Slashdot Mirror
Pentagon Wants IPv6 by 2008
anzha writes "The constant question for 'when' for IPv6 keeps wandering across good ole /. It seems that the Pentagon has decided to put a foot down and put a deadline on their dark and dangerous portion of the net."
It's fairly easy to see that they will run out in a few years. /8s left unallocated.
/8s so they must have a need.
This document lists the current allocations. There are not too many
There are a few allocated to large corporations that probably don't need that many addresses though.
RIPE (Europe) were just allocated another two
In Asia, the situation is pretty bad, and has been for a while. It's extremely difficult to get more than a handful of IP addresses from your ISP, and NAT is more common than in the US. This is one of the reasons why folks in Japan are further ahead with IPv6.
IIJ has been offering IPv6 service (not tunnelled over IPv4) for a while, and some vendors in the US (such as Panix in NYC, I believe) are also starting to offer this.
The world's most portable OS: http://www.netbsd.org.
AFAIK (from reading the IPV6 docs), it's the current inefficient allocation of IPV4 networks/addresses that leads us to large routing tables.
It is common practice for companies to hide an entire RFC1918 subnet behind a small number (8 or 16) of internet addresses. One or more of those will be allocated to internal addresses (so if your webserver (say) is 192.168.1.2 but your external webserver address is 200.100.50.5, then packets both ways will be rewritten to hide the internal address behind the externally visible one)
Given how large the available IP address range is for V6 (the *minimum* allocation would be a class B by the old standards) There is no reason you can't have a 1:1 mapping from IPV6 external addresses to internal V4 addresses; further, you probably will want to static-map the lower two bytes of your 1918 to that address range rather than the recommended (which is the MAC of the card) due to the fact that swapping out a faulty network card would then force-renumber your webserver to a different V6 IP address.....
I fully expect to see Hybrid mode firewalls in the near future, which in addition to mapping the small number of externally visible V4 addresses to Internal hosts, also map V6 (autotunnelling to the ISP) for both internal hosts and outbound browsing traffic.
--
-=DaveHowe=-
As a security dork, I feel the need to point out something you all are forgetting...
IPsec is a part of the IPv6 standard, meaning when we all move to IPv6, all traffic will be encrypted, not just specific VPN links like we do now.. That's a HUGE benefit, at least in my eyes...
Blessed are the pessimists, for they have made backups.
Just this weekend a friend of mine (John) mentioned that his Co-Location provider was charging $4/year per IP address. Not much, on the surface, but this means that the class C that Curt got permanently assigned for free a decade ago is would cost John $1K/year now.
In 1992, the University of British Columbia department of Computer Science got it's own Class "B" range assigned (the UBC, generally, already had at least one "B" range assigned to it). This was for a network of, maybe, 400 machines. I challenge you to find me someone who's been assigned a class B in the last few years for as few as 1000 machines. In some cases, a 1000 machine network might only get one or two class 'b' blocks and be expected to NAT most of their machines through a firewall. "I mean, you don't really need all of those addresses, do you?"
So, yeah, I do think that IP addresses are getting scarcer these days.
--
Free Software: Like love, it grows best when given away.
For those not in the know, here is a brief article Explaining the benefits of IPV6.
I'm not Seth.
Won't we need IPv7 by then?
Before IPv6 can be deployed the vendors of the various routers etc. of hte internet will have to get fully tested and come in to line. Cisco, Nortel, Juniper et al must first finnish testing IPv6 on the hardware that currently creates the backbone of the new protocol.
While it is good to see someone pushing for this, it really will take the efforts of all major networking companies to make IPv6 a reality.
it is better to light a flame thrower than curse the darkness. -Terry Pratchett Men at Arms
Didn't the government want us to be totally metric by now also?
You do realize that IPv6 offers something like an IP address for every square centremetre of ground on the planet, right?
I'm not Seth.
Maybe the white house could push this through.
BTW does Bush even know what IPv6?
I called up one of my customers ISP's for support and asked if they support IPv4 and they said no.
Governments have set deadlines for turning off analogue TV, but it doesn't mean that will happen either.
I guess it doesn't reflect that well on mankind that we display the most ingenuity and brilliance when it comes to finding ways of beating each other into a pulp, or trying to prevent the others to do the same for us.
But then again, it's biologically understandable: intelligence is the mean by which groups of human were succesful in preserving food supply, territory, mates from competitors.
-- MG
... and then the rest of the world..
Hate to break it to ya, sonny, but the rest of the world is the reason that the US is finally getting their ball in the game. It ain't America that's hurting because of IPv4, it's China, Japan, Russia, and the world at large: demand for IPv6 in the US is low because Americans have better than 80% of all the IPv4 addresses.
--porsche_lover@hotmail.com
just like the humble blood clot... turboporsche@telus.net
IPv6 addresses are printed in groups of 16 bits in hex, separated by colons. 3ffe:1200:301b:1:a00:20ff:fec0:ffee, for example. Notice that the '1' is really '0001' - leading 0s within a group can be left out. There are more little tricks, but you can go look at the various IPv6 RFCs if you're really curious.
I think this is a good idea. After all, they created the internet, so I'd be inclined to trust the DoD on this. Moreover, the milirary is moving to be a more and more integrated organization. The battlefield is quite rapidly becoming wired, or unwired.
Recently in one of our training excercise out in the California desert, every soldier, truck, helicopter, etc. was connected in a very integrated and dynamic network which allowed the commanding officers to witness the mock battle in real time, seeing which forces were where, and how to adapt to a changing situation extremely quickly.
In military theory, and well in any competitive environment, the goal is to gather information, assess the situation, decide on a course of action, and execute that decision. Whoever can complete this loop or cycle first has the clear advantage. By connecting everyone on the battlefield so that they can gather and pass on information as fast as possible is clearly a necessary step for this to work.
So, if all our soldiers need to be connected to the information infrastructure, it is clear that this will be accomplished with information technology. And how else to do this? Well, over cheap, abundant, and "easy" to configure systems. And what do these systems use as an underlying framework?
IP addressed based systems. (right? im a soldier, not a network architect, so my appologies if i am wrong)
So, from the military's standpoint, it would be a good idea to have as many IP addresses as possible. They will sure need them when there are hundreds of thousands/millions/billions of information nodes dispersed across the battlefield of the not too distant future.
Seriously, major players like MIT, Stanford, AT&T each have more IP addresses than is assigned to, say, China or India. Sure, not exactly a convincing argument to NOT to move to IPv6 but for the short term before IPv6 is implemented, these players can ameliorate the situation by releasing blocks of IP.
I just have to wonder what they [asians] actually DO for us rather than make porn and spam which we can do ourself, . . .
Hint: People on other countries don't exist for the sole purpose of serving us.
I've been to Mexico, England, Finland, Russia and Latvia. People actualy have lives there, too. You'd be amazed.
Note to non-USians: I won't judge your country by your most outrageous people if you don't judge mine by ours. Deal?
every soldier, truck, helicopter, etc. was connected in a very integrated and dynamic network
Just need to add the black-armored bodysuits, exotic eyepieces, conspicuous tubes, deathly white complexion, and Windows networking.
The coolest voice ever.
From the article:
I think I only have the old version of the Internet installed. Does the new version have better warez and porn support also? Where can I download it from?
(Yeah yeah, I know. I run IPv6 too:)
IPv6 by 2008 or else. What are they going to do? Cancel the internet?
IPv6 sounds great but I see that we will need more TLDs and a domain name will be absolutely necessary.
Frickin' Rainman will be the only one able to remember xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.
At least the giant corporations that are our new overlords will have to spend some serious $$$ to cover all the new 'name.new tld'. Perhaps after all this is done, they can work on flying cars. 'cause we are like 50+ years behind the times here, people.
But all that has to take a back seat to hard to remember IPv6.
Here's a plan, why don't we just take the internet away from all the AOLers, the Flash greeting card senders, the 'Great Story! Read this LOLRFLOLRLOL!!!!'ers, Zone Bejewled players and the cheaters at Counter Strike and we'll have enough IPs for all of the elitist bastards that are going to make my toaster talk to me.
Tell you what. I will trade all my IPs (192.168.x.x) for a friggin' flying car.
Let's make it happen. I'll even have a bumper sticker, "IPv6, but my doctor says I'll be fine!" with a smiley!
Gimmme my flying car.
I hope the example you gave wasn't intended as a serious one. First of all, there is the issue that most of the time hex numbers are case insensitive. The additional trouble caused by a difference between a and A would be quite a hassle. Once more, for any alphabet that reaches through l (as in 'el', not 'one') or O (as in 'oh', not 'zero') suddenly has problems with font choice for representation. Secondly, consider if you used all of the symbols you recommende. 0-9,a-z,A-Z. That's 62 unique characters, and we need a number of characters that is a power of two for things to work out. So next we have to throw in some other symbol. How about we just say we follow that with ' and " (there are probably better choices, but that's not pertinent). That gives us 64 total characters which represent log2(64)=6 bits in our address. This means that we still need 22 of these hexaquartadecimals. If we wanted to drop this back down to the current 8 characters required, we'll need a system which represents 16 bits per character, or 65,536 unique characters per position.
With hexadecimal, we have a well-established system used several decades for a shorthand form of long binary numbers that required 32 significant characters with no typographic duplicities. This new proposed system will require recoding all software dealing with IPs to be case-sensitive as well as accept new characters, introduce duplicities, and save us not quite one-third of the length. Quite possibly a bit more of a hassle than it's worth.
You like splinters in your crotch? -Jon Caldara
All I've heard is that Duke Nukem: Forever is supposed to have built in support for it...
If your theory is different from practice, then your theory is wrong.
Come one, this is stupid. Trust the army to screw up and fight the last battle. 128 bits was what we needed in the 1990's, now we need, at minimum, 1024 bits.
0 32 95103906144016539038225792870901895835390320107657 44457305542673419082369699669734880889275496329484 96303482538270489266497896614602800178013445636154 70744071510983402152604892326878198758722011817673 7621501526369471177135320848354245186405050904232
Proof:
numOfPeople = 7000000000
def uniqueIP(n):
return 2**n
def ipPerPerson(numOfIP, people):
return numOfIP / people
>>> ipPerPerson(uniqueIP(1024), numOfPeople)
25681330498033084396132931296986067623113956842
By my calculations, that is the minimum number needed per person. With all the nano-devices we will have by 2008, that number will go quickly, trust me.
Even if there are production delays and the nano-devices are not here by 2008, they will still be coming soon, so we may as well be prepared.
Also, for those who are going to complain, having 1024 bit IP addresses will not be much overhead.
I once wondered about whether nanotech would present problems for 128-bit addressing and did some back-of-the-envelope calculations to examine the issue. A little math to satisfy one's "what-if geek" tendencies:
earth's surface area = 5.1*10^11 m2
earth's land area = 1.483*10^11 m2
That's surface area, but we live in a volumetric space; let's define that space as 1 km high above/below earth's land-mass(part of that 1km being underground, part being in the air.) Thus the volume of human space above/below land is 1.48*10^14 m3. With 10^6 cubic centimeters per cubic meter, and approximately 10^23 atoms per cubic centimeter, we get 1.48*10^43 atoms in our human-habitable slab of space on earth.
Now, how many IP addresses for that space? Well, 2^128 = 3.4*10^38th.
Ergo we have enough IP addresses for nanotech devices of 43,600 atoms each, in a human-habitable volume completely covering the land-mass of Earth and extending to fill a volume of space above and below the earth's surface for a full 1 km. Sure, you might get nanodevices smaller than that, but would they be independent enough and sensing/generating enough information to communicate via IP?
Well, if that isn't a problem for 128-bits, what is? Let's check a few other test cases that your friendly sci-fi reader might imagine...
Well, that was just land-mass. What if we filled the sea with nanodevices, would that exhaust it?
The sea is 11km deep at worst, 3.8km on average. Water surface area is little over double land. Thus water basically requires a factor of 10x more devices. Given that you probably won't have more than 10% of the volume of any space being nanodevices (and this would seem to remain an extreme upper bound), this probably isn't an issue.
So what about interplanetary colonization? Still not too much of an issue for this solar system (ignoring the latency issues.) At least the first few planets (Mars/Venus/Mercury) which only add a factor of 3-4x expansion once 100% colonized form due to the roughly similar size of available nanodevice space on those planets as earth. True, a colonized Jupiter might pose problems down the line...
And if you used nanoprobes to fill/convert entire atmospheric systems, you end up covering a lot more volume (99% of earths' atmosphere fills approx 8.6*10^19 m3 by my calculations, five orders of magnitude more space than our 1 km slab.) Of course, any nanodevice design on that scale would probably use its own non-IP protocol.
Ah, but what other assumptions could be misleading us? For example, what is the efficiency of the 128-bit name space? Can we really use all those addresses? Well, I admit, I'm less an expert on this. The issue that Ethernet MACs will typically be your bottom 64-bits definitely chews up a lot of space, but if Ethernet doesn't make sense for nanodevices, we'll probably be using something else, or our self-assembling nanoprobes will build and configure themselves so that they share 1 higher-level IP but under the covers each have an colony-wide (not globally) unique ethernet address. How efficiently allocated is the rest of that (non-Ethernet) space? Well, I think CIDR-like tweaks can squeeze a fair amount out.
Still, even in the case where 128-bits isn't quite enough(!), I suspect reverting to NAT-type approaches in IPv6 will be workable. Certainly inter-stellar communications which will be limited to a relatively small number of transmitters will scale up with NATs for quite a while, assuming photon-based communications.
So I suspect the 128-bit addressing scheme of IPv6 will last us at least another 200 years, not just "decades" as
IPv6 supports autoconf where you plug your machine in and if there is an IPv6 enabled router on the network it automatically configures itself. IPv6 supports having IPv6 addresses if you are assigned IPv4 addresses.
In theory, I can install a machine and plug it in, and it will do everything using IPv6. Configuring routers I admit requires some thought, but __nobody__, including the various Linux distributions by the default installs support being plugged into an IPv6 network and configuring themselves.
They all require installing "extra" tools, recompiling kernels, or manually configuring interfaces. Where is the automatic 6to4 address use in NAT gateways? Where is the automatic ipv4-compatible ipv6 addresses?
And thats for the PC operating systems, if we look at embedded devices (eg: Wireless bridges/AP's), most of them not only don't support IPv6, they "accidently" drop IPv6 thats forwarded across them!
IPv6 is designed to be so simple that you aren't supposed to realise that you're transitioning to IPv6. One day you update your OS and you just happen to be using IPv6 instead of IPv4 where possible. Except at the moment you have to spend a week futzing about playing with weird options.
The reason people aren't using IPv6 has nothing to do with if the core network is upgraded. IPv6 can support tunneling over that automatically if required using 6to4 addressing, the reason is that you have to conciously go and configure every frig'n device on your network to support IPv6!
C'mon disto-makers, spend a bit of time getting IPv6 support working in your distro by default. Make sure IPv6 tools are shipped by default (where they exist). Make sure that kernels are compiled with IPv6 support. Make sure that your startup scripts configure ipv6-compatible ipv4 addresses on interfaces that have ipv4 addresses, configure 6to4 addressing by default etc. It's not hard!