Slashdot Mirror
How Feds are Dropping the Ball on IPv6
BobB-NW writes "U.S. federal agencies have six months to meet a deadline to support IPv6, an upgrade to the Internet's main communications protocol known as IPv4. But most agencies are not grabbing hold of the new technology and running with it, industry observers say. Instead, most federal CIOs are doing the bare minimum required by law to meet the IPv6 mandate, and they aren't planning to use the new network protocol for the foreseeable future."
Regional registry IPv4 address exhaustion in... 1442 Days, 07 Hours, 42 Minutes, 42 Seconds. ( http://penrose.uk6x.com/ )
So there is plenty time for someone to wake up, wanting it yesterday.
CC.
TaijiQuan (Huang, 5 loosenings)
I don't blame anyone, even government in this case, for avoiding the hassle of getting everything converted to IPv6. Maybe eventually we all will have to be there, but there always seems to be workarounds that work for everyone, minimal hassle, minimal pain.
If you wanted a Starbucks coffee, and it was one street down, and someone told you you had to go through the in-between building, climb up and down its twenty flights of stairs just to get to the next street for you coffee, and you knew you could just walk around the building on the sidewalk, what would you do? Now, if the building were only two stories high, and the block to walk around were 600 ft each side, it might be a different choice.
An interesting aside, meeting the mandate only requires they are IPv6 capable, not running it. This is the same height bar the government set for Microsoft in the early nineties when Microsoft delivered the DOA POSIX-compliant (never to be really used) NT. NT, with its barely implemented POSIX subsystem (only implemented the library portion, btw, not the user interface) got to put a check in the POSIX checkbox for government contracts.
Lesson to be learned? If you want to make an effective mandate, make it a mandate for implementation, not capability.
The government:
I also look at the industry as a whole. I don't see any real drive, a critical mass if you will, for getting off of IPv4. My ISP doesn't offer IPv6. My company doesn't use IPv6. It's little wonder that the government is dragging it's feet.
This is a boring sig
IPv6 isn't that complicated to set up, especially since most recent desktops support IPv6 out of the box, though that doesn't mean that there aren't a few hurdles, including:
/. actually upgraded a network to be IPv6 compliant and what can you tell us about real world experience.
- Upgrading routers, firewalls et al to support IPv6.
- Some application software still not being fully IPv6 ready.
- A large number of sites still don't have IPv6 DNS addresses
I think the problem, like many government proposals is not the recommendation, but the lack of research guidelines or instructions on how to make the infrastructure IPv6 compliant or what it means to be IPv6 compliant. For example is simply having a 6to4 gateway considered IPv6 compliance.
All this said and done, has anyone here on
Jumpstart the tartan drive.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
and many would argue that it's not. The IPV6 address space is beyond reasonable, and the onerous idea of tracking every conceivable device right down to bullets fired (look it up) is staggeringly senseless overkill. We still have huge Class B spaces taken up by various hoarders that need to give it up and use some common sense. There are loads of CIDR blocks that need to be used or pushed back into the pools of available IPV4 space.
Those that do only the minimum to achieve IPV6 addressing are in my personal and technical opinion, doing nothing incorrectly beyond violating the spirit of mind-numbing nonsensical regulation. Even if IPV6 addressing were rational, then managing that space still needs work-- even after more than a decade of implementation.
---- Teach Peace. It's Cheaper Than War.
So 2012 then?
It bad idea as IPv6 kills NAT and ISP like COMCRAP will love to make you pay per system that you have on your network.
What benefit does your average government agency get for switching to IPv6, and does it outweigh the costs?
Obviously not, because if the benefits outweighed the costs, no mandate would be necessary. Agencies would have long ago switched on their own.
And since costs outweigh the benefits, who can blame agencies for doing the bare minimum to achieve compliance? The writeup makes it sound like agency obstinance, but I view it is good budget stewardship. Agencies don't seem to want to flush good budget down the IPv6 toilet.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
As much as people hate stop-gaps like NAT, in some environments it is a cheap solution to several problems and doesn't introduce new ones.
Besides, how long did it take government computer networks to switch from proprietary systems like IBM's SNA, Microsoft's NetBIOS, Banyan's VINES, Digital's DECNET, Apple's Appletalk, and others to IPv4? IPv4 came out in the early '80s. I'd venture to say more than one government office was still using a completely-non-IPv4 network well into the '90s.
No, unless there is a big benefit that justifies the cost, most System Administrators are going to do as little as they can get away with, both in the government and in Corporate America.
Now, if you are in a shop where it's cost-effective to be on IPv6 then by all means why aren't you there already?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
add a nation tag to the end of IP addresses like 123.456.78.90.usa or 123.456.78.90.cn for China, would this be possible to implement @ the root backbone servers?
Politics is Treachery, Religion is Brainwashing
During this last college semester I expressed my disappointment that IPv6 wasn't being implemented as widely as I thought it should be. I also subtly hinted at my disappoint that IPv6 wasn't covered at all (except one half a page of 405). My teacher said "I think it will take a new generation of Network Tech to implement IPv6". How in the hell are we going to have a new generation implementing it when it isn't even taught? I just took that joke of a Network+ test and now I'm certified, and I don't know diddly-squat about IPv6. Thankfully Wikipedia is there to explain a little bit of it to me.
"Where have all the good people gone?" - Jack Johnson
Is there a technical reason why you can't do NAT over IPv6?
I can't see any reason it wouldn't work.
Every major OS has IPv6 installed and enabled. Vista and XP, MacOS-X, all the BSDs, all the major Linux distros, Solaris. Older OSes like XP-SP1 or Win2k can get IPv6 installed or enabled with little trouble. It's a package install on Linux if it isn't there already.
Every major networking equipment supplier has IPv6 support on their product lines, although some still charge for turning it on. All the high-end Cisco routers and switches support it natively, but charge extra for the IOS image that can use it. Foundry's current product line supports it everywhere. Juniper has pretty much always had IPv6. Working down the list of less popular suppliers shows most of them have some level of IPv6 support. Sure, most of the older networking equipment can't deal with v6 traffic, and the useful life for old kit is long enough that it's still probably 70% of the installed base.
Most internet enabled mobile phones have IPv6 built in, but it tends to be invisible to the user because the phone companies are only using it for local communications, if at all. All the Nokias support IPv6 in their network stack, but I haven't seen one system that takes advantage, yet. iPhones and iPod Touches have v6 enabled by default, and if they connect to a WiFi system that has v6 router announcements, they'll autoconfigure and Safari will use it transparently.
Where IPv6 support falls down is in super-cheap consumer networking products. All those little $40 DSL modem+firewall+4 port switch boxes just don't support v6 at all. The only good news is from when I was in discussions with the Chinese company behind many of these boxes. The versions released in China are all IPv6, it's only the versions sold outside China where they just don't include it because there is no market demand.
The only real problem right now is with ISPs. Until the engineering staff inside ISPs and hosting companies take the responsibility to start turning it on, sales and marketing will remain blissfully unaware that it can be sold.
One of the largest IPSs in Europe turned on IPv6 to all 8 million users this week. They've done the right thing and made it opt-in for now, their customers have to go to their control panel web page and turn it on, but almost 50,000 people did in the first 24 hours. They turned it on, and their Macs and Win machines started using IPv6 with no need to do anything other than tell Firefox and Tbird to start using IPv6 for DNS lookups. Because this one major ISP did this, their main competitor has been forced to make plans to enable IPv6 in January. After that, any ISP that doesn't have IPv6 turned on will be branded as "obsolete" or "incompetent".
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
IPv6 still does nothing for me. Until I can reach everybody who is listen()'ing for me using IPv6, having an IPv6 address, or IPv6 stack, or IPv6 routing doesn't help me one bit.
Until that happens, NOBODY can adopt IPv6. That's the law, and no legislation can change that.
Don't piss off The Angry Economist
That is the reason why we don't do IPv6 where I work (university). A lot of people think it is easier, and more importantly cheaper, than it really is because they've worked on small networks, or have been at a place that did IPv6 wrong.
What happens on a large, high speed, network is that your routers rely on hardware acceleration to be able to pass traffic as quickly as you want, while still implementing all the rules you want. What that means is there are ASICs of various kinds that can handle various kinds of traffic. On older hardware (and some newer too), these are for IPv4. So anything else has to be handled by the router's CPU, which really isn't very powerful.
So, what that means is that you can technically support IPv6 by just turning it on, but only if you are willing to do it poorly. If we enabled it on all the routers, we would effectively support IPv6 internally. Great, and initially everything would work fine. However if any significant number of people actually decided to use it, network performance issues would come up in a hurry.
To really support it we have to buy new routers that support IPv6 in hardware. This could be done, but it would be expensive. Last time it was looked at the price tag was over $5 million. As you can probably guess, the university wasn't that interested in spending money like that for what was perceived to be no gain at all.
So while in a smaller network, where there's only an edge router and it isn't very high speed, yes IPv6 can be as simple as some software updates and turning it on for all devices. However when you have a larger, higher performance, network, you often need new hardware. That's a lot of money, and it is hard to justify that being spent for no real gain.
ipv6 NAT exists. Cisco routers support it.
The obesity "epidemic" hit in the early 80s. Interestingly enough fructose was massively introduced into the US food supply in the early 80s. As it has been introduced into other countries obesity has taken off there too. Could be a coincidence but the evidence is pretty damning.
Try to cut fructose out of your diet. It is almost impossible. Soda has fructose (in the US) but everyone knows that... Bread has fructose in it. (Huh?) Not only does ketchup have it but mustard has fructose in it. (Why?!!!) Look for "High Fructose Corn Syrup" or some times just "Corn Syrup". You will be amazed at how much of your diet has these ingredients.
Research is showing that fructose short circuits the body's normal hunger response. Where it would normally say, "That's enough" it instead makes you continue to be hungry. No one can say that the food manufacturers knowingly did this but if you were a large company that is only worried about your stock value and you could add a completely legal and unregulated ingredient that makes things sweeter while insuring that people stayed hungry while they were stuffing their pie holes, would you do it?
Hmmmm...
There isn't a lot of hoarded Class B space out there - if anything, most of the hoarding is at the
IPv6 had a lot of optimistic goals, some of which (like security and autoconfiguration) have been achieved in other ways (like IPSEC and DHCP), and others (like hierarchical simplification of routing structures) don't look like they'll really happen. But the IPv4 space is going to run out, and we're not going to be able to squeeze much past 2012 - especially if a billion people want data on their cellphones, or if the Chinese economy adds a couple hundred million broadband users, which won't take long, or a couple million businesses, which won't take long either.
The IPv6 address space is very rationally designed, and yes, managing it does take work - but it's big enough that there's room to experiment, unlike IPv4 which ran out of slack well over a decade ago.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Hope you all don't think this just applies to computer networks. I am the avionics lead for a military aircraft and I have to periodically explain what we are doing (very little) to make the aircraft internal busses and avionics IPv6 compliant. Since our plane isn't connected to a live network there is little need for us to be IPv6 compliant now. But DoD policy is that everything eventually be IPv6 compliant. And the civil aviation world is talking about making their data links IPv6 based, too. Huge headache for us if we are ever directed to do this. I know some platforms are facing some big problems and bills - imagine re-writing the OFP to handle IPv6 addressing. Fortunately because we do not have an active military data link on our busses we are somewhat exempt for now.
And if you want another "great" idea, try this: I was just tasked to explain what we are doing to impliment PKI on our aircraft (again, very little). Some things just don't make sense now, and having PKI to logon or use a tactical aircraft doesn't make sense. I can see it now, "Sorry, I can't do the mission today. The hardware reader for the PKI isn't working or I forgot/misentered my password." Someday the hardware/software will be reliable enough for tactical systems but it ain't there yet. And lets not go down the biometrics path either.
Writing as AC since its been so long since I actually submitted anything that I have forgotten all account info.