Worldwide IPv6 Adoption: Where Do We Stand Today?

skade88 writes "IPv4 is much like a limited natural resource; it can't last forever. The well of new IPv4 addresses is already running dry in many parts of the world. The solution to this problem, which was presented decades ago, is to switch to IPv6. With peak IPv4 far behind us, why do we still see limited IPv6 adoption? Ars takes a good look at where we are and where we are going with the future of IP addresses, the internet and you. Quoting: 'As with all technology, IPv6 gets better and cheaper over time. And just like with houses, people prefer waiting rather than buying when prices are dropping. To make matters worse, if you're the only one adopting IPv6, this buys you very little. You can only use the new protocol once the people you communicate with have upgraded as well. Worse still, you can't get rid of IPv4 until everyone you communicate with has adopted IPv6. And the pain of the shrinking IPv4 supplies versus the pain of having to upgrade equipment and software varies for different groups of Internet users. So some people want to move to IPv6 and leave IPv4 behind sooner rather than later, but others plan on sticking with IPv4 until the bitter end. As a result, we have a nasty Nash equilibrium: nobody can improve their own situation by unilaterally adopting IPv6.'"

The reason why is

[Anonymous Coward]

With peak IPv4 far behind us, why do we still see limited IPv6 adoption?

The reason why is simple: because we haven't run out of IPv4 addresses yet.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Forty Two Tenfold]

With peak IPv4 far behind us, why do we still see limited IPv6 adoption?

The reason why is simple: because we haven't run out of IPv4 addresses yet.

Close: because for the time being the costs of the transition are higher than those of maintaining the status quo.

IPv6 Internet is "here" for some of us

[insecuritiez]

I have a native, public, non-tunneled IPv6 address at home through my non-business Comcast cable Internet service. My computer and phone automatically use IPv6 whenever available.

I can use IPv6 at work too.

It's already here and adoption seems to be accelerating.

Re:

[Mashiki]

Must be nice. My ISP's DSL side is on IPv6, their cable side isn't because the company that they buy their headend connection through(rogers) still hasn't finished upgrading everything. My modem is good to go, and has been for over three years.

Re:IPv6 Internet is "here" for some of us

[insecuritiez]

It's very nice. I was in the process of setting up a tunnel between my home gateway and a Linode machine (Linode provides native v6) and making Linode my publicly visible exit point to the Internet. A few weeks into the project Comcast implimented v6 making my tunneling efforts redundant.

Comcast currently allocates a /64 to each customer but they say they'll hand out shorter prefixes later.

I currently use "privacy addressing" with my Linux machine which I do with:
# IPv6 privacy stuff
echo 209600 > /proc/sys/net/ipv6/conf/wlan0/temp_valid_lft
echo 10800 > /proc/sys/net/ipv6/conf/wlan0/temp_prefered_lft
echo 128 > /proc/sys/net/ipv6/conf/wlan0/max_addresses
echo 2 > /proc/sys/net/ipv6/conf/wlan0/use_tempaddr

This is mostly so that I'm trying out the most extreme end of IPv6 where I'm going through addresses quickly and have up to 128 at a time.

IP6 addresses are a pain

[Viol8]

We have so many test VMs appearing and disappearing on our network that we don't bother putting them in DNS, we just give out the IP4 192.168... address for the testers and devs. I dread to think what would happen if we had to give them the line noise that is an IP6 address. Whatever other merits IP6 has, the designers REALLY didn't think it through at the manual address entry level.

Re:IP6 addresses are a pain

[Aqualung812]

the designers REALLY didn't think it through at the manual address entry level.

Yeah, they did, and they decided that the only servers that need a manual address are DNS servers and DHCP servers (if you choose to run DHCP).
Outside of those, the only other things that need manual addresses are routers.

Everything else should use Dynamic DNS.

Give me a good reason why someone shouldn't be using DNS instead of direct IP address, other than lazy programmers.

Re:IP6 addresses are a pain

[gclef]

One good reason why *servers* shouldn't be using DynamicDNS? I'll give you two.

First scenario: your server isn't responding. How do you tell the difference between a failure of the server itself and a Dynamic DNS registration failure? If you don't know it's IPv6 address, how can you tell if its fine, just not registering in DNS properly? Heck, if it's not registering properly, how do you find it at all?

Or, more fun: the server reboots & ends up with a different dynamic IPv6 address....even if it registers the new address to its name properly, clients don't always honor DNS cache times, and will keep trying the old address for a while. You've now created an outage for no good reason.

If you said that desktops don't need static DNS, I'd agree with you completely. But making server infrastructure totally reliant on a middle layer is asking for trouble...things'll work fine until you have a problem & need to troubleshoot. Then your reliance on an external system will bite you in the ass.

Re:

[Denis Lemire]

Multicast DNS for the win.

Re:

[gclef]

Multicast DNS for the win.

...Added complexity for the lose.

That's the entire point: adding another layer of complexity makes troubleshooting and management harder and more likely to fail in new and surprising ways. Making that new layer different (multicast DNS rather than unicast) does not solve the problem, it just moves it somewhere else. This is not better.

I have no problem with servers *using* multcast DNS, dynamic DNS, etc. I have a problem with *relying* on DNS as the only way to connect to a server. DNS fails. So does multic

Re:IP6 addresses are a pain

[icebraining]

But nobody is saying we should burn all traces of IP addresses, just that manually writing them should be a negligible use case. One can just copy/paste the IP from some file if DNS happens to break.

Re:

[Bengie]

I was going to say. My $30 network printer and Linux firewall can resolve local devices based on some standard broadcast name resolution. My firewall lists by device name+IP+MAC. If the local broadcast domain is working, name resolution should be working.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[unixisc]

Doesn't DHCP6 allow you to assign static, as well as dynamic addresses, in the same way that DHCP4 does?

Re:IP6 addresses are a pain

[DarkOx]

I have this fight for a long time and some of what you say is true, but in my experience its always worked out better where my DNS rule is observed on a largish network. That is: if its not in DNS it does than it does officially not exist, that address is mine ( network admin ) to freely use as I please, and if your refer to a resource by IP directly its subject to change with minimal warning.

A proper DNS infrastructure does not just fail ( most organizations don't have that but its a different matter ). Other 'stuff' happens all the time. Companies get acquired that happen to use your same address space, services have to be moved to different sites for one reason or another, something at some subsidiary starts causing problems on the wan and you need to know what is right away etc. A solid DNS database makes it possible to find the information you need quickly both for humans and machines, and to effect changes easily without having to chase all across your 30 site nation wide WAN to fix every the address of the time server on every box. If you are not using DNS, even in ipv4 world, everywhere you possibly can I say you are doing it WRONG. That extra layer is there to help you and give you options.

Also even without DNS and DHCP most the time ipv6 is not going to require you to know any more bytes of an address than you do today. If you subnet properly the prefix should be predictable inside your organization. So you should still only need to communicate the last part of the address to all but the least clueful users

Re:

[Viol8]

"Give me a good reason why someone shouldn't be using DNS instead of direct IP address, other than lazy programmers."

I'll give you a number of good reasons - manpower , deadlines, simplicity. When you get a proper job instead of playing around at college you might understand.

Oh , and programmers generally don't set up DNS. Just FYI.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[cdwiegand]

Wow.. if only it were that easy! No, you don't resolve a hostname to an IP, you resolve it to a List of IPs, some of which may be IPv4 and some of which may be IPv6.

Re:IP6 addresses are a pain

[sl4shd0rk]

Give me a good reason why someone shouldn't be using DNS instead of direct IP address

Here's 4. Not trying to be a wiseass, but there are times when bypassing DNS is preferable.

1) When you cannot trust your DNS source
2) DNS is not working or too slow
3) You didn't want to/need to spend $$ registering a domain
4) Your IP changes but DNS hasn't updated yet

Re:

[nabsltd]

3) You didn't want to/need to spend $$ registering a domain

You only need to register a domain if you want it in the public DNS space.

For something completely in-house, you can set your DNS server to be authoritative for any domain. The only caveat is that if it is a domain in the public DNS space, you won't know it. You would use this to do split DNS, so hosts resolve to the private IP address for internal clients, while the outside world sees the public IPs. Throw in some sub-domains that are only available inside (*.dev.example.com, *.stage.example.com, etc.),

Re:

[FridayBob]

... Give me a good reason why someone shouldn't be using DNS instead of direct IP address, other than lazy programmers.

From a management perspective it's a solid advantage for me to give fixed IPv6 addresses (via DHCPv6) to all of my (Linux) workstations, just as I did before and still do with IPv4. IPv6 not only allows me to access them directly via the Internet without using SSH tunnels, but fixed IP addresses in general (with both forward and reverse DNS entries) are also essential for the Kerberos authentication system that we use.

As for whether IPv6 addresses are a pain to work with, it would seem that way if only t

Re:

[MartinG]

You can do that with your hosts file instead. Or use an alternate DNS server. Or run your own. (etc.)

Re:

[Ultra64]

> These typically have very little in the way of access controls

I'm not sure why it's DNS' fault you bought shitty hardware.

Re:

[icebraining]

if the DHCP server goes

You use the failover.

Heck, and what about latency for updating DNS servers with the new addresses when DHCP assigns them (remember, DNS servers cache answers, typically for days, and if you try to turn off the caching it takes too long to get answers to your DNS queries).

Uh, that's just public DNS. My dnsmasq instance updates in seconds, and all my clients use it directly, so there are no caches.

Re:

[icebraining]

We're talking about using DNS vs manually typing IP addresses every time. Just letting stuff auto-configure is fine, but irrelevant to this particular discussion.

Re:

[Trepidity]

I'm not sure what else you could do for a 128-bit address. The format isn't inherently any more complex, just longer: instead of four 8-bit numbers separated by dots, it's eight 16-bit numbers separated by colons.

If you have some kind of regularity in the addresses, there are also alternate formats you can use, if you find it more convenient, to try to make them shorter and easier to type. For example, you can omit segments that are 0, and collapse consecutive such segments, which is why you can write the l

Re:IP6 addresses are a pain

[arth1]

For example, you can omit segments that are 0, and collapse consecutive such segments, which is why you can write the loopback address as ::1.

To be fair, you can do that with IPv4 too. Using 127.1 for the loopback address or 192.168.1 for a typical NAT gw address works just fine.

Re:IP6 addresses are a pain

[Dagger2]

The right-most octet in the abbreviated address substitutes for the right-most octets of the full address.

e.g.:
127.1 -> 127.0.0.1
192.168.1 -> 192.168.0.1
192.168.257 -> 192.168.1.1
10.65536 -> 10.1.0.0

Re:

[arth1]

Admitted, one of these is not a valid IPv4 addresses.

They're all valid. One is reserved, and one is unassigned, but all are valid.

But neither are yours...

Actually, yes, they are.

127.1 = 127.0.0.1
192.168.1 = 192.168.0.1

All conforming tools will understand the short forms, including the OS resolver. Just try it - open a command prompt (whether in Linux, Windows or other) and try:
ping 127.1

Another common one is:
0 = 0.0.0.0
A system with a nameserver running on it will often have a line "namserver 0" in /etc/resolv.conf - that ensures it will use its own nameserver whether it's listeni

Re:

[tatman]

Agreed. IP4 was simple to read. just a set of number groups. And likewise, it was simple to communicate. IP6 is hex values or something (not sure whats the % is in "Reply from fe80::f9ee:eb6f:8c74:52f5%16: time1ms"). When I ping something I always turn on the IP4 switch.

Re:

[MajroMax]

It's probably the index of your machine's IP that received the echo reply. An IPv6-connected host will have many addresses of different scope, so some implementations use the "%" to distinguish which of your addresses has handled a connection.

Re:IP6 addresses are a pain

[Fred Foobar]

That address is a link-local address. The number following the percent sign is the zone index, which specifies which network interface the address is on. If it were not there, the address may be ambiguous with multiple interfaces (imagine if two hosts on two different network segments had the same IP address; neither host can talk to the other but the machine you're on can talk to both through separate interfaces). I don't think IPv4 handles this case at all. Indeed, RFC 3927 discusses address ambiguity but provides no real solution for it. IPv6 provides a solution in the form of zone indices.

Re:

[unixisc]

Simpler to read ==> shorter ==> fewer addresses ==> run out of them sooner

Re:

[PlusFiveTroll]

Your routing prefix is unlikely to change (first 48 bits)
Your subnet id says the same per 'net' and only varys if you have more then one addressable network (16 bits)
the last 64 bits are the easy part...
type :: to compress out the 12 zeros you don't need to type then start at 1 and go up to ffff

Just avoid automatic addressing for systems that you are going to access like servers. Everything else should use a automatic dns registration system when getting an IPv6

ANY 128 bit address is going to have 'human' i

Re:

[MajroMax]

If DNS/DHCP is so difficult, then you can do exactly the same address assignment with ipv6 that you do with ipv4: give out a static /64 to each group-of-VMs, and let the testers/devs themselves pick individual machine numbers from that prefix.

If you want to be really short, then generate an unique local prefix [wikipedia.org] (/48) for your test networks, and subdivide from there according to whatever scheme you want, like fd8a:db80:db80:building:floor::[machine]

Re:IP6 addresses are a pain

[maz2331]

Seriously, it sounds like SOMEONE can't convert between decimal and hex.

The addresses are easy once you get even slightly used to them, and once you memorize your /48 or /64 prefix is no more difficult than v4. 2001:123:45:67::2E/64 isn't hard. [2001:0123:0045:0067:0000:0000:0000:002E]. I have memorized our /48 and our usual scheme is to split it into /64s that then match the 3rd octet of our 192.168.x.x private range...so for example, I'd set up a host that is on 192.168.16.5 as 2001:123:45:10::5/64.

Or even better... just let the router on the subnet autoconfigure the hosts, or setup DHCPv6 on a server.

(Ocourse the 2001:123:45 addresses are totally made-up and fictitious... no need to give my real-world v6 netblocks on here!)

Re:IP6 addresses are a pain

[cc1984_]

just so you know, the 2001:db8 is reserved as a fictitious subnet to use in documentation. You'd be better off using that instead of 2001:123:45

Re:

[Anonymous Coward]

Umm... Seems you haven't understood how IPv6 addresses work. Everything starting with fd is private. So you could assign the addresses
fd00::1
fd00::2 ...
to your private VMs. Quite a bit shorter than then IPv4 192.168... madness.

Re:

[WaffleMonster]

We have so many test VMs appearing and disappearing on our network that we don't bother putting them in DNS, we just give out the IP4 192.168... address for the testers and devs. I dread to think what would happen if we had to give them the line noise that is an IP6 address.

Whatever other merits IP6 has, the designers REALLY didn't think it through at the manual address entry level.

I know...take for example the IPv6 address of sprints public web site... It's huge...sorry I mean smaller than any possible IPv4 address.."2600::"

I think you have a choice. You can go for large unwieldy autogenerated messes of address from SLAAC or you can manually (or via DHCP) configure easy to use IPv6 address especially if it is for an internal network.

I do not think it is fair to assert both the idea manual configuration is required and IPv6 addresses are impossible to work with concurrently.

If you ar

Re:

[petermgreen]

I dread to think what would happen if we had to give them the line noise that is an IP6 address.

IPv6 addresses don't HAVE to look like line noise. Yes they are longer but that length gives you more freedom to maintain an addressing pattern that matches your network rather than having to pack things in a massively dense fashion. The main thing is to avoid using stateless autoconfiguration for any IP a user is likely to need to interact with.

Having said that there is really no reason to not continue using private IPv4 for logging into boxes regardless of whether they have a v6 IP to let them access reso

DHCP6 perfect for VMs

[unixisc]

Test VMs? Why not put them in DHCP under IPv6? Have your usual prefix, followed by something like a code range to indicate that it's a VM, and then let it cycle the numbers under DHCP6? Like if one has 2001:a:b:c:add::[hhhh] where the last word is the random number assigned to the VM, which can range from 0x1 to 0xffff?

Using it at work, really useful

[jnelson4765]

I just rebuilt our monitoring system on Munin 2.0, which can deal with IPv6. Made life a lot easier, since punching holes in NAT routers and screwball port mappings went away.

Google and Facebook are both running ipv6, and both our office and a chunk of our datacenter are on ipv6 through a he.net tunnel. Wish native ipv6 was available, but Amazon hasn't enabled it for AWS, and the Comcast ipv6 rollout is to consumers, not to business clients.

What about the big ones (e.g. verizon, AT&T)

[sohmc]

My FiOS ISP does not have an IPv6 address. I support it internally on my router. I imagine that the hold up is that the big guys aren't there yet. This makes sense since they have the most equipment to replace/reprogram.

I'd actually be interested in where these guys are at. I'm sure they figured it out for businesses but I'd like an IPv6 address for my house.

Re:

[account_deleted]

Comment removed based on user account deletion

Still not working...

[bartjan]

bartjan@ix:~$ ping6 slashdot.org
unknown host
bartjan@ix:~$

Maybe about time to update this story from 2003 [slashdot.org]??

Re:

[gQuigs]

arstechnica.com doesn't have Native IPv6 either.

So... what is preventing slashdot and arstechnica.com from going IPv6?

Re:

[Anonymous Coward]

No-one at Slashdot knows very much about this technology stuff. It's more about maintaining a nerd image by wearing weird glasses.

Re:

[jones_supa]

At least Slashdot is very conservative what comes to technological improvements.

Re:Still not working...

[alanw]

I run the Firefox plugin SixOrNot [mozilla.org]. Google - a green 6. Youtube and Facebook ditto. Slashdot, a red 4. There are major sites out there running IPv6.

I have a free tunnel [tunnelbroker.net] from Hurricane Electric [he.net]. The only issue is that Google thinks I'm in the USA, which can't be a bad thing.

Now that there are no more IPv4 addresses available in Europe, it's in the interests of the established players to suppress IPv6 and lock out disruptive new startups: e.g. ISP's or Co-Lo's.

Better yet..

[micber]

maybe we should just say "the Internet is full!" and call it a day...there's already too much crap floating around anyway!

Re:

[marcosdumay]

That's easy to solve. Just disconnect your computer and it won't affect you anymore.

older modems / routers are a isses as well and who

[Joe_Dragon]

older modems / routers are a issue as well and who knows what bugs are in them that will only show up with higher IPV6 use.

How meany people are useing say the modems from there ISP that may be a few years old that does not have IPV6.

Re:

[jones_supa]

Then we replace the modems.

Re:

[marcosdumay]

Last time I was out to buy a modem, I couldn't find a single one reasonably priced (within 1000% of the cheapest model's price) model that supported IPv6.

I use it as bridge, but most people will have a problem with it.

IPV6 and Debian...

[LVSlushdat]

I recently signed up for a Xen Linux vps thru a vendor to run a mail server on, I provisioned it with Debian/squeeze, and while installing everything, I happened to notice that the apt-get sessions were talking to the Debian repos via ipv6. Was kinda startled, as I'm not used to seeing those humongous ipv6 addresses.. The vps vendor gives you at no extra charge two v4 addresses and three v6 addresses. Although I see in their blog, they are dropping the v4s to one per vps without a significant extra charge

Re:

[unixisc]

Three /128 v6 addresses? Or three /64s?

Multicast?

[Anonymous Coward]

I've been waiting for the IPV6 killer application to show its head. Until then I don’t think Joe public will know or care what IPV6 is and why they should use it.

So I mention this here in the hopes that it will light somebodies bulb and somebody will probably correct me on this, but I always thought IPV6 included global multicast, which would make lots of new application possible. Imagine being able to stream content from your home to any number of people without the need for a costly connection. Kind

Re:

[tftp]

Imagine being able to stream content from your home to any number of people without the need for a costly connection.

You'd have to do the imagining from within the prison cell :-) A copyright crime is worse than murder because when a peasant kills another peasant nobody cares; but when a peasant steals content from a corporation then the sirens start wailing, and no punishment is too high for such a crime.

The Internet remains the Internet only for highly technical people. Everyone else is a consumer; a

Re:

[WaffleMonster]

In other words, the IP version is not a significant factor in development of new commerce over the Internet. Skype works fine over IPv4 as it is, and the browser works.

Most of skype is dealing with endpoints who are both behind nats and threfore unable to connect directly to each other so conversations are punted unecessarily thru other users systems with better connectivity. This creates significantly higher latency, unecessarily wastes resources of multiple parties and lowers overall reliability and quality of the communication.

With a network of peers "skype" would simply consist of an optional directory to facilitate people finding and connecting to each other.

People

killer app?

[DECula]

Unless we come up with a viable DNS RBL for ipv6, the killer app for ipv6 is going to be spam. Hey mister, wanna buy a Rolex?
I hope someone is working on services like this. I can also imagine one heckofa bot net once we get all those soda machines and
refrigerators online.
 

Re:

[KiloByte]

the killer app for ipv6 is going to be spam

Woooh... amazing! Looks like the last non-spam piece of mail my mail server received over IPv4 was three days ago, most of legitimate mail I receive comes on IPv6. On the other hand, the last piece of spam not over IPv4 was on 2012-12-26 (from 2604:e800:184::6d0e:3a91).

This seems to be a random fluke as it's quite rare to not get anything via gmail in three days (it was the culprit that broke the streak), but fluke or not, that's what's on the top of my logs right now.

It ain't working

[Alomex]

IPv6 ain't working. This should pretty much be clear to all, since it is not being widely adopted. The IPv6 proponents can down moderate those who point the flaws all they want but the facts speak for themselves.

A more constructive approach was to take steps to facilitate its adoption, such as tunneling, the IPv6 day and the IPv6 experiment. It didn't work. Fourteen years since it has been introduced with IPv4 address space running out rapidly and still only 1% of the internet. At this point we have to be

Re:It ain't working

[WaffleMonster]

IPv6 ain't working. This should pretty much be clear to all, since it is not being widely adopted.

All major ISPs in US are in the process of testing and rolling it out.

Google, Netflix, Akami, Federal government, Facebook all on IPv6.

All major CPE vendors shipping IPv6 enabled gear.

Perhaps you know something they don't?

There will be a long tail and it will take forever to move enough for the plug to be yanked on IPv4. Nobody is saying RFC 801.

A more constructive approach was to take steps to facilitate its adoption, such as tunneling, the IPv6 day and the IPv6 experiment.

All these "steps" did was throw a wrench in the process of adoption. This is 2013 and people demand a production quality network. Tunneling does NOT provide that.

Content is not going to deploy to a shit network with no bandwidth and crappy availability that tunneling provides.

IPv6 day was necessary mostly to identify and fix what went wrong with the tunneling nonsense already deployed.

still only 1% of the internet. At this point we have to believe that nothing short of a completely new protocol will succeed.

We all get to believe what we want. I choose to believe publically available bandwidth charts showing an exponential curve and the interface statistics on my router showing ~30% of my traffic by volume is IPv6.

Re:

[jbolden]

It is being widely adopted. Virtually every major carrier on the planet has an adoption plan that is underway. In many Asian countries they are almost fully converted. In the USA the cell networks are converted with home / small business likely to be converted by end of 2014. Too slow yes. Not being adopted, no.

Want to make it happen fast? Easy solution

[WindBourne]

Start removing classes for use in the IPv4 arena.

Right now, ISPs, esp. in America, are not converting because they do not need to. BUT, to speed it up, all that needs to happen is to require that 5% of the IPs be returned every year or so, starting 1 year out. That will pretty much force the situation.

And for those that will scream that this is not right, BS. It is needed. Long needed.

Re:

[Ultra64]

Not really, you just track them by their IPv6 subnet prefix instead of their full IPv4 address

Re:

[Anonymous Coward]

I'm not taking any chances... I've moved our network to IPv8

Re:That's easy.

[NatasRevol]

They can still find it.

Try IPv9¾

Re:

[Anonymous Coward]

How so? Many (if not most) end system addresses have the MAC address embedded in the v6 host address, so you get more information out of a v6 address than you do out of a v4 address (including the ability to trace the same device even if it changes layer-3 networks).

Since most vendors aren't supporting RFC 3972, tracking is probably going to be easier, not harder.

Re:That's easy.

[Ultra64]

>Many (if not most) end system addresses have the MAC address embedded in the v6 host address,

http://en.wikipedia.org/wiki/IPv6#Privacy [wikipedia.org]

Privacy extensions are enabled by default in Windows, Mac OS X (since 10.7), and iOS (since version 4.3).[39] Some Linux distributions have enabled privacy extensions as well.[40]

Re:That's easy.

[firewrought]

Privacy extensions are enabled by default in Windows, Mac OS X (since 10.7), and iOS (since version 4.3).

But it doesn't keep ISP's from moving to permanent, static IP addresses. So privacy extensions will "blur" the PC's within a single household together and keep stalking firms (um "ad agencies") from tracking you as you move between coffee shops*, but, in practice, all household traffic you generate will be branded with the same permanent, unique address.

I'm not poo-pooing IPv6, that's just an unfortunate drawback that comes with all of its advantages.

*Tracking you by IP, that is, there are still cookies, local storage, browser fingerprinting, etc.

Re:

[Matt_R]

But it doesn't keep ISP's from moving to permanent, static IP addresses.

I wish my ISP [snap.net.nz] could offer me static IPv6, but they currently can't do it!. Right now I have a dynamic /48....

Re:

[unixisc]

But since an ISP will give one a whole link - be it /64, or a subnet, such as /60, /56 or /48, isn't it obvious that the decision of whether to use static or dynamic addresses (or indeed a combination) is w/ the end user? Not to forget - in IPv6 - unlike in IPv4, multiple IP addresses are allowed on a node.

Re:

[unixisc]

FBSD uses the EUI-64 convention, where the MAC address is obvious. It's good to know that iOS and OS-X haven't gone w/ that.

Re:

[WaffleMonster]

How so? Many (if not most) end system addresses have the MAC address embedded in the v6 host address, so you get more information out of a v6 address than you do out of a v4 address (including the ability to trace the same device even if it changes layer-3 networks).

Since most vendors aren't supporting RFC 3972, tracking is probably going to be easier, not harder.

I think you might be thinking about privacy addresses enabled by default on Windows and configurable on MAC and Linux.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:That's easy.

[MajroMax]

That won't work in the long-term. The problem with carrier-grade NAT is that the ISPs have to... maintain carrier-grade NAT.

Network Address Translation is a stateful protocol, and it's orders of magnitude more expensive to maintain connection tracking on a per-connection basis for your customers than it is to simply route packets between networks. Even ISPs that use Deep Packet Inspection have the luxury of looking at selected traffic flows; carrier-grade NAT has to cover everything or it doesn't work.

Re:

[DarkOx]

1998 called and they want your argument back. The fact is the sort hardware needed to build connections, store them in memory, and do the actual translation is just not that expensive anymore.

Re: That's easy.

[LostMyBeaver]

There is still a cost on large ISPs. The holy land of carrier grade NAT would be to NAT the entire ISPs v4 network and route statics for customers who want their own addresses. Even with big iron (think ASR9k) the active translation table can be far beyond the scale of the hardware.

That said, a more conservative approach would use private IPs for the P routers and internal addresses for the PE routers. Then a VRF would provide a /30 between edges for private networking. Another VRF would carry static routes

Re:That's easy.

[MajroMax]

ISPs don't want to do carrier-grade NAT, because then they have to maintain carrier-grade NAT.

CGN is a stateful protocol, meaning that each of their implementing-boxes needs to maintain and process state for each data flow to or from your devices. That's no big deal for a single home, but it's a problem for a carrier. If the boxes are too far towards the customer-end of their network, they will be small but they will also be numerous, making maintenance more frequent. If the boxes are too far towards the core of their network, an ISP will only need a few, but the hardware requirements are much heftier to provide acceptable performance. (Already, bittorrent can saturate some of the cheaper home routers).

Simply routing packets is technically far, far easier than running network address translation. Even ISPs that use deep-packet inspection have the option of turning it off if things go wrong -- the network fails open. Carrier grade NAT doesn't have that option.

Re:

[WaffleMonster]

Without it, they can sell IPs for nice amounts without paying for it themselves. For ISPs it would even be nice to just give everybody a 10.x.x.x address (as they do with phones) so you can not run any server, or with very much work.

It is much better and easier to control on many levels of control.

So why would they go to IPv6, which will cost money, while sticking with IPv4 will bring in money.

Given scale of traffic large ISPs are dealing with today it is expensive enough just for the gear to look up L3 addresses in IP header and make routing decisions in hardware associative memory.

ISPs benefit today by deploying IPv6. When they do a huge slice of their traffic (youtube, google, facebook, netflix) no longer has to go thru more expensive and headache causing carrier NAT where headers must be inspected, mangled and where state must be allocated for every transaction.

There are other benefits to th

Re:

[Cimexus]

Well I don't know "why", but many ISPs around here offer or are starting to offer IPv6. None are thinking about doing carrier-grade NAT (with the exception of some of the cheaper mobile phone networks, and frankly, I don't really have a problem with it for phones ... not like I'm running a server on my phone, plus you can usually pay a nominal sum for a 'real' IP if required).

People want real IPs and any decent ISP will offer them. Simpler to administer for them, and not really much of a cost - they just ma

Re:

[petermgreen]

Doesn't really make much difference.

Presumablly each customer will be allocated a v6 prefix just like they are allocated a v4 address now. Combine that with privicy extensions and it will be easy to track to a property but difficult to track beyond that.

Re:

[petermgreen]

In England, we are lucky, most geolocation services get the city info wrong,

AIUI the free geolocation services are basically built on freely available data while the pay services supplement that with data from their own research. If the ISPs don't make the data easilly available (I don't think there is any obligation on an ISP to post where in the country and allocation is being used) the free databases won't have it. If the ISPs put users from different places in one subnet then the pay databases won't have it either.

But when I wrote that post I wasn't thinking of publically avail

End to end

[tepples]

How should a machine on the public Internet connect to one of the millions of machines behind a single IP?

Re:

[isorox]

How should a machine on the public Internet connect to one of the millions of machines behind a single IP?

You and I like this facility. For everyone else "the cloud" works fine

Re:End to end

[Kjella]

Don't call us, we'll call you. I actually had an Internet connection like that years back, entire campus hidden behind a single IP and no incoming ports. It was rather crippled but as long as the other half of the connection had a normal connection I could always connect to their servers and up/download. On modern IM services it'll even negotiate so that other people can send you files because under the hood you connect out instead. Worst case if you're both stuck behind such solutions you can always pass files via some third party file host. It's not pretty but it's not useless either, I bet enough people just browse and check their mail to not even notice.

Re:

[unixisc]

Which is normally a bitch under IPv4, since the same Class C or Class A private addresses are used in the separate networks, and so connecting the 2 and resolving the differences b/w overlapping addresses would give one a migrane. With IPv6, one could either use dedicated routable addresses, or if one needs a VPN, one could use a site-unique address.

Re:

[petermgreen]

Not millions

With conventional NAT reserving a port on the public side for each connection I doubt you'd want to go more than about a hundred customers per IP (and even that may be pushing it if your customer base is high activity). Dedicated high ratio nats that resused the same source port for connections to different servers may let go up to say a thousand customers per IP but

Still even a 1:10 ratio would mean that most ISPs wouldn't have to worry about exhaustion on the consumer side for a long time and

Re:NAT

[jbolden]

ARIN has been pretty clear they don't want carrier grade NAT. The carriers don't want carrier grade NAT. You aren't going to be forced behind a NAT. You'll have a v6 address and pool for v4 outgoing once they roll out v6.

Re:

[loufoque]

65535. 0 is reserved.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Ultra64]

http://www.startnetworks.info/2011/08/ipv6-and-ipv4-headers.html [startnetworks.info]

"Due to all these reasons, IPv6 headers are more efficient and less CPU intense to Routers than IPv4 headers. "

Re:

[WaffleMonster]

we have zero reasons to use it.

This is a legitimate gripe for some VoIP and assorted realtime applications with very small per-packet payloads. When I looked into this I found about a 20% increase in channel capacity would be required per VoIP stream just by switching from IPv4 to IPv6.

This however is worse case. For most the packet overhead is a pointless rounding error for data transfers and most web traffic, streaming video..etc even being if being generous and assuming minimum 1280 MTU.

In all cases this overhead is absorbed quickly

Re:IPv6 isn't the solution

[Dagger2]

You've pretty much just described 6to4. We have it already.

Re:IPv6 isn't the solution

[Alomex]

6to4 is an extension which is optional as opposed to an intrinsic part of the protocol. This distinction is important.

Moreover the fact that 6to4 was developed at all, after IPv6 was proposed, proves my point and shows that my criticisms of IPv6 were/are shared by many.

Re:

[Alomex]

Again, 6to4 is a patch, not a properly designed transition interface. E.g. from wikipedia:

6to4 does not facilitate interoperation between IPv4-only hosts and IPv6-only hosts. 6to4 is simply a transparent mechanism used as a transport layer between IPv6 nodes.

Due to the high levels of misconfigured hosts and poor performance observed, an advisory about how 6to4 should be deployed was published in August 2011.

Moreover, 6to4 encapsulates IPv4 addresses in IPv6 2002: addresses, which is the reverse of what I'm suggesting.

I've been telling everyone since before the protocol was formalized that it would take a long time to be adopted the way it was designed. Then, just like now people gave silly arguments why I was wrong. Well here we are 16 or so years after I first raised these objections and IPv6 is still less than 1% of the

Re:

[unixisc]

I decided to punt on CCNA certification until they revolve around IPv6

Re:

[ledow]

I find that anyone that mixes NAT and IPv6 problems usually doesn't administer their own networks.

NAT saves a lot of administration for a small business or home network. You have ONE outside address, and all your Internet traffic goes through ONE machine. That ONE address is unmistakably external, can have several thousand services running over it, and can be your external address for everything all at once. As an admin, you only need to know that one address (or corresponding DNS alias), and you can be