Vint Cert Warns IPv4 Users: 'Time To Get With the Program'

An anonymous reader quotes ZDNet: Vint Cerf notes that the world ran out of IPv4 address space around 2011, some 13 years after internet engineers started sketching out IPv6, under the belief back then that IPv4 addresses would run out imminently. Since 'World IPv6 Launch' on June 6, 2012, significant progress has been made. Back then just one percent of users accessed Google services over IPv6. Now roughly a quarter of users access Google over IPv6. But Cerf noted that "it's certainly been a long time since the standards were put in place, and it's time to get with the program"...

The Internet Society's snapshot of IPv6 in 2018 notes that Google reports that 49 countries deliver more than five percent of traffic over IPv6. There are also 24 countries where IPv6 traffic is greater than 15 percent, including the US, Canada, Brazil, Finland, India, and Belgium. Additionally, 17 percent of the top million Alexa sites work with IPv6, while 28 percent of the top 1,000 Alexa sites do. Enterprise operations are IPv6's "elephant in the room", according to the Internet Society. Around 25 percent of all internet-connected networks advertise IPv6 connectivity, and the Internet Society suspects that most of the networks that don't are enterprise networks.

Verizon Fios doesn't support IPv6

[ebrandsberg]

it is 2018, and as of today, Verizon FIOS still doesn't support it. Why? Who knows.

Re:

[Z00L00K]

Neither do Telenor [telenor.se], and maybe it's time to spam the support of the various ISPs with request for IPv6.

Re:

[Bert64]

What's needed is for large companies like google and facebook to offer benefits to ipv6 users, such as early access to new beta features etc, and then promote this... Currently very few users are demanding ipv6, so most isps can get away with not offering it. If large numbers of users start asking for ipv6 and switching to providers which already offer it, then providers will very quickly start implementing it.

Microsoft actually state that the xbox one will work better with ipv6, so that's at least a start

Re:Verizon Fios doesn't support IPv6

[arglebargle_xiv]

This is half the reason why it's now the twenty-year anniversary of IPv6 failing to launch. IPv6 has now been around for longer than IPv4 (counted as the time between RFC 791 and RFC 188x) and it's still perpetually "the other protocol", the novelty thing that you use from time to time for a lark until you go back to the one that works. It's the Duke Nukem Whenever of network protocols.

The other half is that we've been told the IPv4 sky is falling so many times now that the response to any new claims are "oh god, is it that time of the year again?". For the vast majority of users, there's simply no incentive to switch, no matter how many times someone tries to scare them into it.

Re:

[Z00L00K]

So if Steam suddenly says that in order to play this game in 4K you need IPv6 then people would really take note and ask their ISPs for it.

Re:

[Bert64]

What the customer may notice is that performance increases or some things such as video, voice conferencing and real-time games now work better than they once did yet they are unlikely to know why. Millions of users have been transitioned to IPv6 automatically without having or needing to care.

Well that's the problem, users aren't aware of the advantages of ipv6 and aren't demanding it from their providers.
If there are user-visible reasons for using ipv6, then users will start demanding it and providers will have to offer it.

Google for example often run beta features for a limited audience, if they were to make these beta features ipv6 only to start with then word would soon spread and people would start demanding ipv6 or recommending providers that already offer it.

Re:

[Ingenium13]

Yup, it's really obnoxious. They've been saying they're getting ready to deploy it for years now... Verizon Wireless uses IPv6, though I know they don't really share any infrastructure. I guess they figure that they have enough IPv4 addresses to handle all their customers and potential customers for the foreseeable future...

Re:

[Bert64]

If you've never had a problem with ipv4, then your use of the internet must be pretty limited...

Getting new ipv4 addresses to host anything is now much more expensive.
NAT breaks many things, so now instead of being able to connect back to your machines at home you have to rent a server somewhere and open a tunnel from your home network to the hosted server.
p2p file transfers and p2p communication (eg gaming) are broken by nat, you have to involve an intermediate host - either a server you rent for yourself,

Re:Verizon Fios doesn't support IPv6

[Anonymous Coward]

Nothing important uses only IPv6.

Re:

[locofungus]

With privacy addressing, which almost everything IPv6 uses, it's hard to probe for devices.

It's not something to rely on, and 1x1 pixel images will be used to get the victims IP from phishing emails, but even if IPv6 routers do allow inbound connections by default (mine doesn't) it won't be an instant disaster ( NAT can be bridged if you can get the victim to start the connection)

Re:

[93 Escort Wagon]

With privacy addressing, which almost everything IPv6 uses, it's hard to probe for devices.

While this is true, I think that privacy addressing is, in some ways, oversold - when it comes to generally tracking people around the internet, for instance. Take Comcast's IPv6 deployment, for example. We have a /64 at home which hasn't changed in well over a year. That's been great for work-related stuff; but anyone interested in our household's web browsing history would also find our data to be pretty easy pickings - they just wouldn't know if it was my wife, my daughter, or myself that hit a particula

Re:

[locofungus]

I have a static IPv4 address anyway. Previously, although it wasn't static, I kept it unless I disconnected for at least an hour - so effectively it was static.

But this is orthogonal to NAT as a firewall. ISPs could offer changing prefixes the same way they offer changing IPv4 IPs and some may do that so as to have 'static' addresses for premium business services.

Re:

[tlhIngan]

With privacy addressing, which almost everything IPv6 uses, it's hard to probe for devices.

It's not something to rely on, and 1x1 pixel images will be used to get the victims IP from phishing emails, but even if IPv6 routers do allow inbound connections by default (mine doesn't) it won't be an instant disaster ( NAT can be bridged if you can get the victim to start the connection)

Who cares about probing for devices - with IPv6, it means every device is now trackable all over web. Without cookies, super cook

Re:

[locofungus]

It would be better if you hadn't quoted the first line of my post before writing your ill-informed rant.

Re:

[Bert64]

You misunderstand how privacy addressing works...
Periodically your system makes outbound connections from a different address, so a single user might use hundreds of different addresses within a /64, and once the address has been rotated there is no way to tell what address that device has now.
You'd only be able to track to the prefix, which is no different than ipv4 when you track to the nat gateway.

The RIAA and copyright cops HATE ipv6, they love NAT because it breaks p2p protocols. A centralised service

Re:Verizon Fios doesn't support IPv6

[sjames]

In many cases, the ISP supplies the router as well as the modem.

I have IPv6 on my Comcast service and have no issues like that. If Comcast can get it right, anyone can.

Further, since the cable modems are point to point with the head end, the ISP certainly can and should be droping the non-routing addresses that are used by Bonjour and similar discovery protocols. No need to do anything draconian, just do as the spec says to do.

Re:

[WoodstockJeff]

I can get IPv6 at home if I have a non-business account. I can't order it for my Comcast Business fiber at the office, or for my Comcast Business account at the house, because Comcast doesn't "do" IPv6 for BUSINESS accounts yet.

Difference between "business" and "residential"? Primarily fixed IPs. My Comcast drop here at the house is fixed IP, my neighbors are dynamic, changing regularly. But they can have dynamic, changing regularly IPv6.

Re:

[Cyberax]

Talk to Comcast representative again. They do business IPv6 just fine. They also do it the right way, by prefix-delegating you a /48 network.

Re:

[sjames]

You haven't a clue. For the end user it will be exactly as easy as slapping a NAT router between their LAN and modem, only it will also include the simple IPv6 firewall rules that provide the equivalent protection for IPv6. Many common consumer devices do that right now. They're just waiting for ISPs to support v6

On the server side of the fence, many would dearly love to have v6 capability widespread enough that they could run v6 only servers and not have to fill out justifications that require a crystal b

Re:

[Junta]

It *could* be as easy as slapping a router in the middle.

The problem is the failure mode of the vendor getting NAT wrong versus getting a firewall mechanism wrong. If the vednors botches the NAT, they can't get through their test and can't ship.

If the firewall rules are incorrect or inadequately implemented, well the routing still works so they probably ship it anyway.

Even if they can work, it's *much* easier for applications to say "open up your firewall" versus "make your computer have a routable IPv4 ad

Re:

[sjames]

Applications can already arrange for a v4 port to be forwarded using upnp.

Re:

[Bert64]

The average user has no clue how to firewall anything anyway, and many ipv4 nat routers provide mechanisms for internal devices to arbitrarily open ports... Just look at the prevalence of security cameras and other iot devices on the internet with default passwords.
If anything, ipv6 will help in this regard because it will make it far more difficult to locate these devices. Scanning the entire ipv4 internet is easy and fast, scanning even a single /64 of ipv6 space will take years.

Consumer level routers do

Re:

[omnichad]

They have 6rd, but not native.

Re:

[Unbeliever]

I'm on Spectrum (née Charter) and am on native IPV6. (Pasadena area) They've actually had it for a while, but I didn't get it until I recently bought a new Cable Modem.

fear, lack of training, lack of compatability

[Anonymous Coward]

The few managers and consultants I've talked to dislike ipv6 because

They do not want to type long ipv6 addresses. (their or their client's DNS is probably not setup well)

They fear incompatibility. (mostly I heard Exchange Server, which might still need netbios names (I'm not talking wins), even thought microsoft said with Active Directory you don't need netbios resolution, but you do...

Perhaps microsoft should have an end netbios campaign, like they did with ie6.)

Re:fear, lack of training, lack of compatability

[presidenteloco]

Obviously we have to move to the larger address space, but IPv6 was invented by those most dangerous of engineers, those who think they're f'ing clever because they can make something complex and have lots of options.

When making the most core standard imaginable, that's like, the stupidest thing you could possibly do.

Many original core internet standards were widely adopted because they were simple for people to understand and program to.
204.92.16.108 etc is an example of this.

So in short, the IPv6 transition was made way more messy that it should have been, because of fundamentally incompetent design of the new standard.
Multiple ways of expressing addresses? Lots of special little address spaces reserved for this and that thing of the present day? Both of those are complete counterproductive bullshit. For example.

Re:

[fahrbot-bot]

So in short, the IPv6 transition was made way more messy that it should have been, because of fundamentally incompetent design of the new standard. Multiple ways of expressing addresses? Lots of special little address spaces reserved for this and that thing of the present day? Both of those are complete counterproductive bullshit.

It seems that the IPv6 designers used the kitchen sink approach and tried to solve multiple (actual, potential, and far-future) problems at the same time rather than the single, simpler problem of the IPv4 address-space exhaustion and that approach made IPv6 a complex mess that's difficult to easily understand. If they had done something simpler, everyone would have switched over by now. IPv6 is another case of smart people doing dumb things - specifically, not thinking things through enough by thinking t

Re:

[WaffleMonster]

It seems that the IPv6 designers used the kitchen sink approach and tried to solve multiple (actual, potential, and far-future) problems at the same time rather than the single, simpler problem of the IPv4 address-space exhaustion and that approach made IPv6 a complex mess that's difficult to easily understand. If they had done something simpler, everyone would have switched over by now. IPv6 is another case of smart people doing dumb things - specifically, not thinking things through enough by thinking things through too much.

The only part of IPv6 that matters is the address space. The rest is noise.

Personally I think 128-bits was a great decision. Not only did it give everyone more room than they'll ever need it also thwarts low effort global scanning and exploitation campaigns. I even like SLAAC for as dumb as it is since it kind of nudges providers not to skimp out and take more of the address space for themselves.

Also going with a completely separate address space rather than mapping across was a very smart move due to pi

Re:

[sjames]

Quick, don't look it up, what is Wikipedia's IPvv4?

BZZZZZZt

Special addresses, you mean like 10,0.0.0/8 or 127.0.0.1?

Careful or you'll find yourself in the park shouting at clouds.

Re:

[Bert64]

IPv4 has multiple ways of expressing addresses - x.x.x.x, 0x12345678, etc...

IPv4 has extra special reserved address spaces, 224.x for multicast, 127.0.0.0 for local, 192.168 etc reserved for internal use etc.

Re:

[sjames]

They do not want to type long ipv6 addresses.

That's what copy/paste and mDNS are for. Complaining about that is like griping that they just learned to do a Western Union splice and now people want them to use those diabolical newfangled RJ-45 thingies.

Do they also get mad when they crack the whip and the car doesn't go ant faster?

Re:

[Bert64]

Exchange does not require netbios, and fully supports ipv6 - infact it can break quite badly if you turn off ipv6 on the server...

IPv6 addresses are easier to remember once you have a moderately sized network - you have a single prefix, and then you pick a sensible addressing scheme underneath that. With ipv4 any larger organisation or provider will have many different blocks, making it extremely messy. We have a /32, then a /48 for each site, and a /64 for each vlan within the site which is designated by t

Re:

[FaxeTheCat]

IPv5 had the same address limitation (32 bit) as IPv4, so it would not have solved the address shortage problem.

Re:

[Junta]

Having a private IPv4 address just makes sense, even if alongside IPv6 global addressing. I never need to use global IPv4 addresses manually, there I always rely upon dns. However locally I used htem all the time.

Re:

[Bert64]

IP addresses are for computers, DNS is for people. Most users will NEVER have to type an ip address.

Re:

[Calydor]

Back in the day people could memorize phone numbers, and lots of them. What's the difference between remembering an IPv6 address and, say, four phone numbers in the proper order?

Re: fear, lack of training, lack of compatability

[Brockmire]

You generally had same area code and exchange, so you just had to remember 4 digits of your friends number that you actually dialled, not Contacts. And it became muscle memory. I can muscle memory a number pad better than 1-9,0 in a row.

Re:

[Bert64]

If done properly, ipv6 addresses are easy to remember

xxxx:xxxx - your prefix which covers your whole company.
xxxx:xxxx:123 - your site id
xxxx:xxxx:123:10 - vlan id
xxxx:xxxx:123:10::1 - first device (probably router) on vlan 10 at site 123
xxxx:xxxx:123:10::666 - another device

So you can calculate the majority of the address based on where the device is, your prefix will always be the same and then your devices can be numbered 1 upwards... I typically use the first 3 addresses for routers, first 100 addresses

Centurylink

[darkain]

I'm a Centurylink gigabit customer near Seattle with a static block of IPv4 addresses. Their IPv6 support is still only 6rd, which their implementation only works with a small handful of routers. Sadly, I just found out that my latest router is one that doesn't support it. STILL waiting on that native dual-stack support.

I firmly place all of the blame on the major ISPs at this point. Most have IPv6 dual-stack on their carrier networks, but are sluggish as fuck delivering the packets to the last mile for some ridiculous unknown reason?

Re:

[Creepy]

CenturyLink still is using absolutely ancient infrastructure where I live, stuff they inherited from Qwest. With my city having an exclusive fiber deal with Comcast, that is unlikely to change anytime soon. They did update their DSL to 10Mbps, but Comcast was running multi-gigabit service last I checked. Personally I'd like to not do business with either company and am waiting for Gen V wireless - high speed and low latency.

Agreed

[110010001000]

I'm in total agreement: at least move to IPv5 already, if you aren't ready for IPv6! Sticking with IPv4 is just being stubborn.

Re:

[DontBeAMoran]

I'm going to downgrade our internal network to IPv3.14159 just to piss off our administrators.

not really true

[Anonymous Coward]

We haven't "run out" of IPV4 addresses. Not even remotely so.

A good comparison would be land. There was a time, even within the last 50 years -- where one could (for example) 'stake out' land in Canada. You'd head to unclaimed land, put up your fences, work it and use it -- and in 5 (or 10? it's been a long time since I read up on this), the land would officially be yours.

This is closer to IPV4 realities, than not.

Why?

Because, IPV4 used to be *free*. You needed netblocks, you got netblocks. You request, and they were delivered.

Then they became non-free. Much like land in Canada, you can't just take it and use it, nope -- you have to buy it from someone.

A lot of that goes around, too. One corp selling to another. CorpA leasing to subscribers. ISPs selling additional IP addresses / month, for a fee.

If we had really "run out", I would have to WAIT to connect to the internet. Or, I'd be stuck behind a NAT device (I'm not), because my ISP had to aggregate clients because they had no free IPs.

Truth is, there's loads and loads of IPV4 laying around.

Otherwise, why would people be saying WE'RE GOING TO RUN OUT! for TWENTY FUCKING YEARS, and there's still a shit-tonne of IPs left.

Hmm?

Eh?

Hum?

Bah!

(And yes, SNI alone helped a lot... but that's not the point. Or maybe it is -- because, it's an example of "look -- there's gold all over the ground" and now "we have to dig for it, maybe we'd better use gold more wisely")

I bet in 2050, we'll still primarily be IPV4.

Re:not really true

[WaffleMonster]

We haven't "run out" of IPV4 addresses. Not even remotely so.

A good comparison would be land. There was a time, even within the last 50 years -- where one could (for example) 'stake out' land in Canada. You'd head to unclaimed land, put up your fences, work it and use it -- and in 5 (or 10? it's been a long time since I read up on this), the land would officially be yours.

This is closer to IPV4 realities, than not.

Why?

If you think IP addresses should be treated as a limited resource and priced by the market accordingly then of course you're right. Chances are YOU can afford to have an IP address. Therefore they are not scarce for you.

Yet from a global perspective there are more Internet users coming online than publically routable IPv4 addresses. Basic math would seem to indicate there are not enough addresses to go around.

If we had really "run out", I would have to WAIT to connect to the internet. Or, I'd be stuck behind a NAT device (I'm not),

Good for you. Population of Internet users will soon be a much much higher number than publically routable IPv4 addresses. Others are today not so lucky and this problem only grows worse with time.

Even if you assume all server infrastructure has no IP addresses allocated to it and 100% efficient distribution of IPv4 to end users only there are still NOT ENOUGH IPv4 addresses for everyone.

I bet in 2050, we'll still primarily be IPV4.

I bet IPv4 at least in terms of public Internet is shut down in its entirety by 2050.

Re:

[DontBeAMoran]

It is when I'm eating Munchos [fritolay.com]. It's like I'm inhaling these damn things!

Obligatory

[DontBeAMoran]

Would someone tell me how this happened? We were the fucking vanguard of networking in this country. The IPv4 was the IP to own. Then the other guys came out with TCP. Were we scared? Hell, no. Because we hit back with a little thing called DNS. That's IPv4 and easy to remember english names. For usability. But you know what happened next? Shut up, I'm telling you what happened—the bastards went to IPv6. Now we're standing around with our cocks in our hands, selling four numbers and names. Usability o

Azure

[watermark]

Chicken and egg. In Azure, the only way you can get a public IPv6 address is by using a load balancer. You can't just put a single VM up on IPv6. Even if some other provider does offer better IPv6 support, Azure is #2 atm, so they'll need better IPv6 support as well.

Re:

[Junta]

There are a lot of little services and facilities that still don't quite work right or fully with IPv6.A lot of these were problems in IPv4 as well, but they *had* to be solved. IPv6 on the other hand, people just shrug and use IPv4 where things are fixed.

Tell the ISPs, not the users

[duke_cheetah2003]

My ISP doesn't give me IPv6 connectivity. So I'm sunk.

Re:Tell the ISPs, not the users

[MrL0G1C]

My ISP isn't even offering IPv5 yet, let alone IPv6.

When's Slashdot going to IPv6 ?

[Mozai]

$ dig tech.slashdot.org aaaa
tech.slashdot.org. 59 IN CNAME www.slashdot.org.
$ dig www.slashdot.org aaaa
(no answer)

Interesting Essay on IPv6

[ewhac]

The World in which IPv6 Was a Good Design [apenwarr.ca]. I found this brief history on IP and Ethernet to be quite informative. It also suggests a possible way forward for mobile IP (by basically putting another layer on top).

Vinton Cerf and Robert Khan messed up

[williamyf]

And now is up to us to pick up the pieces.

They simply made the address field too small.

And do not but that "this was an experimental network, we couldn't have known" weasel-talk.

You see, about the same time Vint and Bob were working on their little 4 Bytes in the Address Field protocol (1981), Other people were also working on similar protocols.

Some Guys at OSI were working at CLNP, and guess what? That has 20 (5 times more!) Bytes in the Address Field...

Some other guys at Xerox were working on IDP, which h

Re:

[Tough Love]

I used to get downmodded for calling Vint Cerf an idiot. But he is. Actually. And a vindictive narcissist to boot. Might have something to do with the fiasco, must maybe?

Still no IPv6 on Spectrum

[Eravnrekaree]

Spectrum still has no IPv6 support. It really is getting to be ridiculous that its 2018 and there is still no IPv6 support. When, if ever? Do these companies need to be fined to compel them to upgrade>

Time for IPv7

[Peter P Peters]

I know I'll get burned for saying this but IPv6 fails the scratch and sniff test. I've grown up around the IPv4 dilemma yet no-one I know that I worked with (contractor worked at 30+ different businesses) ever seemed to fully grasp IPv6. Workers don't get it, vendors don't get it, network providers don't get it, telcos don't even seem to get it. Based on the fact that we've been at this for 15years+ and it still hasn't gained any traction it's time to call it a failure and move on.

Re:

[Tough Love]

Sad to say, there are many with you on that. Start over, and make it an extension of IPv4 this time. Just add one or two extra bytes to the high end of the address and deal with the issues, which are many and varied, but IPv6 has nearly all of the same issues and a bunch of its own making. At least make an attempt at compatibility. It's hard to think of anything worse than the current situation, but sigh, I suppose if you threw even more incompetence at the effort than the IPv6 designers did, it could be ac

Re:

[WaffleMonster]

I know I'll get burned for saying this but IPv6 fails the scratch and sniff test. I've grown up around the IPv4 dilemma yet no-one I know that I worked with (contractor worked at 30+ different businesses) ever seemed to fully grasp IPv6.

Workers don't get it, vendors don't get it, network providers don't get it, telcos don't even seem to get it. Based on the fact that we've been at this for 15years+ and it still hasn't gained any traction it's time to call it a failure and move on.

IPv6 in all ways that matter is the same as IPv4 with 96 more bits of address space.

Vint "Cert"

[epine]

Vint Cert Warns IPv4 Users: 'Time To Get With the Program'

That error should be fixed.

Way to go NBN

[MavEtJu]

There is not a single ISP on the NBN in Australia who provides IPv6 over FTTC. That is new technology launched in 2018. Way to go NBNco!

Re:

[Z00L00K]

You can keep your IP address, 192.168.1.42

Re:This sucks!

[Anonymous Coward]

You can keep your IP address, 192.168.1.42

Hey! that's the IP address of my luggage.

Re:

[RandomFactor]

192.168.1.x is just too damned crowded.

I moved to 192.168.2.x ages ago.

Re:

[FaxeTheCat]

You do not keep the IP if you change ISP or network.

Re:

[ChatHuant]

Better tracking for the three letter agencies

That can't be right, since Vint Cerf hasn't worked for the Department of Defense for a long time now. He's currently working at Google... Oh...

Re:

[scdeimos]

I'm sure you meant privacy flaws. Privacy laws don't even work on IPv4.

Re:

[Dagger2]

From what I've seen, those "reputable, well-engineered VPNs" block v6 because they're crap and don't support it. What they should do is exactly the same thing they do for v4: put the traffic down the VPN.

v6+privacy addresses is no worse than v4+NAT for your privacy. Both of them are crap, of course, because they let you connect to web servers which track you via cookies and browser fingerprinting, but there's no reason to avoid v6 on this count.

Re:IPv6 was invented before NAT.

[4im]

Spoken like a mere user. Those of us who've had to connect NATed enterprise networks via VPN, having to find common unused IP spaces, NATing around both ways to get machines from both ends to talk to each other, having to implement DNS zones, know just how wrong this is. IPv6 is a godsend, solving one hell of a lot of problems those of us actually working in networking have. Now, if only more of the management guys listened to us, we'd have moved on to IPv6 for quite a while.

Re:

[vux984]

That's pretty ignorant. Because NAT creates very nearly as many problems as it solves.

And if users don't want a device traceable or directly reachable by ipv6 address you can still do NAT with ipv6 too if you want; you just don't HAVE to.

Re:

[Kjella]

That's pretty ignorant. Because NAT creates very nearly as many problems as it solves. And if users don't want a device traceable or directly reachable by ipv6 address you can still do NAT with ipv6 too if you want; you just don't HAVE to.

Users have little choice on being traceable, it's what the ISP offers. Why do we bother with dynamic IPs, DHCP leases and all that stuff? Because IPs were/are a limited resource and when we were on dial-up reserving an IP for every customer was excessive. With always-on/mobile broadband most devices are always-on and and the IPv6 address space is massive. While there are some laws in some countries to preserve IP-customer history it's usually not forever and it takes a warrant to access. With IPv6 it'd be t

Re:

[Creepy]

MAC addresses aren't fixed, so changing it and regenerating your IPv6 address would be a way to avoid being traced (most if not all IPv6 generators use MAC addresses as a parameter and a fixed algorithm, so regenerating it without changing the MAC will give you the same address every time). That said, it is much more of a pain in the ass than just going to a coffee shop and logging on when you want to be anonymous. Also with coffee shops you need to either move around or know to clear your IP cache or the f

Re:

[mlyle]

> With IPv6 it'd be totally possible to move to a static default, you are path::to::ISP::customerNumber::MAC and it's yours forever and everything you do is linked by default.

RFC4941.

Re:

[williamyf]

And if users don't want a device traceable or directly reachable by ipv6 address you can still do NAT with ipv6 too if you want; you just don't HAVE to.

Originaly, the creators of IPv6 (and the IETF) did not want _anything_ to do with NAT.

Only because of pressure from users and vendors did they _finally_ gave in and defined NAT for IPv6.

Just look at the RFCs. IPv6 was declared a Draf Standard in 1997. The IAB emited an RFC (5902) "starting" to consider the Issue in 2010, and we got an experimental standard (RFC6296) in 2011, so, 14 years were NAT on IPv6 was simply NOT POSSIBLE.

Fact check first, say comments are ignorant latter.

Re:

[Tough Love]

The financial services industry will NOT use IPv6 because multicast doesn't work properly on switches, there is no good way to filter unwanted traffic.

Re:

[WaffleMonster]

The financial services industry will NOT use IPv6 because multicast doesn't work properly on switches, there is no good way to filter unwanted traffic.

It's called RA Guard.

Re:

[Tough Love]

You don't know WTF you're talking about.

Re:

[Tough Love]

IGMP is not an ipv6 protocol.

Re:

[Z00L00K]

And that's a good reason for NAT and private addresses for IPv6.

In my home net I run fd00::/8 and when the ISP finally get their thumb out of their behind I plan to do a NAT of that.

Re:

[Junta]

are use really using fd00::/8 or are you proeperly using a fd::/48 from that network?

Re:

[Z00L00K]

In reality I have broken it down to a /64 with a random 40 bit and also a random 8 bit subnet part. But in order to not expose what I have on my local net I still prepare to NAT it.

I understand that people think that NAT is bad, but it's not always bad since it also offers the ability to hide what you have from your ISP and some ISPs would like to control and know what you have in number of devices etc. It's after all a privacy issue to use NAT, not that it's technically better.

Re:

[Eravnrekaree]

Wrong. You could not be more off the mark here. A lot of applications rely on a peer to peer connection, it can include a gaming application, peer to peer video conferencing and so on. Having to pay for central server/cloud resources to proxy this stuff around would drive up the cost unnecessarily . It unnecessary wastes bandwidth and congests the networks, slowing things down, to have to transmit data through servers. The bottom line, we need more IP addresses. Most users DO want their own IP address even

Re:

[WaffleMonster]

Now there IS no shortage of IPv4# any more, since the invention of NAT. The only reason for IPv6 now is total traceability

As a user I want to be able to directly communicate with others without my communications being mediated by a centralized server owned by corporate stalkers and governments. NAT makes this very difficult to achieve.

There is a certain logic in hiding behind a single IP and thinking this does something for your privacy. In some ways it's true. In most ways that matter it's an illusion.

Most CGN implementations use a port mapping structure in which each user is allocated a logged predictable fixed subset of

Re:

[DontBeAMoran]

And you're stuck with first century numerals.

Re:

[FaxeTheCat]

ISPs use NAT to provide enough addresses. Services like point to point communication (things like Skype) is difficult because each device does not have a unique address.

And for the internet visible addresses: With IPv6 each subscriber can get as many addresses as is available on the whole internet today (or more). With random address assignment, scanning the address range of just one sunscriber will take as mush effort as scanning the antire internet today. So even if the devices are available, they will

Re:

[sjames]

But with IP privacy, those addresses will soon become invalid. Meanwhile, with a simple firewall rule, they will be non-responsive anyway.

Re:

[Dagger2]

We probably won't. Devices having a public IP isn't a problem; just because you have a public IP doesn't mean it's possible to connect to it. ISPs provide routers that have firewalls, and the firewalls block inbound connections. Your "average joe blow" just plugs that in and they're fine.

What happens today is that people buy IP cameras, and then they go "hey, how do I view this from the office?", followed shortly by port forwarding to the camera or putting it in the DMZ. 30 seconds later, somebody finds the

Re:

[Z00L00K]

That's probably the biggest problem with IPv6 - an attempt to solve more than what's really necessary with one blow.

Re:

[Tough Love]

That's probably the biggest problem with IPv6 - an attempt to solve more than what's really necessary with one blow.

That and not making the slightest attempt at backward compatibility. Like those guys lived in an ivory tower or something.

Re:

[Dagger2]

I'm confused. Where do you get the idea that they made no attempt at backward compatibility? We have 6to4, Teredo, NAT64+(DNS64/464XLAT), 6rd and DS-lite, we have standard APIs that work with both v4 and v6 addresses interchangeably and you can run the two protocols in parallel on the exact same networks and hosts and they won't interfere with each other. What part of that comes under "no attempt at backward compatibility"?

Perhaps you mean that you can't make connections from unmodified v4-only hosts to v6-

Re:

[Tough Love]

I'm confused. Where do you get the idea that they made no attempt at backward compatibility?

Other than it being a layer 3 protocol, ipv6 is incompatible with ipv4, please don't act stupid. As a protocol ipv6 is completely incompatible with ipv4. Must I express this in words of fewer syllables?

Re:

[Dagger2]

I just went over a bunch of ways in which it isn't incompatible. Do those not count?

Perhaps you could explain how it could've been made any more compatible than it already is? I don't mind how many syllables you use, so long as you describe something that would actually work.

Re:

[Tough Love]

In the ways that count, ipv6 is incompatible. As everybody says, but you.

Re:

[Dagger2]

Alright, let's go with that for now. The next question is: what could they possibly have done about it?

v4 isn't forwards compatible, and doesn't support anything more than 32 bits of addresses. This is ultimately a flaw in v4, and there's nothing that v6 could have done to avoid it. What should the designers of v6 have done to avoid this problem? What changes could have been made to make it backwards compatible?

Re:

[WaffleMonster]

That and not making the slightest attempt at backward compatibility.

Are you joking? There have been countless RFCs dealing with compatibility from every which way. How many more do we need?

https://en.wikipedia.org/wiki/... [wikipedia.org]

IPv6 day was the grownups sending a pretty clear message that clowning around with transition schemes were no longer appreciated. They demand a production quality IPv6 network at least as capable and reliable as IPv4.

This means all of these crummy tunneling overlays ended up being unused, unappreciated and ultimately rather pointless.

Like those guys lived in an ivory tower or something.

Ivory towers full o

Re:

[WaffleMonster]

Typical ipv6 goon, patronizing. Yah, that's going to work. News for you: ipv6 mafia are the clowns. Not just my opinion.

Don't shoot the messenger. It's what content wanted. Google counts milliseconds of latency in terms of millions of dollars in lost revenue.

To them it is either native IPv6 with similar reliability and capability or IPv4. They are not interested in losing money on tunneled overlay schemes. This reality is something many "IPv6 goons" had no appreciation for. Goons only cared about clever ways to get everyone IPv6 with duck tape and bailing wire if need be as soon and as fast as possible. The "goons" wer

Re:

[duke_cheetah2003]

Is this segment of the population just hell bend on NO PROGRESS for anything or anyone? Seriously, shut up.

Re:

[WaffleMonster]

They tested IPv6 service about 7 years ago, but took away my IPv6 routers at the end of the trial period. All I have left are my static IPv4 addresses.

All static IPv4 Comcast customers get at least a static /56 allocation whether you know about it or use it or not. Check your Comcast business account portal. Assigned IPv6 network will be listed there.

Re:

[WaffleMonster]

Corporations hold onto NAT for reasons that are real, not imagined, and not easily overcome by smoothly worded IPv6 talking points.

NAT is a security risk.

Re:

[Dagger2]

Because there's no way to make it work. v4 is incapable of talking to v6, because there isn't enough space in the v4 destination address field for the v6 address to go. You'd need to somehow make every v6 address also be a v4 address, but that won't work because there are only 32 bits available in v4 and that's nowhere close to enough. There's nothing v6 can do about this, because it's v4's problem.

One possible workaround would be to do NAT with v6 on the inside, but doing that would only allow outbound con

Re:

[Dagger2]

> They really really should have engineered some sort of backward-compatibility into it

It's really easy to say this, but if you sit down and think about it you'll realize that it's not possible to do. v4 isn't forwards compatible, so v6's hands are tied, and there's nothing that anybody could've done about that or could do about it in the future because it's not due to any flaw in v6 but rather due to a flaw in v4. Criticizing v6's designers for not doing something that's impossible seems incredibly unfa