Slashdot Mirror
Level of IPv6 Usage Is Vanishingly Small
An anonymous reader writes "The impending IPv4 address allocation shortage has led to a lot of speculation on the future of IPv6 (including here). A new study says that Internet IPv6 migration is not just going slowly — it has basically not even begun. After spending a year measuring IPv6 traffic across 87 ISPs around the world, the study concludes 'less than one hundredth of 1% of Internet traffic is IPv6... equivalent to the allowed parts of contaminants in drinking water.'"
Because it impacts the other guys, not me. It's the people in China and India and everywhere else that need addresses. Me? I've got a whole block right here.
'less than one hundredth of 1% of Internet traffic is IPv6... equivalent to the allowed parts of contaminants in drinking water.'
Like that means anything to me. Can they compare that percentage in terms of the number of pages per Library of Congress?
Was IPv6 our only hope or do we have something else ready to go for when we hit that last address? And speaking of that, what WILL happen when we hit that last address? Will the internet suddenly die? Or will some people just not be able to connect because the IP is in use?
Fool me once, shame on you. Fool me twice, watch it -- I'm huge!
Is it African or European IPv6?
Fool me once, shame on you. Fool me twice, watch it -- I'm huge!
If people could actually get IPv6 service from their providers instead of having to route everything through congested tunnels, THAT would help.
The biggest reasons:
And probably many others. The bottom line is that right now today, there isn't a 'killer app' for IPv6.
My blog
Between tunnel brokers and 6to4, really all of us who manage servers should have them on IPv6 in addition to IPv4. What's the downside to being ready?
The the water is internet. Which comes into our houses view pipes.... OMG THAT PROVES IT. The internet IS a series of tubes! We were all sooo wrong ;\
99% of IPv4 traffic is bittorrent. Switch it to IPV6 and the traffic figures will spike!
Well at least not right now. With more allocation of IPV4 address we wouldn't be needed anytime soon. The company I work for has 56 public ip address for 3 webservers. The other 53 address are not even used, they are just parked for future use. If I was allowed to set the servers up the "right" way I wouldn't even need 3, just 1.
Supporting World Peace Through Nuclear Pacification
measuring the percent of traffic is not very reliable. Thats like saying how much internet traffic is used for Vonage, or Slashdot.
More importantly, how many sites can be reached via IPv6? How many publish AAAA addresses in DNS? How many ISP's can route IPv6? I know that there is tunneling for running over IPv4, how much of that 99.99% of traffic might be doing that?
What are we going to do tonight Brain?
Let me get this straight... It's not a truck?
It may be just me, but I always felt IPv6 is a solution looking for the problem.
There is a reason IPv4 is so well entrenched. Other than availability of software, hardware and services, it is convenience of handling IPv4 in all those things. This is what permits developers to create all those wonderful products, administrators to effectively administer them and users to enjoy them. A primary reason to that is IPv4 address size - it is 32 bit which is natively handled by all current hardware, and easily remembered by humans (short term) in its quad decimal form.
IPv6 has neither of these features. It is difficult to deal with in software (I know, I do this for a living), does not fit into any native data type (and won't until we move to 128 bit architectures - which does not seem to be very soon), cannot be remembered or used by a human (so effective administration requires magic automatic tools), does not give itself with any convenience to routing related data structures (like radix trees). All this for dubious benefit of addressing directly (in non-hierarchical manner) of every toaster in the world. This is directly opposite to the way the Real World operates (i.e. your home has an address, but noone gets to talk to your toaster directly without going through you first.
If I were solving this, I'd suggest separate and non-directly routable IPv4 address spaces for separate countries (and, perhaps, for other entities). And lots and lots of NAT or proxying. Of course that is kind of what is happening anyway.
China would be happier that way too. In case of cross-border cyberattack, just cut external links and your country is self-sufficient and interconnected :)
Anyway, I am ready to bet some cash that IPv6 will never become a major transport protocol.
I know I will do whatever I can to keep it far far away.
Make all porn only reachable through IPv6.
The fact of the matter is, IPv6 is a solution looking for a problem. With IP shortages and the ease of NAT/PAT, most entities realized they don't need a whole block of IP addresses. Most of the time, one suffices. Else, a block of 8 almost always fits everyones needs. It is like trying to solve Y3K problems 992 years before we need to actually worry about it.
Also, most of the world is using Windows XP. Can you show me where in my TCP/IP settings panel I am supposed to enter my IPv6 information? Exactly.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
We'll be using IPv6 to run our fusion powered, flying cars to go to the moon?
A simple one is just dealing with IP addresses. Not too bad to remember an IPv4, especially since in a given network most addresses are largely similar. An IPv6 one is rather more difficult, and much of the self similarity is gone since the MAC is embedded. Thus you have to start to have better management to deal with the numbers.
A bigger one is the cost of replacing high speed routers. Real high end gear tends to do things in ASICs. It's really the only way to achieve the speeds that people want. Doing it in software would be prohibitive, even if routers had massive CPUs, which they don't. Well, there's lots of gear out there that only does IPv4 in hardware. You want IPv6, it is all handled by the software and thus anything more than a small amount will crush it. It is, of course, not cheap to get an IPv6 upgrade, even when one is available.
That's the situation on campus where I work. The network is Cisco 6500s at it's heart. They handle IPv4 with ease, including the incredibly complex access lists and routing tables we have. However, they do that because they can do IPv4 in hardware. Well they support IPv6, you just turn it on, however only in software. It we tried to use it, it'd grind everything to a halt. So if we want the hardware to do it? $10,000,000. Ya, let me tell you how interested anyone is in spending that, when what we have works great and we are getting our budget cut (again).
Similar situation at larger levels, but even larger dollars. You don't go replacing these high end routers once a year. These things last for a long time. Thus there's lots of hardware out there that works great for IPv4, but can't do IPv6. Companies are understandably not interested in sinking tons of cash to upgrade, especially when it seems to gain nothing.
So even if IPv6 were just turn a switch, I could see adoption being slow because it don't really solve any problem. However it does introduce it's own problems, which makes it just that much slower.
Comment removed based on user account deletion
And don't forget that it is one more thing that can go wrong.
Remember, you ALWAYS run the MINIMUM on your servers. If you don't absolutely need IPv6 today, then don't put it on.
Comment removed based on user account deletion
Some enlightened parties are providing free porn, music and warez over ipv6. That should draw the crowds! Binary news servers newszilla6.xs4all.nl and news.ipv6.eweka.nl are both freely accessible over ipv6.
It's not that simple. IPv6 already has a space for IPv4 mapping. While it's not an all-zero mapping, IPv4 traffic can be routed across IPv6 networks relatively easily, and transparently.
To move to your IPv5, you're still going to need to replace the core infrastructure, and change all the applications to support it. If you're going to do that, you might as well move to something that you're not going to need to replace again in a couple of decades, and something that's easy to route.
The big L3 switches that drive your traffic across the net are not just PC's with a couple of NICs on them; they are highly optimised hunks of silicon, that try to route packets before the CPU even knows a packet has arrived for processing.
It's a *lot* easier to decide which of the couple of hundred interfaces to direct traffic if that decision is being made primarily on a 4 byte pattern in a relatively known location. If you're going to go to 5-bytes, you might as well go to 64-bit. IPv6 has gone that little step further, using 128-bit addresses, but also taking out some of the "features" of IPv4 that lead to uncertainty in the positioning of addresses.
We could have even just added a 3 more positions in the address and assumed a default of 1.1.1. as the default prefix if none was given. That would have given us 16 million * the current 4 billion addresses - 64 quadrillion addresses.
At the risk of repeating the 'no one needs more 640k', I'd have to say that I think 64 quadrillion is more than usable for the next several years. The upshot is that it would have been much easier to deal with that. From a pragamatic viewpoint, there's a whole lot of software out there invested in the dotted quad format. Modifying that to deal with a few more X.X.X places wouldn't have been as hard (think GUIs that check IP validity, for example) as moving to IPv6.
Lame excuses, perhaps, but I think we'd have seen much faster adoption to a format like X.X.X.X.X.X.X because it's an incremental, not radically different.
creation science book
Until such time as some of the larger sites like, say, oh, I don't know, how about SLASHDOT get their finger out and install IPv6, people aren't going to bother. As a probably flawed analogy, would you buy a top-of-the-range games console with wireless everything and teraflops of processing power if there was not a single piece of software to run on it? Actually, this being Slashdot, you probably would just for bragging rights, especially if said CPU had a cool name like cellPwner pro or something. I know, bad analogy.
;; global options: printcmd
;; Got answer:
;; ->>HEADER ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;slashdot.org. IN AAAA
;; AUTHORITY SECTION:
;; Query time: 0 msec
; > DiG 9.3.4-P1 > slashdot.org AAAA
; (1 server found)
slashdot.org. 3149 IN SOA ns-1.ch3.sourceforge.com.
hostmaster.corp.sourceforge.com. 2008080600 14400 1800 604800 3600
Go figure. This is why IPv6 isn't taking off and a pox on anyone who says otherwise. Trying to blame sysadmins for not deploying IPv6 is a downright insult. We're ready, Slashdot. Google's ready. A whole raft of other sites have connectivity and are ready. Looks like you're not.
Resistance is futile. Reactance buggers it up.
I've been thinking about this sort of thing for ages, mostly in conjunction with ponderances on things like interplanetary news.
Between Earth and Mars, you can't FTP - the RTT is so long that the protocol-specified maximum timeout expires before a response can be returned to you. Obviously loading up a web page would be a senseless waste of time. We would need a way of transporting or requesting information in batches in order to effectively communicate things like news between planets.
In my mind, while at university, I envisioned a system consisting of 'packages', which contained some data or subset of data. It could be an entire website (which, for many companies, is merely a brochure, menu, etc. anyway), part of a website (an updated to a company's product information pages, for when e.g. Apple ships a new iMac), or even a single file - a press release, news clip, etc.
Each parcel of information would belong somewhere in a heirarchy. You could start with 'Apple' and grab their default content (say, most of what's on their website at first glance), and then delve deeper into areas like 'support', 'developer info', and so on. Those packages, while not necessarily retrieved by default, could be requested, and would slot into the heirarchy. Without them, you see that they're there and what kind of content is available; you can then request the content be updated, and when the 'package' arrives, you suddenly have access to that content as well.
Likewise, you could start issuing specific identification that computers could use to narrow down who you're looking for. Instead of www.apple.com, you could just do a search for 'Apple Computers' or 'Apple, Inc', and you would be able to find relevant information from (and about) the company. Because we can now uniquely identify business electronically, it's easy for someone writing a news article to 'tag' the article as being about Apple, Inc., and your client can do any associations you might want - stock updates, press releases (especially relevant press releases to the story), and so on, and whatever isn't local can be updated.
Obviously, this would require two things; firstly, a complete overhaul in the way the internet works; secondly, local (possibly hierarchical) caches wherever relevant, so that information doesn't need to be transmitted multiple times. Also, the caches can pre-fetch or be pre-seeded content ahead of time, so that (for example) major/popular news sites could send updates to their content in batches every hour/day/etc.
Because everything in this scheme would be tagged, dated, and versioned, it would be trivial to do a search for 'what this document (e.g. website) looked like in 2005', or 'a news article about communism from last Wednesday' or what have you.
Somehow, though, I think this sort of thing is a long ways off. Then again, maybe not.
1) The world is document centric, not IP address centric. I want to access a collection of named documents and services from "slashdot.org". I dont care if these come to me by IPv4, NetBUI, IPX/SPX, Token Ring or Carrier Pigeon. I want to get "slashdot.org" and I want to make sure "slashdot.org" really is "slashdot.org" and not "somephishingsite.com"
So what you're saying is that you have no real reason to be anti-IPv6?
2) "End 2 End" isn't a selling point. I dont want my home network to be publicly visible.
So stick it behind a firewall that blocks incoming connections to all IP-addresses assigned to you unless you allow them?
3) Protocols that route around my desire for #2 succeed. All good P2P clients support UPnP. 3.1) Protocols that do not work with my desire for #2 fail. See Active FTP and the failed or failing IM networks and IM software that do not transfer files over NAT.
So, you'd rather have ugly workarounds than see the internet work the way it's supposed to work?
4) Those P2P clients are proof that how documents get to me are independent of the underlying link. I have no doubt that BitTorrent could be easily adapted to operate as a wire protocol on 802.11g or on top of IPX/SPX.
See answer to #1
5) If (and a big one) IPv6 got any traction, smart entrepenuers will began creating new services or modify existing ones like BitTorrent to operate and bridge IPv4 and IPv6. Really smart ones will most likely realize that once they abstract TCP/IP out of their design, they can do other "fun" things like implement their file sharing network directly over WiFI or some other mesh type network.
Have you even heard of the OSI model? Why in god's name would you want to have a Layer 3/4 P2P protocol? That's what TCP and IPv4/IPv6 are for.
/Mikael
Greylisting is to SMTP as NAT is to IPv4
I'm actually in one of the rare areas that have more than one ISP. We have three available here. Our current ISP doesn't implement IPv6, so I can't use it. I checked with the other two. Neither of them allows IPv6, either. None of the three admits to any plans to implement it.
Most people have only one ISP, of course. What incentive does that ISP have to permit IPv6? I mean, here where we have three ISPs, none of them has an incentive to do it.
I don't see how we can ever switch to IPv6 until the ISPs stop dropping all IPv6 packets, and start forwarding them properly. And that clearly ain't gonna happen without a bit of "government regulation" ordering them to do it or else. But with the current political setup here in the US, that ain't gonna happen, either.
Anyone have any idea how to persuade the ISPs to come around?
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
And yet they're more secure than NAT, which you do trust?
Ever wonder how you're able to receive calls on Skype through NAT? I'll give you a hint: your network is not terribly private behind NAT ;). Private from TCP packets, sure, but NAT has to be incredibly stupid when it comes to UDP.
If you want to keep your network private, you should get a firewall that keeps your network private. NAT does not do that, but there are a lot of firewall implementations that will.
In short, when it comes to security, public IP + firewall > NAT.
I still dont buy it. Sorry. It just feels so natural to place my network on private, publiclly unprofitable address that I feel it is insane not to. It is so damn intuitive to me, and probably alot of other people--it feels like a violation of our core being when we let our personal computers sit out on the big bad internet.
The "NAT is evil" argument just doesn't sit right. Sure it causes some pain, but only in stupid protocols that don't know how to use UPnP or do stupid things like active FTP.
If you create a modern protocol that doesn't account for NAT, you created a protocol that will fail in the marketplace because people will blame your product, not their cute little netgear router.
But honestly, when you boil it down we are both right and we are both wrong and are basically talking past eachother. The "fear" of mine about privacy and security is valid, and your concerns about being NAT being a pain in the ass is also valid. The true cuplrit here is we are asking more from our network stack (IPv4/6) then it can give us. Hence the point of my original post... the time of TCP/IP is coming to an end and we need to find better network protocols that make my security/privacy concerns go away and make thins less of a pain in the ass for you.
Looking at an app that uses regex to match both IP4 and IP6 precisely (as opposed to numbers and dots or hexchars and colons), the IP4 pattern is:
PAT_IP4 = r'\.'.join([r'(?:\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])']*4)
RE_IP4 = re.compile(PAT_IP4+'$')
and the IP6 pattern is:
RE_IP6 = re.compile( '(?:%(hex4)s:){6}%(ls32)s$'
'|::(?:%(hex4)s:){5}%(ls32)s$'
'|(?:%(hex4)s)?::(?:%(hex4)s:){4}%(ls32)s$'
'|(?:(?:%(hex4)s:){0,1}%(hex4)s)?::(?:%(hex4)s:){3}%(ls32)s$'
'|(?:(?:%(hex4)s:){0,2}%(hex4)s)?::(?:%(hex4)s:){2}%(ls32)s$'
'|(?:(?:%(hex4)s:){0,3}%(hex4)s)?::%(hex4)s:%(ls32)s$'
'|(?:(?:%(hex4)s:){0,4}%(hex4)s)?::%(ls32)s$'
'|(?:(?:%(hex4)s:){0,5}%(hex4)s)?::%(hex4)s$'
'|(?:(?:%(hex4)s:){0,6}%(hex4)s)?::$'
% {
'ls32': r'(?:[0-9a-f]{1,4}:[0-9a-f]{1,4}|%s)'%PAT_IP4,
'hex4': r'[0-9a-f]{1,4}'
}, re.IGNORECASE)
Longer, but not any less handy. I mean, what do you care care once the
expression is compiled?
If people like you ran the world, we'd still be afraid of using fire to cook meat, or of sowing grain to produce wheat. Fortunately, the world is usually run by people who apply reason.
The OP is right. Packet filtering has nothing to do with NAT, and it's only your paranoia (or trollishness) that's preventing you from seeing that.
I've noticed that most technical people pass through a phase where they want to do everything themselves, where writing to the bare metal is cool. We've all had that urge at one time or another. It takes a certain amount of humility and world-weariness to realize that there's plenty of good work that's already been done.
what about http://www.sixxs.net/ ? they support AYIYA tunnels which should work through nat, and they have European POPs, so it sounds like they might work much better for you.
When there was no more space to build outward in Manhatten, then solution wasn't to try and produce more land. instead, they made the buildings taller (which worked well until '99)
People have no problems remembering up to four three digit groups. So why not, expand the address space to support 0-999 values instead of just 0-255. Sure, 999 isn't a byte, but it's close enough to 2^10. Sacrificing the remaining 25 values won't hurt much. But more importantly, it would increase the address pool from 4.2 billion (minus invalid values) to 1,000,000,000,000 (a trillion) which still allows something like 200 IP addresses for every person on the planet. And with technology like NAT which should be employed for security purposes should be more than we could ever use.
Not we just need some genious to figure out how best to map that mechanism to the base-2 or IPv6 world
Both IPv4 and IPv6 suck. IPv4 sucks because it should have been just: dest-address, source-address, ttl (byte), flags (byte), size (short). 12 bytes instead of 20. IPv6 sucks because it wants to be too much and at the same time, simply isn't modern enough. How's about variable length addresses (my home network needs only 1 byte) ? How's about flags that say something about the scope of the packet (I don't want these packets to make it accross a router; I wouldn't have to spec certain address 'areas' as 'special') ? Why drop ARP (really, it was just fine) ? What's with the f^@%ing jumbogram (4 gigabytes of payload ? What concentrator is going to cache 4 gigabytes of payload ?) ?
Religion is what happens when nature strikes and groupthink goes wrong.
For the last 8 years I worked for a major switch/router manufacturer and we were one of the first to forward IPv6 traffic in hardware/silicon (rather than a software data path on a generalized CPU)...back then 99% of all IPv6 traffic (what staggering little there was at the time) were pings as people just tried to prove tunneling was working (screw doing native IPv6, you couldn't get beyond a LAN with that, no major ISP outside of Japan had native IPv6 service). Looking at current networks, it looks pretty much the same, still 99% pings...
IPv4 addresses are like oil. We know we'll run out some day, but so far, it hasn't happened. So nobody really cares, no change happens, and we're stuck with old obsolete technology.
So we can only hope that both IPv4 address space and oil will be exhausted soon, so that finally there's real pressure to switch to a better technology. Yes it will be expensive, yes some people well be annoyed by the change, but it will be a good thing.
bye, Till
By far the biggest hole on your network is all the software you're running on your computers
Only because I've taken the steps to plug up the obvious stuff like making it almost impossible to route *into* my network. Now the attacks have evolved to work around the firewall/NAT.
probably much of it un-audited and capable of sniffing your "private" network
Audited, yes, but all of my computers are wide open and password free to improve the human factors like, say, the lady getting her pictures off my computer from the laptop (vista does act smart about this, btw, it keeps tract of the network you are connect to and can let you open or shut your "doors" based on your access point).
There are a host of applications where being able to easily and systematically address hosts in a "private" network would be a good thing.
Address translation or not, these are still gonna have to punch holes in my firewall (which would clearly be "default deny") and do it in a user friendly way that doesn't require me to log into my broadband router (which would still exist exactly to provide a firewall). ...Speaking of, we'll have to improve our routing protocols to deal with provisioning entire subnets to each customer instead of lumping many customers onto a single subnet. Thats an engineering problem though.
Ever read mythical man month? IPv6 is a textbook example of the second system effect.
To the MANY who think a few nat devices makes it all better, please think again.
For one, most ISPs for home service already only give out 1 IP and we're still running out. Do you want your NAT to be behind another NAT (that you cxan't configure port forwarding on)?
Virtual servers don't help a lot either. Believe it or not, not everything on the net is a web server. Do you want to discover in a few years that you CAN NOT get a colo box hosted, but you are free to get a "virtual" home page on a one size fits all web server?
Unless IPv6 deployments get a lot more common, the other choice is to colo in IPv6 where perhaps one in a million people can even actually connect to it.
While we're not out of v4 addresses yet, actually getting a block from ARIN has become increasingly difficult unless you're AOL, Comcast, etc. Years ago, you could just ask for a class C and receive within a day. Now, you have to send in increasingly detailed "justifications" and they are increasingly likely to be found "insufficient". Next I suppose you'll have to include the results of your last colonoscopy as well. New customers want IP assignments NOW, but ARIN doesn't want to give them out until you can prove you have a current need for them. That pretty well assures that only large providers will be in the running. Don't you prefer a net where there are small and more responsive providers out there? Perhaps some who are a little less quick to automatically yank your site down if the *IAA grumbles that one file might be copyrighted?
As for why so many addresses this time rather than just adding an octet, consider that v6 has been specified for 10 years now and the adoption is pitiful at best. Do we really want to be right back here again in 2018?
Part of the freedom of the net is inextricably linked with the ability to get an IP address to be on the net with. If you don't want net access bottlenecked and controlled more than it already is, you should support a move to IPv6.