Dept. of Defense IPv6 Interoperabilty Test Begins

securitas writes "The Department of Defense has launched Phase I of its delayed IPv6 interoperability test (mirror) in a six-month project dubbed Moonv6. It is the largest North American IPv6 test ever and its goal is to evaluate IPv6 for 'network-centric military operations.' Phase II was originally scheduled to begin in January 2004 but may be delayed due to the late start of the current test. 'IPv4 addresses are 32 bits long, enough for around 4 billion unique addresses.' In contrast, the IPv6 address length is '128 bits, or 340 billion billion billion billion unique addresses.' Experts hope this will solve a predicted IP address shortage as more devices are created to use the Internet."

Re:I don't care what you say

[Short+Circuit]

NATs will definately proliferate. All it's going to take is some worm shutting down all the refridgerators it can connect to, including both home, commercial, and warehouse coolers.

If you wanted a more dangerous scenario, there's the toilet flushing possibility. City water pressure drops, and an entire region hits a water shortage. Sewage treatment plants overflow, and thousands of gallons of raw sewage are dumped into the local water supply.

Another possibility could be environmental controls. Imagine all heating and cooling units turned on. That would be an enormous drain on energy resources.

Re:The largest network - I hope not

[leerpm]

My understanding is that the 6bone was not a production network.

Also, I imagine the reason the DoD is building their own network right now, is so that they have more control over it. They don't need home users bringing havoc over the network while they are conducting their tests. It may also be a temporary network, and they could have further plans down the road to introduce further major changes to it.

Re:Why did they pick 128?

[leerpm]

Probably so that in 25 years, they don't have to revisit it again and implement an IPv8. Also, the design of IPv6 is very different than IPv4. The 128 bits are actually two distinct 64bit identifiers combined together. The first 64 bits indicates the subnet. Of that first 64 bits, 48 are there to be used in partitioning the network in different ways (it's an oversimplification I know and I am dumbing down some details). The last 64 bits are your 'interface identifier', this is the equivalent of your 48bit MAC address. Only now the MAC address is going to be part of your address.

More reasons for IPv6

[RDPIII]

Experts hope this will solve a predicted IP address shortage as more devices are created to use the Internet.

This falls into the general category "Death of Internet Predicted". The internet is not running out of IPv4 addresses at the rate predicted in the early '90s, for a number of reasons, including NAT (whether you like it or hate it) and the simple fact that not everyone who wants to browse the web needs a publicly routable address.

Much better reasons for adopting IPv6 is that autoconfiguration is to a large degree built into the protocol (including its associated ICMP messages) and doesn't have to be done by a separate mechanism like DHCP. Also, IPv6 has a fixed length, small packet header, which should make it easier to do all sorts of routing tasks.

If you're running a Linux or BSD kernel, check out one of the many 6to4 tunnel brokers to get onto the 6bone or your own friendly neighborhood IPv6 backbone.

Re:IPv6 will destroy NATs (I hope)

[boneshintai]

With this many IP addresses, there's no reason why every connection can't be given 255 (or more) IPs. For example, I connect with my cable modem. Where's the hurt in giving me 255 IPs to use?

While that's certainly the sensible point of view, who says that ISPs, especially large commercial providers, are going to break with the one-connection, one-machine business model they've held so far? While they currently allow NAT because there's really no technical way to prevent it, connecting more than one computer is still against most ISPs' terms of service.

Ultimately, you're coming at it from the wrong end, asking why they shouldn't give you more than one. I suspect the thought processes are closer to "so why on earth should we give out more than one IPv6 address?"

Re:NAT is the answer

[arkhan_jg]

NAT != firewall.

NAT without a properly configured firewall is basically a false sense of security, and is trivially easy to get around.

If you have a proper firewall in place to protect your machines, (i.e. block all unauthorised inbound and outbound ports) with NAT as well, then fine. But NAT is a one-to-many hack, not a security feature.

IPv6 will mean you won't have to use all the kludgy port forward hacks you do when using NAT, while still being able to protect machines properly with a firewall.