Slashdot Mirror
What About IPv6? How Long Until Widespread Deployment?
Christopher Blood asks: "Over at the register, they talk about the EU adopting IPv6. So what about the USA? When do we get it?
IPv6 would solve some and DOS problems and we will need the extra address space. What's the holdup?" While IPv6 may be the cure for all of our IPv4 ills, upgrading the whole internet to the new technology isn't going to happen over night. What has been done to prepare for the jump, and what still needs to happen before it can become a reality?
At my university, IPv6 has been deployed since last year, maybe longer. I've been running FreeBSD w/ IPV6 for at least that long. Honestly, it hasn't made that big a difference for me :)
Given that Lucent's CEO said today that he does not see the telecom equipment market turning around anytime soon, a government initiative to upgrade the core routers to IPv6 would help boost the battered sector of the economy. Granted, Lucent shot themselves in the foot last year (several times) and upgrade to IPv6 might just result in a higher volume of spam.....
I guess not in close future. When free IPV4 addresses run out, large address blocks reserved to big companies etc become very valuable. So, if you want addresses which work 100% of the time, you'll have to cough up money for the companies to get them. It will be that simple. Really.
I would like to know how close the backbone through the US is to being IPv6 ready. Anyone that knows care to respond?
When corporate America determines they can make a profit from it.
sPh
IPv6 will fix a lot of problems, but one nasty side effect is that we're going to end up with addresses that look like 3ffe:400:34:fd01::1, instead of the easily memorizable four octets. When that day comes, it's going to be a lot harder to shout down the IP of the game server you're playing on down the hall.
r o-one,not(?),one. What's taking you so long?!?"
"Oh, I'm on three-f-f-e-four,four-zero-zero,three-four,f-d-ze
IPV6 is better. Autoconfiguration, neighbor discovery, big address space, compatability with IPV4, etc. However, the more hacks we put in to make IPV4 work the harder it is to change. For the most part we're educating people to do "Stupid IPV4 Tricks" rather than moving to IPV6. The more of that we do the harder it is to change. Also, the more ominous the prospect of change, the more people will dread it.
Frankly, I'm thinking we might see another round, like IPV7 (or IPV8 if they make a habit of skipping odd numbers), or it might come very late. Maybe we'll see it on phones and wireless devices before we see wide-spread adoption of IPV6 or general purpose networking.
Leave the gun, take the cannoli -- Clemenza, The Godfather
A reward system needs to be enacted to entice the ISP's to provide unencumbered access to the 6-bone. ISP's that handle dial-up users can tunnel the ip4 traffic on behalf of their customers.
It isn't a lie if you belive it.
as soon as we USians switch to the metric system.
I've thought about running v6 at home and connecting up to the 6bone. However, the list of instructions was long and complex, and it was unclear to me that my existing ipchains based firewall code would continue to protect me. It was also unclear that I could enhance the ipchains rules to protect myself.
I quite like the idea of being able to expose multiple devices on different IP addresses, but it is (still) a non-trivial exercise.
On a side note, I'd like to see more deployment of multicast -- this could help Internet Radio stations significantly in the future. Yes, there aren't good multicast clients at the moment, but that is because there is little multicast to listen to, and no way of getting multicast to the end user. Lobby your ISP for multicast!
p.s. In case you think that I'm an idiot for not being able to configure IPv6 on Linux -- I'll tell you that I was kernel contributer in the pre-1.0 kernels.
> For _most_ network-aware applications, the only
> thing different is the address format. Once you
> have the connected socket, the rest of the network
> code should remain unchanged.
So, essentially what you're saying is: After you get past all the things that are different then the rest is the same?
Ok, I'll buy that.
Codifex Maximus ~ In search of... a shorter sig.
Some people have asked whether we can have both systems and 'switch' between them. Sure you can, but it's not worth it.
As far as I recall (been a long time since I studied this), IPv6 and IPv4 can actually live and work together on the same network.. without being independent.
That is, IPv6 can be used on the backbones and to connect the larger networks, but IPv4 can still be used at a more local level. Gateways can be established that will translate addresses and the benefits of having far more addresses available can be realized.
However, one problem with running both protocols and using a gateway is that the only benefit you get is having more addresses.. but since we're running out of IP addresses with v4, this is kinda important. A local v4 and backbone v6 solution wouldn't help solve local DOS problems, or allow us to use any of v6's advanced features.
But is an Internet wide upgrade to IPv6 really a viable thing to do? It'd be like converting the US to drive on the left side of the road overnight. Even if you did it state by state, you're gunna have major troubles at the state borders.. converting the Net over to IPv6 will be the same.
That said, there is a network called the 6Bone which you can join up to and actually play with IPv6 stuff from your existing IPv4 network. Go, and get your own IPv6 address today!
(Disclaimer: As I said, I studied IP way too long ago, so any updates, corrections or just plain disagreements with my post are welcomed, and indeed encouraged.)
mogorific carpentry experiments
Most of the people I know haven't even upgraded to IPv5 yet!
Come on people, it's 2002!
Trolls throughout history:
Jonathan Swift
Heck, you are the only first-world nation that doesn't use metric, and that's easy to figure out.
Yup, a ball and chain slowing down progress....
With purchases of new hardware shrinking along with the economy, wouldn't these equipment makers be in a perfect position to benefit from adaptation of IPv6?
The problem is that shrinking sales has caused a huge amount of hardware to be stockpiled at Cisco warehouses. IIRC, last year they had over 5 Giga$ worth of accumulated unsold hardware. They need technology to stand still for a while, so they can sell part of that obsolete inventory.
OK, I am about to say something that will make many of you who are knowledgable about IPV6 cringe, so take a deep breath and get over it now.
When IPV6 is deployed, how do I prevent the machines on the inside of my firewall from being routable?
Right now, my personal computer is on the inside of a NAT firewall. There is no way you can route a packet to it - go ahead, try to telnet to 10.200.120.4, I dare you.
Now, I know there are those who say NAT CONSIDERED HARMFUL, and I agree in the general case it does break the essential peer to peer nature of TCP/IP.
But what if I want to break it?
How well tested are the Linux kernel modules for firewalling IPv6? Can I still protect my internal machines from the slings and arrows of outragous 5|<197 |<!66!3Z?
www.eFax.com are spammers
They have tons of money invested in hardware they don't want to replace. Sticking to IPv4 makes it easy to keep user bases behind short-lease DHCP, which helps to keep the average user from mounting a public server that'll eat bandwidth the ISP doesn't want to provide.
Also a few Cisco points: 1) While some routers do support IPv6, the cheaper ones don't, and a decent percentage of older high end routers have routing algs implimented in semi-custom silicon - not software upgradable! 2) The enterprise network management software is lagging behind in IPv6 support last I heard (I used to work there), not much demand.
Suppose I take my home network (2 computers + 1 firewall), all running some form of highly modded Slackware, and switch the internal local net to IPv6 while leaving the connection from the firewall out as IPv4. Thus the 2 computers would be completely IPv6 while the firewall would have one IPv6 nic and one IPv4 nic. I have to change all dotted quad network addresses (such as in /etc/hosts); what else is there to do? Will existing software go along with the change without recompiling? Or even with a simple recompile?
I bet there's some FAQ somewhere that someone will find using Googole. AIA
Infuriate left and right
A major showstopper may be Windows.
.
.
Let's see. To be widely deployed on WAN networks, IPv6 should first be widely deployed on local LANs.
It works very well on Unix systems. My little personal network has a bunch of OpenBSD and Linux boxes, 100% IPv6, and everything works like a charm.
But what about Windows?
I tried it with Windows 2000. Because the OS doesn't support IPv6 natively, I had to download a patch (and it's not very easy to find, I can't remember the exact URL, the link was posted on a ML a while ago)
Before the patch applied I had a big fat warning "Disclaimer: this is very alpha software, your OS can become extremely unstable. Don't call the Microsoft technical support any more after that, we won't answer" (the words were different, but it was the meaning)
And indeed. The system went very unstable, even for IPv4 requests. IE worked. *some* command-line tools worked. But third party packages like Mirc, CuteFTP and Opera crashed with no further warning.
It looks like there's no effort in the Windows world to provide IPv6-enabled software. This is a major showstopper.
{{.sig}}
How Long Until Widespread Deployment?
:)
About 15 years.
After the introduction of the SSSCA in 2003, Microsoft dominated the US OS market. While other countries switched to IPv6, America was forced to use the proprietary protocal built into windows (thanks to auto-updates) which included advanced DRM, IP tracking and P2P restrictions - as a standard client, your computer could only connect to a 'server' i.e a Windows machine running Windows Server Edition with a valid federal license. The internet was effectively split in 2 - USA, and the rest of the world (troll: this didn't matter as most US citizens didn't know about the 'rest of the world' lol
It wasn't until the great Microsoft witch hunt of 2017, when 4000 Microsoft employees where burnt at the stake after the SSSCA was lifted (well, not lifted per say, actually, someone just blew-up congress)
This comment does not represent the views or opinions of the user.
Even if your ISP doesn't support IPv6, you can use 6to4 to start using IPv6 today. It's much easier and more efficient than the 6bone. Since IPv6 allows a host to have multiple addresses, the eventual transition from 6to4 to native IPv6 will be seamless.
From the point of view of any individual organization, there are no reasons to switch to IPv6 right now. First movers receive no benefits at all: in fact, it only makes communicating with the rest of the (currently IPv4) internet more difficult. Moreover, I imagine that many businesses large enough to have an impact already have a large IPv4 address block, and have a vested interest in discouraging others from making the switch:
The various hacks available for IPv4 do the job. I can easily imagine a scenario where Cisco doesn't push IPv6 routers hard enough in the future, and people invest more and more in NATs and so forth, making a global switch harder and harder as time goes on.
The fundamental problem is that IPv6 doesn't provide any short-term killer benefits, and that's what's necessary for an evolution to take place. My prediction (though predicting acceptance of technologies is always risky, so I may well turn out to be wrong) is that we will still be using an IPv4 internet in a decade.
If you are interested in playing with IPv6, try to get a tunnel via www.freenet6.net.
They're supporting devices running *BSD, Linux, Win*, Solaris, HP-UX and Cisco IOS.
bash$
While it may sound neat to say, ``go ahead, try to telnet to 10.200.120.4,'' it doesn't exactly work that way.
/; etc...) and had it output the mail to me (couldn't see the output from the CGI). I figured out the web server user had a shell and a writable home directory, and the machine had ssh (client and server installed). I generated a private key and had it mail me the public version of that key, then I added it to my authorized_keys and installed my public key in the web server's authorized_keys. Then I had the web server user ssh to my host with remote port forwarding back into the web server's 22. ssh -p 2222 localhost and I'm sitting in a shell on the web server (192.168.something).
Does this machine on 10.200.120.4 have the ability to make direct outbound connections? Assuming yes, does you realize that the only difference between an inbound connection and an outbound connection is who sent the first packet?
Many people tend to believe that the *only* security risk they have to worry about is inbound SYN packets, so they base their entire security policy on stopping bad inbound packets. The last two sites I broke into, I did so by tricking a machine to come to me. Just for humor, here are the two scenarios:
The first one was quite a while ago, and I did it at contract. A co-worker found a potential hole in a CGI, but nobody took it seriously. By sending the right data through the CGI, I found that I could make it execute arbitrary commands. First, I did some basic stuff (id; ls -lR
The next time I saw something like this, it was out in the wild. There was a web server that was running a CGI that *seemed* like it was probably just handing the input over to a command, so I gave it a shot. This time, the web server didn't have a usable home directory, so the ssh thing was out, but it did have X installed, so I fired up a VNC server, opened it to the world and opened an xterm up in it. Before too long, I had an entire X desktop running on some guy's web server. I sent the local admin an E-mail (through pine) letting him know what was wrong and recommending he fix it before someone meaner than I am comes along.
Anyway, point of the story. Having an unroutable IP address is good internet security as long as you keep it unrouted. Once you give the thing direct internet access, the unroutability of it becomes much less relevant.
-- The world is watching America, and America is watching TV.
-- ;-)
Kuro5hin.org: where the good times never end.
The way I see it, there's a four phase cycle keeping IPv4 the standard for the internet for a long time to come.
1.) ISPs want to charge more for sharing a connection and a smaller address space gives ISPs justification to charge more for corporate users than home users. They already heavily frown upon the use of NAT (unless you pay more for them to set up your LAN for you). So why don't the ISP's just separate the concepts of bandwitdth and addressing?
2.) The backbone is overtaxed as it is. Currently the home user's connection speed is limited more by intermediate links than by their connection, even if the user is just using a 33.6 modem. A small address space provides an easy method of limiting bandwidth use. So why don't they just upgrade the backbone?
3.) IP address space is the primary driving factor in connection costs, more so than bandwidth. Most tier 1's more or less own their address blocks and stand to make money hand over fist as the price of using a single address skyrockets. If a tier 1 wants to make more money, it makes better economic sense to buy more address space than to put in faster connections. So why not jump to IPv6 to increase the address space by an order of magnitude squared so the big guys can focus on the bandwidth trouble? Tier 1 folks will make money no matter what, right?
4.) A larger address space opens up the ISP industry to small competitors. While most ISPs are owned or operated by large corporations that can afford the pricey IPv4 addresses, IPv6 stands to give every man, woman and child on the planet a bigger address space than many tier 1's currently have in IPv4. The low-level ISP scene under IPv6 could very well look a lot like the BBS/internet scene of ten years ago. Not to mention all the private little portals that could end up competing with MSN and Yahoo (with or without a DNS name). But still, the little guys could probably make a stab at making that happen with IPv4, using NAT to drive down the cost of a small IP address block. Why don't they do that?
Lather, rinse, repeat.
if you mean "4 inside, 6 outside" then it has some limitations. If you're on a 4-only box inside and want to connect somewhere, it has to have an IPv4 address, or you have to have some IPv4 address mapped to the IPv6 address with corresponding DNS change (I hear this is what the BSD folks are doing). Doing servers this way is easier as the client (outside) is connecting to a specific IPv6 address, and the NAT can translate that easy enough to (inside) IPv4 (no DNS juggling needed).
Such network address translation should at least prevent any delays in upgrading servers from delaying IPv6 deployment to the backbone. Clients will seriously need to be upgraded, and if Microsoft drags their feet, that can set things back really bad. But we also need solid IPv6 router code for the backbone, and I gather that Cisco is not moving very fast on getting it widely implemented solidly. Maybe when the economy picks up they might be able to (if they see the demand for it).
now we need to go OSS in diesel cars
The problem IPv6 has, confirmed by its enthusiastic reception by the EU, is that is
/O=...
the OSI of the 21st century (following on from
ATM, the OSI of the 1990s). IPv6 solves a
problem of 1992 --- proliferation of subnets,
exhaustion of v4 space --- while other, incremental, changes did the job just as well.
NAT and DHCP mean that huge ISPs don't need
huge blocks, and the falling price of RAM means
that large routing tables just aren't the problem
they were. The Internet simply isn't a bunch
of LSI-11s linked by 56K lines anymore, and I
recall ``look, doing that will mean every router
has to have a megabyte of RAM'' being used as
an argument-ender.
To compound things, IPv6 suffered from feature
creep (see also: ATM, X.400, Modula 2 standards)
and tried to solve a bunch of other problems as
well, such as QoS. But _those_ were being
solved in v4 land, too, with RSVP, and it's
compatible and interworking with existing
code. Those over 35 should compare the complex
``look, we need multi-part mail'' solution
proposed by the X.400 lobby, which requires MTA
support all the way, with MIME, which will pass
transparently through any MTA.
The final nail in v6's coffin is that, largely,
it's not had the attention of the A team inside
vendors, and has been seen as another add-on
protocol, like OSI, ATM, etc.
I think Vernon Shryver said a few years ago that
he didn't expect universal IPv6 in his working
lifetime. I don't (I'm 37), anymore than I ever
expected my email address to because
ian
It made internal routing *far* easier.
Not always. A big problem with private adress space appear when two business (or dept, or whatever) bridge their LAN with a VPN and they are using the same private range. Most LAN use etheir 192.168.[0|1].0/24 or 10.0.0.0/8, so this happen often (it happen to me all the time). Hopefully one or the other use DHCP so they can be migrated to an other adress range (almost) painlessly.
:wq