Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Say They're Ready For Monday's IPv6 Deadline

Posted by Soulskill on from the upgrades dept.

netbuzz writes "By all indications and against all odds, it appears as though most, if not all, federal agencies will have met the mandate issued back in 2005 that their network backbones become capable of passing IPv6 packets by June 30, 2008. NetworkWorld quotes Pete Tseronis, chair of the IPv6 working group of the Federal CIO Council, saying, 'I have not heard of anybody who is not going to make the IPv6 deadline.' Those involved are calling this a significant milestone in what has been an extensive effort to bring IPv6 into widespread deployment."

20 of 120 comments (clear)

  1. IPV6 here we come... by antirelic · · Score: 4, Insightful

    Or not. While the federal government of the USA may have backbones capable of running IPV6, they seriously lack the ability to effectively make the switch without a great amount of pressure. Lets face it, with NAT and other technologies, the need to migrate to a new standard has been severely reduced. Not saying that it is not needed, I am sure the "rest of the world" outside of the US and the EU would like some IP space all of their own, but market forces have already relegated that individuals have no need for unique IP space and NAT is good enough for the unwashed masses.

    Having had a little bit of experience working with big networks based on IPV4, the migration to IPV6 is going to be pretty awesome... like the titanic sinking, or an entire city being leveled by an earth quake.

    --
    20th century Marxism is not progress...
    1. Re:IPV6 here we come... by rxmd · · Score: 5, Interesting

      NAT is good enough for the unwashed masses.

      I am currently in Uzbekistan. Our Internet uplink goes through China (because of a domestic Internet monitoring policy that allows for only one country-level Internet provider). On the IPv4 block allocation generosity scale we are at the lower end, twice. Depending how things are configured there I am usually behind one or two layers of NAT already from the provider, not counting our own internal network. Something as simple as Skype usually goes through 4 to 8 relays, and getting a server working reliably here can be a challenge.

      Market forces have decided that in the US, and slightly less so in Europe, where IPv4 block allocation was comparatively generous, NAT is enough for your own unwashed masses. Everywhere else NAT is an abomination and an administration headache that has to go away. NAT is like deodorant for the unwashed mashes where what they really need would be a good decent shower.

      Since implementation of IPv6 routing elsewhere is picking up steam, we can only hope that the same market forces that have allowed the US to stick to their comfy IPv4 couch will eventually force the US to adopt it as well. Since it looks like the non-US market is growing, things are looking good here, and the story confirms it.

      --
      As a state gets corrupt, its laws multiply; the most corrupt states have the most numerous laws. (Tacitus, Annales 3:27)
    2. Re:IPV6 here we come... by jsebrech · · Score: 4, Interesting

      Not saying that it is not needed, I am sure the "rest of the world" outside of the US and the EU would like some IP space all of their own, but market forces have already relegated that individuals have no need for unique IP space and NAT is good enough for the unwashed masses.

      NAT is only good for networks. Every ISP subscriber still gets a unique IP, and with people leaving their PC's on 24/7, those might as well be unique IP's (my ISP does not charge that much extra to get a fixed IP).

      I read a statistic that by 2010 half of the global population is going to have a cell phone (currently it's 4 out of 10), with most of the growth in asia and the middle east. Currently 1 in 6 cellphone users globally has an internet-enabled subscription (even if they don't use it), but this is going to grow considerably. We could be talking about up to a billion new internet users over the next decade, in asia and the middle east, the majority of them on cheap mobile devices. NAT is not going to be the answer, and IPv6 will become a necessity to reach those markets.

      The NYT did an interesting article about cellphones and the third world. What's driving the adoption is economic necessity. The cost of doing business in a globalized world is that you have to be connected. http://www.nytimes.com/2008/04/13/magazine/13anthropology-t.html

    3. Re:IPV6 here we come... by Cheeze · · Score: 5, Insightful

      You go through several NAT devices because that is what your government wants. With IPV6, you would go through the same networks, you would just have a longer NAT ip address.

      IPV6 will not make the routing table that IPV4 enforces go away, it will just give it the ability to have QOS and a few other features. If your government wants to limit your access, they will still have that ability.

      --
      Why read the article when I can just make up a snap judgement?
    4. Re:IPV6 here we come... by smittyoneeach · · Score: 4, Funny

      Oh, he dreams of a Commodore 64 upgrade, as he boots his PET off of an old Sony walkman, at roughly the same pace as a modern JVM on good hardware.

      --
      Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
    5. Re:IPV6 here we come... by Just+Some+Guy · · Score: 4, Insightful

      Lets face it, with NAT and other technologies, the need to migrate to a new standard has been severely reduced.

      Not even close. NAT breaks networks horribly by its very nature, and voids the original Internet ideal of a collection of peers. Consider that with NAT it's impossible to connect to another machine which is also behind NAT without going through a third party. While governments might love the idea of forcing you to funnel traffic through a central, easily-tappable server, it sucks for end users. Not only is it bad for privacy, but for reliability: now you can't talk to your friend's machine if the helper server is down or out of bandwidth. That's not acceptable!

      Having had a little bit of experience working with big networks based on IPV4, the migration to IPV6 is going to be pretty awesome... like the titanic sinking, or an entire city being leveled by an earth quake.

      Having apparently a bit more, I don't think it's going to be that bad. You don't have to start with a complete cutover, or even make a complete transition at all. Right now, today, odds are that you could start using link local addresses on your LAN for testing. You can get an IPv6 allocation and start with little things: configure your mailserver to use it and start publishing DNS to it. Once you're convinced it's up, try again with your webserver. Maybe configure a couple of workstations for the geeks in your company and let them bang away at it. If any of that fails, no big deal! You're still live with IPv4.

      --
      Dewey, what part of this looks like authorities should be involved?
    6. Re:IPV6 here we come... by mixmatch · · Score: 4, Informative
      You do understand that the need for NAT stems from the inability to assign everyone a public IPV4 address right? With IPV6, the routing may be similar, but it will not be the same. To quote from the TCP/IP Guide:

      • Complexity: NAT represents one more complexity in setting up and managing the network. It also makes troubleshooting more confusing due to address substitutions.

      • Problems Due to Lack of Public Addresses: Certain functions won't work properly due to lack of a âoerealâ IP address in the client host machines.

      • Compatibility Problems With Certain Applications: I said above that NAT was only mostly transparent. There are in fact compatibility issues with certain applications that arise because NAT âoetinkersâ with the IP header fields in datagrams but not in the application data. This means tools like FTP, which pass IP addresses and port numbers in commands, must be specially handled, and some applications may not work.

      • Problems With Security Protocols: Protocols like IPSec are designed to detect modifications to headers and commonly balk at the changes that NAT makes, since they cannot differentiate those changes from malicious datagram âoehackingâ. It is still possible to combine NAT and IPSec, but this becomes more complicated.

      • Poor Support for Client Access: The lack of a public IP address for each client is a double-edged sword; it protects against hackers trying to access a host but also makes it difficult for legitimate access to clients on the local network. âoePeer-to-peerâ applications are harder to set up, and something like an organizational web site (accessed from the Internet as a whole) usually needs to be set up without NAT.

      • Performance Reduction: Each time a datagram transitions between the private network and the Internet, an address translation is required. In addition, other work must be done as well, such as recalculating header checksums. Each individual translation takes little effort but when you add it up, you are giving up some performance.

      Furthermore, I believe that GP was not complaining about censorship and/or limit of access by government authorities, but rather using that to preface the technical reason they have one ISP that routes through China.

  2. One huge caveat by gclef · · Score: 4, Informative

    The thing they're not talking about here is that to meet the mandate, the gov't networks have to be *capable* of passing IPv6, and have tested that they can. Turning IPv6 back off as soon as they confirm that test is totally within the bounds of compliance (and many agencies are doing exactly that).

    In short, don't expect this to actually drive IPv6 adoption...this was a paperwork exercise.

    1. Re:One huge caveat by hal9000(jr) · · Score: 4, Insightful

      It's more than that. It mandates a first step toward IPv6 conversion. The mandate also stated that dual stack (running Ipv4 along with IPv6) was OK too. The fundamental problem is that all the other network devices that run only IPv4 still have to supported.

      This is fundamentally no different than when companies had to run IP and IPX on computers during Novells transition in the 90's.

  3. Not to supprised. by jellomizer · · Score: 4, Insightful

    Being that IPv6 has been around for over a decade, meaning most legacy hardware has been replaced by then that used IPv4 only as well many systems even ones older then 10 years old that support TCP/IP are often new enough to get a software patch for IPv6 and what is left are so old and legacy that they are not available on the internet or you can just put a Linux box on them before the network and connect via IPv6 it does an IPv4 direct communication to the system and passed the data threw.
    However most systems that cannot support IPv6 probably needed to be upgraded anyways and offered federal IT employees a law to point to get funding for a much needed upgrade.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:Not to supprised. by gclef · · Score: 5, Informative

      If you really believe that anything that doesn't support IPv6 at this point is "legacy" you clearly haven't tried to implement it. A few things off the top of my head:

        * Cisco IOS will route IPv6, but it does doesn't do it in hardware (it forces the packet up to the totally underpowered CPU of the router), so the packet rates are pathetic compared to IPv4.

        * Until fairly recently, the Cisco PIX and ASA would route IPv6, but several major features (like failover) weren't available.

        * Running NAC? I have yet to talk to a NAC vendor who supports IPv6.

        * Many of the Security Information Manager products don't do IPv6, either (or they didn't the last time I checked).

        * Heck, let's talk Windows XP. It theoretically supports IPv6, but it will only do DNS over IPv4.

      Vendor support for IPv6 has been pathetic.

    2. Re:Not to supprised. by SkyDude · · Score: 4, Funny

      Hi. Some of us don't like reading 96-word rambling sentences. Thanks.

      Yes, but IPv4 commas and periods are in short supply.

      --
      == First cross river, then insult alligator.
  4. Ping & Unplug by Anonymous Coward · · Score: 4, Interesting

    I've heard this referred to as "ping and unplug" by two different network vendors that we've worked with. I don't think this will be much more than a very limited proof of concept.

  5. Re:Classic 5-step by Fleeced · · Score: 5, Funny

    6. I'm sure someone will profit.

    They won't be able to profit at step 6 - they hit an infinite loop at step 5!

  6. Re:Classic 5-step by OnlineAlias · · Score: 4, Informative

    Update all clients to IPv6 capable systems (i.e., junk Windows)

    Vista runs IPV6 by default and everyone was hoping that this would help to drive adoption. IPV6 can be installed in a few clicks on an XP machine. You harboring much of an agenda there, boss?

  7. Re:FUD! by Anonymous Coward · · Score: 5, Informative

    Yeah, I actually work for GE, we have the entire friggin 3.x.x.x range, 16 *million* IP's, for roughly 300K real employees (and a ton of contractors) plus servers.

    I mean, being realistic here, unless we have a server for every employee/contractor, and they each have 8 machines on their desk.. I'm betting we don't use more than a million of those.

    And of that, virtually *none* (a handful) are actually on the public internet. 99% of them (at least) are behind firewalls and proxies, so *not* using a 10.x subnet internally is just a waste.

    Sadly, 5 years and I've heard it mentioned *once*, but haven't actually seen any motion towards changing (like configuring switches for both 3.x and 10.x routing, etc). While, yes, I comprehend the scale of it, realistically a simple 3.x->10.x one-to-one mapping wouldn't be all *that* hard, and a per-site/per-business cutover.

    But like most of corporate america, we talk about a lot of things, but not much really happens.

  8. Re:Dump IPv6 by Z-MaxX · · Score: 4, Informative

    Correct me if I'm wrong, but it is my understanding that IPv6 adresses are not a superset of IPv4 ones. That means, that absolutely no current internet site is reachable by IPv6.
    ...
    IPv6 address should be a superset of IPv4 ones. (or example : 1.2.3.4 is IPv4, 1.2.3.4.5.6.7.8 would be IPvX. you type the former in IPvX, it gets padded to 1.2.3.4.0.0.0.0 and still works). I fail to understand why it isn't so.

    Well, it would be hard to expect old software to be able to send and receive packets in a new format automatically--the packet header would at least require a longer address field, but probably other changes as well that will improve performance and flexibility. On the other hand, it should be possible for programs that use the new version of the networking API to communicate with machines on IPv4. And this is possible using IPv4 mapped IPv6 addresses (RFC reference).

    --
    Dr Superlove 300ml. I use my powers for awesome
  9. Re:FUD! by aos101 · · Score: 5, Informative

    Hey IANNA, why not free up some of the "LEGACY" Class-A allocations (see below) That would free some 650 MILLION addresses!!! Some 15% of the address space.

    http://www.iana.org/assignments/ipv4-address-space [iana.org].

    That'll do us for what? Another 10-15 years or so? Plus if the US gov wants to release a bunch too since they are going IPv6.

    This whole "OMG! We're going to run out of addresses (and ponies)" scare is starting to be more pathetic and fake than Nostradamus predictions!

    Take a read of this blog post to find out what's really happening:

    http://blog.icann.org/?p=271

    They allocated more than one /8 per month in 2007, so even if they did recover all 650 million addresses from the allocations you mentioned (very unlikely), it would not buy us another 10-15 years. It would buy us about 3 years assuming the demand for IP addresses doesn't increase.

    Reclaiming address space doesn't solve the problem, it just delays it. And it doesn't even delay it by that much.

  10. Re:NAT is bad for P2P by Lord+Crowface · · Score: 5, Interesting

    I'm at least partly convinced that the ability to block "unauthorized" services using the fact that it's such a pain to run any kind of server from a machine behind a NAT router is one of the main reasons that the commercial internet industry has stuck with IPv4. If they moved to IPv6, their old "We can't give each of your computers a real IP address because we don't have enough to go around" excuse would fall apart and they would have to either start letting people run their own servers or they'd have to move to doing actual port blocking, which would look really bad.

  11. The best? Then you've not been reading. by jd · · Score: 4, Informative
    IPv6 supports the following, which are either non-standard extensions to IPv4, not available or not provided by ISPs:

    • Anycasting
    • Mobile IP (IPv4 implementations only support home base relay)
    • Mobile Networks
    • Autoconfiguration
    • IPSec
    • Source-Specific Multicasting
    • Simplified group membership protocol for multicasting
    • Extended information retrievable from multicast routers
    • Extensible packet headers
    • Distinct Class-base and Flow-based QoS mechanisms
    • Source-Specified Routing

    In addition to the extensions, the following benefits are also present:

    • Smaller router tables
    • Superior alignment of header entries, so faster header processing
    • Directly interchangeable addresses with Infiniband, so local-area and (when wide-area IB is released) wide-area networks can be transparently hybrid IP/IB

    Only a few of these points mention addressing at all, and none refer to the specific length of IPv6 addresses.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)