Comcast Carrying 1Tbit/s of IPv6 Internet Traffic

New submitter Tim the Gecko (745081) writes Comcast has announced 1Tb/s of Internet facing, native IPv6 traffic, with more than 30% deployment to customers. With Facebook, Google/YouTube, and Wikipedia up to speed, it looks we are past the "chicken and egg" stage. IPv6 adoption by other carriers is looking better too with AT&T at 20% of their network IPv6 enabled, Time Warner at 10%, and Verizon Wireless at 50%. The World IPv6 Launch site has measurements of global IPv6 adoption.

Saying something good about ComCast hurts my brain

[gewalker]

In actual fact, the ComCast internet service is not too bad. It is just their customer support, pricing, monopoly status and general arrogance that make them among the most hated company in existence.

The other interesting thing in the article was Google showing their IPv6 traffic was now around 4% up looked the perhaps the upward bend at the beginning of an s-Curve.

Re:Saying something good about ComCast hurts my br

[eli pabst]

In actual fact, the ComCast internet service is not too bad.

Their cable TV service is another story. I'm reading this article right now because my cable box is busy rebooting...again.

Re:

[jslaff]

Hurts my brain, too, but... I really have to admit that in the past 25 years with Comcast, first just for TV, then internet, then phone, I've had pretty much zero complaints. In fact, I get discounts off my bill for asking (minimal, yes, but $10 a month off $180), upgraded boxes for free for the asking (true, just one of their old SD DTAs to an HD DTA), and actually got a few hundred bucks for signing up my VERIZON cell phone through Comcast. In fact, the one company that I will never go back to for anyth

Being a site for geeks...

[Anonymous Coward]

Slashdot can't be far behind, right?

Re:Being a site for geeks...

[OzPeter]

Slashdot can't be far behind, right?

I've heard that you can only get ipv6 connections if your comments are in uni-code.

Re:

[Rick Zeman]

Slashdot can't be far behind, right?

Only on Beta.

Advantages?

[ArchieBunker]

So any advantages to running an IPv6 tunnel other than so say you use IPv6?

Re:

[Anonymous Coward]

Easily get around IP bans.

Re:Advantages?

[CAPSLOCK2000]

The big advantage is that all my computers are reachable through the internet, no more NATting port 80 and port 22 to strange ports because you can use every port only once.
A secondary advantage is that port 25 is not filtered, although that's not inherent to IPv6, just a lucky benefit of my current tunnel-provider.

Re:Advantages?

[OzPeter]

The big advantage is that all my computers are reachable through the internet

Depending on your point of view, that may also be considered as a down-side.

Re:

[Anonymous Coward]

Um, no. The whole "NAT is security" argument is bullshit. KISS: I'd rather have a simple firewall which either blocks or does not block ports/IPs (or connections, if stateful) than a complex firewall which also has to rewrite packets.

Re:

[LordLimecat]

Its perhaps misleading to say that NAT is security, but it undoubtedly provides security.

Re:

[oursland]

That, too, is rather misleading. NAT only provides a sense of security, as the devices may not be addressed directly. However if you assume that because your devices are behind a NAT, that they're secure from external attack, you can be easily surprised when one device acts as a portal to the rest. Piercing the Firewall is not a new concept.

Re:

[LordLimecat]

NAT provides "security" because it is actually impossible to hack a computer behind a NATing router, without A) hacking into the router (in which case a firewall doesnt matter), or B) having the end user poke a hole / port forward through the NAT (which they could do with a firewall).

I suppose if you were MITMing the connection and could see what ports got opened for outbound connections, and you could spoof inbound traffic, you could perhaps exploit something-- but this will not affect the majority of user

Re:

[Drakonblayde]

NAT provides "security" because it is actually impossible to hack a computer behind a NATing router, without A) hacking into the router (in which case a firewall doesnt matter), or B) having the end user poke a hole / port forward through the NAT (which they could do with a firewall).

Oh that's not true at all. Just because you can't access the IP assigned directly to the computer from outside of the NAT hardly means you can't communicate with the device. NAT doesn't imply packet inspection or anything of that nature.

Far too many people confuse NAT as a security product because it's often paired with limited firewall capability in consumer grade routers. If you can do sufficient packet analysis (like, say, compromising an outside host that the NAT'd box talks to), you can communicate wit

Re:

[LordLimecat]

It is true because without a NAT rule or a dynamic mapping, the router will discard the packet 100% of the time. There is nothing you can do that will convince a router to pass a packet onto a NAT'd computer that has not already initiated a connection.

like install software that (innocently or not) leaves the host exposed behind the NAT, the NAT might as well not be there.

The same is practically true of 99% of consumer firewalls out there, which allow outbound connections and return traffic.

Re:

[Bengie]

Except NAT has no official implementation, so many implementations have many different security bugs to be exploited. Firewalls are easy to test, NAT implementations, not so much.

Re:

[oursland]

By "Piercing the Firewall", I didn't mean to imply that NAT should be considered a firewall, but rather to allude to a class of techniques to get around network restrictions such as port, content, or IP based filtering for both malicious and benign purposes.

Re:

[Anonymous Coward]

Hey tough guy, you can firewall off services running on a natted address just as easy as you can a real ip address. Do you get a pain in your side or does the extra emmisions from a router doing that give you a tingle in your neck hairs or do you think your router is wearing out a silicone junction or wearing down a wire trace as it rewrites packets over and over? Hint, it does not. There are a lot of things a router does to data and data streams so rewriting for NAT is not something above and beyond the

Re:

[segedunum]

Um, no. The whole "NAT is security" argument is bullshit. KISS: I'd rather have a simple firewall which either blocks or does not block ports/IPs (or connections, if stateful) than a complex firewall which also has to rewrite packets.

I'm afraid it's not. I never cease to be amazed by people who think that managing multiple IP addresses is better and less error prone than one, and frankly, I don't want anyone being able to discern anything about what should be my *internal* network.

Re:

[pipedwho]

How so?

A firewall can be set to block all incoming connections with a few inbound exceptions that the user requires (eg. port 22 on a particular box, and port 80 on another one).

The advantages are that the firewall no longer has to keep track of all NAT connections with the associated timeout issues, and that there will never be a network address collision issue when you connect via VPN from a remote network with the same subnet range. It also removes issues related to split-horizon DNS.

For certain corporat

Re:

[Sanians]

I don't want anyone being able to discern anything about what should be my *internal* network.

The so-called "privacy extensions" address this, though seemingly not by design, but simply because the dumb fucks behind "privacy extensions" provided something useful. Basically, in Linux for example, the kernel will choose a new random IPv6 address every day, and keep old ones for seven days. It always uses the newest one for outgoing connections, but will accept incoming connections on any.

The supposed benefit of this is that you no longer have one static address and so you're harder to identify, but

Re:

[segedunum]

The so-called "privacy extensions" address this, though seemingly not by design, but simply because the dumb fucks behind "privacy extensions" provided something useful. Basically, in Linux for example, the kernel will choose a new random IPv6 address every day, and keep old ones for seven days. It always uses the newest one for outgoing connections, but will accept incoming connections on any.

Sounds like a real recipe for reliable operation there, as well as reducing the complexity of something like NAT, especially amongst different operating systems.

Re:

[Bengie]

Why would they be able to discern anything about your internet network without a NAT. You just saying that indicated you don't know what you're talking about or you're trolling.

Re:

[segedunum]

Why would they be able to discern anything about your internet network without a NAT.

Multiple public IP addresses, join the dots. Seriously......

Re:

[Anonymous Coward]

No. That in itself is never a downside. If you don't want rest of the internet connecting to your computer/network, you filter it at your firewall (usually router). Personally I wouldn't mind if it was a requirement that all routers meant for home usage had a factory default that only established/related connections were allowed to LAN side from WAN port(s). Of course that should be configurable, but just sticking the router in would give reasonably secure default.

Re:Advantages?

[Rising Ape]

The problem with that is how many home users know how to configure the firewall? There are legitimate reasons to have incoming connections. Unless you want to reinvent uPnP for v6, but that would be needlessly complex and probably have security flaws of its own.

Frankly there's no excuse for any modern software to be vulnerable even if connected directly to the internet with no firewall. This isn't 2003 any more, and in any case it's commonplace for computers to be connected to all sorts of untrusted networks such as public wifi. So anything that assumes "a firewall will take care of it" is utterly irresponsible.

Re:

[mrchaotica]

The problem with that is how many home users know how to configure the firewall? There are legitimate reasons to have incoming connections.

And if your use case includes one of those legitimate reasons, then it's your responsibility to know enough about security to configure the firewall. It is fundamentally impossible for there to be a safe alternative to this!

Re:

[Rising Ape]

And if your use case includes one of those legitimate reasons, then it's your responsibility to know enough about security to configure the firewall. It is fundamentally impossible for there to be a safe alternative to this!

Do you really expect the average user to know about IPs, ports, TCP/UDP etc.? That's not very realistic. I don't agree that a safe alternative is impossible - there's no magic power that packets have to hack a computer. Any failings are due to poorly written software.

If an application doesn't need to listen for connections, it shouldn't open a port. A firewall won't make any difference here.
If an application does need to listen for connections the firewall will need to let them through. Again, the firewall

Re:

[mrchaotica]

Do you really expect the average user to know about IPs, ports, TCP/UDP etc.? That's not very realistic.

No, I expect users who want to run services that listen on ports (which makes them not "average!") to know about those things.

I don't agree that a safe alternative is impossible - there's no magic power that packets have to hack a computer. Any failings are due to poorly written software.

It's even less realistic to expect software -- especially the crap software the "average user" uses by default -- to be

Re:

[Rising Ape]

The fact that someone bothered to make uPnP suggests that there's a need for this capability for average users. Things such as voip, gaming, exchanging files - if you can't have peer-to-peer connections, you're reliant on big centralised services for all of these things. Granted, we seem to have gone down that path already (perhaps driven in no small part by the prevalence of NAT), and these services may have a place, but do we want it to be *all* there is to the internet?

As for your second point - well, Mi

Re:

[mrchaotica]

The fact that someone bothered to make uPnP suggests that there's a need for this capability for average users.

There's also a "need" for antigravity and wish-granting genies. They're just needs that may remain unfulfilled due to impossibility.

I assume since you bring up uPnP without citing it as a viable solution, you're aware that it's disasterous for security. I think at least some of that is due to inherent problems in the concept, not just a poor implementation.

Granted, we seem to have gone down that pa

Re:

[drinkypoo]

No, I expect users who want to run services that listen on ports (which makes them not "average!")

Wut. The average user has ports open. Go install any major consumer OS and then nmap it. You can do better.

Re:

[Bengie]

No, I expect users who want to run services that listen on ports (which makes them not "average!") to know about those things.

You mean like the "server-less" P2P console games that elect the host from one of the current people in game?

Re:

[laie_techie]

If an application doesn't need to listen for connections, it shouldn't open a port. A firewall won't make any difference here. If an application does need to listen for connections the firewall will need to let them through. Again, the firewall doesn't help - at least not at the level of sophistication you'd see in a home router's firewall.

Except I want my legal music collection to be accessible to computers within my home (DLNA server), but if external computers have access (without use of a VPN), I may be guilty of illegal sharing. Ditto for other things which should be available on a LAN, but not be public facing.

Re:

[laie_techie]

And you can to this at the application layer. You do not need a firewall to restrict service to particular clients.

You seriously expect every piece of software to act as its own firewall, instead of a system-wide firewall?

Re:

[segedunum]

Frankly there's no excuse for any modern software to be vulnerable even if connected directly to the internet with no firewall.

Oh my fucking God.

Re:

[Bengie]

Install OpenBSD on a computer not behind a firewall and see if it gets hacked. I think they've had 2 remote security vulnerabilities in the past forever.

Re:

[laie_techie]

Frankly there's no excuse for any modern software to be vulnerable even if connected directly to the internet with no firewall. This isn't 2003 any more, and in any case it's commonplace for computers to be connected to all sorts of untrusted networks such as public wifi. So anything that assumes "a firewall will take care of it" is utterly irresponsible.

I think you misspoke. It's irresponsible to think an external firewall will take care of it, so every computer / virtual machine should have its own. However, it's asking for trouble to allow untrusted traffic to arrive to any software. Just being accessible opens it up for a DDoS attack.

Re:

[pantaril]

The problem with that is how many home users know how to configure the firewall?

Probably the same amount who knows how to configure NAT. Fortunately the routers manufacturers usualy take care of the configuration for them.

Re:

[Bengie]

Unless you want to reinvent uPnP for v6

What are you talking about? PFSense supports IPv6 uPnP with the base install. Just enable uPnP service and it will allow uPnP to punch holes in the firewall for the requesting IPv6 address. Worked just fine with my Windows box and Torrent. It was quite turn-key. Enable service, done.

Re:Advantages?

[CAPSLOCK2000]

This is Slashdot, News for Nerds. Not News for Grandma's that are afraid of configuring their router.

Nerds do not live in isolation

[tepples]

News for Nerds. Not News for Grandma's that are afraid of configuring their router.

Nerds often have to act as tech support for said grandmothers.

Re:

[jones_supa]

Nooo. NAT is an incredibly practical tool to set up a poor man's firewall and to have a nice internal network behind it. Then UPnP or port forwarding is used to route incoming connections per need. Works.

Re:

[CAPSLOCK2000]

Instead of a poor man's firewall, why don't you use a real firewall? It's much easier to configure than NAT.
If you use Linux, like every residential internetrouter sold in the last 10 years, NAT is a part of the firewall code.
As it is more simple a "real" firewall is cheaper than your "poor man's firewall".

Re:

[jones_supa]

What benefits using a real firewall would provide me?

Re:

[jbolden]

The ability to actually block or unblock what you need how you need it rather than randomly just disallowing a bunch of stuff and then punching huge holes in the wall that anything get through when you need to get out.

Re:

[jones_supa]

No, it does not work like that. NAT port forwarding and UPnP allow me to let in just the specific ports to a specific host, with UPnP having the added benefit that the port is open only when the application is running.

Re:

[spire3661]

UPnP is lazy.

Re:

[jbolden]

Which is precisely the same thing that happens with any firewall. You just specify port / host and or you let specific hosts cut holes for specific periods of time. None of that changes.

Re:

[Sanians]

The difference is like this:

With NAT, say you want to open port 22 so that you can SSH to a machine on your LAN from the internet. So you forward that port to that machine. Next month you find you need to do the same for a second machine on your LAN. Your choices are to either forward the port to the new machine, which means it is no longer forwarded to the old one, or to forward some other random port and tell whomever wants to access that machine "OK, it's open, but you have to use port 122 instead."

Wi

Re:

[segedunum]

Instead of a poor man's firewall, why don't you use a real firewall?.....As it is more simple a "real" firewall is cheaper than your "poor man's firewall".

Seriously, this tripe is getting modded as insightful now?

Re:Advantages?

[Ksevio]

It works for a little while, but it still depends on the network having a public IP. A lot of ISPs, especially in Asian countries, have started implementing NAT level IP which means no UPnP and not even manual port forwarding.

Re:

[radarskiy]

You are right: it *is* a poor firewall for a man. Or a woman.

Re:

[sjames]

With IPv6, a couple simple rules on a stateful firewall will give you exactly the same protection but without requiring packet rewriting. As a side benefit, you get lower latency and the router has less trouble under network load.

If manufacturers would set those rules by default, there would be no problems.

Re:

[ArchieBunker]

Do you need to be on another IPv6 connection to access them?

It's probably almost all cellphone bandwidth

[TrollstonButterbeans]

The ipv6 traffic is probably almost all cellphone bandwidth.

A guess.

Re:

[WaffleMonster]

So any advantages to running an IPv6 tunnel other than so say you use IPv6?

None, turn it off and get a real IPv6 connection unless you need it for something.

When content sees higher latency and lower throughput from crappy tunnels it only serves as a disincentive for continued adoption.

Crap Traffic

[extremescholar]

I tried native IPv6 with them about 6 months back, and I was constantly bombarded with random packets that overwhelmed my router. They have 1TB of traffic that is just junk packets. More Comcast BS.

Re:

[Anonymous Coward]

I've had zero issues with native v6 on Comcast in the San Francisco, CA area. Where in the US are you located?

Re:

[Anonymous Coward]

This is what worries me.

Moving to IPv6 means more challenges. Having to retest firewalls and it's rules, making sense of the IPv6 addresses and then figuring out what looks normal and what looks like bad (generated) traffic when looking at PCAP's.

How does blocking work when everybody can have a trillion addresses? Can people have a trillion addresses? Do they have a block allocated to each user/system? Does it matter? So many questions.

I don't want a little mistake somewhere or lack of knowledge to cause a

Re:

[CAPSLOCK2000]

Better start learning now, while you can afford to make mistakes. The bigger IPv6 gets the more those little mistakes will hurt you.

Re:

[jbolden]

How does blocking work when everybody can have a trillion addresses?

You block a range. And it actually works because there is no NAT!

Can people have a trillion addresses?

Far more. The minimum subnet is a /64 which is 1.8 million trillion.

Do they have a block allocated to each user/system?

Yes.

Re:

[NormalVisual]

18,446,744,073,709,551,616, or 18 quintillion, or 18 million trillion, minus a couple for netblock addresses. "Practically unlimited" is a good term here. :-)

Re:

[jbolden]

If you get a /64 you can do whatever you want on it. If you get a /60 then you have 16 subnets you can do whatever you want on.

Re:

[WaffleMonster]

Moving to IPv6 means more challenges. Having to retest firewalls and it's rules, making sense of the IPv6 addresses and then figuring out what looks normal and what looks like bad (generated) traffic when looking at PCAP's.

I will be happy when IPv4 is gone and the constant cheap attacks and probes to random addresses are no longer viable at least not on the scale of IPv4.

How does blocking work when everybody can have a trillion addresses? Can people have a trillion addresses? Do they have a block allocated to each user/system? Does it matter? So many questions.

In IPv6 land users are assigned prefixes rather than IP addresses so you block the prefix rather than the IP address.

Re:

[Mathieu Lu]

Would be nice to have more details about that, and the proportion with IPv4 scans/crap.

Personally, I've been pleasantly surprised when going to the US, that random places (small motels, AirBNB places) had native IPv6. In some cases, they even had weird broken NAT, but working IPv6.

This migration to IPv6 has to happen one day or another. May as well be in front of the curve, with regards to privacy, security, topology and performance.

Re:

[segedunum]

Welcome to IPv6.

Their implementation sucks.

[Anonymous Coward]

Their implementation of DHCPv6-PD blows. It's incompatible with openWRT, Netgear, pfSense router firmware. You'll get your prefix, but it will get either dropped or changed within several hours. Then this premature change of the lease will fall out of sync with radvd on the routers then you will completely lose IPV6 connectivity. With all the IPV6 address space available, why not give out a static IPV6 prefix, but no, they want to change it frequently. This is completely contrary to their IPV4 DHCP servers which will basically give you the same IP address forever until you change the MAC address on the router.

So screw Comcast's IPV6. I'll stick with my hurricane electric tunnel and it's static IPV6 prefix until my router breaks. Maybe be then Comcast's implementation will actually work with most of the routers on the market that support IPV6.

Re:

[NormalVisual]

With all the IPV6 address space available, why not give out a static IPV6 prefix, but no, they want to change it frequently.

Because they don't want you running servers with a static IP? Can't have that now, can we?

Re:Their implementation sucks.

[WaffleMonster]

Their implementation of DHCPv6-PD blows. It's incompatible with openWRT, Netgear, pfSense router firmware.

There seems to be problems with Comcast IPv6 that I can see.

Lease query is fucked up/does not work at all so if your cable modem reboots while the lease is still valid the CMTS has forgotten all about it and won't let any traffic pass until you transmit a renewal request for your PD. It seems some consumer router gear uses Ethernet/media detection to notice the link has bounced and refresh the lease...otherwise your basically SOL and have to manually do it.

I don't think it is fair to blame Comcast for a systems shitty/buggy support for DHCPv6 prefix delegation. Comcast is not doing anything magical or non-standard. Vanilla ISC DHCPv6 client has worked flawless for me.

Incidentally have maintained same IPv6 prefix for over a year now since they turned up v6.

Then this premature change of the lease will fall out of sync

To be fair if the client is fucked up and not properly renewing lease sometime before it expires I don't see how that's Comcast's fault. If you don't ask for renewal you won't get one.

With all the IPV6 address space available, why not give out a static IPV6 prefix, but no, they want to change it frequently.

Exactly they should hand out addresses or at least make them very sticky so that anything short of some kind of reorganization/renumbering does not result in a new prefix. It really sucks even if radvd is sync'd there are still implementation problems with the zero lifetime pulling and hosts if using SLAAC locally.

This is completely contrary to their IPV4 DHCP servers which will basically give you the same IP address forever until you change the MAC address on the router.

If you allow your IPv4 lease to expire good luck getting the same address back. At least on the two occasions I've had my system down long enough for it to happen and was greeted with a new address. It may very well be certain areas are configured differently and so mileages vary.

So screw Comcast's IPV6. I'll stick with my hurricane electric tunnel and it's static IPV6 prefix until my router breaks.

The HE tunnels were awesome. I was sad when I shut mine down.

Re:

[cdwiegand]

This! Wow, I had no idea others had the same issue. I tried putting the IPv6 modem on the outside of my firewall, and couldn't get the delegation to work reliably, so finally in order to "keep my IPv6" I had to put it on the inside of my network. Luckily all of my ipv6-capable equipment is modern enough OSes (ubuntu, osx and windows 7+) to have real firewalls, and everything else is known non-IPv6-capable (my old wireless canon printer, mostly).

Once they fully launch it in the business accounts, I plan to g

Re:

[Burdell]

I have no problem with Comcast's IPv6 setup, once I hacked a few things in OpenWRT that were wrong; not sending the requested prefix size was a big one (so I could only get a /64 initially). Also, if the link drops, when it comes back and dhcp6c tries to update radvd, radvd doesn't restart (so the RAs go away and IPv6 quits on all auto-configured systems). My link is generally stable enough that I haven't been bothered enough to track down this bug to get it fixed.

IIRC, the only time I've had my delegated

Nice graphics at Cisco

[CAPSLOCK2000]

Cisco has nice graphics of the IPv6-deployement in the world. It's based on the same measurements but presented with nice graphs instead of a boring table of numbers. Look up your own country at http://6lab.cisco.com/stats/in... [cisco.com] .

chicken and egg?

[Anonymous Coward]

With Facebook, Google/YouTube, and Wikipedia up to speed, it looks we are past the "chicken and egg" stage

Yeah cause those are the only 3 sites anyone ever uses, right?

Comcast...30%...AT&T at 20%...Time Warner at 10%

Those numbers are still terribly low.... better, but low... chicken needs to get to work

Verizon Wireless at 50%

For a bit I skipped right over the wireless part and thought it was cause FiOS... my theory was, providers never want to upgrade their stuff to handle bandwidth, they sure as heck aren't going to upgrade for newer equipment. Most likely they'd be doing both with one purchase whether they want to or not, considering IPv6 is so old now, and the network co's (cis

and yet, those on ipv6 can't see slashdot

[the_humeister]

still not sure if that's a pro or a conâ¦

And there there is Charter Com6munications

[QuantumRiff]

Charter's Ipv6 website hasn been saying its coming "soon" since about 2011. Last time I called the NOC, and our regional sales people (I'm a fiber customer of theirs) nobody could give me any time frame, area, or any other information about when they plan to start testing it for customers.

Re:

[QuantumRiff]

That is possible, and has been for a while, but I don't want all of my traffic going to Missouri first

Wait for Kong's firmware for R7000 wit IPv6

[gunkelNY]

It's going be blast for people using the best available ARM home router at this moment, Netgear R7000 More details here: http://www.dd-wrt.com/phpBB2/v... [dd-wrt.com]

IPv6 How will it happen?

[LessThanObvious]

How do you [Slashdot users] see IPv6 transition actually happening?

Will each internet user have dual stack?

IPv6 is much more complex, how will companies support users who barely understand IP addressing when IPv6 is going to seem like a long string of meaningless characters?

Do you see something like a dynamic IPv6 to IPv4 DNS/NAT translator to hide IPv6 complexity from the user a viable solution?

Re:

[l2718]

Why should users care? How many "users" are aware of IP addresses, or view them as anything but a string of meaningless digits? The "complexity" of IPv6 falls entirely on sysadmins and on those who implement IPv6 stacks, that is on experts. It's possible some users will have a home network on the 192.168.x.x IPv4 range connected via a NAT to the IPv6 internet, but this choice will be made for them by the people who write NAT software: home users universally use first-come-first-served DHCP to assign addr

Re:

[NotInHere]

I have DNS in my home network, using the hosts file of my openwrt router.

Re:IPv6 How will it happen?

[Tim the Gecko]

How do you [Slashdot users] see IPv6 transition actually happening?

Will each internet user have dual stack?

Yes. They will have a dual stack with the IPv6 address being used for a bigger and bigger proportion of traffic. Meanwhile IPv4 will probably traverse some NAT.

Once IPv4 is the minority of traffic (many years in the future), it will turn into a legacy PITA to administer separately. But that is a while away.

IPv6 is much more complex, how will companies support users who barely understand IP addressing when IPv6 is going to seem like a long string of meaningless characters?

Those 30% of Comcast customers aren't calling a helpdesk and reading out hexadecimal digits. If DNS is working they will say things like "www.facebook.com". If DNS isn't working then they can't fix it by reading out or typing those "meaningless characters".

Do you see something like a dynamic IPv6 to IPv4 DNS/NAT translator to hide IPv6 complexity from the user a viable solution?

Not viable. It wouldn't help more than a single digit percentage of users anyway.

Re:

[jbolden]

How do you [Slashdot users] see IPv6 transition actually happening?

a) Carriers and ISP have support (mostly done)
b) Cellular (mostly done)
c) Default is switched for home / small business (mostly not done). Then they have a shared pool of v4 addresses for v4 traffic rather than one address per location.
d) Enterprises start running dual stack
e) v4 is mostly retired

Will each internet user have dual stack?

Probably each carrier. You'll see the v4 address space living inside some subnet at an IP addres

Re:

[spire3661]

If you have a way to make IPv6 palatable, the world is awaiting you.

Re:

[don.g]

V6 to DNS/NAT: you mean NAT64? It's a thing. It works.

But what we'll probably end up with is Carrier Grade NAT for IPv4, hopefully dual-stacked with native IPv6. There are already ISPs selling CGN IPv4 connections with no IPv6 support, e.g. most cellular IP service.

Math

[fulldecent]

Percentage of US consumers using broadband 74%
http://www.forbes.com/sites/gr... [forbes.com]

Percentage of US marketshare served by Comcast 25%
http://www.dailytech.com/Marke... [dailytech.com]

Percentage of Comcast customers on IPV6 30%
RTFS

Percentage of people that use Google 100%
http://google.com/ [google.com]

ASSUMING NOBODY ELSE HAS IPV6 EXCEPT COMCAST 5.5% PRODUCT

Google says 4%

A lot of our internal Internet 2 runs on IPv6

[WillAffleckUW]

Mostly hardened traffic, but there you go.

Pretty sure it doesn't get counted in with the general Internet, since you guys run so slow, and we have 100 GB/sec ports at most major research universities and military installations, and 40 GB/sec ports within 1-2 mile radius of those.

It carries a lot more data, but no spam.

IPv6 routers

[NormalVisual]

Can anyone recommend a SOHO-level router that properly supports IPv6? Right now I've got my desktop on a Teredo (okay, stop laughing) tunnel set up to a server I have colo'd which in turn has a real /64. It works pretty well, but it was a pain to set up and counts against my colo bandwidth, and of course adds a bit of latency. Router support for IPv6 may be moot since I don't even know for sure that AT&T has IPv6 rolled out here anyway.

Re:

[rsmith-mac]

Apple Airport Extreme. They have supported IPv6 very well for years now.

Re:

[Rick Zeman]

Can anyone recommend a SOHO-level router that properly supports IPv6? Right now I've got my desktop on a Teredo (okay, stop laughing) tunnel set up to a server I have colo'd which in turn has a real /64. It works pretty well, but it was a pain to set up and counts against my colo bandwidth, and of course adds a bit of latency. Router support for IPv6 may be moot since I don't even know for sure that AT&T has IPv6 rolled out here anyway.

My Cisco RV-320 supports IPv6 just fine on Comcast's network.

Re:

[Pop69]

I'm using a Draytek 2860 which does the job just fine

Re:

[pantaril]

Can anyone recommend a SOHO-level router that properly supports IPv6?

If you understand networks and are not afraid to setup your own router from scratch, i recommend mikrotik router boards. For home use, i'd use something like RB951G-2HnD [routerboard.com]

Re:

[zbobet2012]

Most anything with openwrt :)

Why does Comcast have 32 ASN's?

[knorthern knight]

One of the major arguments for IPV6 was that it would eliminate the bloated routing tables that are almost as much of a problem for IPV4 as addresses being all used up. So why does Comcast need 32 ASN's?

Routing loop

[Chelloveck]

Well, there's yer problem. Looks like you got yerself a routing loop there sending all IPv6 traffic back on itself. Fix that and your IPv6 levels will go back down to infrequent pings and the occasional guy who turns on IPv6 just to see if anyone else is using it yet.

Re:

[Anonymous Coward]

were you on ipv6

Re:

[DewDude]

As far as I know, it's at 0%. They have not activated IPv6 for anyone; nor do they seem to have any plans to. They've been promising it for years; but nothing.

Re:

[Martin Blank]

Their status page [verizon.com] promised roll-outs starting in late 2012, but it also has horrifically bad information, even for an ISP ("Verizon will use a IPv6/56 address format, which means this will support 56 LANs.") I've asked about it several times, but no one at any level seems to know what's going on. The routers have been IPv6-enabled since spring of 2013, which got a lot of people excited. There's a rumor that the hold-up has to do with newer set-top boxes and broken IPv6 stacks, but no one knows how believ

Re:

[Anonymous Coward]

$ dig -6 slashdot.org
dig: can't find IPv6 networking