Slashdot Mirror
Federal Agencies Must Use IPv6 by 2008
MoiTominator writes "The White House Office of Management and Budget announced on Wednesday that all federal agencies must deploy IPv6 by June 2008. So far, Defense is the only agency which has made any progress toward implementing the new protocol." From the article: "While we know that IPv6 technologies are deployed throughout the government we do not know specifically which ones, how many there are, or precisely where they are located...For cost, the agencies must report on estimates for planning, infrastructure acquisition, training and risk mitigation."
Its nice to see that government is implementing IPv6, but I'm more curious as to when it will be implemented by the private sector and widely used. (Is there an FCC ruling or guidelines for transition time somewhere or are we just oozing towards it?)
Those who study history are doomed to watch others repeat it.
Another choice quote: Microsoft's next operating system, dubbed Longhorn, will be "fully IPv6-capable," Khaki said. That should really be: Microsoft's next operating system, dubbed Longhorn, will be "fully IPv6-capable, unless that gets dropped too..." Khaki said.
Oh, I don't know? Cisco? Microsoft? IBM? There are lots of people having interest in computer infrastructure investments.
Although there has been alot of noise around it, actual progress hasn't been so convincing and the 2008 date appears highly unlikely. In many cases its more a matter of "here's how we'd do it if you gave us X dollars" than a funded plan forward.
This has appeared all along like a deliberate attempt to force a "technology refresh" that would be beneficial to major US networking companies than any real response to technical superiority of the IPv6 protocols.
If the technical merit were really there (many of the supposed IPv6 improvements have been backported to v4), my guess is a specific mandate wouldn't be necessary. Business would take care of it.
Before people jump and say that we don't need IPv6 because NAT is good enough: No, NAT is not good enough. While I am grateful for NAT (and I am sure every other pood sod stuck with a single address only is grateful too), NAT has some serious shortcomings and limitations which increase the need for sometimes ugly, drastic or awkward workarounds for many things. It would be nice to be able to communicate with machines behind routers directly, though the security aspect that NAT provides really is useful.
What other industry is so stupid as to work for free?
Mothers and housewives?
Well, I'll bite.
IPv6 has such a large address pool to allow autoconfiguration of addresses for now and in the future. It basically redifines the whole issue of keeping up with who has which IPs. Just keep up with their network number and autoconfig the rest.
While the addresses may be 4 times the size and the header is twice the size, the header itself can be processed and delivered faster.
Obviously you only read trade mags and know nothing about networking:
1) You're thinking older Cisco equipment. But, the same argument could be made for any number of enterprise/carrier routing vendors. If you have a router/multilayer switch designed for IPv4, you're going to have to either upgrade it with IPv6 ASICs, or replace it completely. That's part of the price of transisition, and there's no way around that.
2) No one with any level of education in the matter says "We're running out of addresses." We're running out of address SPACE. Big difference. The huge class A and B networks issued to large US corporations and the military means those countries who got online later on are losing out. Case in point...I was on the redesign team at a USAF base that had two class B networks -- for 30,000 customers.
And NAT is only a stopgap. You end up with a massive number of interoperability problems when you start NATing. With IPv6, there simply isn't the need for it, and you remove those problems.
3) Memory and CPU performance hasn't been a major issue with most routers in a long time, especially BGP routers. Massive OSPF networks, yeah, the Dykstra algorithm hits hard, but there are other, less CPU-intensive options like IS-IS, or just design your network right from the ground up and summarize properly.
Again, the problem we're going to run into here is the specialized memory used for wire-speed packet switching. But, if you're doing wire-speed, you're going to have to replace the ASICs anyway, so the TCAM gets replaced too.
4) You're right, minimum MTU size in IPv4 networks is 576 bytes. But that's a difference of 3.5% versus 7%. Not a major issue -- especially since most MTUs are in the range of 1250-1500, or even higher in pure GigE networks.
The road to IPv6 will be bumpy, but the only issue you mentioned with any real weight is the first, and that's an easy one. You just throw money at it.
Where the problem is going to lie is in long-haul data transport, IPv4 interoperability, and legacy application support. The network's the easy part.
Page 46, CCNP Self-Study, Paquet Teare
Mac OSX has had great IPv6 for a while (10.2)
http://evanjones.ca/macosx-ipv6.html
And the feds moved back their deadline so many times that even 2008 will be pushed back.
Apple even had a demo of ipv6 in OS9 once, and a long while back was big on it.
Most people, who enjoy semi-anon IP addresses from defacto forced reissue taht I know are against IPv6 and see it for all its regretful faults, despite its wonderful goals and alleged benefits.
In an IPv6 world... there will be no more anononymity except at a WiFi cafe lacking video cameras.
1) You're thinking older Cisco equipment.
Wrong. Recent IOS releases still have the same problems, they are also quite catastrophic from a usability point of view in comparison with the IPv4 features.
3) Memory and CPU performance hasn't been a major issue with most routers in a long time, especially BGP routers.
This is always an issue, as memory costs money. The global routing table has just passed the RAM barrier a few months ago for many routers; most Cisco routers holding that table now require 512MB minimum route memory. (of course it also depends on what else the router has running, but as a general rule, the mark was hit.)
Either way, IPv6 means more memory and resource requirements, which in turn means a lot of investment with no return. That's why IPv6 will only come when it has become absolutely necessary. Which will take a few years still. So no, it is not "ready for prime time".
I see a lot of reasons to go IPv6, especially now China (1.3 billion people) and India (1 billion people) get connected.
extern warranty;
main()
{
(void)warranty;
}
..Just declare it part of the metric system. Or is that the other way round?
Don't trust anyone under thirty.
Intelligent use of NAT can get a lot of users into one IP. 9 out of ten surfers only need outgoing-initialed connections (web surfing, email, instant messaging, IP-based broadcasting and legal music download software).
But if you want to do video conferencing or VOIP then you're screwed unless you go via proxy servers and give up speed and security.
In an ideal world yes, every device could be addressed by its own IP address, but in this world I don't want some cracker port-scanning my fridge and getting a backdoor through a butter overflow exploit.
It doesn't matter whether you use NAT or IPV6 . There's no reason why your fridge ith an IPV6 address should not sit behind your home firewall. At least, when you need to be able to open certain ports (at which point you're vunerable to buffer overflows regardless of the protovcol), you'll be able to do so using router rules rather than port mapping (which can only go so far). In both situations you'll have to buy an additional device -- an IPV6 router/firewall or a NAT based IPV4 router/firewall. There is no reason why an IPV6 router/firewall needs to be configured by default to permit all incoming connections.
IPv6, to me, was a bit of a disappointment because it lacks two features that I find important:
A) A protocol between the ordinary level2 and IP(level3) (Could be named layer 2.5) that takes care of error-corrections via retransmissions. Not replacing TCP's error-correcting retransmissions, but in addition to those. The reason is that most lost packets are lost packets on a single link because of load issues and such, and not because a whole link falls and breaks a route. In those cases, it is very inefficient to retransmit the whole route, and to add a huge latency-overhead to the packet transmission.
B) Get rid of the silly "port" concept. Ports are just internal-computer addresses, and as such, should simply be part of the address itself. There should be no reason to distinguish between the network address and the host address and thus subnets were created, and that separation no longer exists. Just the same, there should be no reason to distinguish between net/host address an application addresses. Removing the "port" concept and placing it as part of the IP address itself has the following benefits:
I) UDP becomes redundant to IP itself, the whole protocol is about adding the port address and can be discarded.
II) DNS entries can point to applications and not hosts. This would allow www.server.com and www2.server.com to point to different webservers in the same computer. This would allow to discard the "virtual web hosts" feature. It would also allow to support multiple servers of any type (ftp, smtp, etc) on any host, all pointed by dns, without messing with the port supplied to the user.
III) An internal network can route the same application address to any host it chooses, easing the distribution of load. It would also not expose to the external world how applications are served on which hosts.
Anyhow, I look forward to seeing those features in IPv7.
I've seen this sort of first thing first-hand. Here's how it goes down:
Consultant: Hey, buddy o'mine in the White House Budget office, lets do lunch.
WhiteHouse: OK
Consultant: You know, if you dont use IPv6, you're obsolete.
WhiteHouse: Really?
Consultant: Yep. You wouldn't want the (Commies|Al-Qaeda|Chinese|French) to be ahead of us, would you?
WhiteHouse: Hell no!
Consultant: Nobody is going to deploy IPv6 w/o a reason. It's hard to do.
WhiteHouse: Hmm, we need to do this, its a matter of Homeland Suck-your-ity. Can you help?
Consultant: Why sure, but you should make sure that only me and a few others are approved for this gig, you wouldn't want any incompatibilities, would you?
WhiteHouse: Damn straight, I think I'll have another Scotch.
Consultant: Go ahead, its on me. *evil cackle*
I want to delete my account but Slashdot doesn't allow it.
If you are a network engineer type, and you want to make some money, this is maybe some very good news. Most government agencies contract out this type of work. And I know there is a severe shortage of good network types out there who can grok ipv6. I am actually glad about this. It is kinda like Y2K all over again.
-- Bryan
What is stopping the implementation of IPv6 are those pesky legacy devices, legacy operating systems (ie Windows) and legacy hardware accelerated routers, and the fact the Internet being as big as it is - it's basically impossible to do a clean switchover, and there ARE problems when combining the two systems - even though you can have both on the same network, they won't be interoperable (=really bad).
Of course IPv6 has been designed to work around these issues as well as possible, but there will be issues eg getting a IPv4 machine to connect to a IPv6 one. And NAT has been the easier-to-implement short-term-solution for home 'puters etc...
I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
I'm old enough to have lived through the GOSIP debacle two decades ago. I see a replay.
GOSIP (Government OSI Profile, and the acronym was used separately by the US and UK) was a requirement to implement the OSI protocol stack by some date in the 1980s. It was a procurement requirement: Every system bought by the feds as of a certain date had to have OSI. Unless it got a waiver.
Some people took this to mean that the government would transition from TCP/IP to OSI by then. And this would lead the world to OSI. And so they invested heavily in OSI. (Remember DEC?) Come to think of it, the way the lead story is written here, you get the same impression, that by 2008 the feds really will be using IPv6.
But that's not what GOSIP meant. It meant that the equipment had to have OSI available, not that the government would actually use it. Having OSI was a checklist item. And eventually it got discarded, because nobody would actually use it; TCP/IP did the job well enough, and some of the early OSI implementations were, to be polite, a pile of crap. But a pile of crap still meets the checklist for an option that won't be used!
IPv6 is somewhat dumber, protocol-wise, than OSI. It has been around for well over a decade, solving non-problems with non-solutions, ignoring problems of the public Internet that developed since then, while promising higher overhead, obsolesence of equipment, difficult management and transtion, and more money for Cisco. So unless you're Cisco, there's no reason to go there. And nobody is going there.
Microsoft will meet the checkoff, as will other vendors, but I predict that in 2009, IPv6 will still see little use, even by the feds. Perhaps if we're lucky somebody will be talking about really fixing the problems in the current protocol stack, rather than going with a hack that was created for internal political reasons at IETF before the Internet was even open to the public.