Slashdot Mirror
Feds Say They're Ready For Monday's IPv6 Deadline
netbuzz writes "By all indications and against all odds, it appears as though most, if not all, federal agencies will have met the mandate issued back in 2005 that their network backbones become capable of passing IPv6 packets by June 30, 2008. NetworkWorld quotes Pete Tseronis, chair of the IPv6 working group of the Federal CIO Council, saying, 'I have not heard of anybody who is not going to make the IPv6 deadline.' Those involved are calling this a significant milestone in what has been an extensive effort to bring IPv6 into widespread deployment."
NAT is good enough for the unwashed masses.
I am currently in Uzbekistan. Our Internet uplink goes through China (because of a domestic Internet monitoring policy that allows for only one country-level Internet provider). On the IPv4 block allocation generosity scale we are at the lower end, twice. Depending how things are configured there I am usually behind one or two layers of NAT already from the provider, not counting our own internal network. Something as simple as Skype usually goes through 4 to 8 relays, and getting a server working reliably here can be a challenge.
Market forces have decided that in the US, and slightly less so in Europe, where IPv4 block allocation was comparatively generous, NAT is enough for your own unwashed masses. Everywhere else NAT is an abomination and an administration headache that has to go away. NAT is like deodorant for the unwashed mashes where what they really need would be a good decent shower.
Since implementation of IPv6 routing elsewhere is picking up steam, we can only hope that the same market forces that have allowed the US to stick to their comfy IPv4 couch will eventually force the US to adopt it as well. Since it looks like the non-US market is growing, things are looking good here, and the story confirms it.
As a state gets corrupt, its laws multiply; the most corrupt states have the most numerous laws. (Tacitus, Annales 3:27)
6. I'm sure someone will profit.
They won't be able to profit at step 6 - they hit an infinite loop at step 5!
If you really believe that anything that doesn't support IPv6 at this point is "legacy" you clearly haven't tried to implement it. A few things off the top of my head:
* Cisco IOS will route IPv6, but it does doesn't do it in hardware (it forces the packet up to the totally underpowered CPU of the router), so the packet rates are pathetic compared to IPv4.
* Until fairly recently, the Cisco PIX and ASA would route IPv6, but several major features (like failover) weren't available.
* Running NAC? I have yet to talk to a NAC vendor who supports IPv6.
* Many of the Security Information Manager products don't do IPv6, either (or they didn't the last time I checked).
* Heck, let's talk Windows XP. It theoretically supports IPv6, but it will only do DNS over IPv4.
Vendor support for IPv6 has been pathetic.
You go through several NAT devices because that is what your government wants. With IPV6, you would go through the same networks, you would just have a longer NAT ip address.
IPV6 will not make the routing table that IPV4 enforces go away, it will just give it the ability to have QOS and a few other features. If your government wants to limit your access, they will still have that ability.
Why read the article when I can just make up a snap judgement?
Yeah, I actually work for GE, we have the entire friggin 3.x.x.x range, 16 *million* IP's, for roughly 300K real employees (and a ton of contractors) plus servers.
I mean, being realistic here, unless we have a server for every employee/contractor, and they each have 8 machines on their desk.. I'm betting we don't use more than a million of those.
And of that, virtually *none* (a handful) are actually on the public internet. 99% of them (at least) are behind firewalls and proxies, so *not* using a 10.x subnet internally is just a waste.
Sadly, 5 years and I've heard it mentioned *once*, but haven't actually seen any motion towards changing (like configuring switches for both 3.x and 10.x routing, etc). While, yes, I comprehend the scale of it, realistically a simple 3.x->10.x one-to-one mapping wouldn't be all *that* hard, and a per-site/per-business cutover.
But like most of corporate america, we talk about a lot of things, but not much really happens.
Hey IANNA, why not free up some of the "LEGACY" Class-A allocations (see below) That would free some 650 MILLION addresses!!! Some 15% of the address space.
http://www.iana.org/assignments/ipv4-address-space [iana.org].
That'll do us for what? Another 10-15 years or so? Plus if the US gov wants to release a bunch too since they are going IPv6.
This whole "OMG! We're going to run out of addresses (and ponies)" scare is starting to be more pathetic and fake than Nostradamus predictions!
Take a read of this blog post to find out what's really happening:
/8 per month in 2007, so even if they did recover all 650 million addresses from the allocations you mentioned (very unlikely), it would not buy us another 10-15 years. It would buy us about 3 years assuming the demand for IP addresses doesn't increase.
http://blog.icann.org/?p=271
They allocated more than one
Reclaiming address space doesn't solve the problem, it just delays it. And it doesn't even delay it by that much.
I'm at least partly convinced that the ability to block "unauthorized" services using the fact that it's such a pain to run any kind of server from a machine behind a NAT router is one of the main reasons that the commercial internet industry has stuck with IPv4. If they moved to IPv6, their old "We can't give each of your computers a real IP address because we don't have enough to go around" excuse would fall apart and they would have to either start letting people run their own servers or they'd have to move to doing actual port blocking, which would look really bad.