Stack-Hacker Itojun Talks About IPv6

Alert reader Sin Yuhara writes: "I've encountered [an interview in which] Jun-ichiro "itojun" Ogino(KAME Project Core/NetBSD Core/FreeBSD Comitter) talks about IPv6. The KAME IPv6 ^[?] stack is very well known in the BSD world and beyond. I'm sure IPv6 and related stuff must deploy, and this article may help all people." It's a really good read -- itojun talks about the IPv6 tools that are already integrated into the various BSD systems, about the need for ever more testing, and about why Japan rocks.

Re:Cel Phones + IPV6???

[Ruzty]

As mentioned in the second page of the interview there is a seperate mobile-ip6 stack being worked on.
Seems the memory usage issues are being addressed for devices where it is an issue.

-Rusty

Re:Total FUD.

[Judas96']

Microsoft may not be holding up anyting intentionally, but there users are unknowingly holding this up if what you say is correct. There are WAY more people running Windows9x/Millenium than there are people running Win2k. Also, Whistler of course may be an operating system, but it is not a RELEASED operating system market-and-consumer-wise. It is still beta software, and will have to go final and be on store shelves before Joe Windows9x User even knows that it exists, let alone decides to upgrade to it/buy a new computer with it pre installed. Anyhow, that all means MS has released a total of two OS's to consumers since 2000. ONE of them has built in IPv6 support. One DOESN'T. That doesn't add up to all of them. Of course, you actually pointed this out yourself... ... So why are you even bothering to counter FUD with more FUD?

And the killer app is ...

[akb]

... multicast. An Internet where anyone can stream live multimedia to an unlimited number of users is the Internet that I want to be a part of. The lack of deployment of multicast on this Internet is shameful.

Re:And the killer app is ...

[akb]

IPv6 is multicast native, thus all stacks and routers are required to support it. Multicast was added as a hack to IPv4, hardly any commercial ISP's support it for end users.

Sorry, I should have been more clear in my initial comments.

Re:And the killer app is ...

[porky_pig_jr]

and what does it have to do with IPv6?

Re: Not using NAT, are ISPs going to become nicer.

[Trepalium]

Won't help if the ISP decides to be vindictive and place filters that prevent more than a single address from originating from a subscriber. Don't think it won't happen, and don't think that companies like Cisco won't be more than happy to help them out in doing this. It'll be an artificial limit, but a limit none-the-less.

IPv6 mentioned in policy speech by prime minister

[shalunov]

One other thing I forgot: IPv6 was actually mentioned by name in a policy speech given by Japan's prime minister in front of parliament in September 2000.

Re:Whatever (Talk to the Hand!)

[spaanoft]

Obviously you didn't read the article. He isn't someone breaking into systems, he's someone making the IPv6 stack for various BSD systems. You're referring to 'crackers'. There's a difference. :/


--------------------

Re:Reality Check

[flink]

Just curious: would it be possible for local ISPs (who probably move a lot faster than AT&T et al) to roll out IPv6 to their local customers, and then tunnel it across the back bone? i.e., upgrade bottom up instead of top down.

Microsoft has ipv6 drivers for win 2k

[fintler]

Although they're in still in development, microsoft will probally be pushing ipv6 soon, they have a working alpha(?) with a sdk here.

Re:Whatever (Talk to the Hand!)

[spaanoft]

Plus, the guy is really Japanese and isn't a kid. Obviously you're an idiot.


--------------------

Re:Total FUD.

[mbyte]

No .. sorry to dissaponit you.

Win2k german does NOT have build-in IPv6 support ! Really ! I DID test it ;)

There's an addon on the micro$oft website, which you can install to have IPv6, but IIRC it was still labeled BETA the last time I did ceck it out ! (it was about 4 months ago !)

So please stop spreading FUD!

Re:Not using NAT, are ISPs going to become nicer.

[matman]

Can you still subnet? I mean, I dont really have a use for 2^64 addresses :) LIke, you cant really fit more than a hundred (the spec is something like 1024 isnt it?) on an ethernet network. I mean, what's the point of using addresses frivilously, when we have the technologies to easily manage addresses more efficiently?

Re:What about applications?

[Kalacus]

last time I looked through the packages on FreeBSD, there was a port of apache with ipv6 support. also, in the freebsd mirrors there are two listed as being ipv6. so I think apache supports ip6

Re: Not using NAT, are ISPs going to become nicer.

[Wesley+Felter]

Namely, every subscriber, be it a corporation or a household, gets a /48.

That might be how it's supposed to be used, but that has little effect on how ISPs will actually configure their networks. What if an ISP defines all their customers to be part of one /64 "subnet" (which might even be defensible since some broadband equipment is based on bridging) and thus assigns each customer only one address?

Re:IPv6 and QoS

[Cato]

This is probably the biggest myth of IPv6 - it has precisely one feature beyond what IPv4 supports, the 16 bit flow label field in the IPv6 header, that relates to QoS.

Deploying IPv4 QoS is possible today - I work for a company that makes software to enable QoS in routers, amongst other things, and am helping customers do this. The key approaches are DiffServ (easy to deploy, softer QoS), and RSVP (harder to deploy, harder QoS, and I don't know any real networks that have deployed this).

The IPv6 flow label reduces the load on core routers where RSVP has been deployed, by caching the result of an earlier classification decision (i.e. matching packets against IP adddresses, port numbers, etc). However, it's hardly a big step forward for QoS if you are using DiffServ as most networks do.

What's more important for QoS is that IPv6 will (eventually) make NATs much less popular. Trying to classify NATed traffic is a nightmare, of course, and IPv6 should make things easier.

My company also does MPLS stuff - interestingly, this will help IPv6 deployment, because the big fast core routers will NOT need to have their forwarding hardware upgraded to forward IPv6 packets. MPLS labels packets near the edge of the network, and once labelled the packets are forwarded using ONLY the 32 bit MPLS label. Hence the IPv6 headers are only inspected on the edge router for the MPLS network.

The result is that the core routers only need to run IPv6 routing software, not IPv6 forwarding - hence no need to replace those ASICs. The edge routers are typically small enough that they should be able to run IPv6 forwarding in software.

Of course, as someone else already pointed out, there is still a lot of work before the ISPs' routers get fully upgraded with the entire set of add-on protocols - routing, multicast, PPP, RADIUS, IP-over-ATM, and so on.

Security without NAT

[Cato]

Many people seem to use NAT for security purposes, because it makes it harder for outsiders to connect to internal machines. Of course, NAT is not meant for this, and has potential holes (e.g. if the NAT software fails it may just forward packets straight through, as has happened on at least some NAT boxes), but that's what a lot of people think.

Until people manage their host and firewall security a lot better, many sites may just stick with NAT because it's what they know, removing a key benefit of using IPv6. So perhaps improved security processes and technology are a prerequisite for IPv6 deployments.

Re:What about applications?

[njd]

go to www.kame.net there is a list of applications that work with IPv6 there.

MPLS makes IPv6 work on core routers

[Cato]

First of all, the IPv6 header is actually more regular than the IPv4 header - fewer fields, and only twice the size of IPv6 despite addresses that are four times larger. Also, the routing tables for IPv6 are supposed to be more regular, so the performance impact on software-based routers may not be that much.

The vast majority of IPv6 packets will not have options - yes, they need to be looked at if present, but in that case you just dump the packet into a slow path. Also, MPLS will help here (see below) - the packet should only hit the slow path on lower end routers.

As for core routers that use forwarding ASICs - the answer is to implement MPLS, starting on edge routers that forward IPv6 in software, and attach MPLS labels. The core routers ONLY see the 32 bit MPLS label, so there is no problem about forwarding IPv6 just as efficiently as IPv4, once it is MPLS labelled. The core routers need to run IPv6 routing processes, but that's just on the main CPU.

MPLS is already deployed in ISP and telco IP networks - it is currently used for traffic engineering (balancing traffic loads over the network) and MPLS VPNs, and the same technique will be used to carry ATM, Frame Relay, Ethernet and SONET.

In the longer term, new routers will come on the market with smart enough ASICs and network processors to handle IPv6 with no reduction in forwarding rates, but MPLS will be useful for those ISPs that want its extra features.

Re:MPLS makes IPv6 work on core routers

Why do both of you say that you need to look at all the options in an IPv6 header? I was under the impression that the following passage from RFC 2460 was correct:

With one exception, extension headers are not examined or processed by any node along a packet's delivery path, until the packet reaches the node (or each of the set of nodes, in the case of multicast) identified in the Destination Address field of the IPv6 header...

The exception referred to in the preceding paragraph is the Hop-by-Hop Options header, which carries information that must be examined and processed by every node along a packet's delivery path, including the source and destination nodes. The Hop-by-Hop Options header, when present, must immediately follow the IPv6 header. Its presence is indicated by the value zero in the Next Header field of the IPv6 header.

As far as I can tell this means that any intermediate router only needs to check for a zero in the next-header field of the first header, and the vast majority of IPv6 packets will not contain that option. In fact, RFC 2460 doesn't define any actual options for the hop-by-hop header, so one could reasonably expect that it would almost never be used except in error. A packet with hop-by-hop options could be easily directed to software processing by IPv6 routing hardware.

What am I missing? Why does every option header need to be examined? IPv6 was specifically designed to eliminate that problem with IPv4 (among other things) so who screwed it up!?

It occurs to me that perhaps you mean "hop-by-hop options" when you say "options". Please tell me this is true and restore my faith in humanity :-)

Re:MPLS makes IPv6 work on core routers

[The+Fanfan]

In short, my answer is no, no and no. No animosity meant, yet ;-)

No rev 1 - The fact that IPv4 headers are messy does not matter when they are extracted in hardware. Picking a bit out of a stream is just wiring a register to the right bit lane. It doesn't matter if overall, the bit mapping is straight through or involve a lot of SHIFT 5 and ROT 13 and double forward scratch spin with loop jump. The hardware is there anyway. At worst, the control FSM is a bit messier. It's not the same for a CPU that must process dword by dword and where the fields' layout matters. IPv6 headers are simply big and variable, which means that a lot of data has to go back forth between the switch fabric and the routing processor, and that it screws up the pipeline. You can't say anymore 1 header = 1 clock cycle. Also it doesn't mix well with existing headers processing and ramps up the cost of Ethernet or IPv4 switching just to accommodate a few IPv6 packets there and there. It's a big issue for the cost of equipment used during the IPv4 / IPv6 transition.

No rev 2- You assume that software switching is still used at the edge of the network, and here we're go with MPLS tagging from there. That's not true anymore. I'm currently working on a family of L2-L4 wiring cabinet switches that routing at up to 80Gb/s cross-section and 150 Mpkt/s. It's an edge router, PCs and workstations directly attach to it, and it's 100% hardware routing. The previous family is already doing that. When you have a 100Mb/s connection to each terminal devices, software routing is not an option. So, at first all IPv6 routing will be handled as a software exception, and latter there will be a dedicated routing processor with its own data path., but even then it won't have the performance of IPv4.

No rev 3 - MPLS is not the solution. Or you end up with something that is not an IP router but an MPLS switch. That's not just hairsplitting. All a MPLS switch does is to shove packets from an interface to another based on the tag with strictly no idea of what's inside. By many aspects, MPLS is the terminal stage of virtual circuit networking from X25 with Frame Relay and ATM as the intermediate stages. What's lost with MPLS is the fine visibility on things like QoS, traffic segregation or packet ordering on multi-link load balancing in the core network. I don't know MPLS well enough to be definitive and I imagine it's possible to assign multiple tags to a single path to discriminate between different classes of traffic. So, is full IP routing at every node needed anyway? Frankly, I think so but I won't bet my head on that. So far, it has not mattered and doing that on the edge of a MPLS blob has been enough. So if ISPs think that MPLS is good enough, long life to MPLS. I'm just not convinced that this solution meant for bulk data transfers will work well for mixed traffic of bulk data and real-time stuff , VoIP and video, (although I'm pretty much sure some VoIP operators must use it, but on networks that only carry VoIP and that makes a serious difference).

I rate this one at $0.20. Inflation lurks! Where's Greenspan?

Re:MPLS makes IPv6 work on core routers

[Cato]

You are right, it's only the hop-by-hop options that matter - I was being a bit lazy in not specifying this, but the point is that these options only incur an overhead when they are there - if there's no next-header pointer, there's no extra work.

Re:MPLS makes IPv6 work on core routers

[Cato]

Re the headers - you seem to be assuming that most IPv6 packets will have hop-by-hop options headers, when in fact this should be a tiny minority of packets (most packets will not use the special IPv6 features for source routing etc). The main IPv6 header is very regular - you can have extra headers, pointed to by the next-header field, in which case you have extra overhead.

Re edge routers in software vs. hardware - I'm mainly talking about ISP's existing provider-edge routers (7500s and so on, quite often). Most of the deployed routers are software-based, so they are covered by the MPLS approach.

Of course, there are many hardware-based provider-edge routers as well, but these will be covered by hardware updates before too long (see http://www.cisco.com/warp/public/732/ipv6/IP_Vers6 _SD_0622.pdf - this is Cisco's IPv6 roadmap, which will cover IPv6 hardware acceleration in Phase II, under 'CEFv6'). Even with software-based Cisco routers, it's probably waiting for CEFv6 (Cisco Express Forwarding) in Phase II of the Cisco roadmap, as until then IPv6 is process-switched (i.e. slow path).

Once you have CEFv6, most IPv6 traffic should have the performance of IPv4 - not sure how the hop-by-hop options headers will affect this but I don't believe these will be common.

Re MPLS - it's not quite 'the terminal stage of virtual circuit networking'! It re-uses the data plane (i.e. label-based forwarding) but the control plane is normally just an IP routing process (some see this as a way of turning ATM switches into IP routers...). By default, MPLS is NOT circuit based at all - labels are assigned using LDP (label distribution protocol), which piggybacks on the IP routing protocol you are using. This lack of circuits is one reason why MPLS VPNs are very scalable (see www.orchestream.com, my company's site, for lots more info here).

You can use MPLS for traffic engineering, which requires laying down circuits, but you ONLY create circuits as the exception, to direct traffic somewhere other than the shortest-path route. Most traffic in a traffic engineered MPLS network may still be IP routed using MPLS labels that are not attached to circuits (aka label switched paths). See www.mplsforum.com.

MPLS does let you do quite a bit more than IP - it's really just a very thin encapsulation technology (i.e. a 32 bit label is the encapsulation overhead), so you can use it for VPNs (much more scalable than GRE tunnels or meshes of FR PVCs), Voice over MPLS (lower overhead than IP/UDP/RTP), Frame over MPLS (more scalable), and so on.

In particular, MPLS has a 3 bit EXP field that is used for CoS levels (i.e. DiffServ style QoS) - most MPLS edge nodes should copy the IP Precedence into the EXP field. If this is not enough, you can steer traffic onto different labels depending on CoS levels, and with MPLS traffic engineering you can reserve bandwidth for a given MPLS label switched path ('circuit') if needed.

You do need IP routing on every MPLS node, but only on the control plane - IP forwarding is only needed on edge nodes. I wouldn't suggest MPLS is necessarily the best or only way to deploy IPv6, but it is a great way to scale IPv6 backbones in the absence of IPv6-specific forwarding hardware, and it does have useful features that will apply to IPv4 and IPv6 traffic identically (hence MPLS can be justified for existing IPv4 traffic while enabling IPv6).

Re:IPv6 Benifit?

[raju1kabir]

My ISP doesn't support it, and even if they did, I'm still not sure what benifit there would be until everyone supports it.

Everyone supporting it happen sooner if you supported it. Assuming you're part of "everyone," that is.

Re:Not using NAT, are ISPs going to become nicer.

[Xanni]

What, 65536 networks isn't enough for you, you need to subnet as well? :)

One of the reasons to have 2^64 host addresses is so that you can use globally unique EUI64 host addresses (for example, for Ethernet, based on the hardware MAC address) to allow immediate auto-configuration on any network anywhere in the world without any chance of an IP address conflict or having to do manual assignments. (Manual assignments are also supported, though.)

There's more than one kind of efficiency; part of the idea of IPv6 is to make routing simpler to gain speed and avoid abominations like NAT. Anyway, only 15% of the address space has even been defined so far; 85% is still reserved for future uses! I wish people would bother to learn about things before commenting.

Re:OpenBSD

[AntiBasic]

stop whining.

Re:OpenBSD

[Cato]

IPSec is not enabled in the default install - the point is that only holes that are 'on by default' are counted by the home page statement.

Re:OpenBSD

[Shanep]

Yeah, that is exactly what I just said.

Moderators, what the hell are you doing? How can he get a +1 on something I just said, which did'nt get anything, and my first post still got nothing, which I think is "informative".

His post is -1 redundant.

Bizare.

Not using NAT, are ISPs going to become nicer.

[stompro]

He asks why anyone still uses NAT seeming to say that with ipv6 noone will need to use NAT. I personally use NAT so I don't have to pay my isp 40$ extra every month to have all my machines hooked up. Are ISPs going to just start handing out ipv6 address for free, I don't think so. I can't wait until my isp just hands out subnets, not individual addresses.

Re: Not using NAT, are ISPs going to become nicer.

[shalunov]

What if an ISP defines all their customers to be part of one /64 "subnet" (which might even be defensible since some broadband equipment is based on bridging) and thus assigns each customer only one address?

(Emphasis mine.)

Firstly, the "thus" is incorrect. If that's how somebody decides to configure their network (which probably won't work), you'd get as many addresses as you want--with IPv6 autoconfiguration.

Secondly, you can always choose an ISP that'll give you your own /48. (Incidentally, 6to4 leaves a /48 behind it.)

When you do IPv6, you want to get rid of NATs; doing otherwise defeats all purpose. ISPs that will make their customers run NATs with IPv6 won't be popular, and there's no economic reason to do this for the ISPs.

Re:Not using NAT, are ISPs going to become nicer.

[Claude+Debussy]

From a ISP's point of view, the more addresses you need, the greater bandwidth you'll be using, there is enough reason to charge you more just for that reason alone. More machines, More bandwidth, higher cost... I once told @home about the other seven machines and 4 neighbours that I have connected to my network. Lets just say they weren't pleased (anonymously of course.).. Thats a lot of money they think they have a right to.

Re:Not using NAT, are ISPs going to become nicer.

[stompro]

I do see your point, but, but, I pay for my 640k dsl connection. To me that means that I can use all that bandwidth all the time. If I have two machines, they each get half and so on. Why should it matter how many machines I have using that connection. I still can't use over 640kb/s. If I payed by per MB transfered I could see your point a bit better... Does an isp have to oversubscribe to break even, or only to make a nice profit. ramble ramble ramble

Re:Not using NAT, are ISPs going to become nicer.

[journey-]

Its not easy to break even as an ISP, especialy if the people are getting CHEAP big bandwidth. The reason it runs ok is because most people arn't using that bandwidth all the time. Think about it, if a company payed for T3's (i dunno what the going rate is . . . 3k$/mo? thats a completely uneducated guess). thats 45Mbits of bandwidth, if everyone is alwatys using half their bandwidth thats only 120 customers on a T3 line. at 40$/mo they are only making 1800 on that T3 line. Thats hardly enough to pay the network engineer that makes it keep going, much less the entire support staff, and the money sucking black hole, umm i mean management . . . Journey

Re:Not using NAT, are ISPs going to become nicer.

[jguthrie]

AC wrote:

Temporary?! Bullshit. Do you have any idea how much 2^128 addresses is?? It's enough for every person in the world (assuming 6 billion people) to have 5.67E+28 addresses each! There's no way we will use all of those before networking as we know it is completely redesigned.

You've completely left out the efficiency factor from your calculation. While it is true that IPv6 allows a standard metric buttload of addresses, the system is set up to assign those addresses quite inefficiently.

For example, the standard assignment for an individual end user is likely to be a /64, which has appriximately 16E18 addresses in it, of which only one will be used, typically. Small ISP's like myself are currently assigned a /48, which has enough addresses for 65K end users, of which only a fraction will ever get used.

Of course, should the address space starts to become exhausted, what will happen is what always happens when a nonrenewable resource becomes scarce: conservation, but for right now IPv6 addresses in freaking huge blocks are easy to get. I've got 2^80 addresses, myself.

To answer the question asked in the subject, the reason the blocks are so large is because the routing tables would quickly become huge if the assigned blocks were smaller. That means that ISP's will likely assign blocks to end users and not worry about whether or not those end users assign those addresses to multiple computers. It's more work than it's worth to keep track of those addresses individually. NAT will still be around, though, because people like the additional security offered by it.

Re:Not using NAT, are ISPs going to become nicer.

[jagapen]

Hard to say, really. I believe the reason ISPs charge for extra IP addresses these days is that IPv4 addresses are relatively scarce. IPv6 has 128-bit addresses, which works out to, hell, probably enough for every atom on/in the planet to be uniquely Internet-addressable. :-)

After the IPv6, ISPs will probably still charge for extra IP addresses for a while, simply because they're addicted to the extra money, but it seems to me a savvy ISP could start giving out IP addresses like candy at a parade to gain a competitive advantage.

Re:Not using NAT, are ISPs going to become nicer.

[Xanni]

But that's exactly how IPv6 is intended to be used. The existing IPv6 address space is being allocated with the first 64 bits being the network address and the last 64 bits being the host address. Furthermore, the current specifications for Aggregatable Global Unicast Addresses (see RFC2373) define the first 48 bits as being assigned by the backbone provider and ISP and the next 16 bits by the site (you!) This means you get to have up 65536 networks of up to 2^64 hosts.

Re: Not using NAT, are ISPs going to become nicer.

[shalunov]

The address allocation policy for IPv6 is different from that for IPv4. Namely, every subscriber, be it a corporation or a household, gets a /48. Yup, that's 2^80 addresses for your home.

The idea is to get ISPs out of the business of evaluating your need for address space.

Re:Not using NAT, are ISPs going to become nicer.

[pod]

Hard to say, really. I believe the reason ISPs charge for extra IP addresses these days is that IPv4 addresses are relatively scarce.

They're not just getting more scarce, they're much harder to get allocated (for ISPs). These days the IP orgs (such as ARIN) require ISPs signing up for new blocks to make absolutely sure they're not overusing right now, to justify their current usage (even requireing moving to name based hosting).

Re:Not using NAT, are ISPs going to become nicer.

[pubpib]

The point of wasting ipv6 address space is to necessitate ipv7 with 512bit address spaces :)

Re:Not using NAT, are ISPs going to become nicer.

[he2]

Hm, I think the reason ISPs charge for extra addresses is not so much the (perceived) scarcity of IPv4 addresses, but rather the desire to divide the market up into different segments ("home users", "business users", etc.), and charge an extra premium for those not fitting in the first category.

If you know how to do the legwork, it's not all that hard to justify allocation of more IP addresses...

IPv6 in Linux

[blogan]

I've upgraded my linux box to IPv6, but I notice there are some strange results. If I do a "ping ::1" it works fine, however, if I try to ping my IPv6 address, it doesn't work unless I bind the ping to my network device. A few other applications worked that way too. Hopefully IPv6 will be in the latest Redhat without having to recompile the kernel soon.

Re:IPv6 in Linux

[iamsure]

RH7 supports it, I thought?

Re:Where's the beef?

[Stephen+Samuel]

So, you expecte the density increase to continue without end? If the curve continues, in a few years we'll be storing 15MB in a single atom. (Crumb. I couldn't find the story on quantum storage).
--

Japan is ahead of us in IPv6

[shalunov]

Not only do they have large deployed IPv6 networks; not only their ISPs provide IPv6 service to their subscribers, and it's actually supported; not only does the government give tax breaks to ISPs that support IPv6; not only are their companies doing IPv6; not only do they develop games for freaking consoles that use IPv6; not only are their cell phone providers implementing IPv6; but they actually have a fairly large IPv6 user community.

Go, Japan!

Re:Japan is ahead of us in IPv6

[cheshire_cqx]

And Japan has an awesome group of *BSD hackers. Most of the mobile stuff for FreeBSD comes from Japanese hackers (PAO. (The Japanese are really crazy about mobile computing.) I love this quote from Warner Losh:

WL: Itojun-san of the Kame project in Japan seems to be six different people inhabiting one body, as far as his ability to hack [the network protocol stack]. He makes sure that FreeBSD, OpenBSD, NetBSD, and BSDi remain in sync with the main Kame repositories. For the OpenBSD Crypto2000 sort-of-mini-conference, he attended and got no sleep. When his roommate went to sleep, Itojun was hacking. When he woke up in the middle of the night, Itojun was hacking. When he woke up in the morning, Itojun was hacking.

(Read the whole article at DDJ: A Roundtable on BSD, Security, and Quality )

---
In a hundred-mile march,

Re:No mention of 6to4?

[hubertf]

Right you are - here's a link for 6to4 on (Net)BSD. Maybe check out my IPv6 page, it has a bit more on 6to4.

- Hubert

Re:Won't help IPv6 take off

[Punto]

but it will never, ever take off until Microsoft supports IPv6 in a consumer OS

I'm not that old, but I remember internet before windows95. Win3.1 didn't have tcp/ip, so I had to load this "trumpet winsock" program (the icon was blue) before I could use netscape to look at web sites (mostly porn. I was 14).
I bet AOL CDs (diskettes?) had a program like that. And I bet the lack of tcp/ip on windows didn't stop them from giving them away like crazy.

Maybe we should have more porn websites running on ipv6.. That should motivate everyone. :-)

--

need NT, NOT.

[Tony-A]

Even most -UNSTABLE are safer than NT.

Re:need NT, NOT.

[1337d00d]

Unfortunately, you are wrong. Microsoft® WindowsNT® and Windows2000® products can give you a reliability guarantee that no other products, certainly not this supposedly 'free' software, can provide. That's right, the nine fives promise. You heard it correctly. Microsoft will guarantee an uptime of %55.5555555. Yes: More than half of the time, your servers will be up and running, allowing you to take advantage of the new, electronic economy. With that kind of power, you can transform your business. That's the kind of leverage Microsoft provides.

War3 doo u w4nt 2 g0 70d@y!!!1©

IPv6 routing doesn't fit well in hardware

[The+Fanfan]

I don't see IPv6 taking off any time. IPv6 problem is not just a deadlock between ISPs and router manufacturers. The big roadblock on the way towards TWGD (i.e. total worldwide global domination, let's see if this one sticks ;-) is that IPv6 doesn't fit well in hardware acceleration. IPv6 has huge and variable headers, which are a pain in the bottom end to process in hardware.

IPv4 is much nicer. Only the first few hundreds bits in the packets really matter. Sure, an IPv4 header can be much bigger with options. It's just that nobody expects those options to be implemented. With IPv6, ignoring options is not ... an option. Even core routers must completely walk the header chain of each packet.

The reason is that the IPv6 effort was started in the early 90s at a time when IP routers where basically a bunch of interfaces and DMA engines around a shared packet buffer with a CPU in the middle chopping and tweaking the headers to route the packets. All the decisions were made by software, and, sometime in low cost routers, the CPU even performed the data transfers with the interfaces, no DMA. The IPv6 was built with this architecture in mind and requires the routers to do a lot of smart gee whiz things on the headers. That clean architectural model is alas obsolete.

Nowadays, routers' CPUs nearly never see a packet. All the routing is completely done in hardware. The CPUs just do housekeeping, maintaining the routing tables, collecting and processing statistics, that kind of stuff. The only packets they ever see are those for network maintenance, SNMP, etc, and routing protocols, OSPF, IGRP, BGP, you name it.

In serious routers, the real stuff happens between the switch fabric and the routing processors. The switch fabric, centralized or distributed, handles the bulk of the data transfers, receiving and sending packets between the interfaces and the packet buffers. Here, the unit is the gigabit per seconds (a few tens or hundreds of Gb/s or even Tb/s). When the switch fabric receives a packet, it stores it in a buffer and at the same time extract a few hundred bits of the header and forwards that to routing processors, a huge pipeline of table lookups and processing, 100% hard-coded in silicon.

After a while, the routing processors spit an answer to the switch fabric to flush or forward the packet with updated data for the variable fields (the TTL for instance, or even the whole header on NAT or multicast), or to create new packets. For instance, ISMP packets on TTL timeout can be completely generated in hardware! The unit there is the 100s of millions of packets per second. Go do that with CPUs... Worst of all, the IPv6 headers are highly variable and that completely screws up pipeline design where it's much better to handle bounded amount of data.

So, on current routers, IPv6 is supported ... as an exception, using the CPUs. The performances are merely catastrophic. IPv6 is not really practical with current router architecture. May be an IPv7 will come, one day when IPv4 is really breaking at the seams.

Oh well ... that just my $0.02 on IPv6 ...

Heh.

[Will+The+Real+Bruce]

Great; now we can all steal the *BSD IP stack again. :)

Thanks, *BSD, for continuing to be the research arm of the software community...

Re:Heh.

[Stephen+Samuel]

Hey, why not? The BSD IP stacks are good!
--

Re:Heh.

[Will+The+Real+Bruce]

There's nothing wrong with that, I just find it funny that they did it first, and everybody is still copying them. :)

That is the one thing I truly have to thank BSD for; without them, we wouldn't have networking as we know it today.

Re:Heh.

[jorbettis]

Nah, we don't want to be 14m3 and use the same IP stack that Microsoft uses.

Who the fuck is "us"?

You speak of "they" and "us" above.

Why?

What will it take for IPv6 to take off?

[NineNine]

So, what will it take for IPv6 to be the de-facto standard? Will Cisco have to update their software to account for it? Will Microsoft? How will IPv6 integrate in with IPv4? IS FreeBSD's stack popular enough to give IPv6 the push it needs?

Re:What will it take for IPv6 to take off?

[Mikeytsi]

Cisco should already have IPv6 support. (Don't quote me though, I remember seeing cisco boxes running it, but not recently enough to point at one). Microsoft already supports IPv6 through an extention to the protocol. There's a "developer" version available for W2K somewhere on the website, and Whistler (XP) has it built-in.

IP6 is basically an extension on IP4 anyway, as far as IP addresses are concerned, so the old IP addresses are still valid and recognized under IPv6.

It will get a push here REAL soon, as the v4 pool is getting really short, and with all the consumer devices flooding the market now that are Internet ready. NAT is helping bridge the gap right now between supply and demand on v4 IP's, but NAT sucks.

Re:Cel Phones + IPV6???

[hta]

smallest functional IP stack I heard of was 20 kilobytes. 7.9 Mbytes of IP stack means someone thinks he's playing on a Win2K box, where that would not be noticeable.

Bah.

IPv6 is another new technology that will take forever to catch on because of the huge installed base of IPv4.

Seen many INLINE .PNG's on the web lately? That's because half the time, they still ask for a plug-in.

...and when was that supposed to be the new standard?

I rest my case.

- Slashdot Cynic

IPv4 isn't that large

[adadun]

An IPv4 stack needn't be that large. There are many IPv4 implementations out there that are suitable for small devices. My own IPv4 stack lwIP is between 10k and 20k (depending on your configuration) and is optimized for using low amounts of RAM. It has hooks for implementing IPv6 as well, and the extra code will probably not be that large.

Moreover, there is no need to implement all of IPv6 in a small device, only the bare bones functionality should suffice.

As a side note, CPUs are getting faster and less power consuming, and memory is getting cheaper so in the near future our cell phones will be nearly as powerful as yesterday's PCs.

Reality check: the killer app

[driehuis]

Until BGP, OSPF, and IS-IS all FULLY support IPv6 don't expect ANYONE to even begin a migration.

Well, of course there is the traditional killer app that can tip the balance real quickly. For example, RIPE (the European IP address agency) received a phone call one day from a cellphone operator that they needed two class A address ranges, and when could they get them?

Of course, those guys were sent back to the drawing board. But if one of the bigger handset manufacturers starts deploying IPV6 (and IPV6 is complete enough to do that right now), the balance of power would shift and a lot of folks would be forced to keep up with the Joneses.

As you say, my concern is with the infrastructure more than with client support. Microsoft has been mentioned a lot in this thread, and I would be greatly surprised if they didn't have something in the wings to at least work around lack of native IPV6 support for existing clients (like 6to4 support).

Won't help IPv6 take off

[Apotsy]

An internet entirely based on IPv6 would be wonderful, but it will never, ever take off until Microsoft supports IPv6 in a consumer OS (Windows 2000 doesn't count). It doesn't matter if FreeBSD, Linux, MacOS 9 & X, and every other non-Windows OS out there supports it out of the box -- if Windows doesn't support it, it will never see widespread use.

I think MS is biding its time to see if there is some way they can benefit from holding back IPv6. Because of the way the IPv4 address space is divided up, we will run out of IP addresses in a world where every person has multiple IP-enabled devices (including cell phones and PDAs). Such a world is just a few years away. MS knows they could prevent a shortage of IP addresses from happening by including IPv6 support in a consumer-level OS, but they are probably waiting to see if there is some way to make more money by letting that happen.

In a few years we may be hearing: "You want your own IP address? You'll have to sign up for MSN, in that case..."

Re:Where's the beef?

[pubpib]

Well, the 75gxp has a density of 11 gigabits per square inch, while IBM has achieved 150 gigabits per square inch in the lab last summer (thanks to previous poster).

I think the AC might be right: CPRM

Re:Where's the beef?

[Will+The+Real+Bruce]

Moore's law governs Transistor Density.

If you can explain to me how this relates to Hard Disk Drives, I'll be greatly impressed.

However, if you wish to plot a curve of densities, and create "Pubpib's Law", I'll be all for it.

Re:WTF?

[spaanoft]

They're on both sides of the wall. It's the hackers who make the network in the first place too. It's just someone who is curious and skilled in technical arts. They are the main reason you are probably working on that computer in the first place, and the main reason it is going somewhere. I'm guessing your tie and tight white collar shirt are cutting off circulation to your brain.


--------------------

Re:Where's the beef?

[pubpib]

We already know they're capable of 15.3 Gbits/sq. inch, which means a 100GB drive could be released at that density if IBM used the same number of platters as in the 75gxp.

IPv6 Benifit?

[UberLame]

If I deploy IPv6 on all my home machines, what benifit would there be to me? My ISP doesn't support it, and even if they did, I'm still not sure what benifit there would be until everyone supports it.

Re:Total FUD.

[suraklin]

All MS operating systems SINCE 2000 (with the exception of ME) have built-in IPv6 support. Whistler has it, 2000 (all versions) has it.

That is not totally true. Win2k can use IPv6 but install a technology preview of IPv6 that you have to download from the MSDN developer site.

OpenBSD

[Shanep]

Jun also found and fixed this OpenBSD hole in IPSEC AH IPv4 option handling code...

http://www.openbsd.org/errata.html#ipsec_ah

yesterday.

Re:OpenBSD

[Shanep]

Which is not on be default so the OpenBSD page can still retain the "Three years without a remote hole in the default install!"!

IPv6 and IPsec for MacOS X

[Oniros]

It has been available to seeded developers for a while: http://developer.apple.com/devnews/devnews052600.h tml#macos

I don't know if it's in the public beta or will be in 1.0

ARIN's IPv6 Fee Policy Has Changed

[Wesley+Felter]

And I quote: "ARIN will not collect subscription fees for those current ARIN IPv4 subscribers who request and qualify for IPv6 address space. ... Those IPv4 subscribers who have already paid fees for IPv6 address space are eligible for a refund of those fees."

Oh really?

[Wesley+Felter]

What you're saying is opposite from this part of The Case for IPv6:

"IPv6 encodes IP header options in a way that streamlines the forwarding process. Optional IPv6 header information is conveyed in independent "extension headers" located after the IPv6 header and before the transport-layer header in each packet. Most IPv6 extension headers are not examined or processed by intermediate nodes (in contrast with IPv4). This enables a big improvement in the deployability of optional IPv6 features, compared to IPv4 where IP options typically cause a major performance loss for the packet at every intermediate router."

Microsoft IPv6 Support

[c_g_hills]

There is an ipv6 TCP/IP stack for windows nt available for download from http://research.microsoft.com/msripv6/.

Yes.

[mindstrm]

ISP's *WILL* hand out ipv6 addresses for free, because that's how it's designed. It will be easy for an ISP to get a /64 (that means half the bits will be available for them to assign) which is a size that is larger than the current internet nowadays times itself (due to address wastage).

It is ENTIRELY possible, and will be commonly done, to assign large blocks to each user, so as many devices as they want can be online, AS IT SHOULD BE.

Two things.

[mindstrm]

1) T3's are a lot more than that....

2) Your summary is essentially correct, but the root cause of the way ISP's charge is.... that's their business model. They don't care about charging for bandwidth, because the vast majority of their customers have the same usage habits. Someone who actually uses the bandwidth they pay for is a 'bad net citizen' or an 'abuser'.

That is why ISP's will invariably, eventually, shift to a model where you pay for what you use.

I tell you, if @home would come to me when I use lots of bandwidth and say 'look, you use three times the bandwdith of our averagesubscriber... so we want you to pay 3 times as much' I'd probably say 'Okay.. sounds fair'. But they don't, they just cut you off.

Reality Check

Ok I'm getting a little tired of the whole "when will Microsoft implement this so it can become the standard??!!"

Simple fact is that there are a LOT of devices out there that make your little "internet" work every day and no one ever seems to realize how incredibly large this network is.

The fact is the majority of protocols used by routers today have NOT been updated to support IPv6, so even if your little BSD box supports it, the thousands of routers that UUNet/Sprint/ATT/BBN/etc have in place will take a LONG time to be upgraded.

A LOT of protocols make things work, not just TCP and IP.. and if any of you expect ever major internet carrier to completely switch to IPv6 in the next 8 years you are delusional.

Until BGP, OSPF, and IS-IS all FULLY support IPv6 don't expect ANYONE to even begin a migration.

Total FUD.

[iamsure]

All MS operating systems SINCE 2000 (with the exception of ME) have built-in IPv6 support. Whistler has it, 2000 (all versions) has it.

Its just a matter of what kernel they were working from. 2000's supported it, 98's didnt.

They are already dropping support for 98+98se, I really dont think ME is far behind.

They arent holding ANYTHING up.

For those of you who don't know what IPv6 is

[r.+ghaffari]

Here are some links that explains IPv6 more clearly that I ever will:

http://www.ipv6.org/

http://playground.sun.com/pub/ipng/html/ipng-main. html

http://www.ipv6forum.com/

http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6 -HOWTO.html

Unfortunately, ipv6.org is currently down.

r. ghaffari
(25/M/Baltimore, MD)

Re:Cel Phones + IPV6???

[Ryan+Koppenhaver]

You're forgiven. BTW, just testing my new sig' n stuff

Whatever (Talk to the Hand!)

[O1ympicSponsor]

Just because they made it (which I'm not even admitting that they did at this point), that doesn't give hackers the right to destroy it. After all, there are corporations that have paid good money for internet access, and once you've made a contract, you can't just say "well, I made it, so I'm gonna do a DOS attack against you now, even though you just paid $12000 last month for your super OC3 colocated server connection."

It doesn't work that way in the real world. The cops should still come down hard on hackers like this guy 'Itojun'. And what the hell kind of name is that anyway? What's with all these white kids who are 'haxx0r' wannabes calling themselves japanese and other weird names?

IPv6 and QoS

[Karpe]

For me, the real motive for pushing IPv6 is the adition of QoS directly in the protocol. Why do they need this? Well, they say it is for realtime applications and stuff, but it actually is to give better service to those who pay more, without really increasing the quality of the service (real bandwidth and real (shorter) latency). The current spirit of the Internet (a packet is a packet is a packet) is great because it treats everybody the same way but is no good to make money.

What about applications?

[matija]

They have telnet up and running on IPv6. That's nice. But what I would like to see is a list of applications that support IPv6.

If I set up an IPv6 network at home, can I set up apache to answer on an IPv6 address? What about mySQL? Postgres? Will Netscape access such addresses?

ICANN Pricing obstacle to IPv6

[billstewart]

I'm not having much luck searching www.icann.org tonight, so these details may be incorrect and may have changed by now - YMMV. One of the big obstacles to IPv6 deployment is ICANN's totally artificial pricing for address space. One of the motivations for IPv6's design is to provide nearly-infinite quantities of address space, which means it ought to be basically free - but ICANN set pricing on it that makes the smallest available chunk of routable address space cost an annoyingly large amount of money. IIRC, it was something like $2500 for a /48, but even if I've got the size wrong the principle is reflected accurately - they're trying to delay and control the deployment by setting an unreasonable price.

It's not totally stupid - one of the problems that does need to be solved by any widespread replacement of the current IPv4 stack is routing table size for the Big Internet, as BGP usage continues to multiply. IPv6 has some support for efficiency and consolidation, but there's still a lot of work to be done.

Re:Where's the beef?

[Salieri]

It doesn't work that way -- it has nothing to do with hard drive companies holding out. There are serious technical reasons why this trend can't continue until new, radically different data storage technologies pick up steam.

As data gets more and more tightly packed onto the platters, the energy that holds the magnetic spin on each bit (determining whether it's a 0 or a 1) gets less and less significant, and now it is so close to the ambient thermal energy that bits are randomly flipping and corrupting data.

So they're looking at a lot of different techniques, but instead of my trying to explain them, let me just show you the Scientific American article where this is all coming from.

--------------------------------

Cel Phones + IPV6???

[cyanoacrylate]

Ummm, forgive me, but if IPV6 is anywhere near as large as V4, won't it be a little too large for tiny devices...

I can just see it - adding IPV6 to my handspring - 100K of onboard apps and 7.9 MB of IP stack...

As bad as WAP is, at least it can be feasibly implemented on small hardware.

Cyano

PS - not to diss IPV6 - thats all good to me, its just not going to solve all our problems :-)

No mention of 6to4?

[Wesley+Felter]

It's too bad this article didn't mention that you do not need to wait for your ISP; you can start using IPv6 today with 6to4. Slashdot ran a story about how to configure 6to4 under BSD, and here are the instructions for Linux.

I know someone is going to mention that freenet6 or the 6bone is also easy to use, but they're much less efficient than 6to4.