Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Networking The Internet

There Is No Plan B, the Ugly Transition To IPv6 717

An anonymous reader writes "The Internet is running out of IPv4 addresses — not at some point in the future, but right now. But the only solution to the problem, IPv6, is just now really starting to be deployed. That's why we're all in for some tough times ahead."
This discussion has been archived. No new comments can be posted.

There Is No Plan B, the Ugly Transition To IPv6

Comments Filter:
  • by d0nster ( 989432 ) on Thursday September 30, 2010 @08:18AM (#33746018)
    Maybe we should reclaim some of AOL's massive block of addresses. It would help a little in the short run. And they sure aren't using them.
    • kidding aside, I'd be interested to know what the actual Class A block utilization numbers look like.

      • Re:Reclaim Some? (Score:5, Informative)

        by Carewolf ( 581105 ) on Thursday September 30, 2010 @08:51AM (#33746330) Homepage

        kidding aside, I'd be interested to know what the actual Class A block utilization numbers look like.

        True, that is obligatory. Map of the Internet [xkcd.com]

      • Re: (Score:2, Interesting)

        Well, if it helps any, xkcd has a map [xkcd.com] of who controls various blocks (across classes).
      • Re: (Score:3, Informative)

        by Joce640k ( 829181 )

        Here you go... [xkcd.com]

        And here... [isi.edu]

    • Re:Reclaim Some? (Score:5, Informative)

      by kaptink ( 699820 ) on Thursday September 30, 2010 @09:02AM (#33746482) Homepage

      I've wondered why this hasnt been done sooner. There are some relatively small groups out there with class A blocks (16.7m) still. Make those who own these blocks justify their use. I believe back when the internet was just a wee bub, IP addresses were handed out to anyone who wanted them. And some companies just took huge chunks.

      Have a look at this list for starters http://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks [wikipedia.org] or http://abhishek.nagar.me/content/class-ip-address-and-owners [nagar.me]

      Some organizations, such as Stanford University, formerly using 36.0.0.0/8, have returned their allocated block to assist in the delay of the exhaustion of addresses. Perhaps some others could follow in their steps.

      • Re:Reclaim Some? (Score:5, Insightful)

        by Anpheus ( 908711 ) on Thursday September 30, 2010 @09:13AM (#33746628)

        At the rate that we're exhausting addresses, even if it were possibly to schedule and reclaim more than one Class A a month, we'd only be postponing the inevitable... by about a month.

        And that assumes you can move all of their infrastructure off their class A in that time, maybe when your team gets around to dealing with , you realize it could take a year long migration.

        Yeah, that'll work.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        It's probably just not worth the trouble. I looked at the rate of /8 allocations: over the past 10 years, we've allocated an average of 8 /8s per year to the RIRs. That means clawing back a Class A will buy us about 45 days. It's probably just not worth the trouble to get an extra 45 days.

      • Ford (Score:3, Insightful)

        by CarpetShark ( 865376 )

        Non-IT Companies like Ford doesn't need to be on a list like this at all. Apart from a a few WAN IPs, a webserver, and a mailserver, they could probably put their whole network behind NAT, and no one would notice.

        • Re: (Score:3, Interesting)

          by MikeBabcock ( 65886 )

          NAT didn't exist in its present form when these addresses were handed out. The assumption was that every machine on the Internet was a routable entity unto itself.

          IPv6 brings back that concept, with all its benefits and security issues.

          • Re: (Score:3, Informative)

            by sjames ( 1099 )

            The security issues only exist if the network people shouldn't be doing security anyway. NAT just happened to provide a decent level of protection for machines behind the firewall. A simple set of v6 rules can provide exactly the same protections.

            Block inbound connections, inbound SYN,ACK packets that don't match an outbound SYN, and UDP unless there was a matchong outbound UDP first.

            Meanwhile, by not re-writing every packet passing through, the firewall can handle a lot more traffic for the same resources.

            • Re: (Score:3, Insightful)

              by Nursie ( 632944 )

              "The security issues only exist if the network people shouldn't be doing security anyway. "

              Right, like my mom. The internet is not just for geeks these days, and the idea of having publicly routable (and thus more easily root-able) systems in the hands of my less-than-computer-savvy family members is scary.

      • Re:Reclaim Some? (Score:5, Insightful)

        by SamSim ( 630795 ) on Thursday September 30, 2010 @09:59AM (#33747294) Homepage Journal

        There are two major reasons why this almost certainly won't happen. The first reason is that at the current rate of use this would delay IPv4 exhaustion by only a few months to a year.

        The second is that for an organisation to claim such a large block of addresses, it must have done so relatively early in history. That probably means the organisation is a technology group or another organisation which has had a vested interest in the internet for a very long time. Over those decades, there's a good chance that the organisation has swelled up to make maximum use of its assigned address spaces, and rearranging its network and systems for greater efficiency would be a mammoth undertaking for relatively little gain (see above).

    • Re:Reclaim Some? (Score:5, Informative)

      by jon787 ( 512497 ) on Thursday September 30, 2010 @09:04AM (#33746502) Homepage Journal

      ICANN considered this option, but decided that it didn't extend the deadline out far enough to be worth the costs.

      http://blog.icann.org/2008/02/recovering-ipv4-address-space/ [icann.org]

  • by Anonymous Coward on Thursday September 30, 2010 @08:21AM (#33746036)

    What? We're running out of IPv4 addresses? Why are we only learning this NOW? This is an outrage! Why haven't tech sites told us about this problem sooner...say, several times a year?

    • Re: (Score:3, Insightful)

      by catmistake ( 814204 )

      What? We're running out of IPv4 addresses? Why are we only learning this NOW? This is an outrage! Why haven't tech sites told us about this problem sooner...say, several times a year?

      LOL Sarcasm aside... wouldn't it be better not to tell anyone? Just let them... how do I say this... movie metaphors might help... like letting them remain asleep inside the Matrix, or Inception style, dreaming inside their dream, or IPv6 is "oh, this is the real party" from Brain Candy. Then the NEW IPv6 Internet could be Flash-free! No more click fraud on pr0n sites! Just think of it!

  • Article invalid (Score:2, Insightful)

    by drinkypoo ( 153816 )

    Article invalid: Author considers NAT to be a security mechanism, and specifically cites Windows ICS as the example... I've personally had Windows machines owned by infected machines on the same segment.

    • Re: (Score:3, Insightful)

      by jra ( 5600 )

      It *is* a security mechanism: you can't Ping Of Death a machine that doesn't have a routable address from the public Internet.

      That doesn't say it's a *sufficient* security mechanism for any specific threat, but saying simply that it is *not* one is ignorant.

      • Re: (Score:2, Interesting)

        by aliquis ( 678370 )

        Nah you just ping the address you know and the machine behind that one still get borked.

        Great.

        I doubt OMGYOUCAN'TPINGME is the greatest benefit.

      • Re: (Score:3, Insightful)

        by Hatta ( 162192 )

        You can't Ping of Death a machine that's behind a stateful firewall that's dropping ICMP packets either. Every bit of security you get from NAT can be done with a firewall without fundamentally breaking the peer to peer structure of TCP/IP. Claiming that NAT is a security mechanism is ignorant. NAT adds *nothing* a properly configured firewall does not already do.

    • Re: (Score:3, Insightful)

      by jeffmeden ( 135043 )

      NAT is insecure only if the machine operating the NAT is insecure. A host running a NAT with sufficient hardness/dumbness will shield the interior machines from any sort of inbound attack; the fact that they are unaddressable from the outside is as secure as you can get without unplugging. An attacker on the inside is a different story but that attack vector would exist with or without an internet in the first place.

      Cue the "oh but there are insecure browsers/email/cellphones/whatever" crowd in 3, 2, 1...

    • by anti-NAT ( 709310 ) on Thursday September 30, 2010 @08:52AM (#33746346) Homepage

      attackers don't only come from the Internet. The "hard shell, gooey centre" security model is doomed now that people are buying laptops, ipads, iphones etc. Mobile devices need to protect themselves, and since everybody is buying mobile devices, upstream network located firewalls are losing their effectiveness.

      • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Thursday September 30, 2010 @09:13AM (#33746622) Homepage Journal

        The notion that a border firewall was a sufficient security mechanism ended when the portable computer was invented, which is to say, it was never a valid concept. Indeed you could make the case that indeed telecommunications itself basically invalidates the idea. Get someone to hook up a modem to some internal system and you've got an attack surface.

        It's truly distressing how many effective security mechanisms go unused for lack of a user interface. SElinux has the potential to make system intrusion all but a thing of the past, but it is tragically underutilized because it is difficult to create a useful profile. NX/DEP goes unused in many cases because it causes compatibility problems. All POSIX.2 systems have ACLs but virtually none of them use them because there's no GUI tools. Firewalling did not become popular for user desktops until the various add-on firewalls for Windows with autoconfiguration interfaces appeared (e.g. ZoneAlarm.) I'm sure some other people can imagine some other even more excellent examples... well, actually, it's hard to imagine a better example than SElinux. But I really want ACLs, and I'm kind of annoyed that GNOME or KDE hasn't taken a stab at them yet.

  • 1980s Real Estate
    1990s Tech Stocks
    2000s Commodities
    2010s IPv4 addresses

    • by jra ( 5600 ) on Thursday September 30, 2010 @08:29AM (#33746098)

      Wow. DJB misunderstands something?

      Say it ain't so, Joe!

      (His piece, written in his usual "I am not at all nuts" style, assumes that IPv6 is *solely* a new "address space", and not an entire replacement protocol.

      (While that might have been a better design, smarter people than me decided it wasn't practical to approach it that way, so listing the ways in which that wasn't well implemented is useless, since *that wasn't what they were TRYING to implement*; the entire page is a strawman.)

      • by TheRaven64 ( 641858 ) on Thursday September 30, 2010 @08:44AM (#33746256) Journal

        While that might have been a better design, smarter people than me decided it wasn't practical to approach it that way

        The problem with the approach is that it's very difficult to do in a way that doesn't break backwards compatibility, and if you're going to break compatibility then you may as well fix other things at the same time.

        One option, for example, might have been to get rid of the port field as a fixed length and make network, machine, and port number all combined in the same way that network and machine addresses are now. This would let you have, for example, 256 ports per machine while getting 256 times as many IP addresses, or doubling the available addresses at the cost of only having 32K ports per machine. Only the routers at the very last hope would need any modification for this to work. Since you only need a unique port for each app that connects to the Internet (you can reuse ports, as long as the remote end is different), 2^16 is a lot more than most machines need, and losing 3-4 bits from the port field would be a lot more convenient than NAT for a lot of home users.

        Of course, that would still not be a good long-term solution. After a little while, you'd end up with the port field being shortened so much that people would complain. You'd also have the problem that you actually use the variable-length port field, every machine on your local segment would need an upgraded network stack, and protocols that expected to be able to use high port numbers would have serious problems.

        The effort in deploying such a solution would only be slightly lower than the effort of deploying IPv6 and it would be a significantly inferior long-term fix.

        • Precisely, there's all sorts of things you can do if you're not concerned with backwards compatibility. One of the main reasons why Apple has been resurgent in the OS market is that they broke backwards compatibility and made some really significant changes to the way their platform worked. OSX is significantly more reliable and more stable than their previous releases were. Mainly because they completely redid things with experience from known stable OSes.

          MS has had a lot of trouble due to trying to mai
        • by r7 ( 409657 ) on Thursday September 30, 2010 @10:24AM (#33747652)

          The problem with the approach is that it's very difficult to do in a way that doesn't break backwards compatibility, and if you're going to break compatibility then you may as well fix other things at the same time.

          Didn't have to be that way. We could have had an IPv5 with all the addresses and none of the backwards compatibility issues if not for special interests in the IETF:

              http://bill.herrin.us/network/ipxl.html [herrin.us]

          Gets my vote for IPv7...

      • Re: (Score:3, Interesting)

        by Cyberax ( 705495 )

        So why do we need entire replacement protocol?

        Let's see, IPv6 autoconfiguration is nice, but DHCP is working fairly well by now. So no need for a new protocol here. No checksums for mutable header IP fields? Nice, but does it require a whole new protocol?

        What else? Multihoming? Nope, IPv6 doesn't help here. Mobile IPv6? That's just a result of a large address space, so nothing new here.

        So, why do we need a replacement protocol if not because of a larger address space?

    • by AbbeyRoad ( 198852 ) <p@2038bug.com> on Thursday September 30, 2010 @09:58AM (#33747274)

      Basically, this is what is going to happen:

      Some ISP somewhere with a /20 is going to project that in 6 months time they will be out of IPs,
      and it's going to be too expensive to buy another /20.

      So they are going to buy some Cisco-hardware-NAT-appliance and say to their customers: "look here,
      you are all on NAT from now on, if you want a real IP you pay extra."

      This NAT box will NAT a /20 to a /24 of temp addresses+ports. It will be plug-n-play and
      easier than setting up IPv6.

      99.9% of customers won't read the announcement and won't notice. They are all NATing through
      their DSL modems anyway, and this Cisco equipment will have hacks for all those special
      apps that need it to work behind double NATing.

      And no one will ever think of switching to IPv6

      -paul

  • Procrastination (Score:5, Insightful)

    by dmgxmichael ( 1219692 ) on Thursday September 30, 2010 @08:26AM (#33746086) Homepage

    Why is it that problems never seem to get corrected until they are well and truly disastrous in scope.

    • by tsj5j ( 1159013 )

      The whole idea in a democracy is to have visionary leader(s) elected to lead the short-sighted (generalization) masses.

      Unfortunately, our leaders today are mostly controlled by short term financial interests, which brings us back to square one.

    • Re:Procrastination (Score:5, Insightful)

      by oldspewey ( 1303305 ) on Thursday September 30, 2010 @08:41AM (#33746228)
      Because by being insanely focused on quarterly results, our society rewards short-term thinking, and often actively punishes long-term thinking. In most (not all, but most) companies, if a system architect told his CTO
      "we need to undertake a $X million project to transition our systems to IPv6. This is going to become a big deal in about 10 years time and we want to be on top of it,"
      the CTO might or might not take the idea seriously. But even if the CTO did decide to bring the idea to the board for approval, he'd be shot down in seconds.
      "You want to reduce shareholder profits by $X million to fix something that might become a problem in 10 years? Let's move on to the next item on the agenda shall we? And don't bring stupid ideas like this one to the table again in the future Bob. We need you focused on shareholder value."
      .
      • Re:Procrastination (Score:5, Insightful)

        by hedwards ( 940851 ) on Thursday September 30, 2010 @09:01AM (#33746472)
        That's why some of us advocate increasing the short term tax rate to something much higher than what we currently have and tailing off to what we've got now for long term capital gains. And pushing the holding period to 2 years or so. And cut the tax rate on dividends to the rate that people pay for capital gains.

        The effect of that is to increase the holding period of an investment and discourage reckless speculation. People tend to forget that Enron produced far more winners than losers. The people who ended up holding the bag were a small fraction of the total number of people who invested in it.

        It also has the upside of discouraging charlatans that practice technical analysis from screwing up the markets with their charts. Any practice which ignores what a business does to make money should be discouraged.
  • by airfoobar ( 1853132 ) on Thursday September 30, 2010 @08:27AM (#33746090)

    We should just censor half the internet and reclaim those IP addresses! That should solve the problem and give us plenty of time to move to IPv6!

    Hey, it looks our "tech-aware" government is already trying that -- never mind!

  • NAT (Score:2, Insightful)

    by TheCount22 ( 952106 )

    Finally we will no longer have to use this IPv4 NAT garbage with all it's limitations!

    • by alen ( 225700 )

      what limitations? my iphone is on NAT. what will IPV6 allow me to do on it that i can't do now

      • Re:NAT (Score:5, Insightful)

        by betterunixthanunix ( 980855 ) on Thursday September 30, 2010 @08:45AM (#33746268)
        One issue with NAT is the difficulty in running a server. I like being able to ssh to my home computer when I am at work; but behind NAT, that becomes more difficult (not impossible, just more difficult).
      • Re:NAT (Score:5, Informative)

        by Ephemeriis ( 315124 ) on Thursday September 30, 2010 @09:12AM (#33746612)

        what limitations? my iphone is on NAT. what will IPV6 allow me to do on it that i can't do now

        The original idea of the Internet was a network of peers. Every address was globally routable, and any machine could host content.

        There are obvious security issues with this... Which is why we've got firewalls... But there wasn't really anything standing in the way of you hosting a game server, or website, or whatever on your home machine.

        NAT now stands in the way of you doing this. NAT has destroyed the whole "network of peers" thing.

        NAT is fine for simply consuming content. For your iPhone, for example, I doubt if it's an issue. And if you're just loading up random web pages at home, or connecting to WoW, or whatever - you'll be fine.

        But if you want to host a web page at home you're going to have to not just open the ports in your firewall, but forward the traffic from your outside IP to the inside IP. And if you want a second box to serve up a web page too? Too bad. You only get one port 80 per IP address, and you've only got one globally routable IP address.

        Again, if all you're doing is consuming, this isn't all that much of a problem. But then you aren't a peer, either.

        Where this starts to be more of an issue is with various devices that we now want to be able to communicate with remotely. It's becoming more and more common for people to want to remote into home computers. Or maybe program a DVR remotely. Or maybe some utility company wants to be able to check your electric/water meter remotely.

        Being able to host your own content is becoming more important, not less. And shoving everything behind NAT is becoming more of a problem, not less.

  • Nobody cares. (Score:5, Interesting)

    by ledow ( 319597 ) on Thursday September 30, 2010 @08:31AM (#33746122) Homepage

    Nobody cares, nor needs to, except the ISP's and hosting outfits. If they provide a nice 6-4 proxy (or whichever way around it is), 99.999% of users can continue doing everything they normally do. I've done it on several of my machines in the past, been in the IPv6 net and browsed IPv6 websites to confirm it, and I never once had to touch my IPv4 config or do anything too fancy - certainly nothing that an ISP couldn't do transparently from their side of the net.

    It's an issue if you're hosting websites, because then your site needs to be accessible from the IPv6 addresses, but that's an issue for the hosters, most of the biggest of which are managed hosting outfits that can switch that on overnight if they haven't already - if they are allocating static IPv4 addresses, it's just a matter of translating and passing on IPv6 requests for a recognised IPv4 equivalent address to an internal IPv4 network. The root DNS servers are running IPv6 already, etc. There's absolutely nothing to stop this just working on most people's machines today and, no, not every machine needs to upgrade to IPv6 addressing in order to do that. In fact, if anything, suggesting that internal business networks suddenly become IPv6 addressable is the most stupid suggestion in the history of the world - most places just want an "4-6 convertor" in layman's terms and they'll tick along quite nicely on their internal 10, 176, and 192's without caring. Most places would run absolutely fine, the only place it matters is the extreme borders of the Internet.

    People don't run IPv6 not because of any of those reasons in the article but because a) they haven't heard of it, b) ISP's don't support it or won't do it for them automatically and c) a lot of OS's never come preconfigured to use IPv6 if it's available. Oh, and of course, d) nobody will care until their IP address allocation requests start getting turned down.

    It's not a big deal, it's not going to kill NAT's and 30 years from now there will STILL be local networks, internal VoIP systems, print-servers and whatever else using IPv4 addressing because it's a damn sight easier to leave a working config alone than to upgrade/replace every bit of hardware that touches IP. I can use IPv6 today. There's absolutely no need to until every link in the chain supports it and that's still YEARS away even with US government backing. And even then, IPv4 isn't going anywhere - it's just being superceded. It's like saying that all SSH servers have to switch to SSH2, or all wireless LAN's to 802.11n - it'll happen, and a little nudge won't hurt, but overall people just don't care enough for the majority of cases and their old stuff will still work on IPv4 in 20-30 years time if it's still operational.

    Tell me when even 5% of the websites that I use regularly are available over IPv6 and I'll look at setting up my VPS to do the same.

    • by am 2k ( 217885 )

      Tell me when even 5% of the websites that I use regularly are available over IPv6 and I'll look at setting up my VPS to do the same.

      Hard to say, since you don't list what sites you are using regularly. However, google search is available via http://ipv6.google.com [google.com], which is a rather big part of common web usage.

      • by ledow ( 319597 )

        Useless is less than 5% of the sites returned support IPv6 (or could even tell you what it was).

        Slashdot, for instance, doesn't.

  • This is really sad (Score:5, Interesting)

    by Omnifarious ( 11933 ) * <eric-slashNO@SPAMomnifarious.org> on Thursday September 30, 2010 @08:34AM (#33746140) Homepage Journal

    And at every job I've worked in the past 5 years, management has completely had their head in the sand about it. :-( And none of the developers understood enough about IPv6 to push in an even faintly credible way. :-(

    I've been running IPv6 on my home network since about 2002. It's just not that hard. In fact, it's a lot easier than running IPv4. My IPv4 home network has a seriously contorted configuration because of the constrained addressing. When I wasn't even given a block of IPs but instead given X number of individual IP addresses it was even worse. My IPv6 network, OTOH, is configured quite simply and obviously.

    OTOH, even though I've had an IPv6 DNS server for ages, my stupid registrar STILL does not support IPv6 glue records. It's ridiculous. The standard has been stable enough to do something like that for at least 3-4 years now. I just want to strangle them.

    Last I checked, we only have about 200 days before ARIN stops being able to hand out new IPv4 addresses. It's around 7 months. After that, hosts start appearing on the Internet that only have IPv6 addresses. The connectivity breakage will be slow, subtle and inexorable. I bet it takes the tech industry at least another 5 or 6 years before they have to fix the problem or not have customers, and I bet it won't be fixed before then. So very very stupid.

  • by Anonymous Coward on Thursday September 30, 2010 @08:36AM (#33746168)

    Just force all porn sites on the internet to be accessible from IPv6 addresses only.

    • Re: (Score:3, Insightful)

      by sjames ( 1099 )

      It's modded funny, but it would actually get the job done. There would be a few holdout ISPs claiming they don't support v6 "for the children", but most would be falling all over themselves to make sure they had v6 up and running by the day porn goes dark on v4.

  • by avij ( 105924 ) * on Thursday September 30, 2010 @08:36AM (#33746178) Homepage
    Serious question. I already have an IPv6 address, why doesn't Slashdot have one?
    • by grumbel ( 592662 ) <grumbel+slashdot@gmail.com> on Thursday September 30, 2010 @08:46AM (#33746278) Homepage

      Running IPv6 on a webserver means cutting of a chunk of your users with broken IPv6 setups. That is why you see a lot of http:://ipv6.google.com [http] style sites, but hardly anybody having a AAAA record on their main domain.

      • by gmueckl ( 950314 ) on Thursday September 30, 2010 @09:07AM (#33746572)

        heise.de, a major German tech news site ran a test for precicely that reason about two weeks ago: they added an AAAA to heise.de in addition the normal AA record. Out of the thousands of visitors they have each day less than 10 were unable to reach that site in that configuration and wrote in about their problems and only one turned out to be unfixable because of a router misconfiguration somewhere else in the network. Since they advertised their test weeks ahead and asked users to report any problems they might experience during the test, the number of complaints they received is pretty low. So the argument of mixed AA/AAAA records not working properly of users is luckily losing its credibility, it seems.

        • by Abcd1234 ( 188840 ) on Thursday September 30, 2010 @10:05AM (#33747390) Homepage

          heise.de, a major German tech news site ran a test for precicely that reason about two weeks ago: they added an AAAA to heise.de in addition the normal AA record. Out of the thousands of visitors they have each day less than 10 were unable to reach that site in that configuration and wrote in about their problems and only one turned out to be unfixable because of a router misconfiguration somewhere else in the network.

          Counter-anecdote. I've been running v6 at home for about a year now with absolutely no problems (Hurricane Electric, seriously, you guys kick ass). But I decided I wanted to add a new private 802.11n router to my network, so I went and picked up a DIR-625, which is a lower-end, 2.4Ghz-only 802.11n-capable D-Link WAP.

          Now, I have a *slightly* unusual setup, in that I have a dedicated firewall (m0n0wall, you guys also kick ass), and I wanted this private, WPA2-secured AP to sit on my internal network and basically bridge the wireless pool directly to my network (no, in an enterprise scenario, I wouldn't advise this, but at home, with a properly secured WAP, I think it's safe). Furthermore, the firewall sends out v6 router advertisements, and I use simple v6 auto-configuration, so that any device connected to my LAN or existing 802.11g WAP automatically gets v6 connectivity (the latter is open and sits in its own DMZ). All of this works perfectly.

          So I plug in the WAP so that the LAN-side of the device is connected to my network (this bridging the networks), and then connect to it with my laptop... and my v6 connectivity is shot. Attempts to connect to any v6 hosts time out. Odd. So I check my routes, and lo and behold, inexplicably, I have a default v6 gateway route that corresponds to a *loopback* address. A little digging, and I discover this POS AP is sending out router advertisements, and advertising it's *loopback address* as the gateway address. Buh??

          So naturally I log into the AP and make sure v6 is disabled. Except it is. And it's *still sending out radv messages for it's loopback address*. The solution? I had to reflash the blasted thing and replace D-Link's firmware with dd-wrt.

          Now, this is an incredibly common piece of consumer-grade hardware. And their IPv6 implementation is, apparently, horribly broken. If I were a regular user, and, say, Google, advertised AAAA records for www.google.com, I would've been unable to hit their website. So can you really blame service providers for choosing to either a) not advertise AAAA records for their services, or b) only do so to whitelisted ISPs?

        • Re: (Score:3, Informative)

          by RAMMS+EIN ( 578166 )

          Minor correction: I think you mean A record [dnsuniversity.com] rather than AA. AA [aa.org] is something else ...

  • by Fëanáro ( 130986 ) on Thursday September 30, 2010 @08:38AM (#33746194)

    So, what are the best ways to profit from this crisis?

    Hoarding IP addresses is an obvious way, but that market seems pretty crowded already.

  • by pak9rabid ( 1011935 ) on Thursday September 30, 2010 @09:06AM (#33746550)
    It's the unnecessary use of IPv6 on private networks.
  • Plan B (Score:4, Interesting)

    by Spazmania ( 174582 ) on Thursday September 30, 2010 @09:28AM (#33746802) Homepage

    For your information, plan B is ISP NAT and a zero-sum game address transfer market. That would allow us to reallocate upwards of 80% of IPv4's addresses, extending the life of IPv4 some 10 to 20 years. It's not a fun prospect, but it's eminently workable -- perhaps even more so than IPv6.

    So, anyone who says there's no plan B doesn't know what they're talking about.

    • Re:Plan B (Score:5, Insightful)

      by PitaBred ( 632671 ) <slashdot@pitabre ... org minus distro> on Thursday September 30, 2010 @11:20AM (#33748384) Homepage

      Assuming you don't want to use VNC, VoIP, IM file transfers, bittorrent, access your home DVR remotely... sure, it's workable! It's as workable as a backup to the Internet as candles are a backup to electricity.

      • Re: (Score:3, Insightful)

        by Spazmania ( 174582 )

        My Vonage (VoIP) works just fine behind a NAT and my DVR calls out to a remote service from which I control it. I don't need VNC or bittorrent. Neither do 99% of the folks who buy residential Internet service. If you're one of the 1% that does, you buy the static IP address option for an extra five bucks. No muss, no fuss.

    • Re: (Score:3, Interesting)

      by sjames ( 1099 )

      As long as you just want to be a consumer of web and mail, it works to a degree (it will require some big honking firewalls to do the NAT), but if you actually want to serve content, ssh to your home machine, or do anything even slightly off of the norm, you might as well just cut the cable because it's not going to happen.

      Just forget it is NOT plan B, it's just giving up.

      That's a real shame when v6 is actually quite easy to set up and even the ancient XP machines can handle it.

  • by SteeldrivingJon ( 842919 ) on Thursday September 30, 2010 @09:36AM (#33746900) Homepage Journal

    I'll never switch to IPv6 with its cold, digital precision rendering of data. The lower resolution of IPv4 just provides a better rendition of old favorites like slashdot, to my eyes anyway. Sure, there's some noise, some clicks and pops, but nothing matches wikipedia seen through a nice tube monitor.

  • by rickb928 ( 945187 ) on Thursday September 30, 2010 @09:44AM (#33747000) Homepage Journal

    Really?

    Well, ok, a little recap:

    IPV6 has been resisted by virtually all major players, with few exceptions.

    IPV6 is poorly tested in the real world. We will see massive problems getting it working.

    IPV6 WILL WORK. It will take some time.

    IPV6 will coexist with IPV4 poorly, and we will see a dramatic changeover as the critical mass of IPV6 nodes comes online, and IPV4 is more trouble than it's worth to keep around for a little while longer. My estimate, 3 years.

    Asia will lag behind in IPV6 adoption.

    Some interesting points:

    The U.S. Department of Defense holds 11 Class A blocks. If they could reduce their usage to just 3, we could give IPV6 another 3 years of grace. But:

    - If we give IPV6 3 more years, it will still take 3 years from then to substantially implement it. And the industry will take those 3 years to avoid the pain.

    - The DOD will need at least 5 years to reorganize and give back those Class A blocks. The Navy alone will need 2 years to negotiate with EDS/HP to make the changes. Read up on NMCI and you will recognize a genuine military-grade CF. NMCI is a failure. IPV6 would merely give EDS/HP another opportunity to gouge the service. They rarely miss these opportunities.

    - There are several Class A block owners that look like better candidates for either conversion or elimination. None seem ready to do what the DOD would have to do, i.e. spend massive amounts of time and money to make a change for the community, without any real benefit to them.

    Just some personal IPV6 observations:

    I had two different Fedora distros fail for me at home because IPV6 was turned on and both my router (Linksys WRT54G stock F/W) and my ISPs (Cox and Qwest) fritzed their IPV6 implementations. No, wait, both ISPs had no working IPV6 in the Phoenix area in 2005-2008, despite claims to the opposite. The Linksys I will probably have to reload with something more useful, but it's the early one that can take a lot of new firmware.

    Oh, and turning off IPV6 in each Fedora release required different and arcane methods. A hint to the Linux community - common and stable configuration methods would be a blessing. And not just a GUI. I know, security, security, security. I can assure you, my broken Fedora builds were secure, even from me. A stopped clock is right twice a day.

    I think my Ubuntu distro left IPV4 on and IPV6 off, but I haven't looked. It works, and has for 3 years.

    Despite the clamoring for IPV6, it just has no traction. Why bother yet? Like a lot of things, crisis will have to escalate to failure before this gets fixed.

    If Jon Postel were still with us, he would have already made this happen. I miss him so. We need individuals that drive Internet management and administration, not groups. Internet by committee is failing. Can we not find anyone trustworthy to lead Internet functionality at this level?

    No, Stallman is not the answer. And nobody at Sun/Oracle either.

  • by gbrandt ( 113294 ) on Thursday September 30, 2010 @10:04AM (#33747364)

    A friend of mine just colocated his server. The colo he used gave him 4 or 5 IP addresses for his single computer. Even though he is running VM's, he does not need 4 IP's.

    This kind of thing is happening everywhere. Cleaning up that kind of junk will give us time to convert to IPv6

    • Re: (Score:3, Informative)

      by lidocaineus ( 661282 )

      Why shouldn't he have 4 or 5 addresses? Most colo providers will either allocate a /30 or /29 to your machine, and there are very good reasons for this.

      Playing the "conserver ipv4 IPs!" game is ridiculous when there's a standard right there that will completely remove these type of concerns. It's time to move on.

  • by CherniyVolk ( 513591 ) on Thursday September 30, 2010 @12:58PM (#33750042)

    I own blocks of IPv4 addresses, yes a query to ARIN produces my name. I own many Domain Names (my DNS bills are substantial). I also own several IPv4 blocks because I purchase a business account for my home internet connection; these ones aren't ownership, but part of product agreement from the ISP I go through. I have co-los directly connected into Yahoo's backbone in the NBC building downtown San Diego. I have considerable network resources, for personal use and as nerdy as it is... I'm proud.

    The IPv6 problem largely persists because there is 0 infrastructure support. When I say infrastructure, I mean everything from the AT&T copper telecommunications level all the way to the consumer level Service Providers like Cox Cable or Road Runner services. Almost all "IPv6" solutions a consumer can find is nothing more than a IPv6 WAN configuration scheme between you and your ISPs first router and their router does IPv6 to IPv4 translation for all requests. Some companies might have their own IPv6-to-IPv4 translators on the routers facing their upstream providers... again this isn't connected to a IPv6 "internet". The IPv6 support found in software primarily seems to most revolve around one requirement "translation to IPv4".

    I know this might hurt a lot of feelings. Bind Ping, a lot of FOSS software has "native" IPv6 support and I'm not debating this. What I'm pointing out is none of it is anything more than experimental code as there is no real means of testing any of it on a real life network. I have faith in it, yes but I have a hard time thinking it could have been extensively tested on a real network.

    I realized all of this after trying to get my co-los on a hardcore, pure, real-life IPv6 network with network addresses and all services go. Even up to the point where IPv4 wouldn't work at all. It logically can't be done at this point in time; there are no big time upstream providers in Southern California that can provide a real IPv6 link, even to businesses such as mid-sized ISPs let alone to consumers. This is the problem, without infrastructure support... all we are doing is translation and pseudo-WANs running on top of IPv4.

    All the telecommunication companies need to jump on board. All the major universities need to abandon IPv4 for communicating with each other (effectively converting the major backbone of the internet to IPv6). We need the translators to be in primarily reverse, IPv4-to-IPv6 instead of IPv6-to-IPv4. We need all the major ISPs to start offering IPv6 to the consumer. This is the easy part I think, consumer doesn't care or know the difference.

  • by SteeldrivingJon ( 842919 ) on Thursday September 30, 2010 @05:21PM (#33753738) Homepage Journal

    That ought to scare people into compliance.

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Working...