Level of IPv6 Usage Is Vanishingly Small

An anonymous reader writes "The impending IPv4 address allocation shortage has led to a lot of speculation on the future of IPv6 (including here). A new study says that Internet IPv6 migration is not just going slowly — it has basically not even begun. After spending a year measuring IPv6 traffic across 87 ISPs around the world, the study concludes 'less than one hundredth of 1% of Internet traffic is IPv6... equivalent to the allowed parts of contaminants in drinking water.'"

The end is nigh?

[duckInferno]

Was IPv6 our only hope or do we have something else ready to go for when we hit that last address? And speaking of that, what WILL happen when we hit that last address? Will the internet suddenly die? Or will some people just not be able to connect because the IP is in use?

Re:The end is nigh?

[j+h+woodyatt]

What WILL happen is "carrier-grade NAT" deployments inside service provider networks.

Residential and personal mobile device customers can expect to pay extraâ" on the order of US$5-10 per monthâ" if they want a public, i.e. non-RFC1918, IPv4 address assigned to them. Also, don't expect the carrier-grade NAT to support any kind of port forwarding whatsoever. Lastly, you can expect the NAT to implement address/port-dependent endpoint filtering.

So, the writing for P2P applications like BitTorrent is pretty much on the wall now. Read it and weep, MF'ers, we TOLD you this would happen a long time ago, and you didn't believe us.

Re:The end is nigh?

[Ironchew]

Residential and personal mobile device customers can expect to pay extraâ" on the order of US$5-10 per monthâ" if they want a public, i.e. non-RFC1918, IPv4 address assigned to them.

Exactly. Artificial IPv4 address scarcity will create artificial value. As we've seen with shenanigans from most ISPs here in the United States, they'll milk this for all its worth. As long as the revenue stream of extortion is greater than giving billions more customers what they want, don't expect them to take the IPv6 plunge.

Re:The end is nigh?

[JWSmythe]

    I disagree.

    I used to run an amazingly high traffic site. It required quite a few GigE pipes to run the network. The datacenters combined would have required an OC192 to stay within acceptable growth potential.

    I had the urge to switch or run IPv6 in parallel. I found out what was proposed to be mandatory was quite a bit harder than it appeared.

    I never did find the clear path of "this is what you need to do."

    The only way I found to get my traffic to other IPv6 users was to tunnel IPv6 over IPv4. If (if, if) we had done it, it would have likely swamped those gateway services. Sure, some people want to make it happen, but what happens when many multiple big companies do it. I know Google set up the IPv6 version of their site, but they have quite a bit of negotiation power. My negotiation power was in that I could say "I'm going to need lots of bandwidth, make it available to me", and the provider would ensure it was available and that the standard growth potential was available. We had our growth down to a science, almost so much as I could tell you our aggregate 95th percentile for 12 months in the future +-5%

    If I, senior tech guy at a large bandwidth customer couldn't get it done, why do we think every home user, T1 user, and average Joe Slashdot User could get it done.

    If IPv6 is what we're SUPPOSE to be migrating towards, a clear well defined path must be established, and some sort of encouragement must be provided.

    IPv6 for us was just a play toy, even though I wanted it done. There was absolutely no demand for it. We were only using 6 to 8 /24's, so we weren't a huge burden on the available address space. Even still, I wanted to do it, and never got it done. Queries were left unanswered. No firm responses were ever given. Even the senior techs at the Tier 1 ISP's gave vague answers like "I think we can. Ya, we should be able to support it, but we don't know. We'll try to find out."

    Now I work for a company with even less pull. We discussed it, but it's a much different product, and was put together in such a way that you can't be fuzzy with it's addressing. Things are very specific. Clients will connect to exactly where you tell them, and there's no room for "and you could do this...." I no longer have the opportunity to even attempt to switch, and since the client base isn't prepared, it won't happen.

    I was looking forward to the change. I know there were neat proposals involved. Unfortunately, we were never able to implement it, and most people won't be able to.

Re:The end is nigh?

[Just+Some+Guy]

If I, senior tech guy at a large bandwidth customer couldn't get it done, why do we think every home user, T1 user, and average Joe Slashdot User could get it done.

I got it done perhaps because I'm not running a giant network. I set up tunnels from Hurricane Electric at home and at work, let our {Free,Open}BSD firewalls announce routes, and started using it. See my home page next to my name? There's no dancing turtle, but you can get to it over either protocol.

One of the huge wins for me as netadmin is that I can stop screwing around with port forwarding just to be able to SSH or make VOIP calls from home to work or vice versa. I'm loving me some end-to-end connectivity again.

What's the downside?

[XanC]

Between tunnel brokers and 6to4, really all of us who manage servers should have them on IPv6 in addition to IPv4. What's the downside to being ready?

It is obvious

[able1234au]

99% of IPv4 traffic is bittorrent. Switch it to IPV6 and the traffic figures will spike!

Not needed.

[Lord+Apathy]

Well at least not right now. With more allocation of IPV4 address we wouldn't be needed anytime soon. The company I work for has 56 public ip address for 3 webservers. The other 53 address are not even used, they are just parked for future use. If I was allowed to set the servers up the "right" way I wouldn't even need 3, just 1.

Re:Not needed.

[Chang]

Isn't this a problem with IPv4 renumbering also?

I've been through several internal network renumbering projects to go from globally routable to rfc1918 and also from one 1918 space to another in the case of merger and acquisition.

I would definitely use IPv6 router renumbering to help automate the process but it doesn't mean I don't need to understand the network flows either way.

Router renumbering lets you perform an add prefix operation to get both prefixs in use. Then you update DNS and wait for sessions to restart naturally or you help that process along with some targeted restarts. After you monitor your network to ensure that the old prefix is no longer in use you can use a delete prefix operation to clean up the old stuff.

The process is pretty much the same doing it manually or using router renumbering. The advantage is that you can use IPv6 renumbering abilities to help the grunt work on the routers.

Makes me happy

[ugen]

It may be just me, but I always felt IPv6 is a solution looking for the problem.

There is a reason IPv4 is so well entrenched. Other than availability of software, hardware and services, it is convenience of handling IPv4 in all those things. This is what permits developers to create all those wonderful products, administrators to effectively administer them and users to enjoy them. A primary reason to that is IPv4 address size - it is 32 bit which is natively handled by all current hardware, and easily remembered by humans (short term) in its quad decimal form.

IPv6 has neither of these features. It is difficult to deal with in software (I know, I do this for a living), does not fit into any native data type (and won't until we move to 128 bit architectures - which does not seem to be very soon), cannot be remembered or used by a human (so effective administration requires magic automatic tools), does not give itself with any convenience to routing related data structures (like radix trees). All this for dubious benefit of addressing directly (in non-hierarchical manner) of every toaster in the world. This is directly opposite to the way the Real World operates (i.e. your home has an address, but noone gets to talk to your toaster directly without going through you first.

If I were solving this, I'd suggest separate and non-directly routable IPv4 address spaces for separate countries (and, perhaps, for other entities). And lots and lots of NAT or proxying. Of course that is kind of what is happening anyway.

China would be happier that way too. In case of cross-border cyberattack, just cut external links and your country is self-sufficient and interconnected :)

Anyway, I am ready to bet some cash that IPv6 will never become a major transport protocol.
I know I will do whatever I can to keep it far far away.

Re:Makes me happy

[jguthrie]

It's just you. The IPv4 address space was way too small, probably because the guys who invented IP never envisioned the sheer volume of computers that want to connect to the Internet, and was allocated extremely inefficiently at first, probably because there was no obvious reason to be frugal with addresses, which led to the inequities of allocation that people complain about. The rising cost of addresses has caused people to become much more efficient in their allocations, but the inequities remain. Further, when IPv6 was just getting started, a large router might have 16 megabytes of RAM in it, so routing table size was a major concern, although the massive decrease in the cost of memory means that this also is less of an incentive than it once was.

I think that the real problem with IPv6 lies not in any part of the IPv6 design, but in the transition plan. I mean, the 6bone folks were the transition plan and, as soon as the backbones thought they knew what they were doing, they pulled the plug on the 6bone. The problem, of course, is that demand for addresses happens not at the backbones, but at the leaves. Since, at the time they pulled the plug on the 6bone, there was not one single piece of end user access equipment available, there was no demand for the native IPv6 transport that the 6bone folks assured me was available. Also at the time there was no way to do IPv6 multihoming without being a TLA. (That's "Top Level Aggregator", which is IETF-speak for "one who purchases his addresses straight from the source.") I don't know if that's been changed or not, as multihoming started being a lot less interesting to me right about then. I do know there were draft specifications addressing that very topic.

So, the transition is going very slowly. However, to assume that it isn't happening at all is to make the same mistake that short-sighted companies make. However badly those clueless individuals at the IETF managed to screw up the transition, the lack of IPv4 address space is a real problem now and that will only get worse in the future, and although NAT is easy to implement and quick to deploy, using NAT really is much less convenient than having live, routable addresses for all your systems.

The point is that things have a way of changing and those changes are happening right now. All my access gear and workstations are now IPv6 capable and, in fact, make use of IPv6, although that's through near heroic effort on my part. In fact, I have been told by my hosting provider that they're going to start providing native IPv6 transport to my virtual servers. An email to Comcast (my home's feed is through Comcast business service) asking about IPv6 got me, not one, but two telephone calls from someone who was nice enough to explain Comcast's IPv6 deployment strategy, which boils down to: We're deploying native IPv6 transport to end users as soon as DOCSIS 3 is widely available. I can't wait.

So, while I can count the number of actual live, remote IPv6 users that have hit my Web servers on my appendages without taking off my shoes, and I have never (not once) had a Gnutella connection over IPv6 despite supporting it for years, I have no doubt that the transition is well under way.

Nor is the size of the address space particularly insane. The idea is to use extreme inefficiency of address allocation to make certain hard tasks easier. The point is not to allow every grain of sand to have it's own IP address, but is, instead, to reduce the likelihood that an automatic host address assignment would result in an address collision to the point where it's not worth worrying about, and that point is actually achieved. The other objection that is commonly raised, that you can't memorize IPv6 addresses the way you memorize IPv4 addresses, gets a big "so what?" from me. Nobody memorizes IPv4 addresses, either. That's what name servers are for.

One opinion, worth what you paid for it.

Re:Makes me happy

[stevied]

IPv4 NAT is quite a nice fit for the issue of dealing with lots machines with dubious security wanting to run 'simple' protocols, in a world with limited public addresses available.

Having said that, at least part of the perceived "niceness" is psychological: it puts a real system boundary right at the point where one feels there's a trust boundary (the edge of the local network.) And it's beginning to look (according to Dan Kaminsky, amongst others, and not just since the recent hysteria) like that feeling of security is misplaced.

When I was at uni, all the workstations (at least the *NIX ones - I never touched our one Windows lab) had public IP addresses. We never had any security issues as a result, to the best of my knowledge. It's just a question of securing the configurations (using centralized management, diskless workstations, or whatever) and applying patches.

NAT also makes running non-trivial stuff complicated. P2P. VOIP. 'Push' technologies (if the client has to keep a connection open to the server, that's not really 'push'.) Remote access, generally. Look at the hoops things like Teredo have to go through to deal one or two layers of NAT. Now try to imagine how that scales..

And anyway, just because (in a theoretical future IPv6 utopia) we're not doing address substitution any more, doesn't mean we can't still have firewalls. ip6tables exists for Linux, and I'm sure the router manufacturers all have their solutions. It's still only one or two rules of config to drop incoming connections, if that's desired.

Oh, and regarding toasters: i'm not sure that's the issue ;-) It'll be giving things like mobile phones, iPods and cars IP addresses and running P2P apps between them, I'm guessing.

Solution looking for a problem

[TheRealMindChild]

The fact of the matter is, IPv6 is a solution looking for a problem. With IP shortages and the ease of NAT/PAT, most entities realized they don't need a whole block of IP addresses. Most of the time, one suffices. Else, a block of 8 almost always fits everyones needs. It is like trying to solve Y3K problems 992 years before we need to actually worry about it.

Also, most of the world is using Windows XP. Can you show me where in my TCP/IP settings panel I am supposed to enter my IPv6 information? Exactly.

Re:Solution looking for a problem

Better, it works regardless of the network underlying network implementation.

it isn't a hack, far from it, gotomypc is an example of the future.

Gotomypc isn't the hack. The hack is NAT, and that poses a problem that Gotomypc has to solve.

See, Gotomypc is a workaround against the problem caused by NAT which is a workaround against running out of IP addresses.

Just by deploying IPv6 we could forget about hacks around hacks around hacks.

Sigh.

It also comes with a host of problems

[Sycraft-fu]

A simple one is just dealing with IP addresses. Not too bad to remember an IPv4, especially since in a given network most addresses are largely similar. An IPv6 one is rather more difficult, and much of the self similarity is gone since the MAC is embedded. Thus you have to start to have better management to deal with the numbers.

A bigger one is the cost of replacing high speed routers. Real high end gear tends to do things in ASICs. It's really the only way to achieve the speeds that people want. Doing it in software would be prohibitive, even if routers had massive CPUs, which they don't. Well, there's lots of gear out there that only does IPv4 in hardware. You want IPv6, it is all handled by the software and thus anything more than a small amount will crush it. It is, of course, not cheap to get an IPv6 upgrade, even when one is available.

That's the situation on campus where I work. The network is Cisco 6500s at it's heart. They handle IPv4 with ease, including the incredibly complex access lists and routing tables we have. However, they do that because they can do IPv4 in hardware. Well they support IPv6, you just turn it on, however only in software. It we tried to use it, it'd grind everything to a halt. So if we want the hardware to do it? $10,000,000. Ya, let me tell you how interested anyone is in spending that, when what we have works great and we are getting our budget cut (again).

Similar situation at larger levels, but even larger dollars. You don't go replacing these high end routers once a year. These things last for a long time. Thus there's lots of hardware out there that works great for IPv4, but can't do IPv6. Companies are understandably not interested in sinking tons of cash to upgrade, especially when it seems to gain nothing.

So even if IPv6 were just turn a switch, I could see adoption being slow because it don't really solve any problem. However it does introduce it's own problems, which makes it just that much slower.

Comment removed

[account_deleted]

Comment removed based on user account deletion

obligatory

'less than one hundredth of 1% of Internet traffic is IPv6... equivalent to the allowed parts of contaminants in drinking water.'

The Net considers IPv6 to be damage and routes around it.

Re:nonsense

[afaik_ianal]

It's not that simple. IPv6 already has a space for IPv4 mapping. While it's not an all-zero mapping, IPv4 traffic can be routed across IPv6 networks relatively easily, and transparently.

To move to your IPv5, you're still going to need to replace the core infrastructure, and change all the applications to support it. If you're going to do that, you might as well move to something that you're not going to need to replace again in a couple of decades, and something that's easy to route.

The big L3 switches that drive your traffic across the net are not just PC's with a couple of NICs on them; they are highly optimised hunks of silicon, that try to route packets before the CPU even knows a packet has arrived for processing.

It's a *lot* easier to decide which of the couple of hundred interfaces to direct traffic if that decision is being made primarily on a 4 byte pattern in a relatively known location. If you're going to go to 5-bytes, you might as well go to 64-bit. IPv6 has gone that little step further, using 128-bit addresses, but also taking out some of the "features" of IPv4 that lead to uncertainty in the positioning of addresses.

Should have gone to A.B.C.D.E.F.G format.

[mgkimsal2]

We could have even just added a 3 more positions in the address and assumed a default of 1.1.1. as the default prefix if none was given. That would have given us 16 million * the current 4 billion addresses - 64 quadrillion addresses.

At the risk of repeating the 'no one needs more 640k', I'd have to say that I think 64 quadrillion is more than usable for the next several years. The upshot is that it would have been much easier to deal with that. From a pragamatic viewpoint, there's a whole lot of software out there invested in the dotted quad format. Modifying that to deal with a few more X.X.X places wouldn't have been as hard (think GUIs that check IP validity, for example) as moving to IPv6.

Lame excuses, perhaps, but I think we'd have seen much faster adoption to a format like X.X.X.X.X.X.X because it's an incremental, not radically different.
 

Re:Should have gone to A.B.C.D.E.F.G format.

[Sentry21]

The first broadband ISP I ever had was Shaw Cable, and back then, there was no such thing as 'broadband routers' - heck, we couldn't even justify buying a switch, so we just used a 10baseT hub (ew).

Imagine my surprise when I found out that our networked Brother printer, which we had only used over Appletalk-over-Ethernet, had had a public IP address for a year. Fortunately, it seems that the printer designers had (for whatever reason) prevented printing/access from non-local subnets, limiting the number of people with access to it to somewhere around 64 or 128 (we weren't part of a full class C, for sensible reasons).

Oddly enough, the ISP wanted you to pay for extra IPs - but didn't require it. Honour system ftw.

Re:Should have gone to A.B.C.D.E.F.G format.

Well, there's the RFC1924 option.

Then, IPv6 addresses would be represented in base85 encoding, delimited by something - The RFC strongly hints [].

Might be nice though e.g.:

[4)+k&C#VzJ4br<0wv%Yp]

- note that this is not confusable with the now-conventional [xxxx:xxxx::xxxx:xxxx] because : is not one of the allowed characters in the base85 scheme in the rfc.

Always 20 characters from a certain set between [ ] . Easily matched with regexes, shorter (much shorter) than a hex address.

Yes, it looks a bit line-noise-y, but it's far more regular.

Re:Should have gone to A.B.C.D.E.F.G format.

[rtb61]

The delay in the switch from IPv4 to IPv6 is greed by ISPs pure and simple. ISPs get the IPv4 address range basically for free and then charge customers for access to that address range, money for jam. They will simply resist IPv6 for as long as they can (the bad ISPs) because their profits from IPv4 will disappear as they have to give away IPv6 for free.

This of course is only as far as the greedy, traffic blocking, no server, ass hat ISP's. Their are plenty of regional good ISPs that believe in providing quality customers services at a reasonable price eg. http://ipv6.internode.on.net/, they of course will be the ones who end up crippling the IPv4 profits.

So home based server appliances, for email, voip, web serving, will kill IPv4 because they will want their IP address for free and, not to forget smart phone/PDAs and UMPCs all with their own IPv6 address, for instant global mesh networking, so yeah billions of adresses and the typical user will have at least three, home server, smart phone/PDA and UMPC.

Re:Should have gone to A.B.C.D.E.F.G format.

[Firehed]

Could you explain how that behavior would change at all with the advent of IPv6? I'm certainly not claiming you're wrong, but until I have a direct pipeline to the internet running to the house, I still have to go through some sort of ISP.

The no server clauses are absolutely BS, but my current ISP (Charter) doesn't seem to care, or at least do anything about it. I don't have a static IP (thanks, DynDNS), but they don't block incoming on port 80 so for demoing work to clients and accessing my local install of SugarCRM from the road, I don't have to mess with alternate ports.

Having said that, the mainstream use of home servers are still a way off. If/when they exist in the mainsteam, it'll almost certainly be primarily for media and document access (basically SFTP or some sort of wide-area Samba, and probably a long-range Bonjour broadcast for grabbing your iTunes library). The vast majority have no interest in running their own website; having some sort of presence via Wordpress, Blogger, or maybe whatever the modern-day equivalent of Geocities is will be more than enough for most people. The slashdot crowd are the exception to the rule, with a small cluster of boxes running homebrew apps and doubling as a replacement for the furnace. The spam implications of a home-based email/SMTP server make me slightly nauseous, and I envision VOIP remaining relatively peer-to-peer for the foreseeable future. Don't get me wrong - I want them to stop fucking around with what I can do with my connection... I just don't see it being that big of an issue. When configuring a DNS server becomes as simple as plugging in a toaster, we'll talk.

Re:Should have gone to A.B.C.D.E.F.G format.

Don't reinvent the wheel...

Re:Should have gone to A.B.C.D.E.F.G format.

[VdG]

I think your thinking is too limited. What about the rise of mobile devices? Billions of cell 'phones soon; I dread to think how many RFID chips. And who knows what else? These are things which really need globally unique IDs. IPv6 is intended to be overkill, so that whatever comes along it'll be able to cope.

Regarding the addressing issue which seems to concern so many people, DNS should handle most of it, (truly unique numbers actually make that simpler, I'd think). If you really need to speak to someone about a number, in most cases you should just be able to give them the last few bytes. "1428:57ab" seems fairly manageable.

Re:You know what would help?

[canuck57]

If people could actually get IPv6 service from their providers instead of having to route everything through congested tunnels, THAT would help.

Myth: We need IPV6

Fact: PITA to use IPV6 so we use IPV4

There isn't really a shortage of IP addresses at all. There is an extreme waste of IP space.

Case in point, take China squandering class A after class A (x/8). Why not just NAT the typical home users? Could do the same in Chicago, NY, California and London too. I know businesses that still have /16 spaces when in fact a /24 would do. And any business today using network routable addresses internally, well, their incompetence shines through. 10/8, 192.168/16 and others, plenty of space.

Take the waste of home IPs on my DSL, if you use one, you may be really using 4.

• cable modem/lower default
• your static IP
• your static IP
• upper local broadcast

Or at least that is how my DSL used to work and my cable does today (yes, I have 2 static). There are some variations to this, but we waste most of the address space. In this case, 1/2 wasted and that is efficient.

And like domain squatting, many companies IP squat hogging not just IPV4 space, but have hogged IPV6 space too.

We haven't gotten to the logistics of the changeover and costs of IPV6, let alone the technical issues. At this point, IPV6 is pie in the sky for most. Oh, a few tunnel it over IPV4, or the ones with enough to rent fiber by the strand for bragging rights. But it is a macho thing.

In the end, many years out IPV6 is needed. But it isn't that impending as Cisco and others who would profit by it would have you or I believe. That is why it's adoption is small until the costs and technical issues are completely addressed.

Re:My gut feeling?

[Sentry21]

I've been thinking about this sort of thing for ages, mostly in conjunction with ponderances on things like interplanetary news.

Between Earth and Mars, you can't FTP - the RTT is so long that the protocol-specified maximum timeout expires before a response can be returned to you. Obviously loading up a web page would be a senseless waste of time. We would need a way of transporting or requesting information in batches in order to effectively communicate things like news between planets.

In my mind, while at university, I envisioned a system consisting of 'packages', which contained some data or subset of data. It could be an entire website (which, for many companies, is merely a brochure, menu, etc. anyway), part of a website (an updated to a company's product information pages, for when e.g. Apple ships a new iMac), or even a single file - a press release, news clip, etc.

Each parcel of information would belong somewhere in a heirarchy. You could start with 'Apple' and grab their default content (say, most of what's on their website at first glance), and then delve deeper into areas like 'support', 'developer info', and so on. Those packages, while not necessarily retrieved by default, could be requested, and would slot into the heirarchy. Without them, you see that they're there and what kind of content is available; you can then request the content be updated, and when the 'package' arrives, you suddenly have access to that content as well.

Likewise, you could start issuing specific identification that computers could use to narrow down who you're looking for. Instead of www.apple.com, you could just do a search for 'Apple Computers' or 'Apple, Inc', and you would be able to find relevant information from (and about) the company. Because we can now uniquely identify business electronically, it's easy for someone writing a news article to 'tag' the article as being about Apple, Inc., and your client can do any associations you might want - stock updates, press releases (especially relevant press releases to the story), and so on, and whatever isn't local can be updated.

Obviously, this would require two things; firstly, a complete overhaul in the way the internet works; secondly, local (possibly hierarchical) caches wherever relevant, so that information doesn't need to be transmitted multiple times. Also, the caches can pre-fetch or be pre-seeded content ahead of time, so that (for example) major/popular news sites could send updates to their content in batches every hour/day/etc.

Because everything in this scheme would be tagged, dated, and versioned, it would be trivial to do a search for 'what this document (e.g. website) looked like in 2005', or 'a news article about communism from last Wednesday' or what have you.

Somehow, though, I think this sort of thing is a long ways off. Then again, maybe not.

So how do I switch to IPv6?

[jc42]

I'm actually in one of the rare areas that have more than one ISP. We have three available here. Our current ISP doesn't implement IPv6, so I can't use it. I checked with the other two. Neither of them allows IPv6, either. None of the three admits to any plans to implement it.

Most people have only one ISP, of course. What incentive does that ISP have to permit IPv6? I mean, here where we have three ISPs, none of them has an incentive to do it.

I don't see how we can ever switch to IPv6 until the ISPs stop dropping all IPv6 packets, and start forwarding them properly. And that clearly ain't gonna happen without a bit of "government regulation" ordering them to do it or else. But with the current political setup here in the US, that ain't gonna happen, either.

Anyone have any idea how to persuade the ISPs to come around?

Re:I existed before NAT

[asdfghjklqwertyuiop]

You know what? You have no rights to my private network. NAT keeps you out of my affairs. It causes me some troubles, yes, but those troubles are far less costly then letting you snoop around my network.

Firewalls that filter my data without going through a "portal" like a public/private address space are too insecure for me to trust. I feel much beter knowing you cannot, realistically, route into my network. A network that was [public-ip] [firewall] [public-ip] means once an attacker gets through the firewall, it is much easier to route packets in and out.

You don't know what you're talking about. What on earth is this "portal"?? NAT doesn't keep people out of your affairs. Some people, perhaps many people, CAN route to your network. If your ISP created a route for your RFC1918 blocks, everyone connected to that ISP would be able to get into your affairs if you don't have a firewall that drops those packets. Practically all cable ISPs and some DSL providers plop all their customers on one big logical ethernet. Any of those people can, in theory, set up a route for your private network gateway via your public IP address.

The ONLY thing keeping all these people off your network is your firewall. And guess what? That firewall works exactly the same way without NAT.

They both suck, but IPv6 has no excuse.

[bytesex]

Both IPv4 and IPv6 suck. IPv4 sucks because it should have been just: dest-address, source-address, ttl (byte), flags (byte), size (short). 12 bytes instead of 20. IPv6 sucks because it wants to be too much and at the same time, simply isn't modern enough. How's about variable length addresses (my home network needs only 1 byte) ? How's about flags that say something about the scope of the packet (I don't want these packets to make it accross a router; I wouldn't have to spec certain address 'areas' as 'special') ? Why drop ARP (really, it was just fine) ? What's with the f^@%ing jumbogram (4 gigabytes of payload ? What concentrator is going to cache 4 gigabytes of payload ?) ?

IPv6 traffic is all pings...

[volxdragon]

For the last 8 years I worked for a major switch/router manufacturer and we were one of the first to forward IPv6 traffic in hardware/silicon (rather than a software data path on a generalized CPU)...back then 99% of all IPv6 traffic (what staggering little there was at the time) were pings as people just tried to prove tunneling was working (screw doing native IPv6, you couldn't get beyond a LAN with that, no major ISP outside of Japan had native IPv6 service). Looking at current networks, it looks pretty much the same, still 99% pings...

Re:Time for IPv7

[coryking]

Ever read mythical man month? IPv6 is a textbook example of the second system effect.