U.S. Government to Adopt IPv6 in 2008

IO ERROR writes "The U.S. Government is set to transition to IPv6 in June 2008, according to Government Computer News: 'In the newest additions to the IPv6 Transition Guidance, the CIO Council's Architecture and Infrastructure Committee has provided a list of best practices and transition elements that agencies should use as they work to meet the deadline. The latest additions, (MS Word) released in May, are a compilation of existing recommendations and best practices gathered from the Defense Department, which has been testing and preparing for the transition for years, the private sector, and the Internet research and development community.'"

Enough Detail

[neonprimetime]

That word document has 37 pages, 12,946 words, 74,666 characters, and 564 paragraphs. I think there's enough detail.

Re:Enough Detail

[abscissa]

That word document has 37 pages, 12,946 words, 74,666 characters, and 564 paragraphs. I think there's enough detail.

Actually, no, that document is the sample IPv6 address.

Deployed!?!

Wouldn't IPv6 basicly be deployed when 51%> adopt it? If the commercial world doesn't accept it then the goverment will be on it's own and that won't fly too well.

Re:Deployed!?!

[Red+Flayer]

"If the commercial world doesn't accept it then the goverment will be on it's own and that won't fly too well."

The government will never be on its own, there are too many corporations sucking at its teat who will need to step into line.

Note how this works in re: MA trying to force open standards for anyone it does business with.

Re:Deployed!?!

[jgs]

The government will never be on its own, there are too many corporations sucking at its teat who will need to step into line.

Good point, that worked really well with GOSIP which is why we're all using OSI now.

What, we're not? Hmm.

Re:Deployed!?!

[99BottlesOfBeerInMyF]

The government will never be on its own, there are too many corporations sucking at its teat who will need to step into line.

Agreed. Who writes this stuff? ISPs already have management networks running IPv6 and big players like Comcast ran out of unique IPv4, for their cable modem pools and have completed their migration to IPv6. China is on the boat and most network gear deals with both just fine. How exactly is the US government going to be on its own here?

Re:Deployed!?!

[Tempest451]

Believe that! When the Goverment (read Military) goes IPv6, half the corporate US is going too.

USA, home sweet home

[Mancat]

There's no place like ::1

Re:USA, home sweet home

[Midnight+Thunder]

There's no place like ::1

Just when I was getting to used to my old 127.0.0.1 :(

Stats on IP usage?

[lawaetf1]

I'm curious as to whether there are any reliable stats out there about the availability of IPv4 address space and how it has changed over time. The widespread adoption of hide-mode NAT has allowed companies, universities and the like to move thousands of computers out of the public address space, freeing up large blocks of public address goodness. Cripes when I think about what I got away with in university, hooking my desktop up to the local LAN, getting a public and ........

Re:Stats on IP usage?

IPv4 reliable? Just have a remote exploit in Windows, bind or phpBB or whatever, then write your distribution code,

1.upto(254){ |a|
  1.upto(254){ |b|
    1.upto(254){ |c|
      1.upto(254){ |d|
        TryExploit '#{a}.#{b}.#{c}.#{d}'
      }
    }
  }
}

And then have your zombies run this. The exploit would then run this. etc. etc.. and the Internet craps outs.

Aside: Yes, starting at 1 is wrong, but this is for demonstration purposes only!!!!

Now, with IPv6, you can't hit another IP address ever using this method. You cannot bring down the Internet like you can with IPv4 because you will never be able to find another active IP address using a random number. And you certainly cannot iterate over the entire IP address space in a few minutes, hours or days.

You do not need NAT to hide your IP. That's what you have proxies and firewalls are for. Furthermore, you can NAT IPv6 if you really want to. There is no magic behind it.

Re:Stats on IP usage?

[Wesley+Felter]

Yes, several analyses of IPv4 address usage over time have been made, although they don't agree with each other:

Geoff Huston (2003)
Tony Hain (2005)

Re:Stats on IP usage?

[Arthur+B.]

Yes but NAT is evil, it's a dirty hack. Plus NAT is changing the face of the internet, clearly separating content provider and producers. Sure you can host your blog anywhere now, but what about censorship ? If things such as darknets, freenets, etc become needed NAT will be a major annoyance.

Re:Stats on IP usage?

[cmason]

Got away with? Cripes, this is how the internet is supposed to work. Goddamn NAT. Grr.

-c

Re:Stats on IP usage?

[Intron]

According to IANA, there are some big blocks of wasted space out there:

• BBN has three entire class A
• HP+DEC has two entire class A (isn't it interesting that they were side by side?)
• Halliburton has their own class A
• multicast reserves 16 x class A but is largely unused

Remember that a class A contains 16M addresses.

Re:Stats on IP usage?

[shakuni]

http://www.cisco.com/web/about/ac123/ac147/archive d_issues/ipj_8-3/ipv4.html

try this link. It is a logical analysis of the state of IPv4 address space (it is all /8 based though). It also has a link to another report which has a different view on space exhaustion.

regards

Re:Stats on IP usage?

[kbnielsen]

For a long time, it has been predicted by various studies that we would run out of IPv4 addresses around 2010, based on the comsumption rate after introduction of NAT's and the changes made by CIDR (RFC 1817).

However, a more recent study by Cisco and others argue that we might be running out of addresses as soon as 2008 if the current consumption rate holds up. And with major pushes for 3. world countries to enter into the tech sector, my guess is that it is not a totally invalid assumption. They also argue how long the reclaiming of existing class A (or /8 in CIDR notation) networks would prolong the time where the IPv4 address space is exhausted.

There are also lots of problem by using the D and E class networks for general putpose traffic, since the D class is classified as experimental and E as broadcast, and so it cannot be guaranteed that all equipment can handle these addresses or will even allow these addresses to be used, since previously it would have been a configuration mistake to use these (especially the D class) addresses...

Re:Stats on IP usage?

[arivanov]

There is a tremendous waste of space all over the place, not just class thos few class As you mention.

As an example: In one well known red brick UK university you have to have a public IP address and you are not allowed to put kit behind a NAT even if that kit OS something esoteric and obsolete like the Silicon Graphics or AS1 that drives Bruker NMRs. As a result you have the choice to leave it unconnected which is a major annoyance as it is designed for network connectivity or to leave it at the mercy of the elements. This is done so that the "usage is not reduced" so that the overall university allocation is still justified.

While at it, IIRC the aforementioned Bruker as a class B which is not used for anything but to give semi-unique addresses to different components of Lab machinery which sit on internal networks worldwide. Classic abuse of public address space for what amounts to textbook RFC 1918.

IBM is holding 9.0.0.0/8 which it practically does not use, There is a huge block in the high /8 area which is unused and reserved for edu.

The only place where there is some IPv4 address shortage are the APNIC blocks. RIPE and especially ARIN still have plenty of address space to go around even without going and starting to ask people like IBM if they actually use those class As.

Re:Stats on IP usage?

[TCM]

IPv6 addresses are not cryptographic keys, even if their space is as big. Relying on the ability to "hide" in the address space is so bad, you shouldn't even begin thinking about it. Better keep your services up-to-date and secure.

Also, IPv6 NAT should never ever see the light of day.

Re:Stats on IP usage?

[dubl-u]

HP+DEC has two entire class A (isn't it interesting that they were side by side?)

Whoa. Working from your document, if this trend contiues they will next buy Apple, and then MIT. That would be a powerhouse indeed.

Although really, they should go the other way, buying Xerox and nabbing whatever the hell 14/8 is used for. Then they could have the world's only /6. That would either be the world's coolest dorky thing, or the world's dorkiest cool thing. I can't tell which.

Re:Stats on IP usage?

[Lauritz]

Just like the space of possible e-mail addresses is to large to iterate over, and it therefore is infeasible to create an exploid that propagates via e-mail?

Re:Stats on IP usage?

IBM is holding 9.0.0.0/8 which it practically does not use

Not true. IBM uses 9.0.0.0/8 internally for practically everything. All they have to do is publish routes and open the firewalls and their Intranet becomes Internet.

Re:Stats on IP usage?

[Detritus]

As an example: In one well known red brick UK university you have to have a public IP address and you are not allowed to put kit behind a NAT even if that kit OS something esoteric and obsolete like the Silicon Graphics or AS1 that drives Bruker NMRs. As a result you have the choice to leave it unconnected which is a major annoyance as it is designed for network connectivity or to leave it at the mercy of the elements.

Setup a firewall, which is the proper way of doing it in the first place. The security benefits of NAT are incidental, not intentional. NAT also makes it difficult for network administrators to diagnose and isolate network problems.

Re:Stats on IP usage?

[AnyoneEB]

Cisco thinks we need new routers. Color me surprised.

2008?

[Billosaur]

As the CIO Council and Office of Management and Budget help map out the June 2008 transition to IP Version 6, perhaps the biggest challenge is that they're entering unfamiliar territory.

In the newest additions to the IPv6 Transition Guidance, the council's Architecture and Infrastructure Committee has provided a list of best practices and transition elements that agencies should use as they work to meet the deadline.

So the government has a year-and-a-half to meet this deadline? Forgive the cynicism, but given that they have a loose set of guidelines and so many systems that would need conversion, I think they're being a tad optimistic. Kudos for trying this, but I won't be surprised when it takes until 2010.

Re:2008?

[Mariner28]

Actually, the DoD is transitioning to IPv6 capability by 2008, and yes, there's no way all systems will be capable of supporting IPv6, let alone transitioning to IPv6 exclusively, by then. So as systems, and more importantly - applications, are upgraded over time, they will get there.

Ironically, it's not the government that's dragging its feet - it's the contractors. You'd think they've never heard of IPv6 before, even though every contract written in the last year or so is supposed to contain a clause stating that the system/application delivered under that contract will support IPv6...

What are the Downsides to IPv6? Anyone?

[Banner]

I haven't had the time yet to read over the specs and try to figure out what the downsides and hassles for the rest of us will be with IPv6, but I'm sure there are slashdotters out there who have taken the time to figure out where the problems and issues are.

If those of you out there who understand those issues could make a few posts here I would greatly appreciate it.

Thank you.

Re:What are the Downsides to IPv6? Anyone?

[drinkypoo]

I am not amazingly versed in this issue but several things stand out immediately to anyone who has a little networking experience.

1. Lots of legacy equipment does not and will never support IPv6. That means...
2. We will have a whole bunch of IPv4 to IPv6 gateways. This will be absolutely necessary. We have them now, of course, but not so many of them. You think NAT is a PITA when you have IPv4 on both sides of the wall? Try it with different protocols. You're going to have fun!
3. IPv6 addresses are four times the size of IPv4 addresses. That means additional computation is necessary to handle the simplest IP tasks (routing.) Doing the comparison to find out if a packet is yours on a 32 bit system can take as many as four comparisons, whereas with IPv4 it was only one.
4. IPv4 software is mature, IPv6 software is comparatively untested. GUIs need to be developed for configuration, and all the software has to be developed. A lot of software has IPv6 support, but hasn't really been hammered on in that way, simply because practically no one is using IPv6. There will be significant fallout.
5. IPv6 may be simpler, but retraining will still be necessary. Lots of people have spent literally decades getting used to TCP/IP, learning all its ins and outs, and figuring out how to make it do the right thing. IPv6 is allegedly more intelligently designed, but there will still be gotchas.

I'm sure someone with a little more knowledge, and/or a little more imagination, can come up with others.

Re:What are the Downsides to IPv6? Anyone?

For instance, in ipv4 localhost is 127.0.0.1, whereas in ipv6 it's ae241:3241acnzes:wtfffffffffffffff?!:2311134kadsfa saczaq:whenwillitstop:wheasee131431fsna:khaaaaan!

That's amazing! I've got the same combination on my luggage!

Re:What are the Downsides to IPv6? Anyone?

[Wesley+Felter]

Virtually every application and router must be updated to support IPv6.
Addresses are longer and harder to remember.
Packet headers are larger, so less data fits in each packet.
Multihoming still hasn't been sorted out.
Certain default configurations allow anyone to see your MAC address and thus track your computer more easily (but fixes for this are known).
Administration of a dual-stack network may cost almost twice as much as administration of a pure IPv4 network.

Re:What are the Downsides to IPv6? Anyone?

[Abcd1234]

IPv6 addresses are four times the size of IPv4 addresses. That means additional computation is necessary to handle the simplest IP tasks (routing.)

Uhh... what? One of the big advantages of IPv6 over IPv4 is that it will make routing *easier*, thanks to the hierarchical address space.

Re:What are the Downsides to IPv6? Anyone?

[TCM]

However, comparing a packet's address to a target address involves four times as many bits in IPv6 as in IPv4.

Wrong. Wrong. Wrong! Do you think the target address is scattered randomly through every packet? No, it has a fixed place in the header.

Additionally, there are less options in IPv6, making the logic to analyze a packet even more simple than for IPv4.

Random Google result:

The improved routing, or movement of information from a source to a destination, is more efficient in IPv6 because it incorporates a hierarchal addressing structure and has a simplified header. The large amount of address space allows organizations with large numbers of employees to obtain blocks of contiguous address space. Contiguous address space allows organizations to aggregate addresses under one prefix for identification on the Internet. This structured approach to addressing reduces the amount of information Internet routers must maintain and store and promotes faster routing of data. In addition, as shown in figure 5, IPv6 has a simplified header because of the elimination of six fields from the IPv4 header. The simplified header also contributes to faster routing.

http://www.cybertelecom.org/dns/Ipv6.htm

If you keep spreading FUD instead of doing a simple Google search we will never get IPv6.

Re:What are the Downsides to IPv6? Anyone?

[TCM]

Sorry, I must have misread something. But I still think this is FUD.

Yes, the address is four times as long, but since many checks for valid options can be removed and routing tables are going to get smaller, the additional overhead is small or non-existent, maybe even negative. What is a simple check of an address against a table of addresses with a (now fixed!) mask compared to the complex logic to verify the validity of 6 additional options?

Re:What are the Downsides to IPv6? Anyone?

[gclef]

There is also right now a huge disagreement going on in the background about how to multi-home in IPv6.

The presently-proposed model implies that only big ISPs (plans for at least 200 customers that you'll be allocating space to) can get their own IP space...everyone else has to get space allocated to them from bigger groups. This, predictably, is making the content providers and big enterprises very unhappy, because they're used to (and now require) multiple uplinks to differing ISPs.

The proposed fix for this problem, shim6, has been routinely savaged as a complete non-starter. That's mostly because it's proposing allowing each and every end host to make it's own decisions about what path to take, causing all sorts of uglyness for security devices and traffic engineering.

There presently is no good answer to this, which is why a lot of orgs are holding off on IPv6.

Re:What are the Downsides to IPv6? Anyone?

[convolvatron]

there was actually a perfectly good answer to this proposed by deering.
geographic addressing. it was unnecessarily denounced as anti-provider
and socialist.

Re:What are the Downsides to IPv6? Anyone?

[lgw]

The byte size of the address is a complete non-issue in networking hardware. The part of networking that is hard is not the part where you compare a string of bytes.

The real issue is that IPv6 was supposed to provide a heirarchical address scheme to simplify routing, but hasn't actually done so. Global addresses are just a flat number. Site local addresses completely failed to address the issue, and have been deprecated without even a suggested replacement. Link local addresses aren't useful for much beyond auto-configuration. There are clearly enough bits to work with, but no useful RFC yet.

IPv6 multicast will be neat, however, in a decade or two when you can count on it being available.

Re:What are the Downsides to IPv6? Anyone?

[jd]

Wrongo on the routing. The last 48 bits are reserved for the node's MAC address and the first 16 bits are reserved for the type of traffic. The rest is heirarchically defined by the router. (The router advertisment is done via RADV and the address is discovered by the machine from that advertisment).

The practical upshot is that if the traffic is for that LAN, you need only test the 48 bits for the MAC address. If it is for a node further downstream, there will be a non-zero value in the next byte after your router heirarchy addreess, provided that is NOT within the MAC address. If it is for a node reachable upstream, then one of the bytes within the router heirarchy address will be different (up to an absolute maximum of 8 bytes, which is 2 words on a 32-bit machine or 1 word on a 64-bit system).

IPv6 also does not support packet fragmentation - the network is interrogated to find the largest supported packet from end-to-end, so stateful routing will be unnecessary, reducing the CPU workload. Also, because there are no fragments, packets should be more reliable. In IPv4, if a fragment is lost, the whole packet is resent. This not only increases the opportunities of a packet loss, it also increases the network load on a retransmit, which means a greater chance of packets being lost on the retransmit.

It's interesting to figure out what legacy equiptment out there will prove bothersome. Layer 2 switches won't notice or care. Cisco routers have supported IPv6 for a decade now. Bay - long dead - was also an early adopter, so many of their routers should be IPv6-capable, with no need of any updates. Linux has had IPv6 patches since 2.0.20, and mainstream since 2.1.8. I think IPv6 was added in Solaris 2.5.1. There was an alternative Windows TCP/IP stack by TCP Software that supported IPv6 about 9 to 10 years ago.

All in all, if anyone's complaining about a lack of support, it's NOT because support has been lacking.

Re:What are the Downsides to IPv6? Anyone?

[jd]

In IPv6, the MAC address is kept in the ethernet frame but also in the low 48 bits of the IP address. Thus, routers do not need to have an ARP lookup table to get the MAC address - they can simply copy-and-paste from the IP address in the packet (for the final step) or the IP address of the next router in the path (for all other steps).

This means the number of tables for lookups is reduced by 1 and there is no need to do reverse lookups (so there is no latency in such activity). It is also central to the way IPv6 handles mobility, as it means (a) you're guaranteed there is an IP address available for you in the network you join, (b) the host part of the IP address will remain the same, only the network component will change, and (c) because only the network component changes, routers will be capable of re-routing traffic upstream to the new destination with zero packet loss.

(Most mobile IP uses forwarders, but IPv6 was designed from the start to have mobility within the protocol as far as possible and not as a hack.)

Re:What are the Downsides to IPv6? Anyone?

[Drishmung]

Fair point, but wrong example. localhost in IPv6 is ::1

Re:What are the Downsides to IPv6? Anyone?

[Wesley+Felter]

Some people are concerned that when a host moves to a different subnet, it could still be tracked because the host part of the address remains the came. In IPv4 there is no simple way to track a host across subnets.

Re:What are the Downsides to IPv6? Anyone?

[Wesley+Felter]

In IPv6, the MAC address is kept in the ethernet frame but also in the low 48 bits of the IP address. Thus, routers do not need to have an ARP lookup table to get the MAC address - they can simply copy-and-paste from the IP address in the packet (for the final step) or the IP address of the next router in the path (for all other steps).

This is not correct; such a scheme would not support manually-assigned addresses, privacy addresses, or cryptographically-generated addresses. IPv6 has neighbor discovery (and its cache) just like IPv4 has ARP.

Re:What are the Downsides to IPv6? Anyone?

[zizzo]

The single greatest drawback is that it is not compatible with IPv4, mandating huge purchases of new equipment. That's why Cisco is pushing for it; they stand to make billions. This isn't a bad plan for them but they have to sell the idea to everyone. The IP space "crisis" is just the tool to do that.

Other drawbacks, besides stuffing Cisco full of cash, are:

1) Upgrades required for all end-user software.

2) Large address spaces is human-hostile (think 192.168.45.22 is hard to use? Try 2ee4:43:2001::3e3e:1ea7, and that's a short one)

3) Default IPv6 address will quite likely embed your Ethernet MAC, making all anonymity a thing of the past. This is not mandated by the spec but is often mentioned and used and makes life simpler for admins.

Upsides:

Every single atom in every single dollar bill that Cisco collects can have its own IP address! How sweet is that!

Possibly faster routing. The IP header is simplified and IP checksumming is gone, so IP layer hardware can usually actually go faster despite the larger header. IPv6 routers are also allowed to forgo fragmentation, again making them faster and simpler.

Superior multicast support and death to broadcast. Multicast is used instead of broadcast for ARP.

Improved DNS facilities. Good thing too since the inscrutable addresses means you'll need to put everything in DNS.

IPv6 Adoption

[digitac]

This is a big step forward for IPv6 adoption, but I think the next major step will be by the cable companies. They want every set-top-box or cable TV to have two way communication and be fully addressable. Where else would they get the address space needed for that? IPv6 solves a lot of the problems they have with addressing that may devices. That will probably be the first way IPv6 gets into most of our homes.

Digitac

Re:IPv6 Adoption

[gbjbaanb]

Na, it'll be when MS issues a critical update that accidentally switches your network stack to use IPv6 .... :-)

Perhaps this is what it would take to get IPv6 in place - MS to say 'we will stop supporting IPv4 in a year's time'. Watch all the computer companies scramble to update their software (and hardware - obviously you'll need to buy the updated versions) and then it'll happen. Otherwise, we're going to be stuck with IPv4 for a very long time to come.

Re:IPv6 Adoption

[Breakfast+Pants]

Unless the boxes are going to be communicating with each other that is a total nonissue. You can communicate behind NAT with anyone else 2-way; as long as they aren't also behind NAT.

Re:IPv6 Adoption

[kbnielsen]

> Na, it'll be when MS issues a critical update that accidentally switches your network stack to use IPv6 .... :-)

Think Windows Vista :)

According to Microsoft, Vista will have IPv6 installed and enabled pr. default and will prefer IPv6 over IPv4. Link is here.

Re:IPv6 Adoption

[Kadin2048]

As for desktop computers, being addressable doesn't help for anything except profitless peer-to-peer applications.

I agree with your first point (about cable boxes) -- the boxes are as addressable right now as the cable companies want or need them to be. But this latter thing I disagree with. VoIP is notoriously difficult to pass through NAT (I'd bet that if you go onto some Vonage user forums, questions about NAT are all over the place), and represents a "killer app" for IPv6 as much as anything. UPnP has made this easier, but it's still problematic if you want to have two VoIP ATAs on one home network or small business network, for which right now you're only issued one IP.

Streaming video and Video-over-IP is going to make this even a bigger challenge: suppose you want to do IP video, and watch a different channel on one TV than you do on another? With only one externally-facing IP address, this could be quite a challenge; all the kludges that you'd need to make something like this function through NAT go away when you have IPv6 and every device in the house can be globally addressable (if you want it to be--people are still going to want firewalls, obviously). Same with multiple SIP streams. Even if you can get a SIP phone working through NAT, it becomes almost exponentially more complex to add another SIP ATA (say you wanted to have more than one "line"). Unless you can tell the headend to route the second line to a different port on your one externally-facing IP address, and then tell the NAT box to route that to a different internal IP, you're out of luck. People are going to want to do stuff like that as the technology becomes more mature.

The cable TV companies aren't going to be very interested from the video perspective, but they might be interested because of the voice possibilities, and the telephone companies who want to deliver video over IP might see easier implementations with IPv6 as well.

More than all this though are the "killer apps" that we don't even know about right now, and that we'll never know about without IPv6 and heavily wired, addressable homes. There are all sorts of neat things that we can't do now, or are hard to do (which is bascially the same thing if you're Joe User) that become a lot easier when everything has a unique address. To say that there aren't any benefits from switching to IPv6 is to say that we can imagine all the possibilities that might arise when the capabilities exist, and that to me is a bit of an arrogant statement. (Note I'm not saying you said that, but I see it as an implicit assumption in a lot of other anti-IPv6 blanket statements.)

Re:IPv6 Adoption

[Olmy's+Jart]

That is sooo funny because it's sooo blatently wrong. Dead opposite, dead wrong.

Comcast exhausted the entire 10 net last year and are deploying IPv6 for their management addresses. Just check out their presentation at the recent NANOG (North American Network Operators Group) titled "IPv6 @ Comcast Managing 100+ Million IP Addresses" http://www.nanog.org/mtg-0606/pdf/alain-durand.pdf . Their situation is dire just with managing HSD "high speed data" devices (aka cable modems) already and going to get MUCH worse with their "triple play" deployment. Since they are management addresses, NAT is impractical, whether it's externally accessible or not. They don't have a choice. IPv6 is the only practical answer for them.

Comcast, themselves, are saying the exact opposite of what you are claiming. They use private address space, but that's NOT the way it's going to stay. The address shortage is a pointed issue with them. They're already moving to IPv6. IPv6 to the customer is on the horizon.

You loose. Thank you for playing.

Experiment with Teredo

[Midnight+Thunder]

Anyone not having access to an IPv6 network, say because you are behind a NAT, and are wanting to try out IPv6, because it is in your blood to do so, I recommend giving Miredo a go. If I suggest this one over other solutions, is because of the number of platforms supported (including, Linux, Windows, MacOS X, BSD). There is Freenet6, but it won't work from behind my NAT with MacOS X.

Happy days..

[Rob+T+Firefly]

If this transition goes anywhere near as well as that time the US Government resolved to convert the US to the metric system in the 1970s, then... well, we'll all have a lot more time to play solitaire.

Sorry.

[fuzzyfozzie]

I don't know what IPv6 is but I'm assuming because it is on Slashdot and it involves the government I should be against it.

Re:The first

[davygrvy]

Now if only someone would slap around ComCast and get them using IPv6 natively.. or all USA ISPs for that matter.. There is zero choice for native IPv6 where I live unless I want to colo @ Hurricane Electric :(

Good news, bad news

[Sloppy]

The good news: long term, I think IPv6 is desirable. Thus, I like seeing a large organization pave the way. Let them get the kinks out. Let them find out what all goes wrong. Let them blaze the trail so we can ride on their coattails. Let them incur the big expense.

The bad news: Wait a minute. "Them?" Oh shit, it's the US government. I'm a US citizen. Argh, that's my expense. D'oh!

Re:Good news, bad news

[99BottlesOfBeerInMyF]

The good news: long term, I think IPv6 is desirable. Thus, I like seeing a large organization pave the way. Let them get the kinks out. Let them find out what all goes wrong. Let them blaze the trail so we can ride on their coattails. Let them incur the big expense.

Several others have already stepped up to the plate and have implemented IPv6. Here are some notes asked when Comcast did their presentation at NANOG about how their IPv6 migration of their cable modem pools worked.

It's a trap!

[Bromskloss]

It's the new, boosted, PATRIOT Act: Intellectual Property version 6

Re:The first

[cayenne8]

"Now if only someone would slap around ComCast and get them using IPv6 natively.. or all USA ISPs for that matter.."

You think that's bad. This article mentions getting info to transition to it from the US DoD....and this /. article is the first time I've heard anything about the DoD pushing to transition to IPv6!!!!

Heck...we're rebuilding systems from scratch in some cases post Katrina, and yet nothing is mentioned to us about trying to do anything with IPv6.

Good luck

[blamanj]

I hope it goes more efficiently than our switch to the metric system.

Remember GOSIP?

[KenSeymour]

I remember when the government mandated the switchover from TCP/IP to ISO protocols. The acronym for that was GOSIP.
Computer industry vendors spent serious money preparing for the August 1990 adoption deadline.
They had to implement the ISO protocols or risk not being able to sell their systems to the government (always a major customer).

The revised date for adoption is never.

The worst part about doing government contracts was dealing with all the folks that say:
"We can't design this around TCP/IP, the government is mandating ISO."

Re:Ummm, why?

[RyuuzakiTetsuya]

yes, the US Gov't has lots of IPv4 addresses, but the number available to everyone else is shrinking rapidly. By switching to IPv6, every man, woman, child, dog, piece of field ammunition, toast, individually wrapped piece of butter, and toy car will have an IP address. Sometimes, rarely, but sometimes, the Government works for the people. :P

By biggest question on if this is ready is..

[kesuki]

Which firewalls can currently be used to filter, log, and block ipv6 traffic?

IPV6 definitely has been around for many years now, but none of the windows firewalls I've downloaded seemed to have any kind of configurations for logging or filtering ipv6. Sure that's 2 years away, but unless I overlooked a firewall (there are so many for windows) or they use some kind of open source package that probabbly has ipv6 firewall capability already. i have to wonder how they're going to keep secure.

Re:By biggest question on if this is ready is..

[TCM]

This is not Windows, but NetBSD had IPv6 since 1999 and still has the most complete IPv6 stack. The included packet filter(s) handle IPv6 just as well as IPv4 and have done so for at least some years now.

And besides, I wouldn't connect Windows directly to the network in any case. It likes to trip over and salivate like a small child. Better use a real system to protect it.

Ada and waivers

[tcopeland]

I suspect this will be about as successful as the DOD's old policy of only doing development in Ada. Let the waiver requests begin!

Re:The first

[lgw]

Not to mention they'd piss off a bunch of home users who would have to replace all their equipment (routers and such) with IPV6 hardware. There's probably a lot of people still running OSes that don't support IPV6.

Where did DavyGrvy mention turning off IPv4? They work together, you know. Do even Slashdotters not understand that adding IPv6 to a network does nothing to reduce IPv4 connectivity? It's win-win.

IPv6 tunnels over IPv4. IPv4 tunnels over IPv6. Machines running IPv4 can talk to machines running IPv6. Machines running IPv6 can talk to machines running IPv4.

IPv6 still has issues, to be sure, but interoperability with IPv4 isn't one of them.

There's Money To Be Made Here

[broward]

Interest in IpV6 has stagnated since 2001.

If the U.S. Government is about to push a major IpV6 initiative, there could be some money to be made here.

http://www.realmeme.com/roller/page/realmeme?entry =ipv6_meme_flatlined_for_five

Re:Favorite part

[TCM]

Of course this is all theoretical because large chunks of the address space are "wasted" - no, scratch that, read "used" - to prevent fragmentation, i.e. end users always get a /48 network. The smallest subnet is /64 etc.

With IPv4 there are users who could have a /29 net or a /24. Two /29 users could be adjacent and have their first 3 octets of the address match. This complicates routing, because this simple example already doubles the routing table at the upstream router.

With IPv6 you take the first 48 bits and those always point to a unique end user. Any smaller subnet is going to be handled by this user's router, so routing tables just became a lot smaller, even if the addresses are four times as large.

This "anti-fragmentation" of course consumes chunks of address space without using every one of those addresses. Of course users could do with, for example, /104 networks in IPv6 and still have plenty of addresses. But it's specifically not done for the above reasons.

I'm a bit surprised

[Jugalator]

Given how many problems with IPv4 this new revision solves and that a thorough look was taken at the protocol in its entirety, of all things, I'm surprised *geeks* usually just try to find reasons to not like it. Sure, admins may need to retrain, and there'll be infrastructure costs, but since when did geeks stop looking at positive evolution as being bigger than these things?

There's also always a lot of FUD spread around this matter, and one can find it even in this topic, for example IPv6 increasing routing complexity. IPv6 uses hierarchical address ranges *and* is modularized so there's not just less complexity, but even less *traffic* to route unless using more advanced features of IPv6. After the transition, IPv6 is better for your routers.

NAT's also seem to be a common enough argument against IPv6 that someone should have written a damn "Why NAT's won't solve address space issues" FAQ to uninformed people already. There is something similar enough for that though.

Anyway, instead of just ranting, here's a document about some of the changes IPv6 makes. Maybe especially this part is educative to some.

Re:Favorite part

[Jerf]

My favorite part is when I heard about IPv6 in college, they had calculated that there would be enough addresses for 10 IPv6 devices for every square foot of the planet!

Oh, goodness me, are you ever off. Earth's area is 5.1e14 square meters. 2**128 ~= 3.4e38. 3.4e38 / 5.1e14 = 6.7e23 IPv6 addresses per square meter. For square feet, call it 6e22 addresses per square foot. (1 square meter's pretty close to 10 square feet.)

So, you're off by a about 21 and a half orders of magnitude. That's not even close by astronomical standards. :) You'll forgive me for not carrying more significant digits around.

Comcast IPv6 Plans

[The+Ego]

See this mailing list message, which points to this PDF presentation.

Re:A simple question

[TCM]

Can you get Slashdot over a pure IPv6 connection?

If Slashdot bothered to get IPv6 connectivity, then yes.

I could do that for www.sixxs.net, www.kame.net and every host that already has IPv6 connectivity. So "we" are not getting anywhere with IPv6 because it doesn't work because the big sites don't bother because IPv6 isn't anywhere yet. Nice way to get nothing done ever.

If I send my buddies e-mail, most of the time everything is IPv6 only, including DNS lookups, although DNS transport over IPv6 isn't really common yet.

Some people are indeed sitting on IPv6 and wondering when the rest will follow.