Dept. of Defense IPv6 Interoperabilty Test Begins

securitas writes "The Department of Defense has launched Phase I of its delayed IPv6 interoperability test (mirror) in a six-month project dubbed Moonv6. It is the largest North American IPv6 test ever and its goal is to evaluate IPv6 for 'network-centric military operations.' Phase II was originally scheduled to begin in January 2004 but may be delayed due to the late start of the current test. 'IPv4 addresses are 32 bits long, enough for around 4 billion unique addresses.' In contrast, the IPv6 address length is '128 bits, or 340 billion billion billion billion unique addresses.' Experts hope this will solve a predicted IP address shortage as more devices are created to use the Internet."

The largest network - I hope not

[MerlynEmrys67]

The 6bone has been running for quite a while with MANY networks attached. Infact it is not shutting down for full IPv6 service on the internet.

I hope the DOD isn't building a network larger than this, why the heck would they waste the money on millions of machines that would be needed to be larger than the 6bone was. I can see claims that it is the largest single entity deployment of IPv6 - now that would be a useful claim

Re:Just for fun...

[cK-Gunslinger]

For anyone who wants to 'pronounce' the number:

2^128 is:

340,282,366,920,938,463,463,374,607,431,768,211, 45 6

Which is:

340 undecillion,
282 decillion,
366 nonillion,
920 octillion,
938 septillion,
463 sextillion,
463 quintillion,
374 quadrillion,
607 trillion,
431 billion,
768 million,
211 thousand,
456.

Re:Why did they pick 128?

[amorsen]

Ease of routing is the reason. With 64 bits you have to be careful how many IPs you give to each ISP. If you give too few you have to renumber or add disjoint addresses, polluting the routing table. If you give too many, you could still run out. You would also give just a few addresses to end users, say 256. That makes it impossible to do proper routing at the customer end, and addresses still have to be carefully assigned by hand or by DHCP. With 128 bits you can afford to embed the MAC address in the IP address, guaranteeing that it is unique. Goodbye to (stateful) DHCP.

Re:But seriously...

[Jugalator]

Yes, you can use hexadecimal numbers, and I think I'd recommend it too. :-)

There are some "address concatenation" features/rules to make IPv6 addresses shorter.

- You can skip leading zeroes.
- One sequence of 16 bit blocks of zeroes can be replaced by a double colon -- "::", but not more than once.

Some examples:

- An IPv4-mapped IPv6 address: ::ffff:1.2.3.4.
- IPv6 address 3ffe:ffff:100:f101:0:0:0:1 becomes 3ffe:ffff:100:f101::1 in short form.
- 127.0.0.1 in IPv4 (localhost), i.e. 0000:0000:0000:0000:0000:0000:0000:0001 in IPv6, becomes ::1 in shorthand form.
- 0.0.0.0 in IPv4 (anyhost), i.e. 0000:0000:0000:0000:0000:0000:0000:0000 in IPv6, becomes ::0.

Re:I don't care what you say

[noahm]

Get this through your head:
NAT != firewall
In case you missed that, let me say it again:
NAT != firewall

NAT was not designed for security. It was designed to delay the end of the world until IPv6 could come and save it (OK, that's a bit of a parabole...sue me).

Firewalls are just as (in-)effective in a NAT-free environment. NAT is just as (in-)effective in a firewall-free environment. By exchanging NAT for IPv6, you aren't "giving up" any functionality, you're gaining it, and giving up a nasty kludge that never should have been invented.

It's time for NAT to die a long overdue death.

noah