Slashdot Mirror
Pentagon Wants IPv6 by 2008
anzha writes "The constant question for 'when' for IPv6 keeps wandering across good ole /. It seems that the Pentagon has decided to put a foot down and put a deadline on their dark and dangerous portion of the net."
A Net Engineer friend of mine claims that Cisco are reluctant to support IPV6 because the amount of memory required to hold the routing tables for IPV6 is huge. Until memory prices come down it won't be worthwhile implementing it in routers (especially since there is little demand, chicken and egg problem).
--
--
enterfornone - logging in for a change
It's fairly easy to see that they will run out in a few years. /8s left unallocated.
/8s so they must have a need.
This document lists the current allocations. There are not too many
There are a few allocated to large corporations that probably don't need that many addresses though.
RIPE (Europe) were just allocated another two
In Asia, the situation is pretty bad, and has been for a while. It's extremely difficult to get more than a handful of IP addresses from your ISP, and NAT is more common than in the US. This is one of the reasons why folks in Japan are further ahead with IPv6.
IIJ has been offering IPv6 service (not tunnelled over IPv4) for a while, and some vendors in the US (such as Panix in NYC, I believe) are also starting to offer this.
The world's most portable OS: http://www.netbsd.org.
The IPv4 shortage has many dire implications. I would hope that I have a right to have my personal mail server and my personal web server and ftp server. I feel quite uncomfortable with my personal stuff being kept anywhere outside my locked house. With current IPv4 is is not always possible. Assingning dynamic IP became the norm and static IP are either unbearably expensive, or even prohibited in residential areas.
Owners of the static IP ranges seem to be the king of internet universe, that can dictate price, conditions and force you to run your server off their premisses (for a fee).
Can somebody post details, how bad can be the censorship implications ov IPv6? I think, that the contents tags ccould be actually bogus, so that contents-based censorship might become ineffective.
How difficult would it be to stop a packets on the border? How many paths out of the country are there?
The new DNS may well happen - one of the failings of the current system is that it does not support non american-english characters; while from certain points of view this is fine (after all, if you can't type an URL on your machine, how many hits will they get?) support for the japanese charset in email and webpages has been standard in IE/OE for some time. The most obvious solution to this (encoding DNS names in non-US as the unicode multi-char representation, as web pages can do has been *PATENTED* in the us. I am sure I don't have to start the usual stupid-us-patents thread again though...
--
-=DaveHowe=-
It is common practice for companies to hide an entire RFC1918 subnet behind a small number (8 or 16) of internet addresses. One or more of those will be allocated to internal addresses (so if your webserver (say) is 192.168.1.2 but your external webserver address is 200.100.50.5, then packets both ways will be rewritten to hide the internal address behind the externally visible one)
Given how large the available IP address range is for V6 (the *minimum* allocation would be a class B by the old standards) There is no reason you can't have a 1:1 mapping from IPV6 external addresses to internal V4 addresses; further, you probably will want to static-map the lower two bytes of your 1918 to that address range rather than the recommended (which is the MAC of the card) due to the fact that swapping out a faulty network card would then force-renumber your webserver to a different V6 IP address.....
I fully expect to see Hybrid mode firewalls in the near future, which in addition to mapping the small number of externally visible V4 addresses to Internal hosts, also map V6 (autotunnelling to the ISP) for both internal hosts and outbound browsing traffic.
--
-=DaveHowe=-
As a security dork, I feel the need to point out something you all are forgetting...
IPsec is a part of the IPv6 standard, meaning when we all move to IPv6, all traffic will be encrypted, not just specific VPN links like we do now.. That's a HUGE benefit, at least in my eyes...
Blessed are the pessimists, for they have made backups.
I'm frankly getting sick of all of this IPv6 hype. With NAT, BGP and classless routing protocols, IPv4 still has plenty of life left in it. The change to IPv6 isn't going to happen soon, and it doesn't need to. Besides, if you really want to run IPv6 right now, just to prove that you are so much r3373r than your sys-admin buddies, go ahead and run it, and tunnel it through IPv4. It's perfectly feasible, and probably what early-adopters of IPv6 are going to have to do anyways, because as far as I know, there isn't a single backbone provider who is even seriously discussing implementing IPv6 in their network. We have loads of IPv4 space left, the IPv4 network that we're all using to post on this great site is obviously working quite well, and a load of new address space isn't going to help the internet in any really useful way. IPv6 is going to be a whole lot of work, a lot of hassles, a lot of connection problems, and with little short-term gains. Everyone always preaches not to upgrade your kernel if there isn't anything you're going to gain from it, so why upgrade your logical network addresses if it's not going to provide better service to you? IPv6 will come, but not until we need it to.
//Phizzy
"Most European technology just isn't worth our stealing," -- Former CIA chief James Woolsey, referring to Echelon
Just this weekend a friend of mine (John) mentioned that his Co-Location provider was charging $4/year per IP address. Not much, on the surface, but this means that the class C that Curt got permanently assigned for free a decade ago is would cost John $1K/year now.
In 1992, the University of British Columbia department of Computer Science got it's own Class "B" range assigned (the UBC, generally, already had at least one "B" range assigned to it). This was for a network of, maybe, 400 machines. I challenge you to find me someone who's been assigned a class B in the last few years for as few as 1000 machines. In some cases, a 1000 machine network might only get one or two class 'b' blocks and be expected to NAT most of their machines through a firewall. "I mean, you don't really need all of those addresses, do you?"
So, yeah, I do think that IP addresses are getting scarcer these days.
--
Free Software: Like love, it grows best when given away.
IPv6 is not the tool for giving us more NATed 10.x.x.x networks. Users will not benefit from IPv6 if it's only used as backbone technology and the endpoints of communication keep calling eachother 32bit names. What's the advantage of having bazillion addresses free for everyone if you can't enter them into your latest first person shooting game? Don't let people mislead you: The key for quick migration is not backbone providers making a start. It isn't some remote tunnel possibility either. It's IPv6 "Napster" which will do the trick.
well kinda - but here is what needs to happen for widespread adoption of v6:
;) and would give a lot of experience to all people. and could be promoted as national v4 to v6 implementation month etc... it is about time we had such a large scale project anyway - for community purposes.... ??????
:)
the major backbone providers need to adopt v6 - not the end user. the reason is as follows:
the model is this: tier 1-3 providers need to implement v6 on a backbone level - which will allow for major availability in the v6 arena when it comes to allocation.
the end user needs only to have v4 nat happen - and have the v4 to v6 translation happen upstream. so - the end user has a 10.x private - which goes upstream to his isp, the isp has v6 peering relationships and has a block of legal v4 classes assigned to them. keep v6 out at the core backbone level for as long as possible - but each tier 1-3 has a certain v4 and v6 blocks that they own - and dole them out as needed v4 first.
this allows for a "trickle down" approach to adoption of addy's in the new space.
then as the net grows - you can still use v4 and v6 so as to maintain layers of complexity.
re-allocate all v4 addys as class C.
then as an end user client you only have a C net at best to allocate for dmz/external addy's - and make it semi-manditory that companies implement nat on a 10.x net. this will allow for almost unlimited flexibility in the corp - and very very flex environs for the ISP from 3 to 1 tiers.
if i am wrong let me know - it is just an idea - what do you guys think.
however I will admit that it will require a large renumbering of the net - but I as an admin have no complaints about incurring such a change - as it would be a fun project (to delegate
let me know. I still will like it no matter what anyone says
For those not in the know, here is a brief article Explaining the benefits of IPV6.
I'm not Seth.
Won't we need IPv7 by then?
Before IPv6 can be deployed the vendors of the various routers etc. of hte internet will have to get fully tested and come in to line. Cisco, Nortel, Juniper et al must first finnish testing IPv6 on the hardware that currently creates the backbone of the new protocol.
While it is good to see someone pushing for this, it really will take the efforts of all major networking companies to make IPv6 a reality.
it is better to light a flame thrower than curse the darkness. -Terry Pratchett Men at Arms
Didn't the government want us to be totally metric by now also?
You do realize that IPv6 offers something like an IP address for every square centremetre of ground on the planet, right?
I'm not Seth.
Maybe the white house could push this through.
BTW does Bush even know what IPv6?
I called up one of my customers ISP's for support and asked if they support IPv4 and they said no.
Previously discussed... http://slashdot.org/article.pl?sid=01/05/22/001221 9
Governments have set deadlines for turning off analogue TV, but it doesn't mean that will happen either.
IPv6 has billions and billions of IPs, can't "they" just hand out tons more free IPs to the networks already operating if they move to IPv6?
I guess it doesn't reflect that well on mankind that we display the most ingenuity and brilliance when it comes to finding ways of beating each other into a pulp, or trying to prevent the others to do the same for us.
But then again, it's biologically understandable: intelligence is the mean by which groups of human were succesful in preserving food supply, territory, mates from competitors.
-- MG
... and then the rest of the world..
Hate to break it to ya, sonny, but the rest of the world is the reason that the US is finally getting their ball in the game. It ain't America that's hurting because of IPv4, it's China, Japan, Russia, and the world at large: demand for IPv6 in the US is low because Americans have better than 80% of all the IPv4 addresses.
--porsche_lover@hotmail.com
just like the humble blood clot... turboporsche@telus.net
IPv6 addresses are printed in groups of 16 bits in hex, separated by colons. 3ffe:1200:301b:1:a00:20ff:fec0:ffee, for example. Notice that the '1' is really '0001' - leading 0s within a group can be left out. There are more little tricks, but you can go look at the various IPv6 RFCs if you're really curious.
I think this is a good idea. After all, they created the internet, so I'd be inclined to trust the DoD on this. Moreover, the milirary is moving to be a more and more integrated organization. The battlefield is quite rapidly becoming wired, or unwired.
Recently in one of our training excercise out in the California desert, every soldier, truck, helicopter, etc. was connected in a very integrated and dynamic network which allowed the commanding officers to witness the mock battle in real time, seeing which forces were where, and how to adapt to a changing situation extremely quickly.
In military theory, and well in any competitive environment, the goal is to gather information, assess the situation, decide on a course of action, and execute that decision. Whoever can complete this loop or cycle first has the clear advantage. By connecting everyone on the battlefield so that they can gather and pass on information as fast as possible is clearly a necessary step for this to work.
So, if all our soldiers need to be connected to the information infrastructure, it is clear that this will be accomplished with information technology. And how else to do this? Well, over cheap, abundant, and "easy" to configure systems. And what do these systems use as an underlying framework?
IP addressed based systems. (right? im a soldier, not a network architect, so my appologies if i am wrong)
So, from the military's standpoint, it would be a good idea to have as many IP addresses as possible. They will sure need them when there are hundreds of thousands/millions/billions of information nodes dispersed across the battlefield of the not too distant future.
Seriously, major players like MIT, Stanford, AT&T each have more IP addresses than is assigned to, say, China or India. Sure, not exactly a convincing argument to NOT to move to IPv6 but for the short term before IPv6 is implemented, these players can ameliorate the situation by releasing blocks of IP.
You do realize that IPv6 offers something like an IP address for every square centremetre of ground on the planet, right?
If we're using those tiny-ass quantum computers, we're going to need all that and more.
The coolest voice ever.
I just have to wonder what they [asians] actually DO for us rather than make porn and spam which we can do ourself, . . .
Hint: People on other countries don't exist for the sole purpose of serving us.
I've been to Mexico, England, Finland, Russia and Latvia. People actualy have lives there, too. You'd be amazed.
Note to non-USians: I won't judge your country by your most outrageous people if you don't judge mine by ours. Deal?
every soldier, truck, helicopter, etc. was connected in a very integrated and dynamic network
Just need to add the black-armored bodysuits, exotic eyepieces, conspicuous tubes, deathly white complexion, and Windows networking.
The coolest voice ever.
From the article:
I think I only have the old version of the Internet installed. Does the new version have better warez and porn support also? Where can I download it from?
(Yeah yeah, I know. I run IPv6 too:)
IPv6 by 2008 or else. What are they going to do? Cancel the internet?
IPv6 sounds great but I see that we will need more TLDs and a domain name will be absolutely necessary.
Frickin' Rainman will be the only one able to remember xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.
At least the giant corporations that are our new overlords will have to spend some serious $$$ to cover all the new 'name.new tld'. Perhaps after all this is done, they can work on flying cars. 'cause we are like 50+ years behind the times here, people.
But all that has to take a back seat to hard to remember IPv6.
Here's a plan, why don't we just take the internet away from all the AOLers, the Flash greeting card senders, the 'Great Story! Read this LOLRFLOLRLOL!!!!'ers, Zone Bejewled players and the cheaters at Counter Strike and we'll have enough IPs for all of the elitist bastards that are going to make my toaster talk to me.
Tell you what. I will trade all my IPs (192.168.x.x) for a friggin' flying car.
Let's make it happen. I'll even have a bumper sticker, "IPv6, but my doctor says I'll be fine!" with a smiley!
Gimmme my flying car.
I hope the example you gave wasn't intended as a serious one. First of all, there is the issue that most of the time hex numbers are case insensitive. The additional trouble caused by a difference between a and A would be quite a hassle. Once more, for any alphabet that reaches through l (as in 'el', not 'one') or O (as in 'oh', not 'zero') suddenly has problems with font choice for representation. Secondly, consider if you used all of the symbols you recommende. 0-9,a-z,A-Z. That's 62 unique characters, and we need a number of characters that is a power of two for things to work out. So next we have to throw in some other symbol. How about we just say we follow that with ' and " (there are probably better choices, but that's not pertinent). That gives us 64 total characters which represent log2(64)=6 bits in our address. This means that we still need 22 of these hexaquartadecimals. If we wanted to drop this back down to the current 8 characters required, we'll need a system which represents 16 bits per character, or 65,536 unique characters per position.
With hexadecimal, we have a well-established system used several decades for a shorthand form of long binary numbers that required 32 significant characters with no typographic duplicities. This new proposed system will require recoding all software dealing with IPs to be case-sensitive as well as accept new characters, introduce duplicities, and save us not quite one-third of the length. Quite possibly a bit more of a hassle than it's worth.
You like splinters in your crotch? -Jon Caldara
http://ipv6tb.he.net/
All I've heard is that Duke Nukem: Forever is supposed to have built in support for it...
If your theory is different from practice, then your theory is wrong.
Come one, this is stupid. Trust the army to screw up and fight the last battle. 128 bits was what we needed in the 1990's, now we need, at minimum, 1024 bits.
0 32 95103906144016539038225792870901895835390320107657 44457305542673419082369699669734880889275496329484 96303482538270489266497896614602800178013445636154 70744071510983402152604892326878198758722011817673 7621501526369471177135320848354245186405050904232
Proof:
numOfPeople = 7000000000
def uniqueIP(n):
return 2**n
def ipPerPerson(numOfIP, people):
return numOfIP / people
>>> ipPerPerson(uniqueIP(1024), numOfPeople)
25681330498033084396132931296986067623113956842
By my calculations, that is the minimum number needed per person. With all the nano-devices we will have by 2008, that number will go quickly, trust me.
Even if there are production delays and the nano-devices are not here by 2008, they will still be coming soon, so we may as well be prepared.
Also, for those who are going to complain, having 1024 bit IP addresses will not be much overhead.
...is that there is no easy way to do this. There will be a major effort of large companies and corportations eventually, but only after someone takes initiative and sticks their neck out above the crowd. We can't all huddle behind each other saying "I'll go when you go..."
I would like to see something critical go IPv6 exclusively. If... say, most of the world's search engines ran only IPv6, think of how much that would inspire people to adopt it, from the consumer all the way up to the corporations that rely on the consumer's business. We just need someone important enough to put their foot down and say "You must have IPv6... now."
Not just search engines. Yahoo! could start serving their mail, chat, and games through IPv6 exclusively. MP3.com could only stream via IPv6, hardware corp's could stop producing IPv4 hubs and routers, which would still allow people to use IPv4 (the old ones won't be removed from the market, just no longer manufactured), but at the same time it would make the cost of staying with IPv4 increasingly expensive (as our supply of IPv4 hardware grows thin, the cost of using it will become too expensive).
Modern warfare is theorized by two overlapping schools of thought: "Maneuver" warfare and "Traditional" warfare (or whatever you want to call it).
The model of the period of iteration in decision making to action is from the maneuverist camp, but it has been more widely accepted. As maneuver types propose it, the decisions should be as distributed as possible, hence your IPv6 address for every device on every soldier inference. However, in this model, every node does not need to be addressed by every other node, and indeed the maneuver warfare proponents usually say that communication should be as decoupled as possible from the central structure. A global namespace/address space is (on the surface) antithetical. It provides means for centralized Command and Control, which is the opposite of what you suggest IPv6 would do for our soldiers.I suggest that the generals would be crippled by the human manipulation motive in an attempt to micromanage everything, because their orders can reach the sub-soldier granularity: "Tune all of the field units' fire-control to safe. We don't want any hot-heads escalating right now."
Hours later: "Sir, we just lost a whole platoon because they couldn't return fire ..."
True, there is LOTS of theory saying why this kind of order is bad, and it is starting to become a dominant influence in military doctrine (field manuals), but neither of those preclude that particular order from being executed in a battle situation.
Reference: ISBN 0-89141-518-1
Not that IPv6 is bad: it just won't work like that.
--- Nothing clever here: move along now...
RFC 1924 defines Base-85, a compact encoding scheme for 128-bit IPv6 addresses. An address represented in the usual form would be ' 1080:0:0:0:8:800:200c:417a'. That same address in Base-85 becomes '4)+k&C#VzJ4br>0wv%Yp'. Unfortunately, Base-85 addresses aren't very memorable, and worst of all, they're case-sensitive. Try reading that out over a phone. RFC 1924 was released on an April 1st, so it's probably not serious.
That would be bad:
I once wondered about whether nanotech would present problems for 128-bit addressing and did some back-of-the-envelope calculations to examine the issue. A little math to satisfy one's "what-if geek" tendencies:
earth's surface area = 5.1*10^11 m2
earth's land area = 1.483*10^11 m2
That's surface area, but we live in a volumetric space; let's define that space as 1 km high above/below earth's land-mass(part of that 1km being underground, part being in the air.) Thus the volume of human space above/below land is 1.48*10^14 m3. With 10^6 cubic centimeters per cubic meter, and approximately 10^23 atoms per cubic centimeter, we get 1.48*10^43 atoms in our human-habitable slab of space on earth.
Now, how many IP addresses for that space? Well, 2^128 = 3.4*10^38th.
Ergo we have enough IP addresses for nanotech devices of 43,600 atoms each, in a human-habitable volume completely covering the land-mass of Earth and extending to fill a volume of space above and below the earth's surface for a full 1 km. Sure, you might get nanodevices smaller than that, but would they be independent enough and sensing/generating enough information to communicate via IP?
Well, if that isn't a problem for 128-bits, what is? Let's check a few other test cases that your friendly sci-fi reader might imagine...
Well, that was just land-mass. What if we filled the sea with nanodevices, would that exhaust it?
The sea is 11km deep at worst, 3.8km on average. Water surface area is little over double land. Thus water basically requires a factor of 10x more devices. Given that you probably won't have more than 10% of the volume of any space being nanodevices (and this would seem to remain an extreme upper bound), this probably isn't an issue.
So what about interplanetary colonization? Still not too much of an issue for this solar system (ignoring the latency issues.) At least the first few planets (Mars/Venus/Mercury) which only add a factor of 3-4x expansion once 100% colonized form due to the roughly similar size of available nanodevice space on those planets as earth. True, a colonized Jupiter might pose problems down the line...
And if you used nanoprobes to fill/convert entire atmospheric systems, you end up covering a lot more volume (99% of earths' atmosphere fills approx 8.6*10^19 m3 by my calculations, five orders of magnitude more space than our 1 km slab.) Of course, any nanodevice design on that scale would probably use its own non-IP protocol.
Ah, but what other assumptions could be misleading us? For example, what is the efficiency of the 128-bit name space? Can we really use all those addresses? Well, I admit, I'm less an expert on this. The issue that Ethernet MACs will typically be your bottom 64-bits definitely chews up a lot of space, but if Ethernet doesn't make sense for nanodevices, we'll probably be using something else, or our self-assembling nanoprobes will build and configure themselves so that they share 1 higher-level IP but under the covers each have an colony-wide (not globally) unique ethernet address. How efficiently allocated is the rest of that (non-Ethernet) space? Well, I think CIDR-like tweaks can squeeze a fair amount out.
Still, even in the case where 128-bits isn't quite enough(!), I suspect reverting to NAT-type approaches in IPv6 will be workable. Certainly inter-stellar communications which will be limited to a relatively small number of transmitters will scale up with NATs for quite a while, assuming photon-based communications.
So I suspect the 128-bit addressing scheme of IPv6 will last us at least another 200 years, not just "decades" as
IPv6 supports autoconf where you plug your machine in and if there is an IPv6 enabled router on the network it automatically configures itself. IPv6 supports having IPv6 addresses if you are assigned IPv4 addresses.
In theory, I can install a machine and plug it in, and it will do everything using IPv6. Configuring routers I admit requires some thought, but __nobody__, including the various Linux distributions by the default installs support being plugged into an IPv6 network and configuring themselves.
They all require installing "extra" tools, recompiling kernels, or manually configuring interfaces. Where is the automatic 6to4 address use in NAT gateways? Where is the automatic ipv4-compatible ipv6 addresses?
And thats for the PC operating systems, if we look at embedded devices (eg: Wireless bridges/AP's), most of them not only don't support IPv6, they "accidently" drop IPv6 thats forwarded across them!
IPv6 is designed to be so simple that you aren't supposed to realise that you're transitioning to IPv6. One day you update your OS and you just happen to be using IPv6 instead of IPv4 where possible. Except at the moment you have to spend a week futzing about playing with weird options.
The reason people aren't using IPv6 has nothing to do with if the core network is upgraded. IPv6 can support tunneling over that automatically if required using 6to4 addressing, the reason is that you have to conciously go and configure every frig'n device on your network to support IPv6!
C'mon disto-makers, spend a bit of time getting IPv6 support working in your distro by default. Make sure IPv6 tools are shipped by default (where they exist). Make sure that kernels are compiled with IPv6 support. Make sure that your startup scripts configure ipv6-compatible ipv4 addresses on interfaces that have ipv4 addresses, configure 6to4 addressing by default etc. It's not hard!
"sure, you might get nanodevices smaller than that, but would they be independent enough and sensing/generating enough information to communicate via IP?"
That's such a quintessentially Slashdot quote, it makes me smile.
As has been pointed out elsewhere in the discussion, the US has the least to gain from switching over to IPv6. Since the Internet is, after all, a mostly American invention, there is some US-centricity to it, especially in the DNS system and in the allocation of IP addresses. Amercians own more IPv4 addresses than the rest of the world combined. We have the least to gain from going IPv6, and the most to lose.
I freely admit this is somewhat of a bad thing.
In the last few years, IP addresses have become a scarce resource that people are willing to pay for. Demand is literally outstripping supply, and you can tell it is because people are paying good money for blocks of addresses. (Down at a more personal level, you'll pay more for a broadband connection with a static IP address.) People are buying numbers. This isn't something the designers of the Internet, who foresaw a system with a few tens of millions of nodes at most, could have anticipated. They didn't imagine that every Chinese citizen might want to wander around with a cell phone connected to the 'Net.
There are infinitely many numbers, so it's basically pointless to compete economically over them. The right answer from an efficiency standpoint is to transition to IPv6. Sure, it'll be a pain in the butt as we get it done, but the rewards will be significant.