv6 translation isn't at the socket layer--all of that stuff was figured out ages ago and only requires a few tweaks here and there to support both easily--the difficulty is with parsing configuration files, creating dialog boxes, etc... Lots of UI elements were spaced assuming that an IP address would only need 15 digits to be fully displayed, and IPv6 breaks that.

The upshot is that converting an application over to IPv6 is rarely as easy as it should be.

Re:

[jesseck]

Well, I don't want no stupid NAT - anywhere. I can ssh to my home machine and my work machine from anywhere in the world. No NAT at work, and portforwarding at home. I'd like to ssh to every machine at home though - without paying for more addresses. I'd like to ssh into my smartphone too (so I can turn on the gps and find out where I put it.) But that isn't even offered today. IPv6 will make all of this easy. Enough addresses, nothing to pay extra for. Except the transition.

I, too, would like to ssh into your machines at home and your smartphone.

Re:

[arose]

NAT is not a firewall.

Re:

[bbn]

APNIC ran out 19 April 2011: http://www.potaroo.net/tools/ipv4/index.html [potaroo.net]

I'll be getting ready now, thanks

[Todd Knarr]

I'll be getting my network IPv6-ready now, thanks. I'll need to get a tunnel running to get connectivity, but I'll have a solid 6 months to a year to get all the bugs ironed out before I need to depend on it. That way I won't have to panic and rush if problems come up, and I won't be doing a mad scramble to get everything done as a hard deadline looms.

It's always easier and less disruptive to do something if, when something goes wrong, it can stay broken for a couple of weeks while I sort things out and it'

Re:

[rubycodez]

you are being a drama queen since it's so easy, I set up ip6 tunnel for myself in three hours a year ago including the pf rules, been working flawlessly for two home servers (accessible from the internet at large), two workstations, and three laptops.

Re:I'll be getting ready now, thanks

[Todd Knarr]

No, I'm not a drama queen. I'm a paranoid bastard who makes Mad-Eye Moody look positively naively trusting. Which is another way of saying I've been through major infrastructure deployments before. I don't believe in Murphy, I'm on a first-name basis with the little toerag.

Making an IPv6 tunnel work, that's easy. The hard part's making it not work in the spots that need to not work without breaking what's supposed to work. If everything goes smoothly it'll be a piece of cake, and if I do it now it'll probably go smoothly. But if I wait until the last minute, 99 times out of a hundred it won't go smoothly. So I'll be paranoid and get it done now and be pleasantly surprised at the lack of problems, then kick back and relax with a bowl of popcorn while Murphy visits all the people who waited and zany hijinks ensue.

Re:

[Fred Ferrigno]

There will never be a do-or-die moment where you need to use IPv6. For many years coming, IPv4 addresses will still be available, just at a slowly increasing cost. People and institutions will switch over gradually when the cost of IPv4 exceeds the cost of switching to IPv6, which will happen at a different point for everyone.

Re:

[Todd Knarr]

Actually there will be a do-or-die moment: the moment the first server I need to access only has an IPv6 address because the person who owns it doesn't want to pay the cost of an IPv4 address. At that moment I'll need to have IPv6 working. That point won't be under my control. Cost/benefit from my side won't matter. The only thing that'll be gradual is the number of things I need to have working that won't work at all. So better to be prepared now, so that when other people start deciding it's just too cost

Bologna

[Karl Cocknozzle]

We're not changing to IPv6 on our internal network ever. Why would we bother with a forklift changeover of the entire internal network? It's a waste of time--nothing we need to do now requires "end to end" addressing, and frankly, if it does we don't want it. All the articles I've read seem to come down to "it's more convenient" for applications not to have to deal with NAT... Of course it is also more convenient for people who mean to do you harm, too, since we're back to connections to outside resources c

Re:Bologna

[evilviper]

All the articles I've read seem to come down to "it's more convenient" for applications not to have to deal with NAT... Of course it is also more convenient for people who mean to do you harm, too, since we're back to connections to outside resources coming from the machine's actual IP address, a public NATing of the private one.

NAT doesn't provide any security. Never has, never will. No, I'm not wrong. No, I'm still not wrong.

If you have a firewall between your private network and the public Internet, then you'll have all the security you want, whether using IPv4 or IPv6, with or without NAT. If you don't, then it's trivial for bad guys to reach services you don't want them to get to. If there's NAT in-between, it'll take a couple extra specially-crafted packets, but it's pretty trivial to get around.

IPv6 addresses with a firewall? Bad guys can know the IPv6 address of your valuable systems all they want, but if your firewall is blocking incoming connections by default, they can't get a single bit through to the destination.

I don't understand why people's brains turn to jello when talking about IPv6.

It's not YOUR addresses ...

[garry_g]

... what you don't seem to get is that the problem is not when ARIN runs out, but when your business partners get IPv6 addresses you can't reach because you didn't do your f@ckin' homework and upgrade to dual-stacked ... So go ahead, stick to IPv4, and once your boss comes in and asks why you can't exchange data with your possibly largest customer, tell him: "why would we want IPv4? Arin hasn't run out yet" ... good luck on finding a new job afterwards ...
And if you believe "Hey, no problem, it's just the Chinese and Japanese and Australians, who needs them" - think again, Europe's RIPE will run out of IPv4 addresses next ...

Yes let's wait until the last minute

[drb226]

to get worked up about problems that are imminently arising. Because that worked so well for us in this SOPA/PIPA situation.

Re:Cleanup the IP Space

[SJHillman]

You assume everyone with an IP is using it to host a website. And what about people that have a redundant data link that only comes up when their main link goes down? "Well, we haven't had any downtime in the past year, guess we don't need any backups! Go ahead, take my IP!"

Re:

[SJHillman]

I don't deny that we have a lot of unused/misused IPs. My college had an entire 65,534 IP class B block to itself. The college has around 3,000 students (a third of which are commuters and not there every day) and maybe 1,000 professors, administrators, janitors and other staff. Even if every student, professor and janitor was given ten publicly addressable IPs, they would still have thousands left over. My point to the poster was about forfeiting IPs if they're unused for a set period of time or just b

Re:

[ae1294]

There are so much junk IP addresses out there going nowhere

Couple of A blocks won't give you 10 years with the way things are expanding in Asia and Africa.

I have an idea, why don't we separate the African Internet from our Internet. We could have two Internet's! They would be separate but equal..

Re:

[ralphdaugherty]

Nearly all the traffic to the US from those places are attacks anyway.

I see attacks on my little site from new IP address ranges everyday. In my opinion the criminals are constantly expanding to new IP addresses for two reasons: short term it evades prior IP address range blocking, and long term I believe they are trying to use up ipv4 to bring on ipv6 as soon as possible. Once we are on ipv6 the attacks might as well be from every grain of sand. There will be no way to block them, game over.

To those who sa

Re:

[ae1294]

Took the words right out of my mouth.. 'The people' in those countries have been shown time and time again that they can't be trusted. We've been letting them get away with raping and stealing from our servers for long enough. My oldest server got raped just last month and I'm still worried that some root-kit or other may still be inside of her. They deserve to be segregated from the rest of us upstanding types...

Re:

[jellomizer]

No it is the Evangelical Christians who are believing a Pagan calendar designed to help worship many gods. Sometimes I don't think most of these people actually read the bible.

Re:

[ae1294]

No it is the Evangelical Christians who are believing a Pagan calendar designed to help worship many gods. Sometimes I don't think most of these people actually read the bible.

Maybe they know their own religion is full of shit.

You can mod me down but you can't mod down the coming Mayan Apocalypse. Ah Pukuh shall call fourth Ah Muzencab to smite thee all.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[AdamJS]

The United States is the main concern for, well, Americans, obviously.

Re:

[Jeremi]

what scares me is the lack of a "real" private address range (with nat) like we do now with ipv4.

Dunno what your threshold for "real" is, but Wikipedia mentions this [wikipedia.org]... perhaps that would do.

Re:

[bbn]

If you are a lazy enterprise, you can buy a NAT64 box and put in front of your servers. It is a one step solution to exposing your services on the IPv6 network.

And for the employees, well what are they doing browsing the net during working hours anyway? Plus, you probably have them using a proxy server already (so you can filter dangerous non-work related pages) and said proxy server will work as a translation technology. Only the proxy server needs an IPv6 address.

Lazy enterprises can get away without impl

Re:

[jcurran]

they have 65 + million ipv4 addresses....

Registrations are publicly visible in the WHOIS database, so please elaborate which address blocks you refer to?

Re:

[bbn]

Stupid too. So you got your splendid IPv4 address but need to talk to your European IPv6 friend? Guess what, you are out of luck!

When do people learn that as anyone is out we are effectively all out?

Oh it might yet only be a few Chinese dudes that we do not like that much anyway. But soon enough it will be Europe. I know Americans like to think that USA is the whole world, but in fact there is a reason they call USA+Europe+others "the western world".

There will probably always be v4 addresses for servers to