Slashdot Mirror
U.S. Government to Adopt IPv6 in 2008
IO ERROR writes "The U.S. Government is set to transition to IPv6 in June 2008, according to Government Computer News: 'In the newest additions to the IPv6 Transition Guidance, the CIO Council's Architecture and Infrastructure Committee has provided a list of best practices and transition elements that agencies should use as they work to meet the deadline. The latest additions, (MS Word) released in May, are a compilation of existing recommendations and best practices gathered from the Defense Department, which has been testing and preparing for the transition for years, the private sector, and the Internet research and development community.'"
Well I for one welcome our new IPV6 overlords....
http://www.CelloFourteGroupie.net
That word document has 37 pages, 12,946 words, 74,666 characters, and 564 paragraphs. I think there's enough detail.
Wouldn't IPv6 basicly be deployed when 51%> adopt it? If the commercial world doesn't accept it then the goverment will be on it's own and that won't fly too well.
2008 means 2018.
Given the federal government's reliability in carrying out plans, I will look forward to having the ability to access U.S. government services via IPv6 in 2016
There's no place like ::1
hello dear sirs my name is jamesh i are india (bihar) can u guide me install red had linux 9?
I'm curious as to whether there are any reliable stats out there about the availability of IPv4 address space and how it has changed over time. The widespread adoption of hide-mode NAT has allowed companies, universities and the like to move thousands of computers out of the public address space, freeing up large blocks of public address goodness. Cripes when I think about what I got away with in university, hooking my desktop up to the local LAN, getting a public and ........
CommentBot 0.7a running with args "-module irritate,disagree -target random"
As the CIO Council and Office of Management and Budget help map out the June 2008 transition to IP Version 6, perhaps the biggest challenge is that they're entering unfamiliar territory.
In the newest additions to the IPv6 Transition Guidance, the council's Architecture and Infrastructure Committee has provided a list of best practices and transition elements that agencies should use as they work to meet the deadline.
So the government has a year-and-a-half to meet this deadline? Forgive the cynicism, but given that they have a loose set of guidelines and so many systems that would need conversion, I think they're being a tad optimistic. Kudos for trying this, but I won't be surprised when it takes until 2010.
GetOuttaMySpace - The Anti-Social Network
I haven't had the time yet to read over the specs and try to figure out what the downsides and hassles for the rest of us will be with IPv6, but I'm sure there are slashdotters out there who have taken the time to figure out where the problems and issues are.
If those of you out there who understand those issues could make a few posts here I would greatly appreciate it.
Thank you.
This is a big step forward for IPv6 adoption, but I think the next major step will be by the cable companies. They want every set-top-box or cable TV to have two way communication and be fully addressable. Where else would they get the address space needed for that? IPv6 solves a lot of the problems they have with addressing that may devices. That will probably be the first way IPv6 gets into most of our homes.
Digitac
Anyone not having access to an IPv6 network, say because you are behind a NAT, and are wanting to try out IPv6, because it is in your blood to do so, I recommend giving Miredo a go. If I suggest this one over other solutions, is because of the number of platforms supported (including, Linux, Windows, MacOS X, BSD). There is Freenet6, but it won't work from behind my NAT with MacOS X.
Jumpstart the tartan drive.
If this transition goes anywhere near as well as that time the US Government resolved to convert the US to the metric system in the 1970s, then... well, we'll all have a lot more time to play solitaire.
Slashdot Burying Stories About Slashdot Media Owned
Why not? Nixon put a man on the moon, then was caught breaking into democratic headquarters.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
In the US Government, IPV6 transitions YOU!
needs the extra addressing space for all of the servers used for domestic internet spying...to stop them thur ter'ists!
I don't know what IPv6 is but I'm assuming because it is on Slashdot and it involves the government I should be against it.
So they slid it out. Wasn't it originally mandated to have already happened? I wonder how many times they are going to continue sliding it before it actually happens.
The real problem is unfunded mandates. Great mandate, but without money behind it, it ain't gonna go anywhere.
Slashdot.. where people join together in deliberate ignorance.
This is a big expense with very little benefit.
Of all the organizations that would jump to IPv6, why the US govt? The US govt has lots & lots of IPv4 addresses and will not run out.
Now, I could understand if the Chinese did this, since they are so short of IPv4 addresses.
How about having a scheme like the following: If I have, say, the single address 111.222.333.444 (it's not a valid IP address, I know), and have more than one thing I want to plug in, I just append another dot and create a new sublevel. I get 111.222.333.444.1, 111.222.333.444.2, etc. There is no limit to it.
The downside I can think of is that it will probably be slightly more work (and thus slower) for the machines on the net that reads the address on packets to send them in the right direction (I believe they often do it in hardware). But I think it could be worth it, don't you?
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
The good news: long term, I think IPv6 is desirable. Thus, I like seeing a large organization pave the way. Let them get the kinks out. Let them find out what all goes wrong. Let them blaze the trail so we can ride on their coattails. Let them incur the big expense.
The bad news: Wait a minute. "Them?" Oh shit, it's the US government. I'm a US citizen. Argh, that's my expense. D'oh!
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Did anyone look at the deffinition of IPv6 capable for the requirement? As far as I understand it by 2008 an agecny must be able to pass ONE IPv6 packet to their ISP. There is no requirement of the ISP being able to handle it or for their internal network to be running IPv6. Can anyone refute this?
It's the new, boosted, PATRIOT Act: Intellectual Property version 6
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
The REAL problem is that IPv6 does not solve the basic problem with IPv4.
IPv4 is vulnerable to centralised control issues. This strikes in two ways;
- any network changes/address pool provision needs to be coordinated by a central body
- intrusive aunt Sallys and jackbooted thugs have a locus of control
This results in inefficiencies and losses of flexibility. In addition, IPv4 is largely manually administered. Quite without criticising network admins, most of whom are highly intelligent and capable people, simple human error (an inevitable factor) can result in massive outages, and has done so. IPv6 does not really solve this either.
We need to cut over to a protocol which allows for distributed, localised control (which will also foster anonymity and independence) as well as increased automation (to reduce vulnerability). There are protocol models which will do this; the usual answer that routing in arbitrary topologies is not computationally feasible in large cases actually falls down once one examines the problem space in the light of computational power increasing with computational need. It's an interesting study.
But whatever. I'll expect the world to come to its senses about the same time that hell freezes over. I'm just sitting on the sidelines wishing I had a buck for every idiot I saw.
I hope it goes more efficiently than our switch to the metric system.
I remember when the government mandated the switchover from TCP/IP to ISO protocols. The acronym for that was GOSIP.
Computer industry vendors spent serious money preparing for the August 1990 adoption deadline.
They had to implement the ISO protocols or risk not being able to sell their systems to the government (always a major customer).
The revised date for adoption is never.
The worst part about doing government contracts was dealing with all the folks that say:
"We can't design this around TCP/IP, the government is mandating ISO."
"We can't solve problems by using the same kind of thinking we used when we created them." -- Albert Einstein
I suppose it's a little bit comparing apples and oranges, but if seeing how long it's taken them to force everyone to the HD TV format is any indication ... I'll place my be on 2018 or so.
I guess someone upstairs finally figured out that it's easy to track people on the net when they don't move. If everyone has their own addresses, no need to ask the isp what it is anymore, huh?
At the same time, dodging servers and going directly to your friends with encrypted comms will get easier too?
You are checking your backups, aren't you?
I am suggesting a _new_ way here, not that we all suddenly append more digits to existing addresses and continue to call it IPv4.
As for "32-bit value" vs. "four 8-bit values", I must say I wouldn't see the difference. For instance, of which type is this one: 01101001001001101010101110000010
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
My favorite part is when I heard about IPv6 in college, they had calculated that there would be enough addresses for 10 IPv6 devices for every square foot of the planet!
Then again, iPod, laptop, watch, spy bowtie, cell based processor in ring to add to an ad-hoc processing farm, robotic legs that access the net for the latest dance moves... whew that's only 6. Then again, what about the guys who live above me!
Which firewalls can currently be used to filter, log, and block ipv6 traffic?
IPV6 definitely has been around for many years now, but none of the windows firewalls I've downloaded seemed to have any kind of configurations for logging or filtering ipv6. Sure that's 2 years away, but unless I overlooked a firewall (there are so many for windows) or they use some kind of open source package that probabbly has ipv6 firewall capability already. i have to wonder how they're going to keep secure.
https://www.gnu.org/philosophy/free-sw.html
And get ourselves out of the worse-than-tenth-in-the-world pit.
I think IPv6 is a great, but I personally believe it's too early for the government to switch over. They should really wait until this technology is widely used and tested and would definitely give Microsoft another 4-5 years to iron out at least 90% of the bugs caused by addition of IPv6 before I would even think of putting a Windows box on a IPv6 network.
Can you imagine government running Windows on an IPv6 network? Pretty scary...
I suspect this will be about as successful as the DOD's old policy of only doing development in Ada. Let the waiver requests begin!
The Army reading list
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
IPv6 is going to cut the world's carbon emissions. It's going to program your vcr, and protect against alien invaders. IPv6 will unite the world's networks, nations, and notions. IPv6 will usher in a new era of peace and harmony in the environment.
How will it do this, you ask? The answer is simple! IPv6 is powered by hippies!
Is these people don't seem to understand the befits of a PDF...
As for "32-bit value" vs. "four 8-bit values", I must say I wouldn't see the difference.
There is no difference! A 32-bit value yields 2^32 possibilities (4294967296) and 4 8-bit values yields (2^8)^4 possibilities (also 4294967296). Whatever way they are transmitted in the IP packet is irrelevent... an address 192.168.0.1 can be represented as 0x0100A8C0 in a 32-bit value or 0xC0 0xA8 0x00 0x01 in 4 8-bit values...
I am suggesting a _new_ way here
You are essentially trying to solve the same problem that IPv6 already solves... the limit on the number of hosts that the protocol will support. Hate to say it, but all that brain power has gone to waste mulling over this one...
# man tar
The requirement is actually that the government be able to support dual-stack IPv4 and IPv6 by 2008. In the years following that, they will begin to phase out IPv4 as much as possible.
The current state of affairs is this: The USA is much farther behind on implementing IPv6 than many other parts of the world, particularly Asia. Japan is currently the world leader in IPv6 implementation (just look at USAGI for Linux... started in Japan), and around Summertime last year, the biggest amount of IPv6 addresses were reserved by Germany.
The main reasons the USA is behind on implementing IPv6 are because there is a large amount of existing infrastructure that supports IPv4 and the USA also has the most IPv4 addresses out of any country in the world. Countries that either don't have large amounts of IPv4 addresses or are just acquiring modern technology actually have an advantage in that they can implement IPv6 without having to convert or throw away existing equipment.
I don't know the exact numbers, but I remember hearing that India (population > 1 billion) has only a few class C IPv4 addresses for the entire country. They are the most extreme example, but for countries like that that don't have many IPv4 addresses to go around, it makes much more sense to just go IPv6.
"Why not? Nixon put a man on the moon..."
Man, Nixon sure looked different (I mean, almost like another president) back in 25 May 1961 when he, before a special joint session of Congress, announced his goal to initiate a project to put a "man on the moon" before the end of the decade.
Hollywood special effects?
1ms isn't a big deal if you're processing something where you might only have dozens of something per second, but you can see how it'll be a big deal with something that has to process millions of billions of packets per second.
If one would want some empirical perspective on how much impact this has on the world in general... the U.S. government adopted a best-practices and recommendation for computer contracts in the late 80s requiring all systems be POSIX compliant. While you can make the technical argument NT/XP is POSIX (.1), it's hardly a nudge in the direction technology decidedly went (i.e., Windows became dominant anyway).
This is a little off topic but, suppose the entire Internet moves to IPv6 and IPv4 is obsoleted. Does this mean that that the average geek or small business with 2 or more computers that need to be connected to the public Internet will have to buy an IP address for each of their computers from their ISP?
I remember back in '73 when the US announced that we were transitioning to the metric system.
I hope this time it works better.
Since ipindex.net is down and now parked domain, flumps.org has a mirror at http://www.flumps.org/ip/. It may be a little out of date, but it's still interesting to look and see who has which type of network.
Per Square Mile, a blog about density
Interest in IpV6 has stagnated since 2001.
y =ipv6_meme_flatlined_for_five
If the U.S. Government is about to push a major IpV6 initiative, there could be some money to be made here.
http://www.realmeme.com/roller/page/realmeme?entr
Hey, I recognise that - that's sarcasm. My point was, as you gathered, that lots of things happen when a particular prez is in office, and 99.99999% he has nothing to do with. That is, a govt could implement IPv6 even if monkey brain is in office.
A simple question, to show the state of the internet in general with regards to IPv6:
Can you get Slashdot over a pure IPv6 connection? That is to say, send an IPv6 datagram, with an IPv6 header, all the way from some computer at some location on the Internet backbone, and have an IPv6 datagram, with an IPv6 header, arrive in the network stack of http://slashdot.org?
Bridging from IPv6 to IPv4, so that an IPv4 packet arrives at the server is not allowed.
Now, tell me again: are we ready for IPv6?
www.eFax.com are spammers
Oh, that would be a really _broken_ implementation.
Half the software in the world that is aware of addresses treat an ip address as an int. Anyone who sticks an address in a database sticks in in a four byte field. Just transitioning to a fixed 16-byte address is more painful than the whole Y2K mess in my experience.
In any case, you can't work with a string of unbounded length in any meaningful way anywhere that performance matters. How big do you make your buffers? The IPv6 address space is big enough (something like a million addresses per square centimeter of the Earth's surface?) unless we choose a particularly stupid way to carve it up. We shouldn't need to expand it further.
The legions upon legions of buffer overflow exploits that would follow a string-based IP address standard would be colorful, however.
Socialism: a lie told by totalitarians and believed by fools.
"allowing each and every end host to make it's own decisions about what path to take"
you mean if you knew or had a good guess where los federales intercepted your packets that you could specify *don't go that way*?
No wonder it is "controversial"!
Are you volunteering? I'm sure they could send you there right now... can't ensure you'll make it there alive and stay alive very long.
"22 astronauts were born in Ohio. What is it about your state that makes people want to flee the Earth?" Stephen Colbert
Given how many problems with IPv4 this new revision solves and that a thorough look was taken at the protocol in its entirety, of all things, I'm surprised *geeks* usually just try to find reasons to not like it. Sure, admins may need to retrain, and there'll be infrastructure costs, but since when did geeks stop looking at positive evolution as being bigger than these things?
There's also always a lot of FUD spread around this matter, and one can find it even in this topic, for example IPv6 increasing routing complexity. IPv6 uses hierarchical address ranges *and* is modularized so there's not just less complexity, but even less *traffic* to route unless using more advanced features of IPv6. After the transition, IPv6 is better for your routers.
NAT's also seem to be a common enough argument against IPv6 that someone should have written a damn "Why NAT's won't solve address space issues" FAQ to uninformed people already. There is something similar enough for that though.
Anyway, instead of just ranting, here's a document about some of the changes IPv6 makes. Maybe especially this part is educative to some.
Beware: In C++, your friends can see your privates!
See this mailing list message, which points to this PDF presentation.
Google, if you're reading this (of course you are), you could do the same too. In the UK? Get your 2^64 addresses here.
Cue all the "we like things as they are" people moaning about how large the addresses are, and how they don't want their fridge to have an IP address, and how great NAT is.
Get your own free personal location tracker
>The latest additions, (MS Word) released in May,
I, for one, am annoyed (again) at the posting of a propretary file format by the government. Have they YET to hear of PDF or ODF? Wish I could even see what the "cio.gov" site is supposed to be, but it is slashdotted into the next year and falling apart (appears to be running under some obsure MS-Windows 2000/IIS thing).
This will go swimmingly!
At what point does that matter?
We'll never get there if we don't start
We're going to less than 1 i.p. address per human to 50 octillion i.p. addresses per human.
Since it will no longer be practical to ban by i.p. addresses other measures will be required.
Perhaps some investment of difficulty per granting of anonymous account equivalent to the old i.p. addresses can be imagined by someone brighter than myself. (My best idea so far is the silly notion to have the account granter watch the new account doing something strenuous over videophone.)
Given example like Wikipedia trying to ban 1 persistent disinformation defacer being impossible due to AOL i.p. rotation, this obsolesence of i.p. banning may come as a good thing. Can somebody imagine something like an anonymous free certificate scheme for pseudo-identities? Maybe $10 donation to charity gets you 1 "passport" account..
If you need text styles to communicate then you don't have a message.
Apparently this IPv6 stuff is considered so valuable, Carlyle group and others have invested 10s of million in captial to start up a company called "Command Information" www.commandinformation.com to work solely on IPv6 deployment, applications, and training. Carlyle guys are smart and waaaaaaaay conservative so they must see a good opportunity here.
"As for the future, your task is not to foresee it, but to enable it." - Antoine de Saint-Exupery
The IPv6 mess explains why a fundamental mistake on the part of the IPv6 designers has had giganitc effects on the cost of making an IPv6 Internet work in practice.
Couple of points...
Internet2 (the network that connects most Universities in the U.S. and peers with other research networks) has been IPv6 for YEARS.
I REALLY wish the Azureus and utorrent people would build IPv6 capability into their clients. Many IPv6 equipment has not had the traffic to stress test the software. v6 bittorrent capability on I2 would generate LOTS of traffic so v6 vendors can see how their equipment handles it.
There is a couple of clients (not major ones) that report having v6 in them, but most people don't use them.
Without a pressing need, an organization will not deploy it. It's as simple as that. DOD has specific needs that IPv6 will help them address.
Comcast is a good example of how IPv6 will be deployed. As needed, only when needed (there is another message here with a PDF from comcast at nanog). Organizations in the Far east have a need because they have plans to stick an address on every cell phone, and device within china, Japan, Korea, ect. The ammount of space AVAILABLE for them to grab is inadequate for these purposes.
At the moment I just can't think of anything that would really move v6 adoption forward (in the States)
This avoids the messiness of manually configuring routers and allows entire networks to be mobile. The prefix doubles as both address and routing instructions.
IPv6 follows the philosophy of one address per interface. This can be a physical interface, a virtual interface, whatever. Doesn't matter. The machine does not have an actual address, only the interface does. (Although this is technically true on IPv4, it gets very fuzzy at times, with such concepts as 'hostnames' that are associated with an IP address. With IPv6, an effort has been made to avoid this confusion, although they could probably have done better.)
This association of a port, rather than a machine, with a number is how multipath and peering can be supported on a discovered network. There is absolutely nothing to prevent an IPv6 router from having multiple upstream connections - it will simply have multiple prefixes, one for each. A peered network is simply one where the usual router discovery and prefix collection takes place, but the prefix is not propagated past that network interface.
There is generally no reason to be concerned with MAC addresses on the IPv6 network. IPv6 uses IPSec - generally end-router to end-router, so no person between those two points can see the MAC address (or IP address) of either source or destination. It's in the encrypted payload and is only visible on the LANs at the far end. There's nothing to stop you from creating virtual devices, of course, with the physical network device IPSec'ed to the router, carrying the virtual network. Then, even at the remote end, what they will see is the virtual MAC and virtual IP. The physical address would never get past the first segment.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Just think about it: if the military starts using it there will be vast opportunities to sell us new "stuff" (technical term :-). As soon as vendors realise that you will suddenly find that support for "legacy" will expire - you know the drill. And if the US goes that route, many nations will have to follow to remain 'integrated'..
:-).
As for the military - not everything can be upgraded so someone will be making a fortune out of the 'legacy' kit as well.
Just follow the money and the answer becomes easy.
BTW, it's not really news. I have been costing IPv6 conversions a good 2 years ago as it was easy to predict - I'm glad to see we estimated the year dead on
Insert
I work in a government controlled NOC... I'm pretty much a newbie at anything not long haul, equipment-side WAN. We are definitely moving to mostly ip based networks with more routers and new equipment. We used to be using mostly t1's for our circuits (which is were all my experience lies). Now we have just installed an Alcatel ATM. So my question is, with all this upgrading in the speed area, what kind of vulnerabilities does this create with adding all these routers? Seems like everyday my job gets less and less WAN and more and more LAN. (I'm trying to play catchup and get my CCNA..) Sorry if this seems too off topic but /. seems like the best place for me to ask.
"It's a time machine Napoleon, I bought it online."
True, it won't be "pure IPv6"; but who (besides purists) gives a hoot? Saying that you can't NAT in IPv6 is equivalant to saying you can't multitask in IPv6. If you believe that we can't NAT 3 computers, where...
a) - Mom is listening to streaming internet radio on her computer
b) - Dad is madly typing in messages on Slashdot
c) - Geeky son is downloading latest linux updates
Then how would we handle the situation where I'm listening to streaming internet radio, whilst madly typing in messages on Slashdot, and I have linux updates downloading in the background?
If we can do one, we can do the other. Another use for NAT is that you can have a NATting router with 1 external IPv6 address, and multiple LAN-side IPv4 addresses. This means that when IPv6 comes out, you don't throw out all your PCs and all their software. You simply hook them all up to a 4-to-6 NAT-gateway. The outside world sees one IPv6 address with someone multitasking like crazy, and behind the NAT-gateway you've got 3 people running "old-fashioned" IPv4 software+hardware.
The best analogy would be a set-top box that converts Digital TV to old-fashioned NTSC, and allows you to keep on using your old TV set even after the Digital TV switchover.
In both cases, as the customer eventually gets around to buying new equipment (computer or TV) they can get rid of the translation device when it's not required.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
...otherwise known as IP v11. Exploding drummers and all.
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
There is not a damn thing with NAT and it doesn't separate me from anything. Screw you and your FUD. You make no sense because you are spouting nonsense.
I always understood that the IPv6 implementation of multicast is better and that migrating to v6 will finally make it possible to use it over the internet. This just has to enable a whole lot of new (multimedia) applications!
Or will mutlicast still be a pain?
PS. I'm pretty sure "octillion" is not a real number. Please stop making stuff up and use the proper terminology like I do.
You're surely wrong... and lazy. This is the second result on google for octillion.
And it's nothing new. I could've told you that decades ago.