One Year After World IPv6 Launch — Are We There Yet?

darthcamaro writes "One year ago today was the the official 'Launch Day' of IPv6. The idea was that IPv6 would get turned on and stay on at major carriers and website. So where are we now? Only 1.27% of Google traffic comes from IPv6 and barely 12 percent of the Alexa Top 1000 sites are even accessible via IPv6. In general though, the Internet Society is pleased with the progress over the last year. '"The good news is that almost everywhere we look, IPv6 is increasing," Phil Roberts,technology program manager at the Internet Society said. "It seems to be me that it's now at the groundswell stage and it all looks like everything is up and to the right."'"

What groundswell?

[Antique Geekmeister]

Not a single business partner, client, or home user that I've dealt with for the last 3 year has an active IPv6 DNS registration. _None_.

The critical factor for IPv4 exhaustion was the lack of "/24" addres spaces for businesses and buildings. This has been impressively ameliorated by the use of NAT, which shares numerous intenral and protected IP addresses behind a single or pair of public addresses and should be the _default_ configuraiton in most businesses and organizaitons, simply to reduce the constant external vulnerability scanning of any host directly connected to the Internet.

The growth of high capacity load balancers for web servers and other network services has also helped tremendously, allowing a wide set of behind the scenes hosts to be serviced by a single exposed device and reducing the IPv4 footprint of these services. Also, people have learned how to economize in the ir IPv4 use: They _do no tneed_ a different IP address for their email server, their FTP server, their web server, their phone server, their chat server, and their IRC server. The services are being easily funneled through a single exposed router or firewall, far more efficiently than before.

The result has been that the great need for IPv6 simply has not yet occurred, and is unlikely to occur for another 10 years. The foundation of the need for IPv6 is basically that of ubiquitous comuputing: the idea that every single device scattered around the home or around the workplace will have its own IP address for remote communications, and they _should not have_ public IP addresses. Providing public, routable IP addresses puts them at risk of attack at all times: putting them in the unroutable, easily tracked and maintained IPv4 address space handles almost all internal network needs quie effectively and is a signigicant security advantage and eases scanning and tracking of local resources.

IPv6: Who gives a shit?

[Anonymous Coward]

The Chinese government loves IPv6 because it provides extra granularity for surveillance of their citizens. Fuck that. They can kiss my shiny metal NAT.

Re:I always thought...

[Alioth]

IPv6 space won't run out in 20 years. "Well", you say, "It's inefficiently doled out - each user gets a /64 under how it's supposed to work even if their network has just one device!"

However, the amount of /64 prefixes theoretically available is 2^32 (4 billion) times larger than the address space of the *entire* IPv4 address space. Four billion times larger. Even if only 48 bits of those were usable for whatever reason, that would still be 65536 times larger than the *entire global IPv4 space*. However, there's more than 48 bits usable.

Re:What groundswell?

[dbIII]

This myth again - you should know better. Nobody is suggesting removing the firewalls that can prevent the constant external vulnerability scanning of any host directly connected to the Internet. They can do it quite well without the utter pain in the neck that is NAT. Yes, NAT saves newbies arses, but so now does the default configuration of even cheap and nasty ADSL routers so taking it away probably will make zero difference.

They _do no tneed_ a different IP address for their email server, their FTP server, their web server, their phone server, their chat server, and their IRC server.

Are you seriously making such a suggestion in 2013 when we are knee deep in virtual machines or are you joking? It doesn't take much complexity before you end up wanting to have two separate things running the same service and then you've got to do some arcane mucking about with non-standard ports and port forwarding if you've only got one real IP address. You've also got to be sure that the ports you've chosen are not being blocked at the other end and that can very seriously limit your choices, to the point where people connecting through mobile/cell networks have to be allowed all the way in to an almost unprotected network by VPN since you have run out of ports the telco allows. In such a case NAT becomes the security risk instead of the security solution you are trying to convince the gullible it is.

The services are being easily funneled through a single exposed router or firewall

Nobody is suggesting changing that. You still get all that filtering only without the constriction of NAT.

Re:I always thought...

[Anonymous Coward]

Note that, as with so many sites, the announcement that XKCD is now available over IPv6 is obsolete. At some point they broke something, couldn't figure out how to fix it easily and so they just removed IPv6 from the site.