IPv6 Still Hotly Debated

inkslinger77 writes "A significant stumbling block to IPv6 adoption may be IPv4 loyalists who are keen to keep the old protocol in preference to the 'new improved' version, according to a Computerworld Australia article. The article covers the views of Cisco's senior technical leader for IPv6 technologies, Tony Hain and Geoff Huston, a senior Internet research scientist from Asia Pacific Network Information Centre (Apnic)." From the article: "Go to your favourite venture capitalist and say 'I want to be an ISP'. By the time he stops laughing and [finds you want to run] IPv6 - the discussion gets terminated. No one wants to hear this. IPv6 is well ahead of adoption in this market so everyone is deferring. No one is running IPv6, because there is no business case for it ... if we really wanted to leave a legacy to our children we'd review the crap we have today which is pretty ghastly ..."

Me too

[Phroggy]

To be honest, IPv6 never really made sense to me either. I mean, OK, so we're running out of IP addresses and we need more... but as more and more companies are turning to NAT instead of using public IPs behind a firewall for internal services, some IP blocks are being freed up, and it looks to me like there are still a HUGE number of reserved subnets out there.

But assuming we really do need more IPs, why IPv6? Why 128 bits instead of, say, 64? Why build the functionality of DHCP, which (mostly) works perfectly well* and is extensible enough to support cool stuff that hadn't been thought of when IPv4 and DHCP were invented (e.g. WPAD, netbooting), into IP? What's the deal with including your MAC address as part of your IP address?

Going with the assumption that the problem really is as bad as people say it is (China has a gazillion people and more of them are getting online, and it'd be great if my refrigerator had a web-based interface I could access remotely without setting up port forwarding or a VPN, etc.)... I'm not convinced that IPv6 is the right solution to the problem. It just seems to be the only solution anyone has offered, and a lot of money has been spent bringing it closer to reality.

So, convince me: why is IPv6 the right answer to the problem?

* Off-topic, but can someone explain to me why (at least with ISC dhcpd) I can't assign IPs on two different subnets on the same physical LAN? Can this be done with a different DHCP server? Is there any kind of limitation to the protocol that makes this impossible, or is it just an implementation problem?

Re:Me too

[MightyMartian]

NAT really isn't anything more than a kludge, and despite a lot of work done to make some of the finickier protocols work through it, the point behind IPv6 is to create an address space sufficiently large that we don't have the provisioning problems that are evolving now. Is it overkill? Well, for 2005 there's no doubt. But IP4 was probably massive overkill in 1980. The point here is that these artificial limits we've set (640k, IP4, two-digit years) eventually lead to very big hastles, and if we're going to have to find some new way to enlarge the address space, why not do it right?

Re:Me too

[cnlohfin3109]

IPv6 gives us more then just more address space. The ip is designed heirarchally(sp) which will help _significantly_ with routing, decreasing tables etc. Not to mention not wasting time havening to check checksums all the time... cause there is none! Its silly if we get into the terabit speeds and still wasting so much time just tring to route the ethernet frames, not to mention the sheer processing power required by a router for those speeds.

Re:Me too

[exaviger]

Nicely put, just to stengthen your point - a little historical snippet "In the early days of mainframe computing, resources were at a premium. Memory was expensive, disk storage was limited and input devices constrained. Every programming method was used that made efficient use of each component. One of the methods used was to truncate the year value to a two digit number for entry, storage and processing. This saved space and saved on the associated cost of storage and processing. After all, why enter and store the century portion of the date when it will always be 19? Right? It would be decades before the year 2000. By then, all the programs and hardware being used would be obsolete and replaced with newer equipment and programs." Do we not learn from our mistakes? Calling IPv6 overkill is silly, why should we not overkill? Why not make sure that for the next century every electronic device will be able to have its own unique IP address. NAT is all good and well but what about the growing number of mobile devices, what about some services that dont work behind NAT? Who knows what will happen in 5,10,50 years. Soon every single vehicle, vending machine, traffic light and any other electronic device will require and IP address be it public or local. I am all for IPv6!

Re:Me too

[Kadin2048]

This is a misunderstanding, and has been debated elsewhere: NAT offers no security by itself, it's because normally NATs have a firewall effect at the same time that they create the illusion (and in some cases reality) of security.

There's no reason why using IPv6 with a firewall wouldn't be just as -- and probably more -- secure. Especially because you wouldn't have to spend time configuring the NAT functionality and could instead configure it as a single-purpose stateful firewall.

It is possible -- although you probably wouldn't want to -- to create a situation using static NAT without any firewalling effect that leaves your computer just as open to attack as it would sitting on the public net. Likewise it's possible to assign every computer on a LAN a globally routable IP address and secure them using a properly designed firewall (that's actually how my company is set up).

If your comment had just said you didn't want your fridge and toaster exposed to the internet without your trusty Linux firewall between it and the internet, I would heartily agree. Although I don't doubt some would argue for you about choosing Linux over BSD. :)

Re:Me too

[eric76]

Security by obscurity is not the answer

I hate that phrase. While true, it is very misleading since obscurity does contribute to security.

It should be "Security by obscurity is not the TOTAL answer.

Security by obscurity is a necessary and vital part of security. By reducing the likelihood of computers being randomly attacked over the Internet, there would be an increase in security. It would not provide absolute security, but it would help.

If you think about it, when you use passwords, you are using security by obscurity.

For that matter, when you use a public key that is the product of two very large primes, you are using security by obscurity. With increases in techniques and hardware, that obscurity is greatly reduced overtime and the security suffers.

"IPv4 loyalists"

[FirienFirien]

What are the chances that the term "IPv4 loyalists" includes those who just have no reason to make the effort to shift to the new system? Considering the number of [people, admins, even that amusing case where MS didn't patch its own servers] who don't even download security patches - the shift to a parallel system while the old system still works fine just isn't going to happen in droves.

Re:"IPv4 loyalists"

[Phisbut]

the shift to a parallel system while the old system still works fine just isn't going to happen in droves.

The real question though is "Do we really want to wait until the old system finally breaks and nothing works anymore before making the change?". The old system still works, but we know it won't work forever, and we know we need to change it. Why wait till it breaks?

(Obligatory car analogy) When you put gas in your car, there's still gas left in it, so it can still work. Yet you don't wait till you go dry to put some more gas in.

One Reason Alone is Enough

[Nom+du+Keyboard]

One reason alone is enough to make IPv6 a "good idea." Permanent static IP addresses for everything.

I, for one, will welcome the end of the NAT kludge.

Market Forces

[bizitch]

Just like anything else, market forces will dictate when this gets adopted.

Are we really running out of IPv4 numbers? The market will tell us.

Is there a killer app for IPv6? The market will tell us.

Can we ram IPv6 down everyone's throat? The market will retailiate and hit back.

BTW - what's with this "wont somebody please think of the children" bullshit about? If we need to get to IPv6 - we'll get to it - relax already!

Re:Something I don't get...

[MightyMartian]

One does not need NAT to lock up vulnerable ports. I have a Linux-based firewall that covers my public IP Windows boxes, and it works fine.

NAT is not the answer!

[kasparov]

Anyone who has to deal with SIP absolutely hates NAT. SIP is a VoIP protocol that is pretty much where everything is headed. Some instant messenger clients/servers even use it. And it is most definitely not NAT-friendly. In SIP, the call setup information and the media can travel differnt paths. This means that endpoints can comunicate directly without having to send media through a central location. Since the SIP message contains a description of what ports to expect the audio to arrive on in the body of the packet, NAT boxes will generally block the media coming from the other device. 90% of the problems that VoIP providers end up having to deal with is NAT-related.

You have to go to all kinds of lengths (using special session border controllers, media proxies, etc.) to be able to support SIP calls where one or both parties are behind a NAT. It is awful. NAT is a hack--a useful one in certain situations, but still a hack.

Market? Or cynical manipulation?

[DoctorNathaniel]

"The death of IPv4 has not really killed the Internet. In fact, far from it, we've managed to make an industry around it."

In other words, by keeping IPv4, we can sell NAT boxes (which we're already selling in huge numbers.. the wireless network hub in my den is a prime example.) Cisco has a big investment in building hardware to take care of IP space limitiations.

"You will still be able to get addresses, if you pay for them, because a market will appear."

In other words, this damned internet isn't making us enough money, because IP addresses are free. We want people to start trading them, so we can get commissions on the sales.

It's clear that this is "good buisiness" for the big internet companies: why invest in a new system that will make users's lives cheaper and easier when we can continue to sell patches on the old stuff, and make a market so that we can start charging the freeloaders?

It's also clear to me that the only way IPv6 will get adopted is if public bodies start using them and demanding their use. For instance, if Internet2, the US military, or all of .gov start adopting, then it will get off the ground. Of course, this is unlikely to happen because Cisco doesn't sell IPv6 switches.

I'm no expert, but to my cynical eye it looks not like market forces, but like the usual problems with capitalism exploiting a local maximum and avoiding short-term risk.

----Nathaniel

Are we ready to surrender anonymity on the net?

[schwaang]

What's the deal with including your MAC address as part of your IP address?

Yeah this looks like a serious privacy issue that most people haven't woken up to yet.

A MAC address is (usually) a globally unique identifier. How long before someone big builds a database relating MAC to user identity (Microsoft, your ISP, law enforcement, whoever).

At that point, no matter where you connect your laptop from, your traffic can be identified as yours. Be it for the purpose of advertising, tracing communication, or other data mining.

So the question is, are we ready and willing to surrender anonymity on the net?

It's supposed to be Overkill

[Pii]

Overkill is exactly the point.

The previous poster asked Why 128 bits instead of, say, 64?

The amount of work required to jump to 64 bit addressing or 128 bit addressing is identical. Since you're going to have to re-write everything anyway, you may as well figure in a ridiculously large address space, because not doing so saves you nothing.

Additionally, the routing table saving offered cannot be understated. With huge swaths of continguous address space, you can (hypothetically) represent an entire continent as a single aggregated routing entry (The more granular routing information would only be seen locally.), and the number of unique addresses within that range would be virtually inexhaustable.

Overkill is a good thing when it doesn't cost you anything.