Slashdot Mirror
How Feds are Dropping the Ball on IPv6
BobB-NW writes "U.S. federal agencies have six months to meet a deadline to support IPv6, an upgrade to the Internet's main communications protocol known as IPv4. But most agencies are not grabbing hold of the new technology and running with it, industry observers say. Instead, most federal CIOs are doing the bare minimum required by law to meet the IPv6 mandate, and they aren't planning to use the new network protocol for the foreseeable future."
Regional registry IPv4 address exhaustion in... 1442 Days, 07 Hours, 42 Minutes, 42 Seconds. ( http://penrose.uk6x.com/ )
So there is plenty time for someone to wake up, wanting it yesterday.
CC.
TaijiQuan (Huang, 5 loosenings)
I don't blame anyone, even government in this case, for avoiding the hassle of getting everything converted to IPv6. Maybe eventually we all will have to be there, but there always seems to be workarounds that work for everyone, minimal hassle, minimal pain.
If you wanted a Starbucks coffee, and it was one street down, and someone told you you had to go through the in-between building, climb up and down its twenty flights of stairs just to get to the next street for you coffee, and you knew you could just walk around the building on the sidewalk, what would you do? Now, if the building were only two stories high, and the block to walk around were 600 ft each side, it might be a different choice.
An interesting aside, meeting the mandate only requires they are IPv6 capable, not running it. This is the same height bar the government set for Microsoft in the early nineties when Microsoft delivered the DOA POSIX-compliant (never to be really used) NT. NT, with its barely implemented POSIX subsystem (only implemented the library portion, btw, not the user interface) got to put a check in the POSIX checkbox for government contracts.
Lesson to be learned? If you want to make an effective mandate, make it a mandate for implementation, not capability.
The government:
I also look at the industry as a whole. I don't see any real drive, a critical mass if you will, for getting off of IPv4. My ISP doesn't offer IPv6. My company doesn't use IPv6. It's little wonder that the government is dragging it's feet.
This is a boring sig
They are just making too much money managing the current ipv4 limitations, that's the problem.
What's in a sig?
IPv6 isn't that complicated to set up, especially since most recent desktops support IPv6 out of the box, though that doesn't mean that there aren't a few hurdles, including:
/. actually upgraded a network to be IPv6 compliant and what can you tell us about real world experience.
- Upgrading routers, firewalls et al to support IPv6.
- Some application software still not being fully IPv6 ready.
- A large number of sites still don't have IPv6 DNS addresses
I think the problem, like many government proposals is not the recommendation, but the lack of research guidelines or instructions on how to make the infrastructure IPv6 compliant or what it means to be IPv6 compliant. For example is simply having a 6to4 gateway considered IPv6 compliance.
All this said and done, has anyone here on
Jumpstart the tartan drive.
I expect some mass-market ISP will be the first to make the switch to IPv6. Most of their customers couldn't tell an IP address from a hole in the ground, so it might be the perfect testbed. Particularly if AOL could go on to sell their now free IPv4 allocations.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
and many would argue that it's not. The IPV6 address space is beyond reasonable, and the onerous idea of tracking every conceivable device right down to bullets fired (look it up) is staggeringly senseless overkill. We still have huge Class B spaces taken up by various hoarders that need to give it up and use some common sense. There are loads of CIDR blocks that need to be used or pushed back into the pools of available IPV4 space.
Those that do only the minimum to achieve IPV6 addressing are in my personal and technical opinion, doing nothing incorrectly beyond violating the spirit of mind-numbing nonsensical regulation. Even if IPV6 addressing were rational, then managing that space still needs work-- even after more than a decade of implementation.
---- Teach Peace. It's Cheaper Than War.
So 2012 then?
What benefit does your average government agency get for switching to IPv6, and does it outweigh the costs?
Obviously not, because if the benefits outweighed the costs, no mandate would be necessary. Agencies would have long ago switched on their own.
And since costs outweigh the benefits, who can blame agencies for doing the bare minimum to achieve compliance? The writeup makes it sound like agency obstinance, but I view it is good budget stewardship. Agencies don't seem to want to flush good budget down the IPv6 toilet.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
Since Iraq and Afghanistan didn't go so well and Iran isn't popular expect the Bush administration to declare war on the 10.0.0.0 addresses.
Banner to read TRANSMISSION ACCOMPLISHED
I got the karma go ahead and troll me.
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
Relax. They have six months to pick up the ball, and even at that who cares?
Perhaps they are rightly spending time on critical issues such as people running live wires into passenger jet fuel tanks, which -- on the face of it -- seems like a really bad idea.
One of the major french ISP has activated IPv6 last week, with autoconfiguration of user lan with global scope address. It's the first step for IPv6 here in france, and only geeks activated that option, but if a major application has success with IPv6 (read : a P2P file sharing that work well and only in IPv6), It is very likely that many people will activate it. The major problem is that people use their NAT as an "automatic" firewall, and i wonder the impact of global scope IPv6 address will have on machines corruption. Certainly a few impact at this time, but for the future, i don't know.
:)
Anyway, get prepared for more and more IPv6 traffic, at least from france
Where I work, I'm trying to push IPv6. Some are reluctant--only considering in face of federal policy. We're not really too far into networking, but there's room in both product and IT for it. You have to beat down the thick molasses when upgrading.
As much as people hate stop-gaps like NAT, in some environments it is a cheap solution to several problems and doesn't introduce new ones.
Besides, how long did it take government computer networks to switch from proprietary systems like IBM's SNA, Microsoft's NetBIOS, Banyan's VINES, Digital's DECNET, Apple's Appletalk, and others to IPv4? IPv4 came out in the early '80s. I'd venture to say more than one government office was still using a completely-non-IPv4 network well into the '90s.
No, unless there is a big benefit that justifies the cost, most System Administrators are going to do as little as they can get away with, both in the government and in Corporate America.
Now, if you are in a shop where it's cost-effective to be on IPv6 then by all means why aren't you there already?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
add a nation tag to the end of IP addresses like 123.456.78.90.usa or 123.456.78.90.cn for China, would this be possible to implement @ the root backbone servers?
Politics is Treachery, Religion is Brainwashing
Having worked for a web hosting provider at one point, migration to anything new is scary. In our case it was more like will our clients sites still function correctly after they are migrated. Thus far they have put off migrating hoping that someone else would be the gunni pig on this one. I don't know of too many larger networks running on the IPV6 protocols yet. Hopefully in the near future someone will suck it up and convert. I think that someone will have to be the test bed and hopefully there migration will serve as a wakeup call to all providers who are still waiting to see what will happen. I honestly don't see a worldwide usage of ipv6 any time in the next few years. Maybe someone will prove me wrong. We will see.
... The world is going to end December 21st, 2012.
We should have enough to get us there...
During this last college semester I expressed my disappointment that IPv6 wasn't being implemented as widely as I thought it should be. I also subtly hinted at my disappoint that IPv6 wasn't covered at all (except one half a page of 405). My teacher said "I think it will take a new generation of Network Tech to implement IPv6". How in the hell are we going to have a new generation implementing it when it isn't even taught? I just took that joke of a Network+ test and now I'm certified, and I don't know diddly-squat about IPv6. Thankfully Wikipedia is there to explain a little bit of it to me.
"Where have all the good people gone?" - Jack Johnson
Every major OS has IPv6 installed and enabled. Vista and XP, MacOS-X, all the BSDs, all the major Linux distros, Solaris. Older OSes like XP-SP1 or Win2k can get IPv6 installed or enabled with little trouble. It's a package install on Linux if it isn't there already.
Every major networking equipment supplier has IPv6 support on their product lines, although some still charge for turning it on. All the high-end Cisco routers and switches support it natively, but charge extra for the IOS image that can use it. Foundry's current product line supports it everywhere. Juniper has pretty much always had IPv6. Working down the list of less popular suppliers shows most of them have some level of IPv6 support. Sure, most of the older networking equipment can't deal with v6 traffic, and the useful life for old kit is long enough that it's still probably 70% of the installed base.
Most internet enabled mobile phones have IPv6 built in, but it tends to be invisible to the user because the phone companies are only using it for local communications, if at all. All the Nokias support IPv6 in their network stack, but I haven't seen one system that takes advantage, yet. iPhones and iPod Touches have v6 enabled by default, and if they connect to a WiFi system that has v6 router announcements, they'll autoconfigure and Safari will use it transparently.
Where IPv6 support falls down is in super-cheap consumer networking products. All those little $40 DSL modem+firewall+4 port switch boxes just don't support v6 at all. The only good news is from when I was in discussions with the Chinese company behind many of these boxes. The versions released in China are all IPv6, it's only the versions sold outside China where they just don't include it because there is no market demand.
The only real problem right now is with ISPs. Until the engineering staff inside ISPs and hosting companies take the responsibility to start turning it on, sales and marketing will remain blissfully unaware that it can be sold.
One of the largest IPSs in Europe turned on IPv6 to all 8 million users this week. They've done the right thing and made it opt-in for now, their customers have to go to their control panel web page and turn it on, but almost 50,000 people did in the first 24 hours. They turned it on, and their Macs and Win machines started using IPv6 with no need to do anything other than tell Firefox and Tbird to start using IPv6 for DNS lookups. Because this one major ISP did this, their main competitor has been forced to make plans to enable IPv6 in January. After that, any ISP that doesn't have IPv6 turned on will be branded as "obsolete" or "incompetent".
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
IPv6 still does nothing for me. Until I can reach everybody who is listen()'ing for me using IPv6, having an IPv6 address, or IPv6 stack, or IPv6 routing doesn't help me one bit.
Until that happens, NOBODY can adopt IPv6. That's the law, and no legislation can change that.
Don't piss off The Angry Economist
That's a contorted metaphor, but so is yours. You're not going and buy an consumer good that somebody else grows, processes, and distributes. You're part of a network of people providing IP service not just to your own users, but to everybody they connect to. In order to make that service continue to work, we have to stop kludging around obsolete technology. Yeah, it's difficult. So what?
Let's drag Starbucks back into the story. Suppose you're a Starbucks manager, and you're told that you have to make sure there's no rat droppings in the beans. Now, there might be any number of reasons this is hard to do. But it doesn't matter how difficult it is, you have to do it.
But screw Starbucks. Their beans are not particularly high quality, and they roast them too long. Even Safeway's house brand French Roast is better! Their coffee is only good for adding to sugared beverages, which I guess is most of their business. I only go there when I desperately need a caffeine fix and there's nothing else around. A classic demonstration of how good marketing and branding can move a worthless product.
My home network will not run IPv6 until
* I've got a firewall that blocks all unsolicited incoming IPv6 traffic except what I specifically want to get through. For IPv4 my current NAT router does this.
* I can justify spending the time and money to turn it on safely
I don't run the same externally-visible service on more than one machine at home so that NAT limitation isn't important to me.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
That is the reason why we don't do IPv6 where I work (university). A lot of people think it is easier, and more importantly cheaper, than it really is because they've worked on small networks, or have been at a place that did IPv6 wrong.
What happens on a large, high speed, network is that your routers rely on hardware acceleration to be able to pass traffic as quickly as you want, while still implementing all the rules you want. What that means is there are ASICs of various kinds that can handle various kinds of traffic. On older hardware (and some newer too), these are for IPv4. So anything else has to be handled by the router's CPU, which really isn't very powerful.
So, what that means is that you can technically support IPv6 by just turning it on, but only if you are willing to do it poorly. If we enabled it on all the routers, we would effectively support IPv6 internally. Great, and initially everything would work fine. However if any significant number of people actually decided to use it, network performance issues would come up in a hurry.
To really support it we have to buy new routers that support IPv6 in hardware. This could be done, but it would be expensive. Last time it was looked at the price tag was over $5 million. As you can probably guess, the university wasn't that interested in spending money like that for what was perceived to be no gain at all.
So while in a smaller network, where there's only an edge router and it isn't very high speed, yes IPv6 can be as simple as some software updates and turning it on for all devices. However when you have a larger, higher performance, network, you often need new hardware. That's a lot of money, and it is hard to justify that being spent for no real gain.
#ping anonymouscoward.slashdot.org
Pinging anonymouscoward.slashdot.org [66.35.250.151] with 32 bytes of data:
No reply. I guess you got your wish.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Does it really matter if we run out of IP4 address space? A majority of the internet is either a waste or a joke - myspace, facebook, etc...it's all pointless crap.
Why not reclaim all the wasted, unused existing space? Adding IPv6 seems akin to raising taxes instead of controlling spending. It's going to cost a shitload of money and Regular Joe won't see any benefit.
"You know how to spot a pioneer? They're the ones with all the arrows sticking out of their back."
... for your personal resume but it stinks for the organization that has to fund it if they aren't in the business of that technology.
Look, being the guy who experiences ironing the kinks out of a new technology is great
I, for one, applaud those governmental agencies that are saving my tax dollars (to spend on other stuff, ha!) by waiting until IPv6 is well and truly out of the pioneering stage.
More than a few insitutions use 10. for their own private /24 walled-garden "national" oops I mean institutional network.
Just be aware that NAT has its advantages and disadvantages. Unless you know you can live with the disadvantages this is not recommended.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
In France, the ISP Free telecom offers the possibility [fr] to migrate to IP V6 already.
If you are interested in playing with IPv6 and are behind a NAT, then Teredo provides the necessary solution. There are certainly other 6to4 solutions, but they usually fail behind a NAT or require that your local gateway lets through certain packet types. Windows Vista already supports Teredo, from what I understand, but for other platforms an implemenation is available in the form of Miredo. Its GPL licensed, for those who care.
Jumpstart the tartan drive.
IPv6's designers didn't expect users to need NAT - they're providing a
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The obesity "epidemic" hit in the early 80s. Interestingly enough fructose was massively introduced into the US food supply in the early 80s. As it has been introduced into other countries obesity has taken off there too. Could be a coincidence but the evidence is pretty damning.
Try to cut fructose out of your diet. It is almost impossible. Soda has fructose (in the US) but everyone knows that... Bread has fructose in it. (Huh?) Not only does ketchup have it but mustard has fructose in it. (Why?!!!) Look for "High Fructose Corn Syrup" or some times just "Corn Syrup". You will be amazed at how much of your diet has these ingredients.
Research is showing that fructose short circuits the body's normal hunger response. Where it would normally say, "That's enough" it instead makes you continue to be hungry. No one can say that the food manufacturers knowingly did this but if you were a large company that is only worried about your stock value and you could add a completely legal and unregulated ingredient that makes things sweeter while insuring that people stayed hungry while they were stuffing their pie holes, would you do it?
Hmmmm...
Federal government fucked up the planning of that incursion since day one when they thought the military could solve a diplomat's problem. Then the military said they could do it despite warnings, and the military has been fucking it up for years, despite consuming 2/3 the nation's income AND borrowing almost a Trillion Dollars to get the job done.
Oh well...that's government for you.
Blar.
Started to move in France. 2 more majors IAPs to go.
Fiber To The Home offers started some months ago already for all french IAPs.
Why did Skype grow so fast? Because it had an effective workaround for all the brokenness NAT causes. NAT's fine if you're just a consumer of bits, sending out requests and getting responses back, but if you're trying to provide a service (such as letting somebody call your phone or send you direct Instant Messages) it fails.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Cisco revises their CCNA exams every couple of years. The version that's just been deployed includes a lot of IPv6 material.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
A link to DJB's essay on the issues of IPV6 adoption feels obligatory here.
No, it doesn't. The IPSec header field in IPv6 works in the exact same way that it does in IPv4. The possible benefit of including it in the spec is that it'd theoretically be easier to have interoperable implementations of IP6Sec. The reason
huh? oh you mean autoconfiguration, which conveniently forgot to include DNS server location, right? The "elegance" of the protocol does not matter to an end user or an agency. SNA/Token Ring is far more elegant than IP/Ethernet, but which one is more common? Also, it's hard not to call the
Wasn't that what you were saying was the problem with IPv4? That people had written updates (for instance, repurposing the ToS byte)
Show me a case of IPv6 autoconfiguration working better than DHCPv4, and I'll be very surprised. You still have to run DHCPv6 if you want hosts to find DNS servers, and further, autoconfiguration means that if you change the NIC on your server, your autoconfigured address changes. Ugh!
You've got to be kidding: the size of the header grew tremendously - once there are nicely-spun asics for IPv6, the forwarding performance will be approximately equal to v4, but there's certainly not going to be a performance improvement.
huh?
Need Geek Rock? Try The Franchise!
...so they can reset it. Seriously, it's not like there's a scientific law that says the world will break if they're not moved in six months. They set a goal. They might not make it. OH MY GOD...
JTF: In your heart, you know we're right.
There isn't a lot of hoarded Class B space out there - if anything, most of the hoarding is at the
IPv6 had a lot of optimistic goals, some of which (like security and autoconfiguration) have been achieved in other ways (like IPSEC and DHCP), and others (like hierarchical simplification of routing structures) don't look like they'll really happen. But the IPv4 space is going to run out, and we're not going to be able to squeeze much past 2012 - especially if a billion people want data on their cellphones, or if the Chinese economy adds a couple hundred million broadband users, which won't take long, or a couple million businesses, which won't take long either.
The IPv6 address space is very rationally designed, and yes, managing it does take work - but it's big enough that there's room to experiment, unlike IPv4 which ran out of slack well over a decade ago.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Hope you all don't think this just applies to computer networks. I am the avionics lead for a military aircraft and I have to periodically explain what we are doing (very little) to make the aircraft internal busses and avionics IPv6 compliant. Since our plane isn't connected to a live network there is little need for us to be IPv6 compliant now. But DoD policy is that everything eventually be IPv6 compliant. And the civil aviation world is talking about making their data links IPv6 based, too. Huge headache for us if we are ever directed to do this. I know some platforms are facing some big problems and bills - imagine re-writing the OFP to handle IPv6 addressing. Fortunately because we do not have an active military data link on our busses we are somewhat exempt for now.
And if you want another "great" idea, try this: I was just tasked to explain what we are doing to impliment PKI on our aircraft (again, very little). Some things just don't make sense now, and having PKI to logon or use a tactical aircraft doesn't make sense. I can see it now, "Sorry, I can't do the mission today. The hardware reader for the PKI isn't working or I forgot/misentered my password." Someday the hardware/software will be reliable enough for tactical systems but it ain't there yet. And lets not go down the biometrics path either.
Writing as AC since its been so long since I actually submitted anything that I have forgotten all account info.
I thought LANtastic barely supported IPv4. That IS what the Feds are using still, right?
They made a deadline for the capability not the adopton.
Upgrade the router firmware to make it possible.
Install ipv6 on XP/2000 desktops.
There, you're capable. You're not actually *using* it, probably because half your apps don't work with it anyway... that can take as long as you like.
What I don't get is why the hell did they make a protocol that is not backwards compatible? We'd all be already using IPv6 if IPv4 routers could move the data around. I mean, I may be misunderstanding all this fuss but isn't it just an extension of the number of bits in the address field? Why did the committee developing the standard not *add* the IPv6 headers to the end of the IPv4 headers?
One has to wonder why out of all the standards development in the world, the one which affects the greatest proportion of the population is the most ass-backwardsly designed one. My AMD dual core processor can still run 16 bit and even 8 bit x86 code. Windows XP can still run most old dos software and most old windows software. C++ compilers still understand C code. Why do I need a tunnel to send IPv6 packets through an IPv4 network?
What we need from industry are advanced capabilities in IPv6 products - products that utilize IPv6 mobility and auto-configuration, and of course security, in ways that IPv4 cannot. When applications exist that can do things in IPv6 that they cannot do in IPv4, then the incentive to migrate will finally be positive. Right now, we can't even get basic security capabilities for our IPv6 networks. Network management over IPv6 is all but non-existent and advanced IPv4 features, like multicast and prioritization, are supported in only a few IPv6 products. Security, though, is the biggest hold-up, and it isn't because OMB did not mandate implementation of IPv6 security. It is because the commercial products don't exist. Federal agencies are not going to implement IPv6 with gaping security holes.
The DoD and OMB mandates provided a target on the wall, a target that we are obviously not going to hit, but one that we continue to at least aim at. Hopefully the target will continue to provide incentive to industry to provide the IPv6 products needed, not only by the first responders (DoD, Emergency workers), but by all of the federal government.
I found a relevant article in the second result with this search (dropping 'fired' which probably isn't helpful and narrows the search too much and using 'track' instead of 'tracking' which allows for more variations in wording). BTW, while tracking inventory electronically is probably a good thing, I can't for the life of me understand why IP addresses would be used instead of DOD inventory numbers.
Support Right To Repair Legislation.
But people aren't using IPV6; even the technologies used to partition IPV6:IPV4 aren't well implemented-- and at the desktop, it's almost unheard of. You don't need every subatomic particle to be addressed as reason to implement a badly designed protocol set. People don't subnet anymore, they don't really understand what/how to use NAT, and they certainly don't understand VLANing. Add this protocol changeover into the mix, and it's overkill-- mind boggling overkill.
Every year, I hear the same thing: IPV4's going to run out of addresses. It's not like global warming-- it's a finite number of routes. The number of them still exceeds an address for every single human on the face of the earth * a nice multiplier. Fie.
---- Teach Peace. It's Cheaper Than War.
The profile of absorption is also different depending on whether the food was eaten "raw" (or at least un-processed), or if the sugar is processed, i.e.: comming from an industrial product.
It's very healthy to eat a lot of fruits during the day.
It's a lot less healthy to put an equivalent quantities of candy sugar in your meal.
And last time I was in the USA, I was too just amazed about how many product had "corn syrup" as an additive.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I'll comment that the federal agency I work for has our points of presence on the internet IPv6-compatible. Don't lump us together with the folks who aren't ready.
The article mentions NTT America and Global Crossing as two IPv6 providers, taking a look at their sites...
"Global Crossing is the leading provider of IPv6"
From http://www.globalcrossing.com/ipkc/ipkc_ipv6.aspx
"NTT America Operates World's Largest IPv6 Network"
http://www.nttamerica.com/about/newsroom/press_releases/release.php?ID=83
Both sites served from IPv4 only web servers, that's not exactly what I'd call "leading".
It's all very well having IPv6 transit capability, but where's the content? Useful as they are, ping and traceroute aren't very interesting.
Sugar (table sugar) is sucrose. Sucrose is 50% glucose and 50% fructose. Yup it is bad for you but only half as bad as fructose is. Try this link and click "Show Transcript":
http://www.abc.net.au/rn/healthreport/stories/2007/1969924.htm
The person relating this "Bunk" is Dr Robert Lustig, Professor of Pediatric Endocrinology, University of California, San Francisco
Don't believe it? Fine. Do what you want but I suspect in ten years this will be one of those things where everybody asks, "why were we doing that".
BTW - Go to the grocery store and check the different brands of mustard. About 2/3rds of them have fructose in them. The cheaper yellow mustards seem to be less likely to have fructose. Also some of the gourmet mustards are fructose free too.
Disclaimer: I work for the govt.
The government grades itself on FISMA compliance and the NIST 800-53 control set.
Because NIST 800-53 is far more stringent than anything you see used commercially, it is highly policy/documentation oriented, there is a question as to whether or not it is
A) relevant to real security
B) truly reflective of the actual state of information security in the federal govt
C) Auditor driven by large inspector generals looking to score points by downgrading their respective agency efforts
D) Security company driven by vendors try to sell their solutions which are now mandated via NIST 800-53
So in sum, your post isn't accurate.
The adoption of IPv6 will make many security problems far more problematic.
Please post the negative security items on IPv6 also, because your post makes it look like a panacea which it is not.
Couple major things went wrong:
First, we only needed 48 to 64 bit addresses. 128 bits are actually unmanageable. I'm not going to argue it out, as it's an old and painful discussion. Suffice it to say, the real world has shown that raw IP's are used a lot more than people thought.
Second, autoconfiguration has been a nightmare. Addressing depended on DNS, and then DNS was bolted on, poorly. *sighs*
Third, it really should have been partially backwards compatible with IPv4. I know they wanted to build new toys and all that, but the correct approach would have been a standard V4 header, with a V6 extension that added between 16 and 32 bits of endpoints. Core IPv4 routers would have been limited to routing based on only the first four bytes of the IP at best, but that's better than the present 0.
There's more, of course. Too many spherical holy cows involved, and we've suffered for it.
If Google is IPv4 only, and you only have an IPv6 address (no IPv4 address), how would you use Google?
If you say NAT/proxy,
1) You still need a public IPv4 address right? I thought we were running out of those?
2) If you have a public IPv4 address and you use NATs/proxies, you might as well stick with private IPv4 since the tech is tried and proven.
As anyone who has recently provisioned a new circuit knows, you have to justify your needs in order to get a large subnet (usually anything bigger then a /27).
So the answer to NOT running out of IPv4 space is to UN-grandfather all of the current assignments, and make all those Class A and Class B hogs justify their usage/ownership.
Eminent domain should be applicable.
Having a bunch of corp's re-ip their network is work, but certainly it's WAY less expensive then redesigning the internet (and the associated new hardware costs said redesign would incur).
Should I just tear your response apart?
I can say, "RTFA" but obviously you won't. It will take a few minutes.
"Oh, by the way, not all sugar is table sugar."
Wow really? Oh BTW, I was the one who specified the exact sugars that comprise sucrose. I guess while I was mentioning percentages of glucose and fructose it might have lead somebody to believe that there is only one type of sugar. To make it very clear: Yes, know there are a number of types of sugars. If you have studied the creb cycle you will learn that your body needs glucose. Your body has no need for fructose. That is part of why sucrose is bad for you too.
"For you to say fructose is the cause of all our problems is simply bogus.
Can't recall saying that "fructose is the cause of all of our problems". But with what we are learning about it, it makes sense that it is a big contributing factor. It can be the straw that breaks the camel's back. Ingesting something that tends to fool your body into remaining hungry would obviously be a tipping point in the balance between a healthy couch potato and an obese one wouldn't it? Hmmmm... (Fructose could be the cause of the current sub-prime mortgage crisis though!)
"Surely then there's millions of other doctors that agree with her? Oh, there's not? I see."
Great point! The earth is flat!
- First you have presented no basis for any numbers of doctors that believe or disbelieve these concepts about fructose. Frankly, you have no idea how many doctors believe the contents of that interview.
Secondly and more importantly, changes in scientific understanding NEVER starts with consensus. That comes after a lot of work that the interviewee clearly points out hasn't been done yet.
- Oh, and Robert is a man's name.
"My god, with all this fructose, no wonder I couldn't lose weight! Oh, I did though, by exercising and reducing portions to sensible amounts."
The interviewee relates that eliminating fructose seems to have the effect of causing people to become more active and to eat less. All without any prompting. Hmmm... Sounds like your method but without the struggle. I guess that wouldn't be of interest to an overweight person...
"Still, I guess I'll throw away my apple anyway. Its LOADED with fructose!" As the interview transcript clearly explains, issues with fructose are offset by fiber consumption. So eating an orange doesn't have the issues that drinking orange juice does. Besides eating some sort of healthy diet does not include eating nothing but fruit.
(Notice that I didn't assume that because you said that you eat apples, that I didn't assume that you eat nothing but apples. Use a little commonsense as you go charging through these statements. Sorry about the mocking, but hey, it is easy and fun!)
- - - - -
You didn't even get to the part in the interview where they mention the fact that fructose can only be metabolized by the liver did you. The subtle counter intuitive cycle of what fructose does to your metabolizing is very interesting. The liver damage bit from high levels of fructose consumption was another interesting bit.
If you read the transcript "knowing" that it is wrong then there is no chance that you will learn something. It is important to remember that at least half of everything that you know is wrong. Just look at your parent's text books. They knew that stuff but at least half of the knowledge has been surpassed. Our current knowledge is just the same. It will be superseded. And in the end it may turn out that fructose is great and wonderful for you. I ain't buying that ticket though.
The Day the Router Died...
Traffic encryption at layer 3 of IPv6 is a HUGE negative for the IPv6 protocol - all it does is let viruses circumvent our firewalls when tunneling out to their hacker sites of origin.
Address space - for what? In the Fed we have barely touched our IPv4 allocation. And using NAT to expand the number of hosts that can use each address is one of the best security tools we have going for us. As long as we are doomed to support the screen door security of a certain desktop OS, we can at least HIDE the PCs from the internet so hackers can't find the vulnerable ports to attack.
Giving each PC a unique v6 IP address would open up an unbelievable security nightmare as all those PCs became visible to hackers.
BTW - how can IPv4 be "running out" of its 4-billion IP address space when there are only about 200Million hosts on the internet?
The answer is the squandering of address allocations.
IF class A holders were bumped down to multiple class B's, and class B holders substituted targeted class C's - that plus NAT fixes everything for decades to come.
IPv6 sucks in addition because it doesn't support isochronous packet delivery for voice or video, and it is incompatible with our messaging and identity management systems.
Implementing IPv6 on a major US network would be an unmitigated disaster - that's why agencies are quietly ignoring the OMB...
Plus - go to an IPv6 "seminar" sponsored by the OMB sometime, and watch the industry marketing people pulling the strings to make the OMB spokespersons lips move. This is all just a ruse by router vendors to try to make agencies throw away their existing well-debugged infrastructure and start over building worse functionality at enormous expense, but without any new congressional funding.
The original poster also doesn't mention that the OMB wants federal agencies to also unplug 90%+ of their internet connectivity by that same date because there aren't enough people at the watchdog agencies to monitor all those connections. The OMB routinely issues mutually contradictory mandates all without guidance or funding.
IMHO they're just insane...
OMG, inaction in the Bush White House? That's unprecedented! The Bush White House has always been a leader: look at their actions during Hurricane Katrin.... ahh... no, not that one. Check out the way they lead the charge on Global Warm.... eeeee no, not that one either. Look at how quickly they won two wars, both in Iraq and Afghanist... aaaah... damn, they are screwing up those ones too.
Um... it's those damn obstructionist Liberals! Rush and O'Reilly told me all about it!! Those libr00lz keep stopping federal agencies from adopting IPv6! Why don't they just go burn a flag, those stupid America-haters!!!
I haven't kept up with TCP developments recently, but a couple years ago I read up on TCP Vegas vs. Reno, and all that. Vegas would make the Internet better if everyone used it (IIRC, its congestion control tried to back off sooner when packets are late, to avoid getting packet drops. Reno only considers drops). But nobody will switch to it first because it gets out-competed for bandwidth by TCP Reno and variants (which everyone uses). I know there are tweaks to Reno (NewReno), but AFAIK everyone using Vegas would still be the ideal case.
TCP Vegas over IPv6 is no different from TCP Vegas over IPv4. It still doesn't take its fair share of bandwidth vs. TCP Reno (v4 or v6). Can anyone think of a way to link these switch-overs? I don't think many people would want to bias routers against dropping v6 TCP packets on the assumption they were TCP Vegas.
But v6 and Vegas seem like two big switchovers that would both be useful. There's got to be a way to get people to make both switches, if they're going to use IPv6.
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@cordes ,
# IPv6 has better security provisions within the protocol itself, ...
This is a common claim that just isn't true. Usually this claim revolves around IPSEC. V6 supports IPSEC by spec, but it does not mandate it. If used, it's no more secure that the V4 version.
# The protocol incorporates many of the features back-engineered into IPv4 as standard, producing a cleaner design with fewer compromises and fewer flaws
# Built-in support for protocol expansion means future updates should have less impact and be adoptable faster
Let's take these together. Yes it does incorporate V4 addons, but the very expansion you laud allows the potential structure to become hugely complex. This complexity slows routing and lays the ground work for a new class of security exploits.
# Automatic configuration means fewer errors and less maintenance
It will automatically connect your internal network devices to the world for you. IPv6 does not have the concept of a NAT in the specification. It may be convenient to have automatic world access, but it's not secure!
# Skript Kiddies will end up jumping off bridges as they won't know what to do
Ignoring the pejorative, there are already a slew of demonstrated V6 hacks. Most firewalls are woefully inadequate in handling V6, and without a NAT, you'd better proxy your connections.
Yes, the bigger address space is needed, but V6 is not ready for prime time.
The fundamental problem as to why there is so little drive to make a big switch to IPv6 is because what IPv6 offers ... and this is important ... over IPv4 is relatively small compared to what IPv4 offered over its predecessor, which was essentially going from no internet at all to having what we have today. There needs to be some kind of real motivating force to make it happen. IPv4 happened because having an internet was a motivating force. What does IPv6 offer? Very little as long as we still get IPv4 addresses. Other kinds of motivations are also possible. Take a look at how much the over-the-air TV broadcasters dragged their feet in deploying digital transmission at full capacity. Now we have a pretty solid analog shutoff date, so they better get those digital transmitters going (most have, to at least some degree, now). The biggest encouragement to getting IPv6 rolling is to schedule a definite, but very doable, IPv4 cutoff date for at least some critical piece of the net most people want. But we have to choose what that is. Access to the government? Access to routers going across national borders? Access to porn?
now we need to go OSS in diesel cars
So when's that working? Or are we going to have to go back to a honking big list of machine names/IPv6 strings?
What you can't discover via anycast, you can discover via the Service Location Protocol, Avahi, or by one of a myriad other discovery and announcement services. Why on Earth would you need to hard-code the address of DNS servers in this day and age? That's so quaint by today's standards.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I don't know what you mean by "People don't subnet anymore" - I work for a carrier, and believe me, users subnet all the time, even behind their NAT networks, and they've used Variable Length Subnet Masking for a decade or more, and using 10.x for their internal networks means they have plenty of room to play subnet games.
VLANs let you manage networks administratively using switches instead of letting routers manage them automatically, and I've never been a big fan of them except that they let you trade off sysadmin salary costs for router hardware costs and sometimes simplify your ACLs, but from an address space perspective you generally need a subnet per VLAN rather than per physical segment, so sometimes you can save address space but often it'll cost you more.
NAT breaks the end-to-end principle that's one of the things that makes the Internet such a powerful tool. One of the reasons for having enough IPv6 address space was so we don't need to do NAT; in the last decade we've gotten better at NAT traversal, which is fortunate because NAT has taken over as a way to provide firewalling and let people with multiple computers use braindamaged broadband carriers, but it's still an ugly hack. Basically, if you want to be a producer of information services, you need a real IP address, and even if you're just a couch potato, using VOIP requires ugly NAT traversal techniques like Skype's and doing file sharing requires at least a Bittorrent level of trickery, and even those things don't scale very well.
But let's go back to how many addresses we really need. There are almost 2**33 people on the planet, and if everybody has separate connectivity at home and at work (whether "work" is "a modern office building" or "the cellphone you carry while you're doing subsistence farming"), then we need to address at least 2**34 locations, and it's better to round that up to 2**40 so that everything's on byte boundaries and you've got a few bits to indicate different addressing types and a few more for population growth if we don't fix that. But that's how many _subnet_ addresses you need, not how many end-system address, because people have multiple addressible devices. Sure, you may not need a separate IP address for every atom in your body, but most people have a bunch of hardware, and at some point all of that may be addressable, whether it's your wristwatch or your toaster or your car or your car stereo or your phone or your headset or your wallet, etc. *Could* we get by with 64 bits of address space, with 40 bits per subnet and 24-bit subnet sizes? Maybe, if we give up on MAC-based stateless autoconfiguration, which was one of the cool things Netware had back in the early 90s. 48/16 would make it easier to manage the network side cleanly, but there are definitely companies that need more than a 16-bit Class B of their own just for internal use, and you'd rather avoid supernetting. In practice, the organizational structure of RIRs, LIRs, and ISPs is a lot cleaner if we've got 64 bits of network space to play with, plus whatever size of subnet's behind that.
But what's the cost of 128 bits vs. 64 vs. intermediate proposals like 80 or 96 or OSI-crufty 160? 64 bits _might_ cause a later protocol redesign, or at least NAT, while 128 is definitely overkill, and if it's not good past the end of the next century, it's because the Great Nanotech Singularity happened, in which case our artifi
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks