Little Interest In Next-Gen Internet

Ant wrote in to mention a Computerworld article that is reporting on the slow acceptance of the IPv6 version of the internet. From the article: "Information Technology (IT) decision-makers, in U.S. businesses and government agencies, want better Internet security and easier network management. However, few see the next-generation Internet Protocol called IPv6 as helping them achieve their goals, according to a survey released Tuesday by Juniper Networks Inc."

never happen

Lightman also called for a national IPv6 coordination office in the U.S. with an annual budget around $10 billion.

No way that'll happen; $10 billion can buy a lot more soldiers to kill Iraqis.

Re:never happen

[mwood]

There's no point anyway.

The problem to date is that MS Windows doesn't use it. Even XP requires you to install it after you get the rest of XP set up.

When they start shipping MS Windows with IPv6 turned on and start talking it up in the Help, then the corporate deep thinkers will start telling us to Make It So.

BTW it works fine here, on WinXP and Linux. IPsec too.

just wait...

...untill they run out of addresses

Re:just wait...

[Chibi+Merrow]

Then they'll just rob blocks from people like MIT who have way too many and NAT the rest...

Re:just wait...

[m85476585]

What will happen if they run out of addresses?

Re:just wait...

[Martin+Blank]

I wanted to hit a colleague not long ago. I mentioned that it seemed that someone on the network had enabled IPv6 on their system, as I noticed some packets that I traced back to an IPv6 stack looking for a DHCP server. He (a network security engineer) said something about this being a threat, and that it was against policy, comments which are normal from him and which I ignore. I commented at the same time that it would be nice if we could begin converting to IPv6, at least on a trial basis for a few systems, and he said something about how IPv6 was "pointless" and "useless" since we have all the addresses we need using NAT. Arguments that NAT is a cludge and gets needlessly complex as you continue to NAT multiple layers went nowhere with him.

Re:just wait...

and no one even mentions the cool TOS etc header options.

Re:just wait...

[SirNAOF]

If he's a network security engineer, shouldn't he realize that NAT actually hides the real source of some network threats?

If everyone has a real IP, problems are much easier to track down.

Re:just wait...

imjgiane you live in any other country. where ithe internet is beginnning ot take off .. only a hardcore elite are starting ot use the net and you dont have enough addresses! as usa and uk get the m all .tahts why japan has always used ipv6 as soon as it could.

its why i dont pay for connectivity.,
i jhave zero bandwidth and 1 ip address.. for 30 quid a month!?!? gimme a break.

gimme as many as i want and ddent bandwidth.. id pay double!

Re:just wait...

[Chibi+Merrow]

Well from a business perspective IPv6 is pointless and useless. There's no financial benefit from going to it nor is there any need for the vast majority of users. Give it twenty years and that will probably change--but until there's some real monetary benefit to switching, it's just not gonna happen.

Re:just wait...

[Martin+Blank]

This is a persistent pain for me -- I'd like to be able to see what's happening, but it stops at one IP address, and then we have to spend time reconstructing the entire chain of events. His view is that while NAT hides the source of events, it also hides potential targets from attackers, particularly viruses that spread through direct network connections. He has a point, but most of the tracking that we do is made much more difficult because of this.

Re:just wait...

[MightyMartian]

You can have a firewall without NAT. I'd be pretty nervous about any network "engineer" who thinks the way this guy does. We've done it on our servers, including our switches, which cannot be accessed at all from the outside. If we need to do remote maintenance, a VPN connection gets us on to the network. NAT is an incredibly useful kludge, but it's still a kludge, and while the ipfilter guys have done an extraordinary job of getting some of the nastier protocols working, it's no panacaea.

Re:just wait...

[Trigun]

My big fear is that home users currently need nat to hook more computers to the Internet. If we take that away, can you imagine how many botnets can be out there? Sure it's easier to track to the actual computer, but if the large ISP's aren't helping, what does it matter? My blocklist is going to end up being 6.2e^29 lines long.

Re:just wait...

[MightyMartian]

If you're talking about blocking IP addresses, it's an immensely difficult thing to do even now, unless you decide to block large chunks of ISPs' consumer networks. Blocking IPs, IPv4 or IPv6, is really like closing the barn door after the cows have come home. It's the final desperate act, not an actual solution. IPv6 isn't going to cure all the problems, and I have absolutely no doubt that it will introduce new and unforseen ones, but now we have a decade or so of experience with the network under pretty high volume, and all of the security woes that have come up, so hopefully we can make the next generation more reliable and trustworthy than the IP system we have right now.

Re:just wait...

IPv6 *is* useless, it serves no business or technical purpose (since you're on slashdot, I assume you have an IPv4 address that works fine, so why do *you* need IPv6?).

And NAT doesn't *not* protect against attacks. NAT, firewalling, and masquerading are all different concepts.

Thankfully both of you work at the same place, far away from where I work.

Re:just wait...

[Rod.Dorman]

My blocklist is going to end up being 6.2e^29 lines long

No, it wont. Instead of individual IP addresses you'll need to block subnets.

Take a look at RFC 3177 IAB/IESG Recommendations on IPv6 Address Allocations to Sites
ftp://ftp.rfc-editor.org/in-notes/rfc3177.txt

In it they recommend Home network subscribers should receive a /48 allocation. So if you want to block a specific 'home' just block that specific /48 subnet.

Re:just wait...

[Voxus]

After the cows have left, you mean?

They better hurry

[markov_chain]

2007 is coming up fast!

Re:They better hurry

2007? I thought they wanted it by 2006... Or maybe that was HDTV.

There's no place like 0:0:0:0:0:0:0:1

[ylikone]

just doesn't have the same ring to it.

Re:There's no place like 0:0:0:0:0:0:0:1

[Voxus]

Actually, I like it better, despite the extended pile of zeroes. Besides, I prefer to say 'localhost'.

Give me an easy upgrade path

[A+nonymous+Coward]

It's not backwards compatible. I can't run old IPv4 on the same net, it's one or the other. Don't tell me to run multiple NICs, that's not practical.

In short, there's no easy way to upgrade, to try it out, to upgrade slowly and practically.

Re:Give me an easy upgrade path

[the_xaqster]

Semes like someone could make a ton of money designing a IPv4 to IPv6 bridge, so you could run 2 network segments, expanding the IPv6 segment as you go.

Re:Give me an easy upgrade path

[MartinG]

What are you talking about?

I run ipv6 and ipv4 together on the same net all the time.

For ipv4 I have one static internet address on my router machine which provides NAT for all the other internal machines.

For ipv6, I have a /48 allocated to me so each machine has its own real ipv6 internet address and can talk directly to all other internet ipv6 addresses. (plus, I have over 281 trillion ip addresses spare for later)

Also the applications don't need writing for one or the other. By using the ipv6 API you automatically get support for ipv4 at the same time.

There is an easy upgrade path. What will really get folks upgrading is when more and more sites become ipv6 only. For example I am setting up a nature webcam site which will be ipv6 only for exactly this reason.

Re:Give me an easy upgrade path

[csgames]

Of course it can run on the same network. Just need a v6 connectivity, just as you have a v4 one. You absolutly don't need multiple nics! Are you one of those who think an interface can only be configured with one ipv4 address ?

Re:Give me an easy upgrade path

IPv6 -> IPv4 proxies do not exist. All fantasy

Re:Give me an easy upgrade path

[iblech]

Ehm, I'm currently surfing on Slashdot (IPv4), while my mail is sent using an IPv6 SMTP server. I only have *one* connection to my ISP, and only one NIC, and only one router.

IPv4 and IPv6 can easily coexist, and IPv6-only programs don't even have to be modified to accept IPv4 connections (keyword "IPv4-mapped addresses").

A miracle?

Re:Give me an easy upgrade path

[bnitsua]

it took me 15 minutes to set up 6to4 on mac os x...
I can access any ipv4 address or ipv6 address without any problems.
but I guess that doesn't count as an "easy way...to try it out"

Re:Give me an easy upgrade path

[dlippolt]

much to the dismay of all my developers, my answer to just about every problem is "you can use an ssh tunnel for that"

when i bought my powerbook 15 months ago, reverse tunnels stopped working, and it took me awhile to figure out why.

normally you'd run something like:

ssh -R 8080:localhost:8080 user@remotedevbox.com

to let a remote server access tomcat running on your laptop.

i suspect OSX routes "localhost" to the ipv6 address by default in this case. the solution was to change the tunnel:

ssh -R 8080:127.0.0.1:8080 user@remotedevbox.com

point being... from the "what have you done for me lately" perspective, ipv6 has been nothing but a headscratcher. and we're supposed to run the internet on it?

Re:Give me an easy upgrade path

[garcia]

For example I am setting up a nature webcam site which will be ipv6 only for exactly this reason.

Until the porn world goes IPv6 only there will be no major rush to upgrade. I really hope that your "nature webcam site" is really nude women running around in the forest or I just don't see it making a difference.

Re:Give me an easy upgrade path

There are various proposals for the upgrade. Tunneling and dual stack are two of the leading ones. Also IPv4 addresses can be mapped to valid IPv6 addresses. I havent looked at the spec lately but i believe the IPv4 address is appended with all 0's

Re:Give me an easy upgrade path

[the_xaqster]

That will teach me to not research before I post. You can run them side by side....

Re:Give me an easy upgrade path

[finkployd]

Don't tell me to run multiple NICs, that's not practical.

How on earth did this get modded up? This guy has no clue what he is talking about. Multiple NICs indeed.

Finkployd

Re:Give me an easy upgrade path

Then use multiple virtual nic:s, or bind both an IPv4 and a IPv6 address to the same.

Re:Give me an easy upgrade path

[MartinG]

I really hope that your "nature webcam site" is really nude women running around

Heh. not quite.

Actually it's small mammals running around somewhere in England. (or will be when I get things sorted out properly)

Re:Give me an easy upgrade path

[Mysticalfruit]

IPV6 has alot of nice features, but it's main reason for existing (expanded address space) is turning out to be mute.

The simple reason is that when people were working out the ideas for IPV6, the internet was basically a flat network where everybody had their corner and everybody had a class B, etc. Their fear was we'd run out of addresses. Well, we did and people simple solved the problem with cleverness instead of just expanding the address space.

The fact is now, entire corporations can run on a couple of class C address and leverage the power of NAT and proxies.

Re:Give me an easy upgrade path

[garcia]

Actually it's small mammals running around somewhere in England.

Young, petite, teens?

Re:Give me an easy upgrade path

[wirelessbuzzers]

For example I am setting up a nature webcam site which will be ipv6 only for exactly this reason.

You misspelled "mature".

Re:Give me an easy upgrade path

It's not backwards compatible, that is true. But why can't you run it on the same net? Interfaces support both, at the same time.

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host

Re:Give me an easy upgrade path

[chill]

Who assigns IPv6 addresses? Where can I get some real v6 love?

-Charles

Re:Give me an easy upgrade path

Couldn't you use 'ssh -4'? This forces ssh to use IPv4 addresses only.

Re:Give me an easy upgrade path

What makes you think he did?

Re:Give me an easy upgrade path

I'm not sure how it can be tough to hear the main reason, though it should not matter as it is probably written down places. However, if it isn't written down and it really cannot be heard, then I guess this reply is simply moot.

Re:Give me an easy upgrade path

[ignorant_coward]

Porn might be the biggest obstacle. Do people really want to access porn sites with a unique identifying address in every packet they send?

Re:Give me an easy upgrade path

[DA-MAN]

it took me 15 minutes to set up 6to4 on mac os x...
I can access any ipv4 address or ipv6 address without any problems.
but I guess that doesn't count as an "easy way...to try it out"

I've not been able to get my Mac to work with 6to4. Could you please post instructions?

Thanks.

Re:Give me an easy upgrade path

[bnitsua]

well... I am a masochist and enjoy doing things through a terminal rather than using the network panel, so it comes easy for me.

first of all, you need to enable 6to4 in the network panel under the drop-down menu "Network Port Configurations"... make sure it's checked.
once that's enabled, I use a terminal and run the following commands:
ip6 -u en0
(that starts the ip6 layer on your ethernet adapter)
ip6config start-v6 en0
(that configures tunnelling on your ethernet adapter)
ip6config start-stf en0
(that enables 6to4 on your ethernet adapter)
then go to www.kame.net, if you see the dancing turtle, it works.
I haven't bothered to automate this yet... everytime I reboot, I have to run the commands from the shell again.

it seems as if apple is kind of hiding this from people for now... but it's nice to know it's there and it works.

Re:Give me an easy upgrade path

[petermgreen]

do you have a real ip on the mac or are you behind nat?

6to4 needs to be done by a machine with a real ipv4 ip (you can have other machines behind the 6to4 box though)

Re:Give me an easy upgrade path

Interesting? WTF?

Re:Give me an easy upgrade path

[Pakaran2]

They already do, or the vast majority do. It's called an IP address. If they want to use anonymizing proxies, I see no reason why those wouldn't work under IPV6.

Re:Give me an easy upgrade path

[Curate]

Actually it's small mammals running around But these mammals *are* naked, right?

Re:Give me an easy upgrade path

[ignorant_coward]

They already do, or the vast majority do. It's called an IP address.

Often the current IP addresses are not uniquely identifying to web sites. Only my ISP has knowledge of which IP address is assigned to me at this moment, out of their pool of many thousands of addresses. Of course, static IP addresses are a different matter, but those are not as common among home users as they are among businesses.

Re:Give me an easy upgrade path

[dlippolt]

absolutely.

my point was just about how ipv6 just keeps "getting in the way" vs. other technologies which have a real upside i can take advantage of today... or at least in the near future.

Oh Dear

[taskforce]

"There's an education job to be done," said Rod Murchison, senior director of product management for the Security Products Group

Translation: "There's a marketing job to be done"

I thought education was for important things which you need, and marketing was to convince you to use products and services?

Re:Oh Dear

[godfra]

Spot on!

Re:Oh Dear

Maybe you just woke up on the stupid side of the bed today, but we DO need IPv6. IPv4 only supports, at the absolute most 4294967295 (about 4.3 billion) addresses. And as electronic devices are getting smaller, cheaper and more connected, they're all going to be used up soon.

Re:Oh Dear

[ruzel]

Which is exactly why he should have said "There's edutainmatising to do."

Need more software and support

[strider44]

The reason why is there's not that much support or software for the protocol. As the summary said they want better security and easier management, but there's not even a good IPv6 firewall up and running, so why would they take it up?

Wait a while until there's the software backing then you'll see companies using it.

Re:Need more software and support

And how will you know when there is?

Oh, wait...

Re:Need more software and support

[Qzukk]

When they get around to rebuilding their kernel and hitting Y next to ip6tables.

Re:Need more software and support

[0racle]

He said a good one. ;)
pf supports ipv6.

Re:Need more software and support

[Darktan]

So does ipfilter. And ipfw.

Re:Need more software and support

[Just+Some+Guy]

there's not even a good IPv6 firewall up and running

Ahem.

Re:Need more software and support

[qray]

But why would anyone build the software if no one is using it?

==
Master of driving rear propelled horse carts for more than 20 years

Re:Need more software and support

[cyberatz]

erm....FW-1

Re:Need more software and support

[Dolda2000]

Well, I'm running Gentoo 2005.0 over here, and I put "ipv6" in my USE flags. I can't think of a single program (that is at least a little significant) that does not support IPv6 on my system. Firefox does, apache does, MIT Kerberos does, OpenSSH does, netkit-telnet does, wget does, gnomemeeting does, xinetd does, etc.

Oh yeah, I forgot -- Most Windows programs don't.

However, I heard rumors that Longhorn will support IPv6 out of the box. So whenever Longhorn is released -- 2010? ;-) -- we'll have it.

Re:Need more software and support

[msmercenary]

On any Windows XP box:

C:\>ipv6 install

Now your WinXP supports an IPv6 stack, including IPv4 tunnel and bridge interfaces.

All Microsoft network-aware apps also support IPv6. If there are Windows programs out there that don't support it, then it's because of a lazy programmer.

Easy and cheap solution

[Nomihn0]

What's the problem? IPv6? Qr5as! Just get a bigger, longer, string.

Duh

[Heliologue]

Which is why IPv6 isn't going to be in full effect until 2025. They figured that acceptance would be slow. The fact is, at this point, people don't need IPv6. But when the numbers start to run out, they'll be clamoring for it.

Re:Duh

[Cheeze]

The sky is falling, The sky is falling.

When numbers run out???!!!??

There are over 4 billion ipv4 addresses. How many of those ip addresses are actually used? How many of those ip addresses could be easily NATted?

I couldn't imagine even 20% (800 million) are being used at any one time.

how many internet users + how many internet servers + gateways = ???

Re:Duh

[Heliologue]

Substantial portions of that address space is reserved for private network, loopback, etc. You could end up using these addresses, of course, but that would require reengineering every network-capable device that's been built to-date. You don't think that within a decade, there'll be 4 billion mobile phones, each with it's own address? NAT only goes so far.

Re:Duh

[Cheeze]

That's part of my point. Why would you NEED your phone on the public internet? To get to web pages? To use IM? To use e-mail?

Those are all easily done behind a NAT gateway. Putting devices directly onto the internet has it's purposes, but I cannot think of a good reason why a mobile phone would need a public ip address.

Can you provide a good example of the need to put a mobile phone directly onto the internet?

(and no, to get to Paris's phone easier is not a good reason)

Re:Duh

[UnknowingFool]

The fact is, at this point, people don't need IPv6

Well, not in the US at least. NAT boxes and the fact that US sites have already claimed a good deal of the IP space means fewer addresses for the rest of the world. Asian has seen the most widespread adoption. The fear was that countries like China and India are getting online slowly but may require 1 billion addresses between them in the next few decades. Since IPv4 can only handle 4 billion, this would have been a problem.

Re:Duh

[cHiphead]

IPv6 = everybody gets their own ip address, walk up to a computer, swipe your worldID card, it switches to your personal ip.

then again, thats all end times prediction scary kinda stuff, so maybe we should stay with ipv4. ;)

Cheers.

Re:Duh

[ArsonSmith]

"Why would you NEED your phone on the public internet? To get to web pages? To use IM? To use e-mail?"

Nope, just VoIP.

Re:Duh

[Citizen+of+Earth]

The fact is, at this point, people don't need IPv6. But when the numbers start to run out, they'll be clamoring for it.

With firewalls and masquerading, the numbers will never run out. Better security translates into fewer world-accessible computers.

Re:Duh

[stephenbooth]

Last I heard it wasn't so much that every person would have an IP address so much as everything you wear, carry or own would have one. Supposedly the idea is that your socks will be able to email your washing machine to get the microwave to remind you to wash them whilst the fridge will IM your PVR with a list of what's in it so it can identify and record cookery shows that use those ingredients, prioritised by how close to the use by date each ingredient is. Meanwhile the coffee maker will be contacting the local stores to get you the best prices for Kopi Luwak then putting a reminder in your GPS enabled PDA so that when you go near the store you get a message telling you to pop in and get some (and whilst you're in there pick up some milk, eggs and your mom's magazine reservations).

Stephen

Re:Duh

[Fulcrum+of+Evil]

Nope, just VoIP.

What the hell for? It's a mobile phone with a superior voice delivery protocol.

Re:Duh

[kmortelite]

+5 Insightful?

Come on! The numbers have "started to run out" in many parts of the world, North America excluded. Many parts of the world are clamoring for it.

North American acceptance of IPv6 is slow merely because we have no pressing need and existing IPv6 can tunnel through IPv4. It doesn't really bother us, but in case you haven't noticed, there is a whole lot more world out there than just North America.

Re:Duh

[DA-MAN]

Nope, just VoIP.

SIP can use an STUN to get around NAT. Besides what cell phone provider in their right mind would add voip functionality to a cell phone to undercut themselves?!?!

Re:Duh

[quantum+bit]

Not picking on you in particular cHiphead, just happened to be a convenient place to post.

IPv6 = everybody gets their own ip address, walk up to a computer, swipe your worldID card, it switches to your personal ip.

Except it doesn't work like that. IPv6 uses a hierarchical routing model, much stricter even than IPv4 classful routing.

The IPv6 address you get assigned (each customer is supposed to get their own /48 subnet, we'll see) comes out of your ISPs pool, which is probably a /32 or something. The really big carriers (i.e. backbone) get /24s, and they allocate smaller subnets to smaller ISPs. The big carriers get their subnets assigned out of a pool, but of the remaining 24 bits, the first 3 specify the address type and the last 8 are reserved. That leaves 13 bits, so there can be a maximum of 8192 "big" carriers (called TLAs).

Now, unlike the current internet, ONLY TLA's exchange routing information with each other. Every single address withing a TLA's block MUST be routable from one of its peering points. Routing between the TLA blocks may only happen at those top-level points. Small netblocks are no longer portable, so when you change ISPs, you get new addresses. No exceptions -- doesn't matter how many you have. That also means if you want to have a redundant connection for your server (multiple ISPs), it has to have multiple IP addresses too. No more BGP tricks.

So you can't assign an IPv6 address to a person, as every terminal they use has to have a different address by definition of IPv6.

The other common misconception is that IPv6 has more addresses (2^128) than particules in the known universe. This isn't really true as the lower 64 bits are not routable. They're usually automatically derived from the 48-bit MAC address, but can be statically assigned if so desired. Even if you did statically assign them, all (2^64)-2 of them would have to be on the same (flat) subnet, which would be one huge honkin LAN.

So that really only leaves 2^64 routable networks, each of which MAY have a lot of machines but in practice probably won't have more than 100-200 max, and probably averaging much lower than that. If you take into account that the specification calls for each customer to be given their own 48-bit subnet (giving them 16 bits worth to route internally if they so desire), there isn't just a whole lot more room then IPv4 because so much is forced to sit unused. It is considerably more to work with yes, but not astronomically like many people seem to think.

Ok, sorry for the rant, but just trying to make sure reasonably accurate information gets posted somewhere :)

Re:Duh

[radish]

I use VOIP behind NAT every day. Seems to work fine.

Re:Duh

[NoOneInParticular]

What the hell for? It's a mobile phone with a superior voice delivery protocol.

Price.

Re:Duh

[NoOneInParticular]

With cell phone provider, do you mean Nokia, Ericson, Motorola, or the soon to be obsolete mobile phone company?

Re:Duh

[rainman_bc]

The problem is in the HTTPS spec, and the FTP spec.

I think HTTP 1.1 solved some problems, but you should be able to attach an ssl cert to an HTTP 1.1 site without requiring an external IP.

FTP needs to accommodate host headers too.

One of the big problems is that each domain with a cert requires a valid IPV4 address. That's not good.

As well, I love that my ISP hands me an external IP, and that I can do whatever I please. Truth is most users don't need an external IP - they can be NAT'd...

Re:Duh

[Your_Mom]

Works fine, but its an amazing kludge. We should not be dependent on kludges.

SIP is one of the big reasons I want to move ti IPv6. Plus, and the fact that each of my servers can have an public IP address. Yum.

Re:Duh

[BridgeBum]

Certs use names, not IPs for certification. It is common practice to have web server farms running on private IP space (RFC1918) behind a load balancer.
The certs can and frequently do live on each server. The cert needs to match the URL domain name you are hitting, otherwise browsers pop-up a warning.

(There are other factors which trigger pop-ups as well.)

In otherwords, one IP can serve an entire farm of hosts. In fact, one IP can serve more than one domain, by using different webservers running on different TCP ports behind said load balancer above.

None of this is in the least bit unusual in today's internet.

Re:Duh

[jd]

IPv6 has Mobile IP built into it, so although they wouldn't have an IP address assigned to them, they would have an -address- assigned to them. The IP number it maps onto would depend on where they were at the time.

Re:Duh

[elgaard]

> SIP can use an STUN to get around NAT.

Yes, and it almost work. But go to any VoIP forum and you will se that many of the problems people are reporting are somehow related to NAT.

I know people who have VoIP adapters that they cannot use because of NAT. Yes, it is buggy routers (ie. Zyxel 650) supplied by the ISP, but without NAT, routers would be simpler and routers less buggy. Ie the problem with the Zyxel routers is that they try to be SIP-aware because of NAT.

SIP does not work well with symmetrical NAT.

SIP often does not work behind two or more levels of NAT. More than one level might not be necessary in most cases, but a lot of routers, WiFi accesspoints default to use NAT, and users do not know how to turn it off. NAT just complicates everything.

In short, STUN, portforwarding, tunneling, proxying etc all works. But from the point of view of a VoIP phone company it means that 15% (my guestimate) of its custumers cannot just plug in the phone and having it work. And almost every custumer that use his/hers phone on multiple networks will have problems with NAT. That is a big problem.

Re:Duh

[Just+Some+Guy]

They're usually automatically derived from the 48-bit MAC address, but can be statically assigned if so desired. Even if you did statically assign them, all (2^64)-2 of them would have to be on the same (flat) subnet, which would be one huge honkin LAN.

Not true. I have a /64 netblock from HE (You read that correctly: not /48. Why? Who knows.), but that gets split across several /80 segments on my router: one to the LAN, one to wireless, one to DMZ, etc. Of course, autoconfig doesn't work on /80 blocks so I have to statically number all my hosts (I haven't been bothered to set up DHCP6 yet). Still, you definitely can route blocks smaller than /64.

Re:Duh

[Dolda2000]

Except it doesn't work like that. IPv6 uses a hierarchical routing model, much stricter even than IPv4 classful routing.

Ever heard of IPv6 Mobility? I haven't read the RFC myself, but from what I've gathered, when you are somewhere else in the world, you use the IPv6 address at that site to contact your "home agent" back home, and the two of you set up an IPSec/IPv6 tunnel between each other, and you get to use an IPv6 address from your subnet at home -- probably a static one. Remember, an IPv6 node is supposed to have multiple addresses. The major advantage is that you can travel between different wireless hotspots and actually keep your address. In other words, you don't even need the "worldID" card that the GP was talking about -- just an account on your home agent.

The other common misconception is that IPv6 has more addresses (2^128) than particules in the known universe. This isn't really true as the lower 64 bits are not routable.

Your point being...? This is, of course, the entire point of having so many addresses. 64-bits of routable addresses is still far more than will ever be enough to create a more than satisfactory routing model, while the link-local lower 64 bits will be more than will ever be enough to allow any number of devices on the uplink provided by the ISP. That was the point from the beginning, so I don't really know what you're trying to debunk. That there aren't more addresses than there are particles in the known universe? Now that would be a real loss -- now we only have as many as there are particles in our own planetary system!

Re:Duh

[thogard]

So they reduced the entire world to a bunch of /24 except the reason we are running out of ipv4 address is that routers can't cope with the entire routing table as a 16 million class Cs so they started only allocating /19 so they weren't allocated properly which means we ran out.

Sounds like the same story except this time the routing table is 4x bigger because of the extra junk an IPv6 router needs to keep track of.

The correct solution years ago was to tell Cisco to fix its IOS and not break the net because of cisco's problems.

Re:Duh

You're missing the point, which is IP waste. By the time the Host: header goes across the pipe, the SSL session has already been negotiated using the cert which is in place for that IP:port combo. That means you can't do name-based virtual hosting tricks in the obvious way.

If it was possible to negotiate the certs afterward (based on the Host: header) then it might work. This would require starting the session in an unencrypted state and then upgrading to SSL/TLS midway through. Then it turns into all kinds of fun if you are doing HTTP/1.1 persistent connections and then hit another site on that same IP.

You'd now have to bail out of that mode, go back to clear mode, renegotiate with the new cert, and keep going from there. It sounds like a mess, and since this plan only encourages IP reuse, it would actually get progressively worse.

Re:Duh

[porttikivi]

The point is, that you want your phone to be callable. AFAIK, there is no version four based protocol to initiate a connection to a node behind a NAT.

Besides public addresses of version six solving the problem, the 128 bits of the long address help to do other magic like Teredo: standard with my Windows XP SP2, anybody can actually open ANY IPv6 based protocol connection to me right now with my Teredo address, though I am behind a corporate ("restricted") NAT/firewall, which does not know about six at all, and can't even filter it! And I can reach any six user in the world.

Try Teredo today, because when the firewall people here about it, it will be history.

NAT works...

[Gopal.V]

NAT is the reason why ipv6 has not really been needed. The idea of having an IP address for everyone on the planet and for his dog too was really not needed.

Once NAT+Firewalls became popular enough, the requirement for large IP chunks for offices and stuff disappeared.

No backward compatibility, ugly naming scheme (tell me , who like ::1 ?) and over all lack of a need helped kill IPv6 from becoming too popular.

Re:NAT works...

NAT is not good enough.

Too many things have to work around NAT problems.

I run a small network and all the users running filesharing programs have problems. I have to give them each a port.

What happens when more than one of them wants to run server for a protocol which needs a specific port? SMTP?

Why shouldn't people be able to have full IP connectivity? NAT does not provide that, and UPNP is not enough to fix that.

Re:NAT works...

I like it. The address schema makes much more sense than ipv4. And what no backward compatibility are you complaining about? 6in4, 4in6, etc..

Re:NAT works...

[antdude]

Aren't we running of IP address for v4 even with NAT?

Re:NAT works...

[MenTaLguY]

I guess you've never had to merge two large private networks that are behind NAT.

NAT itself is okay, but using private IP ranges behind it doesn't really work for large organizations, especially large organizations that can (and do) need to merge with other such large organizations.

I've been on the receiving end of a couple of these situations; it can cause a LOT of pain.

Re:NAT works...

The heck?

No backward compatibility ::ffff:* is specifically for backwards compatibility with IPv4.

ugly naming scheme (tell me , who like ::1 ?)

And 127.0.0.1 is better? Easier to type? Shorter? This is a moot point, this is why ISC gave us bind, from which flows an endless bounty of hostnames.

the requirement for large IP chunks for offices and stuff disappeared.

What rock have you been hiding under? Game playing through NAT is nearly impossible. Scratch that... if there is more than one person trying to play the same MMORPG from the same IP, it IS impossible for many games.

As someone else mentioned, connecting two NATted offices via a VPN is incredibly difficult when they both use the same 192.168.1.x addresses. The list goes on and on.

Re:NAT works...

[dpilot]

>NAT is not good enough.
Good enough for whom. That's the first, and unfortunately only real question that we have to ask, here. From my own personal point of view, I agree with every one of your points. But your and my points of view don't really count.

Think of another point of view. Think of ??AA, for instance, as the most visible, and current whipping boy of the /. community.
>Too many things have to work around NAT problems.
Problems? NAT has no problems. The only "problem" is that some people have the wrong concept of the Internet, thinking of it as some bizarre "end to end" system. It's really supposed to be like broadcasting-on-demand, with a few handy things like email and customer feedback thrown in.
>I run a small network and all the users running filesharing programs have problems. I have to give them each a port.
Filesharing is EVIL. NAT is good, in that it hinders filesharing.
>What happens when more than one of them wants to run server for a protocol which needs a specific port? SMTP?
Ordinary people should NEVER run servers, only ISPs should, especially SMTP. Only ISPs and corporate IT departments could possibly have a clue about how to properly secure SMTP, or any other server.
>Why shouldn't people be able to have full IP connectivity? NAT does not provide that, and UPNP is not enough to fix that.
As I said, only corporate intersts need full IP connectivity, for regular people it's highly undesirable.

To go a little further, the article talks about the improved QOS available from IPV6, and how it makes streaming media MUCH better. That's BAD too, because QOS is a function more properly implemented by the ISP. That way the ISP can push streaming media to you - for a fee, while other media just won't stream without hiccups. That way the Baby Bells can be secure phone providers, because they can make sure THEY offer the best VOIP and everyone else's has hiccups.

Nope, from a corporate interest point of view, IPV6 is BAD. In a simplistic point of view, and without bringing EVIL into the discussion, it's bad for profits.

Re:NAT works...

[cat6509]

It isn't just mergers, our private addresses space collied with Qaulcomm's address space! Even though Service providers are not supposed to use RFC1918 addresses, they do. I am not really looking forward to IP6, but there are many times within this last year where I would have loved to have it already.

Re:NAT works...

[ignorant_coward]

The best part of DHCP and NAT: plausible deniability.

My IP address changes each time I reset my DSL, for example, which is what keeps places like OSNews still anonymous, in spite of the domains being posted along with comments.

NAT is also tremendously convenient for home networks. I have to only deal with my ISP for my DSL modem. The rest is up to me.

So, IMO, for every disadvantage of NAT, there are two advantages.

Re:NAT works...

Uh, you mean it causes a lot of jobs. If this were seamless, you would be out of a job right now. You should thank the stars that it's as painful as it is.

Re:NAT works...

[Woody77]

Or trying to open a vpn connection from a computer on one NAT'd network into another NAT'd network, which use overlapping private address spaces. I've had to change my home subnet twice now do to changes in the subnets used at work and VPN.

When gateway(at either end) to the outside world is 192.168.0.1, you're just kinda screwed for actually getting that to work right.

Re:NAT works...

What two offices that connect through a VPN since the same adddress space? There is so much room in v4 that private addressing has millions of possible choices if you subnet properly. I work in an organization with 15 sites all of which have multiple VLANs and each of them has a different private adderss space. Not too tough to set up at all. Same thing with playing games behind a NAT, although its a little more difficult to setup if you buy a junk router it can still be done without much fanfare.

Re:NAT works...

[Just+Some+Guy]

Once NAT+Firewalls became popular enough, the requirement for large IP chunks for offices and stuff disappeared.

That's right, because I freakin' love having to configure separate views in BIND so that "www.mycompany.com" is resolvable by both the world at large and our LAN. Yeah, I know, "set up another NAT and all the extra routing tables" - that's a crappy hack, too.

There's a lot to be said for a globally-addressable internal namespace, and NAT just doesn't deliver any of it.

Re:NAT works...

[thomsenb]

the main problem with NAT is that it violates the TCP/IP standard...since IP routing decisions now have to know about port names between client and router.

Re:NAT works...

[jp10558]

I know most people wouldn't ever care about running their own E-mail or FTP server. However, what about all the people who want to play their game online - and it has issues with NAT?

What about the people who want VoIP to go with that game?

I think that's the big issue that's going to keep things open for the rest of us, and eventually move to IPv6.

Re:NAT works...

[dpilot]

And you've probably hit the one set of issues that really matters to Joe 6pak's kids. (and Joe himself, depending on how indulgent he is and how buggy his kids are.)

The general model for games has been that one machine can become a server for your friends, and this is the sensible mode for lan parties. The other general mode is to connect to a server elsewhere. No doubt ISPs would like to keep things on some footing like this, but that lan party setup can also set you up with friends and neighbors on DSL or cable, and ISPs don't like that. (because you're running a server) Still, as long as they don't chew too much bandwidth or aggravate the spam issue, I suspect ISPs will be loath to shut down home game servers, even if they are technically against TOS.

I like the idea of VOIP to go with the game. I remember games enabling chat, but never wanted to take my hands off the controls to type a message. Embedded VOIP would be just the thing.

What could really blow things open is if there were some way to make a true peer2peer game. I wonder if multicast would help, here.

Industry study say govt must spend billions...

...to mandate IPv6 transition or earth will stop spinning sending everybody flying off into space.

Re:Industry study say govt must spend billions...

[Random+BedHead+Ed]

I read that Alexis de Toqueville Institute study as well.

Re:There's no place like ::1

[Gopal.V]

Learn to use and enjoy Zero compress in IPv6 :) ::1 would be the same as 0:0:0:0:0:0:0:1

Did you hear about the guy who went to get a /32 IPv6 block and the ISP replies that they don't retail out single IPs.

Information Technology

[kevin_conaway]

Thanks for clarifying what IT meant. I've been lost on this site for YEARS and now I finally know what that acronym means. Life is good.

Re:Information Technology

Thanks for busting my sarcasm meter, jerk!

Re:Information Technology

Sarcasm meter... wow, that's useful.

What does ipv6 get you?

[Cheeze]

nothing.

That's right, upgrading your network and spending lots of time/money gets your organization nothing. Sure ipv4 space is limited, but what's wrong with a little conservation.

I would bet most of the ip space is used for dialup users, where 1 dialup user = 1 ip address. Why not just NAT those dialup users? If you need a static ip address, do a 1:1 NAT or something. There's absolutely no reason a dialup user should have a public ip address.

People that use the internet for e-mail/web browsing could care less about their ip address.

Gaming on dialup hasn't really ever worked and is painful at best.

Running a web server on a dialup connect? probably not.

How many people still use dialup?

Re:What does ipv6 get you?

[kworthington]

A lot of people do still use dial-up, actually. But you do bring up interesting points: a dial-up user really should be NAT'd. After all, NAT is what has helped the world not really need v6 in such a hurry. On the other hand, switching now might save pain down the road. Being proactive is often a good thing, and rather than having a Y2K-like situation where everyone has to scramble at the last minute/month/year, we could switch before it becomes an issue.

Re:What does ipv6 get you?

[MartinG]

How many people still use dialup?

Not many, but forget about dialup and you still have a startage of addresses.

I know a few people who struggle now to get 2 ip addreses now for business purposes and the problem will only get worse.

ipv6 is the solution and so far the best arguments against it seem to revolve around not being able to read the addresses as easily. Well I say wake up and use DNS. That's what it's there for.

NAT is a hack and it broken for many protocols anyway. That's why all sorts of connection tracking and other kluges is required for various protocols. The sooner that nastiness goes away the better.

Roll on ipv6.

Re:What does ipv6 get you?

[shutdown+-p+now]

Gaming on dialup hasn't really ever worked and is painful at best.

I very well remember playing QuakeWorld on dialup. It worked just fine. Most other users on that server were on dialup connections as well.

How many people still use dialup?

Worldwide, it's the majority of all Internet users.

Re:What does ipv6 get you?

[Danathar]

Other than larger address space?

- New header format (less overhead in routers)
- A new Efficient and hierarchical addressing and routing infrastructure (again....less overhead in routers)
- Stateless and stateful address configuration (You could theoretically dump your DHCP servers)
- Built in IPsec
- Better support for QOS (Quality of service) in the protocol fields
- It's extensible (more headers can be added..it's in the protocol)

and more...

Re:What does ipv6 get you?

[Cheeze]

That's just my point. There's not a dire need for them. With your example of Y2K, that was a definite time/date that a problem would occur. Running out of anything is never a definite. Ip space is and will always be limited. Raising the limits doesn't mean you'll remove the problem, you'll only prolong it (for a really really long time). Finding a solution to the problem now is the best bet, the problem being the under utilization of our current ip space.

Removing those dialup users would also severely cut back the spambots.

I know a solution, give everyone /31's. (humor intended)

Another, probably more feasible solution is to use normal numbers, instead of dotted quads. Normal numbers are, at least theoretically, unlimited. The whole base-8 thing is so 1995.

Re:What does ipv6 get you?

[dnoyeb]

Your argument makes no sense. Dialup users take their address from a pool of available IP addresses at their ISP. When they hang up the address goes back into the pool. Whereas broadband users take their address from the same pool, but keep their addresses for a much longer period of time.

1 dialup user != 1 IP address. 1 IP address is needed per phone line, but in broadband, 1 IP address is needed per user...

Re:What does ipv6 get you?

bollocks. You have just as much 'right' to be publicly accessible from a dialup as cable/dsl/whatever. Heck, it might be the only option for you. How is someone else supposed to access the machine remotely?

Re:What does ipv6 get you?

[Cheeze]

I very well remember playing QuakeWorld on dialup. It worked just fine. Most other users on that server were on dialup connections as well

Right, because that's the only thing that was available at the time. Playing QuakeWorld over dialup on a p-100 as opposed to playing a comparable game today, with today's bandwidth, with today's computers. Even playing over dialup back when people played QuakeWorld, there'd always be someone that would get on with a resnet and own everyone.

Worldwide, it's the majority of all Internet users.

that's my point. NAT the majority of the users of the internet and you'll:

1. instantly have the majority of the normally used ip space suddenly available (for what purpose???)
2. instantly stop the spam flow to millions of mail boxes
3. instantly make DOSes nearly impossible on a large scale
4. instantly provide security for users behind the NAT.

Re:What does ipv6 get you?

[antdude]

I still use dial-up every day. :( I agree it should be NAT setup.

How about cable, satelllite, etc. NAT setup even with customers' routers (using NAT)?

Re:What does ipv6 get you?

[the_raptor]

5 years from now.

"Gamers on consumer level DSL are rare.

Running a web server on consumer level DSL? probably not

How many people still use consumer level DSL?"

I use dial up, I want an *Internet* connection, not a web connection. I also do not want to pay business rates to have an Internet connection. NAT is a hack. Real geeks prefer an elegant system over a hack.

Re:What does ipv6 get you?

[Cheeze]

I understand what you are saying, but there's no reason for the majority of the dialup users to have a public ip address.

Don't get me wrong, I TOTALLY understand the need for public space in some cases, but there should be different level of services depending on what the customer expects from the connection. If someone were to do a study that said 99% of AOL's customers simply want to use the internet for web/e-mail, and AOL could save $50 million/year by not having to pay ARIN for ip space (and lowered support calls from spyware infested machines), do you think AOL would take notice and make a change?

I think your speculations as to what the future would bring is a little far fetched. Calling NAT a hack may be justified, but it's a hack used by just about every corporate network in the world.

Re:What does ipv6 get you?

[the_raptor]

that's my point. NAT the majority of the users of the internet and you'll:

1. instantly have the majority of the normally used ip space suddenly available (for what purpose???)
2. instantly stop the spam flow to millions of mail boxes
3. instantly make DOSes nearly impossible on a large scale
4. instantly provide security for users behind the NAT.

And the same argument can be made for all non-business level internet connections. After all "prosumers" will be willing to pay more to run servers, play games etc. And DSL/Cable connected machines are the major spam/DDOS offenders because of there always on nature they are more likely to be compromised and have more time spam/DDOS, and can do so with more bandwidth.

Re:What does ipv6 get you?

[the_raptor]

I would say the majority of Internet users just want to use the web. Currently ISP's havent picked up on this. In the next few years I expect only business and geeks to have real connections (and be paying a premium for it). NATing average consumers will be done because it largely eliminates end user hassle, not because of lack of IP's.

Re:What does ipv6 get you?

[Dammital]

"There's absolutely no reason a dialup user should have a public ip address."

Unless that user is attempting ftp with an old server that doesn't support passive mode.

Unless that user wants to establish a P2P session with a [g]AIM user and exchange files or photos.

Unless that user is doing IPSEC with the corporate office and NAT traversal is unavailable for some reason.

"How many people still use dialup?"

More than you think: 41% of home Internet users still use dialup according to this report.

Re:What does ipv6 get you?

[Cheeze]

Ok, call your grandmother up and ask her if she has done any of the stuff you mentioned above. Call up any of the "normal" users and find out if they have ever ftped a file, exchanged files through AIM, or used a vpn.

What I propose is offering a NAT connection as default, but let the user opt out of it. If you have a REASON to have a public ip address, more power to you. Most of the dialup/cable/dsl users don't have a use for it.

These are the users I'm talking about. If you're using a vpn, ftping, or transferring files, you probably know you need a public ip address.

ftping to an old server that doesn't support passive connections? That's have to be an OLD OLD OLD ftp server as the RFC for passive ftp was passed in 1994. FTP servers that don't support passive connections are not RFC compliant.

Re:What does ipv6 get you?

[LetterJ]

"I use dial up, I want an *Internet* connection, not a web connection. I also do not want to pay business rates to have an Internet connection. NAT is a hack. Real geeks prefer an elegant system over a hack."

And, if the mentioned system were to be pushed forward, it would likely result in a cottage industry supporting "real" dialup. This exists in the DSL market right now. You can take the PPPoE setup on a shared phone wire pair that Qwest/MSN et al hand out or you can call up Speakeasy.net and get a dedicated loop with no phone on it at all (what I have).

Re:What does ipv6 get you?

[nickptar]

Ip space is and will always be limited.

And IPv6 has enough space to give every square millimeter of Earth a rather large number of addresses.

Another, probably more feasible solution is to use normal numbers, instead of dotted quads. Normal numbers are, at least theoretically, unlimited. The whole base-8 thing is so 1995.
That would require just as much change in the protocol as IPv6 would.

Re:What does ipv6 get you?

[Dammital]

Actually, if I could get my Mom to switch from her webtv to something a little more modern, she'd be likely to notice that "send photo" button (or whatever it's labeled) in aim.

I take your point that ipsec is likely to be an issue for more sophisticated users than your Gran. And you're right that most ftp servers finally know about passive mode by now (though some were pretty late getting around to it -- I'm thinking about the S/390 implementation in particular).

Regardless, you did say "There's absolutely no reason a dialup user should have a public ip address", and I only pointed out exceptions. Had you said "most dialup users don't require a public ip address" I'd have kept my mouth shut.

Re:What does ipv6 get you?

[shutdown+-p+now]

Right, because that's the only thing that was available at the time.

For many people, it's still the only thing available (or affordable) today. In a small Russian town where I used to live, a dialup connection would cost you about $1/hour. Time-unlimited dialup with 1Gb/month cap is $90/month. 256Kbps ADSL with 3Gb monthly traffic cap is $300/month...

Re:What does ipv6 get you?

[budgenator]

NATing has some limitation, such as only have 64K connections. While that seems like a lot, when browsers start making multiple connections to fetch images, pre-cacheing next pages, DNS requests it can dry up alarmingly fast. It would be hard for an ISP connection provider to anticipate how many addresses they'd actualy need; one new technology could catch fire and blow a year of planning out the window.

Re:What does ipv6 get you?

[petermgreen]

wtf do you mean by normal numbers?!

you could i suppose use some system of variable length numbers but the overhead of parsing and routing that would be huge

as for the dotted quad/ipv6 hex blocks thats simply a way of expressing the numbers for humans to easilly read it has nothing to do with ip itself (btw there is at least one protocol in common use that does send an ipv4 ip as one large decimal number)

the main reason ipv6 ips are so much larger was to actually SIMPLIFY routing/network admininstration by avoiding the need to worry about wasting addresses in the allocation plans.

Re:What does ipv6 get you?

[A+beautiful+mind]

Indeed.

Additionally, i heard a lot of network professionals, router operators saying that ipv4 and additionally older layer2-3 stuff are broken. It is simply used in an environment through hacks which it is not supposed to exist. It was designed for a trusted network, not to deal with malicious intent aswell. So, while quite smart stuff like layer 2.5 is used for a while now, it is another hack to make the previous one working. So additionally to what the parent post listed, ipv6 gives you better and much cheaper (improvement/cost wise) security. Also contrary to some posts, fully capable ipv6 firewalling/routing solutions exist already, ipv6 aware applications are there, although i do agree that there could be more of them.

Re:What does ipv6 get you?

[Cheeze]

I haven't heard of the 64k connection maximum, but it would be very simple to just add another NAT. There's nothing stopping an isp that uses NAT to just configure several different NAT sub-networks.

From what I understand about the early AOL network, it was basically pretty close to it's own private network. Then they opened it up to the internet, and probably used up several tens of millions of ips.

Re:What does ipv6 get you?

[Cheeze]

Why do you think dialup couldn't take their ip address from a 10.x or a 192.168.x.x ip address pool?

There are many, many more dialup users than cable/dsl users. And yes, right now, cable/dsl generally get 1 ip PER CONNECTION. I have 1 ip, and multiple computers behind it. broadband is NOT 1 public ip address per user.

Re:What does ipv6 get you?

[Cheeze]

Just wait till every RFID tag has a wireless connection, then take a look at a large Wal-Mart warehouse. Give every square millimeter on earth an ip address, and you're totally ignoring the 3rd demension.

My point remains that every square millimeter on earth does not necessarily need to be publically accessible.

Either way, if you have a limit of anything, that limit will be met one day. Just ask B. Gates and his 640k statement.

Re:What does ipv6 get you?

[budgenator]

basicaly there are 65535 total ports,

The Well Known Ports are those from 0 through 1023.
Well Known Ports are assigned by the IANA and on most systems can
only be used by system (or root) processes or by programs executed by
privileged users.
The Registered Ports are those from 1024 through 49151
UNASSIGNED PORT NUMBERS SHOULD NOT BE USED. THE IANA WILL ASSIGN *
* THE NUMBER FOR THE PORT AFTER YOUR APPLICATION HAS BEEN APPROVED.

The Dynamic and/or Private Ports are those from 49152 through 65535

so in reality only 16384 or 16K can be actualy used for NATing

ivp6 is so not cool man

[GillBates0]

AOL is the way to go if we want to improve the internets!!!!1

all the cyber people need to support teh AOL in their awesome efforts to make the internets better for everybody.

can't believe you peeps havent seen the cool AOL comercials!!!!111
"want a better internet?"
"you belong to america online!!!"

Give them a reason!

[Lockz]

Companies won't change if there's no incentive; they have to be shown that it will help them out in measured ways, or until they're eventually forced to do it by everyone else. They won't be an early adopter otherwise.

Doesn't achieve their goals?

[nganju]

How about providing static IP addresses to DSL and cable modem users, so we can actually use simple DNS (or even just memorized IP addresses) to host things with servers in our living rooms? Seems to me that would be a huge value proposition for any ISP to its customers.

Re:Doesn't achieve their goals?

[willisbueller]

http://www.no-ip.com/ quite simple, has a linux how-to as well. Totally free for "living room" use.

Re:Doesn't achieve their goals?

[Slashcrap]

How about providing static IP addresses to DSL and cable modem users, so we can actually use simple DNS (or even just memorized IP addresses)

You think you can memorise IPv6 addresses? You must have a seriously good memory. Either that or you've never actually tried.

Personally, I have memorised about 100 IPv4 addresses. But I'm not sure I could memorise even a single IPv6 address.

Re:Doesn't achieve their goals?

[farnz]

An IPv6 address is the same as 4 IPv4s in the worst case. I have a /48, and even I can remember 2001:8b0:104:1::1 and 2001:8b0:104:2::1 off the top of my head (DNS and gateway for two subnets); it's not much harder than remembering 81.187.250.193 and 81.187.250.201 for both. Plus, DNS deals with the need to remember lots of IPs anyway.

Re:Doesn't achieve their goals?

[nickptar]

ISPs don't like people running home servers, remember? It takes money away from their hosting services, uses bandwidth, and "normal people don't need to do that". Not to mention the RIAA-subpoena thing.

Re:Doesn't achieve their goals?

[Fulcrum+of+Evil]

An IPv6 address is the same as 4 IPv4s in the worst case. I have a /48, and even I can remember 2001:8b0:104:1::1 and 2001:8b0:104:2::1 off the top of my head

Silly me, I use this thing called paper.

Re:Doesn't achieve their goals?

[Geekboy(Wizard)]

try typing in the same ipv6 address a few hundred times. I have my range memorized.

I think the title says it all

[DrinkingIllini]

Little Interest In Next-Gen Internet

Ain't that the truth.

India and China

[naveenkumar.s]

Developing countries dont have an option other than to move to IPv6 due the apparent shortage of IP numbers. And if that's the way, then the rest have to go for IPv6 because, they say v6 cannot inter-operate with v4.

Re:India and China

no doofus, they can use IPv8
which is FULLY backward compatible with ipv4
and offers more addresses than even v6 does.

get a clue!

But...

[RemovableBait]

Regardless, what's wrong with IPv4? I've been using it on my network for years and I haven't had any problems or extra requirements. They're gonna have to come up with damn good reasons to switch because, at the moment, it's just not worth the hassle.

I know i'm not the only one who thinks like this.. all of my colleagues are happy with the v4 system, and the (less high maintenance) users know what i'm talking about when I assign IPs or mention '127.0.0.1'. None of them have a clue about '::1', and it isn't worthwhile changing until IPv4 truly becomes defunct and obsolete.

Re:But...

[RemovableBait]

and it isn't worthwhile changing until IPv4 truly becomes defunct and obsolete

Or until there is more widespread adoption.

Re:But...

[jgold03]

Here is another incentive:

IPv6 has built in flow control at the network level. The reason you haven't seen much video-over-IP and other streaming technologies is because we use a pure packet-switched network instead of something a hybrid like a virtual circuit network. Because of the massive amount of multimedia going over the networks, the IPv6 team has added virtual circuit networking to the protocol. It is this feature that will eventually push businesses to move to IPv6.

Re:But...

The flip side of all of that QoS and flow-control goodness, is that they can deprioritize YOUR traffic that YOU think is important and it is out of YOUR control as its being done upstream from you.

Those things are fantastic for your own internal network where you have control over it, but when the ISP has the power, they will do it in ways that you don't like that make your file sharing, or server less available.

Right now my packets are just as important as Microsofts, and would rather it stay that way.

Gotten used to NAT

[vertinox]

I think the major problem is that most Americans have gotten used to the limitations of NAT.

I for one would like to be able to transfer files once again with friends (you now like pictures or video conference) which I can't seem to do now since everyone is behind a NAT these days.

I would also like to play Hearts of Iron again multiplayer without having to disconnect my room mates from the internet. (No amount of port forwarding and opening ports and using DMZ actually works mind you. Well it sort of does... But not very well...)

But it might be a while before we see IPv6 universally.

Re:Gotten used to NAT

[h4rr4r]

I am confused as to why you cannot transfer files. Could you not forward ports or maybe your friends/family? Here on slashdot the general public may be considered one step away from drooling on themselves, but I am sure you could talk someone trough it. I do this for my friends and family. Most(these days all) home NAT boxes have fairly easy to use http frontends. While you may consider someone dumb for needing your help to do this I consider you lazy for not helping. Also when IPv6 is the standerd I will still use NAT and I hope many others do.It may not be a complete solution for security, but is all that protects many home users PCs from becoming spam zombies. Also there are many times when having fully routable IP address is not needed nor prudent. Let us remember that wasting IP space is what is going to kill IPv4. There is not an actual shortage of IP space, but an artificail one. This is because whole class A blocks have gone to waste for things that single addresses would have been fine for.Checking out the enourmous amount of reserved space is left as an excerise to the reader. Waste not want not.

Re:Gotten used to NAT

[vertinox]

Oh I can forward ports and configure routers to direct everything to once specific machine, but the main problem is that i share the connection with 3 other room mates in our house.

Fowarding all AIM, Yahoo, and MSN ports to my computer would most likely result in a protest of my room mates. They bitch enough about the fact that I block allot of sites for their own good.

That and have you ever tried to walk a family member or non-technical friend over the phone through configuring a router? (I used to do it for a living with another company.) When you are doing it for free there comes a time that you say "Just send it via email and I'll look at it later."

If pictures of there pets were that important maybe I'd put forth more effort, but maybe that is why the article is right about everyone disinterested in IPv6.

Personally, I would use it mostly for in home web hosting and gaming servers on machines that are mostly locked down. I would agree that for security reason I would most likely make everyone else stay on a hardware NAT. ;)

Re:Gotten used to NAT

[petermgreen]

you CAN transfer data directly between two users behind most nats without needing to set up port forwarding etc its just that app designers have been slow to adopt the methods reqired.

the teqniques needed are in RFC 3489

the main issue is that to use it you have to do everything over udp and that requires far more programmer effort to do well than tcp.

Re:Gotten used to NAT

[h4rr4r]

You make several very good points, but most of these problems could be fixed if the app developers gave an easy way to change the ports there products use. For example my fiancé and me use a nat box at home she uses bittorent over ports 6000-7000 and I use 8000-9000. It is sad that these programs are not more easily configurable. (But some are) I am not quite certain but I believe aim is not that hard to configure for this. We do it at work, we block the normal port and when we set it up for a user we use port 333 or something like that. This keeps the average user from setting it up themselves. (But since the win98 machines are finally going to be replaced that should on longer be a problem) And yes I have last week I walked my father through the setup of warftp then the configuration of the nat to make it work. All from memory and if it were not for the fact that those files where necessary I would also have said, screw it.

Re:Gotten used to NAT

[farnz]

The other (serious) issue is that STUN does not handle symmetric NAT at all; it depends on the NAT simply remembering which port it's assigned.

Most corporate NATs, and more and more consumer NATs remember the (protocol, source port, source IP, destination port, destination IP) tuple for each state. STUN depends on the NAT remembering no more than (protocol, source port, source IP, destination port); anything built on Linux IPTables, or OpenBSD's pf already remembers too much.

Re:Gotten used to NAT

[petermgreen]

i'd need to do some tests to be sure but i think linux iptables generally doesn't change the port unless it has to so it will generally work with such methods (and be identified as a restricted port cone).

i'm not entirely sure how it behaves when multiple lan machines use the same source port to contact different hosts though.

Re:Gotten used to NAT

[SirTalon42]

You know with IPv6 people would be allocated more IP addresses than could be scanned in an insane amount of time, right? That would make worms spreading much harder.

And do you think only people that know how to mess with routers would be transferring pictures or files over IM? I have to give people space on my web site because everyone I know is behind a router and can't send them directly.

Re:Gotten used to NAT

[farnz]

It's not the change of port that matters, it's the connection tracking. The STUN server can detect what external port you're on, but this is useless information to the other party if the NAT insists that all data comes back from the STUN server, not from a third party.

STUN can work around a NAT device that changes ports. It cannot work around a NAT device that tracks the full (protocol, source port, destination port, source IP, destination IP) tuple. Tracking all of these is more secure (as a random idiot aware of the NAT cannot spoof data easily), but costs 13 bytes of memory per tuple, plus the associated comparisons. In the days when an embedded device vendor drooled at the idea of affordable 32-bit processors, hoped that 16-bit processors would get just a bit faster before release, and could rarely afford to fit a full megabyte of RAM, vendors found ways around storing and tracking the lot; it turns out that for most uses, tracking (protocol, source port, source IP) is enough, and it's now only 7 bytes per tuple.

Linux was never designed to run under those constraints, so it always tracked the entire tuple. Nowadays, Moore's Law has caught up on the vendors; it's cheaper to fit an ARM and 4MB of SDRAM, than to fit a cheap 16 bit processor and 512kB of SRAM. Further, you can get cheap yet complete ASICs including a reasonably fast ARM, MIPS or PPC processor, a 4-port ethernet switch with an ethernet controller attached, enough RAM and flash for your application, plus an easy route to attach a second ethernet controller, or an xDSL chip, or whatever access method you need. Price-wise, these ASICs are usually similar to just the processor, RAM and flash alone.

Those vendors with existing code that they've ported still find that STUN works; those who've started from scratch, used Linux, or taken a BSD as their base have full tuple tracking, which stops STUN working.

For reference, both MSN Messenger and Skype get round symmetric NAT using two different, nonscalable techniques. MSN simply direct traffic between two symmetric NAT users through MSN's servers; as the number of users relying on this go up, either their connections go slower, Microsoft has to buy bigger and bigger pipes, and spread NAT breaking servers across more and more countries.

Skype relies on there being enough users out there behind STUN compatible NATs (or with real addresses) who won't mind routing a small amount of data for another Skype user. Neither mechanism scales if more and more users disappear behind symmetric NAT.

Finally, since I seem to have got suckered into writing a bit of a treatise on NAT, people use symmetric NAT because it scales to more clients. A symmetric NAT can cope with 65535 UDP states or TCP connections per external IP assigned to the NAT to each and every (host, port) tuple on the Internet (so a symmetric NAT can have 65535 connections to Slashdot for HTTP, and a further 65535 connections to Slashdot for HTTPS, plus 65535 connections for MSN, and so on).

All other NAT types limit you to at most total of 65535 UDP states or TCP connections (1 UDP state per UDP port, 1 TCP connection per TCP port), which means that once 65535 TCP connections are established, one has to be killed before another one can start.

Vested Interest

[Magada]

And Juniper Networks is pushing the idea that IPv6 is not on anybody's agenda because sell routers, NAT boxes and associated services. A severely restricted adress space is what they need to continue to do so. This is just an attempt on their part to establish/enforce a perception that IPv6 is not needed/wanted. It may have misfired, though.

Re:Vested Interest

[Slashcrap]

And Juniper Networks is pushing the idea that IPv6 is not on anybody's agenda because sell routers, NAT boxes and associated services.

I'm pretty sure that Juniper sell IPv6 compliant kit and would love to sell more of it.

I know for a fact that they sell VPN kit - NAT & IPSEC go together like oil and water. Yes, I know it does work but it's still a pain in the ass and I say this as someone that has to do it for a living.

Remember kids, implementing IPSEC NAT-Traversal makes the baby Jesus cry.

Re:Vested Interest

[99BottlesOfBeerInMyF]

And Juniper Networks is pushing the idea that IPv6 is not on anybody's agenda because sell routers, NAT boxes and associated services.

I hope you are joking. Juniper would love to sell upgrades of their router's to all of their current customers to facilitate the jump to IPv6, but as they said, customers are just not very interested. I work for a company that sells network security devices and I can tell you IPv6 has been on the agenda for a long time, but most of the IPv6 support just keeps getting pushed back further and further, because no one really wants it from us. The only reason to include it is because some of the asian market is starting to ask for it. The U.S. as a rule is uninterested.

Re:Vested Interest

[Joehonkie]

Yeah, you pretty much misfired. They will still need to sell routers, and probably replace all the old ones. And think of all the money to be made on re-training and re-certification. Increasing the address space doesn't make the routers go away. IPv6 would probably require more memory and processing power if anything. Both Cisco and Juniper are TYRING to push IPv6. So, I think you misread their intentions.

Re:Vested Interest

[rnxrx]

Juniper sells boxes that do NAT. They also sell boxes that route IPv6. People buy their equipment regardless.

I don't think Juniper is pushing an anti-IPv6 agenda here - who do you think is providing a lot of the IPv6 routing infrastructure in DoD and Asia? They've got entire groups that do nothing but deal with IPv6. IPv4 vs. IPv6 in the Juniper world doesn't make that huge of a difference. They sell the same hardware either way.

Re:Vested Interest

[Drakonblayde]

You can't be serious, Juniper (and Cisco for that matter) would *love* to sell upgrades to handle IP6. Juniper doesn't have a SOHO router business to protect by keeping everything IP4 (and I question how much Cisco really values it's Linksys market) Besides, IP6 adoption would probably just make folks buy home routers all over again. I have to wonder if the ISP's would allow everyone to have as many IP's on their local connection as they wanted, or if they'd try to up your monthly bill for each IP. If that's the case, someone is going to come up with the equivalent of a NAT router to avoid paying for extra IP's

Re:Vested Interest

[Magada]

"IP6 adoption would probably just make folks buy home routers all over again". Laughable. With such an enormous adress space, IP's will commodify in no time flat, thus making the "router" concept irrelevant for all but a handful of applications, along with all of the "advanced features" of firewall boxes nowadays, which mainly deal with NAT anyway. Get real. When/if IPv6 comes, you'll have no reason whatsoever to continue buying stuff from Juniper&co.

Re:Vested Interest

[Drakonblayde]

Oh, I agree with the fact that given the IP space is so large, there's no *need* for home routers. But one of the main reasons home routers came about in the first place wasn't for their cute little firewall protections, it's so folks could share the internet connection. Why? Because ISP's weren't A) willing to give you extra IP's for the same connection or B) wanted to up your monthly bill by an insane amount. Who's to say the ISP's won't try the same damn thing with IP6? If there's a chance for money to be made, someones going to be stupid enough to try it.

A sound point

[cryptochrome]

IPV6 will involve more digits/typing/remembering than IPV4. Of course sysadmins are reluctant.

Re:A sound point

[Reducer2001]

As a sysadmin I agree. However, various name resolution services (DNS, NIS, etc.) should be able to take care of this for us. Provided you can get it installed and working properly.

Re:A sound point

The whole point of converting to IPv6 is that a user is not required to memorize a number. With IPv6 it'd be nearly impossible. Thus the integration with name resolution services such as DNS or WINS. The reason SysAdmins are reluctant to switch are two fold. One, cost prohibitive still. An IPv4 router is much cheaper than an IPv6 router. Second, with the advent of NAT, many SysAdmins see no reason to switch. However, with IPv6, administration of IP networks is immensely easier because of auto-configuration built in to the protocol, security via IPSec, and easier route aggregation.

Re:A sound point

[cryptochrome]

Forgive me for being doubtful, but I wonder how auto that configuration actually will be...

security

[jlebrech]

In my opinion a new internet will be crippled by
monitoring like security and tracking. Half of
internet2 when i goes mainstream will be used for
tracing users for illegal activity.

Then will be the need for a secure and
unmonitored net to run on top of the new
internet to overcome sensorship, and guess what
it will have the same speed as the current internet.

Re:security

I hear you and agree but the internet is already is already crippled by monitoring, security and tracking.

Notice original site that web.archive points to seems to be under some constant DOS attack. Until people wake the fuck up and stop tolerating blanket sweeping mass survellience in the name of 'security' we are going to have a problem.

Re:security

[Slashcrap]

In my opinion a new internet will be crippled by
monitoring like security and tracking. Half of
internet2 when i goes mainstream will be used for
tracing users for illegal activity.

Internet2 is a research network and will never go mainstream.

The IPv6 standard makes IPSEC support compulsory which doesn't exactly make it easier for the Man to monitor your Kazaa downloads.

I think the tin foil hat is restricting the blood supply to your brain.

Might be a good idea

[Tenebrious1]

"If studies like this aren't acted on ... then instead of having a quarter of all the world's ISPs clustered here, around Reston, you'll have a quarter of the world's ISPs clustered around Tokyo or Beijing. I don't know if that's what the U.S. government really wants."

Hmm... moving AOL to Tokyo or Beijing might not be a bad idea. Would be much more expensive to send out all those CDs to people here...

Re:Might be a good idea

[Voxus]

Nah. They'd only move corporate headquarters, not their cd-pressing and shipping operations.

I have a minimal

[macaulay805]

I have a minimal writeup on my blog here. It states where I got my 6to4 tunnel from, how to activate the tunnel (in FreeBSD), and the problem I faced when activating the tunnel! All in all, now my webserver answers requests on ipv6!! Check it out! Its very easy, I suggest all geeks at least try this at home. Later tomorrow, once I'm done testing, I will put an extensive writeup on how to make your home network a functioning IPV6 ONLY network (includes: Windows Boxes, Mac Boxes, Linux Boxes, FreeBSD boxes, and OpenBSD Boxes).

Re:I have a minimal

[darxpryte]

These days you don't even need hurricane electric to get on the ipv6 net, you can just set up a direct 6to4 tunnel. If you have a ipv4 IP address you are by default assigned a /16 on the ipv6 net (this equals more addresses than you could possibly use). People in the past have made their own writeups but I have mine for FreeBSD here

Getting a ipv6 only network is pretty hard since lots of things don't work yet. For example a lot of implementations of Samba don't support ipv6 and if you want your ipv6 only network to get on the v4 net you'll need something like NATPT (which is only in KAME-SNAP) or faithd set up. I've been looking into this as well since I have yet to see a complete writeup of this sort.

The best way to speed up adotion

[doublem]

First, you need to make it cheap and easy to migrate, and make it part of the OS. Want a new Windows machine? Fine. It'll connect to the Internet and Ipv6 transparently, and you won't see the difference.

Second, move all the porn sites to IP v6.

Actually, screw step 1. If you can manage step 2, and keep any new upstarts from taking over the vacated IP v4 porn market, then IP v6 will become the standard within a year. We'll all have a laugh over the contorted and convoluted arguments PHBs with little to no technology understanding will come up with to justify switching their corporate networks to IP v6.

Re:The best way to speed up adotion

[Florian+Weimer]

Second, move all the porn sites to IP v6.

IPv6 is not really suitable for porn because it's expected that end users receive static address assignments, which makes porn download less anonymous.

Re:The best way to speed up adotion

[doublem]

In which case IP v6 will NEVER catch on.

I mean NEVER.

The first industry to make money online was Porn, and I would guess it's still among the largest. You can't change the underlying architecture by ignoring one of the major uses of the existing technology. It'd be like making a new TV standard that didn't have sound.

Re:The best way to speed up adotion

[smittyoneeach]

Look, when it comes time to pump up the hardware sales,
lobbyists for the hardware manufacturers purchase influence with politicians
politicians write law requiring IPv6 hardware for government projects
a large base of government IPv6 hardware acts as a step function for the market
ATAMO (And Then A Miracle Occurs)
new products appear to leverage IPv6, and your post ceases to make sense.

Re:The best way to speed up adotion

[Chibi+Merrow]

Funny, that didn't work that well with ADA, strict OSI implementations, etc, etc, etc...

Re:The best way to speed up adotion

[smittyoneeach]

Neither of which were hardware or industry-driven.

Re:The best way to speed up adotion

[Chibi+Merrow]

OSI networking was very much about the hardware...And the DoD demanded all new hardware be run on ADA... But you are correct, they weren't industry driven... Much like IPv6... ;)

I just don't see IPv6 going anywhere in the US until there's an actual benefit to it--no matter what the government does. :)

Re:The best way to speed up adotion

[smittyoneeach]

And ADA is still used in some government applictations, I hear.

Re:The best way to speed up adotion

[Chibi+Merrow]

And in that respect, you're correct... But we're not trying to get the government to adopt IPv6, we're trying to get the rest of the world to do it, correct? How many non-DoD systems make any use of ADA? ;)

IPv6 Bittorrent

[Danathar]

If people wanted to jump start IPv6 traffic (at least on Internet2), an offical Bittorrent protocol specification that includes IPv6 would help.

Bram Cohen has talked on occasion about IPv6 having some advantages for Bittorrent although I can't remember what he said.

Re:IPv6 Bittorrent

[macaulay805]

I believe that would be a great idea!! Think of this, the bittorrent protocol modified a little bit to support IPV6 Multicasting!! I believe that would be the next revolution of a content distribution system.

Re:IPv6 Bittorrent

[Big_Breaker]

Multi-casting is an obvious benefit of IPv6. Sure IPv4 can support it but IPv6 guarrantees it.

Re:IPv6 Bittorrent

I thought practical multicast support in ipv6 was still being worked out. I have a tunnel with sixxs, and they only recently started experimenting with multicast support, and still don't have connectivity with the m6bone.

Re:IPv6 Bittorrent

[Wesley+Felter]

The Internet does not support multicast, and will not for the forseeable future, and IPv6 does not change that. The problem is that multicast could create a virtually unlimited amount of state in Internet core routers if it was enabled, but those routers don't have virtually unlimited RAM to hold all that state.

Re:IPv6 Bittorrent

[Wesley+Felter]

IPv6 guarrantees nothing, since "mandatory to implement" and "mandatory to enable" are quite different things (and neither one is enforceable anyway).

Let me tell you

[TheRealMindChild]

My problems with adopting IPv6:

• When I am on the crapper, and my wife asks me "What is the IP address of our FTP server?" (or something), it is a lot easier to respond "one nine two dot one six eight dot one dot two ten" then "three eff eff eee colon eff eff eff eff colon zero one zero zero colon eff one zero one colon zero two ten colon aye four eff eff colon eff eee eee three colon nine five six six"
• When in Windows, you can't cahnge your IPv6 address like you are familiar with, under network settings->TCP/IP... you have to use some obscure command line tools
• If we were willing to takeup changes... even if they mean a more efficient system, why do we still use the same email system?
• NAT am wonderful
• I don't necessarily want my refigerator and TV to be uniquely identifyable
• No cool acronym has been made from it

Re:Let me tell you

[t_allardyce]

I don't necessarily want my refigerator and TV to be uniquely identifyable

Also subnets mean you can have several billion uniquely identifiable toasters in your house with IPv4, if v6 is all about longer addresses then I don't see much of a need..

Re:Let me tell you

[stevey]

NAT am wonderful

Sadly not - here's just one brief list of things that NAT break

I can think of other things too, although I do admit that things like Skype have successfully shown that NAT-punching works simply and fairly reliably.

Re:Let me tell you

[Chang]

The last item on the list (VPN's and NAT don't mix) is the nail in the coffin for IPv4.

Corporations started building extensive VPN network a few years ago and are finally realizing what a nightmare this is.

Re:Let me tell you

[fr0dicus]

I see quite a lot of those as benefits, personally. Not only for my own systems' security, but also from preventing the Internet from being further flooded with crap by having resolveable vulnerable systems open to attack and manipulation. I'm quite happy to switch to ipv6 if I can still have NAT, or some easy similar method of making my systems "call only".

Re:Let me tell you

[SirTalon42]

With IPv6 worms won't be able to find any systems because each end user is supposed to be allocated an insanely large number of addresses.

Re:Let me tell you

[Fulcrum+of+Evil]

When I am on the crapper, and my wife asks me "What is the IP address of our FTP server?" [...]

"Um, ftp.foohost.com"

Re:Let me tell you

[budgenator]

DUDE I refuse to do household tech support from the bathroom throne; if it's not smoking, it can wait. I also intensely dislike talking on the phone while using the toilet. If your wife can't wait until your done, she, like mine has serious people skills problem (Don't tell either of them I said that either).

Re:Let me tell you

[fr0dicus]

I thought security by obscurity was frowned upon?

How about fixing SMTP

[G4from128k]

I suspect that much of the perceived "insecurity" of the net stems from people's experience with spam, e-mailed viruses, and phishing. Redesigning the protocol to prevent spoofed headers would go a long way to reduce spam (or at least make it easier to filter). We get about 75 spams a day that claim to come from our domain or mail server IP.

The other major source of the perceived "insecurity" of the net is due to the insecurity of end-user devices (and end-users themselves), but that a harder issue to tackle.

The larger problem is that the internet was designed during an innocent era when all the devices on the net were assumed trustworthy. Secure .mil or collegial .edu networks never had even consider issues such as spam, spyware, DDoS, DNS poisoning, IDN spoofing, etc.

Re:How about fixing SMTP

[panda]

I agree with you pretty much completely and was discussing with a co-worker the other day that if IPv6 becomes widespread that the situation would likely get worse as IPs would essentially be disposable at that point. (Many spammers already treat them as such now.)

As for your problem with receiving mail claiming to come from your own domain, my answer to that is reject it. All of the email servers that I'm responsible for respond with a 5xx error whenever a computer connects and uses a hostname or ip address in my server's domain, when the actual IP address doesn't match my domain. This step alone eliminiates 100s of bogus messages a day.

The other step I take is too make sure that my servers run in pedantic mode and reject mail from servers that don't follow the SMTP protocol. If you connect and don't say HELO|EHLO, or don't wait for a response before spewing data at us, then the connection is unceremoniously dropped. This eliminates hundreds if not thousands of spam connections daily, and so far has only dropped 1 "legitimate" mass mailer who refuses to change their software to conform to the standards.

Even with those steps, I still need to run spam and virus filtering on the servers.

Ahh, the best laid plans...

[Spirckle]

Why is everybody so shocked? The market changes and "oops" we forgot to think of these new requirements. So the solution is to ossify the mistargeted solution by creating a government office for it? Sounds like crybabies crying to me.

IPv6 experiences since 2000

[puzzled]

I first implemented IPv6 on a Cisco 7120 with a single FreeBSD 4.0 box as a host behind it - this would have been some time in late 2000. The IPv6 link came from Viagenie and this lasted a few months before I got bored with it.

I tried again last year with a couple of cable modem attached Cisco 17xx and some tunnels from Hurricane Electric. I was at a point where I wanted to do a lot more with IPv6 to get ready for my CCIE exam. HE was relentlessly useless in getting me more than what their tunnel broker system provided so I gave up again.

I tried later last year with BTexact's tunnel broker service and some other routers. Made it run, then started moving offices and lost interest.

I'm at it again - BTexact because they've got the best tunnel broker web interface and they'll give multiple tunnels, Cisco 28xx here, Cisco 17xx at a playful customer's site, and one FreeBSD 5.4 host. My CCIE gets closer and closer so this time its gotta go - web server, DNS, going to put up six total tunnels, then press for a block larger than the default /64 that comes with each tunnel.

Looking at IPv6 from the outside it would appear that someone collected a bunch of people who got kicked out of IETF for mental instability, a number of disgruntled Novell employees who believed that IPX was a gift from an advanced space alien culture, and locked them all in a junior high gymnasium with a goodly supply of blotter acid and two boxes of twinkies. Its the only explanation we have for the results we see today ...

Re:Wintel?

[gordo3000]

actually, current count right now for Mozilla vs. IE, both up and running and actually several more mozilla windows running. IE: 59.8 MB Mozilla: 41.3 MB on the virtual memory look. Now as RAM goes, mozilla is using a lot more, but its not the memory hog for me you seem to have a problem with. and I bet firefox is much lighter(though I don't have it on this particular computer)

Few articles actually address IPv6 benefits

[SgtChaireBourne]

The biggest problem is probably lack of awareness, just like in many other situations.

Few articles actually address real IPv6 benefits and instead pull out strawmen about a purported shortage of IP addresses. That's got to be the least significant and least relevant change between IPv4 and IPv6. Maybe that's all the 'journalists' can get their teeny minds around, or maybe it's mandated spin because certain key advertising accounts *cough*MS*cough* aren't looking to be IPv6 compliant any time soon.

Some of the main advantages of IPv6 over IPv4 are:

• quality of service
• simplified headers
• multicasting
• security (that's certainly buzzword compliant, why is it never brought up?)
• autoconfiguration
• improved routing
• authentication

Japan and China are already rolling out IPv6 networks. Since the article specifically points out the U.S., maybe it's time that U.S. businesses start getting technical news from sources other than their MS account representative.

Re:Few articles actually address IPv6 benefits

[tqbf]

Since you can't explain how IPv6 demonstrably improves security & authentication (IPSec works fine on IPv4), quality of service (vs. MPLS and DiffServ and the extent to which the problem remains unsolved in either protocol), multicast (we can't even figure out how to route it across domains, let alone make it reliable or scale it in routing tables), or autoconfiguration (99% of which is solved by DHCP), and since IPv6 makes routing MUCH HARDER, you're pretty much left with "simplified headers".

So I guess the biggest problem is lack of awareness of how simplified headers solves real problems for network users.

Good luck with that.

Re:Few articles actually address IPv6 benefits

[w1r3sp33d]

"IPSec works fine on IPv4"

I am going to file that with: "640K ought to be enough for anybody." and "I think there is a world market for maybe five computers."

Re:Few articles actually address IPv6 benefits

[RupW]

certain key advertising accounts *cough*MS*cough* aren't looking to be IPv6 compliant any time soon.

But Windows 2003 Server does have an IPv6 stack and this site says XP does too: just type "ipv6 install" in the console.

Re:Few articles actually address IPv6 benefits

I don't get your point. Are you saying that IPSec over IPv4 will fail in the short-term? Why, or how?

All the projections are that we won't need the address space for many, many years - so what's the problem?

Re:Few articles actually address IPv6 benefits

Pretty sure this was available in Win2k as well...

Re:Few articles actually address IPv6 benefits

[RupW]

Pretty sure this was available in Win2k as well...

Not by default, I don't think - certainly the 2K box I have to hand doesn't have anything obvious installed - but there might have been a downloadable IPv6 stack from Microsoft Research.

Re:Few articles actually address IPv6 benefits

[DigitalRover]

Where do you get the bizarre notion that Microsoft isn't firmly behind the move to IPv6? It's supported in Windows XP and 2003 and Microsoft has made dev kits available for Windows 2000.

Of course, all this information was just a Google away but you FUDers just love to practice your craft.

IPv8 is much better - get a clue!

IPV8 is MUCH better

guys, get a clue!!!

first post!! ;)

well duh

why would we bother to adopt a new technology until there's an impending crisis w/ the old one?

There is also the "network effect" to consider

[under_score]

I could set up my servers to do IPv6, but I don't have sufficient motivation to do so. It takes time and energy to get this set up, and I don't see any return for doing so. This is because the network effect is not yet strong enough. Someone has to work on getting IPv6 to "Cross the Chasm" or to "the Tipping Point".

use this tunnel broker

[puzzled]

These guys have a good tunnel broker interface:

https://tb.ipv6.btexact.com/

I used these guys a couple of years ago and they made me very sad:

ipv6tb.he.net/

Re:Wintel?

[teshuvah]

OMG dude you totally posted this for the wrong article. LOL!

regardless...

[ohzero]

With the most recent windows update, MS decided that we should all implement ipv6, which broke alot of things. I just switched to Mac. At least I know that the ipv6 interface on this thing can be smoked with ifconfig....

Re:regardless...

[MrP-(at+work)]

what? xp came with ipv6 support but you have to manually enable it, and it can be easily removed also. ive never heard of a windows update that turns it on, what are you talking about?

Re:regardless...

[Joehonkie]

I would also like to know what he is talking about.

First step.... Make the ISPs switch

[darkonc]

The last time I checked with my ISP (telus), they weren't supporting IPV6. This means that I need to tunnel to the nearest IP6 gateway -- so much for improved speed.

Once most ISPs are IPV6 native, there'll be a lot more reason for people to play with it -- if only because it'll then be a lot easier. (Hey, I'm lazy. I expect that others are too). I had tunnelling working for a while but it broke and I haven't gotten around to getting it working again.

Re:First step.... Make the ISPs switch

[nsayer]

Check out 6to4. The way it works, you wind up taking an optimal path (at least, as optimal as the IPv4 path is) to any other 6to4 user, which is probably a substantial chunk of current IPv6 users. Because of RFC 3068, the path to any non-6to4 IPv6 host should not suck too terribly badly (though there will probably always need to be more relay routers set up to do the appropriate magic with BGP).

It's also amazingly easy to set up. There is no excuse for Netgear, Linksys and the like not putting 6to4 support in their little NAT router appliances at this point.

Please tell me this is a mistake...

[spasmfrog]

from TFA:
Computer users would need a broadband connection with at least 512M bit/sec. to enjoy the better picture. IPv6 will free television stations from expensive satellite cable connections, Bayliss said.

Re:Please tell me this is a mistake...

whats wrong with that? 512Mbit/sec is on the low end of broadband, i have 5MBit/sec at home (5000Mbit/sec)

Re:Please tell me this is a mistake...

5 Mbit == 5000 Mbit? Pass the joint to the nigga on yo leff.
512 kbit/sec is the low end of broadband.

Address space is the least significant change

[SgtChaireBourne]

What's up with that strawman argument? The expanded address space is the least significant change between IPv4 and IPv6.

See my previous post.

Re:Address space is the least significant change

[jfengel]

The question is, how important are those benefits?

* simplified headers

Lovely, but since the IPv4 header code is already written, is it that big a deal?

* quality of service
* multicasting

These are enabling technologies. They're boring by themselves, but could enable something cool. But what they enable is better use of resources. You wouldn't need QoS or multicasting if bandwidth were unlimited. It will remain limited, of course, but when we start getting fiber to the curb, I wonder if the features will appear to use it.

Multicasting in particular is most important for simultaneous events, like broadcasting, which is counter to the "what you want when you want it" notion that drives Internet acceptance. But maybe a new thing will arise I haven't seen yet.

* autoconfiguration
* improved routing

These seem like things that would save ISPs money. But the question is, how much money? There's a huge IPv4 base installed and switching is expensive. Are these, along with the users demanding new features, enough to cause ISP acceptance? Or are the Japanese and Chinese and Koreans buying a pig in a poke?

* security (that's certainly buzzword compliant, why is it never brought up?)
* authentication

These two do seem like a big deal, but thus far we've implemented security and authentication (as well as sessions) at the next level up. Sure, it would be better at the IP level, but if the problem is solved (at least provisionally), it seems a major investment for little benefit. Unless there are IPv6 level security improvements that I'm not aware of; I'm not an expert and I'd appreciate any extra info.

I'm all in favor of IPv6 acceptance, and I'd like to start seeing it deployed in parallel with IPv4, and waiting for the advances to happen. But I'd like to understand why the ISPs haven't done it yet on purely capitalist grounds. Maybe it's because it's just too little to justify the expense.

Re:Address space is the least significant change

[philipgar]

I'm all in favor of IPv6 acceptance, and I'd like to start seeing it deployed in parallel with IPv4, and waiting for the advances to happen. But I'd like to understand why the ISPs haven't done it yet on purely capitalist grounds. Maybe it's because it's just too little to justify the expense.

On purely capitalist grounds the ISP's don't want to do this. Especially the Tier 1 guys who own the majority of IP addresses. Its the laws of supply and demand. If they keep the supply of IP addresses constant (which it is now) and demand for them keeps increasing (regardless of NAT routers, every cable modem gets an ip, as does every dsl modem, etc otherwise your local ISP would get too many complaints that XYZ doesn't work) they can charge more per IP address. The law of supply and demand dictates that buying extra static IP addresses cost as much as they do. Well, that and the fact that few people want it so it costs the ISPs extra to enable it for one person specifically.

What do you think will happen as more ips are demanded. These major backbone ISPs charge more for addresses. Of course they can only go so far before new Tier 1 IPv6 ISPs come into existance, but that will take a long time. If you have a monopoly on a limited resource thats in high demand (thats constantly increasing) would you give it up?

Phil

Re:Address space is the least significant change

[jfengel]

If you have a monopoly on a limited resource thats in high demand (thats constantly increasing) would you give it up?

Give it up? No. But since ISPs compete with each other, some ISP may eventually realize that it will be outcompeted by the others in the v4 space and say, "Try us, we're different, we have v6". Maybe Comcast or AOL will decide to jump first. Especially if it saves them money on configuration, or if they can make a good case for a static IP or other feature.

Or if they've run out of addressing space and it's cheaper to get it via IPv6 than by buying space from somebody else.

We're not there yet; I've never heard of an ISP saying, "Sorry, can't log you on, we have no IP address for you." Yet. Let's hope the ISPs are smart enough to fix the problem before they're hosed.

What was wrong with OSI?

[Colin+Smith]

I could never figure out what was so wrong with the OSI NSAP addressing that required IP6 instead. Other than NIH that is. Anyway...

IPV6 --prepare for your toaster spamming people

[tarpitcod]

Most users use a firewall to do NAT at the moment., they thus get some level of protection.

Take that away, have loads of IPV6 addresses and un-informed consumers, and your setting yourself up for your uC driven toaster, oven, refrigerator, entertainment center etc spamming people.

It just gives me the screaming heebie-jeebies -- does anyone else remember the feeling of walking into a PeeCee site that was 'internet connected'back in the 90's and asking what they were doing and finding out every un-patched PC had a distinct IP on the internet?

How about this?

[Conspiracy_Of_Doves]

Why dont all IPv4 addresses simply automatically get a secondary address where 255.255.255.255 would become 0.0.0.0.255.255.255.255

Re:How about this?

[csgames]

You mean something like ipv4-mapped ipv6 address? ::ffff:127:0:0:1

Re:How about this?

[Conspiracy_Of_Doves]

Yeah. Exactly

Re:Wintel?

[musikit]

opera 8.00 currently current. mem usage 23,980. VM size 29,884

Please note:

[CrazySailor]

Juniper has a horse in the race, selling network devices.

There's currently an IPv6 conference at which they're appearing as well. The conference ends today (2005-May-26).

There's a Washington Post article on the summit.

I'm posting from the summit, where they have a IPv6 802.11 network up for visitors use.

First mover disadvantage?

[BigTom]

I guess the US (having most of the IPv4 addresses in existence) will only start upgrading when US companies need IPv6 to use all the cool gadgets and technologies developed in China, Japan, South East Asia, India and Europe.

Of course they will have missed the innovation boat (and profits) by then and will be users rather than providers of new technologies.

More than one internet

[artemis67]

if we want to improve the internets!!!!

By which, you are referring to both the Internet and Internet 2, I assume...

Re:More than one internet

Nope. The liberal internet and the factual internet.

Sincerely,
George W. Bush

ps: vote for me in 2008!

Typical Slashdot Mentality

Techie has access and can spend the money on a fast net connection (either DSL, cablemodem, etc). Ergo, because this is his (and usually it is a guy who does this) situation he couldn't imagine that anyone else could be in a different one or want to be. This results in such idiotic statements such as "How many people still use dialup?".

Move pr0n on IPv6 ...

... then humanity will follow.

Actually...

[artemis67]

I'm just waiting for IPv7...

Never invest in today's technology, always wait until it's tomorrow.

Re:Actually...

[ByteSlicer]

Off course once it's released, you'll start waiting for IPv8 (etc)...

Re:Actually...

[timster]

Personally, I'm opposed to IP addresses for the dead.

Re:Actually...

[alc6379]

IPv8... Isn't that what happens when I drink too much vegetable juice?

The numbers look ugly

[tjstork]

Instead of separating addresses with :, why not just use the good old .?

IPV6 adressess just looks ugly.

why do you need a tunnel broker anyway?

[petermgreen]

if you have a public ipv4 ip then just use 6to4 and use the ipv6 /48 it gives you for basically as many machines as you wan't

Re:why do you need a tunnel broker anyway?

[puzzled]

I got /64s from tunnel brokers and I tried to get a larger block - first from Hurricane Electric, then from Sprint - neither were responsive.

I never considered the 6to4 stuff because I want BGP when I get a larger block ... I'm going to go check it out right now though ...

Could have had a V8 - IPV8 that is!

[RouterSlayer]

Hey guys, how about you get a clue?

Try IPV8! its a hell of a lot better!

its backward compatible with IPv4 - not necessary to change all the internet hardware or BS

and it has a LOT more addresses than Ipv6 ever will.

Dont like it? then try IPV16 !!!

sheesh you guys are behind the times... really!

Re:Could have had a V8 - IPV8 that is!

[Professr3]

Informative? Informative?? Goodness, don't you people actually read the post before you mod it? :P (-3 Informative) (+2 Funny)

Re:Could have had a V8 - IPV8 that is!

[RouterSlayer]

hey bud, get a clue, IPV8 is REAL!
go to www.ipv8.org

its a hell of a lot better than ipv6 will be any day

Re:Could have had a V8 - IPV8 that is!

[farnz]

So, where can I get an IPv8 implementation? ipv8.org appears to be down, my OpenBSD and Linux boxes don't have an implementation, and my Windows XP machine at work lacks IPv8 (but has IPv6).

Hell, where can I get a copy of the IPv8 RFC; it's not an official IETF one, and I can't find a proper spec for it.

They already have

[BobPaul]

...untill they run out of addresses

They already have.
--
Don't Fight Firefox! Let Firefox fight you!

Welcome to Network Externalties

Let's all calm down. This is not uncommon with all new technologies. It's an economic concept called network externalities, and it's applied to many technologies where "does it make sense for me to use this?" relates directly to "how many other people are using it?" The telephone, the TV, e-mail, and yes, even the web, have had these growing pains.

A good example is that barcode on the side of packaging that makes it easy to be rung up at the supermarket.

Until most supermarkets had scanners,it made little sense for food manufacturers to upgrade to put barcodes on packaging--no demand.

Until most food had barcodes, it made little sense for supermarkets to invest in pricey scanners--they still had to rung most things up by hand.

Whatever will we do! *wring hands* Why isn't this catching on?

Fortunatly, you know where this one turned out.

Initial growth will be slow--that's expected. It will be comparitively more costly for early adopters than later adopters--they have to do the pioneering before there's a lot of others to talk to.

But at least some are seeing benefit from switching now, and those numbers seem to be (slowly) increasing. For each oragnization that joins, they make it more compelling for other organizations to join, and move some others over the line from "not interested yet" to "OK, count me in." Eventually, a tipping point will be reached where most people cross that line, and eventually the technology will become the de facto standard.

Relax. This will happen. Every day the case for switching gets a little more compelling. But don't expect it overnight.

Simple Question:

[under_score]

How do I get IPv6 address blocks officially assigned to me/my company?

Re:Simple Question:

[Wesley+Felter]

IPv6 addresses are assigned using the same process as IPv4.

Lies. All lies.

[shani]

Some of the main advantages of IPv6 over IPv4 are:

• quality of service
  
• simplified headers
  
• multicasting
  
• security (that's certainly buzzword compliant, why is it never brought up?)
  
• autoconfiguration
  
• improved routing
  
• authentication
  

Of these, only "simplified headers" really applies to IPv6 over IPv4. (Although I confess to not knowing what "improved routing" refers to.) Yes, there is QoS for IPv4, and multicasting for IPv4, and IPSEC for IPv4, and Zeroconf, etc.

The real advantage of IPv6 is... more addresses! It is nice to be able to give each device a "real" addresss (meaning not behind a NAT) for any situation where you want your client to act like a server, the main use being P2P and games (as I see it). I think this is a compelling reason, actually, and eventually we will get IPv6. Why panic about the low level of interest?

Then again, I am in Amsterdam, and have a /48 of IPv6 addresses from my DSL provider. :)

Re:Wintel?

Huh? What the hell article were you trying to post to?

India/China IPv4 myth

[shani]

It's just FUD. Probably from IPv6 fan-boys.

But don't take it from me. Take it from the guy who runs the organisation that gives out addresses to India and China.

Re:India/China IPv4 myth

[endx7]

He's making an assumption that address use is increasing at a constant rate.

Re:India/China IPv4 myth

[ilctoh]

He says that we're good for addresses for the next 1-2 decades. So, you're saying we should only begin worrying when we get within five years of critical? Two years? 18 months? Its no secret that we still have several years of safety left with IPv4, but its also common knowledge that a switch to IPv6 will take up to a decade or more - that's why we're starting now.

Re:India/China IPv4 myth

"He said that around five blocks of "slash eight," or /8, addresses are consumed worldwide each year. Each block allows for 16 million host addresses. There are 100 blocks still available in the current IPv4 (IP version 4) system--enough for 20 years, or perhaps fewer when 3G, or third-generation, phones take off, but certainly more than the two years predicted by doomsayers, he said."

This is a constant rate -> ".../8, addresses are consumed worldwide each year...".

This is assuming an more pessimistic alternative -> "...or perhaps fewer when 3G, or third-generation, phones take off...".

Ok?

If they would stop killing p2p apps!

[HaeMaker]

p2p would be SOOOOO much easier with IPv6 because there is no need for NAT, but since there is so much resistance to p2p it can't be used as an impetus to move to IPv6.

Hopefully, VoIP and VCoIP will catch fire and providers will realize that its much easier to provide these services without every user using NAT.

Obligatory...

1. Convert to porn sites to IPv6
2. ????
3. Profit!!

90/10

[jfengel]

While there are certainly cases where NAT isn't nearly good enough, for the vast majority of users it IS good enough.

That's what makes IPv6 acceptance so slow: your ISP isn't going to rebuild its infrastructure so that you can run a SMTP server. Certainly not for the measly (from their POV) $50 a month you and your friends are paying for that line. If you want a static IP, or a few, you can have it, but you'll start paying $150 a month or more for the service.

Some day, those necessary static IPs will be too rare, and you'll have to switch ISPs to get it. At that point your ISP will need to switch to IPv6 to keep your business. I have no idea when that day is. It may well be soon; I can't say. But as a major investment for your ISP they're going to put it off as long as possible.

So the answer to your question, "Why shouldn't people be able to have full IP connectivity?" is, "Because not enough people want it to make it worth their while, but if you really want it you can pay for it."

Re:90/10

[afabbro]

That's what makes IPv6 acceptance so slow: your ISP isn't going to rebuild its infrastructure so that you can run a SMTP server. Certainly not for the measly (from their POV) $50 a month you and your friends are paying for that line. If you want a static IP, or a few, you can have it, but you'll start paying $150 a month or more for the service.

Or $70, which is what I pay for static-IP'd DSL.

Re:90/10

Actually, its just that not enough people know (or care). Once there is some popular software like kazaa (annoying as hell though it may be) which does not work with NAT, and requires a real IP address, people will begin to switch.

For instance, if skype released a version of their software which did not function through NATs and mentioned this in their documentation, that would be enough to start us off in the right direction.

The problem is that it does not make sense for skype to alienate customers even if it means they have to bend over backwards to accommodate the 90+% with no real IP addresses.

Re:90/10

[cayenne8]

"Certainly not for the measly (from their POV) $50 a month you and your friends are paying for that line. If you want a static IP, or a few, you can have it, but you'll start paying $150 a month or more for the service."

Geez...where do you people live that you pay so much money?? I'm in New Orleans, not exactly the tech mecca of the world...but, with Cox cable business acct...I get up to 5+ Mbit down connection, no ports blocked (all the servers I want to run), static ip, no bandwidth cap, and a minimal SLA.

Where do ya'll live where a basic connection is up to $150/mo??

One big question...

As a home user and/or a business, why would I want to do this?, other than to be able to say "Yay I'm cool, because I use IPv6?

Re:One big question...

[macaulay805]

Yay I'm cool, because I use IPv6?

As a home user - I can't answer that, but as a business, its to get ready for the future. In my original post, I stated all geeks should try this out .. Isn't that what being a geek is all about? Adopting something in the early days modifying/improving ensuring its successful growth? After all, its the knowledge that drives us (at least me).

Re:Wintel?

1) Wrong thread. 2) he meant he's been an [insert "engineer" or technical role he states] for 20+ years, NOT that he himself is 20-some years old. I believe he said something along the lines of ["20-some year old security ~something"], which differs from "I was born 20-some years ago." I don't know about you, but I happen to be a person; I don't exist mainly as a job title, so I can see how that would throw some people off, but I guess he just loves his job enough to state his time-in-the-industry when most people would give their age (logic is on his side, however: his actual age is less relevant than his experience). 3) So AMD solves every problem he rants about, eh? Unlikely, but it's still not the point. He said WinTel and he meant WinTel... If you want to use other platforms, then go right ahead (no matter how similar they are to Intel as far as most PC users are concerned...); that was what he was trying to encourage. 4) FireFox is FireFox, he mentioned no browser by name (in sections I read); If you care about how your resources are used, don't use Windows. Which is also what he seems to be encouraging, or at least hinting at (with a title like 'Mad as hell, switching to Mac', and such, you be the judge). Low resource usage is not what the majority of Windows installs which I have seen are all about, and most rely on 3rd-party software to shave off some of the filth that develops on common installs, be it the network ports Microsoft likes to leave open which most people don't touch, extra un-needed registry keys, spyware, malware, you name it. A large amount of Windows installs go downhill fast, in many aspects.

will IPv6 give me an unique identifier?

[F�an�ro]

Currently I have a dynamic IP. my IP is assigned by my provider from a pool, and changes at least dayly. I see this as an important advantage for my privacy.

If IPv6 became widespread, would this result in me having the same IP for as long as I stay with this ISP? Or even longer?

I regulary delete cookies I don't want, but if there is an unique identifier that is tied to me, then this is no longer possible.
Cookies could just be saved server-side, and shared among different servers. As long as I cannot change my IP, I could be clearly identified

Right now it is not feasible to identify users in this way, because most users do not have a static IP.
Would this change if IPv6 became widespread?

Re:will IPv6 give me an unique identifier?

[Wouter+Van+Hemel]

You can run dhcp on ipv6. Your isp can choose how they set up things, just like with ipv4.

Autoconfiguration with MAC addresses might not be the answer for ISP networks, since an ISP might not have enough control about people's NICs or how they will use MAC numbers. I suspect they will offer two solutions: one DHCP-like with 1 ip for cheaper accounts, and one with /64 subnetting for more expensive accounts.

In 2000, I had an ISP that had native ipv6 support, and I was assigned one random ipv6 address through dhcp.

As I understand it, one of the main selling points of the whole ipv6 setup was that end-users would be alotted a /64 to enable them to connect more smart appliances without the hack of NATed networks (although I wish ignorant end-users would be forced to put their windows disasters behind a NAT firewall)... So personally, I would like to have a fixed /64 and use the internet as it was meant to be, with direct access to my machines at home.

Re:will IPv6 give me an unique identifier?

Ummm...DHCP was primarily designed to do something similar to NAT--allow a fixed pool of resources to be shared by a larger population by dynamically matching a user to an available resource. To give an example, DHCP allows AOL not to have to have a distinct IP for each subscriber--they just need enough so that the maximum number of concurrent users are covered (which is a decidedly lower number).

While DHCP does have some nice anonymizing properties (who is behind aol-user89342312312.aol.com??), it wasn't designed as such. And once every machine can have it's own IPv6 address, there's no need for it. Why would ISP's continue to use DHCP?

So, yes. If every computer on earth has a static IP, then you can be tracked based on that IP. The reason this isn't a huge issue today is that it's not feasible for every existing computer to have it's own static IP. IPv6 changes that game. In theory, ISP's could use DHCP to anonymize this a but, but they'd have little incentive.

And, say hey and by the way, let's assume that (once IPv6 becomes popular), and ISP considers continuing to offer DHCP. How long do you think it will take the MPAA, RIAA, and for that matter the government to crack down on providing such a service? If possession of PGP has been ruled a relevant factor in determining criminal intent, what do you think the ruling would be on disguising your identity?

IPv6 problems

[vslashg]

D. J. Bernstein has a really nice page that explains why the current IPv6 transition plans are a joke. It's worth a read if you're interested in IPv6.

No support?

From what I've read, the wi-fi built into the Nintendo DS is IPv6 _only_. I might be wrong but that's a pretty huge userbase waiting to happen.

Built in IPSEC, etc.

[SgtChaireBourne]

Read up on IPv6 some time.

It's got built in equivalent of IPSEC. That alone would go a long way in improving most computing environments.

"Improved routing" refers to, among other things, route aggregation which reduces the size of routing tables which is helped by the simplified header which reduce router processing loads.

Someone with more networking knowledge can clarify why the IPv6 functions are much better than the IPv4 ones, where they may appear to overlap.

Re:Built in IPSEC, etc.

[Wesley+Felter]

IPSec works the same for IPv4 and IPv6. The same.

(Don't even mention "mandatory to implement", since there is no enforcement.)

Re:IPV6 --prepare for your toaster spamming people

[darkonc]

You don't need NAT to lock out all of your boxes... Any firewall powerful enough to do NAT can do stateful filtering -- If an incoming packet isn't related to an outbound connection, you just don't accept it.

Even when you are using NAT you still have to filter out packets that are routed to your outside interface and aimed at your inside boxes (you do do that, don't you?). This is especially true of cable systems where I can often see broadcasts from the other boxes in my neighbourhood and know that inside networks are almost always 192.168.[0123].* . There are often other ways to suss out the inside topology of a network besides just guessing.

Presumimg that just nat is going to protect you is the kind of false security thing that leads to gaping holes in your defences.

IPV6 on a Wrt54G

[a3217055]

I tried IPV6 on a wrt54g Linksys cable/dsl router and it went kaput. Don't know IPV6 or that firmware that I got of a site or the 700 times I flashed it :). Was loads of fun though. take care -A

IPv6 is an interoperability failure

[Zapek]

IPv6 hosts cannot talk to IPv4 hosts. Likewise, IPv4 hosts cannot talk to IPv6 hosts.

The whole Internet is reachable through IPv4, only a small portion of it is reachable through IPv6.

Dan J. Bernstein explains the problem perfectly well here as well as suggesting a solution.

Re:IPv6 is an interoperability failure

[WillAffleckUW]

IPv6 hosts cannot talk to IPv4 hosts. Likewise, IPv4 hosts cannot talk to IPv6 hosts.

Isn't that what a Bridge Router/Hub is for?

Silly me, I forget that we've never used IPv1, IPv2, or other versions and had to maintain such links. ..

Re:IPv6 is an interoperability failure

[Zapek]

Ok, I'll try to explain again.

The main problem with an IPv6 host is that it cannot talk to an IPv4 host directly. Why? Because IPv6 is not an extension of IPv4 but a separate address space.

Things would have been so much easier if IPv6 hosts were allowed to talk to IPv4 hosts, because most IPv4 hosts do have IPv6 compatible software already.

Example of what happens currently:

• IPv6 host wants to reach an IPv4 address
• failure to connect

Example of what should have happened (let's call that protocol IPv7 and consider it as an extension of IPv4)

• IPv7 host wants to reach an IPv4 address
• the packet is routed because the routers, even though some of them only have IPv4 addresses understand IPv7
• the target host receives the packet, this host, although it has an IPv4 address, understands IPv7 and replies to the packet

For the first example to work, you need the target host to have IPv6 compatible software an an IPv6 address as well. Can you imagine pestering every network administrator to configure an additional IPv6 address for every host with no immediate benefit? Certainly not.

But for the second example to work, you just need the target host to have an IPv7 compatible software. Once all software is compatible to IPv7, the whole Internet will be reachable through IPv7 so you can then start ditching IPv4. This scenario is incompatible with how IPv6 currently works.

Re:IPv6 is an interoperability failure

[WillAffleckUW]

Example of what happens currently:

* IPv6 host wants to reach an IPv4 address
* failure to connect


Actually, what will happen if we go to IPv6:

* IPv6 host wants to reach an IPv4 address
* Translation occurs at bridge and headers are repackaged to send stripped-down IPv4 version with IPv6 routing info in body of message.
* Everyone happy, although IPv6 message now more prone to being forged.

Re:IPv6 is an interoperability failure

[Zapek]

And what happens when the destination host (which is IPv4) receives an IPv4 packet with IPv6 "routing info" in the message body? It cannot make anything useful out of the packet which will be corrupted by that "routing info". What you're probably talking about with your vague definition of "bridge" is a tunnel or proxy. The former needs to be done between the source and destination host and the later needs to keep statefull information and is basically a NAT from an IPv6 network to an IPv4 network and needs its own IPv4 address as well. Not really transparent is it? Not to mention the troubles trying to put a server using this.

Re:IPv6 is an interoperability failure

[WillAffleckUW]

whatever, it's a technical solution that's not that hard to do. You either maintain both tables on the same device and translate from one to the other:

IPv6
FE.FI.FO.FU.MM.UK

equals
IPv4
179.1.0.0

or such like.

I leave the example to the coder. It's not a big deal. Now, if you're on IPv4 and want to send to IPv6, the easiest way is have a name.address server which has the following table

IPV4 email address
FROM: iamlam3ipv4@lowtech.org
TO: "ToodlesTehCat" FEFIFOFUMMUK@givemeipv6.org
SUBJECT: oh pity me

IPV6 email header repackaged
FROM: "iamlam3ipv4 lowtech.org" 186001002003@givemeipv4.org
TO: ToodlesTehCat@FE.FI.FO.FU.MM.UK
SUBJECT: [IPv4 lowtech] oh pity me

Or somesuch.

Geesh, we did it before, we can do it again. Eventually, people get tired of using IPv4 because it's so hard to reach the billions of users on IPv6, and all the cool stuff is on IPv6 anyway.

How do you think we switched to color TV from black and white? Some stations broadcast in color spectra, even showing black and white in color, and if you didn't have color, too bad.

Re:IPv6 is an interoperability failure

[Zapek]

I'm talking at the packet level and you're talking about email gateways. Completely different things.

And about your TV analogy, this is a perfect example of a good interoperability, unlike IPv4 and IPv6. Color stations broadcast a luminance signal and a chrominance signal. B&W stations only broadcast the luminance signal.

• B&W station to color TV: only the luminance signal is processed, TV shows a B&W picture
• Color station to B&W TV: both the luminance and chrominance signals are received but only the luminance one is processed, TV shows a B&W picture

Stations could immediately switch to color broadcasting and consumers could buy a color TV when they wanted.

If TV was handled like IPv4 and IPv6 we would have the following instead:

• B&W station to color TV: no picture
• Color station to B&W TV: no picture

But there would be a lot of ideas about signal converter boxes and stations having to broadcast in both B&W and color using 2 separate channels.

Re:IPv6 is an interoperability failure

[WillAffleckUW]

You're talking theory, and I'm talking engineering (practical).

What I'm saying is there are methods - using intervening DEVICES with both table sets - to send packets and packet streams between IPv4 and IPv6.

However, they require concentrators and the lag in translation would probably disrupt the packet flow severely, so it's useful for rerouting email (which is not normally time-sensitive) and applications, but would fail under broadcast stream conditions.

This is good - if you are on an IPv6 network, you should be getting the IPv6 version of the stream, not the IPv4 version, and vice versa. Some of the IPv6 header is helpful in optimizing the flow and reassembly of IPv6 streams and setting traffic priorities, and thus it should NOT be optimized for IPv4 traffic, but treat it as an awkward cousin.

You call that a bug. I call that an evolutionary selection feature.

they spek as they knew...

[l3v1]

...as always. Still: want better Internet security and easier network management. they write. Thing is, those IT folks they speak about probably know exactly what IPv6 is for, which is not better security and easier management. It's mostly the extended address space, not much more, think of it as IPv4 on lower-end steroids. So they probably don't expect such features from it. Which is not true for ignorant article writers.

Your Goals != ISP's Goals

[sweatyboatman]

Most ISPs don't want their users hosting ANYTHING out of their living-room. That would use up bandwith which is directly linked to the pocketbook of your ISP. What ISPs want is home users paying a regular rate and using a minimal amount of bandwith (e.g. surfing the web, checking email). Not serving up their home movies or getting slashdotted.

Not to mention that by making dynamic IPs the industry standard, they can treat "static IP" as an extra feature and charge through the nose for it. (Much like text-messaging & ring-tones on cell phones.)

All of which is to say, ISPs see no profit from giving all their users static IPs. IPv4 is a blessing because it makes static IPs precious. Moving to IPv6 would just cut apart that revenue stream (at least in the short-run, which is all most companies seem to be concerned with).

-tom

Re:Your Goals != ISP's Goals

[WhatAmIDoingHere]

They must hate me maxing my 7Mbit download all day for a week now (MST3k Episodes)...

SlashDot = SPAM Board for ComputerWorld?

Why do /. editors accept posts about articles in InfoWorld, CNET, ComputerWorld et al?

Is SlashDot supposed to follow the paper media ? These articles are days, if not weeks old when posted - why does SlashDot accept them?

Is SlashDot paid to accept posts about these articles? If not, then they should be , since it's free advertising for commercial publications.

When will the Internet publishers like /. grow uip and cut their umbilical cord with the tabloid IT press?

Re:SlashDot = SPAM Board for ComputerWorld?

Its "Slashdot" you retard.

If you dont like the articles, leave.

IPv6 + Bittorrent = new age of piracy!

[mprinkey]

Don't tell anyone, but the multicast ability in IPv6 could make P2P file sharing *even more efficient*! That initial seeder could send every packet to every downloader at the same time. Multiplexing that with a bittorrent-type download net means that you could move a lot of data much faster.

When each packet can reach multiple destinations, there are lots of very interesting possibilities. And if P2P has taught us anything, it is that those new technical possibilities will be employed first and foremost to trade moviez, mp3z, warez, and pr0n!

Re:IPv6 + Bittorrent = new age of piracy!

But as someone else pointed out, static IPV6 addresses will be even more identifiable than current addresses are - so what you gain in multicasting you lose in anonymity. Still want to pirate movies and download porn?

Re:IPv6 + Bittorrent = new age of piracy!

[mprinkey]

There is no anonymity now. On a bittorrent network, you have the real IPv4 addresses of seeders and other downloaders on the torrent. A narc can connect to the tracker and get everone's IP addresses. If you are NATed, they will get the IP of your NAT box and your ISP will be able to turn that IP into a name and address.

Little Interest In Next-Gen Internet

[ndansmith]

Well, that's no surprise; there's hardly any interest in today's internet.

yeah, sure....

From TFS:

> Information Technology (IT) decision-makers... ...ee the next-generation Internet Protocol called IPv6 as helping them achieve their goals

Given how many of these gits repeatedly put their palm (or equivelant) into their back pockets only to break it (yet, again), or will fight tooth-and-nail that a command or a switch not be deprecated because they don't know what deprecated means, this is hardly a surprise. I'm just waiting for the day when I can be more cynical.....

IPv6 Myths

[shani]

Read up on IPv6 some time.

Dude, I've been working with IPv6 for 7 years or so.

It's got built in equivalent of IPSEC. That alone would go a long way in improving most computing environments.

"built in equivalent of IPSEC"?? Huh? Rather, you mean the IPv6 standard requires that IPv6 implementations must have IPSEC, I am guessing. IPv6 with IPSEC is no more secure than IPv4 with IPSEC.

"Improved routing" refers to, among other things, route aggregation which reduces the size of routing tables which is helped by the simplified header which reduce router processing loads.

You are confusing two things here. IIRC, IPv4 checksum includes the TTL count, which means it has to be recalculated at every hop. This was fixed in IPv6. It's been a few years, but I think that this is what people normally refer to by "simplified headers".

Route aggregation, OTOH, is directly a result of address allocation policies. The hope is that because we can give "enough" addresses to each ISP, that any given network will only have to advertise a single route, thus minimising the number of routes that routers must maintain. This is a beneficial (and as yet unproven) side-effect... of having lots of addresses!

Someone with more networking knowledge can clarify why the IPv6 functions are much better than the IPv4 ones, where they may appear to overlap.

If you're talking about the socket API, in my experience there is no real advantage to the IPv6 functions. They exist so that you can manipulate IPv6 addresses, nothing more, nothing less.

Re:IPv6 Myths

[jd]

Last time I looked, IPv4 had thousands of tiny entries in the header. IPv6 had considerably fewer. IPv4 has to deal with fragmentation, IPv6 requests the end-to-end MTU and transmits to that. IPv6 also uses stackable headers, so the main header has almost nothing in it, and includes specialized headers for anything that needs it. That keeps a lot of the gumph out.

Re:IPv6 Myths

[jd]

There are a few benefits to the socket API. IPv6 does anycasting, which means that you can make queries based on type of service, rather than on what server you want to have answer the query. IPv6 is also automatically configuring, which has to do with the heirarchical nature - the router hands the node the prefix, and the node then uses that to build the address.

This goes onto the mobility aspect. If a machine moves from one provider to another, the MAC portion of the address remains the same and is guaranteed unique. The machine just bolts on the new prefix. Because there's a 1:1 relationship between old and new addresses, connections based on the old address can be forwarded to the new address transparently.

It's been a while since I've done actual socket-level IPv6-coding, as I usually use libraries for low-level network stuff, but IIRC the "network order" and "host order" issues have also been simplified somewhat.

ridiculous hype

[rnxrx]

"The U.S. government is being very stupid about doing IPv6, and it's going to put us at a disadvantage," Lightman said. "If studies like this aren't acted on ... then instead of having a quarter of all the world's ISPs clustered here, around Reston, you'll have a quarter of the world's ISPs clustered around Tokyo or Beijing. I don't know if that's what the U.S. government really wants."

This is just silly on the face of it. ISP's exist and physically cluster based on fairly straightforward economics - where are the customers and where can they get capacity cheapest. The choice of protocols is a direct function of customer demand and is not some kind of product or mindshare that would arbitrarily find itself overseas. If the US continues to move towards hundreds of millions of consumers online there will continue to be lots of ISP's - both serving customers directly and connecting to other ISP's serving customers directly.

From a more technological point of view as networks are upgraded in the normal course of things we're seeing devices which would either not support- or inadequately support- IPv6 disappearing, to be replaced by boxes which will do a better job with IPv4 and - surprise surprise - tend to also support IPv6. Look at the routing offerings from Cisco and Juniper - IPv6 is widely available.

When and if ISP's want to roll IPv6 in a big way (which, incidentally, is going to be driven by customer demand - not some fear of shady Asian ISP's taking over) they can do so with software changes.

The downside of IPng, IPv6, ISO CLNS/CLNP, ATM, etc.. has been that standards bodies often set out with (sometimes wonderful) solutions in search of problems. They seem to often ignore the fact that the strictures imposed by the present state of things is one of the chief factors to be considered. Life and technology very rarely afford us the opportunity of a completely fresh start. We should plan accordingly.

Tell them it's for Homeland Insecurity

[WillAffleckUW]

sell them on Fear Uncertainty and Doubt.

heck, works for MSFT ... [caveat, I own shares of them]

Seriously, though, moving to IPv6 and Gigabit Internet for the whole nation would be a SMART thing. I can't believe you don't have high-speed bandwidth in the commercial world like we do at university, college, and medical institutions.

And you'd solve a lot of security problems by just ditching IPv4.

It's not what you know, it's how you use it

[WillAffleckUW]

...as always. Still: want better Internet security and easier network management. they write. Thing is, those IT folks they speak about probably know exactly what IPv6 is for, which is not better security and easier management. It's mostly the extended address space, not much more, think of it as IPv4 on lower-end steroids. So they probably don't expect such features from it. Which is not true for ignorant article writers.

True, the header is wider and more addressable. True, it's easier to send email to non-earth locations. True, the timeout values are wider.

But if properly installed IPv6 includes IPvSec, which means better authentication, and less hackable network designators, and thus makes it easier to use securely with an IPvSec wrapper which is supported fully on IPv6 but not on IPv4.

But, hey, live in the dark ages if you want ...

IPv4 subset of IPv6

[augustz]

Given the quantity of addresses available for IPv6, I'm unsure as to why IPv4 couldn't / wasn't made a subset of IPv6?

Right now we've got a catch-22 it seems. Why would I offer an IPv6 ONLY service, if that means a ton of my users will be locked out? As long as I offer an IPv4 service, why would my users switch? They can just use IPv4 up the stack.

If IPv4 address were subsets of IPv6, couldn't an IPv4 users request an IPv4 address. Once it hits their ISP, check routing and prefix if possible with IPv6 prefix. This could happen anywhere along the line, including just the last hop. My server can just run an IPv6 stack, and know that the rest of the internet, IPv4 and 6, can reach it.

Instead, we've got a "fresh start" approach, which seems like a bit of a stretch.

Or am I missing something obvious here? It sure looks to me at this point that running an IPv6 only server is a bit complicated unless you set up a broker or something else manually.

Re:IPv4 subset of IPv6

[pe1chl]

You are right. The way it should have been done is as an extension of the address space in such a way that a transparant gateway between the two spaces could be setup at any possible point. I.e. some router that can translate an IP packet like a NAT router does now, without keeping state of course.

A new client should be able to communicate with all existing IPv4 servers, a new server should communicate with all existing IPv4 clients, and new servers and new clients could use the extended address space.

As it is done now, with the only compatability being tunnels of IPv6 connections through IPv4 space, there is zero chance that it will ever be adopted on a credible scale.
This is a serious design error, that probably was not seen by those who wanted to improve the world.

Re:IPv4 subset of IPv6

[SirTalon42]

IPv4 is a subset of IPv6.

Re:IPv4 subset of IPv6

[augustz]

What is the IPv6 prefix for IPv4 addresses? How does one set up the transparent gateways?

In the initial spec I didn't notice this. Can you point to some more details?

Re:IPv4 subset of IPv6

[augustz]

Exactly! You said it better then I did.

The neat thing is you could translate back and forth more then once, all without maintaining state. Next link IPv6 OK? Add prefeix, send IPv6 packet.

Next link IPv4 only? Strip prefix.

In fact, this way client or servers could upgrade to IPv6 without worrying about everyone else except their next hop.

I was just thinking of server side, but this could allow anyone to upgrade as they wished, as long as they had the support of their next hop.

This is so obvious that there must have been a reason this ISN'T the way it was done. Be curious if someone had the details.

Re:IPv4 subset of IPv6

[PeterBrett]

The 16-bit prefix FFFF is the IPv6 compatibility subnet for IPv4.

HTH.

Re:IPv4 subset of IPv6

[daniel+de+graaf]

Depends on what you want.

There's ::ffff:1.2.3.4 for addressing ipv4 addresses from ipv6, which is (for example) what my ipv6 services see when an ipv4 client connects.

There's also the 2002:0102:0304::/48 subnet that allows ipv6 addresses to be created from an ipv4 address.

From ipv4, you can't access ipv6-only addresses without using a proxy (sixxs.net has one) or using 2002: ipv6 addresses

Mod down parent: -1, Urban legend

The address shortage is a myth.

When 2 billion new Net users go online

[WillAffleckUW]

in India and China and Japan - which are rolling out IPv6 whether the US wants it or not ...

Well, let's face it, we no longer "control" the Net.

Time to migrate to IPv6. I read the specs years ago, it's a lot cleaner than IPv4, IMHO.

training

not only that, but simply training all of the lower level sys admins, desktop support people, helpdesk staff, etc. that need to know this stuff but aren't (and considering how little some of them get paid, shouldn't have to be) necisarily exposed to this kind of technology, could potentially throw a wet blanket on any organization's adoption of v6.

On top of that, with the very common practice of outsourcing desktop support now, it would be triply as hard trying to convince an outsource company to train their extremely high turnover call centers and onsite techs to not only work with a new technology, but give an entirely new face to networking in general. Considering that they are using the walmart method of super efficent (well, relatively) low cost, high volume business, even the slight per-employee cost of having to train everyone on this new technology could affect their profit margin very negatively.

It won't happen until Microsoft MAKES 'em.

[crovira]

But is like USB adoption, Microsoft won't do it until 'Apple's done it'.

Guess what? Apple's already done it, (with Airport Extreme and Express, with eight octet groups right on the hardware,) but they're not making a big deal out of it because Apple's customers are not tech savvy enough to know what the fuss is about anyway.

All Apple need to do is start making a noise and Microsoft will once again play 'catch up.'

I'm running IPv6 on my friggin LAN and the WAN is only running IPv4. Go figure?

Re:It won't happen until Microsoft MAKES 'em.

[daverabbitz]

But Microsoft have already done it, they just don't tell people. All you have to do to get IPv6 running on Windows XP, is run ipv6 install at the CMD prompt. This is assuming you already have an IPv6 router, setting up a router can be a much more difficult task depending on your network architecture. Still Linux is even easier, it's already there.

And to all those who say there is not point to IPv6, free usenet :o, what better reason than that.

Now if I can just get my Freenet6 Tunnel to stay up when the ISP pointlessly changes my IPv4 Address, It's frickin' DSL, I'm always going to have an IP so why do they need to change it.

I Don't Buy It.

[HopeOS]

This guy says that over 50% of all the addresses are allocated out, and despite the absolute explosion of network connectivity, he can continue to hand out /8's for the next twenty years? Not even maybe.

If IANA started actually allocating blocks at the rate they are being requested, they would run out tomorrow. Dynamic IP and NAT is a direct result of allocation requests being denied.

-Hope

Re:IPV6 --prepare for your toaster spamming people

[tarpitcod]

I agree 100% - the point was - Do you really think that your average consumer who buys the new uC controlled refrigerator with nifty 'email you when out of milk' is going to have any clue about any of that stuff?

Nope, they are going to plug it right in to the 'super-duper highspeed broadband network' and *if* your *lucky* they are going to maybe have a consumer firewall that hasn't been shipped in a totally lame default configuration.

If they change the default password on their firewall and even change the internal subnet address then your *LUCKY*

I'm not talking about the few people who will plug it into their Penguin box with iptables firewall, who has a non darth-vader-unix snort box logging every packet.

I actually wonder what the legal implications of a network attached *anything that could make people sick* is going to be... Just imagine if some nasty script-kiddie SYN floods your refrigerator, and manages to convince it to turn off for say a day or two - at which point some internal watchdog process detects the problem and reboots, and starts cooling again without warning you.

You come home half asleep from a trip eat some food and wind up with food poisoning.

Dude, can you say "broken window fallacy"?

[MenTaLguY]

If it were seamless, I could have focused my attention on my other duties. As it was there was a lot of other work that didn't get done...

Lost in the debate

[rockhome]

I posted about this a couple of years ago I think.

Everyone keeps talkign about NAT and its problems and support for apps and services. The real reason that IPv6 isn't being adopted is because core backbone providers aren't forcing it. No one has made a real commitment to IPv6, so it is not used at the enterprise level.

If you start with service providers, I don't believe that there is a lot of IPv6 even at that level. This is only really my conjecture, but as a consultant in the network management space, I don't hear customers begging for products that support IPv6. And until the backbone providers , and the IETF, decide that IPv6 must go forward, NAT is going to work for most people, and not much will change.

IPv6 is going to be a tough row to hoe, it will necessitate a lot of updates to libraries and software before it can be fully supported. A lot of companies spend a lot of money every year to monitor and manage their business systems with IPv4 based applications, and aren't going to risks the expense until IPv6 is necessary and vendors fully support it.

artificially scarce resources

[j1m+5n0w]

But when the numbers start to run out, they'll be clamoring for it.

One problem is that the united states has a lot more IPs per population than most of the rest of the world (does anyone have exact numbers for this?), so we'll be one of the last to run out, and therefore one of the last to adopt ipv6, which puts us in a very bad position.

A similar problem on a smaller scale is that those who own a lot of IPv4 addresses now have a competetive advantage over those who don't, and these are exactly the people (large ISPs, telco companies) who need to adopt IPv6 in order for it to take off. Their control of a scarce resource gives them a relative advantage against those who don't, so why would they ever want to cooperate to make that resource become non-scarce? It just isn't in their best interests.

Re:artificially scarce resources

[Wesley+Felter]

One problem is that the united states has a lot more IPs per population than most of the rest of the world

Only because ISPs in other countries have not asked for lots of addresses.

we'll be one of the last to run out

Nope; since IP addresses are allocated out of a common worldwide pool, everybody will run out more-or-less at the same time.

Hopefully once all the addresses are allocated they will be privatized so that ISPs can trade address blocks, leading to a more efficient allocation.

Re:artificially scarce resources

[j1m+5n0w]

Only because ISPs in other countries have not asked for lots of addresses.

Ah, but they have - but they're asking for IPv6 addresses, not IPv4 addresses.

Since IP addresses are allocated out of a common worldwide pool, everybody will run out more-or-less at the same time.

Those who grabbed the most addresses when they were available suffer the least when the crunch comes - they just reallocate them more efficiently, and use NAT more aggressively. Countries with a very small IPv4 address per person ratio, on the other hand, will switch to IPv6.

Hopefully once all the addresses are allocated they will be privatized so that ISPs can trade address blocks, leading to a more efficient allocation.

...and uglier routing tables. Why bother allocating IPs efficiently when they don't have to be a scarce resource in the first place?

Thats Fine

[dalek_killer]

I say fine let the business world keep the old internet and let the Geeks keep the IPv6. After all I think half the problems that the internet has, has to do with the business world anyway.

The Braindead Decision

[sytelus]

I think it's mostly corporates who don't "see" how IPv6 can make their businesses is profitable. The truth of the matter is IPv6 might probably kill off many of these corporates. Right now IPv6 is the nessesity for peer-to-peer communities, not just file sharing. Besides everything else it will probably eliminate NATs which is the biggest hurdle in peer networking. Right now all P2P clients including BitTorrent survives on meer hack called UDP hole punching which works for about 82% of the routers. No supporting IPv6 is good for MPAA but unimaginably bad for free Internet.

What burns me box.

What ticks me off is that IPv6 addresses use colons instead of periods. This was not necessary. They could easily distinguish IPv4 addresses form IPv6 addresses based on the number of supplied bytes or by the presence of double periods (instead of double colons).

Not only that, but web browsers insist that IPv6 addresses be given in square brackets because they are cannot parse the colons in the IPv6 addresses since one might deliniate the desired port. This problem occurs because of the "text compression" with the double colon. It wouldn't have occured with periods.

There's no place like.....

There's noplace like ::1/128

questions

[l0rdpestilence]

I don't know much about ip6. I do know a little about IP4. As a end user without much cash and constantly using whatever free stuff I can get What real benifits would I get from doing Ip6 stuff? What's so great about IP6 anyway?

NAT works!

[Inoshiro]

"Game playing through NAT is nearly impossible. Scratch that... if there is more than one person trying to play the same MMORPG from the same IP, it IS impossible for many games."

WoW works great. You can have lots of people on different machines behind 1 IP, assuming you have separate WoW accounts (no MMO lets you have multiple characters from the *same* account logged in for obvious reasons).

Re:There's no place like ::1

[keller]

:) ::1

This is the first IP i ever saw with a smiley in it. This is truly innovative. Yay IPv6!!

The psychology of bundling

[SgtChaireBourne]

Rather, you mean the IPv6 standard requires that IPv6 implementations must have IPSEC, I am guessing. IPv6 with IPSEC is no more secure than IPv4 with IPSEC.

Yes. That's true for the machines, but for the people, IPSEC is something extra that must be added to IPv4. When was the last time PHBs, MBA, or MSCEs did something extra? Or worse, customised basic protocols or services? Even for basic desktop icons, something like 60% of users leave the default icons, etc. (back in '96 during one of the DOJ vs MS trials). That figure is going to approach 100% as you start to deal with basic components of the infrastructue, like IP.

Obviously you seem to have much more experience and knowledge of IPv6. IPSEC is a good thing and it should be used, but it isn't. The way to get people to use IPSEC is through IPv6. This may end up being like the metric system and the world will have IPv6, the US IPv4.

Re:IPV6 --prepare for your toaster spamming people

[darkonc]

... the point was - Do you really think that your average consumer who buys the new uC controlled refrigerator with nifty 'email you when out of milk' is going to have any clue about any of that stuff?

If he does that with IP4, he's even more toast (if you'll allow the pun) With every home getting a /48 network, guessing the address of the fridge isn't going to be as easy as with your average NATed IP4 network -- and if the routers have sane firewall rules in place of NAT, then you won't be able to do anything anyways.

Of course, if you don't want your toaster to be world-addressable, then you should just limit it to link scope addresses -- job done. You actually end up with the best of both worlds: Link scope inside the house for private units and global scope for world accessible stuff -- along with the built-in security that IP6 provides.
The more I think about this, the better it sounds.

disagree

I would have to disagree I work for a leading Cisco CCIE training company and one of our best selling books are the IPv6 topics.

I think the biggest problem is getting people trained enough to use it, then getting major ISP's to switch.

www.ipexpert.com
www.proctorlabs.com

Mobile IP will be big, needs IPv6

[porttikivi]

I have designed a course on version six and I also teach 3G/UMTS and GPRS networks.

Why six will succeed (and I used to be a long time skeptic) is that Mobile IP will be big, and it will not work well with the version four world. Every PDA and phone will have VoIP and many other P2P applications and they will need to be reachable, not hidden as private addresses behind NAT routers.

I guess we could figure out some weird protocol to register on a SIP server your current NAT/port instead of your current version four IP, which often is private. Or we can have generalized "presence" servers and connections routed through non firewalled third parties. Actually IPv6 Teredo is a clever example of using similar tricks to create IPv6 public addresses behind v4 NATs and tunneling ANY IPv6 traffic to them.

Another huge problem with with Mobile IP, which still remains is incompatibikity with ingress filtering. That is a problem even with IPv6, but can be solved with the IPv6 mobility header home address option. And that needs general upgrading in the servers of the Internet, and it would never happen with Mobile IP v4, even if a similar solution (tunneling to servers) would be devised.

There are also political, commercial and psychological reasons for IPv6 to succeed, but not very much other technical ones: you need to be publicly addressable, independent of your location!