Slashdot Mirror
(Almost) All You Need To Know About IPv6
Butterspoon tips us to an article in Ars Technica titled "Everything you need to know about IPv6." Perhaps not quite "everything"; the article doesn't try to explain the reasons behind IPv6's meager adoption since its introduction 12 years ago. But it should be regarded as essential reading for anyone overly comfortable with their IPv4 addresses. Quoting: "As of January 1, 2007, 2.4 billion of those [IPv4 addresses] were in (some kind of) use. 1.3 billion were still available and about 170 million new addresses are given out each year. So at this rate, 7.5 years from now, we'll be clean out of IP addresses; faster if the number of addresses used per year goes up. Are you ready for IPv6?"
Do I need to upgrade to IPv6 to use web 2.0?
It's true I tell you, feller at work's next door neighbour read it in the paper.
All you need to know about IPv6. It wont run on your current network hardware, and you wont get the budget approved to upgrade.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
The reason, in a word and three letters:
Widespread NAT
I hear that we are only supposed to use the even versions, but I also heard that they kept messing around with version 6. Is it stable?
I am running a i386. Should I just stick with IPv2?
testing out my trending skills
Ted Stevens (R-Pork): As my colleagues from across the aisle are pointing out, we're facing Peak Internets. Clearly what we need is to open up drilling in IPNAR (Internet Protocol National Address Reserve) and start drilling in those unused /8s. We need more tubes!
Ted Kennedy (D-Ham): Sure, how about 34.0.0.0/8, Halliburton?
Dick Cheney (R-Oil): Suck it, Ted. Your union buddies in 19.0.0.0/8, Ford Motor Company, ain't long for this world anyways.
Senator BOFH (I-Maginary): Umm, dudes? I didn't know DEC was still around, let alone still owned (16.0.0.0/8), and do enough people still go to Interop (45.0.0.0/8) that it deserves a whole frickin' /8 to itself?
FCC: All of y'all, shaddap. The telcos paid us good money to put us in charge of this little exercise, so we'll take it from here. Everybody switches to IPv6 on our timetable. It shouldn't take us much longer than it took to phase out analog TV.
As of January 1, 2007, 2.4 billion of those [IPv4 addresses] were in (some kind of) use. 1.3 billion were still available and about 170 million new addresses are given out each year. So at this rate, 7.5 years from now, we'll be clean out of IP addresses; faster if the number of addresses used per year goes up. Are you ready for IPv6?"
As of January 1, 2007 too many IP addresses were in (some kind of) use by Apple and MIT who have entire class As but don't need that kind of address space. In 7 years when we are approaching what this particular author believes will be the end of the road for IPv4, those two (and anyone else with too many unused addresses) should be mandated to give them up so that everyone else can use them.
IPv6 won't be in wide use until the ISPs drop their ridiculous additional IP charges. They make a good bit of money through that so I assume they will be the absolute last people to switch over. Because most residential connections are on Comcast and other providers that don't want anything to do w/making less money, there's no way that this will happen w/o a fight.
3.7 billion unique IP's ought to be enough for anybody.
stuff |
"There's no place like 0:0:0:0:0:0:0:1"
You heard it here first. iThankyou.
throw new NoSignatureException();
Oh, good suggestion. Let's try out IPv4 and see if we still get spam.
The reason IPV6 has not been widely deployed is that the direct consumers of IPV4 addresses changed their ways and starting implementing sound IP address deployment strategies.
/25 (128 IP, half of what most people mistakenly call a class C). If a customer purchased a T1 then it was negotiated how many /24 (256 IP, again considered a class C).
When I say direct consumers as it relates to IPV4 the two largest consumers are Internet service providers and large corporations.
I remember when I started my first ISP. Everyone that dialed up to our modem bank was assigned a public IPV4 IP address. Later as higher bandwidth solutions arrived it was nothing for an ISDN user to have a
Now that has changed. Generally unless you pay extra you are going to have a RFC1918 (IP addresses that have been mutually agreed upon to be private). With this type of IP address nobody from the Internet can initiate communication to and of your equipment. These IP addresses are not routed on the public Internet. When you initiate an outbound communication to some server on the Internet your ISP will do a hide NAT to get you out to the Internet.
A hide NAT is when many systems using private address space all use the same IP address as their source when they leave their ISP. So, instead of the good ol (not so good) days where ever user needed a public IP address now an ISP can hide thousands of customers behind a single IP address.
Large corporation use similar techniques. They realized that not ever computer on ever desk need a public IP address. Again, they could use hide NAT and let them all use RFC1918 (private IP space) and when they would go out to the Internet they could either be hidden behind an IP or use a proxy. Also, almost simultaneously the idea that not all the servers in your data center needed a public address either. Your web and mail servers might but their back end database servers wouldn't. These wouldn't even require NAT because for security reasons it is just better if the have no interaction with the public Internet. The web servers could communicate with them with a physical separated network or internal routers could route their traffic to the proper location within their corporate infrastructure.
Two factors drove this movement. First was the fear of running out of IPV4 addresses. Arin and the like were doing there best to scare consumers into rationing their allocation in fear of not being able to get another. Second came from network security. Firewalls and proxy servers and the like were being implemented more rapidly than ever before. This was partly in response to the ever expanding IT bubble that many were sure would grow indefinitely and the majority was due to the realization that without proper security the bad guys would enter you system and start poking around. A system (server environment) can never be made 100% secure but the more money you are willing to spend on security the higher you raise the bar for a potential black hat hacker. As you increase security you make those that don't easier targets so a hacker would go after the easiest to penetrate rather than the more secure environments. This feeds upon itself. There will always be hackers and network security will have to continually evolve.
But back to IPV4. Looking at the current utilization of IPV4 as to what it was say in 1990 you see a completely different picture. The current picture is what was the promise of IPV6 and that is that it doesn't look like we will be running out in the foreseeable future. It's true with IPV4 we don't have enough public IP addresses so that everyone can have all their kitchen appliance connected to the Internet with a public IP. I have listened to many people tell the analogy that IPV6 has enough IP space so that every grain of sand on the planet Earth could have it's own IP address. Well, the truth is that we don't need that many, not anywhere near that many. And though it's true that IPV6 has more features t
Encryption: I may not agree with what you say, but I will defend your right to encrypt it...
IPv4 works over IPV6 just fine :-)
A very small peice of the IPv6's space is simply there to allow IPv4 to still work, so those devices won't have issues.
Besides, if everything else moves to IPv6, wouldn't that allow for IPv4 addresses to be freed up for this old systems?
~Francisco
The article does a great job of presenting the debate. In every talk, you should tell the audience what you are going to tell them, then tell them, then tell you what you told them. In this case, the author took the novel and interesting approach of using a Slashdot summary of the subject, linking to a previous discussion and paraphrasing it. I present the summary and the expansion side by side to highlight their ingenious rhetorical style:
"Use NAT, n00b. All 1337 of my Linux boxes share a single IP and it's safer, too!"
"NAT is not a firewall."
"NAT sucks."
"You suck."
Thanks for the shoutout, Ars. The explanation of various non free software limitations for using IP4/IP6 and partial explanation of why those systems may need firewalls to begin with is sure to add to the human body of knowledge and foster civilized conversations. After reading the article, it's all clear to me, for sure not at all. Respeckt!
Friends don't help friends install M$ junk.
That is 192.168.0.0/16, 10.0.0.0/8 and 172.16.0.0/12 for you, you insensitive clod. And remember, 172.16 is a 12-bit netmask, not a /16 and definitely not a /8 (I think HP owns a few of the other ranges in 172.x.x.x which usually gets blocked within a firewalled/natted network by an anal admin that didn't pay enough attention.
NAT though is NOT a solution, it's a patch, a fix to a problem of running out of space. There should be enough IP's out there for everyone, but the '/8 should be enough for the average company' idea from the 80's-early 90's screwed us all up. Each Coca Cola or IBM-owned computer for example could have it's own public IP, the way it should be, but they own 16M+ addresses, way too much for their needs. But anyway, IPv6 is going to keep us out of trouble for now until we make the same mistake (history has a tendency to repeat itself) and we have to invent IPv8 or so.
Next to that IPv4 has been missing some major features and runs into problems with large networks and (very) fast links (talking 10Gigabit for example) IPv6 will solve for us, it routes faster, it has inheritely support for multicast and jumboframes, IPSec and mobile versions while IPv4 usually has that functionality bolted on (sometimes implemented slightly different with each manufacturer).
Custom electronics and digital signage for your business: www.evcircuits.com
No. No. NO. Behind every router you can have an independent network, with as many machines as you want. Most small networks have users on the IPs 192.168.0.n or 192.168.1.n or 10.0.0.n. There are probably tens of thousands of machines using these addresses - but they do not conflict, because they are not using that address on the same global network.
And it's oh so delightful when you have to connect to heterogenous networks who are both using the same private IP scheme. Or when you have to VPN into your office from a customer network and you're both using the same scheme. Or when you have to VPN through a NAT firewall.
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
See my sig.
Get your own free personal location tracker
I think that falls under the category of "rearranging the deck chairs on the Titanic." At most, it might buy us a few more months of IPv4dom, but at what cost? And by diverting those resources to IPv4 recovery, how much more painful are we going to make the transition to IPv6 when we do run out? Because the numbers are clear, we are going to run out of allocatable IPv4 addresses eventually. Distracting people by telling them that it's the Class A blocks that are the problem isn't going to make that easier; it's just going to make the eventual runout into a catastrophe instead of a page-three technology topic.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I suppose at that point, history will repeat itself and we'll have to invent IPv8.
First, NAT by itself doesn't offer that much security, once you get it outfitted with UPnP and other stuff that allow users to do the things they want to do, without messing around with it too much. (Actually, NAT in its purest implementation, without a stateful firewall at all, wouldn't offer any security, because it would only serve one host, and it would forward all connections to it, incoming and outgoing. But all home "NAT boxes" also have firewalls and serve multiple hosts, and have the side-effect of blocking incoming connections.)
Second, there are applications coming that aren't going to play well with NAT, particularly internet telephony. We need to get rid of NAT in order to allow for WiFi/cellular phones, and portable devices that will multihome across networks. There are whole classes of applications and technologies that will be possible, once the infrastructure allows for things like this, and NAT is holding it back.
Complaining because NAT makes your printers easier to set up securely, and thus ought to be kept around, is a little like people who grumbled that persistent network connections between campus mainframes were a huge security risk, and that everyone would be better if we just stuck with UUCP and nightly dial-ins. While they may have been right, I think we can all agree that the benefits, in hindsight, of not all being stuck on isolated systems that only connected to each other at midnight to exchange traffic, outweigh the hazards. (If you disagree, signal your discontent by reaching behind your PC and unplugging that network cable or antenna.) It's a shortsighted position.
Until households and "dumb devices" get globally routable addresses, we won't know the sort of things that we can do with them. The ideas that people have outlined today -- the ability to use broadband applications on your cellphone or portable device over your connection at home, and then seamlessly failover to the cellular network (or another WiFi network, or whatever) when you walk out of range, without dropping the connection or needing to do a messy DHCP renewal -- that's just the beginning. That's like someone in 1985 trying to give a sales pitch about the Internet: how many things do we have now that weren't really possible to foresee at that point? (Good and bad.) A whole lot.
Third, even with the widespread adoption of NAT, we're still running out of IPv4s. There are enough applications and situations out there that require routable addresses, that even if we were to use NAT on everything, we'd still run out. It's a temporary solution at best, and an admittedly very cool hack, but we're coming to the end of the road for it. It's time to implement a real solution.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
ARIN wouldn't give us an allocation. In their rules, I have to be able to prove that we have a customer base large enough to use up a full /32 (of IPv6) addresses before we can get an allocation. So in order to get IPv6 block, we have to have enough customers to use up 2^16, or by IPv4 standards, a Class B block. WTF???? IPv4 allocations are handed out for free, but you can't get one unless you're a mega-conglomerate.
:(
IPv6 adoption won't occur in the US unless ARIN comes up with a better policy.
Karma: Chameleon (mostly due to the fact that you come and go).
I made a fairly determined effer to see if we could bring up a manageable lab with IPv6./ technol/tcpipfund/tcpipfund_ch03.mspx#EDAAE
s .Deploying.IPv6.Networks.Feb.2006_html/1587052105/ ch02lev1sec1.html
.5, exchange at .7, proxy server at .13, etc using DHCP static leases, it make life easier on our field techs, they know exactly where key pieces of infrastructure are for troubleshooting. We can send them to different customers and they have an ingrained familiarity of how things are configured. Currently MS IPV6 does not have a usable IPv6 DHCP server, and the IPv6 clients do not allow such an address assignment even if the server could do reservations.
1) Our local provide (XO) doesn't even offer public IPv6 address space.
2) ARIN wants thousands of dollars PER YEAR for portable address space.
3) Identifying what/how-to use a substitute for the deprecated "site-local" addressing. Tracking this down took days of searching and piecing things together. All the docs agreed that site-local was deprected but rarely mentioned what was going to take its place. Here is some links to what was found, MS has surprising helpful documentation:
http://www.microsoft.com/technet/network/evaluate
http://book.itzero.com/read/cisco/0602/Cisco.Pres
Generate a global ID with either of the tools below:
http://www.kame.net/~suz/gen-ula.html
http://www.hznet.de/tools/generate-rfc4193-addr
Additionally it is nearly impossible to control the allocation of hosts to specific suffixes. We often organize customers address space so that global catalog for each site are at, say,
In a nutshell, IPv6 tools and implementation on hosts fall far short of the enterprise tools used define and organize a LAN for IPv4 and until ease of use is at least on par with MS IPv4 DHCP point/click environment it is going to continue to languish. It absolutely must have integrated DHCP server redundancy with automatic failover/failback/sync so sorely lacking, LO these many years in MS offerings.
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
Ah, relax, Chicken Little. Once we run out of IPv4 addresses for our NATs, we'll just stick all those NAT's behind other NAT's. Pretty soon we'll just have one IP address tied to one NAT that everybody shares and the problem will be solved.
Proud neuron in the Slashdot hivemind since 2002.
Want to know what's changed in the past few years (apart from the significant decrease in free IPv4 address blocks since 2000), and why it's far more likely to take off now? Simple.
The Chinese are supporting it in a big way.
Could be argued that the Chinese government have their own reasons (cynical or otherwise) for supporting this, and that there's no need for the rest of us to go along with it. However, it's not like they're supporting some proprietery technology (a la SVCD). And although they're nowhere near the West in terms of technology penetration (yet), it's a fair bet that the sheer size of the market will encourage many in the rest of the world to support IPv6 as well. This could be the catalyst that will finally encourage IPv6 to take off properly.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).