Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Networking United States IT

Federal Agencies Must Use IPv6 by 2008 295

MoiTominator writes "The White House Office of Management and Budget announced on Wednesday that all federal agencies must deploy IPv6 by June 2008. So far, Defense is the only agency which has made any progress toward implementing the new protocol." From the article: "While we know that IPv6 technologies are deployed throughout the government we do not know specifically which ones, how many there are, or precisely where they are located...For cost, the agencies must report on estimates for planning, infrastructure acquisition, training and risk mitigation."
This discussion has been archived. No new comments can be posted.

Federal Agencies Must Use IPv6 by 2008

Comments Filter:
  • by cato kaze ( 770158 ) <omlet&magi-n,com> on Saturday July 02, 2005 @05:39AM (#12968097)
    Its nice to see that government is implementing IPv6, but I'm more curious as to when it will be implemented by the private sector and widely used. (Is there an FCC ruling or guidelines for transition time somewhere or are we just oozing towards it?)
    • by jacksonj04 ( 800021 ) <nick@nickjackson.me> on Saturday July 02, 2005 @07:21AM (#12968333) Homepage
      Oozing slowly.

      Basically, install an IPv6 stack on everything you can and use IPv6 ready software/hardware over IPv4. Eventually upstream people will see IPv6 all over the place using Toredo, and implement an IPv6 network.

      My school runs on IPv6, along with a few others in the area, and our upstream provider is already implementing an IPv6 network for us.
    • Its nice to see that government is implementing IPv6, but I'm more curious as to when it will be implemented by the private sector and widely used.

      My guess, probably never.

      • I agree. NAT effectively killed IPv6. That and the baulkanization of the internet.

        Everybody has their own citadel with their data servers up in pearly white towers. The only clear access to the information desk is across a gantry high above a wall of fire. As you walk across this gantry your every step is watched by a 50 eyed beholder...
        • NAT, dynamic DNS, and all the other "hacks" which resolved the problems in ways which were backward compatible. Between NAT, dynamic DNS, and application level protocols to negotiate ports, we don't have merely 4 billion IP addresses, we have 28147 trillion, and that, to misquote Bill Gates, should be enough for anyone.

          I'm not saying IPv4 is going to last forever. Like anything else, it won't. But I'm pretty convinced that IPv6 won't be the next widely adopted protocol after IPv4. To (properly) quote D

          • I agree with that quote from Bernstein as well. If IPv6 was made complimentary to IPv4 so that you could have both on the same network and able to talk to one another without tunnels and crap, I think when people migrated their networks to gigE, they would have also migrated their devices to IPv6 as well.
            • by TERdON ( 862570 ) on Saturday July 02, 2005 @11:00AM (#12969068) Homepage
              Both IPv4 and IPv6 were designed to be implementable as software protocols. They were also smart enough to implement a version flag in the protocol. There is nothing at all stopping you from installing dual IP stacks on all of your computers, giving each interface an IPv4 and one IPv6 adress, and use both of them interchangably.

              What is stopping the implementation of IPv6 are those pesky legacy devices, legacy operating systems (ie Windows) and legacy hardware accelerated routers, and the fact the Internet being as big as it is - it's basically impossible to do a clean switchover, and there ARE problems when combining the two systems - even though you can have both on the same network, they won't be interoperable (=really bad).

              Of course IPv6 has been designed to work around these issues as well as possible, but there will be issues eg getting a IPv4 machine to connect to a IPv6 one. And NAT has been the easier-to-implement short-term-solution for home 'puters etc...

          • Between NAT, dynamic DNS, and application level protocols to negotiate ports, we don't have merely 4 billion IP addresses, we have 28147 trillion,

            So please explain: if me and someone I'm trying to contact are both behind NAT, what number do I try to connect to if I want to directly connect to this computer, i.e. the whole damn point of the Internet?

            Like has been said before, the people who think NAT is acceptable all want or have their own real IP addresses.
    • The #1 reason the private sector isn't picking is up is the vast majority of the big isps don't offer it, as long as they remain on ipv4, ipv6 isn't going anywhere fast.
      • And the major reason the vast majority of the big isps don't offer it is because there is no demand for it. Anyone offering a useful service on the web can afford a few bucks a month for a static IPv4 address, and I don't see that fact going away, ever. So what do you get by going with IPv6? AFAICT, nothing but incompatibility problems.

        IPv6 would have been better than IPv4, if we were building the internet from scratch. But Beta is better than VHS too, and I don't know very many people with Beta casse

        • But Beta is better than VHS too, and I don't know very many people with Beta cassette players.

          Except that it's not. VHS had a longer capacity than Beta, and for most people being able to record more on a single tape was more important than a marginal difference in quality.

    • Why should they? What is gained by IPv6? Nothing currently. Oh you get to say, "Dude! I'm IPv6!" Big deal. NAT has stifled IPv6 for the masses and brought at least some level of security to Winblows users around the globe. The idea that the whole government should be on it is probably the compulsion of a bunch of advocates. In the case of the government, I can live with it. As for the rest of us it's really just a solution who's problem has largely already been solved.
      • by Mr Smidge ( 668120 ) on Saturday July 02, 2005 @09:27AM (#12968665) Homepage
        NAT will not allow you to do easy VOIP or video-conferencing.

        Now think about this: there's an entire class A subnet allocated to MIT. There's quite a few class A subnets allocated for various US governmental institutions. There's a whole one for Apple computer.

        But, there's just one for the entire African continent. Some ISPs in countries besides the US cannot give their customers a real IP address! There are not enough to go round. The way they have been allocated is clearly skewed.

        So yes, lots of people stand to gain by having more addresses. They just happen to be in some of the poorer nations.
  • Unless... (Score:3, Funny)

    by Allrod ( 883869 ) on Saturday July 02, 2005 @05:43AM (#12968110) Homepage
    Another choice quote: Microsoft's next operating system, dubbed Longhorn, will be "fully IPv6-capable," Khaki said. That should really be: Microsoft's next operating system, dubbed Longhorn, will be "fully IPv6-capable, unless that gets dropped too..." Khaki said.
    • Wasn't XP already supposed to be fully IPv6 capable ?
      • Wasn't XP already supposed to be fully IPv6 capable ?

        From the article:

        Jawad Khaki, corporate vice president for Microsoft [said] Microsoft's next operating system, dubbed Longhorn, will be "fully IPv6-capable,"
      • Windows XP includes a `Preview' (read: beta) IPv6 stack, and it is downloadable for NT4 and 2000. Trumpet (remember them?) ship a production-readly IPv6 stack for Windows 95 and later.

        Source [ipv6.org]

        • Wow, Trumpet. That brings back very scary memories of trying to configure Trumpet Winsock on Win3.11 to connect to a PPP server at a local BBS. That was the single flakeyest program I think I have ever used.
    • Microsoft's next operating system, dubbed Longhorn, will be "extremely close" to a release by 2008, Khaki said
  • Progress in DoD (Score:5, Insightful)

    by dgb2n ( 85206 ) <dgb2n@@@yahoo...com> on Saturday July 02, 2005 @05:46AM (#12968117)
    Although there has been alot of noise around it, actual progress hasn't been so convincing and the 2008 date appears highly unlikely. In many cases its more a matter of "here's how we'd do it if you gave us X dollars" than a funded plan forward.

    This has appeared all along like a deliberate attempt to force a "technology refresh" that would be beneficial to major US networking companies than any real response to technical superiority of the IPv6 protocols.

    If the technical merit were really there (many of the supposed IPv6 improvements have been backported to v4), my guess is a specific mandate wouldn't be necessary. Business would take care of it.
  • NAT (Score:5, Insightful)

    by debilo ( 612116 ) on Saturday July 02, 2005 @05:49AM (#12968123)
    Before people jump and say that we don't need IPv6 because NAT is good enough: No, NAT is not good enough. While I am grateful for NAT (and I am sure every other pood sod stuck with a single address only is grateful too), NAT has some serious shortcomings and limitations which increase the need for sometimes ugly, drastic or awkward workarounds for many things. It would be nice to be able to communicate with machines behind routers directly, though the security aspect that NAT provides really is useful.
    • Re:NAT (Score:4, Informative)

      by FrostedWheat ( 172733 ) on Saturday July 02, 2005 @06:20AM (#12968195)
      though the security aspect that NAT provides really is useful

      Nothing a simple firewall can't handle.
    • bingo, while nat is nice for home and small office use for basic sharing for a net connection for web and email. it runs into problems fast if your planing to use it for say an isp enviroment or similar, and to me thats what the grandparent post talks about.

      the biggest single nat problem is vpn tunneling. that a nat setup have to rewrite the source or destination part of the header can mess up or make invalid the tunnel if it require packet signing (ie, use private key to add a checksum for the header) fro
    • by gclef ( 96311 )
      The biggest problem I see with this attitude (not that I entirely disagree with it) is that it assumes NAT will go away in v6. I sincerely doubt that it will. I know it's unnecessary in v6...but people have gotten used to it, and it's been sold to them as a "security feature". Therefore, they're going to want to use it in v6, whether or not it really does anything for their security.
      • Re:NAT (Score:3, Insightful)

        by Baricom ( 763970 )
        Actually, most people I've talked with use NAT not for the security but because they need it to get more than one computer online (the local broadband providers provide one IP address and rent extras for about $10 per month). I think whether NAT continues to be popular or not will probably be influenced by whether residential ISPs become less stingy with the address space.

        If NAT goes out of style, the home router people will just focus more on delivering good firewalls, and a lot of people (probably inclu
        • by gclef ( 96311 )
          I'm not as concerned with the home users as much as I am with the PHB's. They think NAT's magic security dust, and convincing not to use it, v4 or v6, is (I think) bound to fail.
      • The biggest problem I see with this attitude (not that I entirely disagree with it) is that it assumes NAT will go away in v6.

        What's more likely, if IPv6 does catch on, is that NAT will be replaced by IPv4 to IPv6 tunnels.

        But I seriously doubt this is going to happen. Redesigning everything from scratch is a software engineer's wet dream, but in the real world for a system to work it needs to be much more backward compatible than IPv6. It's like DJB said [cr.yp.to]: "The IPv6 designers made a fundamental concept

    • Thats why they invented SVC DNS records.

      We already have have about 2^48 IPv4 addresses for things using SVC records.

      The real reason we ran out of IPv4 address is that cisco routers can't cope with a full routing table. Some how quadrupling the amount of memory the same routing table needs isn't going fix the problem.
      • Re:NAT (Score:3, Informative)

        by Fished ( 574624 )
        Nawww... you're missing the point that IPV6 is designed to require significantly fewer entries in routing tables for the same number of networks. Yes, the addresses are 4 times as long, but that doesn't make the routing table takes four times the memory.
        • I know the theory.
          I know the real world isn't as nice. I've been dealing with routing issues since the days of the uumaps collapsing and I've seen where IPv6 is headed.
    • Before people jump and say that we don't need IPv6 because NAT is good enough: No, NAT is not good enough. While I am grateful for NAT (and I am sure every other pood sod stuck with a single address only is grateful too), NAT has some serious shortcomings and limitations which increase the need for sometimes ugly, drastic or awkward workarounds for many things. It would be nice to be able to communicate with machines behind routers directly, though the security aspect that NAT provides really is useful.

      T

      • What we need is Ipv6 capable NAT boxes that are capable of doinf 4/6 translation on the fly. The main barrier to adoption of that type of strategy is folk who really can't see beyond the end-to-end principle.

        I think those would be called NPT boxes (network protocol translation)...


    • though the security aspect that NAT provides really is useful.


      NAT doesn't have a security aspect. It just rewrites the addresses and ports on outbound packets and keeps track of them to rewrite the corresponding replies. If you don't have filter rules to back it up then any traffic can just flow right into your network. NAT doesn't cause packets to be dropped.

      • This is of course not true.
        A NAT router without special configuration has no way of accepting inward connections. So, by inserting an autoconfigured NAT box in front of a system you efficively have an autoconfigured firewall that only allows outbound connections.
        This is like a filter that protects all your services that were intended for inside use only.
        • A NAT router will accept all inward connections by default, unless you tell it to do otherwise with filter rules. Try it sometime. Find me one implementation of NAT that drops anything.

          • You are trolling, aren't you?
        • by isj ( 453011 )
          A NAT router without special configuration has no way of accepting inward connections
          My old Intel Express ISDN router do. By default it makes reverse mapping for all ports to the inside PC that triggered the outgoing link.
      • by Ruzty ( 46204 )
        NAT doesn't cause packets to be dropped.

        So, you can connect to the sshd on my 10.0.0.31 box that is behind a public IP attached to a NAT'ing device? (No you can't any neither can anyone else without compromising the device performing the NAT'ing.) It causes packets that don't have a port redirection rule, to a private IP/port tuple, on the public interface to be dropped. It's a very crude version of a "deny all" rule that uses rewrite/redirection where a firewall would use "allow in" rules.
        -Rusty
  • Well, IPv6 is nice (Score:2, Interesting)

    by Anonymous Coward
    Especially "anycasting". But what about SCTP ? Now that would be worth wide support.

  • Benefits of IPv6 (Score:5, Informative)

    by lw54 ( 73409 ) on Saturday July 02, 2005 @06:01AM (#12968148)
    IPv6 is a powerful enhancement to IPv4. Its primary features are as follows:
    • The larger address space provides new global reachability, flexibility, aggregation, multihoming, autoconfiguration, plug and play, and renumbering. IPv6 increases the IP address size from 32 bits to 128 bits, allowing more support for addressing hierarchical levels, a much greater number of addressable nodes, and simpler autoconfiguration of addresses.
    • The simpler, fixed-size header enables better routing efficiency, performance, and forwarding rate scalability.
    • The numerous possibilities to transition from IPv4 to IPv6 allow existing capabilities to exist with the added features of IPv6. Various mechanisms are defined for transitioning to IPv6, including dual stack, tunneling, and translation.
    • Mobility and security ensures compliance with Mobile IP and IP Security (IPSec) standards.

    Page 46, CCNP Self-Study, Paquet Teare

    • Re:Benefits of IPv6 (Score:5, Informative)

      by Florian Weimer ( 88405 ) <fw@deneb.enyo.de> on Saturday July 02, 2005 @07:59AM (#12968417) Homepage
      Reality is quite different and does not live up to the short-sighted analysis you quoted.

      The larger address space is meaningless as long as it's harder to get independently routeable IPv6 prefixes than it is for IPv4. IPv6 headers are not fixed-size, especially in enterprise environments, the extension headers make the IPv6 header variable-length, causing endless headaches with hardware-assisted forwarding. Quality of implementation of the transition mechanism often suck, and they introduce new security issues. IPsec for IPv6 is not widely available, in contrast to IPsec for IPv4 -- even though it is mandated by the RFCs.

      Right now, IPv6 cannot deliver any of the new features it promises. It makes a lot of sense not to deploy it at this stage.
  • by Spoing ( 152917 ) on Saturday July 02, 2005 @06:05AM (#12968158) Homepage
    ...all desktops in the US Federal Government will have unique IPs, making it even easier for the bad guys to exploit a machine many layers deep in a network. After all, why secure the routers when your department managers just keep complaining that they can't connect from home?
    • Repeat after me "NAT is not a firewall...NAT is not a firewall"
      • Repeat after me "NAT is not a firewall...NAT is not a firewall"

        ...and firewalls aren't the end all to security. (Thus, the sig.)

        NAT is a capability of routers. It's not the only capability of routers, nor is it a necessary feature to enable when configuring them. (I'm talking about a full-featured router and other related devices, not a plug-and-go untweaked home model.)

  • by Anonymous Coward on Saturday July 02, 2005 @06:07AM (#12968163)
    Mac OSX has had great IPv6 for a while (10.2)

    http://evanjones.ca/macosx-ipv6.html [evanjones.ca]

    And the feds moved back their deadline so many times that even 2008 will be pushed back.

    Apple even had a demo of ipv6 in OS9 once, and a long while back was big on it.

    Most people, who enjoy semi-anon IP addresses from defacto forced reissue taht I know are against IPv6 and see it for all its regretful faults, despite its wonderful goals and alleged benefits.

    In an IPv6 world... there will be no more anononymity except at a WiFi cafe lacking video cameras.
    • The feds are always pushing back deadlines. I'm sure regular readers have seen two or three articles here about the total conversion of all broadcast television from analog to digital signals? It's the same case. They need to get tough on these "deadlines," or else nothing'll get done at any pace faster than that of a snail.

      And here shall commence the argument about whether or not anonymity on the Internet is a Good Thing or a Bad Thing.
    • by Detritus ( 11846 ) on Saturday July 02, 2005 @07:01AM (#12968284) Homepage
      Most people, who enjoy semi-anon IP addresses from defacto forced reissue taht I know are against IPv6 and see it for all its regretful faults, despite its wonderful goals and alleged benefits.

      The tin foil hat brigade is on the march, again.

      If you want an "anonymous" IP address, there is nothing to prevent you from using a sooper-sekret random number instead of the interface's MAC. See RFC 3041 [ietf.org].

    • In an IPv6 world... there will be no more anononymity except at a WiFi cafe lacking video cameras.

      Hmm, I think just the opposite would be true. Now that every person on the planet can have a billion IP addresses, it'll be feasible to use a different IP address every single minute for the rest of your life. Yes, IPv6 makes it possible for even a dialup server to give out static IP addresses to everyone, but it doesn't require it.

      This could have a big impact on sites like Slashdot which rely at least in


    • Most people, who enjoy semi-anon IP addresses from defacto forced reissue taht I know are against IPv6 and see it for all its regretful faults, despite its wonderful goals and alleged benefits.

      In an IPv6 world... there will be no more anononymity except at a WiFi cafe lacking video cameras.


      What are these anonymous IP addresses you speak of? What about IPv6 makes the addresses less anonymous than IPv4?

  • by haakondahl ( 893488 ) on Saturday July 02, 2005 @07:07AM (#12968298)
    ..Just declare it part of the metric system. Or is that the other way round?
  • NAT-PT for linux (Score:2, Interesting)

    by tolonuga ( 10369 )
    Is there any nat-pt solution for linux?
    I don't think anyone wants go through the
    pain of double stacks. So to run a ipv6
    only network, and connect it with both
    v4 and v6, you would need a v6tov4 nat
    device (nat-pt). I haven't seen anyone
    offering that, at least no linux based solution
    (some *bsd might be able to do that, not sure).
  • Missing improvements (Score:5, Interesting)

    by Peaker ( 72084 ) <gnupeaker@@@yahoo...com> on Saturday July 02, 2005 @08:03AM (#12968428) Homepage
    IPv6, to me, was a bit of a disappointment because it lacks two features that I find important:

    A) A protocol between the ordinary level2 and IP(level3) (Could be named layer 2.5) that takes care of error-corrections via retransmissions. Not replacing TCP's error-correcting retransmissions, but in addition to those. The reason is that most lost packets are lost packets on a single link because of load issues and such, and not because a whole link falls and breaks a route. In those cases, it is very inefficient to retransmit the whole route, and to add a huge latency-overhead to the packet transmission.

    B) Get rid of the silly "port" concept. Ports are just internal-computer addresses, and as such, should simply be part of the address itself. There should be no reason to distinguish between the network address and the host address and thus subnets were created, and that separation no longer exists. Just the same, there should be no reason to distinguish between net/host address an application addresses. Removing the "port" concept and placing it as part of the IP address itself has the following benefits:
    I) UDP becomes redundant to IP itself, the whole protocol is about adding the port address and can be discarded.
    II) DNS entries can point to applications and not hosts. This would allow www.server.com and www2.server.com to point to different webservers in the same computer. This would allow to discard the "virtual web hosts" feature. It would also allow to support multiple servers of any type (ftp, smtp, etc) on any host, all pointed by dns, without messing with the port supplied to the user.
    III) An internal network can route the same application address to any host it chooses, easing the distribution of load. It would also not expose to the external world how applications are served on which hosts.

    Anyhow, I look forward to seeing those features in IPv7.
    • by pe1chl ( 90186 )
      Point A should be handled by the link layer at level 2. Any level 2 protocol can decide to have retransmissions, forward error correction, or whatever method it deems necessary to ensure reliable transmission of frames that hold IP packets. As the issues are usually quite specific to the actual link protocol in use, it does not seem to be necessary to have a standard retransmission protocol on top of that.

      However, with B you certainly have a valid point!
      How inconvenient it is that you cannot set an MX re
    • Your assuming that the 'port' concept is universal to all protocols above the IP layer. There is much more than just TCP and UDP traffic flying around. http://www.iana.org/assignments/protocol-numbers/ [iana.org]
      • Quite some protocols that run directly above the IP layer later got "over UDP" variants to solve NAT problems.
        Having a larger address and using it with all protocols, instead of using the port concept only with certain protocols, would have been better.
    • by Anonymous Coward on Saturday July 02, 2005 @09:26AM (#12968663)
      Not trying to be harsh. But the missing improvements are outside the IP scope and functions. Just for your information:

      A) Look for MPLS and its future succesor GMPLS.
      B) The port concept is a TCP/UDP layer issue, not an IP issue. You can use lots of IPv6 addresses for the same device (IPv6 permits explicitly that) and just one port if that is what you prefer. I personally don't see the improvement. IP addresses are assigned to devices (in the IPv6 paradigm), ports are assigned to application uses. I personally beleive it is much straightforward this arrangement that an IP derived solution. At least now, you now port 80 means (at least should) web access.
      • By using a separate address for each application, instead of a portnumber, you can address applications without having to worry about hardcoded or default portnumbers at the other side.
        Anyone who ever wanted to run multiple copies of the same service on the same machine, or wanted to move applications that were once on the same machine to different machines, knows the advantage of that.
    • It's not necessary or desirable to have retransmission at the IP level. Firstly, it would put a humongous burden on routers because they would have to keep packets in memory after they have been sent, in case they need to be retransmitted. This would only make "load issues" worse and result in *more* packets being dropped, not less. Secondly, the correct response to packet loss on a link is to route around the link, not to retransmit over the link and produce more congestion. Routing around the link wil
  • by Gothmolly ( 148874 ) on Saturday July 02, 2005 @08:13AM (#12968452)
    I've seen this sort of first thing first-hand. Here's how it goes down:

    Consultant: Hey, buddy o'mine in the White House Budget office, lets do lunch.
    WhiteHouse: OK
    Consultant: You know, if you dont use IPv6, you're obsolete.
    WhiteHouse: Really?
    Consultant: Yep. You wouldn't want the (Commies|Al-Qaeda|Chinese|French) to be ahead of us, would you?
    WhiteHouse: Hell no!
    Consultant: Nobody is going to deploy IPv6 w/o a reason. It's hard to do.
    WhiteHouse: Hmm, we need to do this, its a matter of Homeland Suck-your-ity. Can you help?
    Consultant: Why sure, but you should make sure that only me and a few others are approved for this gig, you wouldn't want any incompatibilities, would you?
    WhiteHouse: Damn straight, I think I'll have another Scotch.
    Consultant: Go ahead, its on me. *evil cackle*
  • by Zugot ( 17501 ) * <bryan@o[ ]m.com ['ses' in gap]> on Saturday July 02, 2005 @09:34AM (#12968693)
    If you are a network engineer type, and you want to make some money, this is maybe some very good news. Most government agencies contract out this type of work. And I know there is a severe shortage of good network types out there who can grok ipv6. I am actually glad about this. It is kinda like Y2K all over again.
  • Another GOSIP? (Score:5, Interesting)

    by isdnip ( 49656 ) on Saturday July 02, 2005 @11:01AM (#12969076)
    I'm old enough to have lived through the GOSIP debacle two decades ago. I see a replay.

    GOSIP (Government OSI Profile, and the acronym was used separately by the US and UK) was a requirement to implement the OSI protocol stack by some date in the 1980s. It was a procurement requirement: Every system bought by the feds as of a certain date had to have OSI. Unless it got a waiver.

    Some people took this to mean that the government would transition from TCP/IP to OSI by then. And this would lead the world to OSI. And so they invested heavily in OSI. (Remember DEC?) Come to think of it, the way the lead story is written here, you get the same impression, that by 2008 the feds really will be using IPv6.

    But that's not what GOSIP meant. It meant that the equipment had to have OSI available, not that the government would actually use it. Having OSI was a checklist item. And eventually it got discarded, because nobody would actually use it; TCP/IP did the job well enough, and some of the early OSI implementations were, to be polite, a pile of crap. But a pile of crap still meets the checklist for an option that won't be used!

    IPv6 is somewhat dumber, protocol-wise, than OSI. It has been around for well over a decade, solving non-problems with non-solutions, ignoring problems of the public Internet that developed since then, while promising higher overhead, obsolesence of equipment, difficult management and transtion, and more money for Cisco. So unless you're Cisco, there's no reason to go there. And nobody is going there.

    Microsoft will meet the checkoff, as will other vendors, but I predict that in 2009, IPv6 will still see little use, even by the feds. Perhaps if we're lucky somebody will be talking about really fixing the problems in the current protocol stack, rather than going with a hack that was created for internal political reasons at IETF before the Internet was even open to the public.
  • by Mattintosh ( 758112 ) on Saturday July 02, 2005 @02:30PM (#12969964)
    I just read through way too much drivel about IPv6 vs. NAT just now.

    Here's the way things really should go. There are two possibilities, and they're not mutually exclusive.

    1) For mobile devices:

    Mobile devices should be addressed by a hardware address. This hardware address shouldn't be tied directly to the device, however, as mobile devices can be broken or lost easily. This is do-able right now with SIM cards. They have a SIM ID that could be used in place of an outdated phone number system. (Let's face it, POTS is ancient and crufty, and so are its numbering systems.) If you drop your cell phone and break it, move the SIM card to the new one.

    One thing to watch out for here, though: All cell phones must use the same protocols, and all cell providers must use the same protocols. This ends their convenient lock-in semi-monopolies on their customers. This is a practice that isn't going to end without a fight.

    2) Wired devices:

    Wired devices should use an assigned address. IPv4-style 4-octet addresses are fine. But the arrangement needs to be a bit more logical. They need to be arranged in a hierarchy. From 0.0.0.2 to 255.255.255.255, every address should be valid. 0.0.0.0 should be reserved as a null address (duh) and 0.0.0.1 should be the localhost address (or "self" or "this" or "me"). Any other address can be a node. Any node can serve as a gateway to a COMPLETE subnet.

    So if I want to reach grandma's wired VoIP phone, her number is "233.67.94.199::0.0.0.2". A phone keypad wouldn't have to be changed, as you could use * for . and # for :: when dialing, so the above number would be dialed as "233*67*94*199#0*0*0*2". And if I wanted to connect to her webserver, I'd point my browser at "233.67.94.199::0.0.0.3".

    And there would, with only a two-level hierarchy, be more addresses than IPv6 offers(*). With more levels in that hierarchy, there would be no such thing as an address shortage. And to top it all off, I'm guessing the top-level routing equipment wouldn't have to be substantially changed. It's still just routing from one IPv4 address to another. The gateways would all have to change, though.

    Notice another thing about this IPv4^n idea: Hierarchical NAT bypass. Notice how it resembles a C++ (and copycats) scope-resolution operator and how it resolves the scope of the actual device address and how it could easily be extended to multiple levels beyond what I've suggested.

    (*)If you don't believe me, do the math:

    IPv6:
    2^128 = 3.402823669e38

    IPv4^2 (IPv4-sqared)
    32^32 = 1.461501637e48

    IPv4^3 (x.x.x.x :: x.x.x.x :: x.x.x.x)
    32^32^32 = 1.461501637e1536

    With those IPv4^n address spaces, you have to remember that you don't get quite that many addresses, as you lose 0.0.0.0 and 0.0.0.1 from each range and subrange. In IPv4^2, you lose 8-billion-something addresses - 2 main-range addresses plus 2 addresses from each of the 4-billion-something-minus-two subranges. That's a trivial loss in the scope of this scheme, and yet is almost twice as many addresses as we have available right now.

Single tasking: Just Say No.

Working...