Feds Say They're Ready For Monday's IPv6 Deadline

netbuzz writes "By all indications and against all odds, it appears as though most, if not all, federal agencies will have met the mandate issued back in 2005 that their network backbones become capable of passing IPv6 packets by June 30, 2008. NetworkWorld quotes Pete Tseronis, chair of the IPv6 working group of the Federal CIO Council, saying, 'I have not heard of anybody who is not going to make the IPv6 deadline.' Those involved are calling this a significant milestone in what has been an extensive effort to bring IPv6 into widespread deployment."

More IP's

[Wowsers]

More IP numbers for government. As if proof were needed that the size of government is growing out of control.

IPV6 here we come...

[antirelic]

Or not. While the federal government of the USA may have backbones capable of running IPV6, they seriously lack the ability to effectively make the switch without a great amount of pressure. Lets face it, with NAT and other technologies, the need to migrate to a new standard has been severely reduced. Not saying that it is not needed, I am sure the "rest of the world" outside of the US and the EU would like some IP space all of their own, but market forces have already relegated that individuals have no need for unique IP space and NAT is good enough for the unwashed masses.

Having had a little bit of experience working with big networks based on IPV4, the migration to IPV6 is going to be pretty awesome... like the titanic sinking, or an entire city being leveled by an earth quake.

Re:IPV6 here we come...

[rxmd]

NAT is good enough for the unwashed masses.

I am currently in Uzbekistan. Our Internet uplink goes through China (because of a domestic Internet monitoring policy that allows for only one country-level Internet provider). On the IPv4 block allocation generosity scale we are at the lower end, twice. Depending how things are configured there I am usually behind one or two layers of NAT already from the provider, not counting our own internal network. Something as simple as Skype usually goes through 4 to 8 relays, and getting a server working reliably here can be a challenge.

Market forces have decided that in the US, and slightly less so in Europe, where IPv4 block allocation was comparatively generous, NAT is enough for your own unwashed masses. Everywhere else NAT is an abomination and an administration headache that has to go away. NAT is like deodorant for the unwashed mashes where what they really need would be a good decent shower.

Since implementation of IPv6 routing elsewhere is picking up steam, we can only hope that the same market forces that have allowed the US to stick to their comfy IPv4 couch will eventually force the US to adopt it as well. Since it looks like the non-US market is growing, things are looking good here, and the story confirms it.

Re:IPV6 here we come...

[jsebrech]

Not saying that it is not needed, I am sure the "rest of the world" outside of the US and the EU would like some IP space all of their own, but market forces have already relegated that individuals have no need for unique IP space and NAT is good enough for the unwashed masses.

NAT is only good for networks. Every ISP subscriber still gets a unique IP, and with people leaving their PC's on 24/7, those might as well be unique IP's (my ISP does not charge that much extra to get a fixed IP).

I read a statistic that by 2010 half of the global population is going to have a cell phone (currently it's 4 out of 10), with most of the growth in asia and the middle east. Currently 1 in 6 cellphone users globally has an internet-enabled subscription (even if they don't use it), but this is going to grow considerably. We could be talking about up to a billion new internet users over the next decade, in asia and the middle east, the majority of them on cheap mobile devices. NAT is not going to be the answer, and IPv6 will become a necessity to reach those markets.

The NYT did an interesting article about cellphones and the third world. What's driving the adoption is economic necessity. The cost of doing business in a globalized world is that you have to be connected. http://www.nytimes.com/2008/04/13/magazine/13anthropology-t.html

Re:IPV6 here we come...

Hey, if the guy manages to connect to slashdot using a Commodore 64 in Uzbekistan, we should welcome him with open arms, whether he is a part of the unwashed masses or not.

Re:IPV6 here we come...

[Cheeze]

You go through several NAT devices because that is what your government wants. With IPV6, you would go through the same networks, you would just have a longer NAT ip address.

IPV6 will not make the routing table that IPV4 enforces go away, it will just give it the ability to have QOS and a few other features. If your government wants to limit your access, they will still have that ability.

Re:IPV6 here we come...

[smittyoneeach]

Oh, he dreams of a Commodore 64 upgrade, as he boots his PET off of an old Sony walkman, at roughly the same pace as a modern JVM on good hardware.

Re:IPV6 here we come...

[Nathonix]

not to mention the fact that its only the backbones, and they only need to be capable of passing ipv6 data, which is why for once everything is on schedule to be complete. were they to also require that all the governments computers actually use ipv6, it would be a totally different matter altogether.

Re:IPV6 here we come...

[mikael_j]

Why wouldn't it be possible to use IPv6 with a cellphone? as long as the operating system and network both support it...

/Mikael

Re:IPV6 here we come...

[Just+Some+Guy]

Lets face it, with NAT and other technologies, the need to migrate to a new standard has been severely reduced.

Not even close. NAT breaks networks horribly by its very nature, and voids the original Internet ideal of a collection of peers. Consider that with NAT it's impossible to connect to another machine which is also behind NAT without going through a third party. While governments might love the idea of forcing you to funnel traffic through a central, easily-tappable server, it sucks for end users. Not only is it bad for privacy, but for reliability: now you can't talk to your friend's machine if the helper server is down or out of bandwidth. That's not acceptable!

Having had a little bit of experience working with big networks based on IPV4, the migration to IPV6 is going to be pretty awesome... like the titanic sinking, or an entire city being leveled by an earth quake.

Having apparently a bit more, I don't think it's going to be that bad. You don't have to start with a complete cutover, or even make a complete transition at all. Right now, today, odds are that you could start using link local addresses on your LAN for testing. You can get an IPv6 allocation and start with little things: configure your mailserver to use it and start publishing DNS to it. Once you're convinced it's up, try again with your webserver. Maybe configure a couple of workstations for the geeks in your company and let them bang away at it. If any of that fails, no big deal! You're still live with IPv4.

Re:IPV6 here we come...

[mixmatch]

You do understand that the need for NAT stems from the inability to assign everyone a public IPV4 address right? With IPV6, the routing may be similar, but it will not be the same. To quote from the TCP/IP Guide:

• Complexity: NAT represents one more complexity in setting up and managing the network. It also makes troubleshooting more confusing due to address substitutions.
  
  
• Problems Due to Lack of Public Addresses: Certain functions won't work properly due to lack of a âoerealâ IP address in the client host machines.
  
  
• Compatibility Problems With Certain Applications: I said above that NAT was only mostly transparent. There are in fact compatibility issues with certain applications that arise because NAT âoetinkersâ with the IP header fields in datagrams but not in the application data. This means tools like FTP, which pass IP addresses and port numbers in commands, must be specially handled, and some applications may not work.
  
  
• Problems With Security Protocols: Protocols like IPSec are designed to detect modifications to headers and commonly balk at the changes that NAT makes, since they cannot differentiate those changes from malicious datagram âoehackingâ. It is still possible to combine NAT and IPSec, but this becomes more complicated.
  
  
• Poor Support for Client Access: The lack of a public IP address for each client is a double-edged sword; it protects against hackers trying to access a host but also makes it difficult for legitimate access to clients on the local network. âoePeer-to-peerâ applications are harder to set up, and something like an organizational web site (accessed from the Internet as a whole) usually needs to be set up without NAT.
  
  
• Performance Reduction: Each time a datagram transitions between the private network and the Internet, an address translation is required. In addition, other work must be done as well, such as recalculating header checksums. Each individual translation takes little effort but when you add it up, you are giving up some performance.

Furthermore, I believe that GP was not complaining about censorship and/or limit of access by government authorities, but rather using that to preface the technical reason they have one ISP that routes through China.

Re:IPV6 here we come...

[Tony+Hoyle]

Except in general they don't, or it's poorly implemented.

The iphone is strictly an ipv4 device. Symbian has ipv6, but it doesn't understand router advertisements - it requires that you provide the address via dhcpv6 and even then only by a specific mechanism (I've never managed to get dhcp6d to successfully give it an IP - it responds but requests a response type that isn't documented anywhre I can find).

Re:IPV6 here we come...

[rathaven]

However there is no direct issue with encapsulating ipv4 address ranges within the ipv6 framework. The issue is more to do with dealing with translation between ipv4 and ipv6 services as it can be processor intensive (if the switches and routers are actually capable).

Re:IPV6 here we come...

[Cheeze]

Furthermore, I believe that GP was not complaining about censorship and/or limit of access by government authorities, but rather using that to preface the technical reason they have one ISP that routes through China.

This part of the GP tells me different:

Our Internet uplink goes through China (because of a domestic Internet monitoring policy that allows for only one country-level Internet provider).

Re:IPV6 here we come...

[thewebdude]

Since implementation of IPv6 routing elsewhere is picking up steam, we can only hope that the same market forces that have allowed the US to stick to their comfy IPv4 couch will eventually force the US to adopt it as well.

O.k. - right after we switch over to the metric system...

Re:IPV6 here we come...

[Dr.Dubious+DDQ]

"NAT is like deodorant for the unwashed mas[s]es where what they really need would be a good decent shower."

Sheer poetry. I love it. You win the internet for the next millisecond.

I've been meaning to dredge up some comprehensible documentation on setting up an IPv6 network - guess now's a good time to get to work on it.

Re:IPV6 here we come...

[knorthern+knight]

> NAT breaks networks horribly by its very nature, and voids
> the original Internet ideal of a collection of peers.

    You are so wrong. Next thing you're going to tell me is that Al Gore invented the internet.

> While governments might love the idea of forcing you to funnel traffic
> through a central, easily-tappable server, it sucks for end users.

    I'm in my late fifties, old enough to remember the early days of the internet. I am not part of the 90% of North American baby boomers who remember being at Woodstock. Neither am I part of the 90% of North American baby boomers who remember the imaginary "good old days of the internet". The early internet consisted of a bunch of mainframes operated by a bunch of BOFH (Bastard Operators From Hell). The only guys (usually male) allowed to log on were military types or civilian employees of defense contractors, who had a whack of security clearances. One reason that many internet protocols have no security built-in from day 1 was the assumption that everybody ausing them was an upper-middle-class white guy with security clearance.

    Later on, spare capacity allowed university students to be given accounts. These local users (aka "lusers") usually sat in front of "green-screen" character-based dumb terminals like VT100 or VC52 (Volker-Craig). The lusers' data and email was all kept on the central server. The luser had much fewer rights than the average ISP customer in North America has today.

> Not only is it bad for privacy, but for reliability: now you can't
> talk to your friend's machine if the helper server is down or out
> of bandwidth. That's not acceptable!

    In which alternate reality did you grow up? The "original internet" was not what you seem to think it was.

Re:IPV6 here we come...

[Just+Some+Guy]

The early internet consisted of a bunch of mainframes operated by a bunch of BOFH (Bastard Operators From Hell). The only guys (usually male) allowed to log on were military types or civilian employees of defense contractors, who had a whack of security clearances.

For liking to pretend that you were there when it all started, you don't seem to understand what a peer is.

ARPANET and the Internet were built around the idea that computers could talk to each other. NAT breaks that. QED, NAT is not what the Internet was meant to be like.

Re:IPV6 here we come...

[Kadin2048]

I don't think he was really complaining about the censorship, he was just explaining why their connection goes through China. He mentioned that because it's one of the reasons why he's behind so many layer of NAT.

China doesn't have a lot of assigned IPv4 space to begin with, and if they're your Internet provider, they're probably not going to give you a lot. Hence, he's catching the short end of the addressing stick twice. One was China getting shafted, the other was China doing the shafting.

Although IPv6 wouldn't change the routing, the path the traffic takes through China, or the censorship/monitoring, it would give him a globally unique address. That would be a big step and simplify server configuration considerably.

One huge caveat

[gclef]

The thing they're not talking about here is that to meet the mandate, the gov't networks have to be *capable* of passing IPv6, and have tested that they can. Turning IPv6 back off as soon as they confirm that test is totally within the bounds of compliance (and many agencies are doing exactly that).

In short, don't expect this to actually drive IPv6 adoption...this was a paperwork exercise.

Re:One huge caveat

[hal9000(jr)]

It's more than that. It mandates a first step toward IPv6 conversion. The mandate also stated that dual stack (running Ipv4 along with IPv6) was OK too. The fundamental problem is that all the other network devices that run only IPv4 still have to supported.

This is fundamentally no different than when companies had to run IP and IPX on computers during Novells transition in the 90's.

Re:One huge caveat

[imipak]

Just to back this up, here's a quote from an earlier NetworkWorld story (just click thru the links on the page to find the original):

The mandate requires federal backbone networks to be capable of transmitting IPv4 and IPv6 traffic and supporting IPv4 and IPv6 addresses. However, the OMB mandate doesnâ(TM)t require agencies to turn IPv6 on or to use it by the end of June 2008. Agencies have to support IPv6 on their backbone networks only, not on their desktops or peripherals. Nor do their applications need to be IPv6-enabled by the target date. Experts say the OMB mandate is easy to meet. Agencies must upgrade the software on their core routers to support IPv6 and then show they can carry IPv6 traffic through their service providers.

Re:One huge caveat

[dave87656]

I remember that the government was not fully Y2K compliant and overnight they became 100% compliant. The reason: any system which was not compliant was declared secret, thereby leaving the only reported systems those that were Y2K compliant.

Not to supprised.

[jellomizer]

Being that IPv6 has been around for over a decade, meaning most legacy hardware has been replaced by then that used IPv4 only as well many systems even ones older then 10 years old that support TCP/IP are often new enough to get a software patch for IPv6 and what is left are so old and legacy that they are not available on the internet or you can just put a Linux box on them before the network and connect via IPv6 it does an IPv4 direct communication to the system and passed the data threw.
However most systems that cannot support IPv6 probably needed to be upgraded anyways and offered federal IT employees a law to point to get funding for a much needed upgrade.

Re:Not to supprised.

[gclef]

If you really believe that anything that doesn't support IPv6 at this point is "legacy" you clearly haven't tried to implement it. A few things off the top of my head:

  * Cisco IOS will route IPv6, but it does doesn't do it in hardware (it forces the packet up to the totally underpowered CPU of the router), so the packet rates are pathetic compared to IPv4.

  * Until fairly recently, the Cisco PIX and ASA would route IPv6, but several major features (like failover) weren't available.

  * Running NAC? I have yet to talk to a NAC vendor who supports IPv6.

  * Many of the Security Information Manager products don't do IPv6, either (or they didn't the last time I checked).

  * Heck, let's talk Windows XP. It theoretically supports IPv6, but it will only do DNS over IPv4.

Vendor support for IPv6 has been pathetic.

Re:Not to supprised.

Windows 2k8 NAC fully supports IPv6

Re:Not to supprised.

[SkyDude]

Hi. Some of us don't like reading 96-word rambling sentences. Thanks.

Yes, but IPv4 commas and periods are in short supply.

Re:Not to supprised.

[KenSeymour]

> If you really believe that anything that doesn't support IPv6 at this point is "legacy" you clearly haven't tried to implement it. A few things off the top of my head:
>
> * Cisco IOS will route IPv6, but it does doesn't do it in hardware (it forces the packet up to the totally underpowered CPU of the router), so the packet rates are pathetic compared to IPv4.
>

Is that true of CISCO layer 3 switches? I'm just curious. It was my impression that layer 3 switches did their routing in hardware. The routers, which have WAN ports, do things in software.
They both run IOS.

Please correct me if I'm wrong.

Re:Not to supprised.

[IAN]

Cisco IOS will route IPv6, but it does doesn't do it in hardware

Sup720 + PFC3 + DFC3 routes IPv6 in hardware. It's not exactly new.

Re:Not to supprised.

[Mousit]

And hell, if you want to venture into consumer space, try every internet-enabled game console, TiVos, consumer IP phones, etc. I have never seen any of these that support IPv6, and I have a suspicion that the network chipsets in them don't have lower-layer support for it either. These could perhaps be upgraded via software patches, but it would be a question of whether they could handle it (re: like the underpowered Cisco router CPUs).

Home routers that support it are few and far between, with Apple's AirPort being the only one with full and total support that comes to my mind.

Granted, these bits and bobs can be handled with a home router that supports v4-over-v6 tunneling, but still, the total lack of support in such consumer things will be a very significant issue when trying to eventually get Joe Public himself to switch to v6.

Re:Not to supprised.

[sabaco]

Plenty of Cisco hardware handles IPv6 in hardware. The 12000 and 10000 both do, the 7600/6500 does, the 3750 and 3560 switches do, etc. I don't know why you think Cisco stuff doesn't handle IPv6, since it has for years.

Re:Not to supprised.

[thePowerOfGrayskull]

Being that IPv6 has been around for over a decade, meaning most legacy hardware has been replaced by then that used IPv4 only as well many systems even ones older then 10 years old that support TCP/IP are often new enough to get a software patch for IPv6 and what is left are so old and legacy that they are not available on the internet or [..]

Hi. Some of us don't like reading 96-word rambling sentences. Thanks.

But apparently some of us have time and inclination to count the number of words...

Re:Not to supprised.

[JFitzsimmons]

xclip -o | wc -w

Re:Not to supprised.

[thePowerOfGrayskull]

Not really an improvement, because it involves actually caring enough about another person's poor grammar to expend /any/ effort in telling them how many words they wrote...

Thanks for the command info though, I'll add it to the collection

Re:Not to supprised.

[rathaven]

There is extra licensing costs, however some competitors only handle it in software.

Re:Not to supprised.

[Dr.Dubious+DDQ]

Oddly enough, this sounds a lot like USB...

<voice mode="Creaky old man sitting in rocking chair on front porch of retirement home">I remember a time when for years, motherboards included USB ports, but they were always unused because there really weren't any USB peripherals. We still had two serial ports so why the heck would we pay extra for some newfangled USB mouse? I think there were a few USB sound devices floating around too, which always struck me as kind of odd given that the built-in SB16 card seemed like it'd have better responsiveness - plus there were actual drivers available for it. Of course, now if you want an old-school serial port, you have to buy a USB adapter that provides one...

Now you kids get off of my lawn!</voice>

I predict it'll continue to be a slow startup, but I think in the next few years the painfully slow growth in number of people who care and number of providers who can handle IPv6 will finally creep up to a point where usage can take off. Just like USB did.

Ping & Unplug

I've heard this referred to as "ping and unplug" by two different network vendors that we've worked with. I don't think this will be much more than a very limited proof of concept.

Wrong requirement...

[Bert64]

This just requires that the backbone passes ipv6, which any backbone routing device made in the past 10 years will be easily capable of doing.

What they really should do, is require that any service offered to the outside world be available with both ipv6 and ipv4 connectivity, starting with any new deployments/upgrades and gradually rolling out to existing sites.

Re:Wrong requirement...

[imipak]

This just requires that the backbone passes ipv6, which any backbone routing device made in the past 10 years will be easily capable of doing.

It's much less than that. Effectively the directive's minimum requirements are *one device* capable (not necessarily configured or connected) to route IPv6. So, BFD.

Re:Wrong requirement...

[glitch23]

This just requires that the backbone passes ipv6, which any backbone routing device made in the past 10 years will be easily capable of doing.

By backbone, the mandate means the network as a whole as opposed to your applications and hosts (workstations and servers). It doesn't mean your network backbone proper in your facility such as your core and distribution devices. It includes your entire network down to the access switch. And when you start investigating Cisco equipment as well as other vendors network devices and appliances you see that IPv6 is not 100% supported yet so it won't be totally easy. The best that can happen is that for devices that don't yet support it the government agency owning the device has to write a waiver that says they are waiting for their vendor to support IPv6.

Re:Wrong requirement...

[knorthern+knight]

> What they really should do, is require that any service offered to the
> outside world be available with both ipv6 and ipv4 connectivity, starting
> with any new deployments/upgrades and gradually rolling out to existing sites.

You'll know that IPV6 has arrived, when hurricane victims will only be able to apply online for aid via an IPV6 connection

Classic 5-step

[kamochan]

This is good news. The IPv6 transition must happen in stages, the whole world cannot convert at the same time. In order to beat the chicken-and-egg problem, someone simply has to go first.

1. Deploy IPv6-capable infrastructure to area X (which has now provably happened for a good part of US)
2. Update all clients to IPv6 capable systems (i.e., junk Windows)
3. Notice that you can't access any services, since the services do not support IPv6
4. Bitch at Google, and install intermediate IPv6-IPv4 gateways
5. X = X+1, goto 1
6. I'm sure someone will profit.

Re:Classic 5-step

[Fleeced]

6. I'm sure someone will profit.

They won't be able to profit at step 6 - they hit an infinite loop at step 5!

Re:Classic 5-step

[OnlineAlias]

Update all clients to IPv6 capable systems (i.e., junk Windows)

Vista runs IPV6 by default and everyone was hoping that this would help to drive adoption. IPV6 can be installed in a few clicks on an XP machine. You harboring much of an agenda there, boss?

Re:Classic 5-step

[TheThiefMaster]

2. Update all clients to IPv6 capable systems (i.e., junk Windows)

Windows XP SP2 and Vista both support IPv6. Vista even has it on by default.

But you already knew that, and just wanted to bash MS again.

Re:Classic 5-step

[pablomme]

X = X+1, goto 1

Every time someone writes goto, a kitten dies.

Damn, I've done it.

Re:Classic 5-step

[kamochan]

Nah, just clueless :)

The last time I've needed to touch windows was xp some years ago, when the IPv6 add-on package was mostly for entertainment purposes. It's good to hear it's improved to something usable.

Re:Classic 5-step

4. Bitch at Google, and install intermediate IPv6-IPv4 gateways

ipv6.google.com

Re:Classic 5-step

[el_gato_borracho]

It's not necessarily an infinite loop. When I ran this algorithm, my machine got a BSOD on the parenthetical part of step 2.

Re:Classic 5-step

[Baloo+Ursidae]

Vista runs IPV6 by default and everyone was hoping that this would help to drive adoption. IPV6 can be installed in a few clicks on an XP machine. You harboring much of an agenda there, boss?

No, but you are, if you think XP supports IPv6 in any usable form. Go ahead, disable IPv4 in XP and see how many hostnames you can look up.

Re:Classic 5-step

[Tony+Hoyle]

Or even better.. disable ipv6 on Vista and try to log onto your domain :p

Win28k allegedly supports AD over IPV6 but the average company is looking at years before that's deployed.

Re:Classic 5-step

[Tony+Hoyle]

Crap. I meant disable ipv4.

Stupid Slashdot. Let me f...ing post dammit!

Re:Classic 5-step

[Tony+Hoyle]

OK now you're down to:

1. Get an ISP that's even heard of ipv6, let alone is prepared to sell you addresses.
2. Get a router that supports ipv6. Good luck with that unless you're prepared to go Cisco.

Re:Classic 5-step

[Tony+Hoyle]

Useless. It's one page - all the links go back to www.google.com. google don't index ipv6 anyway, so there's no point.

So you still need ipv6->ipv4 gateways, or maybe just forget about the ipv6.

Re:Classic 5-step

[Baloo+Ursidae]

Win28k allegedly supports AD over IPV6 but the average company is looking at years before that's deployed.

By that time, they will have lost anyway, so kind of a moot point.

Re:Classic 5-step

[operagost]

I don't think a network "engineer" who hasn't had to deal with Windows boxes in the past five years is very practiced. Imagine if I claimed that Linux didn't support any modern hardware or SMP because the last version I touched was Red Hat 5 ten years ago.

Re:Classic 5-step

[TheThiefMaster]

IPv6 router: http://www.apple.com/airportextreme/specs.html
That just leaves ISP.

Re:Classic 5-step

[josephSevern]

There is (or at least used to be) an http://ipv6.google.com/

FUD!

[Adeptus_Luminati]

Hey IANNA, why not free up some of the "LEGACY" Class-A allocations (see below) That would free some 650 MILLION addresses!!! Some 15% of the address space.

http://www.iana.org/assignments/ipv4-address-space [iana.org].

That'll do us for what? Another 10-15 years or so?
Plus if the US gov wants to release a bunch too since they are going IPv6.

This whole "OMG! We're going to run out of addresses (and ponies)" scare is starting to be more pathetic and fake than Nostradamus predictions!

003/8 General Electric Company
004/8 Level 3 Communications, Inc.
006/8 Army Information Systems Center
008/8 Level 3 Communications, Inc.
009/8 IBM
011/8 DoD Intel Information Systems
012/8 AT&T Bell Laboratories
013/8 Xerox Corporation
015/8 Hewlett-Packard Company
016/8 Digital Equipment Corporation
017/8 Apple Computer Inc.
018/8 MIT
019/8 Ford Motor Company
020/8 Computer Sciences Corporation
021/8 DDN-RVN
022/8 Defense Information Systems Agency
025/8 UK Ministry of Defence
026/8 Defense Information Systems Agency
028/8 DSI-North
029/8 Defense Information Systems Agency
030/8 Defense Information Systems Agency
032/8 AT&T Global Network Services
033/8 DLA Systems Automation Center
034/8 Halliburton Company
035/8 MERIT Computer Network
038/8 Performance Systems International
040/8 Eli Lily & Company
043/8 Japan Inet
044/8 Amateur Radio Digital Communications
045/8 Interop Show Network
047/8 Bell-Northern Research
048/8 Prudential Securities Inc.
051/8 Deparment of Social Security of UK
052/8 E.I. duPont de Nemours and Co., Inc.
053/8 Cap Debis CCS
054/8 Merck and Co., Inc.
055/8 DoD Network Information Center
056/8 US Postal Service
057/8 SITA

Adeptus

Re:FUD!

Yeah, I actually work for GE, we have the entire friggin 3.x.x.x range, 16 *million* IP's, for roughly 300K real employees (and a ton of contractors) plus servers.

I mean, being realistic here, unless we have a server for every employee/contractor, and they each have 8 machines on their desk.. I'm betting we don't use more than a million of those.

And of that, virtually *none* (a handful) are actually on the public internet. 99% of them (at least) are behind firewalls and proxies, so *not* using a 10.x subnet internally is just a waste.

Sadly, 5 years and I've heard it mentioned *once*, but haven't actually seen any motion towards changing (like configuring switches for both 3.x and 10.x routing, etc). While, yes, I comprehend the scale of it, realistically a simple 3.x->10.x one-to-one mapping wouldn't be all *that* hard, and a per-site/per-business cutover.

But like most of corporate america, we talk about a lot of things, but not much really happens.

Re:FUD!

[gbjbaanb]

This whole "OMG! We're going to run out of addresses (and ponies)" scare is starting to be more pathetic and fake than Nostradamus predictions!

Century 12, Quatrain 5 says:

Gore, of old, would tell that six is all
on the day the silver tubes stopped passing;
terrible anguish would ensue
as tube of you could not be contacted.

See. We're doomed.

Re:FUD!

[aos101]

Hey IANNA, why not free up some of the "LEGACY" Class-A allocations (see below) That would free some 650 MILLION addresses!!! Some 15% of the address space.

http://www.iana.org/assignments/ipv4-address-space [iana.org].

That'll do us for what? Another 10-15 years or so? Plus if the US gov wants to release a bunch too since they are going IPv6.

This whole "OMG! We're going to run out of addresses (and ponies)" scare is starting to be more pathetic and fake than Nostradamus predictions!

Take a read of this blog post to find out what's really happening:

http://blog.icann.org/?p=271

They allocated more than one /8 per month in 2007, so even if they did recover all 650 million addresses from the allocations you mentioned (very unlikely), it would not buy us another 10-15 years. It would buy us about 3 years assuming the demand for IP addresses doesn't increase.

Reclaiming address space doesn't solve the problem, it just delays it. And it doesn't even delay it by that much.

Re:FUD!

[Zackbass]

Hey now, the building I live in at MIT has its own Class B and that's the way I likes it!

If you ever see someone from 18.238.*.* make sure to say hello.

Re:FUD!

[Midnight+Thunder]

Hey IANNA, why not free up some of the "LEGACY" Class-A allocations (see below) That would free some 650 MILLION addresses!!! Some 15% of the address space.

While a good idea, it is probably easier to simply migrate to IPv6. I say this reckoning that the amount of bureaucratic paper work amounts for most of the effort. If you are going to be doing the paper work, then it might as well be done for a solution moving forward, than trying to temporarily fix a bad allocation. At least this way the paper work is done once. Also, if there is hardware to be upgraded then you might as well put the effort into putting IPv6 ready hardware in place.

The pieces for IPv6 are slowly falling into place and there is less excuse to ignore it. The major operating systems support it and even Windows 2000 could use IPv6 if you had the technology preview (not sure where you can get hold it today) and a number of routers support it.

Re:FUD!

[PKFC]

I work for IBM (well the network services got sold to AT&T, but whatever.. the transition just happened June 1) and IBM uses its 9 address space as one big company wide NAT. Every IBMer in the world gets a 9 IP when they VPN or at a company site. It's a pretty cool setup from what I know of it, but then again: when you go to the internet, I'm at a 32.x.x.x IP which is AT&T. Now I don't know how it works, but a VPN into AT&T's network gives you a 135 ish /32 address. But pretty sure IBM could just NAT into 10 and be just fine, but it's at least 30 years of equipment being on a 9 address. Laziness is best when it's their address space anyway. Kinda rambly, but just trying to report what it's like..

Re:Dump IPv6

[Z-MaxX]

Correct me if I'm wrong, but it is my understanding that IPv6 adresses are not a superset of IPv4 ones. That means, that absolutely no current internet site is reachable by IPv6.
...
IPv6 address should be a superset of IPv4 ones. (or example : 1.2.3.4 is IPv4, 1.2.3.4.5.6.7.8 would be IPvX. you type the former in IPvX, it gets padded to 1.2.3.4.0.0.0.0 and still works). I fail to understand why it isn't so.

Well, it would be hard to expect old software to be able to send and receive packets in a new format automatically--the packet header would at least require a longer address field, but probably other changes as well that will improve performance and flexibility. On the other hand, it should be possible for programs that use the new version of the networking API to communicate with machines on IPv4. And this is possible using IPv4 mapped IPv6 addresses (RFC reference).

IPv6 Sucks

[tjstork]

We've had a decade of people trying to ram this product down our throats, and yet, the best we get is that we should appreciate having an IP address that looks like:

http://20010db885a308d313198a2e03707348/

That -sucks-. ok? it sucks. It may be great for network people, except those that use the addresses, but it suks.

IPv6 : Proud sponsors of unusable addresses.

Re:IPv6 Sucks

[idiotnot]

We've had a decade of people trying to ram this product down our throats, and yet, the best we get is that we should appreciate having an IP address that looks like:

http://20010db885a308d313198a2e03707348/

Learn DNS. :-) My Windows Vista machine and my Macs resolve just fine after pulling an automatic network address, tyvm. And I'm running BIND, not Win2kX on the server side.

That -sucks-. ok? it sucks. It may be great for network people, except those that use the addresses, but it suks.

IPv6 : Proud sponsors of unusable addresses.

Your URL won't work because you forgot your brackets and your semicolons.

And if you have to remember addresses, in a lot of circumstances it's not a lot different than an IPv4 address, because you can truncate a lot. My home netblock is 2001:4830:####b::/48 (digits on the third set baleeted for obvious purposes). I can remember it fine. If I need something with a static address, there's nothing that prevents me from setting it. Normally, I set it to mirror my NATted IPv4 address.

So 192.168.2.247 gets a static address of 2001:4830:####b::247.

Not that difficult!

Re:IPv6 Sucks

[imipak]

Well gosh, if only there were some method to map those long numerical addresses to arbitrary strings of human-readable characters. Hey, you may have hit upon a great business opportunity there!

Re:IPv6 Sucks

[Baloo+Ursidae]

And if you have to remember addresses, in a lot of circumstances it's not a lot different than an IPv4 address, because you can truncate a lot. My home netblock is 2001:4830:####b::/48 (digits on the third set baleeted for obvious purposes)

Obscurity is not security. Never confuse the two like you have.

Re:IPv6 Sucks

[GXTi]

That's what DNS was made for in the first place. You don't type in 105.195.75.18 very often either, do you? The only people who memorize IP addresses (v4 or v6) are "network people"

Re:Dump IPv6

[rdebath]

IPv4 addresses are aliased as ::ffff:216.239.59.99 in IPv6 so as long as there's an address translator in the IPv4 space an IPv6 machine can talk to any IPv4 machine as if the IPv6 machine is inside a nat. (a VERY large nat!) The IPv4 cannot connect to the IPv6 machine though because it sees the connection coming from a proxy.

I read this differently....

[mrjimorg]

The "chair of the IPv6 working group of the Federal CIO Council" has "not heard of anybody who is not going to make the IPv6 deadline". In other words, goverment agency responsible for IPv6 Deadline is unaware of how unprepared the departments that he's responsible for actually are.

This has all the earmarks of being as successful..

[Guppy06]

... as the federal government's push to go all-metric.

"Can" pass IPv6 isn't the same as "will."

Re:Dump IPv6

[mmontour]

Correct me if I'm wrong, but it is my understanding that IPv6 adresses are not a superset of IPv4 ones.
That means, that absolutely no current internet site is reachable by IPv6.

IPv4 addresses are mapped into the ::FFFF:a.b.c.d range.

You can't connect to an IPv4-only server from an IPv6-only client because it is a different network protocol and there is no way to fit an IPv6 address into the IPv4 source-address field. However a client with both an IPv4 and an IPv6 address can connect to either type of server.

NAT is bad for P2P

[mangu]

market forces have already relegated that individuals have no need for unique IP space and NAT is good enough for the unwashed masses.

With BitTorrent, no it isn't. At least not without some cooperation from the ISP. In my case, for instance, I've never been able to set up the UDP port for DHT.

Re:NAT is bad for P2P

[Lord+Crowface]

I'm at least partly convinced that the ability to block "unauthorized" services using the fact that it's such a pain to run any kind of server from a machine behind a NAT router is one of the main reasons that the commercial internet industry has stuck with IPv4. If they moved to IPv6, their old "We can't give each of your computers a real IP address because we don't have enough to go around" excuse would fall apart and they would have to either start letting people run their own servers or they'd have to move to doing actual port blocking, which would look really bad.

IPv6 Ready ISPs, Personal experience

[Midnight+Thunder]

I live in Canada and none of the ISPs that provide internet connection to the home provide native IPv6 support. Holidaying in France the other day I found that free.fr and possibly Wanadoo/Orange provide IPv6 support. An incomplete list of Internet Service Providers providing native IPv6 is available, though it could probably be updated and as more ISPs start providing native support to their customers. DSL Reports, also has a forum dedicated to IPv6.

Myself, I have started experimenting with IPv6 simply so I can understand all the issues and be able to help out other adopters. I started using Teredo on my Mac (since it supports being behind a NAT), by means of Miredo (a nice front-end for the Mac is available here), and then moved onto Aiccu. The advantage with going using Aiccu, is that I can have an IPv6 subnet for my computers at home. Also, since I wanted to make my web server available on the IPv6 addressable net, I registered its IP address with FreeDNS, since they allow for registration of AAAA records on their servers. There are certainly other 6to4 tunnels providers, such as Freenet6, but I haven't really investigate them since I already have a solution that fits my needs.

 

Re:IPv6 Ready ISPs, Personal experience

[Tony+Hoyle]

Whoopee 6 whole providers worldwide. ipv6 is good to go guys....

Zeronf: Bonjour, Avahi

[Midnight+Thunder]

We've had a decade of people trying to ram this product down our throats, and yet, the best we get is that we should appreciate having an IP address that looks like:

http://20010db885a308d313198a2e03707348/

That -sucks-. ok? it sucks. It may be great for network people, except those that use the addresses, but it suks.

To nit pick, that URL is wrong, it should be of the form:

http://20010db87348/

Note that the number is between brackets and has colons. Longer numbers are a side affect of making more addresses available. You should be happy they decided to use hexadecimal to represent the address and not base 10, since it would have been a lot more painful. Also note that any series of zeros can be dropped and just push the colons together:

http://20010db8000000007348/ becomes http://20010db87348/

Then again although you can access a machine this way, solutions as zeroconf are the way to go. Two implementations are Bonjour (default on the Mac, available for MS Windows) and Avahi on Linux. For me this is like ISBN numbers, in that sure you can refer to a book by its number, but it is far more convenient to refer it by name.

Correction

[Midnight+Thunder]

Did you check before you posted: obviously not, since /. drops the colons in the IP address, unless specified within 'a href'. Can I say broken?

http://20010db885a308d313198a2e03707348/ [20010db885...2e03707348]

That -sucks-. ok? it sucks. It may be great for network people, except those that use the addresses, but it suks.

To nit pick, that URL is wrong, it should be of the form (note your URL was probably mangled by /.):

http://2001:0db8::7348/

Note that the number is between brackets and has colons. Longer numbers are a side affect of making more addresses available. You should be happy they decided to use hexadecimal to represent the address and not base 10, since it would have been a lot more painful. Also note that any series of zeros can be dropped and just push the colons together:

http://2001:0db8:0000:0000:7348/ becomes http://2001:0db8::7348/

Then again although you can access a machine this way, solutions as zeroconf [wikipedia.org] are the way to go. Two implementations are Bonjour [wikipedia.org] (default on the Mac, available for MS Windows) and Avahi [wikipedia.org] on Linux. For me this is like ISBN numbers, in that sure you can refer to a book by its number, but it is far more convenient to refer it by name.

Re:Mission Accomplished

[imipak]

No, you've been mod'd down because you haven't read the article (or you know so little of the subject matter that you've misunderstood something very very basic.) The US Government is NOT about to "switch to IPv6". FWIW, your government is way ahead of my government in pushing IPv6. (You're right that Bush sucks fat hairy donkey cocks, though, but that's off-topic here.)

Re:This has all the earmarks of being as successfu

[Dr.+Cody]

Yeah, we went all-metric:

5.56mm, 7.62mm, 12.7mm...

Re:Mission Accomplished

[glitch23]

They are just expressing a (common) political view! Just because you disagree does not make it flamebait!!

You must be new here.

Re:Mission Accomplished

[Doc+Ruby]

What are you talking about?

On June 30, U.S. federal government officials expect to declare an early victory on the IPv6 front. But they admit that meeting their much-heralded June 30 deadline for IPv6 compatibility is just the opening salvo of a long-term battle to get their networks ready for the Internet of the future.

Under a White House policy issued in August 2005, all federal agencies must demonstrate the ability to pass IPv6 packets across their backbone networks by this deadline.

What's so complicated about that "subject matter"? The government is required to support IPv6 on its networks by June 30, 2008. The government says it will be ready.

I say they're lying. I point at the rest of Bush's government's history of lying when it's so easy, compared to actually doing something right which is either hard, or makes the government work right, or both. My point is precisely on topic.

Which article are you reading?

Awesome!

[Sybert42]

IPv6 just has to bring out the geek on you. Full speed ahead.

That's nice

[kilodelta]

But from my experience in state government I can tell you that while the Fed may lead, the states are still lagging far behind. So are educational institutions. I was recently on an interview with an educational entity and asked about plans for IPv6. They have no plans thus far.

What the IPv6 World Needs

[Nom+du+Keyboard]

What the world needs is a cheap router that speaks IPv6 on the Internet side, and the equivalent of a NATted IPv4 on the user side such that each IPv4 user address is mapped to a unique IPv6 address on the Internet side. Absolutely every current home and business network today would be capable of running under such a system without change, and the Internet could become all IPv6 tomorrow without problems.

And if your device talked IPv6 to this router, then it would transparently pass it through allowing a transition to IPv6 at the user's pace, rather than being forced into it due to the depletion of IPv4 addresses. After all, didn't someone once say that 4294967295 addresses ought to be enough for everybody?

If such a nifty device exists, it's sure not being talked about widely yet.

Re:What the IPv6 World Needs

[Tony+Hoyle]

I believe ipv6-NAT can be configured to do that (amongst other scenarios).. my Cisco has it but I've never bothered enabling it.

The problem is the scenario you describe is a bit useless. An ipv4 device can't contact an ipv6 device anyway, as it doesn't support the address format. So all the websites would have to advertise ipv4 addresses, allow connection from ipv6 somehow, reply over ipv6, that then gets translated to ipv4. Way overcomplex to achieve precisely nothing.

Re:What the IPv6 World Needs

[josephSevern]

This is basically what NAT-PT (RFC 2766 http://www.ietf.org/rfc/rfc2766.txt) does. Unfortunately the IETF deprecated NAT-PT without offering a replacement, although Cisco and other vendors continue to offer the feature in their code.

Re:What the IPv6 World Needs

[Shotgun]

The world needs no such of a thing. The last thing I need is a piece of equipment that will tell the cable company how many pieces of equipment I have connected to the Internet.

Currently, all Time-Warner can see is my Linux router running IPCop. That is all they need to see. How I choose to divide up my bandwidth budget between different boxes is my own business. They already use MAC address locking to make it a headache to switch the NIC connected to the cable box (you have to cycle the power when switching). Switch to IPv6, and they will limit each customer to one IPv6 address and we'll be doing some other type of weird NAT(ting).

The best? Then you've not been reading.

[jd]

IPv6 supports the following, which are either non-standard extensions to IPv4, not available or not provided by ISPs:

• Anycasting
• Mobile IP (IPv4 implementations only support home base relay)
• Mobile Networks
• Autoconfiguration
• IPSec
• Source-Specific Multicasting
• Simplified group membership protocol for multicasting
• Extended information retrievable from multicast routers
• Extensible packet headers
• Distinct Class-base and Flow-based QoS mechanisms
• Source-Specified Routing

In addition to the extensions, the following benefits are also present:

• Smaller router tables
• Superior alignment of header entries, so faster header processing
• Directly interchangeable addresses with Infiniband, so local-area and (when wide-area IB is released) wide-area networks can be transparently hybrid IP/IB

Only a few of these points mention addressing at all, and none refer to the specific length of IPv6 addresses.

IPv6 is bad for ISPs

[Baloo+Ursidae]

If they moved to IPv6, their old "We can't give each of your computers a real IP address because we don't have enough to go around" excuse would fall apart and they would have to either start letting people run their own servers or they'd have to move to doing actual port blocking, which would look really bad.

Good! Fuck 'em! If they can't be bothered to offer quality service, what right do they have to look good for treating their customers like shit?

Re:Mission Accomplished

[Tony+Hoyle]

Ability to pass ipv6 == upgrade the backbone router software so it'll pass the packets.

Says nothing about switching. My wifi device can pass ipv6, but it isn't ipv6 capable - it's just a dumb router that passes any crap you throw at it.

Re:Mission Accomplished

[Doc+Ruby]

Routers switch packets. The ones that don't recognize IPv6 packet formats aren't capable of switching packets. The ones that do, are.