Accelerating IPv6 Adoption With Proxy Servers

jgarzik writes "IPv6 presents a catch-22: the most popular web sites on the Internet don't have any incentive to switch to IPv6 until a large portion of their userbase is on IPv6, and their user base does not have a large incentive to switch to IPv6 until many of the popular Internet destinations support IPv6. My proposed solution is simple: Configure a proxy server that serves IPv6 requests, passing those requests through to underlying IPv4-only servers that not have yet been transitioned to IPv6. This article describes how to configure Apache's proxy server to fill this role, and suggests a few ideas for use."

Proxy server fun

[AKnightCowboy]

Make sure they're open to the public too. You don't want to be a stingy admin right? You should share your proxy server with the world.

Re:Proxy server fun

[rincebrain]

Yes. An open proxy server on a topic just mentioned by /.

I can't imagine that's abusable. I mean, nobody would embed ads in their IPv6 proxy if it became too popular, right?

Just a thought.

Re:Proxy server fun

[wirefarm]

>I mean, nobody would embed ads in their IPv6 proxy if it became too popular, right?

I use mine not only to convert to IPv6, but also to convert English measurements to Metric, Relational Databases to Object Databases and any text to Esperanto.

Re:Proxy server fun

[maxwell+demon]

Bah, that's nothing. My proxy converts first posts on slashdot into insightful comments!

Re:Proxy server fun

[tolan-b]

Hey, cool! I speak Esperanto like a native!

So not at all then? :)

The opposite is already there..

[tbaggy]

This page/site already does it.

Word of warning

[rimu+guy]

By having an open proxy anyone can send/receive data via your proxy server (duh). There are implications: e.g. I've seen someone's server bandwidth being used to serve images in a spam (pr0n) email.

If you don't want people hiving off your bandwidth and potentially using your server's bandwidth for puposes you wouldn't normally approve of, then consider controlling your proxy access.

--
Use your VPS proxy powers for the powers of good

Re:Word of warning

[sploo22]

Since you obviously didn't read the article, I should inform you that that's exactly what it recommended. The Apache proxy should be set to only handle requests for a specific site under the administrator's control.

Re:Word of warning

[linsys]

Either he didn't read the article or he has NO idea what a reverse proxy server is.

The reason that people implement reverse proxy servers it to protect the systems "behind" them, you want EVERYONE to use your proxy server because it appears to be the "real" system as far as "internet users" are concerned.

I have implemeted reverse apache proxy servers to protect insecure IIS systems from many kinds of attacks.

Looks like most of these posts are gonna explain why a proxy server is a bad idea, bla bla bla because everyone will use it, well GOOD YOU WANT THEM TO USE it so they can get to your system.

But wait:

[Trejkaz]

Is it just me? I can't see any AAAA records for ipv6.org itself. I would have thought they would be the FIRST to change.

Re:But wait:

[Trejkaz]

Okay, I'll answer my own question. They have them for www.ipv6.org, but not for ipv6.org itself.

Re:But wait:

[LogicX]

there's also no A record for ipv6.org itself also -- so boo; its not like they singled out AAAA
its just another one of those loony sites thats www. only; and not just the domain name.

extra hop

[pythro]

An extra hop to go through on my web surfing adventure...NOT ON MY WATCH!

Re:extra hop

[MemoryAid]

An extra hop to go through on my web surfing adventure...NOT ON MY WATCH!

I don't even have internet on my mobile phone yet, let alone my watch. I bow to your uber-geekiness.

Most people don't care about IPv6

IPv6 was primarily designed to solve a *problem*.

That problem was IPv4 address space exhaustion.

If the problem isn't hurting people on either side (client or server), then there is no reason for them to migrate to IPv6.

For people in certain heavy net using countries (such as Japan and S. Korea) which have received a smaller slice of the IPv4 pie, then there is more incentive to move; for the vast bulk of the world there is very little incentive to move to IPv6.

Re:Most people don't care about IPv6

[tokachu(k)]

The problem exists just as much in the U.S. as it does anywhere else in the world. For example... Do you use NAT (a home router)? Blame your IPv4-based ISP for not having enough address space for you. Do you run a web-hosting company? You probably know how expensive address space is. Neither Japan nor South Korea had to use IPv6. They could've stuck IPv4 and NAT (something that rural broadband companies in the U.S. do, by the way), but they didn't. They chose to solve the problem rather than ignore it.

Re:Most people don't care about IPv6

[DAldredge]

There are just a few other reasons to switch to IPv6...

http://www.ipv6forum.org/navbar/events/birmingham0 0/presentations/YanickPouffary/sld025.htm

Also, from another site:

*
A powerful addressing scheme that makes possible the allocation of public addresses to every device inside home networks

*
A protocol specification more powerful thanks to the extension headers

*
Restore the end-to-end of the Internet and facilitate the peer-to-peer communications

*
Simple: Plug and Play (thanks to stateless autoconfiguration)

*
A larger range of services to propose to customers

*
Security is natively defined in the protocol

*
IP mobility optimized

*
Multicast mode easier to deploy

*
(For the ISP, routing process more efficient)

Re:Most people don't care about IPv6

[SillyNickName4me]

> Do you use NAT (a home router)?
> Blame your IPv4-based ISP for not having enough
> address space for you.

For most peopel NAT actually solves a problem instead of being one.

Yeah, for some people it would be nice to be able to have their toaster online and reachable through the internet as well, and lack of addresses can make that difficult, but most people do not have a big urge to do such things.

They do however have a problem with their computer and an unfiltered internet connection.

A router that does NAT happens to function as a pretty good ip filter with state-keeping that is extremely easy to configure.

> Do you run a web-hosting company?
> You probably know how expensive address space
> is.

Yep, sadly enough, IPv6 sounds more advanced, and thus will be more expensive. The people who market the stuff have absolute controll over the supply so can set a price as they like.

Re:Most people don't care about IPv6

The flaw with that logic is that, in reality, NAT was designed to solve a completely different issue. Mainly, keeping private networks away from public networks, with connectivity only as specifically allowed on a specific ruleset. A firewall, in a sense, except it was never designed to "stop" or "drop" packets as one thinks of a firewall-- only deliver them from the outside, in. The firewall effect is a side benefit in and of itself.

With my ISP package, I get eight IPs. Eight! I'm only using five of them among my four boxes at home, but I'm quite seriously considering NAT'ing up a few of the lesser used boxes. At the moment, they're not configured to act as a private network, yet I'm considering it. The ones I don't monitor as frequently pose a security threat, and as such, NAT is the quick, cheap solution.

The extra "IP space" one benefits is just an added side benefit.

Re:Most people don't care about IPv6

[sirsnork]

Whilst your point is valid, it's not the biggest reason. NAT is so popular because it is EASY.
Without NAT you have to have a REAL router and you then have to setup a REAL router, telling it which IP's you have attached to each interface, probably some subnetting. You can bet your average user has no idea how to setup a real router, but with NAT they can just plug in and go

Re:Most people don't care about IPv6

Ever heard of UPnP? It allows auto-configuration of devices. Just plug in, and it works. Let's see, give me an IP address for everything in my house, so my piece of crap- windows running cable box can get a virus too. Good Idea! They have plenty of jobs open for people like you in Redmond.

Re:Most people don't care about IPv6

[Izago909]

See comment here. NAT has nothing to do with people running thier box with admin access rights. It has nothing to do with people who blindly open attachments, or do not use a good firewall, or do not use an AV program. NAT is a flase sense of security.

Re:Most people don't care about IPv6

[tftp]

Give it ten years at least. Cell companies can want all they wish, but it won't convince major telecoms (who are a distinct entity from cell companies even if under the same corporate umbrella) to shell out billions of dollars on upgrades for no increase in revenue. TV over IP is in the same boat, they won't pay for the routers. I, as a customer, won't pay either, that's for sure - because neither me, nor any of my friends need IPv6. It has benefits that are of no interest to us, and it has disadvantages (cost of deployment at least) that are of great concern to us. So here we are.

Re:Most people don't care about IPv6

[SillyNickName4me]

> Which is one more step than a NAT box requires (for the same functionality as far as the home luser is concerned).

Uh yes, but one more step doesn't exactly make for a very complicated router setup. They already have to fill out a box with their username and password. I really do not see why there would be a problem in filling in a 3rd field (the contents of which are provided by the ISP just like the rest)

Argument was that nat makes it a lot easier, well, it makes it easier but not a lot. I didn't think that was that hard to understand really was it?

Re:Most people don't care about IPv6

[asdfghjklqwertyuiop]

A router that does NAT happens to function as a pretty good ip filter with state-keeping that is extremely easy to configure.

NAT does not filter anything. A firewall does. You probably already have a firewall, so taking away the NAT would not change the security of your network one bit.

Re:Most people don't care about IPv6

[drinkypoo]

While NAT doesn't filter anything, it does achieve the same result as blocking connections by default, because people will either be trying to access your external IP which will not result in a connection without an appropriate forwarded port, or they will be trying to access your internal IP which is not routable, and backbone routers drop source routed frames. In fact, so does linux, by default, IIRC. Hence, while it's not filtering, it might as well be.

Re:Most people don't care about IPv6

[LoveMuscle]

Bulllarky about the major telecoms.. I work for a major hardware supplier (we make the MSM's that go into most CDMA cellphones), and I am specifically working on implementing IPv6 in our software. It is the major telecoms that are pushing us to do it, not the other way around. (One starts with a V... the other starts with an S..)

They want to start rolling out services that will require full time IP connectivity to EVERY phone. If you start doing the math thats a major chunk of the IPv4 address space. Their only option is IPv6. IMO the major telecoms are going to be the FIRST folks to adopt this wholesale...

Re:Most people don't care about IPv6

[asdfghjklqwertyuiop]

Your neighbors can route the non-routable addresses to your IP, but as I said before, if you drop source routed frames then that won't be an issue.

I'm not talking about source routing. I'm talking about plain old vanilla routing.

You've got two machines on one big network which from our perspective is an ethernet. Perhaps the underlying stuff is the cable cloud in your part of town.

One machine on this network is a router with public IP 172.30.0.2, not filtering anything. Behind this router is 10.0.0.0/24.

On another machine on this big network you type 'route add -net 10.0.0.0/24 gw 172.30.0.2'. Also on this machine you then type 'ping 10.0.0.1' and notice the reply.

No source routing involved here at all.

That's not the solution.

[mind21_98]

The solution is more ISP support. This is where you vote with your wallet. If your ISP doesn't support IPv6, find another. Same goes if you're hosting a Web site. They will eventually catch on and begin offering IPv6 more widely.

Re:That's not the solution.

[HoneyBunchesOfGoats]

Not many people have the option to choose between ISPs. Where I am, it's either crap or crappier.

What's the rush?

[jobugeek]

I don't understand the rush for so many here to move. Unless you do live in SE Asia, then IPv6 isn't really necessary. Yes NAT can be a pain in the ass, but it is serving its purpose fairly well.

IPv6 will take over just like anything else. When it reaches critical mass and demand forces it. Probably starting in SE Asia and moving westward.

Re:What's the rush?

[Hanji]

Yes. The purpose of already working painlessly with the existing infrastructure without any significant thought on the part of the user.

Re:What's the rush?

[tepples]

A purpose for NAT is the closed-by-default firewall that its common implementations provide as a useful side effect.

Reverse proxy servers always open

[jgarzik]

Silly people.

A reverse proxy server (http accelerator) must be open to the public.

However, that does not mean the server is an "open proxy"... the proxy configuration only proxies for the specific web sites listed in the configuration file.

What about dhcp?

[Mustang+Matt]

It seems to me that it would be really useful if the little off the shelf linksys/dlink/netgear/etc. routers did ipv6. I don't see it really being used until hardware starts using it.

On top of that it's my understanding that NAT should go away with ipv6. What is everyone with an internal network to do for IPs then? I've heard you can get free ipv6 blocks right now but they can be revoked once everything goes "live" but I don't want to deal with that.

Ultimately I guess I really want NAT ipv4 for inside my network until my hardware can hand out ipv6 addresses that I own forever.

Re:What about dhcp?

[kkane]

The intention with IPv6 is that you won't have "unroutable" networks, like we do with private nets such as 10.x.x.x and 192.168.x.x. Everything will have a globally unique IPv6 address. There was in the original spec what were called a "site-local" addresses, which were private addresses not routed to the outside much like their IPv4 analogues, but those have been deprecated.

However, you'll have plenty of addresses because, in the current incarnation, you're not allocated a single address, but rather you are allocated a subnetwork, which is currently 2^64 addresses. So the first 64 bits are assigned to you by your ISP, and then the second 64 bits are yours to do with as you like.

So that addresses the question of NAT: there won't be any lack of IP addresses necessitating its use. I am only addressing the use of NAT as a way around limited address space, and not any of the other uses for which NAT has.

But what about DHCP? IPv6 comes with something more elementary, called "stateless autoconfiguration." Basically, the router constantly broadcasts your "prefix" to the subnetwork, which is the first 64 bit half of your 128 bit address your ISP assigns you. The machine then takes its subnetwork ID (the MAC address), and sets the second 64 bits to a function of that. In the case of Ethernet, it isn't the 48-bit Ethernet MAC address verbatim, but a published function of it. It's called stateless because it's always a function of whatever the network's prefix is plus some kind of subnet ID, and there's no concept of leases, or any of the state a DHCP server maintains.

There is not yet an equivalent mechanism for "stateful autoconfiguration," which is more what DHCP is, where you can automatically assign an arbitrary address to a client. You can of course statically configure an interface to have a specific address, but there is no automated mechanism to always assign a particular autoconfigured client a particular address you designate. There are proposed standards for an IPv6 version of DHCP, however, and I expect eventually such a beast will eventually come around.

Re:What about dhcp?

[kkane]

Oh, yeah, I forgot one more point:

Whether or not your "prefix" changes each time will be much the same as whether or not your single IPv4 address changes each time you connect. Either your ISP statically assigns you one (perhaps for an extra fee), or it doesn't. But that 64-bit prefix will be your global identifier that gives you an address space, much as the single IPv4 address is your global identifier now, except your address space is only 1 address.

Re:What about dhcp?

[Izago909]

Fun stuff when the feds want to know who's been downloading mp3s over your hotspot and you honestly can't tell them :)

Actually, from a legal standpoint, the buck would stop with you. All they would have to prove is that your negligence aided and abetted in a crime. Do you think that the RIAA cares that grandma didn't download that new Brittney song? No, of course not. They can still sue her because it's her internet connection and her responsibility. It's sort of like lying by omission. NAT does not help you because your real IP address still terminates at your router. Anyway, in a civil case, the burden of proof is on you to show that you were not the one who commited the act.

Re:What about dhcp?

[tepples]

in the current incarnation, you're not allocated a single address, but rather you are allocated a subnetwork, which is currently 2^64 addresses.

Watch residential ISPs break the recommendation and grant a /128 instead of a /64 in the name of profiteering.

re: The opposite is already there

[zaxios]

From there:"

Why does this service exist?

There appears to be a chicken and egg problem in deploying IPv6; ISP's serving endusers don't want to do it yet because there isn't any need for it from their clients, Hosting companies don't do it yet because there isn't any demand yet either from clients... Thus, we made this gateway, which allows users who do have IPv6 to get to all the content in the IPv4 world. If you don't have IPv6 connectivity (yet) you can of course try the SixXS Tunnel Broker.

This is essentially the same observation and the same solution except that it focuses on getting ISPs (clients) to support IPv6 rather than servers.

Not a Catch-22

[back_pages]

IPv6 presents a catch-22: the most popular web sites on the Internet don't have any incentive to switch to IPv6 until a large portion of their userbase is on IPv6, and their user base does not have a large incentive to switch to IPv6 until many of the popular Internet destinations support IPv6.

Nice try, but that's not a Catch-22.

A Catch-22 is when the solution creates the problem. From the book (yes, there was a book) if the doctor diagnosed you as crazy, you didn't have to fly any more bombing missions. The catch was that you would have to be diagnosed crazy by a doctor to want to fly more bombing missions. Thus, by achieving the status of "unfit to fly", you were actually certifying yourself to fly.

What we have here with IPv6 is two parties with no immediate reward for an investment. If one of them stepped forward, the other would step forward, and the world would enjoy IPv6. There is nothing about this that is remotely close to a Catch-22.

Re:Not a Catch-22

[Bombcar]

I always thought that the way it worked was that if you were certified insane you couldn't fly, but the Catch-22 was that if you tried to get certified insane it proved that you didn't want to fly, which was an action of a sane man, therefore you had to fly. Nothing you could do would prevent you from flying.

Re:Not a Catch-22

[skraps]

I don't think your explanation is very clear. For anyone who is really interested, here is a good explanation of the term.

The part you missed is that the pilot can't be diagnosed by a doctor unless he asks to be seen; and since he fears for his own life enough to ask for a diagnosis, he is clearly not insane.

IPv6 Needs a Killer App

[That's+Unpossible!]

That killer app may be VoIP. If everyone wants their own IPv6 phone number.

Or that killer app may be someone coming up with an awesome spam/virus/security solution that requires features found in IPv6.

But just wanting people to switch for no good reason will never work. Market forces...

Re:IPv6 Needs a Killer App

[Wesley+Felter]

Unfortunately for IPv6, Skype works fine with IPv4+NAT.

ThreeDegrees requires IPv6, but it never really caught on. Maybe it would have had better luck if MS created a fake startup shell company to promote it, so then people would think it was some kind of revolution in the making instead of yet another tool of The Man's oppression.

Wow

[stratjakt]

A reverse proxy or http accelerator with IPv6 on one side and IPv4 on the other.

That is mightily impressive and you certainly are a genious of our time.

Where can I sign up?

[T-Ranger]

And get me some IPv6 addresses? Which, if any, ISPs/hosting companies support IPv6? Who do I talk to to reserve me a chunk of space so when my bacasswords ISP gets in line, I can get me some public IPs for my boxen at home?

Nobody's running out of space

[Wesley+Felter]

40% of the IPv4 address space is unallocated, and much of the allocated space is probably unused.

Funny solution

[ezzzD55J]

Sounds like a funny solution to me. Why not just multi-home the webservers? No extra hardware, extra point of failure, simpler, less dependency, etc.

This has been mentioned before. It's still moot.

[soybean]

The issue with ipv6 adoption is not an issue of servers or clients, it's an issue of routers.

ISP's need to adopt ipv6.

Tunnelling won't push adoption, but it might help YOU if you need to work with someone who is using ipv6.

The world doesn't need all that address space.

[acceleriter]

Sure, China and Korea would like billions upon billions of addresses, but that's because they've spammed their IPv4 address space into every blacklist on Earth.

Ummm...

[Talez]

Isn't this just 6to4 which has been around for ages?

Re:IPv6: Not Ready For Prime Time

[eamacnaghten]

I believe you are incorrect in saying there are larger routing tables.

The IP numbering allocation in IPv6 is hierarchal, which they are not in IPv4. The first 16 bits are the FP and Top Level Address (allocated to "trunk" cos like MCI), the next is a 32 byt "Next Level Addres" allocated to ISPs, and finally "Sight Level Address"es allocated to people like you and me.

At the moment many routing tables on the trunks have thousands of entries, increasing as allocation of IPv4 becomes more and more fragmented, significantly slowing down the trunks. IPv6 will mean considerably fewer routing table entries there, increasing performance.

Although the raw IPv6 header is larger than the minimum IPv4 header, a system of, in effect, encapsulating parts of the headers in the data packet that are not needed in routing exists where it does not in IPv4 (such as those needed in TCP). The savings there should more than make up for the degregation in increasing the minimum size of 20 to a fixed size of 40.

It is a misconception that IPv4 produces 4 billion IP addresses for the world to use. By the time all the university's Class A addresses and all the wasted IP addresses of those who have networks with machines missing are considered, all the network and bradcast addresses and so on are also considered you will be lucky to see 3 billion. In fact I would not be surprised if the figure was nearer 2. This may be enough for the Western World but not for Asia as well.

IPv6 is also neccessary to adopt the up and coming internet technologies, such as those that use MultiCast (IPv4 implementation of this will NEVER get adopted). I agree with you that it is the routers that are holding this back - but once an area is enjoying the benefits of IPv6 then I believe it will rapidly spread.

My 2c worth....

IPv6 as a "solution" to NAT?

[venomkid]

This may be a bit OT, but I'm reading many people talking about NAT like it's some horrible thing.

As a longtime NAT user I like the fact that just one of my computers is hooked to the real internet and the others can't be diddled by outside computers.

Even if I had unlimited IPs, I'd still probably do it this way.

Re:IPv6 as a "solution" to NAT?

[kkane]

NAT's big shortcoming is that it's a hassle when you want one of your inside hosts to be able to receive connections from the outside like a server.

I think something will still exist like this for IPv6, but now you'll actually have more addresses when you want outside computers to be able to access an internal host. So it'll be up to you whether or not an outside host can diddle on the inside, which it wasn't before.

In IPv6, NAT will be to address the security issue you mention, rather than the shortage of address space that caused its inception in IPv4. It's the latter issue in which IPv6 is a solution.

multicast?

[Doc+Ruby]

Most people know that IPv6 delivers a bigger address space, and IPSec security. But what ever happened to its multicast tech? Is anyone sending a single multimedia stream over IPv6 to multiple recipients, without having a separately addressed packet stream like in IPv4? That feature would be the most timely, arriving just as large audiences are developing for online streaming multimedia content.

This is so obvious

[jd]

I can remember arguments on the 6bone mailing list about such proxies. Back in 1997! The argument then was that proxies would just slow down the adoption of IPv6, because nobody would really need it on their machine, at either end.

Of course, we now know that NOT having proxies has been a disasterous mistake. I can only hope the IPv6 community in general can accept that.

IPv6 is more than just addresses. You have utterly transparent mobile IP. You have automatic network configuration. Anycasting allows you to request a service and have the closest server respond, without you needing to know where that server is. You have almost-mandatory IPSec - which is more than just encryption, it authenticates that the machines are who they say they are.

IPv6 is a valuable tool. Back in the early days, I ran the first registered IPv6 node in Britain. At its peak, I had 10 tunnels running across Europe and the US. That was using IPv6 under Linux 2.0.20, using the-then VERY experimental IPv6 patches that existed. It started with static routes, but I later moved to MRT and finally Zebra.

MRT and Zebra are now fast-decaying abandoned project, as far as I can tell. The only Open Source software router I can find is Click, and whilst it's good, it doesn't have the developer- or user-base to be confident that it can really do more than be a nice experimental project.

(Any distro authors out there SHOULD put it in their distro, if for no other reason than the fact that Linux will cease to be useful as a router platform, if the last remaining projects don't get adopted.)

IPv6 would benefit from having an IPv6-over-IPv4 protocol defined, much in the same way that SIT defines IPv4-over-IPv6. Again, I've argued this from the start. The idea of a migration to IPv6 will NOT be realised or realisable until the average person can plug in an IPv6 address into a browser or some other network software, without having to care about the fact that it is IPv6, and see a result.

Once IPv6 is truly transparent to the "unwashed masses", you'll start to see people adopting it. After all, it IS easier to configure and maintain. That would make people like ISPs very happy. Less time wasted on network maintenance means more profit for them. And nobody is averse to getting a little richer, a little quicker, when it costs nothing to do. You even have the bonus that it's legal and ethical (though some wouldn't care about that part).

Because IPv6 supports host authentication, it's great for Joe/Jane Average, too. It's harder to spoof mail addresses, when the mail server can validate the transmitting machine. That won't eliminate spam, but it will make using fake addresses slightly harder, which will give people a little more confidence that the sender is who they say they are.

Because multicasting is part of the standard, it also means that video streaming to multiple recipients will be less savage on the network. Once people realise that you can get damn near TV-quality reception by multicast, versus 5 seconds a frame (with tiny, low-grade frames) via a typical webcast, who in their right minds will go back to that worn-out way?

(And by near-TV standard, I'm talking NTSC or PAL resolution at 15 to 20 frames per second. The bandwidth would be impossible to maintain, if the server had to do point-to-point to every recipient, but it's very doable over a multicast transmission, and it's very normal for any of the multicasts advertised using SDR or similar tools.)

The technology that people have, right now, versus the technology researchers have had for decades is pathetic. What you can buy as top-of-the-line off-the-shelf today was commonplace in most research labs 10-15 years ago. Some of the slow adoption comes from wanting to really test the technology. Most comes from corporations dragging their feet and exploiting the time-lag to squeeze their victims^H^H^H^H^H^H^Hcustomers for every penny they h

I call bullshit.

Network folks at Brown actually have a clue. You do not. NAT is network address translator, and the common MTU is around 1450.

IPv6

[strider_starslayer]

People will use IPv6 when they need it; when every device you have needs it's own internet connection, and routing/NAT will no longer do- providers will switch to IPv6, it'll happen basically overnight, though the use of a consortium.

And even then most people will just take there shiny IPv6 address, NAT it and use IPv4 internally.

How does this help?

After creating these gateways what is the incentive for users to switch? What is the incentive for popular destinations to switch? In both cases I think the answer is none.

No. The answer to rapid IPV6 deployment is for someone to create an IPV6 only P2P network with a ferocious amount of free porn and mp3s. The next day everyone will be upgraded to IPV6.

MOD me up this is both funny and the truth!

Re:IPv6: Not Ready For Prime Time

[Scott+Wunsch]

1. Cisco routers suck at IPv6.

Okay, I won't argue with you there.

2. There are too many addresses. There are 16.7 million addresses per square metre of the earth's surface, including the oceans. This is overkill.

It's deliberate overkill. It allows things like 64-bit subnets, which in turn allow for stateful autoconfiguration. It also allows for large chunks of address space that won't be allocated at all; if it turns out in the future that our current allocation method is inadequate for our needs, we can simply devise a new allocation method in this empty space, rather than having to migrate to a whole new version of IP.

3. The problem with a 64-bit network prefix is that routing tables become massive. Just do the math and you'll see that extreme amounts of memory are required to hold routing tables.

Yes, if an IPv6 router had to hold nearly 150,000 routes in memory like it does in the current IPv4 world, it would be massive. Fortunately, IPv6 is designed to have properly aggregated addresses, so that things are much more hierarchical, and routing tables can be stored much more efficiently.

4. The IPv6 header is too large.

Aside from the fact that more and more connections are using much larger MTUs these days, IPv6 also supports more aggressive header compression than IPv4 did, often resulting in similarly compact headers.

Re:ISPs

[iabervon]

ISPs do provide IPv6 addresses for free when they provide IPv4 addresses. Every IPv4 address has a corresponding IPv6 address. One of the points of moving to a huge address space is that you can assign each old address a new address and not use up a significant portion of the new address space.

What would be interesting is if ISPs would assign a static IPv6 address to customers who have dynamic IPv4 addresses. If the ISP has IPv6 at all, they have a huge block of addresses, which they could trivially assign to their customers by account number. And then there would be people who would set up IPv6-only sites or sites where the IPv6 address was more reliable, because the address was free.

IPv6 internet?!?

[rsd]

Please, correct me if I am wrong.

Isn't the internet IPv4 only and IPv6 is archieved thru
encapsulations like The 6Bone ?

If so, what's the point of worring about sites not being in the 6bone?

If I am wrong, can you post some links please?

Thanks

Re:IPv6: Not Ready For Prime Time

[sn00ker]

Wow, you sure smell like a troll.

If you're so confident that your dissertation has academic merit, why don't you put your name to your post?

1) No arguments, mainly because I don't know about the architectures of the Cisco and Juniper PEs used.

2) For a post-grad student, you don't seem to know much about IPv4. Almost 17 million addresses taken by each of 127/8 and 10/8. Another million gone with 172.16/12. 192.168/16 rounds that all out to about 36 million. Almost one percent of the address space gone, just on reserved ranges. The experimental ranges take some more space again. Then there're all the network and broadcast addresses, with CIDR making that problem worse, even while it does solve the issue of giving organisations blocks of space that're wildly in excess of their requirements.

3) I dunno who makes your NIC, but all mine have a 48-bit MAC.

IPv6 does nice aggregation. Routers only need to know about their immediate network, everything else they see as an aggregation. So rather than knowing about every /64, they'll just see a bunch of /48 (or less) netmasks, and the routers for those networks worry about breaking it down to the /64s when they get sent the packts.

Plus, RAM's cheap. Even the Kingston stuff you need for Ciscos. Couple cheap memory with the very good route summarisation in the IPv6 spec, and it's a non-issue.

4) The current IP network has these restrictions. With jumbo frame and the various other techniques now in existence, you don't think it's possible that part of the migration to IPv6 will be to throw a few more bytes into the packet size?

I can't belive you got a +4 (Informative) for that load of tripe. No wonder people have no respect for the moderators!

Re:IPv6: Not Ready For Prime Time

[suckmysav]

"Cisco routers suck at IPv6."

Actually, you could probably just shorten this to "Cisco routers suck."

Re:IPv6: Not Ready For Prime Time

[cabbey]

Note to self: don't hire anyone from Brown University if this is the quality of their grad students.

A few quick issues with your points, just be glad I'm not on your review board, it wouldn't be pretty.

1. Cisco is only one of a handfull of router manufacturers, and if their gear doesn't keep up with the technology then those 'insane corporate policies' you referenced will be fixed. In the early days of IPv4 Cisco's routers (and everyone else's for that matter) used the cpu to handle routing too, fancy fast path hardware didn't exist at the time. As time changed, and the amount of load on routers increased the industry leaders invented faster and better hardware to keep pace with that load, there is no indication that they won't do the same with IPv6.
2. This same argument has been made for every new addressing scheme... there was no reason to use more than 8 bits of address, because there would never be more than 256 computers in the world. Same arguments were made for phone numbers. Oh, and it's "Network Address Translation" see RFC 1631, any amount of "anonymity" provided by NAT is purely a placebo effect on the less cluefull user. You focus purely on the number of addresses availabel in IPv4, but fail to take into account how many of those are usable, given the amount of reuse hacks already in use throughout the world, I'm sure we're already well over the number of usable, globally routed, IPv4 addresses. Especially with some of the Asian and European Cell carriers using their own NAT'd 10/8 network, as do a number of US cable modem companies, not only in some cases for end users, but also for their internal routers. (The route out from my cable modem travels through two routers in the 10/8 network.)
   
   Oh, and if you actually read said RFC you would learn that it is not a solution, it is a bandaid. Just read the abstract:

   Abstract
   
   The two most compelling problems facing the IP Internet are IP
   address depletion and scaling in routing. Long-term and short-term
   solutions to these problems are being developed. The short-term
   solution is CIDR (Classless InterDomain Routing). The long-term
   solutions consist of various proposals for new internet protocols
   with larger addresses.
   
   It is possible that CIDR will not be adequate to maintain the IP
   Internet until the long-term solutions are in place. This memo
   proposes another short-term solution, address reuse, that complements
   CIDR or even makes it unnecessary. The address reuse solution is to
   place Network Address Translators (NAT) at the borders of stub
   domains. Each NAT box has a table consisting of pairs of local IP
   addresses and globally unique addresses. The IP addresses inside the
   stub domain are not globally unique. They are reused in other
   domains, thus solving the address depletion problem. The globally
   unique IP addresses are assigned according to current CIDR address
   allocation schemes. CIDR solves the scaling problem. The main
   advantage of NAT is that it can be installed without changes to
   routers or hosts. This memo presents a preliminary design for NAT,
   and discusses its pros and cons.

3. What exactly is the difference between 2 and 3? Two seems to be "2^64 is too many hosts", whereas three seems to be "64 is too many bits". Well, duh. The two go hand in hand. All the same issues that apply to 2 apply to 3... but you raised an additional issue, that having 64bit addresses will bloat routing tables absurdly. That's because of the way addresses have been handed out, split, merged, moved, and generally horribly mismanaged. IPv4 routing tables today are absurdly bloated. IPv6 was designed, from the get go, to fix this problem by using aggregated routes. Say you have two networks that are very nearly adjacent in the address spac

What problem?

[Zaffle]

Seriously, what problem is this solution solving?

I run ipv6 here at my site, every PC ont the LAN is using it.

Inside the LAN its almost totaly native IPv6. Only the printers are IPv4 only. When surfing the web, the users browser does a AAAA DNS lookup, if it succeeds, then it does a native IPv6 connection. If you try to connect to IPv4 only site (very common), then the PC initiates an IPv4 connection. Our Internet router provides the IPv6 tunnel and does NAT'ing for IPv4. Its all totaly transparent, requiring no end-user setup or mucking around with.

I regularily use IPv6 websites, and I don't notice that they are IPv6 unless a) the website notifies me I'm connecting over IPv6 (eg http://www.ipv6.org/) or b) i look at the traffic going through.

The only thing I could do to "improve" the situation here would be to have my ISP IPv6 aware, so I didn't need to use a tunnel broker.

The way that would work would be the ISP would issue a single IPv4 address and a IPv6 prefix on connect. Then the would would be a great place :)

All my applications I write are IPv6 aware, infact they are primarily IPv6 applications with fallback to IPv4.

Most applications you use today are IPv6 aware. The next step for IPv6 is hosting companies and ISPs proving IPv6 natively. This will happen once the backbone routers are fully IPv6 aware.

Nick

IPv6 is getting a jumpstart.

[Ungrounded+Lightning]

At the current rate of non-progress, IPv6 will never reach critical mass. IPv6 needs a jumpstart.

IPv6 is getting its jumpstart. From the upcoming mobile IP vendors. They want IPv6 for tracking their phones/modems (for which they can't buy enough IPv4 address space to be confident of not hitting a wall). So they have made it a checkbox on equipment acquisition (i.e. you don't sell 'em a router unless it has IPv6 - period).

Since they're talking equipment purchase totaling into the billions this is NOT something the equipment vendors are ignoring.

Once there's a bunch of endpoints out there that can only be reached by IPv6 (or NAT/tunnel servers bridging to it) there will be a lot of pressure to migrate the rest of the net.

It's called a "viscious circle" or "chicken &

[Ungrounded+Lightning]

Subject line says it all.

uhhh.. wasn't ip4 tunneling in always in the spex?

[evilmousse]

i remember my professor introducing me to ip6 a few years ago, and one of the major things he touched on was tunneling through ip4 networks. soooo what was the problem, and why does this article make it seem like it needs more software? did that not end up implemented by default?

BGP

BGP currently shows roughly 1.3B addresses as being routable. That represents a little more than 25% of the IPv4 space.

There are alot of special use /8's around and a ton of academic institutions (MIT) and large corporations (Eli Lilly, etc.) that received /8 assignments back in the day.

I can not imagine MIT utilizing 16.7M IP's, and most other /8 recipients from that time wont either.

For more information see http://www.iana.org/assignments/ipv4-address-space

Re:Why would a residential customer WANT a /64?

[tftp]

Ok.

Just as a comment: "some people" probably amounts to 0.01% of paying customers, and is therefore totally insignificant. Even networking professionals - who understand well why IPv6 is better - realize that IPv6 can not happen overnight, and there is really no clear need for it today. Majority of people just buy a $99 wireless router (NAT) from Linksys, and they are all set on their own Class A network. What else is there for them to ask for?

It is also understood that IPv6 shines in a lot of areas (which were mentioned more than once in this discussion.) However none of them are mission-critical, or even noticeable to the average customer. For example, IPv4 NATs are not VoIP friendly - so there are software and hardware solutions already (UPnP, STUN, TCP etc.) and they work on existing networks just fine.

If you want my guess, the star of IPv6 will never rise. It is past its time already. People were concerned about address spaces many years ago, but now it seems everyone is happy, and nobody wants to buy into IPv6.

"But," one says, "the IPv4 address space will be exhausted!" Yes, it will be. A new protocol will replace IPv4. But it may not be IPv6 at all. Who knows? I think IPv4 will be firmly with us for 10 to 20 years from now. Then we shall see. IPv6, after all, is a souped-up IPv4, and it is not all that different from its parent. Maybe something else, something better, will be needed? I'd say so. Maybe they will dump fixed 128-bit addresses, and make them variable length instead, so that new addresses may be allocated where they are needed... Maybe some other crazy scheme will be devised. But IPv6 at this time solves no real problem, and that's why it is not popular.

And if telecoms want IPv6 on their mobile phones... by all means, please do. It's just very likely that the IPv6 will terminate at Verizon's 6->4 proxy, and that's the end of it. This would be practical anyway to cache the data, since I guess majority of users access relatively small number of sites (CNN, Yahoo, MapQuest etc.) and they are mostly cacheable - and the telecom wants to insert their own ads too!

First a Rod, Then an Egg!

[chromatic]

Subject line says it most, anyway.

Re:Why would a residential customer WANT a /64?

[TheRaven64]

I would guess that the killer app for IPv6 would be instant messaging. A lot of people use it, and a lot of them use it to send files. Configuring a client to be able to receive files from behind a NAT can be a pain (how many home users know enough to set up port forwarding?). The same is true, although to a lesser extent, of peer to peer file trading clients (which are certainly popular amongst the less technically competent). Anything that requires the user to be able to accept incoming connections is trivial with IPv6, and complicated with IPv4+NAT (even with UPnP, which is by no means universal).

Varaible-length addresses

[cronie]

Maybe they will dump fixed 128-bit addresses, and make them variable length instead, so that new addresses may be allocated where they are needed...

This is really a terrific idea... Picture higher-level routers that only recognize the first IPv4 part of the address and pass packets on to the leaf routers. Such a protocol would require only minimal and thus cheap upgrade of firmware for most hardware on the Internet, not to mention that their 32-bit CPU's would still perfectly do the job.

And so the whole address space would become a tree, just like the domain name system.

(After all, for simplicity of the user-end routing devices, each node's MAC address can be appended to the 4-byte IP address, for example, which will turn IPv4 into the forgotten IPX... The first 2-3 bytes of the MAC address can be changed in each node to reflect the local tree structure in your LAN/WAN. Something like NAT, but with a bit more complicated IPX-like structure in your private network... TCPX?)

As for other "benefits" of IPv6... Autoconfiguration is dangerous since it can be spoofed in large and weakly controlled LAN's. I never really trust DHCP, UPnP and other "smart" guys and try to avoid them whenever possible.

IPv5 ?

[SammyTheSnake]

Did anyone else wonder, "whatever happened to IPv5?"?

Well, this seems to be the answer...

Cheers & God bless
Sam "SammyTheSnake" Penny