There Is No Plan B, the Ugly Transition To IPv6 717
An anonymous reader writes "The Internet is running out of IPv4 addresses — not at some point in the future, but right now. But the only solution to the problem, IPv6, is just now really starting to be deployed. That's why we're all in for some tough times ahead."
Reclaim Some? (Score:5, Funny)
Re: (Score:2)
kidding aside, I'd be interested to know what the actual Class A block utilization numbers look like.
Re:Reclaim Some? (Score:5, Informative)
True, that is obligatory. Map of the Internet [xkcd.com]
Re: (Score:3, Interesting)
That is a 2006 map. So it's out of date. But first, the outright errors:
Top right block? Instead of green grass it ought to be missing. There is no way to use that space for anything, because it was marked as class D experimental space and so various devices (including old Windows PCs) exist which won't believe such addresses are Unicast. No way to fix that in reasonable time.
10 is green on the map. But it's reserved. The lack of _public_ addresses in 10/8 is necessary in order for them to work as _private_
Re: (Score:2, Interesting)
Re: (Score:3, Informative)
Here you go... [xkcd.com]
And here... [isi.edu]
Re:Reclaim Some? (Score:4, Informative)
Your comment kinda reminds me of those who say "analog television frequencies aren't being used any more". And then they suggest using them for cellular phones/internet. But the reality is that those frequencies ARE being used: By digital television (channels 2-51) and Emergency Radio (52-59) and cellphones (60-69)(approximately). Every inch of space is assigned.
Umm, NO. Thin slices of the same spectrum are being used by digital TVs. LOTS of the space, though not contiguous, are not being used by it. That's why the FCC is going to allow others to use that unused 'white space' between the thin slices used by digital TV btoadcasts.
http://www.dailytech.com/article.aspx?newsid=14497 [dailytech.com]
Not nearly every bit of the spectrum is being used, or assigned.
Re:Reclaim Some? (Score:4, Funny)
Why not just link to the 45 other places you've posted the list? I've seen this same conversation with you 25 times. You know what? I hope they do take away your fucking TV. I hope you turn it on one day, and nothing is there. I hope you sit there and stare at a blank screen (not even snow to look at - they took that from you too already, didn't they?). I smile as I think of your simple whimpering as you paw in futility at the TV. Your only friend...gone...gone...
Gone.
Please shut the fuck up about your god damn antenna TV. No one cares. Get bittorrent, get cable, whatever.
Re:Reclaim Some? (Score:5, Funny)
This explains... so much.
Re:Reclaim Some? (Score:5, Informative)
"which thanks to compression looks as fast as 500k DSL"
hahaha, no.
Re:Reclaim Some? (Score:4, Informative)
You do realize that the very same page is also compressed when using DSL, right? Or do you mean you use some kind of proxy service which does lossy compression on all images? Well, then it's still not gonna give you the same user experience as a DSL connection which is ten times faster.
There is no way a 56k or slower modem "looks as fast as 500k DSL".
Re: (Score:3, Informative)
images are compressed to 10% original size.
The vast majority of images are already (compressed) JPG. If they could be compressed another 90% (which they can't be!) then everyone would do it and 500kbps would still seem faster than 50kbps dial-up.
Re: (Score:3)
Actually you can compress JPG further, and my Dialup ISP does it (converts a 50K jpeg to 5K).
If my ISP were to on-the-fly hack down the size and resolution of the images I'm requesting, then I'd crawl thru the wires and beat them mercilessly.
Just as I squeeze MPG episodes of Penn&Teller down to 10 megabyte size for emailing friends.
Now it's obvious that you're not bright enough to split big files into pieces.
It's all relative to how much quality you are willing to sacrifice.
If the web site wanted their
Re:Reclaim Some? (Score:4, Funny)
Re: (Score:3)
No you should tether your phone to your laptop and get 700k+ service that way. Assuming you have a smart phone with an unlimited data plan which I assume you do b/c you travel a lot for business (and if you don't try sinking that $7/mo plus another $23 into a data plan and discover the joys of not looking for an rj-11 jack to get online).
Re: (Score:3, Informative)
What do you call these then? They look like ISPs to me:
http://free.aol.com/thenewaol/plan_choice.adp [aol.com]
http://www.getnetscape.com/ [getnetscape.com] (AOL owns Netscape ISP)
Re:Reclaim Some? (Score:5, Informative)
I've wondered why this hasnt been done sooner. There are some relatively small groups out there with class A blocks (16.7m) still. Make those who own these blocks justify their use. I believe back when the internet was just a wee bub, IP addresses were handed out to anyone who wanted them. And some companies just took huge chunks.
Have a look at this list for starters http://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks [wikipedia.org] or http://abhishek.nagar.me/content/class-ip-address-and-owners [nagar.me]
Some organizations, such as Stanford University, formerly using 36.0.0.0/8, have returned their allocated block to assist in the delay of the exhaustion of addresses. Perhaps some others could follow in their steps.
Re:Reclaim Some? (Score:5, Insightful)
At the rate that we're exhausting addresses, even if it were possibly to schedule and reclaim more than one Class A a month, we'd only be postponing the inevitable... by about a month.
And that assumes you can move all of their infrastructure off their class A in that time, maybe when your team gets around to dealing with , you realize it could take a year long migration.
Yeah, that'll work.
Re: (Score:3, Insightful)
... And every home user doesn't need a public IP. And every desktop in your enterprise doesn't need a public IP. Q1 2010, Verizon reported 3.6 million FiOS Internet customers. [vzw.com] Comcast reports 14.4 million high speed (not dialup) Internet customers. The majority of those customers don't need public IP's, nor do they even know what to do with them.
The way the internet is meant to work pretty much requires their addresses to be globally routable but these days we have a bunch of hacks in various layers to deal with the lack of available globally routable addresses. And it's not going to get better five or ten years from now.
I believe the routers that they're already transiting to reach the Internet at large is also capable of NAT. Assuming full utilization of their address space, that's greater than a single /8. More than likely they are operating at 50% to 80% of their address space.
Who are "they"? The end user? The ISPs?
There are lots of ways to manage IPv4. The drive to IPv6 isn't a drive. It's a haphazard stumble towards a new standard. The problem is, it isn't a standard. Most providers haven't purchased their IPv6 blocks. Even if I, Joe Provider, bought myself a nice fat IPv6 block, my upstream providers aren't routing IPv6 yet. Common web sites are not advertising their IPv6 address, because it will cause non-IPv6 users to hang until the invalid address times out. google.com does not have an AAAA record. ipv6.l.google.com does. slashdot.org doesn't have an AAAA record, nor do they appear to have any subdomains for it. Why? Probably because their upstream provider doesn't support it yet.
Plenty of medium to large ISPs use IPv6 in their networks, they just don't offer it to residential or basic business customers, sometimes you have to pay extra, sometimes you have to sign a p
Re: (Score:3, Insightful)
Yes, we do. NAT is a major blocking factor in the development of distributed P2P software - and I'm not only talking about uTorrent, but apps like Spotify, Joost,
Re: (Score:3, Insightful)
It's probably just not worth the trouble. I looked at the rate of /8 allocations: over the past 10 years, we've allocated an average of 8 /8s per year to the RIRs. That means clawing back a Class A will buy us about 45 days. It's probably just not worth the trouble to get an extra 45 days.
Ford (Score:3, Insightful)
Non-IT Companies like Ford doesn't need to be on a list like this at all. Apart from a a few WAN IPs, a webserver, and a mailserver, they could probably put their whole network behind NAT, and no one would notice.
Re: (Score:3, Interesting)
NAT didn't exist in its present form when these addresses were handed out. The assumption was that every machine on the Internet was a routable entity unto itself.
IPv6 brings back that concept, with all its benefits and security issues.
Re: (Score:3, Informative)
The security issues only exist if the network people shouldn't be doing security anyway. NAT just happened to provide a decent level of protection for machines behind the firewall. A simple set of v6 rules can provide exactly the same protections.
Block inbound connections, inbound SYN,ACK packets that don't match an outbound SYN, and UDP unless there was a matchong outbound UDP first.
Meanwhile, by not re-writing every packet passing through, the firewall can handle a lot more traffic for the same resources.
Re: (Score:3, Insightful)
"The security issues only exist if the network people shouldn't be doing security anyway. "
Right, like my mom. The internet is not just for geeks these days, and the idea of having publicly routable (and thus more easily root-able) systems in the hands of my less-than-computer-savvy family members is scary.
Re:Reclaim Some? (Score:5, Insightful)
There are two major reasons why this almost certainly won't happen. The first reason is that at the current rate of use this would delay IPv4 exhaustion by only a few months to a year.
The second is that for an organisation to claim such a large block of addresses, it must have done so relatively early in history. That probably means the organisation is a technology group or another organisation which has had a vested interest in the internet for a very long time. Over those decades, there's a good chance that the organisation has swelled up to make maximum use of its assigned address spaces, and rearranging its network and systems for greater efficiency would be a mammoth undertaking for relatively little gain (see above).
Re:Reclaim Some? (Score:4, Interesting)
Seriously why do 3/4ths of these companies even have /8 addresses? do every one of their workstations in the company have a publicly routable address on them?
Ford certainly use addresses in their 19.0.0.0/8 space for employee workstations, even though none of those machines is accessible from outside.
Re:Reclaim Some? (Score:5, Interesting)
4) It's Just Not Fair. Why should Ford, Apple, and HP be forced to give their /8s back when Level 3 and AT&T get to keep and resell theirs?
Re:Reclaim Some? (Score:5, Informative)
ICANN considered this option, but decided that it didn't extend the deadline out far enough to be worth the costs.
http://blog.icann.org/2008/02/recovering-ipv4-address-space/ [icann.org]
Why didn't somebody tell us? (Score:5, Funny)
What? We're running out of IPv4 addresses? Why are we only learning this NOW? This is an outrage! Why haven't tech sites told us about this problem sooner...say, several times a year?
Re: (Score:3, Insightful)
What? We're running out of IPv4 addresses? Why are we only learning this NOW? This is an outrage! Why haven't tech sites told us about this problem sooner...say, several times a year?
LOL Sarcasm aside... wouldn't it be better not to tell anyone? Just let them... how do I say this... movie metaphors might help... like letting them remain asleep inside the Matrix, or Inception style, dreaming inside their dream, or IPv6 is "oh, this is the real party" from Brain Candy. Then the NEW IPv6 Internet could be Flash-free! No more click fraud on pr0n sites! Just think of it!
Re:Right now? (Score:5, Insightful)
Re: (Score:3, Interesting)
If you can think of a way to expand the address space without expanding the number of bits in the address, I think there's a Nobel prize in it for you.
But to answer your concern, you should look into this cool new technology: http://en.wikipedia.org/wiki/Domain_Name_System [wikipedia.org]
Re: (Score:3, Interesting)
Maybe, maybe not. I'm not so sure it is harder now. We are just far more cowardly than we were in the mid 1990s and far less staffed up for change. Heck we got the country moved from DOS to Windows which meant replacing essentially all the hardware. We got the whole world hooked up on local lans, which involved physically touching every computer in the USA.
We scoped it, we did it.
What's changed is that:
1) People are much more dependent on the internet.
2) We've lost the manpower we used to have
I'd love
Article invalid (Score:2, Insightful)
Article invalid: Author considers NAT to be a security mechanism, and specifically cites Windows ICS as the example... I've personally had Windows machines owned by infected machines on the same segment.
Re: (Score:3, Insightful)
It *is* a security mechanism: you can't Ping Of Death a machine that doesn't have a routable address from the public Internet.
That doesn't say it's a *sufficient* security mechanism for any specific threat, but saying simply that it is *not* one is ignorant.
Re: (Score:2, Interesting)
Nah you just ping the address you know and the machine behind that one still get borked.
Great.
I doubt OMGYOUCAN'TPINGME is the greatest benefit.
Re: (Score:3, Insightful)
You can't Ping of Death a machine that's behind a stateful firewall that's dropping ICMP packets either. Every bit of security you get from NAT can be done with a firewall without fundamentally breaking the peer to peer structure of TCP/IP. Claiming that NAT is a security mechanism is ignorant. NAT adds *nothing* a properly configured firewall does not already do.
Re: (Score:3, Insightful)
NAT is insecure only if the machine operating the NAT is insecure. A host running a NAT with sufficient hardness/dumbness will shield the interior machines from any sort of inbound attack; the fact that they are unaddressable from the outside is as secure as you can get without unplugging. An attacker on the inside is a different story but that attack vector would exist with or without an internet in the first place.
Cue the "oh but there are insecure browsers/email/cellphones/whatever" crowd in 3, 2, 1...
There is truth in what you say - (Score:4, Interesting)
attackers don't only come from the Internet. The "hard shell, gooey centre" security model is doomed now that people are buying laptops, ipads, iphones etc. Mobile devices need to protect themselves, and since everybody is buying mobile devices, upstream network located firewalls are losing their effectiveness.
Re:There is truth in what you say - (Score:4, Insightful)
The notion that a border firewall was a sufficient security mechanism ended when the portable computer was invented, which is to say, it was never a valid concept. Indeed you could make the case that indeed telecommunications itself basically invalidates the idea. Get someone to hook up a modem to some internal system and you've got an attack surface.
It's truly distressing how many effective security mechanisms go unused for lack of a user interface. SElinux has the potential to make system intrusion all but a thing of the past, but it is tragically underutilized because it is difficult to create a useful profile. NX/DEP goes unused in many cases because it causes compatibility problems. All POSIX.2 systems have ACLs but virtually none of them use them because there's no GUI tools. Firewalling did not become popular for user desktops until the various add-on firewalls for Windows with autoconfiguration interfaces appeared (e.g. ZoneAlarm.) I'm sure some other people can imagine some other even more excellent examples... well, actually, it's hard to imagine a better example than SElinux. But I really want ACLs, and I'm kind of annoyed that GNOME or KDE hasn't taken a stab at them yet.
Re:Article invalid (Score:4, Interesting)
blablablabla. i99% of the times, NAT is in conjunction with a stateful firewall. That's why people say NAT = FIREWALLED.
And yet, if you RTFA (I know, I must be new here) he talks about how dropping NAT led to having to use a firewall.
Windows ICS NAT never saved anybody. The machine which would be compromised is behind another system of the same or similar OS and vulnerabilities.
Next bubble? (Score:2)
1980s Real Estate
1990s Tech Stocks
2000s Commodities
2010s IPv4 addresses
The IPv6 nightmare begins with it's design... (Score:2, Interesting)
http://cr.yp.to/djbdns/ipv6mess.html [cr.yp.to]
-paul
Re:The IPv6 nightmare begins with it's design... (Score:4, Insightful)
Wow. DJB misunderstands something?
Say it ain't so, Joe!
(His piece, written in his usual "I am not at all nuts" style, assumes that IPv6 is *solely* a new "address space", and not an entire replacement protocol.
(While that might have been a better design, smarter people than me decided it wasn't practical to approach it that way, so listing the ways in which that wasn't well implemented is useless, since *that wasn't what they were TRYING to implement*; the entire page is a strawman.)
Re:The IPv6 nightmare begins with it's design... (Score:5, Interesting)
While that might have been a better design, smarter people than me decided it wasn't practical to approach it that way
The problem with the approach is that it's very difficult to do in a way that doesn't break backwards compatibility, and if you're going to break compatibility then you may as well fix other things at the same time.
One option, for example, might have been to get rid of the port field as a fixed length and make network, machine, and port number all combined in the same way that network and machine addresses are now. This would let you have, for example, 256 ports per machine while getting 256 times as many IP addresses, or doubling the available addresses at the cost of only having 32K ports per machine. Only the routers at the very last hope would need any modification for this to work. Since you only need a unique port for each app that connects to the Internet (you can reuse ports, as long as the remote end is different), 2^16 is a lot more than most machines need, and losing 3-4 bits from the port field would be a lot more convenient than NAT for a lot of home users.
Of course, that would still not be a good long-term solution. After a little while, you'd end up with the port field being shortened so much that people would complain. You'd also have the problem that you actually use the variable-length port field, every machine on your local segment would need an upgraded network stack, and protocols that expected to be able to use high port numbers would have serious problems.
The effort in deploying such a solution would only be slightly lower than the effort of deploying IPv6 and it would be a significantly inferior long-term fix.
Re: (Score:2)
MS has had a lot of trouble due to trying to mai
Re:The IPv6 nightmare begins with it's design... (Score:5, Informative)
The problem with the approach is that it's very difficult to do in a way that doesn't break backwards compatibility, and if you're going to break compatibility then you may as well fix other things at the same time.
Didn't have to be that way. We could have had an IPv5 with all the addresses and none of the backwards compatibility issues if not for special interests in the IETF:
http://bill.herrin.us/network/ipxl.html [herrin.us]
Gets my vote for IPv7...
Re: (Score:3, Interesting)
So why do we need entire replacement protocol?
Let's see, IPv6 autoconfiguration is nice, but DHCP is working fairly well by now. So no need for a new protocol here. No checksums for mutable header IP fields? Nice, but does it require a whole new protocol?
What else? Multihoming? Nope, IPv6 doesn't help here. Mobile IPv6? That's just a result of a large address space, so nothing new here.
So, why do we need a replacement protocol if not because of a larger address space?
Re:The IPv6 nightmare begins with it's design... (Score:5, Interesting)
Basically, this is what is going to happen:
Some ISP somewhere with a /20 is going to project that in 6 months time they will be out of IPs, /20.
and it's going to be too expensive to buy another
So they are going to buy some Cisco-hardware-NAT-appliance and say to their customers: "look here,
you are all on NAT from now on, if you want a real IP you pay extra."
This NAT box will NAT a /20 to a /24 of temp addresses+ports. It will be plug-n-play and
easier than setting up IPv6.
99.9% of customers won't read the announcement and won't notice. They are all NATing through
their DSL modems anyway, and this Cisco equipment will have hacks for all those special
apps that need it to work behind double NATing.
And no one will ever think of switching to IPv6
-paul
Re: (Score:2)
The bigger problem is that the ISPs haven't made it available yet in any universal way. I just checked the other day and Qwest still hasn't, as far as I can tell, made it available, definitely not on my modem anyways.
Re:The IPv6 nightmare begins with it's design... (Score:4, Insightful)
Hey, did you actually read the fucking article?
What djb says is exactly what's wrong with IPv6.
No, IPv6 clients cannot, under any circumstances, talk to IPv4 ones. They also have to run IPv4. There is no conversion at all, and the IPv4 address space 'inside' IPv6 will never, under any circumstances, be turned into IPv4 when it hits the 'edge' of IPv6, nor will it be turned into IPv6 going the other way.
And, no, routers cannot 'convert' between protocols, as there is no way to convert back and forth. There are ways to tunnel, but no way to convert. The IPv4 address space in IPv6 is just a goofy allocation scheme, saying 'If you have some addresses in another protocol, you get these addresses free also.' They are utterly different addresses in any sense of the word, you can have them on different computers or even different networks.
Christ, you read an article about how IPv6 is broken because the way that people expect the upgrade to work is broken, and you walk away going 'What an idiot. The way people thinks it works is great, and I've decided to ignore the place where points out that way is not, in fact, how it actually works.'
How you think it works, how everyone including djb thinks it should have worked but doesn't, was not chosen, for no apparent reason. Instead, we've got a damn stupid 'dual stack' approach.
Incidentally, I'm no djb fanboy, he's a total idiot in my book. He has no idea of the proper way to actually follow standards and write software, instead choosing to invent entirely different control systems, and that's just the start of the problem.
But that doesn't mean anything written by him is wrong. He's exactly right about how IPv6 fucked up, and if it had been a superset of IPv4 we might actually have an internet that's 90% IPv6 and 10% IPV4, and we'd be talking about the sysadmin's hard choice to keep paying for IPv4-compat IPs or use IPv6-only IPs.
Instead, IPv6 is still almost completely unused, and we've run out of fucking time.
Re: (Score:3, Insightful)
> The only thing that *fails* is when [...]
thats quite a lot of things failing.
> similar to using an NAT router
no, there are 100 million people connected to the internet using ADSL and all *their* stuff works fine
why, because NAT is a solved problem with lot's of workarounds
ergo: IPv6 is just NAT all over again
we might as well solve the IPv4 address-space problem with huge /8 NAT'd networks.
good luck to the 0.0000001% of the Internet that has "successfully" switch to IPv6 after 20 years of IPv6 promot
Procrastination (Score:5, Insightful)
Why is it that problems never seem to get corrected until they are well and truly disastrous in scope.
Re: (Score:2)
The whole idea in a democracy is to have visionary leader(s) elected to lead the short-sighted (generalization) masses.
Unfortunately, our leaders today are mostly controlled by short term financial interests, which brings us back to square one.
Re:Procrastination (Score:5, Insightful)
"we need to undertake a $X million project to transition our systems to IPv6. This is going to become a big deal in about 10 years time and we want to be on top of it,"
the CTO might or might not take the idea seriously. But even if the CTO did decide to bring the idea to the board for approval, he'd be shot down in seconds.
"You want to reduce shareholder profits by $X million to fix something that might become a problem in 10 years? Let's move on to the next item on the agenda shall we? And don't bring stupid ideas like this one to the table again in the future Bob. We need you focused on shareholder value."
.
Re:Procrastination (Score:5, Insightful)
The effect of that is to increase the holding period of an investment and discourage reckless speculation. People tend to forget that Enron produced far more winners than losers. The people who ended up holding the bag were a small fraction of the total number of people who invested in it.
It also has the upside of discouraging charlatans that practice technical analysis from screwing up the markets with their charts. Any practice which ignores what a business does to make money should be discouraged.
Re: (Score:2)
Agreed - but people in groups procrastinate in the face of danger. Repairing the levees in New Orleans for example. The procrastination is even worse when the consequences are not disastrous. I predict IPv4 will be here 10 years from now enabled by nightmarish workarounds.
People will not fix anything with low impact or low frequency. This is why auto accidents aren't addressed more seriously by society as a whole - the loss of a few lives, or even 40,000 / year in a population of 300 million, is "low im
Re: (Score:2, Interesting)
Although, I guess if sharing IPs will make it more difficult for the RIAA/MPAA to "legally blackmail" people it can't be all bad.
Re: (Score:2, Insightful)
I'm glad someone finally said it. NAT is the (slightly slower) Plan B.
We don't need every computer on the network to have an address. We need every SERVER and external-facing router on the network to have an address. A company of 10,000 desktops may really only have 100 servers and a few external access routers, meaning they could work fine with 100 IP addresses instead of 10,000. Heck, most of those servers are internal anyway. You could require users to VPN in first (which you should be doing anyway)
Re:Procrastination (Score:5, Insightful)
Yes, all sounds good, until your ISP starts providing you with 1 private IP address for your home, with no way around it. Here in my city 1 of the ISPs does this, you get an address from the 10.0.0.0/8 range. If you need to poke a hole in the firewall for things like IM file transfer or webcam, any kind of P2P, SIP, SSH/remote desktop/vnc into your home machine, etc... guess what? you're out of luck. Change ISPs? Sure, until the other ISPs are forced to do the same. What are we going to do then?
And that's what we're going to get. I simply don't see the point of mentioning NAT as a near-term temporary solution: it ALREADY is doing that. Guess what? Companies don't give their desktops public IPv4 addresses anymore, they haven't done that in several years now, so I don't see what your point is. You're just in denial and being too optimistic.
I wonder why no one mentions v4 addresses are "lost in routing". Take for example an ISP here, they used to give you a full /24 (legacy CLASS C, and let me stop here for a bit: NOT EVERY ASSIGNMENT IN THE NET IS A, B or C. Only script kiddies dreaming of "T3" "pipes" talk about "class C" and "ping of death", get over it! It's 2010 already. OK, back to my point). So they used to give you a /24. For every 256 addresses on a /24, the .0 and .255 are usually not usable, and the .1 is usually the CPE router. But now they don't give out a /24 anymore, unless you specifically state why you need such a large space. So they give out a /30. 8 addresses, again the first and last are unusable, and the first available is the CPE router. 3 out of 8 or 27% of the addresses are lost in routing.
Let me recap: NAT is not the solution, it's already there holding the internet like duct tape.
The solution! (Score:4, Funny)
We should just censor half the internet and reclaim those IP addresses! That should solve the problem and give us plenty of time to move to IPv6!
Hey, it looks our "tech-aware" government is already trying that -- never mind!
NAT (Score:2, Insightful)
Finally we will no longer have to use this IPv4 NAT garbage with all it's limitations!
Re: (Score:2)
what limitations? my iphone is on NAT. what will IPV6 allow me to do on it that i can't do now
Re:NAT (Score:5, Insightful)
Re:NAT (Score:4, Informative)
You have 65,000 inbound ports. You can't possibly be peering with more then 1000 or 2000 other torrents anyway without completely destroying your bandwidth. Further, there is nothing that says SSH has to run on port 22. You just like it to because it's easy. There's no reason you can't NAT to 100 servers for SSH, run 50 webservers (with both SSL and non-SSL ports), torrent to 5000 of your best friends and still have 59,000 ports left to play with. And a translation table with 5000 entries isn't beyond the capabilities of anyone that might actually have the much infrastructure running behind the device.
Re: (Score:3, Insightful)
There's no reason you can't NAT to 100 servers for SSH, run 50 webservers (with both SSL and non-SSL ports)
Sure there's no reason you can't run 50 web servers on different ports on the same IP. except for customers who will never learn that you have to type in http://www.google.com:8080/ [google.com] instead of google.com. browsers have been designed to assume that any url without a protocol type is for http port 80. why? because port 80 is the standard designated protocol for http.
the inability for customers or potential customers to access your business's web site is a sufficient motivator to not stray from the standard.
Re:NAT (Score:5, Informative)
what limitations? my iphone is on NAT. what will IPV6 allow me to do on it that i can't do now
The original idea of the Internet was a network of peers. Every address was globally routable, and any machine could host content.
There are obvious security issues with this... Which is why we've got firewalls... But there wasn't really anything standing in the way of you hosting a game server, or website, or whatever on your home machine.
NAT now stands in the way of you doing this. NAT has destroyed the whole "network of peers" thing.
NAT is fine for simply consuming content. For your iPhone, for example, I doubt if it's an issue. And if you're just loading up random web pages at home, or connecting to WoW, or whatever - you'll be fine.
But if you want to host a web page at home you're going to have to not just open the ports in your firewall, but forward the traffic from your outside IP to the inside IP. And if you want a second box to serve up a web page too? Too bad. You only get one port 80 per IP address, and you've only got one globally routable IP address.
Again, if all you're doing is consuming, this isn't all that much of a problem. But then you aren't a peer, either.
Where this starts to be more of an issue is with various devices that we now want to be able to communicate with remotely. It's becoming more and more common for people to want to remote into home computers. Or maybe program a DVR remotely. Or maybe some utility company wants to be able to check your electric/water meter remotely.
Being able to host your own content is becoming more important, not less. And shoving everything behind NAT is becoming more of a problem, not less.
Nobody cares. (Score:5, Interesting)
Nobody cares, nor needs to, except the ISP's and hosting outfits. If they provide a nice 6-4 proxy (or whichever way around it is), 99.999% of users can continue doing everything they normally do. I've done it on several of my machines in the past, been in the IPv6 net and browsed IPv6 websites to confirm it, and I never once had to touch my IPv4 config or do anything too fancy - certainly nothing that an ISP couldn't do transparently from their side of the net.
It's an issue if you're hosting websites, because then your site needs to be accessible from the IPv6 addresses, but that's an issue for the hosters, most of the biggest of which are managed hosting outfits that can switch that on overnight if they haven't already - if they are allocating static IPv4 addresses, it's just a matter of translating and passing on IPv6 requests for a recognised IPv4 equivalent address to an internal IPv4 network. The root DNS servers are running IPv6 already, etc. There's absolutely nothing to stop this just working on most people's machines today and, no, not every machine needs to upgrade to IPv6 addressing in order to do that. In fact, if anything, suggesting that internal business networks suddenly become IPv6 addressable is the most stupid suggestion in the history of the world - most places just want an "4-6 convertor" in layman's terms and they'll tick along quite nicely on their internal 10, 176, and 192's without caring. Most places would run absolutely fine, the only place it matters is the extreme borders of the Internet.
People don't run IPv6 not because of any of those reasons in the article but because a) they haven't heard of it, b) ISP's don't support it or won't do it for them automatically and c) a lot of OS's never come preconfigured to use IPv6 if it's available. Oh, and of course, d) nobody will care until their IP address allocation requests start getting turned down.
It's not a big deal, it's not going to kill NAT's and 30 years from now there will STILL be local networks, internal VoIP systems, print-servers and whatever else using IPv4 addressing because it's a damn sight easier to leave a working config alone than to upgrade/replace every bit of hardware that touches IP. I can use IPv6 today. There's absolutely no need to until every link in the chain supports it and that's still YEARS away even with US government backing. And even then, IPv4 isn't going anywhere - it's just being superceded. It's like saying that all SSH servers have to switch to SSH2, or all wireless LAN's to 802.11n - it'll happen, and a little nudge won't hurt, but overall people just don't care enough for the majority of cases and their old stuff will still work on IPv4 in 20-30 years time if it's still operational.
Tell me when even 5% of the websites that I use regularly are available over IPv6 and I'll look at setting up my VPS to do the same.
Re: (Score:2)
Tell me when even 5% of the websites that I use regularly are available over IPv6 and I'll look at setting up my VPS to do the same.
Hard to say, since you don't list what sites you are using regularly. However, google search is available via http://ipv6.google.com [google.com], which is a rather big part of common web usage.
Re: (Score:2)
Useless is less than 5% of the sites returned support IPv6 (or could even tell you what it was).
Slashdot, for instance, doesn't.
This is really sad (Score:5, Interesting)
And at every job I've worked in the past 5 years, management has completely had their head in the sand about it. :-( And none of the developers understood enough about IPv6 to push in an even faintly credible way. :-(
I've been running IPv6 on my home network since about 2002. It's just not that hard. In fact, it's a lot easier than running IPv4. My IPv4 home network has a seriously contorted configuration because of the constrained addressing. When I wasn't even given a block of IPs but instead given X number of individual IP addresses it was even worse. My IPv6 network, OTOH, is configured quite simply and obviously.
OTOH, even though I've had an IPv6 DNS server for ages, my stupid registrar STILL does not support IPv6 glue records. It's ridiculous. The standard has been stable enough to do something like that for at least 3-4 years now. I just want to strangle them.
Last I checked, we only have about 200 days before ARIN stops being able to hand out new IPv4 addresses. It's around 7 months. After that, hosts start appearing on the Internet that only have IPv6 addresses. The connectivity breakage will be slow, subtle and inexorable. I bet it takes the tech industry at least another 5 or 6 years before they have to fix the problem or not have customers, and I bet it won't be fixed before then. So very very stupid.
Re: (Score:3, Insightful)
Ahh, a denier. I've seen you people too. The estimates that you claim to hear periodically keep on changing as the estimates change. I think you are mistaking early warnings for estimates that IPv4 will run out of addresses in a short period of time.
For the past 3 years, the date has remained relatively consistent. I have a nice phone app that shows exactly how many blocks are left. The number's been going down right on schedule.
The solution is simple (Score:5, Funny)
Just force all porn sites on the internet to be accessible from IPv6 addresses only.
Re: (Score:3, Insightful)
It's modded funny, but it would actually get the job done. There would be a few holdout ISPs claiming they don't support v6 "for the children", but most would be falling all over themselves to make sure they had v6 up and running by the day porn goes dark on v4.
When is /. going to get an IPv6 address? (Score:5, Insightful)
Re:When is /. going to get an IPv6 address? (Score:5, Informative)
Running IPv6 on a webserver means cutting of a chunk of your users with broken IPv6 setups. That is why you see a lot of http:://ipv6.google.com [http] style sites, but hardly anybody having a AAAA record on their main domain.
Re:When is /. going to get an IPv6 address? (Score:5, Insightful)
heise.de, a major German tech news site ran a test for precicely that reason about two weeks ago: they added an AAAA to heise.de in addition the normal AA record. Out of the thousands of visitors they have each day less than 10 were unable to reach that site in that configuration and wrote in about their problems and only one turned out to be unfixable because of a router misconfiguration somewhere else in the network. Since they advertised their test weeks ahead and asked users to report any problems they might experience during the test, the number of complaints they received is pretty low. So the argument of mixed AA/AAAA records not working properly of users is luckily losing its credibility, it seems.
Re:When is /. going to get an IPv6 address? (Score:5, Informative)
heise.de, a major German tech news site ran a test for precicely that reason about two weeks ago: they added an AAAA to heise.de in addition the normal AA record. Out of the thousands of visitors they have each day less than 10 were unable to reach that site in that configuration and wrote in about their problems and only one turned out to be unfixable because of a router misconfiguration somewhere else in the network.
Counter-anecdote. I've been running v6 at home for about a year now with absolutely no problems (Hurricane Electric, seriously, you guys kick ass). But I decided I wanted to add a new private 802.11n router to my network, so I went and picked up a DIR-625, which is a lower-end, 2.4Ghz-only 802.11n-capable D-Link WAP.
Now, I have a *slightly* unusual setup, in that I have a dedicated firewall (m0n0wall, you guys also kick ass), and I wanted this private, WPA2-secured AP to sit on my internal network and basically bridge the wireless pool directly to my network (no, in an enterprise scenario, I wouldn't advise this, but at home, with a properly secured WAP, I think it's safe). Furthermore, the firewall sends out v6 router advertisements, and I use simple v6 auto-configuration, so that any device connected to my LAN or existing 802.11g WAP automatically gets v6 connectivity (the latter is open and sits in its own DMZ). All of this works perfectly.
So I plug in the WAP so that the LAN-side of the device is connected to my network (this bridging the networks), and then connect to it with my laptop... and my v6 connectivity is shot. Attempts to connect to any v6 hosts time out. Odd. So I check my routes, and lo and behold, inexplicably, I have a default v6 gateway route that corresponds to a *loopback* address. A little digging, and I discover this POS AP is sending out router advertisements, and advertising it's *loopback address* as the gateway address. Buh??
So naturally I log into the AP and make sure v6 is disabled. Except it is. And it's *still sending out radv messages for it's loopback address*. The solution? I had to reflash the blasted thing and replace D-Link's firmware with dd-wrt.
Now, this is an incredibly common piece of consumer-grade hardware. And their IPv6 implementation is, apparently, horribly broken. If I were a regular user, and, say, Google, advertised AAAA records for www.google.com, I would've been unable to hit their website. So can you really blame service providers for choosing to either a) not advertise AAAA records for their services, or b) only do so to whitelisted ISPs?
Re: (Score:3, Informative)
Minor correction: I think you mean A record [dnsuniversity.com] rather than AA. AA [aa.org] is something else ...
crisis? opportunity! (Score:5, Funny)
So, what are the best ways to profit from this crisis?
Hoarding IP addresses is an obvious way, but that market seems pretty crowded already.
The leading cause of smug is no longer hybrids. (Score:5, Funny)
Plan B (Score:4, Interesting)
For your information, plan B is ISP NAT and a zero-sum game address transfer market. That would allow us to reallocate upwards of 80% of IPv4's addresses, extending the life of IPv4 some 10 to 20 years. It's not a fun prospect, but it's eminently workable -- perhaps even more so than IPv6.
So, anyone who says there's no plan B doesn't know what they're talking about.
Re:Plan B (Score:5, Insightful)
Assuming you don't want to use VNC, VoIP, IM file transfers, bittorrent, access your home DVR remotely... sure, it's workable! It's as workable as a backup to the Internet as candles are a backup to electricity.
Re: (Score:3, Insightful)
My Vonage (VoIP) works just fine behind a NAT and my DVR calls out to a remote service from which I control it. I don't need VNC or bittorrent. Neither do 99% of the folks who buy residential Internet service. If you're one of the 1% that does, you buy the static IP address option for an extra five bucks. No muss, no fuss.
Re: (Score:3, Interesting)
As long as you just want to be a consumer of web and mail, it works to a degree (it will require some big honking firewalls to do the NAT), but if you actually want to serve content, ssh to your home machine, or do anything even slightly off of the norm, you might as well just cut the cable because it's not going to happen.
Just forget it is NOT plan B, it's just giving up.
That's a real shame when v6 is actually quite easy to set up and even the ancient XP machines can handle it.
IPv4 is warmer and I'll never switch (Score:5, Funny)
I'll never switch to IPv6 with its cold, digital precision rendering of data. The lower resolution of IPv4 just provides a better rendition of old favorites like slashdot, to my eyes anyway. Sure, there's some noise, some clicks and pops, but nothing matches wikipedia seen through a nice tube monitor.
You're all just getting this? (Score:4, Interesting)
Really?
Well, ok, a little recap:
IPV6 has been resisted by virtually all major players, with few exceptions.
IPV6 is poorly tested in the real world. We will see massive problems getting it working.
IPV6 WILL WORK. It will take some time.
IPV6 will coexist with IPV4 poorly, and we will see a dramatic changeover as the critical mass of IPV6 nodes comes online, and IPV4 is more trouble than it's worth to keep around for a little while longer. My estimate, 3 years.
Asia will lag behind in IPV6 adoption.
Some interesting points:
The U.S. Department of Defense holds 11 Class A blocks. If they could reduce their usage to just 3, we could give IPV6 another 3 years of grace. But:
- If we give IPV6 3 more years, it will still take 3 years from then to substantially implement it. And the industry will take those 3 years to avoid the pain.
- The DOD will need at least 5 years to reorganize and give back those Class A blocks. The Navy alone will need 2 years to negotiate with EDS/HP to make the changes. Read up on NMCI and you will recognize a genuine military-grade CF. NMCI is a failure. IPV6 would merely give EDS/HP another opportunity to gouge the service. They rarely miss these opportunities.
- There are several Class A block owners that look like better candidates for either conversion or elimination. None seem ready to do what the DOD would have to do, i.e. spend massive amounts of time and money to make a change for the community, without any real benefit to them.
Just some personal IPV6 observations:
I had two different Fedora distros fail for me at home because IPV6 was turned on and both my router (Linksys WRT54G stock F/W) and my ISPs (Cox and Qwest) fritzed their IPV6 implementations. No, wait, both ISPs had no working IPV6 in the Phoenix area in 2005-2008, despite claims to the opposite. The Linksys I will probably have to reload with something more useful, but it's the early one that can take a lot of new firmware.
Oh, and turning off IPV6 in each Fedora release required different and arcane methods. A hint to the Linux community - common and stable configuration methods would be a blessing. And not just a GUI. I know, security, security, security. I can assure you, my broken Fedora builds were secure, even from me. A stopped clock is right twice a day.
I think my Ubuntu distro left IPV4 on and IPV6 off, but I haven't looked. It works, and has for 3 years.
Despite the clamoring for IPV6, it just has no traction. Why bother yet? Like a lot of things, crisis will have to escalate to failure before this gets fixed.
If Jon Postel were still with us, he would have already made this happen. I miss him so. We need individuals that drive Internet management and administration, not groups. Internet by committee is failing. Can we not find anyone trustworthy to lead Internet functionality at this level?
No, Stallman is not the answer. And nobody at Sun/Oracle either.
We are not running out, we are being stupid (Score:3, Interesting)
A friend of mine just colocated his server. The colo he used gave him 4 or 5 IP addresses for his single computer. Even though he is running VM's, he does not need 4 IP's.
This kind of thing is happening everywhere. Cleaning up that kind of junk will give us time to convert to IPv6
Re: (Score:3, Informative)
Why shouldn't he have 4 or 5 addresses? Most colo providers will either allocate a /30 or /29 to your machine, and there are very good reasons for this.
Playing the "conserver ipv4 IPs!" game is ridiculous when there's a standard right there that will completely remove these type of concerns. It's time to move on.
It's a problem with infrastructure. (Score:3, Informative)
I own blocks of IPv4 addresses, yes a query to ARIN produces my name. I own many Domain Names (my DNS bills are substantial). I also own several IPv4 blocks because I purchase a business account for my home internet connection; these ones aren't ownership, but part of product agreement from the ISP I go through. I have co-los directly connected into Yahoo's backbone in the NBC building downtown San Diego. I have considerable network resources, for personal use and as nerdy as it is... I'm proud.
The IPv6 problem largely persists because there is 0 infrastructure support. When I say infrastructure, I mean everything from the AT&T copper telecommunications level all the way to the consumer level Service Providers like Cox Cable or Road Runner services. Almost all "IPv6" solutions a consumer can find is nothing more than a IPv6 WAN configuration scheme between you and your ISPs first router and their router does IPv6 to IPv4 translation for all requests. Some companies might have their own IPv6-to-IPv4 translators on the routers facing their upstream providers... again this isn't connected to a IPv6 "internet". The IPv6 support found in software primarily seems to most revolve around one requirement "translation to IPv4".
I know this might hurt a lot of feelings. Bind Ping, a lot of FOSS software has "native" IPv6 support and I'm not debating this. What I'm pointing out is none of it is anything more than experimental code as there is no real means of testing any of it on a real life network. I have faith in it, yes but I have a hard time thinking it could have been extensively tested on a real network.
I realized all of this after trying to get my co-los on a hardcore, pure, real-life IPv6 network with network addresses and all services go. Even up to the point where IPv4 wouldn't work at all. It logically can't be done at this point in time; there are no big time upstream providers in Southern California that can provide a real IPv6 link, even to businesses such as mid-sized ISPs let alone to consumers. This is the problem, without infrastructure support... all we are doing is translation and pseudo-WANs running on top of IPv4.
All the telecommunication companies need to jump on board. All the major universities need to abandon IPv4 for communicating with each other (effectively converting the major backbone of the internet to IPv6). We need the translators to be in primarily reverse, IPv4-to-IPv6 instead of IPv6-to-IPv4. We need all the major ISPs to start offering IPv6 to the consumer. This is the easy part I think, consumer doesn't care or know the difference.
Threaten to switch to bang-paths (Score:3, Funny)
That ought to scare people into compliance.
Re: (Score:2)
Maybe if you spelled slashdot correctly?
Re: (Score:2)
Yeah? WTF is slahsdot.org?
Re: (Score:2)
Nah, it's an opportunity to sell new gadgets!
Someone will come up with an inline ethernet 6to4 proxy for $30. Router manufacturers will finally build it in... it will be as simple as serving ip4 to older DNS requests, and ip6 to newer machines. As long as the DNS requests are managed correctly it won't be a problem.
The real hard work will be at the ISP and enterprise level... The service software guys (RH, IBM, CA, Oracle etc) will be banking.
Re: (Score:2)
On the plus side, you'll have a lot more stuff to sell.
Re: (Score:3, Insightful)
is why didn't we just go for an extension?
That would have made too much sense and the IPv6 committee wanted to build a monument.
Re: (Score:3, Insightful)
Putting the remaining 2 sections on separate portion of the packet, keeping the first 4 sections normal, would allow legacy hardware to route these, yet trivial to make new hardware to understand.
This would have made minimal to no impact whatsoever for backbone networks at this moment, all it would have needed are:
- Some new edge routers for those who wish to extend
- Software update to operating systems of trivial level
- Instead of Class Cs given for new applicants, you give just a Class D (what is now single IP address)
So they go into the payload? Thus decreasing the amount of real, useful data that you can actually put into the packet and increasing the total number of packets flowing through the backbone, as well as the total amount of data that's being pushed through. This quite obviously impacts the backbone.
You seemingly haven't considered low-mtu links, either. The extra data you have to put into the packet will really start to add up there.
- Software update to operating systems of trivial level
Networking stacks are hard--not because the protocol itself is hard, but
Re:May are reporting doom scenarios (Score:5, Insightful)
Y2K was only a minor issue BECAUSE every programmer and their cousin was busy fixing the bugs for several years. A few million man-hours and workarounds from hell later, you'd expect things to function fine. There were vendors that ignored the issue and it is those vendors that reported problems in 2000. It is THOSE examples you should look at, because THAT is what your world would have been had the rest of us not fixed things for you. Be grateful, wretch, that we bothered. Because next time we might not. And there is NOTHING you can do or say to change that.
Re: (Score:3, Insightful)
Adding a few bits would be no easier than adding 96.