Will The Transition To IPv6 Take 5 to 10 Years? (theregister.com) 198
An anonymous reader quotes The Register:
IPv4 is here to stay with us for a good few years yet, reckons the the Réseaux IP Européens Network Coordination Centre's (RIPE NCC) public policy manager, eight years after IPv6 was supposed to replace it. Marco Hogewoning, public policy for the Amsterdam, Netherlands-based European regional internet registry, told The Register that despite the best efforts of IPv6 proponents over the last eight years, it might take "five to 10 years" before the world starts to truly abandon the IPv4 address space.
IPv6 was first defined in 1996, but with Friday marking the 8th anniversary of (the second) IPv6 "Launch" Day, RIPE NCC was keen to talk up the tech, whose chief benefit is that it provides a much greater pile of internet addresses for all the stuff humanity has dumped online in the last few decades...Musing that "little pockets of IPv4" and some government services hosted on IPv4 are two of the things holding the world back, Hogewoning told The Register:
"It's impossible for me to file my taxes over IPv6. As much as I want, I can't get rid of IPv4 in the end because I need to file my taxes. That's a dialogue we try to have with the governments... It's an important step to go to, enabling IPv6 [instead of] IPv4 to make sure we don't force people to have that backwards compatibility."
IPv6 was first defined in 1996, but with Friday marking the 8th anniversary of (the second) IPv6 "Launch" Day, RIPE NCC was keen to talk up the tech, whose chief benefit is that it provides a much greater pile of internet addresses for all the stuff humanity has dumped online in the last few decades...Musing that "little pockets of IPv4" and some government services hosted on IPv4 are two of the things holding the world back, Hogewoning told The Register:
"It's impossible for me to file my taxes over IPv6. As much as I want, I can't get rid of IPv4 in the end because I need to file my taxes. That's a dialogue we try to have with the governments... It's an important step to go to, enabling IPv6 [instead of] IPv4 to make sure we don't force people to have that backwards compatibility."
I'd say even more (Score:2)
Tokyo doesn't even have zip-codes, street-names and house-numbers yet, so be patient.
Why weren't the silly lies moded insightful? (Score:2)
Just asking. This is Slashdot 2020, so no answer needed.
But for reference, Japan has had 7-digit zip codes for many years (following some years with 3-digit zip codes), every major and many minor streets have official names (and there are less official names and references for the other streets), and every house (and building) has a number.
Re: Why weren't the silly lies moded insightful? (Score:2)
Just for reference, I live in central Tokyo and nearly all streets in my area do not have names. All the houses around me use the same address (the chome system is not implemented) and post is delivered by the postman knowing who lives in which house.
Old standards last forever.
No (Score:5, Insightful)
Re: (Score:3)
There's no reason people *can't* transition, but clearly there are reasons they *haven't*.
I think part of the problem is that IPV4 is so good -- albeit for the world of the 80s and 90s. It's easy to take for granted its rare combination of simplicity and robustness. People are lazy and present-focused, and it's often easier in the short run to work around the limitations of a good but under-engineered tool you know than it is to learn how to use a better one. Especially when a lot of smart people are fig
Re:No (Score:5, Interesting)
> I think part of the problem is that IPV4 is so good
Also, there has been _zero_ benefit to moving to IPv6 formost people. It's been an exciting technology shift that generates no revenue and no performance benefit whatsoever.
Re:No (Score:4, Insightful)
Re: (Score:3, Interesting)
Yes, because if the address is more than 32 bits (4 bytes), it's incompatible. Consider, you have IPv4, I have v6. How would you even go about sending a packet to my 128 bit address using your packet that has a 32 bit space for the destination address? If I sent you a packet, how would I go about stuffing my 128 bit return address into the 32 bits you can process?
Re:No (Score:4, Informative)
It could have been done a bit better though.
The strategy chosen permitted AF_INET6 code to be adaptive to handle IPv4 as far as the application level is concerned, but actually *using* it required your stack to have an IPv4 address as well (the OS can translate the header as much as the application needs, but the OS had no good way of actually transmitting the packet without a viable source address). As such every server is compelled to at least have IPv4 and every client is compelled to also have IPv4, and IPv6 is a bit optional and not strictly necessary for anyone.
In the last decade, NAT64 and DNS64 are plausible ways for carriers to implement IPv6-only clients with carrier level NAT to permit them to be clients to IPv4 servers, but all the other strategies up to then were not up to the task. Ideally by 2000 we would have accepted IPv4 as 'server class' and IPv6 as 'client class' for most common use cases and done the technology to implement that from the start. Instead we pursued 'dual stack' as the solution which was twice the work with no immediate benefit to anyone bothering to do so. It continually expected all current participants to do IPv6 for the sake of the future even if it didn't matter now.
Re: (Score:2)
Dual stack makes perfect sense. The client side is where you find old consumer grade printers that will never support v6, etc. You'll need dual stack for that. Other than that, it was/is part of a well laid out transition path.
NAT64 is a thing, but I don't know of any ISP that actually has it working. Most ISPs failed on 6to4 routing as well. The worst part (for both) is that they implemented them badly rather than not at all so they ended up black-holing the needed routes rather than letting the traffic re
Re: (Score:2)
Dual stack makes perfect sense. The client side is where you find old consumer grade printers that will never support v6, etc. You'll need dual stack for that. Other than that, it was/is part of a well laid out transition path.
I was thinking if the strategy had been IPv6 from the get go, there wouldn't be IP connected printers and other stuff to worry about. IPv6 was theoretically kind of possible in 2000 though even if you gave it a couple more years (if we had been *serious* about it, it could have been done) you still wouldn't be in the realm where it was cost effective to have embedded IP enabled systems in consumer printers.
Of course, even the extent those would have existed, that would have been dual stack for link local, n
Re: (Score:2)
It's not the existence of dual stack that forced servers to enable v4, it's the number of clients that couldn't reach it if it was v6 only. Dual stack doesn't FORCE anyone to implement both, it's just the option to do so. I think you have some of the early timeline confused. There were plenty of legacy v4 only devices around when v6 was introduced. If not for dual stack, nobody would have done anything with v6 at all.
It was all of those servers that were already on the internet when dial-up for home users b
Re: (Score:2)
It could have been done a bit better though.
I don't see how. The biggest problem with adding bits to IP addresses is that all of the hardware is (or was) built specifically around having only 32 of them. Yes, hardware, not software. Virtually all internet bound packets are routed in hardware at some point, and adding any amount of bits would require modifying the hardware. It is not computationally practical to do all of this in software. You may as well just throw up your hands and say "to hell with it, we may as well transition only once, and make
Re:No (Score:5, Insightful)
It's not that there are *no* benefits to ipv6. It's that there will few *marginal* benefits to justify the immediate costs. It's a classic chicken-or-egg problem.
Re:No (Score:4, Interesting)
Additionally, the biggest drawback (inadequate addresses for everyone causing lots of NAT to private addresses) is also considered enhanced security (packet forwarding failure by default, meaning 'firewall' sort of code is a requirement rather than optional behavior on these networks).
It makes VPNs a mess (how many places I need to connect to all use the same 10. addresses...) and sure you can have the same level of filtering without NAT, but with NAT a firewall failing to grasp the situation would drop packets rather than possible forwarding them.
Re: (Score:2)
Additionally, the biggest drawback (inadequate addresses for everyone causing lots of NAT to private addresses) is also considered enhanced security (packet forwarding failure by default, meaning 'firewall' sort of code is a requirement rather than optional behavior on these networks).
NAT is service, a minor feature built on top of a statefull firewall. Just like we don't have our routers default to logins and passwords anymore and instead have them tied to serial numbers, there's no evidence that statefull firewalls wouldn't be a default even if we never went down the absurdity of NAT.
Re: (Score:2)
Well there are significant benefits to network operators in terms of their routing tables, but no observable benefit to end-users aside from some dual-NAT scenarios.
Re:No (Score:4, Interesting)
There is actually a good bit of benefit, it's just that there are too many points where someone snatched defeat from the jaws of victory.
On the server side, it would be nice to be able to get a significant address allocation without each IP address being treated as being more precious than gold bars, for example. But until the client side is fully able to reach those addresses, you're still stuck having to assign v4 addresses to each outward facing server.
Even within the ISPs that have implemented some level of v6 connectivity, there are a lot of network people who have no clue about v6.
It's not actually hard, it's mostly a problem of people turning very simple practical engineering into very complex academic dissertation style papers for no good reason.
In the case of ISPs that have actually implemented customer IPv6, people are now using v6 and don't even know it.
Re: (Score:3)
In the case of ISPs that have actually implemented customer IPv6, people are now using v6 and don't even know it.
Mostly easier for cellular providers for phones. Home internet in practice has to contend with gobtons of self-owned home routers that do not bother with adequate IPv6 function even if the provider delegates a prefix and all the client devices are capable.
Re: (Score:3)
Most of those devices are crap and will be replaced before long for unrelated reasons (such as just not powering on anymore, etc).
These days even the cheap APs you'll find at Target and Best Buy will do v6.
Re: (Score:2)
Eh, I've still seen some 802.11g routers in service. Even new, I bought a wifi router last year and the stock firmware even supported IPv6... But was disabled by default and only did IPv4 until digging into advanced configuration to enable it.
Even I didn't realize it until I got bored one day and saw the configuration option and enabled it and was shocked to discover that my ISP actually replied to the prefix delegation request and handed me a /64, and promptly my hosts received global ipv6 addresses. I had
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Also, there has been _zero_ benefit to moving to IPv6 formost people.
Actually there would be massive benefit for most people, even the classic mom and pop would get benefits. You may not remember a world before corporate cloud providers locked people into their services, but having some overlord as a middle man was actually a necessity created by the lack of end-to-end connectivity caused by not enough IPv4 addresses.
1990s - things just worked.
2000s - for everything we googled "how to port forward ${application}.
mid2000s - we decided to just let applications punch holes in o
Accidental firewall (Score:5, Insightful)
There is something else I hear from people about why they like to stick with IPv4. It's a reasonable consideration.
IPv4 was designed for computers to be able to communicate. Because of the shortage of IPv4 addresses, almost nobody uses IPv4 as it was originally designed. Instead, they use an ugly hack called NAT to overload one IP address with many devices. That prevents communication to their devices, unless their device is the one to start the communication and certain other factors apply. By preventing communication, it works as a very simple, very crude firewall. Not a smart firewall - it's a stupid firewall, but stupid simple.
I have here in my house multiple serious firewall appliances, by Cisco and others. I have certifications indicating that I know how to configure these firewalls for the enterprise. Yet, I kinda like the comfort of knowing that my IPv4 NAT, ugly hack as it is, is providing me a brain-dead simple firewall. Nobody can make any connections to any of my devices because they simply don't have IPs for anyone to connect to.
So simple. Previously I've argued that that using abusing NAT as a "poor man's firewall" is a bad argument, and a bad idea. Yet - my own IPv6 is off, partly because "no routable addresses" is comforting, despite my "real" firewall. Of course to get that "dumb but effective firewall" I had to turn off things like UPnP which automatically create holes in the NAT.
Re: (Score:2)
I have certifications indicating that I know how to configure these firewalls for the enterprise. Yet, I kinda like the comfort of knowing that my IPv4 NAT, ugly hack as it is, is providing me a brain-dead simple firewall.
Why not use one of those certifications to enable a statefull firewall without NAT? Breaking your own connectivity because you can't be bothered to enable something by ticking a box (tell me again why setting up a statefull firewall should be any different from setting up NAT, it's literally just as simple) is just a fools errand. Especially considering you disabled UPnP which now makes management of your applications complicated.
Re: (Score:3)
> tell me again why setting up a statefull firewall should be any different from setting up NAT, it's literally just as simple
It *can* be just as simple. You can set up a firewall just as simple and just as dumb as what you get as a side-effect of NAT. Also there are a couple hundred pages in the firewall book - it can be a lot more complex.
Setting up a "proper" firewall is probably a good idea. Certainly at work we have a couple layers of different types of firewalls. I'm absolutely not saying that pe
Re: (Score:2)
By preventing communication, it works as a very simple, very crude firewall. Not a smart firewall - it's a stupid firewall, but stupid simple.
Bah. You can easily have a default stateful firewall that does exactly the same thing: Block all incoming connections, allow all outgoing connections. Done.
Re: (Score:2)
The reason is that NONE of the ISPs I have available offers IPv6.
This is in a major city in Sweden.
Re: (Score:2)
You can't "transition". You can and should run dual-stack to help make an eventual transition possible.
Re: (Score:2)
We will get rid of IPv6 right about the same time we get rid of Cobol. Probably not never, but much longer than 5-10 years. That is my guess anyway.
Go ahead and move your networks to IPv6, just make sure your users can still ping IPv4 addresses.
Re: (Score:2)
Go ahead and move your networks to IPv6
I would but I get half a second of latency from the backbone as punishment, since they want to advertise the capability but don't have the routers for it.
Re: (Score:2)
It's already taken 22 years so far because the draft standard was established in 1998. That's already more than "5 to 10 years".
That's not how relative timescales work. The length of the past has no influence on numbers you give in the future, the English language simply doesn't work like that. And based on the logarithmic trend of adoption and the fact we're already at close to 50% in the USA 5-10 years is perfectly reasonable number as a prediction as well.
Or should I say 27 to 32 years to help your understanding.
Re: (Score:2)
The length of the past has no influence on numbers you give in the future, the English language simply doesn't work like that.
False. Complete drivel. Your skills as a grammaticaster have failed you completely.
In English it depends on the words used. In this case it describes a continuous tense with a beginning and end, and the beginning can be in the past or future depending on if the activity has begun yet. The question is about the amount of time that comes between the beginning and the end of the activity.
If the question was about the future, it would be how much longer will it take . Not "how long."
Re: (Score:2)
I've had an IPv6 cert for over 10 years.
When I got it, I was under the impression that the transition had already begun and that it would be useful.
So it seems like an easy question. I wonder if they'll ever manage it? Maybe if we Balkanize the internet we won't need it.
Cloud providers and ISPs aren't' doing their job. (Score:2)
It's up to amazon, microsoft, google, ovh, linode, and other cloud providers. Everything should be IPv6 first at this point.
Comcast still won't offer static allocations of IPv6 space in many markets for business customers.
Re: (Score:2)
Comcast still won't offer static allocations of IPv6 space in many markets for business customers.
I wasn't aware of this but I have to ask why you need a static allocation if you can use dynamic DNS?
And from what I have seen from Comcast is that my IPv6 address at home hasn't changed in four years. If i did have a DNS authority for my site it wouldn't have to register an update very often.
Re: (Score:2)
Back when I had my business account they allocated me a /56, though I hear that's not everywhere as you said. Nonetheless anyone can go to Hurricane Electric and get their own /48 allocation for free.
Re: (Score:2)
A tunnel will not have the same performance as a native IPv6 allocation. On top of that, video services such as Netflix classify Hurricane Electric tunnels as a VPN and block access from it.
Re: (Score:2)
There are servers that do not benefit from dynamic IP addresses such as DNS itself, service monitoring, and configuring switches or routers for specific hardware to have access to specific privileged VLAN's.
Re: (Score:2)
Because I still remember when DynDNS went down and took a third, or more, of the internet with it.
Re: (Score:2)
The cloud providers generally do provide IPv6. Its the ISPs that are the biggest problems from my POV.
Re: (Score:2)
We make products that use IPv6. Also IPv4 for some uses (too much legacy networking and SCADA equipment depends upon it). As such we used IPv6 internally a lot, once IT got used to it, especially internally and on lab networks. Later we got acquired by a larger company and now so many things are IPv4 only, even many labs. It takes a bit of getting used to going back to IPv4 in a way, even though the addresses are smaller they don't resemble the MAC address of the devices and you can't determine what add
Re: (Score:2)
Comcast still won't offer static allocations of IPv6 space in many markets for business customers.
I will say I don't know much about Comcast elsewhere, but I have several locations in Utah on Comcast Business and each has a static /64 allocation standard, I didn't even have to request it.
Comment removed (Score:5, Interesting)
I don't see what the big deal is. (Score:2, Informative)
I'm using IPV6... on my Linux Desktop.
Re: (Score:3, Insightful)
So a network of one? Sounds like a big deal kinda problem to me!
Or at least I hope you were jesting, it's hard to tell sometimes :P
The serious answer is that inside vs outside the local network are two very different things.
Inside almost doesn't matter.
There will be legacy devices on the LAN and the need for dual stack for a long time to come. But this is also a self-solving problem so not even an issue.
My ancient HP printer can't do IPv6, but at the same time isn't a device I'd put on the Internet direct
Re: (Score:3)
It's a "year of the Linux Desktop" thing -- it's an old-timer inside joke here, like "Junis".
I did switch over my home workstations and servers to IPV6. I did it because I was interested to see if it made any difference -- it didn't. As TFA notes, you can't get rid of IPV4 yet, you still pretty much have to run dual stack if you want to communicate with an IPV4-only endpoint somewhere.
Here's how I'd make the transmission happen: I'd start taxing globally routable IPv4 address space. Start with $1/address
Re: (Score:2)
You would hit the wrong people if you're not careful. Way too many are using v4 because that's all that's on offer. Others because people who need/want to communicate with their server are v4 only.
I would love to hand back every v4 address I control, but if I do that now, too many things outside of my control will break.
If you want to get traction with a tax, tax every provider that doesn't give every customer at least a working /64 (preferably static) by default.
Re: (Score:2)
It's really the slow entrenched older ISPs that are causing all of the problems not deploying IPv6 to the end users.
I'm not sure I buy this statement. I don't doubt it's true for some tiny independent ISPs; but the big ISPs, at least, certainly started shifting to IPv6 several years ago. Heck, it's one of the few things I'll praise Comcast for.
My evidence is anecdotal, but after talking to a lot of friends who are doing IT at various levels at all sorts of companies - I think a lot of companies are the problem. They certainly have IPv6 on their web servers, although they're not hosting those on their own networks. But, i
Probably longer... (Score:3)
People take an attitude of "ipv4 is working for me" and don't care about all the problems it causes for others...
Developing countries are stifled because they can't get the huge ipv4 allocations that developed countries have, users in these countries end up being stuck behind multiple layers of nat so they're not part of the internet - rather just outside observers with second class connectivity. No hosting of your own services, no p2p, having to rely on third parties to relay your communications (and all the latency, performance and privacy concerns associated) etc.
A lot of time and money is spent working around the limitations of ipv4 too, addressing is expensive, implementing cgn is expensive, correlating logs when addresses are translated is expensive. Doing away with all this crap would be hugely beneficial for a lot of people and organisations.
Microsoft are aiming to transition to ipv6 and get rid of ipv4 as much as they can, as per this presentation:
https://www.ernw.de/download/V... [www.ernw.de]
The US government wants to do the same.
There are many advantages to ipv6, but far too much ignorance and laziness out there.
Re: (Score:2)
There are many advantages to ipv6, but far too much ignorance and laziness out there.
I can't emphasize this enough. I recall when I first started using IPv6 about 5 years ago once I had configured my first systems my reaction was why the hell did I wait so long.
My first Linux system took me about 90 minutes to do. About 20 minutes of that was reading How-To articles, about 30 minutes making mistakes in configuration files, about 15 minutes learning how to use AAAA records. The second Linux system took about 5 minutes. As did every one after that.
The other learning curve was figur
Re: (Score:2)
Your Comcast address is doubtless a non-routable address behind Comcast NAT. What benefit, precisely, did you get from IPv6? Besides helping you feel like the cool kid after wasting an hour or two of yout time that you will never recover? I could understand some benefit professonally from learning about it on your home network, I suppose.
Re: (Score:3)
I have a small cluster of servers each running a variable number of VMs in a co-hosting location. The site provides full IPv6 support and a static allocation. They also give me a block of 16 IPv4 public addresses. If I want more I have to pay for them.
At home I have my laptop, my wife's laptop, a utility Linux box.
Benefits:
My home systems get publicly reachable IPv6 addresses. I use that on occasion.
My servers that don't need public IPv4 addresses can be reached by IPv6 I don't have to pay for.
Re: (Score:2)
> > Your Comcast address is doubtless a non-routable address behind Comcast NAT.
> If that were true then I couldn't SSH to my systems from home to the co-hosting location
Oh, there are many viable approaches to support this. It's precisely what port forwarding on the NAT gateway is for, or VPN software support.
Re: (Score:2)
My home systems get publicly reachable IPv6 addresses. I use that on occasion.
While you may understand the greatly increased security requirements of such a configuration, that should absolutely be discouraged for regular consumer use.
Re: (Score:2)
v6 will always be harder for brute force bots. First they have to find a v6 address with anything actually behind it before they can even start guessing. With v4, any address they might try is very likely to reach something.
Of course, there's always scraping DNS for live addresses, but that's yet another brute force step before they can brute force a password.
Re: (Score:2)
I can't speak for OP, but my Comcast v6 prefix is routable and unfiltered. Not a lot to configure for me, I just enabled it on my router. It was nice to not need a 6to4 tunnel at home anymore.
Re: (Score:2)
Actually large swaths of global enterprises operate quite nicely behind layers of NAT. Might you be claiming THEY are only outside observers?
While the idea that every network node needs to be reachable by every other is a nice and warm rosy idea, the reality is there are at a minimum script kiddies just itching to jump on anything they can see/reach. And then there are the real bad guys. Expose everything to everybody? Are you out of your freaking gourd? I know, just secure it. Yeah. Right. Grandma c
Re: (Score:3)
Actually large swaths of global enterprises operate quite nicely behind layers of NAT
Right up until they merge with another global enterprise that uses the same RFC1918 space. I've been involved in that backend work and it is some of the absolute worst.
Re: (Score:2)
It's a lot different when you control the NAT and when that NAT is not itself behind another NAT.
until it hurts (Score:3)
Until it starts hurting the bottom line of the fortune 500 companies, will never really happen. It costs real $ for a large company to move to IP6.
Plus if you are a large company, as an added benefit, you get to hoard all the IP4 IP addresses, locking out any new competition.
Re: (Score:3)
Plus if you are a large company, as an added benefit, you get to hoard all the IP4 IP addresses, locking out any new competition.
The large companies I've worked at for the last 20 years have all used 10/8 addresses and a NAT to access the outside world. For that matter, that's what I use at home too. Really, I need one address for my home and most companies can survive with dozens to hundreds. I don't think even Google or Amazon needs 24 million externally routable addresses. And since it's trivial to address any IPv4 address using IPv6, for all I know my ISP is using IPv6 on their side of my home NAT.
OTOH, I used to work at HP, whic
Slashdot? (Score:5, Interesting)
Slashdot still doesn't even support ipv6...
I have native ipv6 connectivity, it is directly routed, fast and stable, i have my own ipblock, i can get 100mbit/sec over ipv6 at pretty much any time of the day or night and i can connect back to my own machines if i want.
For legacy ipv4 connectivity i have to go through CGN. There is no other way round it, the isp does not have enough ipv4 addresses to allocate dedicated addresses to customers and they can't acquire more.
For me, ipv4 access is a LOT slower than ipv6... Whatever devices they are using for CGN clearly has trouble handling the load, especially at peak times of the day, the latency is higher, throughput rarely goes above 40mbps and is often a lot less. Sometimes i find that the shared cgn addresses are blacklisted from sites so i'm either denied access entirely or have to submit a captcha or similar to gain access. Sometimes ipv4 traffic fails completely, while i'm still able to access ipv6 sites.
There are a lot of people in the same situation, most of these users only really access google and facebook - both of which are reachable over ipv6.
If your website is only available over legacy ip, it will be slower and provide an inferior experience for an increasing number of people.
Re: (Score:2)
I'm going to counter that your ipv4 may be slower than ipv6 may be that they are using throttling controls to limit bandwidth during peak load periods, and the throttling doesn't work on ipv6. As such, it may actually be a "broken" aspect of ipv6 that is allowing you to have faster speeds, not that it is inherently faster for you.
No (Score:2)
We'll be stuck with it for 150 years. The value of an ipv4 address will keep going up and more people will want it as a prestige thing. It might even become currency like bitcoin.
Re: (Score:2)
The value of an ipv4 address will keep going up and more people will want it as a prestige thing.
If the price gets high enough there will be an economic incentive to spin up IPv6, downsize your IPv4 allocation, and sell a block of those IPv4 addresses.
Re: (Score:2)
A v4 address and a .com domain. Tomorrows muscle cars and vinyl records for sure.
Abandon the IPv4 address space (Score:2)
First we have to wait... (Score:2)
Taxes (Score:2)
"It's impossible for me to file my taxes over IPv6. As much as I want, I can't get rid of IPv4 in the end because I need to file my taxes. That's a dialogue we try to have with the governments... It's an important step to go to, enabling IPv6 [instead of] IPv4 to make sure we don't force people to have that backwards compatibility."
The Internet (using either IPv4 or IPv6) is not required to file your taxes, at least here in the US. All you need is a postage stamp. If you are not in the US, how does your country handle the case where a citizen doesn't have access to the Internet?
I do agree that we need to get a move on with IPv6, but please pick a better argument - one that is actually true.
Re: (Score:2)
You're being a bit to literal. In the past few months, millions have had to set up direct deposit for unemployment and stimulus checks, for example.
ipv6 (Score:2)
Re: (Score:3)
I don't like IPv6. It's long, and ugly, and hard to remember, and they plan to get it everywhere. IPv4 just looks better, a "." is a more normal separator than ":", doesn't have the weird "::::" for zeroed sections, and it's a lot closer to human-memorable length.
This is an IPv6 address for Sprint's website and it is easy to remember.
2600::
You can at the very least pick your last 64 bits if you want to.. They don't have to be random gibberish...depending on how generous your ISP is feeling it can be many more bits under your control. With a little luck it's a wash in terms of being able to remember. My prefix is three sets of numbers I have to remember... the rest I can figure out from convention... roughly the same amount of shit to remember as IPv4... not that I
Re: (Score:2)
Sorry about that. Phone numbers are more complicated too. They are longer than 4 digits and have weird dashes and parenthesis in them even.
Hyphens and splats and octoprongs, OH MY!
Pretty much a done deal (Score:2)
Almost every (non flip) phone already has an IPv6 address on it.
I was messing with Hurricane IPv6 tunnels 15 or 20 years ago on my linux systems.
Just a matter of learning/training on how to secure v6 for the home and business and de-allocating v4 addresses and of course some kind of government backing that isn't just lip service.
Give it the Flash treatment (Score:2)
Re: (Score:2)
...because Windows 10 is IPv6 native.
Pretty sure every version of Windows shipped in the last 15 years has had full IPv6 support. It's not the endpoints holding us back.
Fun war story: back in 1996-ish, I was working at HP and we were in a mad rush to update our TCP/IP stack because we just knew IPv6 was imminent. Turns out we didn't need to rush, HP-UX basically became obsolete before we needed IPv6. Bummer.
IPv6 is a solution ... (Score:2)
... to a problem we don't have, and in fact introduces problems we certainly don't need.
Re: (Score:3)
Re: (Score:2)
I guess you haven't tried to allocate a block of IP addresses in a LOOOOOOOONG time, have you?
Re: (Score:2)
Uhmmm ....
Speaking of long time, how long has it been?
IPv6 features missing (Score:4, Insightful)
The problems as I see them:
1) IPv6 addresses are hard for humans. This can be overcome, but it is a serious annoyance. IPv4 addresses are just short enough that most humans can memorize them. Furthermore, because of how routing and subnets work, you quickly learn the first three octets and then only need to remember one for the machine you are targeting. Since IPv6 address are often based on mac addresses, there may or may not be overlap between all the machines in the room.
2) Public/Private Subnet routing is a feature and not a hack. It doesn't matter how many times an IPv6 evangelist talks about CAM tables and the evils of NAT/SNAT, at the end of the day, non-public subnets are easy to write rules for and the vast majority of systems do not need to be publicly exposed, or even exposed outside of a conventional IPv4 subnet. Yes, you can inbound blacklist everything by default on IPv6 and whitelist specific machines and ports, or specific IPv6 "ranges" but this simply isn't elegant for humans, and it doesn't directly translate to a human understandable construct, like "the DMZ subnet".
3) IPv6 discoverability is rough. In IPv4 the routing, multicast/broadcast, and finite space means that you can find out everything on your network, in a finite amount of time via brute force. In a perfect world, this wouldn't be an issue. You could figure that stuff out by looking at your routing tables, and in IPv6 using RA Neighbor requests. Unfortunately, we don't live in a perfect world, and just about every IT admin has had to do bruteforce scans to query a network because other options weren't available. IPv6 makes life so much more difficult and in some cases straight-up impossible in this regard. A properly configured IPv6 network won't be a problem, however, if you are sent in to redesign an IPv6 network that was not properly configured and documented and DNS assignments are default, with no way to log into existing routers and switches, you are straight out of luck.
4) IPv6 designers specifically tried to make IPv4-to-6 translation hard. This was a really stupid idea. Had they not been so adversarial, we would likely have IPv6 to everyone's border today. This point is high on opinion, but I think this may be the single biggest reason IPv6 has seen such poor adoption. It was absolutely asinine to think that any network of size could rip everything out and start completely from scratch.
Re:IPv6 features missing (Score:5, Informative)
IPv6 is an excellent example of a solution that is computationally elegant to the point where it completely disregards the human interface component. Because of this, it has seen extremely slow adoption, and I believe it may never see full internal network adoption.
False in so many ways. IPv6 is seeing adoption on an as needs basis. Equipment is expensive, equipment is replaced with legacy support, as such there's no incentive to abandon legacy.
1) IP addresses just aren't relevant to adoption of a technology. Human interaction problems are only problems when ... you know ... humans interact with something. There's flat out no reason to type IP addresses beyond some rare troubleshooting case, and in those rare troubleshooting cases you're actively applying the wrong thinking to a different protocol you don't understand. i.e. you don't ever need to ping another machine on your network. Send a broadcast ping, check router assignment, and check if your show up in a neighbour listing (and for that you can just check the last 4 digits of the address). Each command you type in a terminal is less characters than pinging a traditional IP address, and between them you cover 99.9% of your possible problems that would prevent you from being able to connect on a named basis making the IP address itself irrelevant.
2) There is nothing preventing you from NATing IPv6 addresses if you're stupid enough to think that is in any way a benefit, and in any case you're wrong about "majority of systems". Quite the opposite. We are now wholly reliant on cloud providers, corporate middle men providing some intermediary servers, and technologies that expose actual security risks by punching holes through firewalls like UPnP just to make your basic mom and pop system work so they can skype the grandkids. All the things we complain about exist in a large part due to the lack of end-to-end connectivity. You may not remember having to google how to setup port forwarding so skype could work, you want to talk about human interaction nightmare, I present to you NAT.
3) IPv6 has discovery baked in. There is absolutely zero reason to ever scan the address space. You literally cannot misconfigure this, no idea what you're talking about DNS for. At least come up with some contrived example rather than just throwing words out.
4) They did nothing of the sort, they even dedicated a portion of the space for addressing IPv4 addresses in the protocol to provide backwards compatibility. Dual stack is an option. Tunneling was also provided. Fundamentally you got this completely backwards, they made maintaining IPv4 as part of the IPv6 easy to help the transition which in turn hampered it's up take largely by giving people like you some ammunition to not adopt it properly.
There's nothing wrong with IPv6. The only reason it's not widely adopted is people like you exist, just like people still think that the earth isn't warming, and that everything is too hard etc. etc.
Re: (Score:3)
There's flat out no reason to type IP addresses beyond some rare troubleshooting case, and in those rare troubleshooting cases you're actively applying the wrong thinking to a different protocol you don't understand. i.e. you don't ever need to ping another machine on your network.
Stopped reading there. That is funny though.
Re: (Score:2)
Stopped reading there. That is funny though.
Shame. If you kept reading you may have learnt about how to debug connectivity problems on IPv6 instead of trying to put at IPv6 screw in the wall using your IPv4 hammer.
Re: (Score:2)
1) IPv6 addresses are hard for humans.
You're not wrong there, although I'm getting old enough that remembering dotted-decimal is already kinda beyond me.
2) Public/Private Subnet routing is a feature and not a hack.
I think that's an underrated point. For security reasons, I like having my home devices being undiscoverable and unroutable. I want that much more than I want to be able to directly connect to my smart lawnmower.
3) IPv6 discoverability is rough.
Interesting point. I walk subnets every now and again. I thought I was just weird.
4) IPv6 designers specifically tried to make IPv4-to-6 translation hard.
Not with you on this one. Can you cite examples? Because when I read all the original RFCs, they were f
Re: (Score:2)
On point 2. it's so easy that even cheapo AP/routers from target and best buy do it by default. They can do it with far less resources than it takes to maintain NAT.
NAT for security is a form of security by side effect.
Re: (Score:2)
IPv6 is an excellent example of a solution that is computationally elegant to the point where it completely disregards the human interface component. Because of this, it has seen extremely slow adoption, and I believe it may never see full internal network adoption. I think most companies will eventually have IPv6 to their perimeter and do IPv4 internally with translation.
100% accurate.
Re: (Score:2)
Re: (Score:2)
1) IPv6 addresses are hard for humans. This can be overcome, but it is a serious annoyance. IPv4 addresses are just short enough that most humans can memorize them. Furthermore, because of how routing and subnets work, you quickly learn the first three octets and then only need to remember one for the machine you are targeting. Since IPv6 address are often based on mac addresses, there may or may not be overlap between all the machines in the room.
It's only impossible to remember if you use auto-configuration. If you assign at least the last 64-bits it's not appreciably different than IPv4. There are literally three sets of numbers I have to remember to figure out my v6 addresses.
IPv6 addressing can also be a benefit as it gives you more options to screw with more bits / hex to organize internal hierarchies and label addresses.
2) Public/Private Subnet routing is a feature and not a hack. It doesn't matter how many times an IPv6 evangelist talks about CAM tables and the evils of NAT/SNAT, at the end of the day, non-public subnets are easy to write rules for and the vast majority of systems do not need to be publicly exposed, or even exposed outside of a conventional IPv4 subnet. Yes, you can inbound blacklist everything by default on IPv6 and whitelist specific machines and ports, or specific IPv6 "ranges" but this simply isn't elegant for humans, and it doesn't directly translate to a human understandable construct, like "the DMZ subnet".
You can still do all of this shit if you want. The only difference is there is no coherent reason to persist with 1:many N
2000... (Score:4, Insightful)
The year 2000 called and wants its headline back ;)
1st & 2nd Class (Score:4, Insightful)
Wake up call! IPv4 is the Internet's first class and IPv6 it's second class addresses range. You either live on the hillside with the pretty view or you live down in the valley with the rest. Capitalists know, there is money to be made with scarce resources. Whoever thinks everyone is going to get IPv6 and IPv4 will disappear is a communist.
Re: (Score:2)
I actually like to think that IPv4 is the ocean front property while IPv6 is the apartment block behind it. Yeah IPv4 is nice and premium, but thanks to global warming those waterfront houses' days are numbered, and those apartment blocks behind them are becoming increasingly more popular.
5-10 more years before the next launch date (Score:2)
Re: (Score:2)
It's a cost-justfication problem... (Score:2)
Re: (Score:2)
Why is this modded down?
It shouldn't have been marked as a Troll but all of the concerns are rubbish. It is generally a red flag when someone posts that IPv6 caused security problems.
Re: (Score:2)
Why is this modded down? These seem to be legitimate concnerns.
Are there any CE routers or firewalls that do not apply SPI to IPv6 by default? I've never seen one act like that. If such things do exist I would very much appreciate details.
I too agree with these statements and have had similar issues. It's not like ipv6 is more secure than ipv4.
SPI is in fact more "secure" than NATs running crappy packet mangling hacks with ambiguous ALG codes.
Re: (Score:2)
Because securing v6 is not substantially different from securing v4. At least if your security measures for v4 are anything but cargo culting.
If your measures for securing v4 ARE cargo cult style, you probably didn't actually secure v4.