Dept. of Defense IPv6 Interoperabilty Test Begins

securitas writes "The Department of Defense has launched Phase I of its delayed IPv6 interoperability test (mirror) in a six-month project dubbed Moonv6. It is the largest North American IPv6 test ever and its goal is to evaluate IPv6 for 'network-centric military operations.' Phase II was originally scheduled to begin in January 2004 but may be delayed due to the late start of the current test. 'IPv4 addresses are 32 bits long, enough for around 4 billion unique addresses.' In contrast, the IPv6 address length is '128 bits, or 340 billion billion billion billion unique addresses.' Experts hope this will solve a predicted IP address shortage as more devices are created to use the Internet."

Billion billion billion billion billion billion

[DrEldarion]

340 billion billion billion billion unique addresses.

That sounds like a number that I'd make up as a kid. "OH YEAH? Well when I grow up I'm going to have 340 billion billion billion billion hundred million thousand dollars!"

-- Dr. Eldarion --

Re:Billion billion billion billion billion billion

[Camel+Pilot]

Yes and in forty years someone will be making fun of it -

"You know 340 billion billion billion billion addresses should be enough for about anyone...."

Re:Billion billion billion billion billion billion

[Texas+Rose+on+Lava+L]

340 billion billion billion billion = 340*(10^9)^4) = 340*10^36 = 340 undecillion.

32 vs 128 bits

'IPv4 addresses are 32 bits long, enough for around 4 billion unique addresses.' In contrast, the IPv6 address length is '128 bits, or 340 billion billion billion billion unique addresses.'

Once again proving that size does matter.

The largest network - I hope not

[MerlynEmrys67]

The 6bone has been running for quite a while with MANY networks attached. Infact it is not shutting down for full IPv6 service on the internet.

I hope the DOD isn't building a network larger than this, why the heck would they waste the money on millions of machines that would be needed to be larger than the 6bone was. I can see claims that it is the largest single entity deployment of IPv6 - now that would be a useful claim

No Hope about it

[Amiga+Lover]

In contrast, the IPv6 address length is '128 bits, or 340 billion billion billion billion unique addresses.' Experts hope this will solve a predicted IP address shortage as more devices are created to use the Internet."

They HOPE that 340 billion billion billion billion unique addresses will solve the shortage...

That's like "hoping" that a 100megaton nuclear weapon will dislodge the stubborn tree stump near the driveway. I think it'll work.

Customer service will have a ball

[semanticgap]

- Sir, what is your IP adress?

- It's eight five six charlie zero fox alpha three niner zero six file nine charlie fox fox nine charlie zero six three two zero one one zero zero one alpha one two four eight five six charlie...

- I am sorry, can you start over?

- IT's eight five six charlie zero fox alpha three niner zero six file nine charlie fox fox nine charlie zero six three two zero one one zero zero one alpha one two four eight five six charlie zero fox alpha three niner zero six file nine charlie fox fox nine charlie zero six three two zero one one zero zero one alpha one two four.

- Sorry, I didn't get the part after "zero zero one"?

- ONE ONE THREE CHARLIE FOX SIX THREE

- Three?

- @#$^%$#$%!!!

Re:I don't care what you say

[Short+Circuit]

NATs will definately proliferate. All it's going to take is some worm shutting down all the refridgerators it can connect to, including both home, commercial, and warehouse coolers.

If you wanted a more dangerous scenario, there's the toilet flushing possibility. City water pressure drops, and an entire region hits a water shortage. Sewage treatment plants overflow, and thousands of gallons of raw sewage are dumped into the local water supply.

Another possibility could be environmental controls. Imagine all heating and cooling units turned on. That would be an enormous drain on energy resources.

Re:IPv5?

[DrEldarion]

Think: what do odd version numbers imply?

Bad Star Trek movies?

-- Dr. Eldarion --

Re:IPv6 will destroy NATs (I hope)

[thedillybar]

IPv6 should eliminate NATs. The people who enjoy the false security (prevention of inbound connections) that NAT provides will keep using them.

However, I see no reason for most people to use them. With this many IP addresses, there's no reason why every connection can't be given 255 (or more) IPs. For example, I connect with my cable modem. Where's the hurt in giving me 255 IPs to use? If this is the standard, filtering shouldn't be any problem. And say I've got 10 computers on a LAN. Rather than use a NAT, I can simply assign every machine their own IP.

Every machine can now create incoming and outgoing connections on all ports, as they (and TCP/IP) were designed to do in the first place. This will be a wonderful thing for many home users who simply won't pay for more IPs, and for businesses who will no longer have to pay as much for many IPs.

IP address space is currently scarce. Limited supply with increase in demand = increase in price. IPv6 will dramatically increase the supply, decreasing the price, and making (most) everybody happy.

But first...

[jo42]

Here is a web site and project that tracks how IPv4 addresses are allocated and misused, i.e. hijacked: http://www.completewhois.com/statistics/index.htm.

The way I read it, a huge percentage of IPv4 addresses are not even being used...

Security

[rf0]

With built in things like IPSec + Auto Config it will help the DOD deploy things quickly and securly. Of course for the rest of us it might take another 5-10 years before all running on IPv6

Rus

Just for fun...

[jridley]

I just whipped up a spreadsheet.
2^128 is enough IP addresses to give 2.68*10^15 addresses to every square millimeter of surface area of every planet in the solar system, plus the moon, Charon, and the Galilean Jovian satellites.

That should last a while. But I'm all for overkill. I was glad when Maxtor finally punted and made BigDrive able to address a BIG ASSED address space; if you're redefining a standard, no point in just doubling it or even *16; go big!

Re:Just for fun...

[cK-Gunslinger]

For anyone who wants to 'pronounce' the number:

2^128 is:

340,282,366,920,938,463,463,374,607,431,768,211, 45 6

Which is:

340 undecillion,
282 decillion,
366 nonillion,
920 octillion,
938 septillion,
463 sextillion,
463 quintillion,
374 quadrillion,
607 trillion,
431 billion,
768 million,
211 thousand,
456.

Re:Just for fun...

[Tackhead]

> For anyone who wants to 'pronounce' the number: 2^128 is: 340,282,366,920,938,463,463,374,607,431,768,211,45 6
> Which is:
> 340 undecillion, 282 decillion, 366 nonillion, 920 octillion, 938 septillion, 463 sextillion, 463 quintillion, 374 quadrillion, 607 trillion, 431 billion, 768 million, 211 thousand, 456.

Oh. A assload! (I believe that's an Imperial assload, to be precise. The Metric assload is only 2^100.)

Re:I don't care what you say

[amorsen]

One very interesting service that I would like to host on my phone is... wait for it... Voice!

I would like people to call my phone with VoIP. That is a "service", and I need an IP address for it.

Re:I don't care what you say

[Asgard]

You don't need to use NAT to set your firewall to deny access to your publicly-addressable fridge.

Why IPv6

[richard_willey]

IPv6 improves upon IPv4 in a number of ways:

One of the principle design goals of IPv6 was to simplify the workload for routers. IPv6 achieves this in a number of ways:

1. Part of the reason that IP addresses are so long is that part of the address space is being used for an improved addressing hierarchy. In turn, this will allow routers to maintain much shorter routing tables.
2. IPv6 routers not longer fragment IP datagrams
3. IP Header checksums are been removed

As many people have noted, the IPv6 addressing structure supports a much larger number of IP addresses. Experts are predicting that the number of IP addresses required are going to increase enormously in a relatively short amount of time. Most people are familiar with cell phone adoption rates and the impact on IP address assignment. Potentially a more interesting example is the impact of new PC bus architectures on networking models. Intel has announced a new bus architecture titled PC-Express. What makes PC Expressing interesting is that it applies a data networking model to the PC bus. [Thinking addresses, flow control, retransmissions, etc] Where this gets interesting is that PC Express can be scaled from the level of a PC bus up to an enterprise class switching fabric. Once this gets widely deployed, there is no reason why the processor on one system could not control the video card on another. We are rapidly migrating to a model in which all sorts of peripherals - processors, sound cards, hard drives - will need to be configured with their own IP addresses.

IPv6 provides much better support for autoconfiguration. This is critically important for the consumer electronics manufacturers in the Asia/Pacific.

IPv6 requires IPSec, so we might finally get pervasive network layer security. I'll be very happy to get rid of abominations like "SSL VPNs".

There is a LOT of good stuff coming down the pike.

Why did they pick 128?

[njdj]

Does anybody know why TPTB decided on 128 bits for IPv6? 64 would have been more than enough. IP addressing is not like memory or disk space, where you can envisage ever-increasing requirements. It's an addressing scheme for devices. 64-bit addresses are big enough to have nearly a billion uniquely addressable devices for every human being on Earth. Why isn't that enough, even allowing for some spare bits to make address-assignment easier? Do you plan to ask for a billion addresses for the billion devices you plan to attach to the Internet?

Re:Why did they pick 128?

[leerpm]

Probably so that in 25 years, they don't have to revisit it again and implement an IPv8. Also, the design of IPv6 is very different than IPv4. The 128 bits are actually two distinct 64bit identifiers combined together. The first 64 bits indicates the subnet. Of that first 64 bits, 48 are there to be used in partitioning the network in different ways (it's an oversimplification I know and I am dumbing down some details). The last 64 bits are your 'interface identifier', this is the equivalent of your 48bit MAC address. Only now the MAC address is going to be part of your address.

Re:Why did they pick 128?

[amorsen]

Ease of routing is the reason. With 64 bits you have to be careful how many IPs you give to each ISP. If you give too few you have to renumber or add disjoint addresses, polluting the routing table. If you give too many, you could still run out. You would also give just a few addresses to end users, say 256. That makes it impossible to do proper routing at the customer end, and addresses still have to be carefully assigned by hand or by DHCP. With 128 bits you can afford to embed the MAC address in the IP address, guaranteeing that it is unique. Goodbye to (stateful) DHCP.

Re:Why did they pick 128?

[Wesley+Felter]

The reason is that 64 bits are used for the network part and the remaining 64 bits -- automatically derived from the interface MAC address -- comprise the host part. This allows stateless autoconfiguration, which makes IPv6 networks easier to administer.

Re:But seriously...

[Jugalator]

Yes, you can use hexadecimal numbers, and I think I'd recommend it too. :-)

There are some "address concatenation" features/rules to make IPv6 addresses shorter.

- You can skip leading zeroes.
- One sequence of 16 bit blocks of zeroes can be replaced by a double colon -- "::", but not more than once.

Some examples:

- An IPv4-mapped IPv6 address: ::ffff:1.2.3.4.
- IPv6 address 3ffe:ffff:100:f101:0:0:0:1 becomes 3ffe:ffff:100:f101::1 in short form.
- 127.0.0.1 in IPv4 (localhost), i.e. 0000:0000:0000:0000:0000:0000:0000:0001 in IPv6, becomes ::1 in shorthand form.
- 0.0.0.0 in IPv4 (anyhost), i.e. 0000:0000:0000:0000:0000:0000:0000:0000 in IPv6, becomes ::0.

More reasons for IPv6

[RDPIII]

Experts hope this will solve a predicted IP address shortage as more devices are created to use the Internet.

This falls into the general category "Death of Internet Predicted". The internet is not running out of IPv4 addresses at the rate predicted in the early '90s, for a number of reasons, including NAT (whether you like it or hate it) and the simple fact that not everyone who wants to browse the web needs a publicly routable address.

Much better reasons for adopting IPv6 is that autoconfiguration is to a large degree built into the protocol (including its associated ICMP messages) and doesn't have to be done by a separate mechanism like DHCP. Also, IPv6 has a fixed length, small packet header, which should make it easier to do all sorts of routing tasks.

If you're running a Linux or BSD kernel, check out one of the many 6to4 tunnel brokers to get onto the 6bone or your own friendly neighborhood IPv6 backbone.

Re:I don't care what you say

[noahm]

Get this through your head:
NAT != firewall
In case you missed that, let me say it again:
NAT != firewall

NAT was not designed for security. It was designed to delay the end of the world until IPv6 could come and save it (OK, that's a bit of a parabole...sue me).

Firewalls are just as (in-)effective in a NAT-free environment. NAT is just as (in-)effective in a firewall-free environment. By exchanging NAT for IPv6, you aren't "giving up" any functionality, you're gaining it, and giving up a nasty kludge that never should have been invented.

It's time for NAT to die a long overdue death.

noah

Re:NAT is the answer

[arkhan_jg]

NAT != firewall.

NAT without a properly configured firewall is basically a false sense of security, and is trivially easy to get around.

If you have a proper firewall in place to protect your machines, (i.e. block all unauthorised inbound and outbound ports) with NAT as well, then fine. But NAT is a one-to-many hack, not a security feature.

IPv6 will mean you won't have to use all the kludgy port forward hacks you do when using NAT, while still being able to protect machines properly with a firewall.