Slashdot Mirror
MIT Technology Review Slams IPv6
PCM2 writes "In the MIT Technology Review, Simson Garfinkel, noted author of Internet security books, writes that "the next version of the Internet Protocol, IPv6, will supply the world with addresses by the trillions. Too bad it will also make the Net slower and less secure." His article goes on to explain that all IPv6 code is untested and therefore insecure; that IPv6 makes encourages 'peer-to-peer based copyright violation systems'; and of course, that the switch is never going to happen anyway (and yet, somehow, the United States is 'falling behind')."
...by David Weekly can be found here.
Good summary of CIDR and NATing adoption, too.
The Army reading list
Is this article technical or is it political? It sounds as if it might be better suited for the opinion pages.
MIT is one of the great hogs of current IP addresses, maybe if issues like this were addressed no knew system would be neccesary.
vampirical
Well sure the ipv6 code isn't as tested as ipv4 and might be insecure at first... But did that stop the internet from being built on ipv4? It's a stupid argument against upgrading to a new technology.
Cthulhu Saves.
Sure, they're not exactly the most honourable or squeaky clean businesses on the planet, but they sure as hell are the most popular.
0110100100100000011000010110110100100000011000100
All this talk of IPv6 has got me thinking about its possible effect on existing internet tools like ssh, ftp, telnet and apt-get. Will their normal functioning be affected at all by the increased address space and QoS provisions in the protocol? Or are these changes totally transparent to pre-existing apps, which will only need to be re-written to take advantage of the extended functionality? Will I need to update my apt.sources file?
security and functionality over speed. Speed will catch up, eventually. doing NAT everywhere sucks. If speed is the biggest con, then, well, there is no con.
Cisco routers support it, as do the routing stacks in Linux and the BSDs. If you would have read the article, you would have at least known Cisco routers support ipv6.
Cthulhu Saves.
The result of this decision made nearly 30 years ago is that the Internet simply cannot handle more than 2^32 or 4,294,967,296 devices.
I thought we were running out of /20 assignment blocks, not addresses.
/28 anymore except the IPv6 approach ends up using 4x the memory for each address.
Of course if you increase the number of assignment blocks, routers will need more memory and were back to the same reason no one will route a
Your statement that 'no routers have it' is quite simply a pile of rubbish; Cisco, Juniper, Foundry, and Nortel routers all support IPv6 in at least one version of code, if not multiple versions.
If by 'routers' you mean Linksys, Belkin, or D-Link, you really need to redefine your concept of the word.
Hey MIT - do you really need/use all 16.7 million IPv4 rotable addresses you have? Why not share a few?
Don't blame me, I voted for Kodos
Interesting... The author slates NAT for being an easy security option, causing firewalling problems and not letting each device have its own IP. Then he seems to fail to mention that letting each device have its own IP opens up a whole host of possible attacks. Who would honestly let an out of the box Windows machine be open to the rest of the internet with no NAT?
Damn,
with only 3 routers at the medium-sized business I work
for, this is going to cost us $187,500 !!!
No IPV6 for us
Walker sees NAT as encroaching oppression by the "powers that be", whereas Garfinkel seems to take the "powers that be" point of view! Simson how you've changed!
In fact, Walker is skeptical that even IPv6 could promote "consumers" back to "peers":
One transition strategy calls for most computers to simultaneously have both IPv4 and IPv6 addresses. The problem with this approach is that there's never a good time to have people start deploying systems that are only V6--that's because somewhere, somebody is going to have a machine that's V4 only, and they won't be able to communicate with you.
I think that admins will find themselves not bothering with IPv4 for individual things at their site when they find themselves out of IPv4 addresses for less-critical things.
For example, pretend it's 2008 and IPv6 is commonplace. You have a IPv4 /28 from your provider. You also have an IPv6 /48. The /28 has been fully allocated since 2006. Your www.yourcompany.com server will have an ordinary A record pointing IPv4 users at it for a long time yet, but what's your plan to let people on the outside get to your [insert-not-entirely-mission-critical-thingy-here] server (that happens to work with IPv6)?
It's an even easier decision if you, as a home user, get a single static IPv4 address for your DSL line as well as an IPv6 /48.
"It will be the biggest, the most drastic, and the most comprehensive change to the underlying structure of the Internet in more than 20 years. "
I'd love that thought applied to space.. It's so confusing, and hard to do, we should tuck our tail between our legs and run! This change will happen one router at a time.. correct me if I'm wrong.. but I do believe IPv4 addresses will coexist with IPv6. And lets face it.. for the most part, this will be done my highly experienced techs at the ISPs, and filter down to very experienced end users at business. Dialup and High Speed users could use IPv4 for ages sitting behind their ISP's big gateways.
"The deployment of IPv6--the sixth version of the Internet Protocol--will be a massive undertaking that will require the reconfiguration of more than 100 million computers."
It's not like this will happen over night.. and one day all the end users (hi mom) will have to become IPv6 Gurus. Once again, we're back to.. It's hard.. lets run away.
"But when the IPv6 rollout is finally done, not all the effects will be positive"
Argh.. this guy bugs me.. He seems to totally forget about the evolution of software.. Of course it'll be slow at the beginning.. then some company like Nortel will put it all into a hightech ASIC chip.. and we'll leave IPv4 in the dust. For each of his arguements.. there's a swell counter arguement, that's never far from reach.
Faz
-=-Ze End-=-
Quote: "Put another way, the switchover will result in roughly 5,000 addresses for every square micrometer of the Earth's surface. There are so many IPv6 addresses that humanity will never run out of them--never, ever."
I bet they said that when IPv4 was invented.
This sig is in Spanish when you're not looking....
"Japan, China and South Korea will jointly develop the next-generation Internet technology IPv6, aiming to have the global standard for the technology set in Asia, the Nihon Keizai Shimbun reported yesterday.
US firms now dominate the market for equipment like routers that serve as the infrastructure for the current IPv4-based Internet.
By working together, the three countries aim to take the lead in developing technologies for a world in which all equipment is connected to the Internet"
"Academicians are more likely to share each other's toothbrush than each other's nomenclature."
Cohen
That's absolutly not true. IPv6 info @ Cisco. I quote: "In May 2003, the availability of Cisco IOS 12.3 Mainline that integrates the IPv6 feature set from 12.2(15)T enables production deployment for all Cisco based networks." Obviously routers have it. Linux has it as well, so its certainly not a MS only thing.
The problem with IPv6 isn't software or hardware -- it's politics and money. Theres no benefit to service providers to update their IPv4 setup to do IPv6 because they'd have to find some way to still talk to the "normal" IPv4 internet (because, really, who wants to get on an ISP that isn't on the internet?). Additionally, many many ISP's charge a premium on extra IP addresses. What makes you think that they want to ditch that income so you and I can each address our refrigerator from the supermarket to see how much milk is left?
There is absolutely no security requirement! Security is supposed to be applied in other layers, with SSL and stuff running on top of an assumed unsecure link.
It would be *nice* if there was better encryption support at low levels, to overall prevent information leaking, but even total lack of such features would mean no step back from IPv4.
Simson's right in denying IPv6's short-term inevitability, but he's still being too easy on it! IPv6 is just plain dumb. He should say it.
IPv6 creates much larger headers, so there's more overhead, particularly, as a percentage, on short packets (voice, ACK's, etc.). So it'll waste bandwidth, or lower effective throughput on fixed bandwidths. We need this? It is not even using its 128 bits efficiently. The general approach is to use the top half to identify the network and the bottom half to include the 48-bit MAC address of the computer. That was a clever hack in 1985 when proposed for DECnet Phase V (which never caught on) and became an approach in OSI CLNP. But that was not for a public spammer-ridden insecure Internet. Now it is a security and privacy hole to do that. It also means the 128 bits are not used efficiently -- we are tight with 32 bits, but an address for every atom?
IPv6 also does nothing for QoS (ignore the hype, which is based on a misunderstanding) and nothing for security (IPsec works just fine with v4). It just wastes bandwidth. So it does something for, oh, MCI. No wonder Vint (the Chauncey Gardner of the Internet) likes it! And Sprint, AT&T and VeriZontal. Great.
IPv4 could use a decent replacement some day, but IPv6 is everything you don't like about v4, and more. Eccch. A dozen years since it was "adopted" and it's gone nowhere, for good reason. The Asians weren't so involved with IETF at the time, to know the messy politics behind it. And btw the whole thing about their not having addresses is false; there is plenty of space left in the IPv4 space waiting to be allocated where needed. China can have more, as they provide more and more spam relays for the h3rb@1-v14gr4 crowd.
Typical American Ethno-Centric viewpoint.
We'll *HAVE* to move to IPv6 when the third world finally gets connected! China 1+ billion people.. India 1+ billion people.. it starts to add up!
Americans.. a whole world exists outside of your borders you know.
-=-Ze End-=-
nobody will ever need more than 640 IP addresses.
Actually, many backbones have switched to IPv6 because ROUTING is FASTER on IPv6 than IPv4.
On this simple fact I assume that the author of this article just don't know what he is talking about. As for security and as for NAT (which is less secure than he even thinks it is, as a protection).
IPv4 has seen many, many security issues in the *recent* past btw (ISN Prediction anyone ? Spoof with any ip)
He also forgot that there are tunnels from ipv4 to ipv6 and from ipv6 to ipv4, effectivly adding compatibility. If someone is stuck with ipv4 somewhere on the globe, np, he setup a tunnel to ipv6 and none is stuck. Damn FUD, I say.
refs:
IPv6 FAQ
Routing
(IPv6 has less headers => faster routing
(Better QoS => more efficient network
(etc.)
Getting everybody's home machine out from being a NAT box should make possible a lot of interesting applications that are either very difficult or downright impossible today. And in all likelihood, some of those applications will not be popular with the Recording Industry Association of America or the Motion Picture Association of America, both of which have taken the lead against peer-to-peer networks. As soon as they understand what a threat IPv6 is to their police actions, they are likely to start fighting against.
I have no strong opinions on the technical merits of IPv6 but I want to address the above statement, and the (IMHO) wrongheaded mentality behind it.
Why should the fact that these monopolistic groups oppose new, useful technologies, lead anyone to the conclusion that those technologies should be abandoned? Shouldn't we rather abolish the MPAA and RIAA?
When the light bulb was invented, did anyone argue we should abandon it because the candlestick industry would oppose it?
The truth is that new digital technologies are making "content" businesses like those represented by the *AA's obsolete. There is no benefit to society to engage in costly, counterproductive and futile "wars" against P2P and other useful new technologies in the name of enforcing "intelectual property" laws created in a different era that now benefit only special interests and not the public interest.
Simson Garfinkel is an incurable gadgeteer, an entrepreneur, and the author of 12 books on information technology and its impact
Translation: he's old and new technology scares him. He writes books about technology because he doesn't actually understand it. Describing P2P networks as being "for teenyboppers" is quite insane, he must have never tried to download anything large recently (especially given the maturity of solutions like BitTorrent for free software / content distribution - even NASA used it to release their Magellan rover software to the public). This guy should retire and stop his "THE SKY IS FALLING" shriek of panic. Suggested activity: gardening.
He also has absolutely no suggested *solutions* to the problems that he pretends exist. It's not as if IP6 is going to be any less tracable than IP4, nor will it magically create problems that didn't already exist. People are still going to want to firewall off networks under IP6 - in the same way that IP4 can be firewalled off - but this will be done without NAT.
Just because a protocol is "new" doesn't automatically mean that it's a danger. I have to wonder if this guy has never bought any new software in case the CD is so new that it's infected with the Ebola virus. Which makes no sense. Yes, corporations typically hold off adopting new products till version 1.1 or 2.0, but there's no point condemning the early adopters to insecurity hell before IP6 has been rolled out to the public.
Next he'll be complaining about kids and their music... why in his day there, etc, blah, blah.
The ethnocentrism comes from the fact the Americans are the main people resisting IPv6. America has most of the IPv4 addresses, so they don't see a problem, and don't care about those without.
Kind of the entire American situation in a nutshell.
Everyone seems to be switching from Linux 2.4.x to 2.6.x
Now we're going from IPv4 to IPv6
What the fuck do you people have against the number 5?
--I don't want the world, I just want your half.
But still a bit harsh on IPv6....
/64 network, but it has yet to be seen whether certain organizations might, for the hell of it, get allocated /8 networks because they can. As near as I can tell, the high 16 bits seem to be somewhat protected, but you never know what will happen. If there is a grab for /8 networks among big players, you have the same problems that IPv4 has today.
As to the notion of never running out of address space 'never, never' as he puts it, I wouldn't be so sure. The 32-bit address space provides 4.2 billion addresses. With that in mind, we are much nearer to exhaustion than current usage would dictate. It is all about the allocation, and if sloppy allocation occurs, the 128-bit address space of IPv6 could be exhausted too. For example, the architecture of current implementations make it so that the smallest subnet anyone will likely allocate are 64-bit networks, and use MAC addresses (or something else, but still 64-bit, because it's easy), so immediately you take the address space down tremendously. Still should be well more than enough for everyone on earth to have a
As to security implications, it is true that implementations will be for the short term future less tested and therefore likely to contain critical flaws, but still IPv6 code is receiving a fair amount of testing, and critical flaws will not be quite so devastating as you may think, no more than an Apache, Linux Kernel, or MS security exposure, which we have seen all of in fairly recent history without the sky falling.... Of course the wrinkle in this is a lot of the 'home router' concepts that happen to protect common home systems will cease to provide that protection. They provide NAT features, therefore masking to an extent the system behind the device. Despite what the author says about NAT being bad because it doesn't protect against things like browser exploits and physical intruders, NAT is on the level of firewalling in terms of protection. Any reasonable network security person will realize that browser exploits, email worms, and physical intrusion must always be kept in mind, and it has nothing to do with NAT or firewalling. NAT remains effective at, for example, fending off web server and rpc attacks from unsuspecting or experimenting workstations. If NAT goes away (hopefully), people need to be mindful of good old firewalling strategies. Implementations are maturing (experimental ip6tables implementation, for example, is approaching closely the ipv4 iptables featureset). If cable/dsl 'routers' revert to hubs in a wealth of addressing, I expect either cable/dsl 'firewall' devices or increased ISP vigilance to deal with the more widespread system exposure.
All that said, I like IPv6 (my desktop, gateway, and laptops are using IPv6 and each have public IPv6 addresses, keep NAT on IPv4 on some systems), but I (and everyone else) has been waiting and watching a long long time and no encouraging migrations are yet to be seen, and I doubt the near future will bring any incentive to push such a change.
XML is like violence. If it doesn't solve the problem, use more.
Ever wonder why only Americans complain about IPv4?
Isn't funny how Asian nations, which you ignorantly claim have so many IPv4 addresses available, are the principal backers of IPv6 right now?
Don't feel bad -- most people are incapable of believing in any problem that doesn't affect them personally.
Don't worry, having IPV4 addresses as a sub-block of IPV6 addresses, dual IPV4/IPV6 hosts, and IPV6 protocol encapsulation was such a good idea that the designers of the IPV6 protocol decided to use it.
::203.131.45.99)
They even made it simple! If my IPV4 address is 203.131.45.99 my IPV6 address will be 0:0:0:0:0:0:203.131.45.99 (there's even an abbreviated notation for a V6 address which would just be
The likelyhood is that the migration to V6 isn't proceeding as fast as possible for political and financial reasons rather than technical ones.
Anyone know what the adoption rate of IPv6 is for the major broadband ISPs? TimeWarner/Comcast, etc?
What with Win95 being EOL'd, a fair number of them will be upgrading to Windows XP (or Linux, OK?) with it's built-in support. Maybe the best approach would be from the bottom up?
Chip H.
Well, you know what? You don't move to IPv6! You add IPv6. You can still keep your IPv4 connection. Then you can start adding IPv6 support to each protocol and application, one at a time. You can and will still be fully IPv4 compatible. You'll just allow yourself to use IPv6-only services and make it possible for you to set up new new IPv6-only services even though you've run out of IPv4 addresses.
I'm not sure at all.
The IPv4 addresses are inefficiently distributed. MIT for instance has 16.7 millions of them. IBM too.
Entire classes of addresses are reserved for things we don't REALLY use like multicast and so on.
Plus we now have NAT and CIDR that help save some addresses.
I bet we could use IPv4 for 20 more years. IPv6 is to complex, bulky and inefficient.
I studied it and the fact that MAC addresses are in it blows me away.
Aren't the IP addresses a logical layer that prevents problems when you change a NIC ? If each time you change your NIC you have to change you address I foresee lots of trouble here.
And 128 bits addresses, okay, but entire classes are already wasted (multicast, network IDs, etc) and in the long term we could run into the same problems !
Anyway its too expensive and slow for the moment. Nobody wants to pay 1 million dollars for the last Cisco router with IPv6 where the one we bought last year for another million is working just fine.
Why not just add an extension to IPv4 if we really need these addresses ? I know it has a lot of flaws but hey, why change EVERYTHING ?
Iraq: war to save the U
Yes, even then.
Let's assume every single one of the 100 billion stars in the galaxy is inhabited, and each star has a population of 10 trillion humans in orbit around it, and each human has 1 billion devices that need IP addresses. In that case, only 1/340,282nd of the possible 128-bit IPv6 addresses would need to be assigned.
Is this like: "I think there is a world market for maybe five computers."?
What *if* molecular nanotechnoloy takes off? Humanity then decides to build a large space based object, which will be built by a massive number of 'replicators', each working within a 100nm per side cube. (Raw material will come from a passing asteroid.) It is decided that each replicator is to be individually addressable. The number of IP addresses required is then (<linear size>^3)/((100nm)^3). 2^128 addresses will be required to build a 700km cube.
Sure this far fetched, and there are lots of other technologies which need to be invented before something like this can happen, but lots of today's things were far fetched in recent history.
"Five is RIGHT OUT!"
1. "Twelve Days of Christmas:" you get 6 "geese a laying" & 4 "calling birds," but 5 expensive "gold rings." You can shoot the birds. ;)
2. 5 is not an even number: it makes slow people stop thinking when they try to divide it.
3. A family of 5 usually means 2 parents & 3 children: nobody wants to be the middle child.
Life is irony, and nothing ever goes as planned.
As far as IPv6 security goes, I'd like to see the new and interesting worms and network scanning utilities that can scan such a huge number of addresses, 4 billion addresses wasn't a difficult feat for programs that simply scanned incremented octets in IPv4, but now we have a lot more address space to slow such things down... this could just as easily be a problem though, imagine blacklisting a network from a spammer... oh darn, looks like they just need to find another billion addresses to randomly use.
FreeBSD was the first OS to have IPv6 support.
IIRC, MIT has a class B IP range, meaning it has 255^3, or 16,581,375 IP addresses. while China and South Korea--with a combined population of more than 1.3 billion--have been allocated 38.5 million and 23.6 million respectively. Does that sound unfair to anyone? MIT having 6139 students, plus faculty and staff, compared to China having over 1 billion people. China as a whole barely has over twice what MIT has in IP allocation, while having 160,000 times more people. I believe this is a biased, pointless article, written by a moron who does not realize the enormity of what he's saying. Many Asian countries are literally running out of IP addresses, and he's complaining about "lack of security", and thinks that no routers support IPv6 (Pretty much ALL Cisco routers support IPv6 flawlessly.) This man does not know what he's talking about.
got sig?
There's so much wrong with Garfinkel's "review" of IPv6 that I won't be reading his security books. Meanwhile, at the SpeakFreely RIP (repost) thread, the NAT bashers get poked pretty hard.
--
make install -not war
Assuming it is:
1. Cisco Routers suck at IPV6.
That's kind of an implementation issue rather than a protocol issue wouldn't you agree? If word gets out that Cisco Routers aren't providing bang for buck then there are always alternatives as you have suggested. If performance really matters then IT managers can argue the point that the corporate policy is outdated and has to change...
2. There are too many addresses.
Too many addresses is certainly a better situation to be in than not enough addresses I'd argue. Pretty much everyone in this thread that has had to deal with NAT has put forward that it's a deal with the devil: it's a just barely sufficient hack to a tricky problem.
3. IPV6 addresses are too large.
Extreme amount of memory to hold routing tables? Sure, if addresses were picked at random with no regard for the overall layout of the Internet. There's nowhere in the protocol specification that says all 64 network bits have to be used at once when rolling out. Give every ISP it's own separate chunk of the IPV6 address space to which it can portion out to it's customers, and routing may actually become easier, not harder. With 64 bits used for routing I'm sure every ISP in the world could have way more individual IP addresses than it could possibly need, and there would still be plenty of network prefixes left over. We as a community now have a lot more experience in dealing with address allocation issues than we did in 1970...
4. The IPV6 header is too large.
Oh, please. If you're worried about conserving a mere 20 bytes in each packet don't you think more would be saved by design superior compression schemes for when the data intensive applications like Voice, TV, Radio, etc become an integral part of the internet? Also, what's the difference today if a web page takes 40 seconds to load, or 41 seconds to load?
These aren't discussion points, the complaints are too trivial for that. I would hope that you put a bit more effort into research if I were the one reading your dissertation. IPV6 may not be perfect, so point out some REAL design problems if you're going to try.
I have IPv6 from my ISP. Its enabled by default for every one of their clients, and has been for more than 2 years. Most of the other small providers in Europe are now offering it standard, and I have talked with one large telco who will be trialing it this year, for a rollout before a big marketing push in September.
/48 block of IPv6 at home. All my machines speak it, Solaris, Mac, Windoze, BSD, cisco, Nokia, Ericsson. My firewall filters both IPv4 and IPv6 with no problem, the rulesets are quite similar. With autodiscovery, router advertisements, and all the other cool protocols built into the IPv6 specs, adding a new machine means it just works.
But as the whingey Garfinkel points out, the U.S. is very much behind the curve in IPv6 rollouts. Typical corporate american incompetence.
As for routers, all real routers have it. It takes more effort today to get a cisco router without IPv6, because all the machines being delivered recently come with a version of IOS which has IPv6 installed. Just waiting for a Cisco Certified Button Pusher to configure it correctly, and bob's your uncle.
I have my own
While typing this response, I ran some statistics on web servers I manage. Approximately 5% of the traffic was IPv6 during the month of December, up from about 2% last June. That means that 5% of the PCs out there have IPv6 enabled, connected to an ISP offering IPv6, and are using an IPv6 capable browser like mozilla or IE6.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
I went through the entire current posted responses, and I'm suprised people missed mistakes that - in the words of my girlfriend - must mean that the author was simply having a bad day and couldn't be writing this as a serious article.
The most important thing that IPv6 does is quadruple the size of the Internet address field from 32 bits to 128 bits.
Quadruple? 2^32 * 2 != 2^128. In fact, there is a very distinct difference. I would hope a writer for the M.I.T. Tech Review would know the difference.
One transition strategy calls for most computers to simultaneously have both IPv4 and IPv6 addresses. The problem with this approach is that there's never a good time to have people start deploying systems that are only V6--that's because somewhere, somebody is going to have a machine that's V4 only, and they won't be able to communicate with you.
This is so horribly backwards, he must be joking. One of the points of IPv6 is that IPv4 can be routed within and through it. (visa-versa too, but let's assume we're taking about an all v6 net) The real worry would be when someone created a v6 only site that some v4 person wouldn't be able to address.
Ugh. I think IPv6 upgrade path will be similar to analog and digital cell phones. They're still able to route to each other, and the improved features and quality of connections have caused people to leave older analog phones. The older phones still have better coverage; but, the newer phones are still able to switch to analog mode if necessary.
Problems with a v6 peer not being accessible to a v4 peer aren't too worrying to me. The same technologies enabling Akamai and NAT will almost certainly solve that.
One obvious solution is an automated DNS -> TCP/IP forwarding service:
Amy is cute.
I still think re-working the way people think about IP addresses will solve more problems.
E.g. You're toaster doesn't really need a public IP does it? [or your cell phone for that matter].
Good use of NAT can solve all of these problems...
There is no reason why certain companies/schools have millions of addresses each. Plain and simple.
Tom
Someday, I'll have a real sig.
The Tech Review was right, 32 * 4 = 128. Note that they said the size of the Internet address field (number of bits), not the number of addresses.
New software contains new bugs. Hardware upgrades are expensive. NAT is not a magic bullet.
Does this man write a regular column called "The Obvious"? He should.
Nothing worth doing is worth doing today.
So the burden is on China, Japan, India, and other countries worried about IP address shortages. And, as it happens, that's where the bulk of the development is being done (Japan especially). So you see, it works: the people who need IPv6 most are doing the most work on it, and the people who need it the least are contributing less.
All I have to say is that I'm not really going to take seriously somebody whom talks about security problems but still serves webpages from a M$ IIS server..........
In an act of good will in the mid 90s, Stanford (the only other school with a Class A network) gave theirs up. They did this for the greater good while knowing that it would leave MIT with bragging rights as the only remaining university with a Class A. Sometimes doing the right thing is more important than bragging rights. Even so, many of the geeks at Stanford thought it was a real tragedy. The other 50% of the sutdent body didn't even know there was a change.
Lasers Controlled Games!
LinuxInDallas wrote:
Not trying to beat up on you... what you wrote is what people who weren't there commonly say with hindsight. The seeing eye moves, and moving, sees from different viewpoints over time. When 32 bits were selected to provide IP addressing for the the then-new phase, it probably seemed like a lot and any more than that would have run into objections of excess packet overhead and bandwidth waste.
Believe me, if anyone had suggested using more than six digits to store a date 30+ years ago it would have seemed idiotic and wasteful. Mostly these things don't even get discussed beyond unstated limits that are appropriate to the times and the circumstances. A real life example:
In late 1969 or early 1970 I was standing in a mostly empty computer room with people a lot older and wiser than I, and they were discussing what level of New York Stock Exchange trading volumes (as a measure of overall market ticker traffic in all exhanges) we should plan on for our second-generation network and computers, given a lifetime of, say, ten years. Our processing and communication loads were directly related to trading activity in stock, bond, commodities and other markets. NYSE volume was the common metric used to gauge all the market information traffic in the nation for load purposes.
The NYSE was doing, I think, about 6 million shares a day on a heavy day then. Some provision had to be made for growth but no one wanted to be the first to throw out too high a number. They looked at each other in turns in a most peculiar manner.
Finally the VP asked, "Do you think planning for 20 million shares a day would be going too far?" No one else had been willing to venture a number that high, but everyone agreed that that would be a good number for planning the network and computer capacity. Had anyone tried to sell the idea that we should have planned for much more than 20 million, he would have been noted as someone whose assessments were wildly outside the lines.
As it happened, our network and computers had to handle U.S. market information traffic measured by NYSE volumes of 200+ million shares per day before it was replaced by a newer system about 15 years later, and as early as 1976 the major exchanges began delivering information at a gross bit rate 70 times what it had been before. In that original discussion, anyone who might have insisted that 200 million was the right number probably would have lost his job on the spot for being so obviously out of touch with reality.
And so it goes. The viewpoint changes, the givens change, the parameters change, the changes change, and later judgments about decisions made decades earlier are rarely informed enough to be valid. In our case we blew it badly on the estimate of 20-million-share days, but we built our shit so well that it scaled without much difficulty to handle 10 times what we planned for and five years longer life than anyone had hoped for.
Also, system failures were not permitted. But that's another story for another time...
Look at the bright side: there's always seppuku.
You must have had an ISP that was much more liberal...grin. Giving workstations real IPs was no excuse to get a class C in Austin.
Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
Or, more generally, all the people who had a working box before, and don't want to touch it. It may be running an old OS and a bunch of old apps, and everything might work fine.
Some people, who don't live in the real world, like to think of this type of thing as something that can just be phased out in a few years. Everyone will patch their systems slowly, and vendors will recompile the code with new libraries, and old routers will be replaced with hardware IPv6 routers, and then, magically, everyone is using IPv6.
The reality is that people won't patch their systems, routers will work for eons and nobody wants to replace them, and app vendors are long gone because they don't make money on your legacy app anymore.
This reminds me of arguments about switching to linux. I love GNU and linux of course, but we have a tendency to think of some typical case of an office or home user. But so many people, especially those most likely to care about switching, are atypical. To assume that eveyone needs the same things out of a computer is to turn it into an appliance, which has been shown to completely fail. It ends up that someone has an intricate, delicate system, and nobody in their right mind wants to touch it.
Social scientists are inspired by theories; scientists are humbled by facts.
IP version numbers Damn, this isn't lame, hope it isn't lame enough now.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
"The deployment of IPv6--the sixth version of the Internet Protocol" - 6th version? no it isn't, it's version 6.
:)
"Each about 500 bytes in length" - wrong, i can change my packets to 15Kb in size if i wanted, or even 512KB
"Versions 1 through 3 never made it out of the lab. Neither, for that matter, did Version 5." - right... he doesn't realize that ipv6 is just called that because of the 6 areas to insert a IP address: area1:area2:area3:area4:area5:area6. version 1, yes it does exist, this is my ipv1: 1345396058 (long ip).
"There are so many IPv6 addresses that humanity will never run out of them--never, ever." - never say never
"those routers don't have similar hardware that can route V6 in hardware: those packets have to be routed in software, which is a slower process." - all enterprise routers, which the Internet runs on, can have their roms changed, no changing of routers required
I also noticed one more flawed thing with his article, he talks about IPv6 coming, and going to be widespread, then at the end he makes it seem as if it isn't coming.
He seems to of sparsely researched how IPv6 works, thus, resulting in this really bad informative article.
Change is certain; progress is not obligatory.
You know, mods, when someone puts the word "troll" in their nick, you're supposed to pay attention.
The world does not need more than the 4 billion addresses available with IPv4, and I challenge you to come up with an application that requires that many. Assuming that you can actually come up with one, it could easily be solved with Network Address Translation, or NAT as it is commonly known.
Here's an application for you: there are more than 4 billion people on the planet. When we're all hooked up, what do you suggest? Do you really think we'll all be online behind some uber-NAT devices 50 years from now? Have fun using your cell phone/PDA/personal whatever when you and 1000 of your neighbours are all sharing the same IP, and you're using a protocol as complicated as *gasp* FTP (hint: NAT breaks more than it fixes). Really, please share with us what the "shortcoming" of too many address is. Overkill, it may be. But how does it hurt the protocol?
The problem with a 64-bit network prefix is that routing tables become massive. Just do the math and you'll see that extreme amounts of memory are required to hold routing tables.
The whole point of IPv6 addresses is that we can do more EFFICIENT routing, as opposed to the hodge-podge of rules we have today. IPv6 routing is FASTER than IPv4.
This means that downloading stuff will take 3.4% longer.
Wow. A whopping 3.4%. Now, in the real world, a lot of us use MTUs > 1500. So we're talking just over a single percent. Stop the presses! Oh yeah, there's this neat thing called header compression, by the way.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
He is fairly aggressive at attacking IPv6, and even contradicts himself in his fury against the protocol...
all IPv6 code is untested and therefore insecure
Yes, if you don't count university networks that has been using 6bone for several years now. Read up a bit on 6bone, and you'll see that the primary purpose of it is to function as a testbed for IPv6. But of course, computer scientists aren't really able to find and fix problems in the protocol.
IPv6 makes encourages 'peer-to-peer based copyright violation systems
I won't even comment on this...
Deploying IPv6 means that every application that uses Internet addresses needs to be changed.
However, isn't IPv6 designed to be backwards compatible? I.e. have a separate address space that emulates IPv4? So there isn't an urgent need to switch *now* when it starts getting used? Using the IPv6 stack should not mean an unability to talk with IPv4 clients.
Today, most routers come equipped with special-purpose integrated circuits that can route IPv4 packets very quickly. But because there is no demand for it, those routers don't have similar hardware that can route V6 in hardware
I'll just let him contradict himself:
"The code that lets computers talk on an IPv6-enabled network is now built into the current versions of Windows XP, MacOS, Linux, and many forms of Unix. Every router made by Cisco comes ready to run IPv6. So does every Nokia mobile phone. The whole world is getting dressed up for the IPv6 party."
If they're already implementing software support for IPv6 before it's even starting to get used, doesn't he think this is a sign that the manufacturers are dedicated to bring hardware IPv6 support once it gets even more widely used? If not, he needs to explain why.
He complains about upgrade costs too, which seems to be a concept never heard or experienced by him before, as he seem to be in shock while discussing it.
But what IPv6 boosters won't tell you, unless you press them, is that every new IPv6 nameserver, Web server, Web browser, and so on has new code--code in which security problems may lurk.
True, updated software might get new bugs if they aren't tested properly. What's new? This risk is taken daily by adopters of upgraded or new software.
Beware: In C++, your friends can see your privates!
I haven't read such a pack of bunk in a long time--it's not worthy of the MITTR.
Garfinkel claims that IPv6 won't be viable to roll out because routers need to be upgraded. Dude, that is an ongoing process. Does he think that today's IPv4 routing hardware can handle tomorrow's IPv4 traffic? Let's see, how many protocols did the early Internet support? I guess they never merged to IP, because it was too expensive.
Also, he's a bit of a pollyanna about NAT--NAT is not a reason for why IPv4 is going to survive. It's a fiendishly shit kludge. Ask anyone that received a 10.0.0.1 answer from Verisign DNS last week. NAT sucks. It's a fix, but it sucks.
Lastly, IPv6 shouldn't be deployed because it relies on _software_ being changed? Oh gee, I'm sorry mr. Garfinkel, but I'd completely forgotten that every single networked application, nameserver, mail server, and web server has evolved code-wise to a layer of abstraction and perfection that we never have to worry about another security hole again! Aren't we happy that we've all reached BIND25, which never ever has to be touched again for as long as we live?
What an idiot.
Cole's Law: Thinly sliced cabbage
As someone who was around during the IPv6 specification phase I can tell you that the spec that finally emerged from the IETF (following a great deal of ill feeling) had two main goals:
1) Not to be anything like OSI on principle
2) To be conveniently routable on the hardware then typically in use for academic workstations
So frankly, it's no real improvement on IPv4 and failed to consider ways of reducing latency and increasing the robustness of routing in large-scale carrier backbones.
It was too late even back then to consider the great "switch over" because there were just too many autonomous network operators around with no incentive to change unless everyone else did (those of you who knew DECnet Phase IV will remember a magic switch which was supposed to cause your entire network to transition to Phase V: not many customers actually activated it for the same reason).
The future is probably some rather different local area network protocol for all of those home appliances (connecting your PC, iPod, TV, PVR and toaster) and something different again for the long haul.
But it will have to be demand-led.
When you think consumer gadgets then the US isn't the first country to come to mind - its Japan, Taiwan and China, Malaysia, Korea and the Philippines (in no particular order).
If every gadget gets an IPv6 ip address then its irrlevant what some ex-MIT/Mass commentator thinks. Asian and especially the Japanese with KAME, are sniffing around for another edge that they can get.
Once the millions of games consoles get IP for LAN parties then ISP are going to be driven kicking and screaming into IPv6. Console sales outnumber PC sales so what Microsoft think here is irrelevant (unless its XBox related). Nope, in the same way that GSM eclipsed older analogue Cellular networks (with multi-billion costs in upgrades), then IPv6 will eclipse the older IPv4 and the drive will be consumer gadget driven.
"Put another way, the switchover will result in roughly 5,000 addresses for every square micrometer of the Earth?s surface. There are so many IPv6 addresses that humanity will never run out of them?never, ever."
just thinking of a thousand swarms of 600 billion nano-robots conquering the deserts of some evil country desperately seeking WMDs. we WILL run in trouble with these 128bit adress fields...
* a merry live and a short one
And here's to you, Mrs. Robinson Jesus loves you more than you will know (Wo, wo, wo)...
This sig was generated by a barrel of trained kittens for SeXy_Red (550409).
However, given the sad, vulnerable state of security and privacy, I'd expect more authors to expound on the benefits of IPv6's privacy and authentication mechanisms.
Likewise, as more bandwidth is eaten by spam and music downloading, IPv6 addresses quality of service, and better routing and addressing capabilities.
The only two reasons not to go IPv6, at least for intranets, is either espionage agencies oppose increased security and/or a particular large vendor fails to support it well. Maybe there are others. Wireless networks and VPNs are being thrown in all over the place. These are the perfect places to start with IPv6. The other option is NAT, but that will eventually have to be redone when the move is finally made. Kill 2 birds with one stone and install the new VPN or Wireless net with IPv6.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Address fields are a fixed 32-bit integer...this notation would overflow.
When everything is switched over to IPv6, then the internet goes back to its original plan - where all computers are equal; they all have their own address, they can all do whatever they want (or, whatever they can, given the hardware inside of them) like run servers, etc. The big thing about IPv4 is that not all computers are equal - one IP goes to one broadband modem, and there's a NAT present in the event of more computers behind the one IP address. In this IPv4 situation, not every computer can do whatever they want (like run servers, etc); the computers behind IPv4 NATs are consumers. The computers behind IPv4 NATs aren't equal contributions to the internet, they're there to consumer services.
I'd imagine the companies providing these (or any, for that matter) services are trying quite hard not to switch to IPv6, where, if us present-day-consumers don't like how they handle the services, or if the billing for these services isn't what we expect, we can simply do it ourselves and take them right out of the picture. With IPv6, the providers would be forced to listen to their customers or risk not being the providers any more.
Ok, I apologize for the stream of conciousness style of my posting but there were a couple of issues that I just didn't get.
First, OK, NAT IS THE DEVIL. But the authors security argument about NAT was that people were using wireless lans and getting in through the backdoor to attack the PC's. IPv6 doesn't do anything to mitigate that.
Second, the idea that having every object in your house have a two way freeway to the internet has to be a ddos attackers dream come true. Sure I can see my 67 year old dad setting up a firewall to keep his web enabled toaster from sending out bad and evil packets onto the internet. Right after he wins the XPRIZE for that orbital Refrigerator he has been working on. Get real, most users can't figure out what an icon really is, and now they will be the key to securing this brave new world.
Third, does this not let ISP's charge more now that we will be using 100's of IP addresses?
4th, think of all the applications that haven't even been thought of yet. Come on. At least with the new ipv6 we will be able to watch his daughter go to college, and probably follow her on dates and to the bathroom. PROGRESS? Not meant to be an insult, but the purient aspects of all this technology just floors me sometimes. I guess I am a Luddite.
So in closing, I think it will happen and I for one don't care if we (the US) lags behind. In the long run that will make it cheaper for us and the pioneers can take those arrows for us. And as for using up most of the ipv4 address space, what can be said but "WE RULE"!!!
there are lots of other advantages of ipv6 compared to ipv4:
/128 into multiple subbits (like /4) helps in the logical arrangement in the address.
/48 (65535 subnets) if you are able to utilize 200 subnets within 2 years. by default (i don't know how they run their network - if it is efficient or they just subnet their network and waste all the ip address) they may have a hard time getting allocation from arin. they might need to get the suballocation from a provider (since it is hierarchal) so that's why they are opposed to the idea.
routing - different rirs have now created policies that will make routing much efficient. it will be hierarchal so routing tables will much smaller (thus faster routing.)
headers - the ipv6 headers has been optimized compared to ipv4, data transmitted includes qos (standard)
multicast - no more broadcast. we don't have to worry about too much data storms in our network (better bandwidth utilization.)
autoconfig - ipv6 provides for automatic configuration of ip addresses. this will make transition much easier since most devices can be made ipv6 ready and activated and it will automatically configure itself and run on ipv6.
tunneling - you can do endless tunneling to seamlessly support ipv4 and ipv6 networks together. you can easily put an ipv6 backbone with ipv4 clients running (with all translation under the fe80 range.)
addressing - clear policies has been made with regards to addressing (and routing as well) to prevent problems that have plagued existing ipv4 networks. the division of the
maybe since mit has 16.7million ip addresses, they are afraid of ipv6. based on existing policies agreed upon by rirs (arin, apnic, ripe), you will be allocated a
even if they do not switch to ipv6 (i hope they will be the last one.) the entire world will be running in ipv6. here in asia, it is much harder to get ipv4 addresses. so we are already experimenting with ipv6 (and readying for production grade native ipv6 networks with full peering and routing - we have purchased ipv6 routers in preparation for a full ipv6 backbone with ipv4 tunneled instead.)
software is increasing its support with ipv6. windows xp already has support (not so savvy end users can now start benefiting from ipv6.) linux and apps already has support. most network equipment now supports ipv6. heck my mobile phone can access an ipv6 network natively!
final words. go ipv6! it's about time. (and note to all admins, experiment with ipv6 and you'll see.)
p.s. slashdot was inaccessible for a few minutes before i posted this content
Live your life each day as if it was your last.
The code being untested is surely no huge obstacle as it is quite able to be well tested. IPV6 will indeed make peer-peer systems more possible than they are today with many users externally inaccessible directly behind limited NATs. But peer-peer ability does not equate to copyright violation and that anyone from MIT would imply that it does is gross political manuevering. Peer-peer abilities mean that the internet is many-many in rather than strongly slanted to few-many. All nodes become potential producers and shares of information and bandwidth. This was the original shape of the internet and its original promise. It is high time we got back to it.