Slashdot Mirror
Level of IPv6 Usage Is Vanishingly Small
An anonymous reader writes "The impending IPv4 address allocation shortage has led to a lot of speculation on the future of IPv6 (including here). A new study says that Internet IPv6 migration is not just going slowly — it has basically not even begun. After spending a year measuring IPv6 traffic across 87 ISPs around the world, the study concludes 'less than one hundredth of 1% of Internet traffic is IPv6... equivalent to the allowed parts of contaminants in drinking water.'"
Because it impacts the other guys, not me. It's the people in China and India and everywhere else that need addresses. Me? I've got a whole block right here.
'less than one hundredth of 1% of Internet traffic is IPv6... equivalent to the allowed parts of contaminants in drinking water.'
Like that means anything to me. Can they compare that percentage in terms of the number of pages per Library of Congress?
If people could actually get IPv6 service from their providers instead of having to route everything through congested tunnels, THAT would help.
The biggest reasons:
And probably many others. The bottom line is that right now today, there isn't a 'killer app' for IPv6.
My blog
measuring the percent of traffic is not very reliable. Thats like saying how much internet traffic is used for Vonage, or Slashdot.
More importantly, how many sites can be reached via IPv6? How many publish AAAA addresses in DNS? How many ISP's can route IPv6? I know that there is tunneling for running over IPv4, how much of that 99.99% of traffic might be doing that?
What are we going to do tonight Brain?
What's the downside to being ready?
Because it's work. Work takes time. Time is money.
A certain product at a certain company (forgive my being vague, you know how these things are) has a network interface. This interface is currently IPv4 only, no IPv6 support. When anybody asks the design team why not, they say that no customers have asked for it. Somebody suggested that IPv6 was the sort of thing you want to support ahead of need, but these guys have a lot of deadlines to meet and not enough resources to meet them. They aren't about to spend time implementing features nobody's asked for.
Of course, the time will come when their customers realize they've put off changing over to IPv6 much too long, and will start crash programs to make it happen. They'll demand that this product start supporting IPv6 immediately, if not sooner. So the design team will begin their own crash program, and IPv6 support will be added to the product in a hurry. The implementation will probably cost more and be less robust (at least initially) than if they'd planned ahead.
But they have no incentive to plan ahead. It's a common pattern.
And don't forget that it is one more thing that can go wrong.
Remember, you ALWAYS run the MINIMUM on your servers. If you don't absolutely need IPv6 today, then don't put it on.
You (and many people) are so accustomed to NAT you don't even see how wrong it is.
There is nothing really difficult to use IPv6 address instead of IPv4. Writing (or even using) a network application having to deal with NAT is a real pain.
If I were solving this, I'd suggest separate and non-directly routable IPv4 address spaces for separate countries (and, perhaps, for other entities). And lots and lots of NAT or proxying. Of course that is kind of what is happening anyway.
Eww. Lots of room for bugs and weird feature interaction in the design of protocols that have to punch through NATs, either that or everyone has to role out new helper modules / ALGs each time some wizzy new app is invented.
IPv6 is really a clean-up job. Combing the complexity back out of the network has got to be a win for reliability, ease of administration, and perhaps even security. I'm in favour, though I have to say I'm doubtful about it happening any time soon.
I think the most optimistic scenario is this: when IPv4 exhaustion hits, particularly in countries that have to yet to have their internet 'boom' and so will have a very low number of existing addresses per capita, obviously some sort ISP side NATing is going to be required. People may decide that they might as well implement IPv6 and TRT anyway, particularly if they're deploying new hardware / software combinations (netbooks? set-top boxes?) and so can dictate IPv6-readiness. Hopefully once sufficient numbers of IPv6-only nodes are out there, it'll seem worthwhile rolling out IPv6 on servers.
The alternative, ultimately, is people auctioning off tiny IPv4 address blocks and exponentially bloating routing table sizes, or a horrible twisty unreliable world of multiple NAT or ALGs, where net neutrality is a quaint concept consigned to history ..
And yes, printable IPv6 addresses are ridiculous. Admins will have to get used to trusting DNS (or /etc/hosts) when configuring stuff .. :)
Why is everyone so eager to use NAT? I've never quite understood this, once NAT use became widespread things became a lot more problematic, in my first year of college all the workstations in the computer labs (Ultra 5s and older Sparcstation 5s) had public IP addresses and the ISP I used gave all 10 Mbps customers 5 public IP addresses. I've recently started taking a few college courses again, the uni's labs are all NATed (so you can't access /tmp or /var on workstationname-57.lab04.cs.unidomain.tld from home any more, you have to dump the files on your NFS mounted 150 MiB home dir and then access that, great fun) and my current ISP gives each customer ONE public IP address, but I suppose I should consider myself lucky for not being NATed...
Seriously, we need to move back to an internet where a machine connected to the internet can almost always be assumed to have a proper, public, IP address. It would simplify a lot of things. Also, any trolls pulling out the "yuo cant has teh firawalls withouts teh NAT!!!11" crap can please not respond to this as packet filtering does not in any way require NAT. (Not directed at parent post, just tired of trolls and ignorant fools always using that argument).
/Mikael
Greylisting is to SMTP as NAT is to IPv4
Companies really want enough bit to organize their IP address block well. IPv6 threw in enough extra bits where that was easily possible, but the committee totally dropped the ball on providing an actual address model for companies to replace what everyone uses 10.x.x.x for.
What was needed was "first n bits tell you the size of all the following fields, next m bits are your ISP, next x bits are your company (the same value across several ISPs, if you pay for that), next y bits are yours to organize subnets as you like, last z bits are the machine". That would have been more functional that IPv4.
There were enough bits, and it's a simple enough idea, but it didn't happen. Committees are like that sometimes.
Socialism: a lie told by totalitarians and believed by fools.
I usually do not reply to my own posts (or replies to my posts) on /., but this is one area where I think it may actually be important.
First of all, if I were to guess, I'd say that all those who replied while questioning my background don't actually do network development for a living. While I could start beating my own chest about how most of your traffic right now probably goes through something designed by me, that would be beside the point (and noone knows you are a dog on the Internet :) ).
That said, a few points specifically.
1) "Never heard of structs?". Structures are orthogonal to the size of IP addresses. You can represent IPv4 address as a structure (as original in_addr used to do, exactly because not all hardware supported 32 bit natively). You could do the same with IPv6 (or you can simply stuff it into 16 sequential bytes). What won't change is ability to perform operations directly on the data type. :) ). This is inefficient, prone to error and makes code less maintainable.
You can natively compare two v4 addresses by using a == b (which will translate into a single assembly instruction). You cannot do that on a 129 bit data item. Your choices are - memcmp, or defined operation (compare first 4 bytes, then next 4 bytes, then next, then next
2) Radix trees. Sure, anything can be stored in a radix tree with appropriately long prefix or appropriately large number of nodes in a prefix. What can't be done, however, is keeping this tree in memory (given current device and system memory sizes, which are in low gigabytes to a few dozen gigabytes). This problem is exacerbated by the fact that IPv4 address space is very compact of necessity (not too many holes, and everything is neatly CIDRed together), whereas IPv6 is of necessity full of holes (and designed to stay that way).
3) Performance is a relatively minor consideration in this.
As far as NAT goes - I firmly believe that solutions (in technology and elsewhere) are of two kinds - "organic", i.e. borne of and supported by needs and circumstances, and "artificial". Organic solutions are not always streamlined or pretty. Humans are a good example. A rock of salt is pretty darn inorganic (though I wouldn't want to stretch this analogy too far :) ) NAT is the former, IPv6 is the latter.
Make all porn only reachable through IPv6.
Did you check the post above you?
From the post's link:
We're taking over 100 gigabytes of the most popular "adult entertainment" videos from one of the largest subscription websites on the internet, and giving away access to anyone who can connect to it via IPv6. No advertising, no subscriptions, no registration. If you access the site via IPv4, you get a primer on IPv6, instructions on how to set up IPv6 through your ISP, a list of ISPs that support IPv6 natively, and a discussion forum to share tips and troubleshooting. If you access the site via IPv6 you get instant access to "the goods".
Unfortunately, that won't work, because it's not aimed to the industry. The ones who decide whether the public will use IPv6 or not are the ISPs, and better internet access is definitely NOT in their agenda (Hellooo Comcast!).
Until such time as some of the larger sites like, say, oh, I don't know, how about SLASHDOT get their finger out and install IPv6, people aren't going to bother. As a probably flawed analogy, would you buy a top-of-the-range games console with wireless everything and teraflops of processing power if there was not a single piece of software to run on it? Actually, this being Slashdot, you probably would just for bragging rights, especially if said CPU had a cool name like cellPwner pro or something. I know, bad analogy.
;; global options: printcmd
;; Got answer:
;; ->>HEADER ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;slashdot.org. IN AAAA
;; AUTHORITY SECTION:
;; Query time: 0 msec
; > DiG 9.3.4-P1 > slashdot.org AAAA
; (1 server found)
slashdot.org. 3149 IN SOA ns-1.ch3.sourceforge.com.
hostmaster.corp.sourceforge.com. 2008080600 14400 1800 604800 3600
Go figure. This is why IPv6 isn't taking off and a pox on anyone who says otherwise. Trying to blame sysadmins for not deploying IPv6 is a downright insult. We're ready, Slashdot. Google's ready. A whole raft of other sites have connectivity and are ready. Looks like you're not.
Resistance is futile. Reactance buggers it up.
I don't really understand what your saying. IPv6 works perfectly fine on local networks for consumers. If ISP's implemented IPv6 coming out of cable modems and DSL bridges we could turn off DHCP and NAT effectively turning the home routers into level 2 switches. IPv6 works perfectly fine at level 2 (mac addressing). If they can't convert the cable modems and DSL bridges then they could just distribute a software package to install a 6to4 tunnel to their IPv6 network.
I actually looked at the issue, it's actually harder to talk about than it is to implement.
We could have even just added a 3 more positions in the address and assumed a default of 1.1.1. as the default prefix if none was given.
Great, now the addresses are 7 bytes long and you still have to update all your routers and computers. What makes you think it'd be any easier?
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
Very simple. I have zero interest in granting public IP's to my private home network. Not even for security reasons. My home devices and my address scheme are really just nobodies business.
Another reason people NAT is for address portability. There is *still* no way for small fish to get a IP that isn't bound to their provider.
The "Anti-NAT" crowd are just like the "never use tables" or "semantic web" or "console forever" crowd. They are all religious zealots with far to much time on their hands.
Well that whole 640k thing with regard to IP addresses has been largely negated by the adoption of routers within the home. Back when cable/DSL adoption was first starting, many people would end up with a switch and then have to call up the ISP for a second IP address. And with several computers in every home these days (not to mention other devices that grab IP addresses - games consoles, WiFi cell phones, network printers, etc), that plausibly could have become a very big issue very quickly. I've got at least a dozen pieces of hardware that consume a local IP address (not to mention the two or three VMs I have going at any given time), and it's a very good thing they don't each consume a slot in the worldwide public address space.
For all practical purposes, even an A.B.C.D.E would probably be enough thanks to routers - that still gives us ~1 trillion unique IPs worldwide. Of course if we were to make the switch it would make sense to give us the additional headroom. I'm hardly intimately familiar with the inner workings of IPv6 but assume it has benefits beyond mere address space, but the added complication to sysadmins of dealing with something like "2001:0db8:0000:0000:0000:0000:1428:57ab" (thanks, Wikipedia) is simply a nightmare in the making. Four bytes versus sixteen? I can remember which computer is 192.168.0.11 on my local network easily enough (and could certainly remember my public IP if I were bothered, as it never seems to change despite not paying for static), but you can practically smell the smoke coming out of my head after just looking at that.
It's certainly forward-thinking, but having (estimated) fewer atoms in the universe than IPv6 addresses available is just slightly overkill, doncha think?
How are sites slashdotted when nobody reads TFAs?
What the hell? Did routers and firewalls all up and disappear with the advent of IPv6?
1) The world is document centric, not IP address centric. I want to access a collection of named documents and services from "slashdot.org". I dont care if these come to me by IPv4, NetBUI, IPX/SPX, Token Ring or Carrier Pigeon. I want to get "slashdot.org" and I want to make sure "slashdot.org" really is "slashdot.org" and not "somephishingsite.com"
So what you're saying is that you have no real reason to be anti-IPv6?
2) "End 2 End" isn't a selling point. I dont want my home network to be publicly visible.
So stick it behind a firewall that blocks incoming connections to all IP-addresses assigned to you unless you allow them?
3) Protocols that route around my desire for #2 succeed. All good P2P clients support UPnP. 3.1) Protocols that do not work with my desire for #2 fail. See Active FTP and the failed or failing IM networks and IM software that do not transfer files over NAT.
So, you'd rather have ugly workarounds than see the internet work the way it's supposed to work?
4) Those P2P clients are proof that how documents get to me are independent of the underlying link. I have no doubt that BitTorrent could be easily adapted to operate as a wire protocol on 802.11g or on top of IPX/SPX.
See answer to #1
5) If (and a big one) IPv6 got any traction, smart entrepenuers will began creating new services or modify existing ones like BitTorrent to operate and bridge IPv4 and IPv6. Really smart ones will most likely realize that once they abstract TCP/IP out of their design, they can do other "fun" things like implement their file sharing network directly over WiFI or some other mesh type network.
Have you even heard of the OSI model? Why in god's name would you want to have a Layer 3/4 P2P protocol? That's what TCP and IPv4/IPv6 are for.
/Mikael
Greylisting is to SMTP as NAT is to IPv4
I believe that to many people they never existed before (or without) NAT, they've just come to assume that NAT == "Hardware firewall" and no amount of explanation that packet filtering worked just fine for everyone before NAT came into widespread use seems to change their minds, it always comes back to "But, but, someone might see my computers...".
/Mikael
Greylisting is to SMTP as NAT is to IPv4
Read the article more carefully.
If the IPv6 transition never happens at all, which seems likely at this point, then the carrier-grade NAT engines are still needed for operating the IPv4-only networks we have today.
If the IPv6 transition actually does happen, somehow, then you're right. The carrier-grade NAT engines are only needed for IPv4-compatibility. In the unlikely event that IPv4 goes the way of the OSI stack, then maybe the NAT engines will be obsoleted. Not until then.
In any case, if you're using IPv4 now and you haven't started transitioning to IPv6, then you need to prepare for a future when most of your residential and mobile customers will be communicating with you from behind carrier-grade NAT engines that multiplex multiple customers behind a single address.
For example: identifying your customers by the IP address from which they connect to you has always been a bad idea, but it will soon be an extremely bad idea.
jhw
And hell, I used to run ip_masq on my hand-me-down machine to get out on the interweb.
You know what? You have no rights to my private network. NAT keeps you out of my affairs. It causes me some troubles, yes, but those troubles are far less costly then letting you snoop around my network.
Firewalls that filter my data without going through a "portal" like a public/private address space are too insecure for me to trust. I feel much beter knowing you cannot, realistically, route into my network. A network that was [public-ip] [firewall] [public-ip] means once an attacker gets through the firewall, it is much easier to route packets in and out.
I'm not even going to get into the reason the "big boys" use nat. They do it because private address space is portable and doesn't bind you to a provider. Since not everybody can be multihomed both on IPv4 or IPv6, it is a significant risk to invest your IT infrastructure in what is basically a proprietary IP address block.
Remember when if you switched cell phones, you'd loose your cell phone number? Same thing at work here.
Not any less handy? you have _got_ to be kidding. You expect people to whip that monstrosity up every fucking time they want to match for addresses? When working over a serial terminal on a barely-capable quirky embedded shell? And who the fuck compiles regexes? Programmers, that's who. This represents the core problem - IPv6 addressing seems to have been designed by programmers, not sysadmins.
You gonna use your ISP's proprietary block of IP addresses to number your corporate lan? You want every computer in your office to rely on your ISP not switching their IP addresses, not going bankrupt, etc? No thanks. On IPv4 and IPv6, the only way to ensure you dont have to renumber your intranet because of the whims of your ISP is to use private IP addresses.
Come on. If you do development for a living, you've heard of abstraction. If you're open-coding memcmp, you're doing something wrong. Just hide the comparison behind a nice typesafe inline function and you're actually in better shape than if you'd stuffed an ipv4 address into a long int.
I've noticed that most technical people pass through a phase where they want to do everything themselves, where writing to the bare metal is cool. We've all had that urge at one time or another. It takes a certain amount of humility and world-weariness to realize that there's plenty of good work that's already been done.
This doesn't matter AT ALL since IPv4 systems cannot talk to IPv6 systems, and v.v. They. Are. Completely. Alien. Networks. It just makes it easier to transport IPv4 across IPv6. Without a proxy/translator/etc. IPv6 and IPv4 hosts cannot talk to each other. This is why IPv6 will take decades to be openly adopted -- if ever. (It's already been a decade, btw.)
While I could start beating my own chest about how most of your traffic right now probably goes through something designed by me, that would be beside the point (and noone knows you are a dog on the Internet :) ).
I don't know if you're a dog, but I do know that you haven't designed recent hardware, or you'd know that:
If you like simplicity and elegance and performance, you'd love IPv6.
Dewey, what part of this looks like authorities should be involved?
I don't see that using dots instead of colons makes a transition any easier.
It would mean not having to use the the damn shift key.
What?
1. Not too many processors allow you to handle 1-bit or 4-bit structures, of which the IPv4 header contains many. The difference is the direction, not the direct handling.
2. Since IPv6 should have fewer exceptions to general cases, the number of nodes in the radix tree should be significantly lower, so giving you a net save.
3. Performance is so unimportant that IPv4 latency is one of the biggest things people loath and despise about IPv4. ATM is hardly a decent protocol, the payloads are absurdly small, but the latency is almost non-existent. As grids and clouds increase in usage, network latency is going to be the only latency that people will care about.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
And NAT is a problem masquerading as a solution.
That depends upon your point of view. As the parent said (or at least alluded to), very few people have more than a handful of servers which need to be addressable from outside a private network and fewer still have more than 255 (class C). Indeed, large portions of the existing address space are being wasted or not used efficiently already so why should I spend a dime to upgrade my equipment simply because other people are wasting addresses or are deluded by the relative importance of their toaster compared to the rest of the hosts on the public Internet? There is also the convenience (from a security and filtering point of view) with heirarchical centralized control of traffic and routing into one's private network. I don't know about you, but I don't wan't just anyone to communicate directly with the hosts on my private network so for me (and a great many other people as the adoption rate of IPv6 shows) the NAT IPv4 Firewall Router fits the bill nicely.
And I'll keep on enjoying all the free services people provide for IPv6 enabled hosts.
You do that, but don't whine because you cannot connect directly to a toaster on my private network because I choose not to upgrade my equipment. When the upgrade will earn me more money then and only then will I consider it. Until then it is machts nichts.
Even if everyone switched to IPv6 overnight there would still be IPv6 NAT or something basically equivalent to outside observers simply because directly addressable public hosts are dangerous and should be limited to controlled gateways so that the attack surface exposed by a private network is limited to those hosts which really need to be on the front line. Besides, it really wouldn't be a private network if every host was publicly addressable to arbitrary incoming traffic now would it?
IPv4 addresses are like oil. We know we'll run out some day, but so far, it hasn't happened. So nobody really cares, no change happens, and we're stuck with old obsolete technology.
So we can only hope that both IPv4 address space and oil will be exhausted soon, so that finally there's real pressure to switch to a better technology. Yes it will be expensive, yes some people well be annoyed by the change, but it will be a good thing.
bye, Till
To the MANY who think a few nat devices makes it all better, please think again.
For one, most ISPs for home service already only give out 1 IP and we're still running out. Do you want your NAT to be behind another NAT (that you cxan't configure port forwarding on)?
Virtual servers don't help a lot either. Believe it or not, not everything on the net is a web server. Do you want to discover in a few years that you CAN NOT get a colo box hosted, but you are free to get a "virtual" home page on a one size fits all web server?
Unless IPv6 deployments get a lot more common, the other choice is to colo in IPv6 where perhaps one in a million people can even actually connect to it.
While we're not out of v4 addresses yet, actually getting a block from ARIN has become increasingly difficult unless you're AOL, Comcast, etc. Years ago, you could just ask for a class C and receive within a day. Now, you have to send in increasingly detailed "justifications" and they are increasingly likely to be found "insufficient". Next I suppose you'll have to include the results of your last colonoscopy as well. New customers want IP assignments NOW, but ARIN doesn't want to give them out until you can prove you have a current need for them. That pretty well assures that only large providers will be in the running. Don't you prefer a net where there are small and more responsive providers out there? Perhaps some who are a little less quick to automatically yank your site down if the *IAA grumbles that one file might be copyrighted?
As for why so many addresses this time rather than just adding an octet, consider that v6 has been specified for 10 years now and the adoption is pitiful at best. Do we really want to be right back here again in 2018?
Part of the freedom of the net is inextricably linked with the ability to get an IP address to be on the net with. If you don't want net access bottlenecked and controlled more than it already is, you should support a move to IPv6.