How Ready Is IPv6 To Succeed IPv4? 595
New submitter unixisc writes: Over the last 2 years, June 6th had been observed as IPv6 day. The first time, IPv6 connections were turned on by participants just for a day, and last year, it was turned on for good. A year later, how successful is the global transition to IPv6? According to Cisco 6labs, adoption rates vary from 50% in Belgium to 6% in China, with the U.S. coming somewhere in the middle at 37%. A lot of issues around IPv6, such as the absence of NAT, have apparently been resolved (NAPT is now available and recognized by the IETF). So what are the remaining issues holding people up — be it ISPs, businesses, consumers or anybody else? When could we be near a year when we could turn off all IPv4 connectivity worldwide on an IPv6 only day and nobody would notice?
Absence?! (Score:5, Insightful)
Absence of NAT is a feature! If not THE feature of IPv6!
Re: (Score:2, Informative)
Absence of NAT is a feature! If not THE feature of IPv6!
NAT has many benefits besides reducing the number of IP addresses required. It has important security benefits in that it allows one to hide one's internal network structure from the outside world. Without NAT, attackers would know how many systems you have on your network as well as your router deployment. Potential attackers could benefit greatly from this information when planning and launching attacks.
Re:Absence?! (Score:5, Insightful)
NAT has no security benefits. NAT's sole purpose is address scarcity. Firewalls are for firewalling. NAT is for breaking the pre-IPv6 internet out of necessity.
My home subnet is 2610:1e8:800:101::/64. Go ahead and tell me how many machines are in there...
I'll wait.
Re:Absence?! (Score:4, Interesting)
Somewhere between 0 and approximately 18,446,744,073,709,551.
But, as always, the issue isn't hiding and hoping that no one finds you. The issue is how do you protect your systems and networks from people who (in the worst case scenario) already know what your IP address is?
With NAT they are attacking a single firewall.
With having all of your systems directly accessible to the Internet, the crackers can attack any and all of them.
Getting your IP address can be as simple as putting up a web server with some stupid content and having /. link to it.
Re:Absence?! (Score:5, Insightful)
Without NAT, you're still hitting the stateful firewall and default deny rule at the edge of my network... Most home routers should default to this sort of behaviour.
The difference is, I can open up as many ports as I need with no limitations. None of this crap with forwarding port 80 to one box and then... Oh, I need another web server... Hmm. 8080? Other random / arbitrarily selected ports? That sucks! It's broken.
The IPs I'm leaving in web server logs are also throw-away addresses - read up RFC-4961.
Re:Absence?! (Score:4, Informative)
Good news! NAT in v6 doesn't do any of that. NAT v6 is moreso about being able to renumber an arbitrary block of address space. So, for example, you can have a private network prefix in the ULA space (fd00::/8) and then map it into the global Unicast space (2000::/3) using one of your available prefixes. If you have to renumber for whatever reason, you can change the NAT and your internal network doesn't need to renumber. The only thing is that you have to sacrifice about 16 bits of address space on both ends for checksum fudging. But it's far better than v4 NAT and it doesn't break the net the same way.
Also a lot of people use "NAT" to mean "stateful firewall". I personally consider the distinction, from a security standpoint, to be pedantic - they both break the net from a purist perspective.
End to end connectivity? (Score:3)
When people talk about 'breaking end to end connectivity', what do they mean? Do they simply mean an uninterrupted path from the source address to the destination address, as specified in the IP header?
The way I understand it, end to end connectivity means that the packet should travel directly from the source address to the destination address without having its address headers altered. It is fine for it to travel through a gate, a firewall inspect whether its source address has a pass or not, and th
Re: (Score:3, Insightful)
You may be referencing the wrong RFC. That is more about port numbers than different IP addresses. The IP address of your machine should still be showing up in /.'s logs.
Either that breaks most of the functionality of IPv6 or it entails a lot more effort and
Re:Absence?! (Score:5, Informative)
Sorry, RFC-4941. Fat fingers. ...and I don't think we should design the internet with the most basic web surfing home user in mind. IPv6 will support everyones needs. IPv4 supports only the most trivial.
Re: (Score:2)
Let me quote part of that RFC for you.
Parsing that shouldn't be a problem for anyone with a CCNA or equivalent experience. But there are going to be problems when the average user is trying to set up his home router.
Re:Absence?! (Score:4, Informative)
With a current home router and IPv4 + "NAT" the average home user can handle everything they know about today. Without having to learn anything new.
Are there any home routers with IPv6 support that don't come default out of the box with functionally same security policy implemented as SPI?
Most of them run Linux and same connection tracking code that make IPv4 NAT work is available for IPv6.
Re: (Score:3)
With a current home router and IPv4 + "NAT" the average home user can handle everything they know about today. Without having to learn anything new.
That is disingenuous at best. The only reason IPv4+NAT works for home users is due to an incredible amount of fuckarounds like UPNP and magic in the establishment of peer-to-peer connections via a 3rd party, often implemented with questionable security practices
Developers do a LOT of work to make IPv4+NAT work for end users. You're just passing the load onto someone else.
Re:IPv6 shortcomings? (Score:5, Insightful)
It isn't (and never was) a question of capabilities. It is a question of cost. Most decision makers at every level from individuals on up to CEOs view IT (correctly BTW) as an expense, not a corporate treasure. The IP6v train left the station without the capabilities required to make eventual I{Pv4 replacement cheap and easy -- backward capability and NAT. Lots of people tried to point out that was a mistake. It was done anyway, and the same folks that didn't understand why it was a mistake still don't seem to understand why it was a mistake.
Compared to the average business or public organization, our home setup here is not very complex at all. But we still have about two dozen devices whose software would need to be upgraded in order to change from IPv4. to IPv6. And we'd probably have to buy some new kit because some of the routers and software probably have flawed IPv6 implementations -- if they have IPv6 at all. And, of course our ISP is IPv4. Assuming they can/will deign to talk to us using IPv6 it's a safe bet that "upgrading" would cost us more time and money.
And what do we get from all that? IFAICS all we get is the capability to expose all the digital devices in the house to external hackers. Why would we want to do that? Much less spend time and money to do that?
It'll most likely be a long, long time before IPv6 completely replaces IPv4.
Re: (Score:3)
- It's the firewall, not the address translation, that protects your devices, and those are there in both IPv4 and IPv6
- IPv6 too supports NAPT if required. Only difference - you won't need port translation, since the IPv6 NAPT is a 1:1 mapping b/w addresses, as opposed to the 1:n mapping in IPv4, which was what made using the ports necessary
Re: (Score:3)
Re: (Score:3)
Re:Absence?! (Score:4, Informative)
Re: (Score:3)
Somewhere between 0 and approximately 18,446,744,073,709,551.
But, as always, the issue isn't hiding and hoping that no one finds you. The issue is how do you protect your systems and networks from people who (in the worst case scenario) already know what your IP address is?
With NAT they are attacking a single firewall.
With having all of your systems directly accessible to the Internet, the crackers can attack any and all of them.
Getting your IP address can be as simple as putting up a web server with some stupid content and having /. link to it.
Yeah, so you think that you can't attack end hosts directly just because they're sitting behind a NAT?
It's perfectly possible to craft malicious packets and send them past the NAT to the desired end host. The NAT device will happily translate evil packets just as easily as the non-evil variants.
Do not mistake the protection that a stateful firewall provides as protection provided by NAT.
Re:Absence?! (Score:4, Interesting)
I keep hearing this argument against NAT but somehow everything right now is running fine. What exactly is broken?
Re:Absence?! (Score:5, Informative)
Right now - quite a bit - there are all sorts of mechanism that have to be worked around. Every spend any time troubleshooting SIP? Do you know why nobody does direct media?
Ever wonder why file transfers in instant messaging apps either work intermittently or perform slowly?
Ever see the layers of complexity we've built to do our best to work around such issues: STUN, UPNP, NAT-PT, ICE, ALGs... It's layers upon layers of cruft. ...and we haven't even gotten to the real horror of so called "carrier-grade" NAT yet... Eg) NAT behind NAT.
The prospects are awful.
The fact anything works at all is a testament to... something... ...but it is not a solid solution. It was a stop-gap measure that should have been discarded long away.
Re: (Score:2)
And yet I can watch kitty cats on YouTube®.
Re: Absence?! (Score:5, Insightful)
Yes, the WEB works GREAT... I also use THE REST OF THE INTERNET.
Re: Absence?! (Score:5, Insightful)
So you're cool with the Internet being forever limited to cat videos? The applications for the Internet were unforeseen. It changed the world in ways nobody could predict. IPv6 will pave the way for new applications in a way just as significant... But you can't see past today's furry thrills.
Re: Absence?! (Score:5, Insightful)
IPv6 requires you to:
- give all your devices new addresses (because these morons didn't expand the address space like any sane person would, they replaced the address space)
- configure all your network infrastructure to manage the new addresses
- maintain two sets of addresses for the forseeable future
IPv6 is broken because it is incompatible to IPv4.
Re: Absence?! (Score:5, Insightful)
IMHO, it's kind of the typical overreach common in IT where rather than evolving a protocol they mostly completely redesigned it, tossing out a lot of accumulated knowledge, adding a lot of complexity and lack of interoperability. A few propellerheads then stand around wondering why nobody's adopting it.
I think there is a good argument to be made that if network space exhaustion was the principal problem with IPv4, IPv4 should have just been extended with a couple more prefix octets. The entire existing IPv4 address space could have been just arbitrarily prepended 1.1. The stack would still have needed an overhaul to accommodate this, but less so than IPv6.
To be fair, IPv6 fixes a lot of deeper issues with IPv4, but I think it's debatable whether those problems were worse or more pressing than IPv4 exhaustion.
Re: (Score:3)
I think there is a good argument to be made that if network space exhaustion was the principal problem with IPv4, IPv4 should have just been extended with a couple more prefix octets. The entire existing IPv4 address space could have been just arbitrarily prepended 1.1. The stack would still have needed an overhaul to accommodate this, but less so than IPv6.
To be fair, IPv6 fixes a lot of deeper issues with IPv4, but I think it's debatable whether those problems were worse or more pressing than IPv4 exhaustion.
Uh no. The moment you added even 1 bit to the address, every piece of equipment that has the IPv4 protocol in firmware - a lot of it hard coded - would have needed to be overhauled to support that. Since the IETF saw that there was gonna be an industry-wide overhaul in any case, it did this complete overhaul, tossing in everything learnt in the years of IPv4, so that another IP transition won't be likely in the next 50 years, if ever.
The IPv4 exhaustion was clearly more pressing, since it was probably
Re: (Score:3)
No. For the 10th time: NO.
You could have upgraded piece by piece and
Re: (Score:3)
1: Yes, but once is one time too often.
How did you ever get the time or patience to configure IPv4?
That's a fair question and I give you a fair answer: By adding one piece at a time. Not by throwing out everything and starting from scratch.
2: If IPv6 were backwards-compatible, we wouldn't. We could go from IPv4 to IPv6 just like going from CDs to DVDs to BluRay. But it isn't and therefore we won't ever replace that structure.
Like I said elsewhere, they are parallel tracks, not assets. If your new Windows 10 computer doesn't run your old Windows XP software, backwards compatibility is a problem. If you need to connect to someone using Skype or FaceTime, whether you do it via IPv4 or IPv6 is irrelevant, since it's transparent to you. However, it is very relevant to network engineers who have to live with problems around NAT, security, inadequate #addresses and so on.
Yeah and so? Fact is that IPv4 is neccessary to use the Internet in a meaningful way. Fact is also that IPv6 does not give you any added value. All the added value is only available after that "everybody switches" and we can phase out IPv4, which will never happen. Nobody said that IPv4 was perfect or even good. But it works and IPv6 does not. (When I can only reac
Re: (Score:3)
Because that is where millions of man-hours are invested: In the configuration of the network.
Re: Absence?! (Score:5, Insightful)
Re: Absence?! (Score:5, Informative)
What a brilliant argument. "This works well for the easiest, most common case, so obviously it's awesome and there are no problems." I hope you're not working on anything important.
NAT constrains the web in ways that aren't immediately obvious. Applications haven't been built, ideas haven't been implemented, because of the way it chokes the client endpoints of the Internet.
Why did it take so long for us to have Skype-like services? Because, despite the best efforts of the best network engineers, we can't get two home computers behind NATs to reliably talk to each other. Skype can't always do it with its shitty proprietary protocol, either, but, when it fails, the Skype client falls back to routing the traffic through Skype's own servers. This doubles the traffic necessary for communication, so it's shitty, and it also means Skype has to have hugely deep pockets to pay for and run this otherwise completely unnecessary server infrastructure.
So, instead of peer-to-peer VoIP communication, which would make sense, we have to have a huge company proxying traffic for everyone because we can't make two endpoints talk to each other. This is hugely wasteful, a single point of failure, a single point for mass surveillance, and a single point for corporate asshattery. And this is just one example of the type of wart we have because of widespread NAT.
Do your hypothetical true Scotsmen like to use Skype in addition to watching cat videos? Then they're negatively affected by NAT. They probably don't realize it, but they are.
The sooner NAT dies, the better for everyone.
Re:Absence?! (Score:4, Insightful)
Re: (Score:3)
Re: (Score:2)
NAT was a direct response to address constraints. If it wasn't broken CGN would be the way forward.
Re: (Score:2)
In other words, 99% of the population of any country.
Re: (Score:3)
Yes. Comcast comes with IPv6 on by default, as do other ISPs.
1 in 5 homes in the US has IPv6 enabled today. See the IPv6 presentations at NANOG [youtube.com] from a couple of days ago.
IPv6 is already here. It is measurably faster. It is easier to configure and manage. The cellular carriers are going IPv6 only. If you are using a modern Android or Windows phone you are talking IPv6 only from the phone. Facebook is IPv6 only. Microsoft are going IPv6 only. Google is going IPv6 only. Lots of data centres are going
Re: (Score:3, Informative)
Just because that is repeated ad-nauseam doesn't make it true.
Of course NAT has security benefits: It acts basically as a "one-way" firewall, which is exactly what most people that don't run a server at home need.
Of course you could configure a IPv6-firewall the same way, but that would take several days and who has time for that?
Re: (Score:3)
- Check whether all my hardware is compatible to it, down to the Rasberry Pi that I'm using
- Replace all the hardware that is not compatible
- Invent and remember new addresses for all fixed-IP devices that I use on my internal network
- Make sure IPv4 still works
- Test it all
"several days" is pretty optimistic. IPv6 would probably take several weeks for me.
Also "make sure IPv4 still works" is not so easy as it sounds. For example Google failed to do that several years ago
Re: (Score:3)
Re:Absence?! (Score:5, Insightful)
That's not a security benefit of NAT, that's a quirky side effect that would be better replaced with a proper stateful firewall.
Re:Absence?! (Score:5, Informative)
No, it's not a security benefit. It was not designed as such and it shows.
If it was, it wouldn't allow holes to be arbitrarily punched through by NAT-PMP, UPNP and other traversal mechanisms.
If you're relying on NAT for security, you're doing it wrong.
Re:Absence?! (Score:4, Insightful)
Re: (Score:2)
Incorrect. NAT does have a security benefit. Unless ports are opened, there is no direct inbound access into the backend subnet. Yes, firewalls exist and can protect IPv6, but having a NAT simplifies security for most home users.
No, what you need isn't NAT, its a PROPER FIREWALL.
Re: (Score:2, Insightful)
Security is a process. If that process is made easier for some users by using NAT, then it's a benefit. Home users can't manage firewalls effectively. NAT is a good method (even if flawed) to protect some classes of users. Is it perfect? No. But that's why you also have other protections at other layers (host-based firewall, virus scanners, etc.)
Re:Absence?! (Score:5, Informative)
Security is a process. If that process is made easier for some users by using NAT, then it's a benefit. Home users can't manage firewalls effectively. NAT is a good method (even if flawed) to protect some classes of users. Is it perfect? No. But that's why you also have other protections at other layers (host-based firewall, virus scanners, etc.)
NAT is less secure than SPI due to existence of packet mangling ALG codes and gnarly assumptions made by application gateways attempting to deconflict sessions where ambiguities exist.
No more difficult for the end user if SPI is deployed instead of NAT.
Re:Absence?! (Score:4, Insightful)
NAT has nothing to do with security. What people confuse as security is the fact that NAT is always implemented in the form of NAT+filter, never as just NAT alone. So they think the security comes from the NAT part when in reality, it's the filter part that does the job of keeping the network secure. You can remove NAT and keep the filter and have exactly the same security with IPv6.
If there was such a thing as NAT _without_ a filter, your ISP could simply set a route to your private address space via your external router - since he's the next hop - and access your internal network freely.
If you think NAT has anything to do with security you're just an amateur who knows nothing other than his plastic blackbox "consumer" router, and draw conclusions from what he sees in the user interface of that thing.
Re: (Score:3)
Heck, the normal person would even fail to access a IPv6-website via browser!
Why? Because the braindead IPv6 standard uses semicolons in addresses which are used for ports in http.
So you have to use square-brackets for the address, because the morons how designed IPv6 forgot about the most important protocol out there. How stupid must one be to make that mistake?
And these breaks of compatibility are exactly the reason why IPv6 will never succeed.
Re: (Score:3)
Actually, the only reason http has become as "important" as it has, is because of the widespread adoption of NAT.
Without NAT and the IPv4 shortage, chances are quite a few more services would've caught on.
Re:Absence?! (Score:5, Insightful)
Incorrect. NAT does have a security benefit. Unless ports are opened, there is no direct inbound access into the backend subnet.
Incorrect. Many implementations of NAT have been known to allow an outside user to cause a port to get indirectly forwarded. NAT offers no additional security while increase the surface area that needs to be secured, in addition breaks the normal OSI model by cause leaky layers, making for more complicated interactions that make configuration and debugging harder.
If you don't think this true, you should not be giving out advice about network security.
Re:Absence?! (Score:4, Informative)
Re: (Score:2)
IPv6 uses HEX: 2A
Re: (Score:3, Informative)
Keep waiting.
IP4 is enough for all homes, period. Even if ISPs and internet goes full IP6 to your home modem, there is not need, to do it in the home. Your router will just filter one to the other. Even if it is just sticking an IP6-prefix on the existing 4bytes of IP4.
Problem is that it would be a mess to have IPv6 outdoors and IPv4 indoors. If you have a protocol in one place, have the same protocol in another place to keep it simple. As for sticking an IPv6 prefix to an IPv4 address, it's been tried before - first w/ IPv4 mapped IPv6 - quickly deprecated, then w/ IPv4 compatible IPv6 - hardly used - and then various transition mechanisms, like Teredo, 6rd and so on.
IP4 is also easier to understand after more than 30 years in common use. Lets make every one change how to dial a phone! Yeah, we all can dial circuit numbers. Write a date and time. Every can use ISO8601. Change tool guage. Metric right? Oh yeah, US has been metric for over 100yrs - they took the long view and redefined SAE in metric measures.
Easier to use, but precariously inadequate to support the needs of the internet. It's now come to
Re: (Score:3)
IPv4 at its maximum would be 4 billion addresses - that's it!!! That is just marginally more than the world's population.
The world's population is currently more than 7 billion. [google.com] The population hasn't been able to fit into 32 bits since about 1978. (Amusingly, that's about when IPv4 was developed.)
Re: (Score:3)
Who cares about that?
Currently, the web has stagnated at around 1 billion hostnames (since about a year), but at less than 200,000 active sites (since about 4 years).
All these parked domains and even most active sites share their address with other domains and according to netcraft there are only about 5 to 6 million computers which server all these domains.
Sorry for all IPv6-adhe
IPv6 prefix lengths (Score:3)
The IP for every lightbulb is one of the luxuries that came about b'cos of the boundary at which the Global Prefix and the Interface ID were split - a wrong choice IMO.
Let's take a subnet. What's the maximum number of hosts any subnet is likely to have? Imagine a rock concert that sells 100s of tickets, and everybody in the stadium has their phone accessing the internet while it's on, and a worst case - only 1 hotspot for them all. What is the maximum number of hosts it might service? Whatever it is,
Re: (Score:3)
Websites can guess how many systems you have based on the unique browser fingerprint irrespective of nat. /64 subnet containing billions of possible addresses, so the ip address will be useless for guessing how many systems you have.
With ipv6 and temporary addresses (Which are enabled by default on many systems) your clients will use random ipv6 addresses within your
Re: (Score:3)
Absence of NAT is a feature! If not THE feature of IPv6!
NAT has many benefits besides reducing the number of IP addresses required. It has important security benefits in that it allows one to hide one's internal network structure from the outside world. Without NAT, attackers would know how many systems you have on your network as well as your router deployment. Potential attackers could benefit greatly from this information when planning and launching attacks.
Routing and firewalling are the appropriate methods of hiding ones internal network structure, not NAT.
If you use NAT for this then you are doing it wrong.
Re:Absence?! (Score:4, Insightful)
Re: (Score:3)
Absence of NAT is a feature! If not THE feature of IPv6!
NAT has many benefits besides reducing the number of IP addresses required. It has important security benefits in that it allows one to hide one's internal network structure from the outside world. Without NAT, attackers would know how many systems you have on your network as well as your router deployment. Potential attackers could benefit greatly from this information when planning and launching attacks.
Submitter here!
The 'NAT' that IPv6 has is NAPT. It has the benefits you describe, but it is a 1:1 relationship b/w the public addresses and the private ones. So it does nothing in the department of reducing the number of required public addresses. Not that it would be required - no subnet would ever come even close to consuming 2^64 addresses. (And no, it's not the same as 640k being enough for everyone!)
Re: (Score:3)
The argument doesn't scale for a simple reason - the magnitude of the numbers involved. Talking about 18,446,744,073,709,551? That's about the number of grains of sand on this planet, let alone people. It will simply be impossible for the earth to have that many people - by then, we'd have either colonized Jupiter & Saturn, or died out.
30-40 years from now, the world's population may be something like 20 billion. Or maybe 30? But it certainly won't be even 700 billion, much less 18,446,744 bi
Re: (Score:3)
Absence of NAT is a feature! If not THE feature of IPv6!
NAPT does have one more advantage - load balancing. Your internal network is numbered w/ ULAs - fd00:/8, and those get mapped to the different subnets you get from different providers.
Re: Absence?! (Score:3)
True, but I hope to see a proper multihoming standard. Prefix translation is ugly.
Re: (Score:3)
Absence of NAT is a feature! If not THE feature of IPv6!
PFFFFFT! Absence of NAT was INTENDED as a feature, but that has a huge list of unwanted side-effects. Not everybody wants (and for some extremely good damned reasons) all the machines in their internal network being resolved by, say, Google. Just for one of the MINOR examples.
NAPT is a welcome addition, and IPV6 probably won't be very popular until that makes it into commonly-used router firmware.
what about IP Nightly? (Score:3)
seriously, as long as it goes end to end, and I don't have to set it up, I don't care which method goes.
Gradual transition from left to right (Score:2)
It is rumoured that when an African country changed the road rules from driving on the left to driving on the right, the Minister for Transport was asked when this change was going to take place, he replied "Gradually"
Now with IPv6 being around (I believe that Facebook has gone completely IPv6 internally) why are we still on IPv4? Because we can get everything on the Internet by staying on IPv4.
If that wasn't the case, people would demand IPv6 and countries would transition virtually overnight.
Re: (Score:2)
What's racist about a story about changing driving rules in an African country? Did the poster say what country it was, or what the ethnicity of the Minister of Transportation was. Or are you making the assumption everyone in Africa is black?
Who's racist now?
ISP Availability (Score:2)
Re: (Score:2)
My source of sadness for years. I whine about this regularly. I know of no Canadian ISP doing proper native IPv6... Instead I have to rely on tunnels.
I was chatting with TekSavvy but they only provide a single /64 - I would like more than one subnet.
They're also only doing it no their DSL services which are substantially slower than I can get from Shaw.
It seems my only option is to hurry up and wait longer.
Re: (Score:2)
I'm on teksavvy as well, but on cable. So no IPv6 for me, people keep saying that rogers is working on it, my guess? Sometime around 2020 rogers will have rolled out IPv6 for general use, even though my 3 year old modem supports it.
Re: (Score:2)
I'm actually at the point where I sadly suspect I'll see IPv6 over LTE on my mobile devices before I see it at home via my ISP.
When will IPv4 go *silent*? (Score:2)
Never. IPv6 would have to be demonstrably better *everywhere*, even in un-upgradable legacy embedded systems. (Even now, there are plenty of places where horses and donkeys are used because cars can't go or are impractical.)
Even the answer to the question when will IPv4 become obsolete? is "A long, *long* time from now" because it's simple, Just Works, and is pervasive.
(If there was no NAT or unroutable IP ranges like 10/8 then IPv6 uptake would have happened a lot sooner.)
Re: (Score:3)
You do realise that this is complete garbage. The reason that we need IPv6 is that IPv4 was never designed to scale to every household in the world. 4 billion addresses was never enough for that. We have extended IPv4 by about 2 decades through the use of address sharing but the amount of sharing is now going from 1 addresses per household to less than 1 address per household and the tricks that allow address sharing at the household level without to much administrative pain don't work between household
Re: (Score:3)
What's so tricky about The very large company that I work for ... has a *huge* 10/8 network?
SMTP (Score:2)
I don't think I will live long enough (I'm 55) to see this happen. SMTP is poorly designed from a modern security standpoint with spammers running amok for years now without a decent solution in sight. Can't get rid of it because so many use it. IPV4 replacement will be much harder.
Re: (Score:3)
Re: (Score:2)
meanwhile, Millennials shun email because "it's for old people".
I sorta see email dying out (not completely, but like USENET) and being gradually replaced with secure webmail and IM islands, like what healthcarw providers and some banks do to communicate with their customers. All it needs is some kind of API access through an auth broker...
Backwards Compatability (Score:2, Funny)
Remember when Intel pushed IA64 for years and years with little success? Then AMD rolled out x86_64 and it spread like wildfire. Intel has been making "AMD clones" ever since.
You know how many parts of the world have skipped deploying millions of miles of phone wire and jumped straight to cell towers?
You know how everyone said they couldn't switch to Linux because they were familiar with Windows? Then MS rolled out a new Windows with a drastically different UX, and everyone jumped on it? Or how OpenOffice i
Re: (Score:2)
Re: (Score:3)
Point is not compatibility - it's inter-operability - and IPv6 and IPv4 are very much inter-operable, given all the transition mechanisms that exist to support one over the other. Be it tunneling, dual stack, DS-lite, Teredo or whatever. With IP, what matters is that a packet from point A in the world gets to point B. How it gets there is immaterial
The analogy you use above misses the point that packets are agnostic about how they are transported. That's not the case w/ software, which is why Itanic b
I'm a big support of IPv6 but... (Score:2)
Comcast and CenturyLink are the only two viable players in my area and neither provide native IPv6 addressing (even though I've requested it from my current provider comcast many times). So I'm still forced to use the he.net tunnel that I setup 15 years ago or so when they first started offering them (after 6bone closed up shop because testing was through), and even with this, I'm forced to disable auto provisioning of IPv6 addresses because various problems with access to IPv6 web pages / services, etc.. W
Re: (Score:2)
Comcast and CenturyLink are the only two viable players in my area
Yeah, it's your area, not mine. I totally bitch about Comcast on the tv side, but the internet side is pretty kicking:
% ping6 google.com
PING6(56=40+8+8 bytes) 2601:982:zzzz:xxxx::yyy --> 2607:f8b0:4004:80d::200e
16 bytes from 2607:f8b0:4004:80d::200e, icmp_seq=0 hlim=53 time=295.256 ms
16 bytes from 2607:f8b0:4004:80d::200e, icmp_seq=1 hlim=53 time=32.454 ms
16 bytes from 2607:f8b0:4004:80d::200e, icmp_seq=2 hlim=53 time=35.679 ms
16 bytes from 2607:f8b0:4004:80d::200e, icmp_seq=3 hlim=53 time=28.495 ms
16 b
Consumer ISPs are the bottleneck (Score:2)
As long as consumer ISPs aren't enabling IPv6, it's a catch-22-22: services won't switch until there's demand for it, consumers can't demand it because it doesn't work for them, and ISPs won't spend the money to get it working because there's no services that require IPv6 that consumers are threatening to quit over.
Windows 7 and up, Mac and Linux are all ready today. Most consumer routers are ready (seeing as how they're mostly based on DD-WRT) and just need a checkbox checked, same for most of the WiFi rou
Why Change? (Score:2)
I have Gig Fiber coming into my research lab with a /24 subnet of IPv4. We assigned about 100 IP's right off the bat (mostly tunnels to other labs and remote access for outside researchers), we added another 12 or so this last year for new people/projects. So with 140 (give or take) IPv4 IP's left, why would I bother changing to IPv6.
IPv6 adds NO additional useful features to our network, none. Yet would add some expense in switching over (our firewalls are PFSense, so they're ready for IPv6 if there's ev
Rebranding (Score:2)
IPv6 is two better than IPv4, but I'm still holding out for IPvX.
Smart phone is IPv6 (Score:2)
IPv6 (Score:4, Interesting)
Charter not in that much of a hurry (Score:2)
Charter.com is my IP and IPv6 is only mentioned to say it's not enabled..The decoder boxes (what their cat 5 plugs into) if you access them IPv6 isn't even an option. It would require a major undertaking to change out all of the boxes, they just aren't IPv6 ready. The boxes are programmable to a point through support services, but I wouldn't think IPv6 an easy update, or even possible due to the limited storage space available.
Re: (Score:2)
No one is IPv6 ready. Out of hte last 10 companies I dealt with professionally, only one had an IPv6 for anything, and it was only for AWS hosted load balancers.
IPv6 has been working fine, no issues (Score:5, Insightful)
The official "switch-on for good" of IPv6 a year ago was entirely seemless in my experience. There wasn't anything to fix, as nothing was broken, and IPv6 autoconfiguration handles everything so there isn't even any setup involved, it just works. This simplicity will be a boon for non-technical users once the IPv6 rollouts gain steam.
Unfortunately the ISPs are still dragging their feet and so public rollout is slow, but it's an always upward trend, and the adoption curve is close to exponential so IPv6 will be ubiquitous before long. So many ISPs are currently planning their rollouts that there's going to be a sudden upsurge when they finally appear.
People shouldn't talk about switchover to IPv6 though, that's not how it works. IPv4 and IPv6 networks run together side by side, and you use both together. Your application (eg. browser) generally picks IPv6 if your destination is accessible on that network, or else it falls back to IPv4. This is all automatic of course. It's better described as a switch on of IPv6 by your ISP followed by your gradual increasing use, not a switchover. There is no plan to switch off IPv4. The last remnants of IPv4-only equipment could still be around and operational for decades ahead.
IPv6 works so well that I recommend everyone to get on it as soon as they can. You'll be able to see 100% of the Internet, whereas if you don't have IPv6 then you're only seeing a part of it. IPv4 is by far the larger part for now of course, but it's not all of it, and the parts you can't reach are growing daily.
Happy First Anniversary of the official turn-on, IPv6! :-)
How ready? (Score:3)
How ready is Perl 6 to succeed Perl 5?
I was just trying to be facetious with that comment, but then I thought of asking "How ready is C++ to succeed C?" or other silly things. As someone who programs in C++, I see little reason to use pure C, yet people do. When using Python, I use Python 3 and see little reason to use python 2.7, yet people do. People just don't like change, and they often won't do it unless absolutely forced to. Others here have already made this point, but the whole world isn't going to switch to pure IPv6 without some incentive, to practically force them to do it, it seems.
Recap: It's not a question of how ready IPv6 is to succeed IPv4, it's a question of how ready people are to adopt IPv6, at the ISP and consumer level. Services will follow when there's a demand, as someone else also noted.
Why IPv6 is broken (Score:5, Insightful)
To illustrate, let's look at phone numbers.
Imagine a phone company with 6 digit numbers which wants to give users world-accessible phone-numbers. What did the phone companies do? Easy: Just add prefixes to the numbers and everybody is happy. The old numbers stay valid, you can still connect within the old network(s), nobody has to remember new numbers.
But what if phone-numbers would have been expanded the "IPv6-way"?
Then you would have your old number and would receive a completely different new number, which would also be in an incompatible format (maybe letters instead of digits). Then you would have to update all your phone numbers everywhere, to "switch over". of course such a scheme would fail instantly and that's why IPv6 continues to fail.
The IPv6 adherents just don't get it. If the IPv6-designers were smart enough to just extend the IPv4-address space we would all be running IPv6 already, because it would require no reconfiguration of routers, no reconfiguration of DNS names, no reconfiguration of anything.
But these morons thought that a billion people will just change all their addresses just because they tell them. Well, it doesn't work that way.
Re: (Score:3)
IP6 was in many ways designed to solve problems in IP4- not just address space issues. Thus a break. Because you had to break IP4 to fix it. At this point IP4 is a patched frankenstein protocol with lots of holes, bad implementations, and quasi adherence to RFCs.
Extending IP4 address space would not solve the problems. A new model is needed.
Wrong.
An extended IP4 address space (in the same format) would solve most problems:
- You could upgrade to IPv6 without changing your IPv4 addresses
- You could do it without changing configuration
- You would not have to maintain parallel-configuration
- You continue to use all that software that expects IPv4 addresses, for example "wget $IP_ADDRESS" will fail for IPv6 addresses, because you need square-brackets.
And you could also have your "new model". The "new model" is not the problem. Address-inco
Re: (Score:3)
I tested a few things with wget and it really illustrates my point:
wget $ADDRESS will work for domain names and IPv4 addresses, but fail for IPv6 addresses
wget [$ADDRESS] will work for IPv6 addresses but fail for everything else.
So for that line of code you will have to create some function that first has to check against IPv6 addresses.
Of course it's trivial to fix a one-line shell script, but these things are buried in huge codebases that need to be adapted. To fix such a problem can ta
Re: (Score:3)
Re: (Score:3)
Okay, here's the critically important thing: these are no different to each other!
Remember, at the IP level, there's no such thing as "connections". There's no state. It's all just packets being sent from a source address to a dest address. So we could put v4 into a v6 prefix, and v6 hosts would be able to send packets to existing v4 hosts -- this w
Comment removed (Score:4, Informative)
Re: (Score:2)
Actually IPv4 is more CPU intensive due to where the checksum was implemented. IPv6's issue with hardware is more about memory.
The problem is older routers have ASICs hard coded for IPv4. They can't 'route' IPv6 in hardware like they can with IPv4 so they use their CPU to forward IPv6 which is much slower.
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
You have always been able to hide as many devices as you like behind NAT or similar, whether IPv4 or IPv6. Thus it's impossible to enforce and if you do, it will just encourage NAT propagation for IPv6 as heavily as it was for IPv4.
Some blinkered people still suggest that IPv6 transition requires you to immediately renumber every machine and device you have with its own globally-routable address immediately and fail to see that what will actually happen is that people will replace their gateway with a dual