U.S. Government to Adopt IPv6 in 2008

IO ERROR writes "The U.S. Government is set to transition to IPv6 in June 2008, according to Government Computer News: 'In the newest additions to the IPv6 Transition Guidance, the CIO Council's Architecture and Infrastructure Committee has provided a list of best practices and transition elements that agencies should use as they work to meet the deadline. The latest additions, (MS Word) released in May, are a compilation of existing recommendations and best practices gathered from the Defense Department, which has been testing and preparing for the transition for years, the private sector, and the Internet research and development community.'"

Enough Detail

[neonprimetime]

That word document has 37 pages, 12,946 words, 74,666 characters, and 564 paragraphs. I think there's enough detail.

Re:Enough Detail

[abscissa]

That word document has 37 pages, 12,946 words, 74,666 characters, and 564 paragraphs. I think there's enough detail.

Actually, no, that document is the sample IPv6 address.

Deployed!?!

Wouldn't IPv6 basicly be deployed when 51%> adopt it? If the commercial world doesn't accept it then the goverment will be on it's own and that won't fly too well.

Re:Deployed!?!

[Red+Flayer]

"If the commercial world doesn't accept it then the goverment will be on it's own and that won't fly too well."

The government will never be on its own, there are too many corporations sucking at its teat who will need to step into line.

Note how this works in re: MA trying to force open standards for anyone it does business with.

Re:Deployed!?!

[jgs]

The government will never be on its own, there are too many corporations sucking at its teat who will need to step into line.

Good point, that worked really well with GOSIP which is why we're all using OSI now.

What, we're not? Hmm.

Re:Deployed!?!

[99BottlesOfBeerInMyF]

The government will never be on its own, there are too many corporations sucking at its teat who will need to step into line.

Agreed. Who writes this stuff? ISPs already have management networks running IPv6 and big players like Comcast ran out of unique IPv4, for their cable modem pools and have completed their migration to IPv6. China is on the boat and most network gear deals with both just fine. How exactly is the US government going to be on its own here?

USA, home sweet home

[Mancat]

There's no place like ::1

Re:USA, home sweet home

[Midnight+Thunder]

There's no place like ::1

Just when I was getting to used to my old 127.0.0.1 :(

Stats on IP usage?

[lawaetf1]

I'm curious as to whether there are any reliable stats out there about the availability of IPv4 address space and how it has changed over time. The widespread adoption of hide-mode NAT has allowed companies, universities and the like to move thousands of computers out of the public address space, freeing up large blocks of public address goodness. Cripes when I think about what I got away with in university, hooking my desktop up to the local LAN, getting a public and ........

Re:Stats on IP usage?

[Arthur+B.]

Yes but NAT is evil, it's a dirty hack. Plus NAT is changing the face of the internet, clearly separating content provider and producers. Sure you can host your blog anywhere now, but what about censorship ? If things such as darknets, freenets, etc become needed NAT will be a major annoyance.

Re:Stats on IP usage?

[cmason]

Got away with? Cripes, this is how the internet is supposed to work. Goddamn NAT. Grr.

-c

Re:Stats on IP usage?

[Intron]

According to IANA, there are some big blocks of wasted space out there:

• BBN has three entire class A
• HP+DEC has two entire class A (isn't it interesting that they were side by side?)
• Halliburton has their own class A
• multicast reserves 16 x class A but is largely unused

Remember that a class A contains 16M addresses.

Re:Stats on IP usage?

[shakuni]

http://www.cisco.com/web/about/ac123/ac147/archive d_issues/ipj_8-3/ipv4.html

try this link. It is a logical analysis of the state of IPv4 address space (it is all /8 based though). It also has a link to another report which has a different view on space exhaustion.

regards

Re:Stats on IP usage?

[kbnielsen]

For a long time, it has been predicted by various studies that we would run out of IPv4 addresses around 2010, based on the comsumption rate after introduction of NAT's and the changes made by CIDR (RFC 1817).

However, a more recent study by Cisco and others argue that we might be running out of addresses as soon as 2008 if the current consumption rate holds up. And with major pushes for 3. world countries to enter into the tech sector, my guess is that it is not a totally invalid assumption. They also argue how long the reclaiming of existing class A (or /8 in CIDR notation) networks would prolong the time where the IPv4 address space is exhausted.

There are also lots of problem by using the D and E class networks for general putpose traffic, since the D class is classified as experimental and E as broadcast, and so it cannot be guaranteed that all equipment can handle these addresses or will even allow these addresses to be used, since previously it would have been a configuration mistake to use these (especially the D class) addresses...

Re:Stats on IP usage?

[arivanov]

There is a tremendous waste of space all over the place, not just class thos few class As you mention.

As an example: In one well known red brick UK university you have to have a public IP address and you are not allowed to put kit behind a NAT even if that kit OS something esoteric and obsolete like the Silicon Graphics or AS1 that drives Bruker NMRs. As a result you have the choice to leave it unconnected which is a major annoyance as it is designed for network connectivity or to leave it at the mercy of the elements. This is done so that the "usage is not reduced" so that the overall university allocation is still justified.

While at it, IIRC the aforementioned Bruker as a class B which is not used for anything but to give semi-unique addresses to different components of Lab machinery which sit on internal networks worldwide. Classic abuse of public address space for what amounts to textbook RFC 1918.

IBM is holding 9.0.0.0/8 which it practically does not use, There is a huge block in the high /8 area which is unused and reserved for edu.

The only place where there is some IPv4 address shortage are the APNIC blocks. RIPE and especially ARIN still have plenty of address space to go around even without going and starting to ask people like IBM if they actually use those class As.

Re:Stats on IP usage?

[TCM]

IPv6 addresses are not cryptographic keys, even if their space is as big. Relying on the ability to "hide" in the address space is so bad, you shouldn't even begin thinking about it. Better keep your services up-to-date and secure.

Also, IPv6 NAT should never ever see the light of day.

Re:Stats on IP usage?

[dubl-u]

HP+DEC has two entire class A (isn't it interesting that they were side by side?)

Whoa. Working from your document, if this trend contiues they will next buy Apple, and then MIT. That would be a powerhouse indeed.

Although really, they should go the other way, buying Xerox and nabbing whatever the hell 14/8 is used for. Then they could have the world's only /6. That would either be the world's coolest dorky thing, or the world's dorkiest cool thing. I can't tell which.

Re:Stats on IP usage?

[Lauritz]

Just like the space of possible e-mail addresses is to large to iterate over, and it therefore is infeasible to create an exploid that propagates via e-mail?

Re:Stats on IP usage?

[Detritus]

As an example: In one well known red brick UK university you have to have a public IP address and you are not allowed to put kit behind a NAT even if that kit OS something esoteric and obsolete like the Silicon Graphics or AS1 that drives Bruker NMRs. As a result you have the choice to leave it unconnected which is a major annoyance as it is designed for network connectivity or to leave it at the mercy of the elements.

Setup a firewall, which is the proper way of doing it in the first place. The security benefits of NAT are incidental, not intentional. NAT also makes it difficult for network administrators to diagnose and isolate network problems.

2008?

[Billosaur]

As the CIO Council and Office of Management and Budget help map out the June 2008 transition to IP Version 6, perhaps the biggest challenge is that they're entering unfamiliar territory.

In the newest additions to the IPv6 Transition Guidance, the council's Architecture and Infrastructure Committee has provided a list of best practices and transition elements that agencies should use as they work to meet the deadline.

So the government has a year-and-a-half to meet this deadline? Forgive the cynicism, but given that they have a loose set of guidelines and so many systems that would need conversion, I think they're being a tad optimistic. Kudos for trying this, but I won't be surprised when it takes until 2010.

Re:2008?

[Mariner28]

Actually, the DoD is transitioning to IPv6 capability by 2008, and yes, there's no way all systems will be capable of supporting IPv6, let alone transitioning to IPv6 exclusively, by then. So as systems, and more importantly - applications, are upgraded over time, they will get there.

Ironically, it's not the government that's dragging its feet - it's the contractors. You'd think they've never heard of IPv6 before, even though every contract written in the last year or so is supposed to contain a clause stating that the system/application delivered under that contract will support IPv6...

What are the Downsides to IPv6? Anyone?

[Banner]

I haven't had the time yet to read over the specs and try to figure out what the downsides and hassles for the rest of us will be with IPv6, but I'm sure there are slashdotters out there who have taken the time to figure out where the problems and issues are.

If those of you out there who understand those issues could make a few posts here I would greatly appreciate it.

Thank you.

Re:What are the Downsides to IPv6? Anyone?

[drinkypoo]

I am not amazingly versed in this issue but several things stand out immediately to anyone who has a little networking experience.

1. Lots of legacy equipment does not and will never support IPv6. That means...
2. We will have a whole bunch of IPv4 to IPv6 gateways. This will be absolutely necessary. We have them now, of course, but not so many of them. You think NAT is a PITA when you have IPv4 on both sides of the wall? Try it with different protocols. You're going to have fun!
3. IPv6 addresses are four times the size of IPv4 addresses. That means additional computation is necessary to handle the simplest IP tasks (routing.) Doing the comparison to find out if a packet is yours on a 32 bit system can take as many as four comparisons, whereas with IPv4 it was only one.
4. IPv4 software is mature, IPv6 software is comparatively untested. GUIs need to be developed for configuration, and all the software has to be developed. A lot of software has IPv6 support, but hasn't really been hammered on in that way, simply because practically no one is using IPv6. There will be significant fallout.
5. IPv6 may be simpler, but retraining will still be necessary. Lots of people have spent literally decades getting used to TCP/IP, learning all its ins and outs, and figuring out how to make it do the right thing. IPv6 is allegedly more intelligently designed, but there will still be gotchas.

I'm sure someone with a little more knowledge, and/or a little more imagination, can come up with others.

Re:What are the Downsides to IPv6? Anyone?

For instance, in ipv4 localhost is 127.0.0.1, whereas in ipv6 it's ae241:3241acnzes:wtfffffffffffffff?!:2311134kadsfa saczaq:whenwillitstop:wheasee131431fsna:khaaaaan!

That's amazing! I've got the same combination on my luggage!

Re:What are the Downsides to IPv6? Anyone?

[Abcd1234]

IPv6 addresses are four times the size of IPv4 addresses. That means additional computation is necessary to handle the simplest IP tasks (routing.)

Uhh... what? One of the big advantages of IPv6 over IPv4 is that it will make routing *easier*, thanks to the hierarchical address space.

Re:What are the Downsides to IPv6? Anyone?

[TCM]

However, comparing a packet's address to a target address involves four times as many bits in IPv6 as in IPv4.

Wrong. Wrong. Wrong! Do you think the target address is scattered randomly through every packet? No, it has a fixed place in the header.

Additionally, there are less options in IPv6, making the logic to analyze a packet even more simple than for IPv4.

Random Google result:

The improved routing, or movement of information from a source to a destination, is more efficient in IPv6 because it incorporates a hierarchal addressing structure and has a simplified header. The large amount of address space allows organizations with large numbers of employees to obtain blocks of contiguous address space. Contiguous address space allows organizations to aggregate addresses under one prefix for identification on the Internet. This structured approach to addressing reduces the amount of information Internet routers must maintain and store and promotes faster routing of data. In addition, as shown in figure 5, IPv6 has a simplified header because of the elimination of six fields from the IPv4 header. The simplified header also contributes to faster routing.

http://www.cybertelecom.org/dns/Ipv6.htm

If you keep spreading FUD instead of doing a simple Google search we will never get IPv6.

Re:What are the Downsides to IPv6? Anyone?

[gclef]

There is also right now a huge disagreement going on in the background about how to multi-home in IPv6.

The presently-proposed model implies that only big ISPs (plans for at least 200 customers that you'll be allocating space to) can get their own IP space...everyone else has to get space allocated to them from bigger groups. This, predictably, is making the content providers and big enterprises very unhappy, because they're used to (and now require) multiple uplinks to differing ISPs.

The proposed fix for this problem, shim6, has been routinely savaged as a complete non-starter. That's mostly because it's proposing allowing each and every end host to make it's own decisions about what path to take, causing all sorts of uglyness for security devices and traffic engineering.

There presently is no good answer to this, which is why a lot of orgs are holding off on IPv6.

Re:What are the Downsides to IPv6? Anyone?

[convolvatron]

there was actually a perfectly good answer to this proposed by deering.
geographic addressing. it was unnecessarily denounced as anti-provider
and socialist.

Re:What are the Downsides to IPv6? Anyone?

[jd]

In IPv6, the MAC address is kept in the ethernet frame but also in the low 48 bits of the IP address. Thus, routers do not need to have an ARP lookup table to get the MAC address - they can simply copy-and-paste from the IP address in the packet (for the final step) or the IP address of the next router in the path (for all other steps).

This means the number of tables for lookups is reduced by 1 and there is no need to do reverse lookups (so there is no latency in such activity). It is also central to the way IPv6 handles mobility, as it means (a) you're guaranteed there is an IP address available for you in the network you join, (b) the host part of the IP address will remain the same, only the network component will change, and (c) because only the network component changes, routers will be capable of re-routing traffic upstream to the new destination with zero packet loss.

(Most mobile IP uses forwarders, but IPv6 was designed from the start to have mobility within the protocol as far as possible and not as a hack.)

Re:What are the Downsides to IPv6? Anyone?

[Drishmung]

Fair point, but wrong example. localhost in IPv6 is ::1

IPv6 Adoption

[digitac]

This is a big step forward for IPv6 adoption, but I think the next major step will be by the cable companies. They want every set-top-box or cable TV to have two way communication and be fully addressable. Where else would they get the address space needed for that? IPv6 solves a lot of the problems they have with addressing that may devices. That will probably be the first way IPv6 gets into most of our homes.

Digitac

Re:IPv6 Adoption

[kbnielsen]

> Na, it'll be when MS issues a critical update that accidentally switches your network stack to use IPv6 .... :-)

Think Windows Vista :)

According to Microsoft, Vista will have IPv6 installed and enabled pr. default and will prefer IPv6 over IPv4. Link is here.

Re:IPv6 Adoption

[Olmy's+Jart]

That is sooo funny because it's sooo blatently wrong. Dead opposite, dead wrong.

Comcast exhausted the entire 10 net last year and are deploying IPv6 for their management addresses. Just check out their presentation at the recent NANOG (North American Network Operators Group) titled "IPv6 @ Comcast Managing 100+ Million IP Addresses" http://www.nanog.org/mtg-0606/pdf/alain-durand.pdf . Their situation is dire just with managing HSD "high speed data" devices (aka cable modems) already and going to get MUCH worse with their "triple play" deployment. Since they are management addresses, NAT is impractical, whether it's externally accessible or not. They don't have a choice. IPv6 is the only practical answer for them.

Comcast, themselves, are saying the exact opposite of what you are claiming. They use private address space, but that's NOT the way it's going to stay. The address shortage is a pointed issue with them. They're already moving to IPv6. IPv6 to the customer is on the horizon.

You loose. Thank you for playing.

Experiment with Teredo

[Midnight+Thunder]

Anyone not having access to an IPv6 network, say because you are behind a NAT, and are wanting to try out IPv6, because it is in your blood to do so, I recommend giving Miredo a go. If I suggest this one over other solutions, is because of the number of platforms supported (including, Linux, Windows, MacOS X, BSD). There is Freenet6, but it won't work from behind my NAT with MacOS X.

Sorry.

[fuzzyfozzie]

I don't know what IPv6 is but I'm assuming because it is on Slashdot and it involves the government I should be against it.

Good news, bad news

[Sloppy]

The good news: long term, I think IPv6 is desirable. Thus, I like seeing a large organization pave the way. Let them get the kinks out. Let them find out what all goes wrong. Let them blaze the trail so we can ride on their coattails. Let them incur the big expense.

The bad news: Wait a minute. "Them?" Oh shit, it's the US government. I'm a US citizen. Argh, that's my expense. D'oh!

Re:The first

[cayenne8]

"Now if only someone would slap around ComCast and get them using IPv6 natively.. or all USA ISPs for that matter.."

You think that's bad. This article mentions getting info to transition to it from the US DoD....and this /. article is the first time I've heard anything about the DoD pushing to transition to IPv6!!!!

Heck...we're rebuilding systems from scratch in some cases post Katrina, and yet nothing is mentioned to us about trying to do anything with IPv6.

Remember GOSIP?

[KenSeymour]

I remember when the government mandated the switchover from TCP/IP to ISO protocols. The acronym for that was GOSIP.
Computer industry vendors spent serious money preparing for the August 1990 adoption deadline.
They had to implement the ISO protocols or risk not being able to sell their systems to the government (always a major customer).

The revised date for adoption is never.

The worst part about doing government contracts was dealing with all the folks that say:
"We can't design this around TCP/IP, the government is mandating ISO."

By biggest question on if this is ready is..

[kesuki]

Which firewalls can currently be used to filter, log, and block ipv6 traffic?

IPV6 definitely has been around for many years now, but none of the windows firewalls I've downloaded seemed to have any kind of configurations for logging or filtering ipv6. Sure that's 2 years away, but unless I overlooked a firewall (there are so many for windows) or they use some kind of open source package that probabbly has ipv6 firewall capability already. i have to wonder how they're going to keep secure.

Re:The first

[lgw]

Not to mention they'd piss off a bunch of home users who would have to replace all their equipment (routers and such) with IPV6 hardware. There's probably a lot of people still running OSes that don't support IPV6.

Where did DavyGrvy mention turning off IPv4? They work together, you know. Do even Slashdotters not understand that adding IPv6 to a network does nothing to reduce IPv4 connectivity? It's win-win.

IPv6 tunnels over IPv4. IPv4 tunnels over IPv6. Machines running IPv4 can talk to machines running IPv6. Machines running IPv6 can talk to machines running IPv4.

IPv6 still has issues, to be sure, but interoperability with IPv4 isn't one of them.