IPv6 Readiness Report

MythoBeast writes "In the latest episode of the Intellectual Icebergs podcast, Brett Thorson of Ravenwing provides a very good review of how ready our industry is for IPv6. He also provides a pretty good implementation guide for those who want to set up IPv6 at home."

By the time IPv6 is ready

We'll need IPv8.

Re:By the time IPv6 is ready

[comcn]

That may be a joke, but in reality IPv6 is ready. My UK ADSL provider, Andrews & Arnold, provide me with an entire block of IPv6 addresses. They will even route it to you natively if your router will support it, otherwise you have to use a 6-over-4 tunnel. My network uses it by default over IPv4; it's kind of neat when e-mail has IPv6 addresses in the headers. ;-)

IPv6 isnt really wanted

IPv6 is a solution looking for a problem, at the moment in its current state nobody will use it, its complex , doesnt play with legacy systems (even win2k support is flaky at best) all those routers and wifi boxes that best buy are selling, most of the ISP's dont want it and dont support it let alone the users figure it out

its another "its coming" technologies thats "nearly" with us for the last 10 years and STLL nobody really cares, its like W3C validation, nice in theory but most people dont care about it and most of the html generation tools dont create it

Re:IPv6 isnt really wanted

[shawn(at)fsu]

Just wondering is it better to fix a problem before it arises or wait until it's about to bite you. I'm thinking of the /. issue with VIN's to run out soon It wasn't really a failing of VIN as it achived what it's goals were for the required time. Can't some of the same be said about IPv6.

Re:IPv6 isnt really wanted

[cgranade]

It is wanted, as it solves a very pressing issue. With more and more mobile devices and embedded devices requiring their own IP addresses, we are running out of address space. Furthermore, the design of IPv4 relies upon assumptions that are no longer valid, nessesitating such ad hoc and stop gap solutions as NAT. While NAT may be useful in its own right, it should not be used solely to allow for more devices.

As for the comment about W3C validation, it always has been, continues to be and will most likely continue to be very important in the future. Without such a service, how is one to tell what XHTML, HTML, etc. actually are? Machines are not intelligent, and so we cannot be content with the tag soup that passes for HTML on most sites, but we must reqire some sort of standard for quality. I would love to see a browser that, by design, will choke on any non-validating input, since by design such a browser would be simpler and easier to maintain. Without quality control mechanisms such as W3C validation, we would have a very poor Internet indeed.

Re:IPv6 isnt really wanted

> While NAT may be useful in its own right, it should not be used solely to allow for more devices.

Umm, that's precisely why it's used. So it doesn't adhere to the purity of the end-to-end argument (in fact, it pretty much smashes it), big deal. It works, and it's the defacto standard, and it's pretty much pushed off the need for IPv6 to the unforseeable future.

Re:IPv6 isnt really wanted

[jamesh]

I'm right now struggling with the various implementations of NAT-T (IPSEC NAT Traversal) and the fact that they won't play nice together. Wouldn't be necessary with IPv6.

Ever tried to set up a VPN between two sites which both use 10.0.0.0/24 as their network range?

Ever wished you could just ssh direct to your desktop machine from home without futzing around with vpns?

So you may not want it or see the need for it, but if you understood the amount of work that has gone into making NAT the 'solution' it is today you might appreciate it a little more :p

Re:IPv6 isnt really wanted

[toddbu]

I'm just not sure that's true. It certainly seemed that way when IPv6 was invented, but since then NAT has become a regular feature on home and business networks. Add in the regular use of DHCP to autoconfigure devices to a network, and you find that there's no longer any real pressure to make the switch to IPv6. Thus it made a lot of sense when it was developed, but now it seems pointless.

It may be pointless to you, but there are many people who could deparately use it. Think of all the problems that go away when NAT is gone. Like being able to use BitTorrent or SIP or any other "push" technology without having to set up port forwarding on your router. And even when you do get it set up right, you can't run on multiple machines behind a firewall without some kind of proxy on the other side. NAT is to the Internet was segmented memory was to CPUs - a great idea to move things forward but not a good long term solution.

I'm really jazzed about the idea of having my own personal 64 bit address space on the Internet. Then again, I'm not sure that even that will be enough. :-)

Re:IPv6 isnt really wanted

[bigpat]

big deal. It works

Ummm, no it doesn't work. It works for a few things, and breaks a whole lot of other things. You are arbitrarily limiting a whole set of end-to-end applications simply because you have no imagination. The simple fact is that I can, with my static IP, do a hell of a lot more than you can with some short leased DHCP IP behind a NAT.

Re:IPv6 isnt really wanted

[ultranova]

The only devices that need public IPs are servers. Hell, it's a potential security hole to give a non-server a public IP *at all*.

In Internet, every device is a server. That some of them are dedicated specifially to server duties does not change this. Filesharing networks, netphones, anything that lets two machines to exchange information in realtime - they all require at least one machine to have a public IP so it can be contacted. So yes, in Internet, every device needs public IP in order for the network to function.

Of course there are many interests that would love to see Internet to get broken and replaced by old-style broadcast network, since that would stop the competition from independent parties to those interests power. RIAA and MPAA, as two best examples, want to close Internet as a distribution channel for anyone but themselves. ISPs don't want you to be able to run your own servers, since that will increase the bandwith consumption and therefore decrease their profits. Blizzard and other MMORPG makers want to keep the costs of running a (small) server ridiculously high to keep competition to a minimum.

These are the real reasons for dynamic IPs, port blocking, and NAT. They are inconvenient, because they are designed to inconvenience you, to keep you in your role as a consumer. Producers don't want competition, and will do anything to stop it from happening.

Mobile phones for example do *not* have public IPs and never should do - there is no legitimate reason for wanting to access a mobile phone remotely.

Unless, of course, you want to call one ;). IP address is simply the Internets equivalent to a phone number.

Like Y2K?

[microarray]

Could someone tell this uninformed person what the hype is all about? So, we run out of IP addresses, so what? Seems like a market then exists where you could on-sell your IP addresses for $$$. Prices go up too high, market forces then result in IPv6 implementation. What's the problem?

Re:Like Y2K?

[vux984]

Seems like a market then exists where you could on-sell your IP addresses for $$$. Prices go up too high, market forces then result in IPv6 implementation. What's the problem?

The way ipv4 addressing is structured. 209.112.155.123 and 209.112.155.124 are in the same block. They don't have to be next door neighbours in the real world, but they do have to be 'close' to each other from the networks point of view. That will mean they belong to the same ISP, in the same city, and quite probably a fairly small chunk of that city.

IP addresses, by virtue of the numbers that make them up have to be hooked up to the network in a specific place in order for packets to find them. They exist in 'blocks' for convenient routing. The "routing tables" that you hear about describe where to send traffic addressed to a specific block should go. For example a backbone router A might know that traffic destined for 209.x.x.x goes "thatta way"... and and another router B further down the line might know that 209.112.x.x goes "through that pipe there"... and so forth, until it finally reaches a router C that says hey that destination block is right on the LAN here!

If 209.112.115.122 were suddenly "sold" to a guy in another city all his packets would would still end up at Router C, where they would be undeliverable because the owner isn't connected directly to that router.

As a rough analagy it would be like "selling your home address", but not your home. Even if you transfer the address to a guy in china all the mail is going to end up at your door step. Sure you could make special arrangements to have it forwarded back to china (and you can do this with ip too)... but that has two repurcussions:

1) The guy in china still needs a chinese address for the forwarded mail to arrive at so he's accomplished nothing!

2) Any mail addressed to him, even from his next door neighbour is going to be shipped around the world because it won't know its supposed stay in china until it arrives at your place. The chinese post office will see the Dutch (or whatever) address on the evelope and ship it off for a round trip through Holland...

The article's an MP3, not text! Text Version?

[billstewart]

I don't want to listen to some podcaster ranting about some topic that they may or may not have a clueful opinion about. Is there a text version of that person's comments? Skimming text is not only important for deciding if the author is providing any new or useful information, it also gives you much better control over how much of your time you want to spend on the quality of information you're getting. http://www.intellectualicebergs.org/ indicates that there are two main topics and three other sections, and doesn't say how long the podcast is. I normally don't rant about Slashdot's choice of material, but this is a waste of time; I could probably do better by going to a random social event* around here and asking about IPv6 readiness.

(mid-90s silicon valley story - friend of mine was visiting a friend, the house phone rang, somebody answered it and gave some technical advice about windows. "Who was it?" "Just a wrong number, but it was an easy question.")

Anyone watch 24?

[someonewhois]

IPv6 isn't going to work because of television. Chloe: "Jack, give me the IP Address of the workstation and I'll send you a decrypter." Jack: "Okay one sec........... Alright, got it! F as in food, E as in earth, D as in death, C as in card, colon, B as in bad, A as in apple, six, eight, colon, three, six, four, four, colon, one, two, zero, seven, colon, A as in apple..." FBI Agent breaks in: What's this? Jack? You're supposed to be dead! [shoots Jack] [Season Ends] Man oh man oh man. That's gotta be the reason why IPv6 isn't implemented yet. (Seriously, tech support nightmares)

NAT provides a firewall

[tepples]

Umm, [adding more devices is] precisely why [NAT is] used.

Apart from that, NAT is also useful because of an inherent side effect, namely that a basic firewall comes "free" once your router has implemented NAT.

Private networks and the business case.

[zerofoo]

It has been said many times here on Slashdot, but it bears repeating.

There is no business case (yet) for IPv6. The internet was designed for resilient point to point connectivity, but the business world does not want that.

Today's security paranoid businesses want to keep their internet exposure to a minimum. Look at most companies - lots of computers behind one or two public IP addresses. Most internal hosts are firewalled, proxied, and natted INTENTIONALLY.

Sure, this creates some problems, but there are workarounds for most issues.

I keep hearing about handhelds and that millions of them will need their own IP addresses. I don't see why. I'm sure most of the wireless providers want to control the content that their subscribers can send or receive - that business model does not want a wide open network with each host directly connected to the internet.

In this type of business environment, I can't see why any business would want to throw away thousands if not millions of dollars in their existing IPv4 investment.

If you can explain a bulletproof business case for IPv6, then Mr. Chambers at Cisco may have a nice sales job for you.

-ted

Why IPV6 will be accepted

[techno-vampire]

IPV6 will finally get accepted when it's discovered that it's the only way to play a network game of Duke Nukem Forever.

Written guides for what?

[jd]

For installing IPv6 on Linux: Go to any IPv6 provider (British Telecom, Hurricane Electric, WIDE - there are plenty of them). Download the script. Enter your IPv4 address and MAC address into their web form. Run their script on your machine. You are now fully IPv6-ready. (Most Linux distros come fully IPv6-enabled.)

For installing IPv6 on any *BSD: Pretty much the same. All the *BSDs have been IPv6-ready for a long time, under the KAME project banner.

For installing IPv6 under Windows: You go to Microsoft Research and install the stack. Unless it's already on the CD - it is, for some versions of Windows.

For actually implementing an IPv6 stack? Well, for that you want the RFCs on the IETF website, and the IPv6 evaluation kit (TAHI) that is listed on Freshmeat. I didn't type all the damn information for the various testing packages into the record for nothing!

Aside from that, I really can't think of anything you could need a guide for.

IPv6 isn't just addressing.

[jd]

IPv6 includes the following features that either don't exist in IPv4 or you need to install bunches of other stuff to get it to work:

• Zero configuration of the IP stack. It's self-configuring, completely.
  
• Privacy. IPv6 mandates IPSec and I believe all IPv6 stacks out there provide that.
  
• Speed. IPv6 addressing is heirarchical and the headers are simpler and stacked, so much less information needs to be processed even though the headers are technically longer.
  
• Mobility. IPv6 supports Mobile IP - indeed, that was a design consideration - with fully optimized routing. It's only available under IPv4 as a hacked implementation of a workaround.
  
• Routing. Native IPv6 routing (as opposed to RIP-ng and OSPFv6) is designed from first principles, as opposed to being something that has evolved over time to be sub-optimal but backwards-compatiable.
  
• Multicast. IPv6 mandates multicast, which will reduce bandwidth consumption on broadcasts drastically.
  
• Anycast. This allows you to find a service by querying the network rather than some moron in technical support.
  
• MTU feedback. Your computer won't send what the network can't carry. This means you don't get packet fragmentation, which is great for firewalls and users on networks with restricted packet size. This will become more significant as jumbo packets increase in popularity.
  

Tell me again why you don't need IPv6. Only, this time, say how you're going to meet these criteria whilst you're at it.

Business case for IPv6

[jd]

This one's easy. Firewalls don't like fragmented packets, because you can't verify subsequent parts. This means that firewalls either offer limited protection (ie: let the remaining fragments through) or re-assemble the packets themselves (which is slow).

IPv6 doesn't support fragmented packets. It forces both sides to restrict the MTU of that connection to the smallest MTU of any intermediate network component. In consequence, firewalls don't need to check for fragmentation and don't need to reserve any space for extra state information.

The practical upshot is that your bottleneck (the firewall) can handle far more connections with far lower latencies, which means B2B (business-to-business) and e-commerce network traffic can run much more smoothly and the system can manage much higher numbers of connections.

More connections with lower latencies, more business transactions. More transactions, more profit.

QED.

PKI and IPsec in IPv6

[netrangerrr]

I listened to the audiocast and picked up an important point- the commentator said IPsec (an integral part of IPv6) has historically proven undeployable except in small networks and would not enhance security.

He is probably unaware that just a few weeks ago, the IETF released a series of updates to IPsec [RFCs 4301 - 4309] and a new automated key exchange (IKEv2) [RFC 4306] to update IPsec to simplify and standardize implementations and automate key exchange. Also, many a few large organizations (DoD, MIT, pharmaceutical companies, etc...) have extensive public Key Infrastructures (PKIs) ready for IPv6 IPsec. A new deployment guide on updated IPsec and IPv6 will be published shortly by the IPv6 Forum.

Today's Internet should be trivial.

[jd]

Most home users use DSL or cable modems and the ISPs would be quite capable of pushing new firmware to those to become IPv4/IPv6 gateways. You can then convert the entire "real" Internet to IPv6 without home users ever having to lift a finger.

Once that's been done, it's just a case of those same ISPs offering a CD to accelerate Internet usage (ie: which use native IPv6 rather than the gateway) and conversion is complete. Complete conversion of the Internet, by converting each ring in turn transparently to all outside layers, should be possible over the course of a few months at most. A solid concerted effort could probably achieve everything up to the end-user level in a matter of weeks, without a single person realizing what was happening.

Of course, I don't seriously expect that to happen. Not because it can't, but because the level of cooperation needed is likely beyond most businesses today. It's purely a political problem, not a technological one.