IPv6 and the Business-Case Skeptics

Julie188 writes "Experts keep screaming that the IPv4 sky is falling. Three such experts were recently asked point-blank to state an irrefutable business case for moving to IPv6 now, and their answer was more plausible than the old refrain (the lack of addresses and a yet-to-be-seen killer IPv6 app). They said that there isn't a business case. No company that is satisfied with all of its Internet services will need to move, even in the next few years. They also pointed out that Microsoft is a unique position in the industry both causing and hindering IPv6 adoption — causing through its IPv6 support in its OSes, and hindering by not extending IPv6 support into very many of its apps."

You want a business case?

[dmayle]

• It's an opportunity for press, "We're the first baz widget company to offer our services over IPv6".
• Do something kitschy and you've got potential for viral advertising, "Got IPv6? Come see our new IPv6 only thingamabob, look it's funny, share the link with your friends".
• You can garner the attention of early adopters, "You're at the forefront of technology, and so are we. That's why you should do business with Foobar Widgets."

There are plenty of business cases for IPv6, you just have to ask business experts, not technology experts...

Re:You want a business case?

• Do something kitschy and you've got potential for viral advertising, "Got IPv6? Come see our new IPv6 only thingamabob, look it's funny, share the link with your friends".

Sounds like a great idea. Let's make a turtle dance!

Re:You want a business case?

[Kjella]

Yeah, because cutting yourself out of 99%+ of the market by going IPv6 only is a smart business decision. Face it, if you want an online service you're on IPv4 and the service won't really be any different on IPv6. Between HTTPS, VPN and SSL noone is excited about IPSec because it's already solved if less elegantly, nor has the "online home" happened. Neither my fridge, dishwasher, washing machine or toaster is online even in the local LAN so I got no use for my own /64. IPv6 is about as sexy as computers in a new shade of beige.

Re:You want a business case?

[mea37]

Maybe you could build a business case around one or more of those, but what you've really got there are just marketing angles.

The question is, how is this going to make/save me money? More specifically, how will it make/save me more money than investing the input capital in some other way?

• Being able to say I'm the first to have it? Well, that might be worth soemthing for one company in any given industry, if that company's customers care about IPv6 for some reason.
• Unless whatever kitschy thing I might do can only be done with IPv6, I can do it cheaper without the IPv6 conversion and get the same buzz; so to make this a business case you need a specific "something kitschy".
• Attention of early adopters might be of value in some markets, but without some detailed projections I'd be hard pressed to invest in an entire network overhaul for marketing buzz.

I'm not saying the business case does or doesn't exist, but until you've tied it to dollars and cents (or better yet NPV), you haven't made what most people would take as a compelling business case.

Re:You want a business case?

[FooAtWFU]

It's also a useful bullet point these days (and becoming more so), if you're going to be selling to Big Enterprise and Government Customers and such.

Re:You want a business case?

[An+anonymous+Frank]

Actually, that's Foobar Widgetz, and they've got really good items on their download page at:

0:0:0:0:0:0:127.0.0.1

Re:You want a business case?

[wurp]

If you really can find something that people will advertise to one another because it's IPv6, it could make sense. 20% of ipv6 users is much better than 0.000001% of all internet users, even if only 1% of all internet users are ipv6 users.

I can attest that if you build it, they will not come. I built a free site to help people buy & sell either locally (location based search) or nationally (http://frimp.net) about 4-5 years ago. It doesn't do auctions, but it's free (as opposed to eBay), and easy to use and works everywhere in the US (as opposed to Craigslist).

I didn't really advertise, because I have no real idea how to - I ran an ad in the Dallas Morning News, which got me about 100 new members. I ran some ads on Google, to little effect. I'm not sure whether either ad paid for itself or not.

Anyway, four years later, I have about 2000 people signed up on the site. It's not insignificant, but it's not going to pay back 1% of what I've invested in effort, either.

My point is that if you can come up with some (ugh) gimmick to get people to talk about your whatsit, even if the people who talk about it belong to some very limited group, it can make a big difference. Of course, that assumes that people using ipv6, or people who might be likely to use ipv6, talk to one another.

Re:You want a business case?

[Chris+Mattern]

Sorry, "It'll be really ultra-cool" does not a business case make.

Re:You want a business case?

[ShieldW0lf]

If you're one of the people who has enough static IP addresses to serve your needs, you're better off with IPv4, because that will make sure you're among the few who do. Increasing supply doesn't serve those who already have enough, which would be those interviewed.

If you like things the way they are, where the restricted number of static IPs makes it impossible for the great unwashed to have a voice and the web is coming to resemble a television set more each day, well, you're not going to be supportive of IPv6. Plenty for everyone means no leverage, which means no profit. Which means IPv6 isn't going to get business support from the IT sector any time soon.

Re:You want a business case?

[janeuner]

IPv4 Support (99.9% of market):
example.com IN A 1.2.3.4

IPv4 + IPv6 Support (100% of market):
example.com IN A 1.2.3.4
example.com IN AA ::FFFF:1.2.3.4

Seriously - net admins need to stop preaching dogma and do their freaking jobs. It's not like it is that hard.

Re:You want a business case?

[stevied]

You might also want to ask "technology architects" rather than "technology experts."

Some people are very good at learning the details of existing technologies, and figuring out how to mangle them to solve tomorrow's problems. Other people take a broader view and wonder how to solve next year's problems by creating new technologies. Both have their place, and there must equivalents on the "business" side of a business - people who try to foresee major economic events, the birth of whole new markets, etc. The fact that IPv6 is in many ways a "plumbing" issue (oops, made another tubes allusion) doesn't mean that long-term thinking isn't called for, even if many businesses aren't used to it in respect of (IT) infrastructure.

(Incidentally, the analogy to real architecture works quite well, I think. Sometimes "vision" is called for when creating new buildings, a whole fresh design; other times the traditional way of doing things, a design that has slowly accreted over the years, is fine.)

Re:You want a business case?

[LongestPrefix]

Sorry, dmayle: a business case is more than just features and advantages. A business case should include an estimate of the costs, and some estimate of the revenues.

The problem for ISPs is that the costs are quite high, but these alleged features and advantages have almost no value because they bring almost no revenue.

The problem for users is that the costs are high (in terms of time and effort) but the advantages are, heretofore, nil. There's nothing I could do with IPv6 that I actually want to do that I can't do with IPv4.

Re:You want a business case?

Wrong. The actual question is, how is this going to get me laid?

Unfortunately the answer is, it won't...until more IP6-compatible "appliances" become available

Re:You want a business case?

[jellomizer]

Being first on the market only works for something there is a real public demand for. The golden spot is to be an early adapter first to use it when it starts getting popular.

Viral advertising will only work if others can view it. with 99% people clicking on the link and not finding the location even if their computer supports IPv6 their ISP may not.

Yes but the early adopters will probably still have IPv4 as well. Besides these adopters are the minority having a minority and selling a product or service that may have limited appeal to these adopters(Linux users are CHEAP) will mean 1% of 1% or um 0.01% vs just useing IPv4 and normal advertising you may just get 1%.

Re:You want a business case?

[Yvanhoe]

Exactly. What is needed is an IPv7 that has IPv4 compatibility. I remember a presentation explaining why IPv6 didn't caught on. There were 3 main points :

- IPv6 is not IPv4 compatible

- IPv6 is not IPv4 compatible WTF ?

- IPv6 is not IPv4 compatible and this is stupid

Re:You want a business case?

[assantisz]

I am sorry but that explanation is lame. Is there any operating system out there that does not support dual TCP/IP stacks? Is there any mainstream application out there that does not support IPv6 in addition to IPv4? There you have it. Just configure your IPv4 system to be also capable of IPv6 and offer your services in both ways. You just need an upstream provider that provides you with IPv6 connectivity (a little more difficult but not a show stopper).

AFAIK there is only one real problem left that will keep many big businesses from deploying IPv6: multi-homing. The technology to have more than one upstream provider for IPv6 connectivity is still in flux.

Re:You want a business case?

[pxlmusic]

damn my lack of mod points.

Re:You want a business case?

[gbjbaanb]

how about SSL for every website?

that's all I can think of that isn't catered for by IPv4. I agree the only way to get IPv6 adoption is to shut off IPv4, and that's hardly going to happen until the day a registrar says "no, you can only have 1 IP for your server, sorry but we've run out"

Re:You want a business case?

[I'm+not+really+here]

I agree wholeheartedly. I want a static IP.... My cable company says "there are only so many available, so we have to charge you $50 per month for that feature."

Thank goodness for dyndns.org, but still... I want my static IPs so I can run my own server and access my network without having to use a 3rd party service to synch up the IP and the domain.

Re:You want a business case?

[kimba]

What the hell is an AA record? You do realise that that ::FFFF:1.2.3.4 is an IPv4 address and won't be transmitted over IPv6 infrastructure?

The fact is IPv6 is about as desirable as adding extra digits or overlays to telephone numbers. Noone wants to dial extra digits, but at some point you are going to need them to grow the number space. The difference is there is no regulatory body to enforce an orderly switchover, so early adopters (i.e. IPv4 holders) hold on to their shorter numbers and skew the market.

Re:You want a business case?

What about multicast? Does ipv6 not bring multicast potential?

Re:You want a business case?

[xaxa]

You don't really need an IPv6 capable ISP for the bare minimum of IPv6 -- there's an anycast address (192.88.99.1) for the nearest 6-to-4 relay which worked with no problems for me.

What is a problem is routers -- specifically, consumer routers with integrated modems etc -- which don't support IPv6. My ADSL modem/router worked after I'd given it a new firewall rule -- I could then use IPv6 on one PC on the LAN. But what should happen is the router gets the /64, then assigns addresses within it (like DHCP) to any devices on the LAN as required. Few (if any) consumer routers support this.

Re:You want a business case?

[hedwards]

I don't really agree, there isn't any reason why businesses have to ever go ipv6 on their local network, more likely than not ipv4 will be used like that for some time with the conversion being done at the router level.

You also don't make these sorts of changes 100% before pretty much everybody has partial support. It wouldn't make sense, the amount of effort it would take to get damn near everybody using ipv6 would make it prohibitively difficult to do.

As of right now there is absolutely no excuse for organizations of any size to not be preparing for the transition. If the options really are insufficient, the best way to know that and to find a fix is to start testing as well as limited use. Waiting until the last minute has a pretty huge cost if for whatever reason it doesn't work.

Re:You want a business case?

[hedwards]

That's not a fair analogy. For one thing that's a type business which performs the same basic function as other sites and requires a significant number of people to actually be useful. Sure each site will typically have something special, but people tend to be wary of sites which do that sort of thing free.

Contrast that to ipv6 where, users don't have to give up ipv4 completely and where the main requirement for usefulness is the ability to take the domain name resolve it and make contact with the server.

Hell, you could probably even work out some method of translating the ipv6 down to the ipv4. I mean there's so many ipv6 addresses out there that giving up the set that can be logically pinned to ipv4 is going to make minimal impact on the number required.

There's also the bit where the ISPs have quite a bit of say, and they can definitely bring their own ipv6 infrastructure online and provided facilities to deal with the transition rather than the end users.

Re:You want a business case?

[HJED]

example.com IN A 1.2.3.4 example.com IN AAA ::FFFF:1.2.3.4 quote> fixed that for you it is an AAA record not a AA record thanks

Re:You want a business case?

[darkpixel2k]

I want my static IPs so I can run my own server and access my network without having to use a 3rd party service to synch up the IP and the domain.

Try here (just giving my colo provider a free click)

Seriously--I pay $59/mo for a dedicated server. I have 16 IPs included with an offer of additional IPs for free.

If you want home internet access, call Comcast, Verizon, Sprint, Qwest, AOL, Compuserv, or whomever.

If you want to host a server, call a hosting company. Your home internet connection is not sold for hosting servers.

Re:You want a business case?

[Xugumad]

They're close to being right, though. The address record for IPv6 is AAAA , and there are IPv6 addresses reserved for the IPv4 address space, even if that's not quite the right syntax.

Re:You want a business case?

[Kjella]

If you're one of the people who has enough static IP addresses to serve your needs, you're better off with IPv4, because that will make sure you're among the few who do. (...) If you like things the way they are, where the restricted number of static IPs makes it impossible for the great unwashed to have a voice and the web is coming to resemble a television set more each day, well, you're not going to be supportive of IPv6.

Funny, I have.... zero? I occupy one all the time though, and with a dynamic DNS and portmapping so I can log directly into any of my boxes from anywhere. And with UPnP pretty much any intelligent application on my LAN will be able to open incoming ports if they need them, which is an 80/20 fix for the most annoying part of NAT. And I really have to ask, what's with the hyperbole? Can you post on slashdot? Facebook? Myspace? Twitter? Chat on MSN/Yahoo/ICQ/AIM/IRC? Post on newsgroups? Upload to YouTube? Download torrents? Yes and more. Is there anything you CAN'T do? I'm sure there's some edge cases but damn if I notice them. If you blame your "lack of a voice" on IPv4 then you're making up very poor excuses as you got every opportunity. Complain about that if you're behind the great firewall of china or some other real censorship, this is just pathetic.

Re:You want a business case?

the restricted number of static IPs makes it impossible for the great unwashed to have a voice

Two far greater limiters to the common man having a voice on the web:

1. More bandwidth, less ISP intrusion for things like pirating data. This would enable people to exchange a lot more data and generally do a lot more than is practical today.

2. The common man has nothing to say. Most of the common people don't have a voice because they're too busy drinking beer and watching TV.

Those 2 things have a greater impact on the voice of the common man than IPv6.

Re:You want a business case?

[petermgreen]

AFAIK there is only one real problem left that will keep many big businesses from deploying IPv6: multi-homing. The technology to have more than one upstream provider for IPv6 connectivity is still in flux.
AFAICT for big buisnesses this is a non-issue, they will already be an "autonomous system" and will probablly have no trouble getting a globally routable /32 allocated which they can advertise on as many providers as they like.

For small and medium buisnesses there is a big problem though. With IPV4 you could use NAT and I belive you could also advertise space allocated by one provider on another provider. With ipv6 NAT is not readilly availible (linux doesn't support it for philosophical reasons and I don't think many other platforms support it either) and I don't think you are allowed to advertise space from one provider on another provider.

There was a system called A6 which was supposed to simplify handling of sites with multiple addresses running in paralell but it was extremely complicated in itself and has been abandoned afaict.

Re:You want a business case?

1. A single usable true static IP address will actually consume 4 IP addresses. Two for your network broadcast, one for the gateway, and the single usable.

2. Almost every home, home office, or small office customer I have ever seen does not need a true static IP- they just need an IP that does not change.
Some providers offer this service, usually referred to as a "sticky" IP.

The difference between the two is that the sticky IP is simply the DHCP server (for the dynamic pool) reserving a specific IP just for your equipment, so only consumes one address.

Generally speaking, you only need a true static if you need to announce routing, or for a mail server's reverse DNS entry. Some ISP's just can't reverse to sticky in their dynamic pool, and many spam filtering services will detect a sticky as dynamic even with a reverse dns, and blacklist it.

If it's worth the $50 to you then buy one, if it's not worth $50 a month then you don't need one in the first place.

Re:You want a business case?

Well, may I say "China" and "Asia"?
I don't think companies (and users) there will be sitting down waiting for IPV4 addresses to be availabel, when IPV6 works for them.

Of course they will have some IPV4 site, but their infrastructure will be on IPV6.

Re:You want a business case?

[WheelDweller]

OK, now YOU, YOU've been paying attention. GoodOnYa!

But whoever modded this up, he gets a shiny star, too!

Re:You want a business case?

[Abcd1234]

If you want to host a server, call a hosting company. Your home internet connection is not sold for hosting servers.

That's a BS argument. What if I want to stream my music collection, that's stored on my media server, to work? Or access MythWeb so I can alter my recording schedule during the day? Or simply SSH to my home machine so I can retrieve something I was working on? None of these cases are served by using a hosting company, yet all qualify as "[hosting] a server".

Re:You want a business case?

[Nigel+Stepp]

You mean ::1?

Re:You want a business case?

[darkpixel2k]

That's a BS argument. What if I want to stream my music collection, that's stored on my media server, to work? Or access MythWeb so I can alter my recording schedule during the day? Or simply SSH to my home machine so I can retrieve something I was working on? None of these cases are served by using a hosting company, yet all qualify as "[hosting] a server".

Unfortunately a lot of ISPs flat-out don't want you doing that. Go find someone that does allow you to do that.

Honestly, I have no clue what the Comcast policy is for my home internet connection, but I have my own hosting server and my pfSense firewall at home updates my DNS server so I can connect in from client sites.
If Comcast ever came to me and told me I'm not allowed to do that, I'd ask them if they had a plan that would allow me to do that. (I seems their business plans allow you to do a lot more.) If they didn't have a plan for it, I would go find another ISP.

Re:You want a business case?

Two words for you dude: Dual Stack

Re:You want a business case?

[don.g]

Er. No.

A static IP is one that doesn't change. See: any dictionary. It can be assigned via DHCP, or configured statically somewhere in your computer's network config, but none of this means that all the other IPs in the same subnet will be allocated to you.

But you're an AC so I doubt you'll read this anyway.

Re:You want a business case?

[Cato]

Comcast already have an enormous IPv6 rollout, driven by the sheer number of customers that they have. Their IPv6 core is already live according to this NANOG presentation: http://www.6journal.org/archive/00000265/01/alain-durand.pdf

This is mostly driven by need to remotely manage devices like set-top boxes and cable modems. Once you need to do this, IPv4+NAT becomes a real pain.

Re:You want a business case?

[Cato]

The real business case is very simple:

* IPv4 addresses will run out in around 2010 to 2011

* Businesses that need new addresses (mostly ISPs and telecom operators) will need to go IPv6 just to keep operating in longer term (even if there are short term workarounds, they don't work forever - this is why Comcast already has IPv6 live in its core network)

* Planning ahead will be important to avoid an interruption in business (can't get new IPv4 addreses so can't activate customers)

* Around 2009/2010, the stock market will start to assess public companies as to whether they have an IPv6 transition plan, and the press will start to hype "IPv4 is running out - another Y2K is on the way" - companies that don't have an IPv6 transition plan will find their ratings and stock prices fall

If you want to continue expanding as a telco/ISP, and to have a healthy stock price (after the current dip), you will need a serious plan to move to IPv6. It's that simple.

This article was generally quite pro IPv6, the summary was atrociously slanted against v6. But that's Slashdot for you...

Re:You want a business case?

[rtb61]

IPv6 because every new internet device created can have it's IP address preset and the RIAA, MPAA and various governments et al will love that and if not preset, then every internet user will have their own personal range of addresses which they will use in their devices. So no choice at all.

Re:You want a business case?

[DarthJohn]

• Do something kitschy and you've got potential for viral advertising, "Got IPv6? Come see our new IPv6 only thingamabob, look it's funny, share the link with your friends".

Sounds like a great idea. Let's make a turtle dance!

A dancing kame is not hip enough.

My instinct is that anything sufficiently awesome to draw that kind of crowd, make people want the new internet doodad, would be too expensive a proposition to artificially limit your audience by making it ipv6 only.

I'm guessing I'm at least partially wrong, but I'm too tired to think of a counter point.

Re:You want a business case?

[DarthJohn]

I'm also apparantly too tired to have read one more post down which said the same thing only better.

Re:You want a business case?

[darkpixel2k]

This is mostly driven by need to remotely manage devices like set-top boxes and cable modems. Once you need to do this, IPv4+NAT becomes a real pain.

I was impressed by their business-class support one day when Nagios alerted me to an outage at a remote office. No one was at the remote office, so I couldn't figure out if it was a power outage or what, but people needed to connect in from another office and couldn't. (They didn't opt for nice expensive UPSs that could be remotely monitored, etc...just APCs that use PowerChute Personal--yuck!). Anyways, I called Comcast and asked if they were having issues in the area and the guy said he is able to pull up a map of all the Comcast devices in that area and tell how many are online, on-battery, or offline. He said our entire block was offline and he'd send a repair guy out. About an hour later we were up again.

That must be one sweet monitoring system.

Re:You want a business case?

[pegdhcp]

As somebody deciding on static IP prices for our company which is an ISP, I can tell you that the main factor taken into consideration for pricing is usually not the number of available address space, but how hard it is to route and maintain those address. If you are using a /30 segment routed thru another /30 link it means (disregarding aggregation, before somebody jumps in... aggregation also costs CPU/memory/resources/etc.) two route entries in ISP's global routing database. However if you are using a /29 segment (same size with above configuration) on a hosting machine for some purpose, it probably will be assigned to you from a /24 or /23 allocation kept on a single server, thus you are sharing a single routing entry with several (hundreds maybe) other users). Excluding exceptional items, one of the most expensive IT resources on the planet is Cisco memory space, thus static IP's towards households are more expensive than centrally utilized ones.
Also most ISPs do not want to assign static IPs to CPEs, the reason for that being, they (we I mean) do not want to make it easier for their customers to run servers in their location, which will overload more expensive CPE->ISP bandwidth, while they want you to use other people's servers (i.e. browsing web servers) which utilizes cheaper ISP->CPE bandwidth.

Re:You want a business case?

Maybe it's based on people calling them up to complain like you did. :)

Re:You want a business case?

[upside]

Correct.

My ISP gives each user a single static IP address. Additional addresses can be obtained against a one time administrative fee. I have three addresses, all in the same /24 subnet. They are not contiguous but sprinkled across the address range.

Re:You want a business case?

[Nursie]

Well, not only that, but I've got my own /8 anyway in the 10 space or /16 in the 192.168 space. NAT means my devices are not publicly addressable, which I like, so there's no real need for change.

However, we must consider that we in the western world have grabbed most of the IPv4 addresses already, and that expansion will be needed as the rest of the world comes online

Re:You want a business case?

[Nursie]

Windows XP supports both, but in a really weird way. There's no dual stack, and if your app wants to do both 4 and 6 it has to open two listening ports, one for each.

Re:You want a business case?

[I'm+not+really+here]

I'd switch ISPs if I had much of a choice... it's Comcast or crappy 768k DSL with a really crappy up speed. Comcast has nothing in their policy that disallows me accessing my network remotely, nor could I find anything that would stop me from then transferring files over their network. Perhaps a media server would not be allowed, and certainly they experessly forbid a Web Server running on a standard home IP address, but I still stand by what I said. I want a static IP for my home network - so my wife and I can upload photos to our network storage device at home while we are on vacation... 6 GB of photos in a week gets annoying to carry around in CDs or DVDs, and I don't want to carry an external device with us... we just connect to whatever friend's/hotel's computer is nearby (our camera acts as a USB HD) VPN into our home network, and upload the photos.

We also like to watch our videos off our network drive, sometimes to show videos from other trips to our friends. Occasionally, I want to print something to the printer at my house so that my wife can just grab it off the printer and go (without all the time spent getting her to go to the same website and then print out the coupon I am looking at right now on my computer.

Tell me how I can do all of that without using a 3rd party service like dynDNS.org and without having a Static IP address.

Re:You want a business case?

[The_reformant]

You loser! Not only is my toaster online but it has a lvl 70 epic warlock on Skullcrusher.

Re:You want a business case?

[ObsessiveMathsFreak]

Face it, if you want an online service you're on IPv4 and the service won't really be any different on IPv6.

Have you ever tried to play or gods forbid host multiplayer games or use bittorrent behind NAT? I want IPv6 yesterday. And no, UPnP does NOT solve these problems.

Re:You want a business case?

[ShieldW0lf]

Is there anything you CAN'T do? I'm sure there's some edge cases but damn if I notice them.

Run a server. If you can run a server, you can do ANYTHING a computer can be programmed to do. The limits are your imagination.

The fact that you're ignorant about what you can do and don't care that you're not permitted to do doesn't mean other people aren't being restricted. The way things work right now is a perversion of how the internet was engineered to operate.

Re:You want a business case?

[The+Moof]

* IPv4 addresses will run out in around 2010 to 2011

I remember hearing similar a argument back around 2000, and we were supposed to have run out by now.

Personally, I think a huge problem with IPv6 integration is the fact that you cannot get IPv6 from ISP's with residential service. When I moved back in July, I was going to set up my network to use IPv6. What I discovered is that AT&T (my ISP, not by choice, but by monopoly) doesn't offer any sort of IPv6 to residential accounts. At least in my area (a suburb of Chicago).

So trying to convince executives that IPv6 will be marketable is a lost cause since your consumers don't even have the option to use it for service.

Re:You want a business case?

[jack2000]

Oh my non-existent gods! That is why the Mayan calendar ends in 2012! THIS is the reason for the great disaster!

Re:You want a business case?

[Cato]

The arguments are getting more solid - see http://en.wikipedia.org/wiki/IPv4_address_exhaustion for some good links.

The horizon is now quite short - just 39 x /8 ranges (16 million each) remained as of May 08, and we are consuming 13 x /8's every year (at least we did in 2007). So it's easy to see we run out in 3 years including 2008, assuming steady state - in reality there is growth in consumption, and possibility of an "IPv4 exhaustion panic" when the horizon is down to a year or less. See http://www.isoc.org/pubpolpillar/docs/oecd_durand_20080616.pdf for a presentation by the Comcast IPv6 guy that quotes these stats.

IPv6 will be deployed through provider push in my view, not consumer pull. A given provider, whether cable, telco or wireless, will decide it's going IPv6 and roll it out from the core through aggregation, access, and to home networks (or handsets). Once they reach the home network stage they will simply provide IPv6 devices / set top boxes to customers, who will mostly have no idea they are on IPv6. Customers will still be able to access the IPv4 internet of course, but the provider can manage the home network properly since it's no longer NATed.

If you want to go IPv6 early at home, there are various ISPs in most countries offering it (my UK ISP has done for years), and you can always use IPv6 tunnel brokers over IPv4 access in the interim - this is now very easy to do.

Re:You want a business case?

[ZOP]

Yeah except that many dual stack systems prefer v6 if they perceive they're v6 connected, and don't give up that idea when v6 is failing. So then your site becomes unreachable to those with v6 enabled in these islands, or on systems that mistakenly believe they have v6 connectivity. So no, it's not that simple. (I'm not picking nits about the fact that there's no AA record and the format is wrong, and it's still only an ipv4 address)

Re:You want a business case?

[ZOP]

AC here is talking about a Point To Point link. Very rarely is DSL equipment provisioned in this manner. You're proxy ARP-ed generally by the other end of an ATM (or PPPoE/PPPoA) link. So burning three IPs for a single static IP is not necessary and is poor network deployment.

Re:You want a business case?

[ZOP]

Oh the *technology* is there, and is the same as IPv4. the *policy* is another matter entirely. (I work at a web host/ISP)

Re:You want a business case?

[ZOP]

Last I checked Outlook, for one. Laugh, but a lot of people use it. A number of other windows applications and systems/services. Most all your consumer CPE for a big, huge, number two.

Re:You want a business case?

[sjames]

Who said anything about v6 ONLY?

Re:You want a business case?

[An+anonymous+Frank]

:) --I didn't wanna be too cryptic.

There is no business case *in the US*

[johannesg]

Countries like China and India, that have lots of people that might one day want to connect, but not a lot of existing infrastructure yet, and certainly not a lot of IP4 addresses, will have a far better motivation than countries that have an abundance of unused addresses.

The killer app will come, alright - just not from the US.

Re:There is no business case *in the US*

Thats bullshit. Try getting more IP Space and you'll see how much trouble that is vs just getting a /32 ipv6 block. IPV6 will be required and by the way things run around here it'll happen in a rush when Ma Bell can't add any more customers because she's out of IP addresses.

Re:There is no business case *in the US*

[sakdoctor]

India and China have 38 percent of the world's population who might want to connect one day.

I have a house full of linux running household appliances that want to connect today. In fact my toaster said it would kill me if it didn't get it's own internet facing IP address by the end of the year.

Re:There is no business case *in the US*

[Chris+Mattern]

My toaster got told it'll go through the NAT router like everybody else and like it.

Re:There is no business case *in the US*

[Cajun+Hell]

China? They can just use NAT and have one address for the whole country. ;)

Re:There is no business case *in the US*

[runlevelfour]

From what I understand v6 isn't even finalized yet. What I don't want to see is a rush to deploy anything without rigorous testing and finalization of all constituent parts. I would like to see v6 deployed someday but right now its being tested and experimented with slowly and surely. If there was an immediate crisis I would understand but for right now if we have the time we should take advantage of it and test it (and its ramifications) thoroughly.

Re:There is no business case *in the US*

[st0rmshad0w]

How else are they going to run that firewall?

Re:There is no business case *in the US*

[mshannon78660]

Well, since IPv6 was laid out in RFC 2460, and that RFC is not listed as having been obsoleted, I think you are incorrect. There are more recent RFCs which specify certain applications and/or protocols running over IPv6 - however, this situation is no different from IPv4 - where there are still RFCs being published today to specify particular applications and protocols. Oh, and RFC 2460 was published in December of 1998 - so I think we've had plenty of time for testing...

Re:There is no business case *in the US*

[Tubal-Cain]

Mine grew an arm and stabbed me in the face.

Re:There is no business case *in the US*

[Firehed]

Mine got thrown out the window when it started giving me attitude instead of my damn toast.

Re:There is no business case *in the US*

[againjj]

Did you read the toaster's man page first?

Re:There is no business case *in the US*

[kestasjk]

It'd sure make things simpler for their government

Re:There is no business case *in the US*

Likely to come from the new "land of opportunity".. India or China

Re:There is no business case *in the US*

[TheLink]

In countries like China, not having enough IPs for everyone = NAT = easier for the Chinese government to control their people.

In countries like USA, not having enough IPs for everyone = NAT = better for the Media Industry - since it is harder for people to start their own channels, and also do P2P stuff.

Puts on Evil Leader Hat- I don't see a problem, do you?

Here's mine:

[Just+Some+Guy]

"Boss, I can get an IPv6 tunnel for free so that we can start experimenting and testing. We work with the Department of Defense, and they say that this stuff is important, so with your permission I'd like to spend $0 to start playing with it."

And that's how we came to be on IPv6.

Re:Here's mine:

[sunking2]

Boss says, 'You want to be paid to do that when you haven't even recovered the email for me that I deleted last week? You aren't paid to play. Dance monkey boy, dance. And don't forget your pager when you leave tonight.'

Re:Here's mine:

[Just+Some+Guy]

It sounds like you work for an awful boss. Have you considered taking night classes to help land a job that rewards intelligence?

Re:Here's mine:

[Tony+Hoyle]

That will work only if your boss is an idiot and doesn't realize that you cost money. Personally I'd rather ask for a couple of days off on full pay.. you're effectively asking for the same thing but it's more fun.

Re:Here's mine:

[Just+Some+Guy]

That will work only if your boss is an idiot and doesn't realize that you cost money.

Not really. I've built up a track record for making fun projects into useful systems. When I played around with Jabber, we ended up with a secure intra-office IM system. I took some time to write an article on spam blocking and we ended up moving a big chunk of our email service onto a Postfix+Cyrus system, plus spam/virus filtering for the Exchange server. When I tell him I want to check out $SHINYTOY, I usually get to.

Re:Here's mine:

[Just+Some+Guy]

Son, the GP was likely working in IT before you were born...

Hey, I'm not that old! Although now that you mention it, I first started hosting a BBS using software that I wrote for the C=64 in about 1983.

Dang. Please excuse me while I go search for my Geritol.

Re:Here's mine:

[sunking2]

Unfortunately, it appears he lost his sense of humor somewhere in the 70s. Scott Adams probably has a ton of emails from him saying that Dilbert should really find another company to work for.

Re:Here's mine:

[Nursie]

"That will work only if your boss is an idiot and doesn't realize that you cost money."

No, the boss is an idiot if he doesn't grant this, so long as it doesn't put back other things you're working on. The US federal space mandates IPv6 compatibility in software, as do a lot of enterprises now.

Not every manager is constantly focused on the next five minutes. Only the bad ones.

Re:Here's mine:

[Just+Some+Guy]

Who, me or cl0s? I usually get more "funny" than "informative", so I hope I'm not totally bland.

Re:Here's mine:

You missed the part where he said he works for DoD. In government jobs, individual labor is effectively free, since govt jobs are basically guaranteed unless you get caught breaking the law.

However, you have to fill out reams of paperwork to get basic office supplies, so "spending $0" is very attractive to govt managers.

Re:Here's mine:

[Just+Some+Guy]

I don't work for DoD. I work for a company that has a lot of interactions with DoD.

Re:Here's mine:

[cl0s]

How would you know I'm not so old that I forgot my original /. login and created another one? Also if you read the statement I didn't say he doesn't work in IT, I said he either doesn't or pretty much he's lucky to be in an IT position where his expertise and intelligence is acknowledged.

He probably is old enough to be my GP, but he's definitely your daddy.

Imagine this with the singularity

What's the business case?

To make business itself similar to the pushing of acorns around by squirrels.

Oh, OK. Will I get more acorns?

1000101011

IPv6 will happen when China demands it

[Animats]

IPv6 will happen when China demands it. China's growing need for IP address space will drive the issue. China needs at least a billion IP addresses. Especially since the Chinese government would like a system where each device has a permanent IP address.

Re:IPv6 will happen when China demands it

[Cajal]

China has already demanded it. China's new national network, CERNET2, runs IPv6 - http://www.chinadaily.com.cn/english/doc/2004-12/27/content_403512.htm.

Re:IPv6 will happen when China demands it

[jonbryce]

Ultimately China will need a lot more than a billion IP addresses. At the moment I have internet connections for home computer, work computer, mobile phone and laptop

Re:IPv6 will happen when China demands it

[dunnius]

Then perhaps it might be prudent to instead use IPv8 so that we won't have to change the system again for a really long time.

Only IPv6? We could have had a IP V8. :-D

Re:IPv6 will happen when China demands it

[Duncan+Blackthorne]

Someone else said, jokingly, that China should just have one NAT router for the whole country. More seriously, the way China is approaching internet access for the country, they may as well do exactly that so that they can keep on perpetuating their xenophobic, exclusionist way of life. :p

Re:IPv6 will happen when China demands it

[Llanfairpwllgwyngyll]

You really don't want to joke about IPv8.... Read this, it's INSANE.... http://www.gtld-mou.org/gtld-discuss/mail-archive/06944.html

Re:IPv6 will happen when China demands it

[volxdragon]

No they won't, they'll STILL all be behind one great-big-NAT-Firewall...

Re:IPv6 will happen when China demands it

[Animats]

Someone else said, jokingly, that China should just have one NAT router for the whole country.

That just might happen, with connections converted from IPv6 to IPv4 at the Great Firewall of China.

Re:IPv6 will happen when China demands it

[dbIII]

Good idea, skip IPv7.

Lain is a bitch when she's angry so find a way around her in the wired with IPv8 on your navi instead.

This is of course a dumb anime reference about a series that used IPv7 as a plot device (or perhaps character) with episodes about a lot of different internet concepts.

Re:IPv6 will happen when China demands it

China had IPv9 for years! Why not go for something like IPv311?

Re:IPv6 will happen when China demands it

[ionix5891]

let me correct that for you

Chinese government would like a system where each citizen has a permanent IP address

Not exactly true

[Cajal]

There's no business case if you don't care about growing your network. If you do, you need to care about IPv6, becuase in a few years, it's going to become increasingly difficult to get new public IPv4 addresses.

Actually, Microsoft supports IPv6 in several of its core products. IE, Outlook 2007, Windows Mail/Live Mail and Exchange 2007 support IPv6, as do many of the services in Windows 2008 (IIS, DHCPv6, DNS, POP, CIFS, LDAP, Kerberos, Remote Desktop). Some of these also have IPv6 support on Windows XP (IE, IIS, Remote Desktop, CIFS).

Re:Not exactly true

[Paralizer]

There's no business case if you don't care about growing your network. If you do, you need to care about IPv6, becuase in a few years, it's going to become increasingly difficult to get new public IPv4 addresses.

Many companies do not need public IP addresses, yet they have large networks. For example, imagine a company that has a location with 2,000 employees. The company does not offer web services but they do need internet access for their employees to be able to send/receive email and use business applications between sites (via VPN tunnels). In this case the company may only need a handful of IP addresses and NAT all of their private addresses through the pool of 4 or 5 public IP addresses for that location. They can easily add a new building to their location and just expand their LAN as they have an entire 10.0.0.0 A block providing millions of IP addresses. NATing between the internal LAN and the internet they can get up to ~250,000 entries (provided their hardware can support that), allowing each of their 2,000 users to be using, on average, 125 internet applications (or open connections) at once.

This situation I suspect is typical of almost all companies. Most already have enough public IP addresses to satisfy all of their internal users and lots of room to expand on their LAN side.

Re:Not exactly true

[Cajal]

NATing between the internal LAN and the internet they can get up to ~250,000 entries (provided their hardware can support that), allowing each of their 2,000 users to be using, on average, 125 internet applications (or open connections) at once.

What's going to be more expensive: A massive NAT box or an IPv6-enabled router (as many already are)?

What's going to be more expensive: Adding NAT buster support into many apps, or using IPv6 (many apps are already IPv6-aware)?

At the APNIC 26 conference last month, NTT presented some ballpack numbers for how many people can be comfortably put behind NAT. They're not encouraging. Basically, the common "Web 2.0"-type apps open a lot of background connections, which chews through your ephemeral port space quickly, limiting the number of people that can be NATted. Google echoed those claims loud and clear: "AJAX applications break behind excessive NAT."

Also, consider that by 2012 we'll have run out of public IPv4 addresses. But only 25% of Earth's population will be online. Do you propose to put another 3.5 billion people behind NAT? I'm pretty skeptical that NAT can handle that load.

While NAT will likely be needed in the short term to deal with IPv4 address exhaution, I'm highly skeptical of its long-term scalability.

Re:Not exactly true

[profplump]

What happens when that company wants to setup a VPN to another company that also uses the 10.0.0.0 address space? Now I need a NATNAT device that invents a whole new set of addresses to let machines inside the two private networks talk to each other.

I'm not saying that everyone needs to be directly on the Internet with a public address and no firewall. But even if you are going to assign private addresses internally, there's value in having (or being able to easily obtain) a globally unique address so that you can form arbitrary connections to any other machine on the planet.

Re:Not exactly true

[Paralizer]

Well not all 2,000 users in my example are going to open 125 connections simultaneously so the NAT table on the router isn't going to be that enormous, but maybe just a small fraction. Your typical enterprise Cisco/Juniper router/firewall can probably handle that load fine (I'd have to double check on that), or maybe you can load balance between multiple routers each with different public IP pools.

If you agree with that assumption then you can say your business class router/firewall that can handle both the NAT load and that can also handle IPv6 if you enable it. So you have the same device that can do either. You are currently running the NAT "solution", so you pay nothing for hardware to make the transition. However, there is still an administrative cost associated with a network wide infrastructure shift like that. So your networking team takes the time to transition the whole system and you may even have intermittent downtime while certain parts of the network are upgraded. That cost of the time spend and the possible downtime is what needs to be justified to be able to make this upgrade.

You may already have the equipment to be able to do it, and your ISP may already provide you with IPv6, but it comes back to the original question... "why send the time and money to move if our current 'solution' works?"

Remember that internally your organization can stay at IPv4 forever (or until some killer IPv6 app comes out) and just NAT itself off to the IPv6 world (NAT dual stack or NAT 4to6 transition methods). The best thing I can think of off the top of my head is to try to spin a 'future proofing' angle to management -- we make the investment now and it will pay off in the long run. But management has a way of crossing bridges when they get to them.. at least that's how it seems to be where I work.

Re:Not exactly true

"What happens when that company wants to setup a VPN to another company that also uses the 10.0.0.0 address space?..."

You mean like most VPN connections exist today? In this case, you either agree to use registered space, or you both NAT and pray that the App in question can deal with it.

Re:Not exactly true

[egamma]

My company solves that problem on a frequent basis. It's not that hard--it's called a "reverse-NAT". you simply NAT the other guy's IP addresses to 172.16.0.0 or something and they do the same. Neither side knows that they are being NATed, and they don't care--all they know is that 172.16 is the "other" network.

Re:Not exactly true

[swordfishBob]

Also: mobiles.
The frequent keepalives required to keep NAT functional for UDP-based applications (e.g. Skype, VPNs) mean a 3G device won't get put into idle state when it should; consuming battery and wasting cell resources. With IPv6, no NAT required, keepalives not required every 30s, idle connections could be managed properly.

Re:Not exactly true

[Firehed]

It's functional enough, but it gets mind-numbingly confusing very quickly.

We have a fix for this problem - IPv6. Let's deploy it, instead of continuing to deploy workarounds and hacks. It may mean a bigger initial investment, but the long-term costs are going to be a lot lower. Less/simpler maintenance, and fewer problems when it really matters. Have you ever seen what happens when sales departments rely on those kinds of things? I have, and I'd seen deals die because the product simply couldn't be demoed (let alone actually having the sales process really start) due to network issues. That only needs to happen a couple of times before you're losing money.

Granted I'm oversimplifying things tremendously, but the switch will happen eventually so you might as well start now and iron out the bugs sooner rather than later. It's not like an either/or situation - you can support both at once.

Re:Not exactly true

[againjj]

Also, consider that by 2012 we'll have run out of public IPv4 addresses.

That is not the hard fact it sounds like, but depends on a number of assumptions that may or may not pan out. This has been proclaimed for quite a while now, and the date keeps getting pushed back. Why? Because assumptions keep getting broken by things like NAT and CIDR. The next big thing I imagine will be the reallocation of class A addresses: why should the likes of HP get multiple class A's?

I predict that the allocation of IPv4 addresses will not have a hard stop, but rather will trail off over time as IPv4 addresses slowly become harder and harder to come by. That is what has happened so far: addresses were thrown out like candy originally, then the aforementioned class A's were stopped, and then class B's were largely stopped too. It is hard to get a large chunk any more, and the trend will continue, but the change will be gradual.

Re:Not exactly true

[Cajal]

There is no legal mechanism by which you can force the legacy class A holders to relinquish their space. The best you can do is to establish a trading mrket and hope they sell them. Likewise, there i no magic quick fix to use the class E space.

I don't think the v4 exhaustion date is going to be pushed back. If anything it's crept closer. We used to think wed be find until 2030. Now the estimates are 2012.

Re:Not exactly true

[Detritus]

why should the likes of HP get multiple class A's?

Because they were a pioneer and you were not. If you don't like it, lobby for the adoption of IPV6.

Re:Not exactly true

[againjj]

I realize that there is no legal mechanism. That is why we have routing shenanigans now and again. However, ARIN nominally has the power to revoke address allocations, and IP hijacking has been dealt with before. Slashdot talked about it recently, and in the connected article, it mentions a case where a block got revoked (pdf). Googling around about the Slashdot incident shows that NASA did not seem to care that the address block was used by spammers. There are lots of unused IP addresses out there in legacy space, and they can be taken back, especially since some don't even seem to be cared about.

Once the decision to revoke IP addresses happens, then IP address hijackers can be dealt with as they have been, by disconnecting them from the Internet. This has been done in the past when disruptive hijacking occurred, and it can happen with revocations too. Granted, there are many ASs out there, and there is less incentive to do something when nothing truly bad is happening, but with enough people on board, I imagine the organizations with the revoked addresses could be made to feel enough pain for it to happen.

Re:Not exactly true

[petermgreen]

The next big thing I imagine will be the reallocation of class A addresses: why should the likes of HP get multiple class A's?
Afaict there is no law saying someone can't use any IP address they damn well please, it's just that if they wan't to participate in the public internet they have to follow the rules handed to them by thier internet provider.

What this means is that as long as ICANN act in a way the major ISPs consider tollerable they get to stay in charge. BUT if they were to try and revoke major allocations it could easilly cause some major ISPs to ignore them. Since the internet is reliant on addresses being globally unique this would be a disaster,

And with at least one major operating system refusing to use the class E space as normal space opening that up is not practical either.

An IP address market is an option but it would be likely to lead to a route table explosion unless the minimum resellable block is kept very large.

Re:Not exactly true

[springbox]

What about putting NAT behind NAT?

Re:Not exactly true

[Lennie]

What's going to be more expensive: A massive NAT box or an IPv6-enabled router (as many already are)?

About the same, atleast, because you want to keep the same kind of state for IPv6-firewall as for IPv4-NAT. Yes it maybe be easier to code for IPv6, but there going to be less vendors selling you a IPv6-enabled device. So you have less vendors to choose from, this could be more expensive.

Re:Not exactly true

[Lennie]

Get your own large IPv6-block now so you can be poineer as well. :-)

But seriously, the class A's really don't add a lot. because by the time they are made available, the demand will be very high too and they be gone in no time.

Re:Not exactly true

[lucifuge31337]

What's going to be more expensive: A massive NAT box or an IPv6-enabled router (as many already are)?

The IPv6 router. Take a router that will pass GigE with IPv4 and put IPv6 on it with any sore to sane, normal policies. It will fall on its face at 100 MBit, if even that much. Why? While many routers "support" IPv6, it is software support only, and does not tak advantage of ASICs. etc that we've come to rely on for high bandwidth packet mangling.

Re:Not exactly true

[Cajal]

This was true for early IPv6 routers, but most routers built in the past few years have IPv6 in hardware.

Re:Not exactly true

[lucifuge31337]

Very few of us buy routers "every few years".

My point wasn't entirely clear: I'm not saying they don't exist. But the vast majority of routers out there that are passing packets right now that COULD pass IPv6 can only do it in software. Mine definitely included. This is yet another barrier where you'll have to show me the money before I'll consider upgrading (I'm a wholesale VoIP provider that passes about 200 MBit 95th percentile - with redundancy and the ability to pass the insane packet count that VoIP creates puts me in the $40k range for new routers).

Re:Not exactly true

[Nurgled]

Do you also rewrite all DNS requests so that hostnames for systems on the other network resolve to your translated IP addresses? This was the thing that wrote off my attempts to do what you're describing as a solution. In the end I just bit the bullet and renumbered one of the networks.

Re:Not exactly true

[ista]

What's going to be more expensive: A massive NAT box or an IPv6-enabled router (as many already are)?

What's going to be more expensive: Adding NAT buster support into many apps, or using IPv6 (many apps are already IPv6-aware)?

Well, except those guys designing protocols by copying FTP, most client applications actually don't have a problem running with NAT.

Please note that many DSL and cable ISPs provide their customers with cheap "WLAN routers", who often really are plain NAT devices and so by today, you do have millions of people sitting behind NAT gateways and so NAT is a wide-spread "solution" in the industry.

NAT is in use at millions of sites, while the current worldwide amount of IPv6 traffic is merely something in the range of roughly less than a gigabit and about this well "tested" in real life. So if your router does run IPv6, it's not sure that this router will be able to run IPv6 reliably once IPv6 is widely deployed.

At the APNIC 26 conference last month, NTT presented some ballpack numbers for how many people can be comfortably put behind NAT. They're not encouraging. Basically, the common "Web 2.0"-type apps open a lot of background connections, which chews through your ephemeral port space quickly, limiting the number of people that can be NATted. Google echoed those claims loud and clear: "AJAX applications break behind excessive NAT."

Also, consider that by 2012 we'll have run out of public IPv4 addresses. But only 25% of Earth's population will be online. Do you propose to put another 3.5 billion people behind NAT? I'm pretty skeptical that NAT can handle that load.

While NAT will likely be needed in the short term to deal with IPv4 address exhaution, I'm highly skeptical of its long-term scalability.

Well, "Ajax applications will break under NAT", "tomorrow we'll run out of IPv4 addresses" and "the whole world wants to be online, so we do need more IP space" are very close to FUD.

And may I point out that a clear majority of those 3.5 billion people are much more in nead of clean, drinkable freshwater, food to eat and at least some kind of health care rather than the ability to watch sneezing pandas on youtube?

Re:Not exactly true

Ouch - that sounds fugly. At that point, why not just switch?

Most interesting question ...

[neonprimetime]

JoeRockHead: What is the status of good security tools for IPv6?

Fred_Wettling: We have found that several security tools (firewall, IDS, IPS) are ready for IPv6 traffic, others are at varying stages of maturity. While Microsoft should be applauded for its IPv6 deployment in its operating systems, it has not yet addressed IPv6 in its ISA Server that several organizations use for Internet traffic security logging. Current versions of Squid DO support IPv6. The "bad guys" are exploring the use of IPv6 to gain access to systems. A common approach is the use of tunnels that may be turned on in a default configuration ... like Teredo, ISATAP or 6to4. Security awareness is important when deploying IPv6. A lot of potential risks can be solved with prudent configuration, including turning host-based tunnels OFF by default. Command Information has been doing some interesting work in this area.

IP4 - elegant IP6 - Rube Goldberg

192.168.1.87 -vs- fe80::e1c0:5620:bc95:3c71%9

Consumer rollout

[UnknowingFool]

For the consumer how will this roll out? Moving to IPv6 means that I can't use NAT anymore for my home network. That means I need a block of IP addresses assigned to me. So does my telco/cable company have this set up and will it cost me a huge amount to get a block of IPs? If it does, I can see the resistance.

Re:Consumer rollout

[Timothy+Brownawell]

Moving to IPv6 means that I can't use NAT anymore for my home network.

I don't believe that's accurate. What's supposed to happen is that your ISP gives you a /64 block and you don't need NAT, but nothing says you can't use NAT if you want to (or if your ISP doesn't play nice).

Re:Consumer rollout

[dascritch]

Got IPv6 from my FAI. I got both IPv4 (192.168.x.x local adresses) and IPv6 with a prefix for each of my machines.
I think that IPv6 NATing is not a problem: it works very well here, and no matter if I put IPv4 or IPv6 adresses (I'm in France, my FAI is Free, and NATing uis done via my "box")

Re:Consumer rollout

[Just+Some+Guy]

Moving to IPv6 means that I can't use NAT anymore for my home network.

You technically can, but there are few sane reasons for wanting to.

That means I need a block of IP addresses assigned to me. So does my telco/cable company have this set up and will it cost me a huge amount to get a block of IPs?

Correct, yes (they will), and no (it won't). I have a free /48 allocation from Hurricane Electric, giving me a home netblock of 2^80 addresses. If your ISP tries to rake you over the coals, I could probably peel off 2^64 or so of those to lend you.

Re:Consumer rollout

[Pentium100]

Why you can't use NAT? Is this some IPv6 limitation or just that there are no IPv6 NAT routers?

I use NAT for security (as a firewall) and for sharing a single external IP between my computers.

My dislike for IPv6 is that it is impossible to remember those long IP addresses.

Re:Consumer rollout

[apathy+maybe]

Tell me again why you can't do "NAT" if you use IPv6? (That's a serious question, what technology prevents you from using port-forwarding with IPv6?)

More to the point, do you really want to do NAT if you have IPv6?

Having all IP addresses public is not any less secure or vulnerable, given a correct firewall configuration. If you deny by default, and open exactly what should be allowed (address and port tuple), you are as secure as the firewall can do, short of advance features like protocol specific inspection, etc.

From a comment on http://www.circleid.com/posts/nat_just_say_no/

Re:Consumer rollout

Moving to IPv6 means that I can't use NAT anymore for my home network.

Why not?

That means I need a block of IP addresses assigned to me. So does my telco/cable company have this set up and will it cost me a huge amount to get a block of IPs?

IPv6 addresses are cheap, and I bet your provider has a fairly easy way to allocate a block to their clients (or could set one up pretty easily if people ask).

Remember supply and demand? IPv4 addresses are low in supply and high in demand, so they're expensive. IPv6 addresses are very high in supply and relatively low in demand.

Re:Consumer rollout

[UnknowingFool]

My current routers assign private IP addresses to my computers at home. My understanding is that with IPv6 this would not be allowed and that my router would have to assign real IPs. Now if my telco/cable company sells me a block of them with my service that would be great. However, are they ready to do this and will they try to charge me a great deal for a block as opposed to a single, rotating address. That is my main question.

Re:Consumer rollout

[molo]

The block they assign to you will probably vary (you will probably still have to pay extra for a static), just like DHCP does now. But your router will be able to advertise the available block to your subnet, and it can dynamically change. Check out radvd for an example of this.

-molo

Re:Consumer rollout

[mckyj57]

It amazes me that the IPv6 people never talk about the *benefits* of NAT, which is that the individual's user and all it's vulnerable services are not readily accessible to the Internet at large.

And don't talk to me about firewalls, either. In actual practice, firewalls have turned out to be firesieves way too often. If you have a strong enough firewall to matter, you might as well NAT because you aren't getting to that machine anyway.

Re:Consumer rollout

[stevied]

Why you can't use NAT? Is this some IPv6 limitation or just that there are no IPv6 NAT routers?

NAT is not theoretically impossible with IPv6, but it's a big part of the ugliness IPv6 is meant to solve. AFAIK, there is no IPv6 NAT implementation for Linux for exactly this reason.

I use NAT for security (as a firewall) and for sharing a single external IP between my computers.

Lack of NAT doesn't mean lack of firewalling. Linux has ip6tables. You can still configure an IPv6 router / gateway to drop all incoming connections to machines inside your local network, apart from any exceptions you want to configure (e.g. Bittorrent.)

My dislike for IPv6 is that it is impossible to remember those long IP addresses.

Yes, but I guess that's unavoidable. One thing I would like to see is for IPv6 admin tools to support /etc/networks, or an equivalent. Presumably software like dnsmasq and avahi will be upgraded to cope with providing local IPv6 DNS, if they don't already (I haven't tested.)

Re:Consumer rollout

[Just+Some+Guy]

I use NAT for security (as a firewall)

No you don't. A stateless NAT is almost worthless as a firewall, even if many people think it is. For example, take these three pseudocode rules:

allow from $lan to $internet port 53
allow from $internet port 53 to $lan
block all

That's all well and good until someone sending you spoofed packets from ns1.google.com:53 to 192.168.0.2 (or whatever your desktop's address is). After all, your firewall allows in all packets with a report port 53.

If you want a firewall, get a firewall. If you want NAT, get NAT. Do not believe for a second that they're the same.

Re:Consumer rollout

[dave024]

long ip addresses?
Your isp should give you a /48 block, which is 12 digits long (2001:4200:24AB::/48), similar in length to an ipv4 address. You could then number your devices sequentially
2001:4200:24AB::1/64
2001:4200:24AB::2/64
2001:4200:24AB::3/64

What's so hard to remember about that?

Re:Consumer rollout

[Timothy+Brownawell]

My current routers assign private IP addresses to my computers at home. My understanding is that with IPv6 this would not be allowed and that my router would have to assign real IPs.

NAT for IPv6 was implemented in Linux in 2004, so it's clearly possible. How would someone go about making it "not allowed"?

Re:Consumer rollout

It amazes me that the IPv6 people never talk about the *benefits* of NAT, which is that the individual's user and all it's vulnerable services are not readily accessible to the Internet at large.

I suggest that you scan part of the ipv6 address space and find some computers with remote vulnerabilities.
The actual challenge is finding someone from eg. /64 address space (that is 2^32*2^32 addresses == ipv4 address space multiplied with ipv4 address space)

Re:Consumer rollout

[Todd+Knarr]

Well, you still can use NAT on your home network, it's just that you don't have to. You won't need to get a block of IP addresses assigned to you, you'll get one by default. The smallest assignment your ISP will be able to give you (without violating the IPv6 spec) will be a /64. Since IPv6 addresses are 128 bits, that gives you a 64-bit block (4 billion IPv4-sized networks) to assign your own machines in. For the average user who doesn't care about subnetting within their home network, that means just allowing automatic address assignment (based on the MAC address of the machine and the IPv6 router-discovery protocol results) or a simple DHCPv6 setup (built into your router) to do it's thing.

Re:Consumer rollout

[Pentium100]

unless the NAT is stateful and only allows a packet in if there was a packet out before.

how about these rules:

allow from $lan to $internet
allow from $internet to $lan where state=established
block all

Now lets say that I am running a FTP server inside my lan (for lan uses only). No one from the internet can connect to it.

Except for static port forwarding (for bittorrent, emule etc) and VPN.

And if they intercept the DNS request and spoof a reply - is there any way of blocking it?

Re:Consumer rollout

[idiotnot]

What's so hard to remember about that?

ZOMG, there's letters in those addresses! /sarcasm

Actually, that's what I do. I make the last part same as the IPv4 address. Easy to remember if I need to.

10.0.0.10/24 --> 2001:4200:24ab::10/64

etc. etc.

But there is this magical tool called DNS, too. It's really not that difficult to setup if you RTFM. My windows clients update their addresses to BIND without any problems. My macs, linux, and BSD machines, I haven't had time to get them to do the auto-update yet. Someday when I have more time, perhaps.

Re:Consumer rollout

[Pentium100]

192.168.0.254 vs 2001:4200:24AB::2

And why would I want an external IP for every device on my network? Now I can connect to my network using VPN and access all devices (and hackers can't (hopefully)).

Re:Consumer rollout

[Timothy+Brownawell]

NAT for IPv6 was implemented in Linux in 2004, so it's clearly possible

Based on this message, but from further looking it appears that it was never merged.

Re:Consumer rollout

[Just+Some+Guy]

allow from $lan to $internet
allow from $internet to $lan where state=established
block all

At that point, you have a stateful firewall, not just a NAT.

Re:Consumer rollout

[Fred+Ferrigno]

The smallest assignment your ISP will be able to give you (without violating the IPv6 spec) will be a /64.

And what happens when they violate that spec? What incentive is there for the ISP to allocate a /64 for each customer when they could allocate one /64 for their entire customer base?

Re:Consumer rollout

[Tony+Hoyle]

There's a whole standard for IPV6 NAT. Cisco routers support it, and if ipv6 ever takes off then I expect most home routers will support it. I expect that linux supports it.. it would be odd if it didn't.

Re:Consumer rollout

[Pentium100]

Oh, ok. Since the same physical device performs both functions I thought that it's almost the same (that is - you can have a firewall without NAT, but not NAT without firewall). Thanks for clearing that up for me.

Re:Consumer rollout

[Pentium100]

It should be easy if the device ever connects to the internet. Its actual IP address will be logged somewhere or not?

Re:Consumer rollout

[myrdos2]

You could still use NAT. You just won't need to. Your block of IPs won't cost any more than your current, single IP address does.

Re:Consumer rollout

[Just+Some+Guy]

Since the same physical device performs both functions I thought that it's almost the same (that is - you can have a firewall without NAT, but not NAT without firewall).

Well, you see them lumped together pretty often and that's let to much of the confusion. You can have NAT without firewall although it's not commonly seen. NAT by itself is security through obscurity. It's not a bad thing by any means, but so often you hear phrases like "safely behind a NAT", and that makes me cringe.

Re:Consumer rollout

[Todd+Knarr]

The cost of having (probably) Cisco write custom firmware for all their equipment, and the cost of maintaining that custom firmware. It's possible to get the routers to handle a /128 assignment, but you're fighting the equipment the whole way. And it fails to work with Windows, whose IPv6 stack assumes that IPv6 stateless autoconfig works properly and doesn't play well with routers that refuse to accept the stack's use of it's own MAC-address-based value in the lower 64 bits. Again this can be worked around, but it takes a lot of heavy messing-about in low-level configuration to make it all work right. And how many ISPs are going to tell their customers that the ISP doesn't support Windows?

Re:Consumer rollout

[petermgreen]

When talking about consumer equipment NAT almost always reffers to a one to many NAT. A one to many NAT has to be doing state tracking to know where to send the packets and unless there is a fallback rule in place anything that doesn't match up with a mapping is going to get dropped or treated as a connection to the NAT box itself and rejected by it.

Generally your computer should not be connecting out from a port that is in use for a sever so that NAT should not be generating any mappings related to the port the service is running on.

Re:Consumer rollout

[Fred+Ferrigno]

So what do I do if I've only got a /64 from my ISP but I want to segregate unsecured wireless, secured wireless, and wired? I think it would be in Cisco's (and Microsoft's) best interest to have a solution for that use case, which would naturally translate into a solution for the ISPs. What's more, if some big ISP like AT&T or Verizon is pushing for it, I have little doubt that Cisco would comply.

Re:Consumer rollout

[mckyj57]

Unless you were designing in an asymmetric random IP address paradigm for sourcing outgoing requests, I would think it would be easy simply by scanning logs.

And even if you did that but then you can't find a connecting host, what good is direct addressability anyway? You might as well NAT.

Re:Consumer rollout

[Just+Some+Guy]

So what do I do if I've only got a /64 from my ISP but I want to segregate unsecured wireless, secured wireless, and wired?

Unless I'm mistaken, the standard says that end users are to receive /48 netblocks (which are what I have at home and work). Since the ISP is responsible for bits 0-47 and autoconfig uses 64-127, you get bits 48-63 to use for subnetting. For instance, my home allocation is 2001:470:a80a::/48. I assigned 2001:470:a80a:1::/64 to my LAN, 2001:470:a80a:2::/64 to my Wi-Fi, etc.

Re:Consumer rollout

It also means that I need to change my entire internal network every time I change carriers. No thanks.

Re:Consumer rollout

[j+h+woodyatt]

You know, here in the 21st century, we have these things called domain name servers, and they even work in tandem with address configuration systems to dynamically keep the hostname matched up with the network address as it gets renumbered.

You should look into how they work. They're really quite remarkable, and it sure beats having to copy /etc/hosts around to all your computers by floppy disk.

Re:Consumer rollout

[j+h+woodyatt]

Realistically, here's how residential users are going to be transitioned to IPv6...

+ More carriers (some already do this) will start putting their basic service customers behind carrier-grade NAT boxes. They will not allow port forwarding or UPnP. For that you pay extra for a public IPv4 address and run your own NAT box. (How much extra? Probably about US$5.00 to US$10.00 per month.)

+ A few years later, some carriers will be offering IPv6 service to their basic level customers alongside the carrier-grade NAT service. You'll probably get a /56, whether you want one or not (because the carrier will want to put boxes in your house that it can talk to and you can't). To get this service, you'll be using an integrated router provided by your carrier. Again, if you want to run your own router, you pay extra.

+ The IPv6 public Internet will be badly split into three separate domains, none of which will interwork with one another very well at all, and not with any measurable reliability. Those domains will be: A) the native IPv6 internet, B) the 6to4 tunneled internet, and C) the Teredo tunneled internet. Why will there be this split? Because service providers will not deploy relay routers in their networks.

+ At that point, I predict further development will stop. The case for IPv6 is so service providers can have access to the interiors of residential subscriber networks. There is no useful feature of IPv6 that will be provided to subscribers, e.g. origination of source-specific multicast, any kind of participation in embedded-rendezvous any-source multicast, mobility, security, et. al.

+ To address the scaling problem posed by NAT44 and NAT444 architectures, the major web application sites will shift to session layer multiplexing over transport connections. This will stave off the need for them to transition to IPv6.

Re:Consumer rollout

[Paralizer]

I believe it is called 'reflexive NAT' (or PAT).

Suppose your internal IP address is 192.168.1.101, your external IP is 12.12.12.12, and you use a browser to go to slashdot.org on port 80. Right now nothing from slashdot.org:80 can come in through your router because nothing in the NAT matches it (unless of course you manually configured a forwarding rule, but for now assume that is not the case).

Now you need a port for /. to respond to, so you choose port 12345. As you pass through the router outbound, the router will see you are 192.168.1.101:12345 going to slashdot.org:80. Well maybe the router is already using 12345 for something else, so it remaps it to 23456. The NAT table now has an entry that looks something like this:

Inside Global - 12.12.12.12:23456
Inside Local - 192.168.1.101:12345
Outside - slashdot.org:80

(Note that I may have got those terms backwards.)

Now the router/firewall knows that anything going to slashdot.org:80 from 192.168.1.101:12345 should go out as 12.12.12.12:23456, and anything coming back from slashdot.org:80 coming to 12.12.12.12:23456 should be forwarded back to 192.168.1.101:12345.

When your session closes or times out that NAT entry is removed, and anything coming from slashdot.org:80 to 12.12.12.12:23456 has no forward rule so it simply gets dropped.

So it is a firewall, it's just not an beefed up super firewall that we typically want to use in addition to NAT.

Re:Consumer rollout

[sjames]

And what happens when they violate that spec? What incentive is there for the ISP to allocate a /64 for each customer when they could allocate one /64 for their entire customer base?

The incentive is avoiding a bazillion support issues from users who have no idea what IPv6 is, but Vista says it's not working right and it has something to do with the internet. The best way to skip all of that is to announce a proper prefix and let Vista do the right thing.

The other is that there is little incentive not to hand out a /64 at least. Yes, it could support their entire customer base, but then they'd have 64K-1 subnets unused from the minimum assignment they got from ARIN.

Re:Consumer rollout

[sjames]

What is this NAT you're running that isn't a firewall?

It doesn't take much 'strength' to drop incoming SYN packets. In fact, it takes a lot less power than re-writing every packet traversing the firewall. like you have to do with NAT.

Re:Consumer rollout

[sjames]

Your ISP will assign you at least a /64 and probably send you a proper router announcement. Your NAT will be replaced by a lightweight rule to drop incoming SYN packets with whatever exceptions you specify.

There's no tecnical reason you CAN'T do NAT, it just doesn't make sense to do it.

IPv6

It will be universally adopted shortly after Perl 6 is.

Re:IP4 - elegant IP6 - Rube Goldberg

[Just+Some+Guy]

192.168.1.87 -vs- fe80::e1c0:5620:bc95:3c71%9

I see your unwieldly addressing and raise you a DNS.

Besides, if you want to talk Rube Goldberg, check out IPv4's variable-length headers and the processing required to sort them out at line speed.

NAT is the business case killer...

[nweaver]

For a long time, IPv4's limited address space looked to be a problem. And that was the #1 business case behind IPv6.

The problem is, NAT came around at just the right time. Most businesses only need a couple of external addresses, and many end-users don't need one at all.

Re:NAT is the business case killer...

[Just+Some+Guy]

Most businesses only need a couple of external addresses, and many end-users don't need one at all.

That's right! As long as you originate 100% of your traffic, don't host VPNs, and never need to use an end-to-end connection, you'll be just fine behind an Internet-breaking NAT. Just pray that you never need to SSH to your home server which is also behind one.

Re:NAT is the business case killer...

[TeknoHog]

Agreed, NAT is a particularly ugly solution whereas IPv6 is much more elegant. However, there seems to be a business case for NAT, in that it helps maintain the idea of consumers vs. producers. If you want Real Internet (TM), get a business account.

Actually, I'm probably spoiled, since many Finnish ISPs give you 5 public IP addresses. My current ISP doesn't even distinguish between private and business contracts, though they do provide higher-grade services as well.

Re:NAT is the business case killer...

Just pray that you never need to SSH to your home server which is also behind one.

Is that hard? It seems really easy to me. I guess I'm just some kind of super genius. I've even done it from a NAT network. The only thing I pray about is RoadRunner. I never know if that will be up or not.

Re:NAT is the business case killer...

[zippthorne]

You can tunnel SSH tunnels over SSH tunnels, you know. So, you put a ssh gateway behind your home router with port forwarding, and create a tunnel to that. Then you create a tunnel *through* that to the "local" machine you need to access.

Not saying that's in any way elegant, but.. why is your home server not also the virtual host for ssh, anyway.

Re:NAT is the business case killer...

[petermgreen]

If it's only behind a nat that you have configuration access to it's trivial, just configure the nat to forward ports appropriately.

On the other hand if it's behind a nat someone else (e.g. your ISP) owns and doesn't let you have configuration access to then there is more of a problem.

Re:NAT is the business case killer...

[Pentium100]

How many "average" users use VPN or SSH? My friends only have a need for external IP address so that bittorrent works better. And if they do not use BT? No point in having a public IP just for email and web browsing.

Microsoft and IPv6

[BhaKi]

Actually, Microsoft is the last company to add IPv6 support to its OSs. By the time of arrival of WinXP, most other OSs including Linux, Solaris and BSDs had it atleast for 2 years. And WinXP offered it as an optional protocol that had to be installed manually. Vista is the first version of windows to offer IPv6 in a default install.

Re:Microsoft and IPv6

[0racle]

Windows is the most used though. In this sense, Microsoft did more to bringing IPv6 to everybody then switching ever other OS over would have. On top of that, Microsoft was not the last. Windows NT and 2000 had an IPv6 implementation available, with the first release of that in 1998, the same year Solaris 7 was released which also had a IPv6 add-on as Solaris didn't ship with IPv6 until Solaris 8 (2000). While the first release of IPv6 for Linux happened earlier (1996), it was unmaintained and almost useless until Linux started tracking KAME in 2000. Those efforts did not enter the mainline kernel until the 2.5 development cycle. While some of that was backported to 2.4, the first production kernel to include IPv6 (as opposed to it being an external project) was 2.6. KAME (IPv6 for the BSD's) started in 1998.

In short, just about everyone had a working IPv6 stack at about the same time.

Re:Microsoft and IPv6

On the other hand, given that nobody actually uses the thing, maybe Microsoft was right on time.

Re:Microsoft and IPv6

[KiloByte]

WinXP is not capable of IPv6. It can at most run IPv4+IPv6 dual stack with v6 being used for user programs only. That is, unless you can do without DNS and similar details.

IPSec!

[Brian+Bartlett]

Number one killer reason to move to IPv6?

IPSec support is mandatory at the stack level, add transport level support, and you can lock down even telnet traffic.

Where you'll see issues is the ISP and government interaction. If all the traffic is encrypted, then you have to rely on other forensic means to guess at what is in the packets.

Though this doesn't mean that all traffic WILL be encrypted, just that it CAN be encrypted.

Re:IP4 - elegant IP6 - Rube Goldberg

[bigstrat2003]

I see your unwieldly addressing and raise you a DNS.

Because DNS always works properly, and there is never, ever a reason to want to get to a machine by specifying its IP, rather than resolving a hostname. Oh wait...

Your average user doesn't worry about IP addresses now, they utilize DNS. If someone cares about how easy it is to work with an IP address, they're probably a techy who needs to do so for troubleshooting purposes, so giving a smart-ass "use DNS" response doesn't help them.

Excuse me, Why are they not interoperable!

[lrohrer]

The reason no one upgrades is that the new "standard" is not simply interoperable with the old. When color TV came out you could still watch the same programming on you B/W. It is not the case with IPv6. You need new routers, new software, new DNS and to train your people. Sure Apache 2.0 and Vista work but an Apache configured just with IPv6 can not serve people on the "internet" (yea yea build a bridge yada yada yada)

Please, the spec is bad just for this reason. The simple basic requirement for new addressing scheme is that it works with existing equipment.

Time to start over with a new spec.

Re:Excuse me, Why are they not interoperable!

[profplump]

Have you ever actually looked at what's required to parse an IPv4 header vs. an IPv6 header? There are plenty of good reasons that IPv6 decided the IPv4 structure was not a good plan.

Beside that, there's no practical way to add address length to IPv4 headers that wouldn't break old equipment. Moreover the kind of breakage caused would be harder to detect and repair -- old equipment would see the IPv4 header, not know about the new extensions, and likely do the wrong thing (like forward traffic to the address corresponding to the first 32-bits of the longer address). At least if you change the protocol number old equipment won't start randomly sending traffic it doesn't understand around the Internet.

Re:Excuse me, Why are they not interoperable!

[Todd+Knarr]

Except that the IPv6 design is backwards-compatible. Any IPv4 address has, per the IPv6 spec, an IPv6 representation, so any IPv6 machine can talk to a machine that has only IPv4 connectivity. Likewise, if your IPv6 machine also has an IPv4 address, there's a defined transformation to allow traffic to it's IPv4 address to be handled by the IPv6 stack. Most IPv6 stacks include all this functionality internally already.

And yes, IPv6 is radically different from IPv4. It's different for the same reasons a Freightliner semi tractor's radically different from a Mini Cooper: it's designed to do things the Mini's incapable of. Sure, you can redesign a semi tractor to be similar to the Mini, use the same parts as the Mini and all that, but in doing so you'd make the tractor cease to be a semi tractor and cease to be capable of doing what you wanted a semi tractor for.

Re:Excuse me, Why are they not interoperable!

[Just+Some+Guy]

That's a great idea, as long as you can find another 96 address bits in the IPv4 header. Oh, and update every router in the world to handle IPv6-style routing (which is not the same as IPv4 routing because we've learned a few things along the way). And figure out a way to require IPSec support. And multicast.

Do you really think that IPv4+6 would be any easier to support than IPv6 itself?

Re:Excuse me, Why are they not interoperable!

[stevied]

Bingo. That's why I never understood DJB's similar little rant. You can't grow the address space and expect backward compatibility, because there's no way for a legacy node (router or host) to preserve the additional address bits (I suppose if you've got bits in another field that are always preserved and not used for anything important, you could use those. But we haven't, so that's the end of that particular story.)

Re:Excuse me, Why are they not interoperable!

[gclef]

Any IPv4 address has, per the IPv6 spec, an IPv6 representation, so any IPv6 machine can talk to a machine that has only IPv4 connectivity.

But, if your IPv4 host has no IPv6 address, it has no way to reply to the IPv6 host. This is one of the reasons people wanted things like NAT-PT, and why killing NAT-PT was a bad idea.

Re:Excuse me, Why are they not interoperable!

[stevied]

IPv4-compatible addresses are deprecated, and IPv4-mapped addresses are basically only there so you can write an "IPv6 only" application and still transparently handle IPv4 connections. The actual system the app is running on still has to be dual stack.

IPv6-only hosts can't talk to IPv4-only hosts without help. As noted above, what could an IPv6-only node put in the source address of an outgoing IPv4 packet that would ensure it got to see any responses?

And and that risk of looking like I'm deliberately trying to shoot down your entire post (which I'm not!), apart from the address size, IPv6 is reasonably similar to IPv4. It tidies some stuff up, makes a few optimizations (no checksums, no fragmentation), but is still recognisably "IP."

Re:Excuse me, Why are they not interoperable!

IPv4 and IPv6 packets on the same 802.11 TX ethernet cause trouble. The protocol design of IPv6 may be backwards compatible with IPv4, but the current physical implementations are not. Bye-bye all current SOHO hubs, switches, routers.

Re:Excuse me, Why are they not interoperable!

[Todd+Knarr]

The IPv4 machine doesn't need an IPv6 address to reply. It replies to the IPv4-compatible address the IPv6 host is using. Now, the IPv6 machine needs either a dual stack (allowing it an IPv4 and an IPv6 address) or a 6-to-4 bridge connecting the IPv6 network to the IPv4 world, but the IPv4 machine needs nothing special, not even a knowledge that IPv6 exists.

Re:Excuse me, Why are they not interoperable!

[Todd+Knarr]

Dual IPv4/IPv6 stack. Almost all IPv6 stacks today are dual stacks, you usually have to play some interesting configuration tricks to create a true IPv6-only, no IPv4 support at all, host. Generally the source address is handled by the stack, which'll select the IPv4-mapped adapter address as the source address when sending to an IPv4-mapped destination address. Unless you're using a 6-to-4 bridge, in which case the bridge will handle the address translation if the source host has no IPv4-mapped adapter address.

Yeah, I'm in the process of turning on IPv6 on my home network, and I'm ironing out all the kinks. The big one's the consumer WAP that doesn't understand IPv6 at all, which I'm dealing with by using IPSec VPN tunnels.

Re:Excuse me, Why are they not interoperable!

[stevied]

Yeah, dual stack is fine, but I don't think that's what the OP was talking about.

Regarding your WAP - could you run OpenWRT on it, or replace it with a model that would? I picked up a WRT54GL recently, so I could play with stuff like IPv6. Someone even seems to have ported ptrtd and totd to it, so in theory it should be possible to go IPv6-only on the local network :)

Re:Excuse me, Why are they not interoperable!

[Todd+Knarr]

I could, but the WRT54 series is a router not an access point. I have a completely different configuration: a dedicated NIC on the primary router box going to a switch that all the access points attach to, with the APs providing only the wired-to-wireless bridge and the router box handling all routing, DHCP, VPN termination, etc.. I'd prefer to keep that configuration so I can manage everything at a single central point (and have a much more powerful machine there too to handle heavy-duty VPN encryption tasks, Web proxy and assorted other things).

Re:Excuse me, Why are they not interoperable!

[Ant+P.]

Did you throw away your S-Video/SCART-connected DVD player when HDTV came out? Smash your VGA monitor up when you first had a DVI card?

Did all your NetBIOS applications suddenly stop working when you went from Windows 3.1 to 95 with its built in TCP/IP stack?

Re:Excuse me, Why are they not interoperable!

[ion.simon.c]

Hmm.
How does this trouble manifest itself?

*is running dual stack on the home LAN *RIGHT NOW**

Re:Excuse me, Why are they not interoperable!

[ion.simon.c]

Wait...
So you're telling me that it's like my Hurricane Electric tunnel... but in reverse?!

Re:Excuse me, Why are they not interoperable!

[j+h+woodyatt]

No. NAT-PT really was a bad idea, because it required the network address translator and the domain name rewriter to be tightly coupled in the same box, and that scales not at all well.

The new proposals in IETF to replace NAT-PT all separate these aspects of the problem into more loosely coupled components. You want to know more about them? See the wiki for the upcoming IETF Internet Area interim meeting.

Re:Excuse me, Why are they not interoperable!

[...] any IPv6 machine can talk to a machine that has only IPv4 connectivity. [...]

That's not true actually. For an IPv4-only host to talk to an IPv6-only host NA(P)T-PT has to happen somewhere in between.

http://en.wikipedia.org/wiki/IPv6_translation_mechanisms

Re:Excuse me, Why are they not interoperable!

[gclef]

So, every IPv6 host either needs access to a 6-4 gateway (most of which probably won't be public due to abuse concerns) or the IPv6 host has to have an IPv4 address (not likely after we run out of IPv4). Yeah, that's real effective.

Re:Excuse me, Why are they not interoperable!

[gclef]

Which is fine, but we need a translation system *now*, not in 4-5 years after IETF is done designing it. If someone came along with something better than NAT-PT, then deprecating it to replace it with the better thing would have been fine. But, deprecating NAT-PT before we had any replacement was just foolish.

Re:Excuse me, Why are they not interoperable!

[j+h+woodyatt]

I'm sorry. I guess I shouldn't have erased those RFCs from the Internet. I'll try to remember not to do that next time.

Re:Excuse me, Why are they not interoperable!

[gclef]

Funny, but not helpful. If the RFC is deprecated, why would anyone implement it? Any major implementation of it will be seen as a waste of time, since it's dead now. The thing is, we will need something like NAT-PT well before we will have any real implementations of whatever replacement the IETF process comes up with.

I still think shouldn't have thrown out NAT-PT until we were ready to replace it...ie, once the IETF process finished, not before it started.

Re:Excuse me, Why are they not interoperable!

[j+h+woodyatt]

It was implemented. Nobody seriously deployed it because it didn't work very well. IETF deprecated it because, if people kept deploying it, then it would be harder— not easier— to deploy another system that works correctly.

Re:Excuse me, Why are they not interoperable!

[j+h+woodyatt]

Oh, and I wouldn't get too wound up about not having a good replacement for NAT-PT. Nobody who needs to communicate with IPv4-only hosts really needs to be IPv6-only. They can just deploy dual-stack and forget about the NAT-PT problem.

Re:Excuse me, Why are they not interoperable!

[gclef]

You're missing my point, I think: if I'm to believe the estimates of IPv4 exhaustion (granted, that's a big assumption), then we'll be out of IPv4 before the IETF + implementation process finishes for this replacement. So there will be hosts that won't have a choice about going IPv6-only...and they'll have to do it before the replacement is ready. That strikes me as a poor situation to be in.

I'll acknowldge that NAT-PT wasn't great. But something that sucks is better than nothing.

Re:Excuse me, Why are they not interoperable!

[j+h+woodyatt]

No, there will just be some hosts that will not get public IPv4 addresses. This is why service providers are moving to carrier-grade NAT solutions. In fact, it remains to be seen whether IPv6 transition will ever overtake the widespread adoption of NAT444.

You always get a block

[Nicolas+MONNET]

And nobody's preventing you to use NAT, except that you might have to code it yourself.
Me I'm on IPv6 thanks to my ISP (Free.fr) having implemented it; but there isn't much to do there.

port forwarding != nat

[Nicolas+MONNET]

You can do port forwarding without NAT.
And he's wrong, nothing's preventing you from doing NAT on IPv6, except that it's probably never been implemented since it's kinda pointless.

Yes, there is.

The summary is flamebait and wrong. All three acknowledged that there are cases where it may make sense not to adopt IPv6, but that's not the whole truth:

Wettling adds that "Other companies are strategically investing in the foundation for the future, like those that started using TCP/IP and Web technology in the 1980s and 1990s..."

Grossetete mentions that "clearly some worldwide regions and market segments are adopting IPv6. What would be the impact on your business if you couldnâ(TM)t properly get customers or partners reaching your sites?"

Popoviciou explains that "This is a fundamental technology which is valuable by the simple fact that it enables us to scale our networks and services."

I don't see how that can be construed to mean "no business case", except in an attempt to use intentional misinterpretation to spark discussion.

Re:IP4 - elegant IP6 - Rube Goldberg

[Cajal]

Not to mention fragmentation processing by routers.

Re:IP4 - elegant IP6 - Rube Goldberg

[Just+Some+Guy]

If someone cares about how easy it is to work with an IP address, they're probably a techy who needs to do so for troubleshooting purposes,

Correction: they're a tech on a tiny network where they're used to memorizing the DNS zones. At this very moment, I'm not sure I can tell you the IP of the webserver I work on most often - not because I never access it, but because I've been accessing it via DNS for the last five years and have never once in that time needed to connect via IP.

so giving a smart-ass "use DNS" response doesn't help them.

Neither does giving a dumbass "cant remember numb3rz lol" response.

Similar to climate change

[stevied]

This is a bit like saying there is no business case for doing something about climate change. Sure, I can't tell anyone that specific bits of their infrastructure are going to get wiped out by hurricanes, or that particular segments of their markets are going to be bankrupted and / or drowned by rising sea levels, but that doesn't mean it's not a good idea.

Similarly, I can't forecast what the oil price is going to do, whether it will be higher or lower in 12 months time than it is now. I don't know when we will hit peak oil, or if we've hit it already, and I don't know the exact consequences of that. But that certainly doesn't mean that looking at ways of reducing energy requirements, and alternative sources for them, isn't a good idea.

I can't say what will happen as IPv4 address scarcity hits. Will people be denied allocations outright? I doubt it. Will small blocks of addresses in random parts of the address space be auctioned to the highest bidders? Seems more likely. Will dealing with the huge routing tables caused by all those disconnected little blocks put stress on routers, causing reliability issues and more money to be spent on upgrades? Quite possibly. Will we see people rolling out multiple layers of NAT, and all sorts of ugly application-helpers? Probably. Will it be reliable? I doubt it.

Times are hard economically now, and as a result people pull their horns in and look for hard, specific reasons to justify effort and expenditure, particularly immediate, short-term reasons. But short-termism got us into the current (economic) mess in the first place. Step back, look at the big picture. Yes, it's fuzzy. That doesn't mean there aren't obvious trends, obvious problems -- and also some reasonably obvious, big-picture solutions.

Re:Similar to climate change

[digitaldivide2]

Good points, or what is the business case for solving world hunger, or the fact that 3,000 people die every day because they don't have clean water, or putting an end to the war in Iraq? The simple fact is that the Internet is a global thing, and 15% of the world has access to the current IPv4 network, and 85% of the world does not. It is unfortunate IMHO that the thoughts and positions of three individuals quoted in the interview were dramatically misrepresented, but then on the other hand the posting certainly has generated some discussion amongst the tech community. Now if we could get this same type of discussion going in the public policy community. Much like Al Gore did when he "invented the Internet" and came up with the concept of the Information Super Highway. Try taking the Internet away from anybody who has learned how to use it and see how successful you will be. Do you think the 85% of the world that does not have will forever not want it? I live in California, I need to get to NY for a meeting. Yes, I could go in my garage and get my bicycle out and start peddling to NY, or I could go online and buy a ticket on JetBlue. Just because I can do something for a short period of time doesn't necessarily mean that I should. How foolish would I feel and how much regret would I have choosing the ride my bike scenario if four weeks into my journey I get to the Mississippi River and see a sign that says, "NO BIKES ALLOWED EAST OF THE MISSISSIPPI RIVER"? All that time and energy spent and I didn't even get to my destination. Getting back to the 85% of the worlds population that does not have access to the Internet and the business case. 99% of the business in the world are NOT enterprise based businesses. They are small entrepreneurial business with not more than a few people involved as employees. WASHINGTON, D.C. - Small business continues to drive the United States economy, according to a report issued today by the Office of Advocacy of the U.S. Small Business Administration. Newly released data show that in 2005, small businesses represented 99.7 percent of all the nationâ(TM)s employer businesses. Data also show that they employed 57.4 million Americans or 50.6 percent of the non-farm private sector workforce. And small businesses employ well over 60% of the worlds working population. These are folks that are not not concerned with enterprise solutions. That means there are are probably well over one billion businesses in the world today operating not using the Internet. You are not going to easily NAT your way into adding a billion more users on to the Internet network. Do you not think that the world would be a more productive and efficient place if they did use the Internet? The tide rises for all boats. There is your business case for the transition to the New Internet based on IPv6.

Re:Similar to climate change

[stevied]

Exactly. I do think the internet is rapidly becoming a necessity, not a luxury. We've got ~7 billion people to keep alive on one small planet, we can't do that without a modern technological society, and that in turn needs a reliable, effective communications network.

There really are all sorts of humanitarian advantages to networking those areas that are having problems keeping people alive. For example, there was something I heard about a while back about a mobile phone network in, I think, Africa, which allowed its users to transfer credit to each other, and that was looking at diversifying that system into a general purpose money transfer facility. Then there was a programme on the BBC World Service yesterday about an open source software stack that turned mobile phones into handheld healthcare appliances .. (aha! found the (probably impermanent) link.)

On a more selfish note, I reckon there's a lot of untapped potential in less developed parts of the world. Sure, it takes a certain about of time to play "catch up" when it comes to science and technology (which is one of the reasons people get upset about outsourcing to the east - lower initial quality), but it should take a lot less time to catch up with tech than it did to invent it in the first place (think China), potentially yielding an equally sophisticated but "fresher", more enthusiastic population (tougher physical circumstances probably help provide an incentive, too.)

Re:Similar to climate change

Think about this.

We do not directly pay to consume and use these things:

Air

Water

Roads to drive on

K-12 education for our children

Borrow books from the library

Military defense

Fire services

Police protection

Listening to the radio

Watching basic local TV

Why is it then we have to pay to use the Internet?

Compared to many items on the list above the Internet is extremely inexpensive to deliver.

If you would like to see basic Internet available for all 6.7 billion people visit www.MakeTheInternetFreeForEverybody.com

It is now technologically possible that instead of the world we live in now, where only a small percentage of the global population has access to the Internet (approximately 15%) and the majority of the users pay to use it, we could live in a world where 100% of people could have access to the Internet and they would be able to get basic Internet access for free.

Make The Internet Free For Everybody.org is proposing that we use the Internet to conserve power globally....how we do that? In simple terms...by "making energy visible". We believe that if the use of energy to generate power was visible, waste would be greatly diminished which will be proven by the efforts of the Green Protocol WG. Take water for instance....it is easy to visually see when water is often being wasted and going needlessly down drains and being spread about. It is a simple fact machines and sensors are better at monitoring and turning things on and off more efficiently then people.

Which scenario is better at conserving water to keep our lawns green and healthy?

A. Instructing our 12 year old son or daughter to wake up at 4:30 a.m. every Monday, Thursday and Sunday to go out with a hose and stand in the middle of the yard and spray it with water?

B. Laying a sprinkler system underneath the yard and hooking it up to a Rain Bird automated timer control that automatically turns it on precisely at 4:30 a.m. and turns it off at 4:35 a.m. three nights a week.

By using monitors connected to the Internet network we "can see" where energy is being wasted. Our lifestyles don't really have to change in this scenario, and we still save considerable amounts of energy.

So, if we can save the world 25% of the energy it is now currently using that would be equal to saving $2.5 trillion dollars on its annual "light bill". We believe it would make sense to take $0.5 trillion of that money saved and upgrade the infrastructure of the Internet network, which by that time would be completely New Internet based on IPv6, And then we propose to spend the remaining $2 trillion by giving all 6.7 billion about $300 per year worth of free basic New Internet access from the ISP's around the world.

Summarizing a simple three part plan over the next 10 years:

1. World converts to the New Internet based on IPv6

2. World uses the New Internet to conserve energy (25% of current consumption)

3. World gives everybody free basic access to the New Internet

And, how does this plan get implemented and supported by technology companies, ISP's, governments and policy bodies around the world...a global grass roots effort using the INTERNET...of course!

You make a living by what you get. You make a life by what you give. Winston Churchill
www.MakeTheInternetFreeForEverybody.org

Re:IP4 - elegant IP6 - Rube Goldberg

[profplump]

I've never, ever had my /etc/hosts file stop working. Ever. Even when my NIC was eaten by a dog, I was still able to resolve hostnames to IP address for systems where I already knew the IP address through some manual information exchange.

And honestly I can't think of a reason I'd need to get to a machine by IP address rather than hostname in the first place, other than the DNS server itself (an address that IPv6 auto-config and DHCPv6 both can provide for me).

Blame Microsoft?

[maxrate]

Sure - let's blame Microsoft for IPv6 adoption as well! I know there are tunneled IPv6 connections available that are free, but there should be more support from ISP's for native IPv6 connections. I work in a major data centre and the IPv6 adoption rate and carriers that offer IPv6 connections is low. Microsoft being 2 years late in support IPv6 is a poor excuse.

Re:Blame Microsoft?

[idiotnot]

Microsoft seems to understand the problem, and the IPv6 support in Vista and 2008 is very good.

I'm not entirely convinced, however, that their motivations are entirely pure (wouldn't WGA work so much better without those nasty NAT side-effects?).

But at least they're trying. IPv6 is important; the short-sightedness of many posters here is just amazing.

"Oh, we can reclaim class As from those who don't really need them!" ...and fix the problem for another year, maybe?

Jeeze.

Re:Blame Microsoft?

[Tubal-Cain]

I know there are tunneled IPv6 connections available that are free...

What is the security risk of using them?

Software support

[stevied]

I've noticed recently that an awful lot of *nix based software is now supporting IPv6, either in the upstream source or added by distributions.

A lot of the demand for new addresses (and hence possibly for IPv6) will be on the smaller and / or more portable devices (phones, netbooks, set-top boxes) that often run Linux anyway.

I also note that the KDE guys are porting to Windows. I don't specifically know whether their apps generally support IPv6 already, and if so whether their Windows ports will, but I can't imagine it will be hard to add, or that it will be long before someone does.

In a nutshell, if Windows apps don't provide support, there will be workarounds. Workarounds, indeed, that might act as incentives to get people off Windows onto other, freer platforms ..

Re:IP4 - elegant IP6 - Rube Goldberg

[st0rmshad0w]

When its a device without a DNS name or entry whose admin interface is set to be accessed via specific IP address? They do exist you know.

Comcast Business case is for you to pay per PC jus

[Joe+The+Dragon]

Comcast Business case is for you to pay per PC just like you do with the cable boxes / cable cards.

Re:IP4 - elegant IP6 - Rube Goldberg

[bigstrat2003]

Correction: they're a tech on a tiny network where they're used to memorizing the DNS zones. At this very moment, I'm not sure I can tell you the IP of the webserver I work on most often - not because I never access it, but because I've been accessing it via DNS for the last five years and have never once in that time needed to connect via IP.

So you've never needed to troubleshoot a network problem. Good for you.

Your assumption that anyone who needs to know an IP address must be working with a tiny, memorizable DNS zone is completely false. Like I said, DNS is something that can break. For example, where I work, our dynamic DNS is broken, and the server team refuses to work on the problem (or delete bad entries...). So, when I want to work on one of my user's machines remotely, I sometimes need to find out from the user what their IP address is. Now, I don't know about you, but I'd much rather deal with repeating "192.168.1.87" over the phone than "fe80::e1c0:5620:bc95:3c71%9" (to use the previous example).

And what if you suspect the name servers are down, but want to be sure that they are, indeed, the problem? Boy, it would sure be nice to have a nice, easy IPv4 address memorized for testing, than a long, unwieldy IPv6 address.

Your lack of ability to imagine situations where knowing IP addresses is useful does not mean that they don't exist.

IPv6 for Debian and Ubuntu

[CAPSLOCK2000]

If you are running Debian or Ubuntu (or another Debian derivative) and want to run IPv6, go to:

http://debian6to4.gielen.name/ - IPv6 for Debian and Ubunutu

This site generates an IPv6 configuration specific for your machine. The only thing you need is a working internet connection, which you have, otherwise you wouldn't be reading this.

Re:IPv6 for Debian and Ubuntu

If you need anything to do with that IPv6 connection, get your 400 TerraBytes (!) of warez from news.ipv6.eweka.nl at gigabit speed.

Re:IPv6 for Debian and Ubuntu

[Tony+Hoyle]

It uses 192.88.99.1 - that might have worked a few years ago but increasingly that's not routed any more. eg. of the 3 accounts I have access to here 2 of them return no routing for that address, and the third is the ISP I use from home that has routed ipv6 anyway.

Re:IPv6 for Debian and Ubuntu

[PRMan]

I'm reading this from my other computer, you insensitive clod!

Re:IPv6 for Debian and Ubuntu

[CAPSLOCK2000]

The situation appears to be different where you live, but here in The Netherlands, all providers allow it, and an access router is always very close (and thus fast).

It may have something to do with the fact that no provider offers real IPv6 support, although mine does offer an IPv6 tunnel.

Re:IP4 - elegant IP6 - Rube Goldberg

[bigstrat2003]

I've never, ever had my /etc/hosts file stop working.

That isn't what I meant when I mentioned DNS not working. I meant DNS servers not working properly.

And honestly I can't think of a reason I'd need to get to a machine by IP address rather than hostname in the first place...

Dynamic DNS. You can wind up with two entries for one host, which makes trying to get to said host problematic. Thus, you might need an IP address. Our DDNS isn't working properly where I work, so it comes up about 15% of the time I try to remote in to a computer. I'd fix the DDNS, but I don't have that ability, so I have to get an IP address over the phone from my user, who really likes it (even if they don't know it) that they can give me a nice, manageable IPv4 address, rather than an unwieldy IPv6 address.

Buy Apple.

Seriously. Buy Apple products (e.g. an Airport Extreme and anything running OSX), and get IPv6 not just enabled, but working out of the box.

1. Apple router DHCPs with your ISP, and gets a public IPv4 address as usual.
2. Apple router acts as a DHCP server, serving internal IPv4 addresses and NATing as usual.
3. Apple router sets up a 6to4 interface using the public 6to4 anycast router for tunneling, if needed.
4. Apple router acts as an IPv6 router, sending router advertisement packets, serving IPv6 addresses from within the 6to4 space corresponding to its public IPv4 address.

That wasn't so hard, was it?

I'm sure some people that don't know anything about IPv6 will reply, saying "oh, that's not actually IPv6!" They're wrong. Granted, it's not end-to-end IPv6, but that's not actually needed to reap some benefits. If you have a 6to4 address, and I have a 6to4 address, our respective routers will send IPv6 packets over the public IPv4 internet: no tunnels, no suboptimal routes.

The IPv6 addresses used by clients behind the router are public, world-routable, and non-NAT, without needing the ISP to do anything. Since OSX ships with IPv6 enabled by default, this means any Mac behind a recent Apple router has untranslated, unfettered, bidirectional access to the IPv6 internet. No accounts with tunnel brokers, no manual configuration at all -- plug it in, and you're done.

Re:Buy Apple.

[Pentium100]

I'm sure some people that don't know anything about IPv6 will reply, saying "oh, that's not actually IPv6!" They're wrong. Granted, it's not end-to-end IPv6, but that's not actually needed to reap some benefits. If you have a 6to4 address, and I have a 6to4 address, our respective routers will send IPv6 packets over the public IPv4 internet: no tunnels, no suboptimal routes.

And how is that better than VPN over IPv4?

Re:Buy Apple.

It's global, standard, requires zero configuration, and seamlessly bridges you with the native IPv6 internet, even though your bass-ackwards ISP only runs IPv4.

Re:Buy Apple.

[Pentium100]

Is it possible to do this thing in reverse? That is to access IPv6 network while my LAN is IPv4.

And no, I do not want all of my network devices to be accessible from the internet. If I want to access them, I use VPN (while it requires configuration, it also makes it impossible for anyone to connect to my local network without me giving them permission (and a certificate)).

Of course, I want certain applications to be accessible (like Bittorrent), that's why I use port forwarding.

Also, not everyone needs an external IP address. For example: a small company that uses internet only for web browsing and email. They now have a NAT router with no ports forwarded. They could even be under the ISPs NAT and would not feel a difference (although they have a single public IP).

Why would I want to use NAT even if I had to use IPv6 for my local network? Easy - so that I can hide the number of PCs I have connected to my network from my ISP. All they would see is a single IP in use...

About NAT hole punching: how do you do it without any help from the inside? If you can't then NAT is a very good security measure (like a firewall, deny by default)

Stages of Grief

[georgewilliamherbert]

Network architects and admins with clue are currently at the "Depression" stage (4th stage).

Why Slashdot feels that putting up a commentary authored by someone who's still in the first stage ("Denial") is useful to anyone is beyond me.

IPv4 exhaustion is coming. CIDR got us from the mid-90s until now. But it's coming now. Please stop denying, being angry, trying to bargain it away. Hopefully we'll all move past depression into acceptance (as vendors and infrastructure gets ready) before it hits. But I know a lot of smart people who would prefer to retire in the next 2 years instead of be there when it hits.

They probably won't, but would like to...

Re:Stages of Grief

Network architects and admins with clue are currently at the "Depression" stage (4th stage).

Network architects and admins with clue start at the depression stage. It is only after everything has been configured and running smoothly for several months that they progress to the next depression stage.

Re:Stages of Grief

[sjames]

It's not actually that hard to go with a dual stack these days. It was a lot harder a few years ago before OS support was really complete.

Starting now with 6in4 addressing is a great idea for anyone who'll have to switch 'for real' later.

The big troubles seem to be in the non 6to4 space where you're dependent on other router admins who aren't up to speed on v6 yet.

IPv6 is just big dumb spackle, like Vista

[Sarusa]

Instead of fixing some of the known flaws in IPv4, IPv6 is just spackle over the cracks. I'm not going to go into detail on it here, but if you care what they are, read John Day's 'Patterns in Network Architecture'. Really, the only reason to go IPv6 is to get more addresses, which is only sufficient and compelling if that is the reason you need it, just like there's no compelling reason to go from XP to Vista unless you need DX10.

But Vista has MS shoving it down everyone's throats (by trying its damndest to make sure you can't get a new computer without it), and there's nobody doing the same for IPv6 unless China becomes it that player, which seems unlikely globally for a while (since they want an insulated network).

You might reasonably argue that if IPv6 had tried to actually fix some of the architectual problems of IPv4 that it might have taken much longer. But now you've got a (relatively) simple solution that nobody really needs and has been languishing for years because of that, so I'm not sure how much time has been really saved here.

Re:IPv6 is just big dumb spackle, like Vista

[gbjbaanb]

Don't forget no-one needed to go to Vista, but some did. Only a few people needed 64-bit, but a lot went for it (including those with 64-bit CPUs running a 32-bit OS).

If home routers could handle it transparently, I reckon we'd be running it without anyone hardly knowing (and home users would probably be running IPv6 by default, "I just plugged it in and it worked, what's an IP address?"), but until they do (we should lobby Netgear, D-Link etc) we're stuck with IPv4.

Re:IPv6 is just big dumb spackle, like Vista

[Sarusa]

Yeah, I agree with this - it's not that I'd have a problem going to IPv6 if there's a compelling reason, and I certainly didn't mean to bag on people who have transitioned to it because they need it (sorry if it sounded that way).

But as you say the last hop is a big issue. I don't think any ISP is going to roll out anything that creates more tech support issues without a huge benefit to them. And then you have the chicken/egg thing where IPv6 default in home routers would cause more tech support calls to the router makers, who don't want that either.

A little googling finds that Earthlink apparently created a beta Linksys firmware with IPv6 in it, not much followup though.

Some companies dont' even WANT to use public IPs

[Sycraft-fu]

Even if you said "Here, have a /8 completely free, use whatever you like," they'd still want to do NAT. Why? Privacy and security. NAT automatically gives a good measure of security. You have an inbound firewall by default, simply because of how it works. You have to explicitly set up any inbound ports to be forwarded. Also this means that to get to any system that doesn't have a forwarded port, you'll have to get access to a system that does. With public IPs, there is always the possibility that the firewall fails or is shut off and you can get at a system. With NAT, you have to get inside to be able to get at anything.

Privacy you also get just by the way NAT works. Since you have many people using a few (or one) IP addresses, it is much harder to track what any given computer is doing. Web browsing can be tracked with things like cookies (if the client accepts them) but over all you really can't tell what is going on for a given system inside the network.

So NAT is something companies may well want to keep doing, even if they don't have to.

Re:IP4 - elegant IP6 - Rube Goldberg

[Just+Some+Guy]

So you've never needed to troubleshoot a network problem. Good for you.

No, it's that (like others have mentioned) hosts file always work. Failing that, cat /etc/resolv.conf gives me the address of the nameservers if they're broken (not that they've ever all died simultaneously) and I need to connect in. Finally, remember that all the addresses in your company will have a static prefix that will be an even multiple of 16 bits in length, like AAAA:BBBB:CCCC. Memorize that. Your own machine's host portion will look like 21f:d0ff:fe22:b8a8. Honestly, I have passwords longer than that. I'm not a super-genius, but this is within my abilities. It's not like Jane Secretary's going to have to learn this stuff.

Anyway, it sounds like your need to memorize a whole slew of addresses is due to the incompetence of your network administrators. I'd say that is the fundamental problem that needs to be addressed. No pun intended.

But regardless of all else, we're running out of IPv4 addresses. You will have to learn longer addresses at some point, so you might as well get used to it.

der da der

[janeuner]

Because anycast, address scope, and multihoming aren't features; they are just synergistic advertising.

Seriously, if you are going to cite a book, you should really try reading it first. The fact that you don't understand the uses for these features does not mean that they are neither useful nor necessary.

Re:der da der

[Sarusa]

Hmmm, not even sure how to answer this, since there's not even any agreement yet on how to have IPv6 handle multihoming - since it didn't bother to fix the problems of IPv4 in this regard people are not quite sure what to do with it. PIAS is a quickie hack to get something out there, and I don't think even IPv6 proponents would consider this sufficient.

Anycast is nice to have 'built in', I guess but not something that you can't already do with IPv4. Sadly I think this is mostly used in practice as a 4/6 transition mechanism.

Basically I don't agree with you that any of these are even as compelling for most people as the increased address range. But apparently to you that just makes me 'duhhhhhhhhhhhhh' and a troll. Keep fighting the good fight, sir, perhaps some incisive 'Yo momma so fat she need IPv8' putdowns to get your point across.

So do I

[Fred+Ferrigno]

But they all share the same IP address.

The industry is putting its efforts into NAT so that it becomes less crappy and more functional every day. Eventually, it won't matter that you don't have a uniquely addressable IP address.

Re:So do I

[jonbryce]

They don't. They are on four different ISPs on four different telephone networks.

Re:So do I

[Firehed]

Until you go insane trying to remember your port mappings when trying access services on a specific machine behind the firewall. Maybe you enjoy having to remember that IP:5900 maps to VNC on your main system, :5901 to the laptop, :5902 to the fileserver, etc. I tend to find it a bit annoying. Especially as almost all of my systems have VNC, SSH, FTP, HTTP, and a couple of other services running, so I need to remember which port maps to maps to a certain service on a certain machine. Short of setting up some sort of domain controller that would make subdomain-based conversions that achieve the same effect (beyond my current scope of knowledge, never mind the pointless hardware costs)... it's just a pain in the ass.

Of course this isn't a problem for the typical home user, but as remote access protocols and systems become increasingly common among normal users (think Back to my Mac, except functional) it'll become a problem very quickly. There may still be firewall issues, but at least you won't have to worry about port collisions when accessing things outside of the local network.

Re:So do I

[Fred+Ferrigno]

Until you go insane trying to remember your port mappings when trying access services on a specific machine behind the firewall.

Frankly, a 32-digit hex number is harder to remember than at most 17 decimal digits of IP and port. Regardless, if a "typical home user" ever has to know what a port or an IP address is, typical home users won't bother with it at all.

What they might try is something like GoToMyPC, which works fine with NAT. That's really what I'm talking about. There's a lot of active development going on to workaround NAT's problems because the workarounds are easier than the solution (IPv6).

Japan also.

[Ungrounded+Lightning]

Can't sell networking equipment into the gadget capital of the world unless it does v6.

I know. Because we do.

Anyone know of a way to undo moderations?

[sega01]

I accidentally moderated a comment with the wrong option but did not see how to undo it. I know that I can do so by making, but there must be a better way. On a side note, these comments are filled with FUD, mostly from people who have only heard a few rumors about what IPv6 is. Some really good comments though, but definitely a number that need to read more than a paragraph on what IPv6 is and how it works.

Re:Anyone know of a way to undo moderations?

I know that I can do so by making

Too much information. yuck.

Re:IP4 - elegant IP6 - Rube Goldberg

[bigstrat2003]

21f:d0ff:fe22:b8a8

16 bits of hex falls within the range of what I'd consider a pain in the ass to memorize, but I am admittedly not a good memorizer.

Anyway, it sounds like your need to memorize a whole slew of addresses is due to the incompetence of your network administrators. I'd say that is the fundamental problem that needs to be addressed. No pun intended

Yes, that's accurate, but my point wasn't that IPv6 was the problem, merely that since we already have one big problem, IPv6 makes it worse.

But regardless of all else, we're running out of IPv4 addresses.

I agree with the person who said elsewhere that NAT solves this problem much more neatly than IPv6. How many routable addresses do you really need, even at the biggest companies? It surely can't be that many (1000, tops?), and for the rest, you can use the 10.0.0.0 block, and use NAT. I can't imagine that having 16 million addresses for your internal network wouldn't be sufficient.

IPv11

[newr00tic]

IPv11!

As Long As You Can Connect...

[Nom+du+Keyboard]

As long as you can connect to the sites you want to connect to on the Internet there is no business case for IPv6.

The day you can't connect then the business case is made.

We need a new Godwin's Law for Global Warming

[Ungrounded+Lightning]

This is a bit like saying there is no business case for doing something about climate change. ...

Oh, no! Now we have a Global Warming take on IPv6 adoption!

I think it's time for a new version of Godwin's law with Global Warming / Climate Change substituted for NAZIs:

As a scientific, technological, or political discussion or grant proposal grows longer, the probability of an assertion of a tie-in to climate change approaches one.

= = =

I realize you may have had a serious point. But (like NAZI analogies) the global warming tie-in has been used so often, and so inappropriately, that it's painful to read past it to search for any real meat in such a posting.

Re:We need a new Godwin's Law for Global Warming

[stevied]

Heh, fair enough - and that sort of "Oh God, not again .." reaction is probably similar to the one many people get with IPv6.

I suppose on the surface, climate change seems more serious - after all, so what if the internet breaks? Humanity survived quite well for thousands of years without it, after all. But we've never had to keep ~7 billion people alive at the same time before, and we couldn't do that without a modern technological society, which in turn is underpinned by decent comms.

I guess I've now compounded my sins by escalating from climate change analogies to predicting the end of civilization if IPv6 isn't rolled out ;-) But what I'm really saying is that we need a more responsible, global attitude to critical bits of 'infrastructure', whether that's packet-switched networks or the fundamentals of the biosphere.

Don't get me wrong, I'm not an ultra-leftie, I think there's plenty of room for competition in true capitalist style, but I also think there are some underlying foundations / fundamental platforms that have to be treated differently. Hopefully business will come to realise this on its own, as trying to force the issue (regulation, nationalization, etc.) rarely seems to work in the long-term.

Availability of hardware

[Teun]

From the techs at my ISP I understand there are serious problems with availability of IPv6 hardware, especially good load balancers seem to be non existent.

So until then they won't be pushing IPv6 although it is available and even supported for the curious and brave.

NAT is *not* a security technology.

[Cajal]

Repeat it until it sinks in. In some cases it is possible to tunnel through NAT routers. And there are several attacks that do not depend on the victim having a public IP address. If you want security, use a firewall, anti-virus and anti-spyware technology.

Multicast

[wrt]

I figured a big driver for IPv6 would be support for multicast, especially for use in audio/video services. In fact I think the AT&T U-Verse service uses IPv6 for its IPTV.

Re:Multicast

[Wesley+Felter]

In the v4 Internet, multicast exists but is usually disabled (except U-Verse).
In the v6 Internet, multicast will exist but be disabled (except maybe U-Verse).

Re:Multicast

[paul248]

But at least multicast is guaranteed to be available to the local Ethernet link. You can't resolve addresses without it.

Re:Multicast

[Wesley+Felter]

Big deal. That's not a reason to adopt IPv6.

Um,

[rickb928]

"by not extending IPv6 support into very many of its apps"

You're doing it wrong.

Your apps should be relying on the OS to handle the nastiness of networking. It's the OS, stupid Microsoft.

Sheesh. No wonder IPv6 is apparently the missing link to Duke Nukem 'whatever.

Re:Um,

[petermgreen]

Your apps should be relying on the OS to handle the nastiness of networking.
Maybe they should but the fact is that details on the addressing scheme are exposed to applications.

A lot of sockets using apps are written with the assumption that they will only ever be used on IPV4 sockets. IPV6 requires larger sockaddr structures and new name/address conversion routines. There can often be other complications too like configuration files that use : as a field seperator.

A question that's not being asked.

[techno-vampire]

The summary refers to a possible "killer app" for IPv6. Now, AIUI, a killer app is something that can be done on the new platform, or with the new OS that couldn't be done before, or not very well and everybody wants. An example might be a new game that allowed you to rotate your POV around your character would have been a killer app when 3D graphics cards first came out; Bit Torrent would fit for broadband. What, however, would be a killer app for IPv6? What is there that you can do with it, from the end-user's POV that Just Doesn't work now? I'm not saying that there can't be one, but as of right now, nothing comes to mind.

Re:A question that's not being asked.

[rantingkitten]

One thing that comes to mind is NAT traversal, which is a huge problem in industries such as VoIP which is gathering more and more steam. Even with workarounds like STUN, ICE, having the devices register with a proxy every thirty seconds, etc, it doesn't always work. I'll agree this isn't usually a problem for large companies with competent network administrators but it is a huge problem for medium and small businesses who don't have IT staff, know jack about anything, plug their IP phones into "the internet" and run into all kinds of problems because their local router might be using one of several different and often conflicting NAT implementations.

There are tens of thousands of little companies like that, and to them, VoIP is a very attractive alternative to traditional PBX systems because of price, so they flock to it and then have to dance around the issues that NAT brings up. IPv6 would alleviate such issues.

Since I'm in the VoIP industry and see this all the time, it's the most obvious example I could come up with. But then there are random other things -- pretty much any service you want to run from behind NAT requires setting up port forwarding, and not all businesses have a) the IT staff who are bright enough to set that up (sadly), or b) the money to throw at routers that can handle more than ten or twelve such forwards.

Sure, most of us here snicker because these are trivial configurations, but to bewildered business types who don't have the staff to do this (and even those who do, because so many self-proclaimed network admins are just idiots), this kind of stuff is a big deal.

Re:A question that's not being asked.

[techno-vampire]

There's one good thing about VIOP from the IT viewpoint: nobody can call you to tell you the network's down.

Seriously, though, I can't see it as the killer app; there's nothing in it that you can't do now, IPv6 just makes it easier. Of course, I'm not involved in that type of thing, and you may well be right. Only time will tell, and it hasn't as of yet.

Re:IP4 - elegant IP6 - Rube Goldberg

[Firehed]

Lucky you. There's not a system on my home network that can be reliably accessed through anything but the IP address. I've experienced the same reliability on every network I've ever touched.

Now internet-wide DNS is pretty damn solid, but that tends to happen when there are about seven levels of fall-back. LANs tend not to be nearly that robust.

Having said that, IPv6 addresses are stupidly over-complicated. Adding two groups onto IPv4 would probably have been more than enough for quite a number of years to come (281,474,976,710,656 IPs should be plenty for a while), even if it's not quite as futureproof as IPv6 which is something like 1 IP for every four atoms in the universe.

Apple iTunes 8

Well, Apple seem to have found a business case, although I'll be damned if I know what it is: iTunes 8 requires IPv6 to be enabled, otherwise you're unable to stream to Airtunes.

Why, I have no idea.

Re:Apple iTunes 8

Because it's Apple and they have to be different to everyone else, that's why.

I'll give you a business case

[SirShadowlord]

...In _one_ customer deployment We're deploying 1.7 million devices over 1200 mobile subnetworks in under 18 months. Each device needs to be capable of self addressing and migrating from subnetwork to subnetwork subject to the local RF conditions.

These devices need to be uniquely addressable from existing Unix hosts, as well as capable of being monitored from current Enterprise Network Element Managers.

We've further hypothesized that by 2012 as many as fifty of these networks will be in existence, each of which may need to have all their nodes addressable by multiple vendors.

There is your business case for IPV6.

Ironically, internally, in our company, and on all of our servers - we are 100% split stack. No desire whatsoever to run IPV6 pure environments. NAT does everything we need. Don't even run IPV6 on our IPSEC Remote Access VPN or 802.11 environment.

and IPv6-only web sites?

Many companies do not need public IP addresses, yet they have large networks

And when ARIN or RIPE or APNIC run out of IPv4 addresses, and can only assign public IPv6 addresses, it means the web sites you want to talk to will be on IPv6.

You can be IPv4-only internally all you want, but at the very least you need to be able to route IPv6 HTTP (and FTP, etc.) requests out to the world. When your desktop clients does a look up, and all it gets back is a AAAA response, having a IPv4-only network won't seem like a good idea anymore.

absolutely NO shortage of IP addresses

There are plenty of IPv4 addresses available. It's just that so few of them are being actively used. There is a simple market solution to the problem.

Charge $1/year for *every* IP address and see how many free up. You think that MIT will pay $16m/year for its allocation?

If that doesn't free up enough addresses, charge $1/month for *every* IP address. You'll free up enough to defer the "exhaustion" problem for about 50 years.

Re:absolutely NO shortage of IP addresses

[Cajal]

You cannot simply impose charges on allocations which have already been made. These sort of "simplistic" solutions are just non-sense.

Re:absolutely NO shortage of IP addresses

Easy enough to fix. Instead of relying on the moderation system, just charge $1 per non-sense "simplistic" comment.

I guarantee that will free up enough room for 50 years of Soviet Russia jokes.

Re:absolutely NO shortage of IP addresses

[petermgreen]

I strongly suspect the result of that would be the major ISPs telling ICANN to go screw themselves.

Re:absolutely NO shortage of IP addresses

[sjames]

Charge $1/year for *every* IP address and see how many free up. You think that MIT will pay $16m/year for its allocation?

So you're suggesting a 10% price increase?

A class C from ARIN is 2500/year now.

If that doesn't free up enough addresses, charge $1/month for *every* IP address. You'll free up enough to defer the "exhaustion" problem for about 50 years.

Net result, home users will be assigned 10.x.x.x addresses and be stuck behind a crappy outbound only NAT by their ISP. SIP phones and P2P will cease to work at all. Prices will go up slightly.

Wrong reasons

[thogard]

We are not out of IPv4 addresses. We are out of unique IPv4 routes. IPv6 doesn't help with that situation.

The proper solution (which I proposed back around '93) was allocate address only in /24 blocks and treat all address blocks as /24 which means every router needs to deal with 16.7 million routes. Using content addressable memory (as used in cache tag ram) and an FPG, routing could be done at wire speeds back then.

Why would M$ support IPv6 in apps...

[Shamenaught]

... when they could make you pay for the upgrade that adds IPv6? They'll release support whenever it's most profitable to do so.

Re:Why would M$ support IPv6 in apps...

[sjames]

... when they could make you pay for the upgrade that adds IPv6? They'll release support whenever it's most profitable to do so.

It's already supported in XP if you install the protocol. In Vista ist's installed and enabled by default.

Any app using the newer standard networking API (getaddrinfo and friends) will automatically use v6 when available.

It became profitable to do so when the U.S. federal government mandated that newly purchased equipment be IPv6 capable by a couple months ago.

Um, what?

[Estanislao+Mart�nez]

If you're one of the people who has enough static IP addresses to serve your needs, you're better off with IPv4, because that will make sure you're among the few who do.

Why would you care whether other people didn't have enough IP to serve their needs? Or, in other words, as long as you don't get fewer IP addresses than you have now, why would you oppose moving to IPv6?

NAT IS a security technology

[Sycraft-fu]

I don't care if your dogma tells you it isn't, it is by the way it works. That doesn't mean it should be your only security, or that it is perfect. However this idea that it isn't security is stupid. It sounds like crap that people from the half-assed "hacker" certification classes spew. Real security comes in many forms and from defense-in-depth. NAT can be a good part of that. While I wouldn't say use NAT instead of a firewall, I think NAT and a firewall can be a great thing.

Re:NAT IS a security technology

[Cajal]

There are many, many attacks which work despite NAT. And in some cases an attacker can still connect to NATted machine. NAT is not a security technology. This is not dogma. This is just reality.

Re:NAT IS a security technology

[Sycraft-fu]

There are many, many attacks which work despite a firewall, and in some cases an attacker can still connect to a firewalled machine. What's your point? What you said is as true for firewalls as it is for NAT. Sorry, but it is in fact a security technology.

Re:NAT IS a security technology

[Cajal]

My point, for the last time, is that none of the perceived security benefits of NAT actually exist.

Re:Some companies dont' even WANT to use public IP

[SanityInAnarchy]

With public IPs, there is always the possibility that the firewall fails or is shut off and you can get at a system. With NAT, you have to get inside to be able to get at anything.

In that sense, it's also always possible that the NAT gets shut off -- thus implying that a handful of computers on your network have live Internet IP addresses, and the rest are denied DHCP access -- or it's possible that it fails, as is the case with things like NAT hole punching.

Privacy you also get just by the way NAT works. Since you have many people using a few (or one) IP addresses, it is much harder to track what any given computer is doing.

An anonymizer may make sense for an individual behind the NAT, but I doubt it helps the corporation at all. In fact, if I get a ton of spam, and I send mail to your domain saying "It's from <IP>", wouldn't you rather know exactly which computer that IP corresponds to, so you can shut it down?

Since the corporation has no real reason to provide that privacy, why should it be their obligation?

Re:IP4 - elegant IP6 - Rube Goldberg

[SanityInAnarchy]

So you've never needed to troubleshoot a network problem. Good for you.

Correction: Never needed to troubleshoot a DNS network problem.

And DNS is solveable -- one example is to perform a query on 4.2.2.1, since they're usually working.

For example, where I work, our dynamic DNS is broken, and the server team refuses to work on the problem (or delete bad entries...).

So the rest of the Internet should be held back, just so your server team doesn't have to do the work they're paid for?

So, when I want to work on one of my user's machines remotely, I sometimes need to find out from the user what their IP address is.

If they've got any connectivity at all, the simple solution is to tell them to paste that into an IM window. Much easier for IPv4, also -- have them paste a whole ifconfig/ipconfig log, rather than having to keep telling them things to type and guessing at what's wrong.

And what if you suspect the name servers are down, but want to be sure that they are, indeed, the problem? Boy, it would sure be nice to have a nice, easy IPv4 address memorized for testing, than a long, unwieldy IPv6 address.

I suspect that, if this is ever the case, I'll simply write down that IPv6 address and keep it somewhere safe. Maybe a hosts file, maybe a piece of paper.

How many times a month do you suspect the nameservers are down? I can count on one hand.

Re:IP4 - elegant IP6 - Rube Goldberg

[SanityInAnarchy]

When its a device without a DNS name or entry whose admin interface is set to be accessed via specific IP address? They do exist you know.

Yes -- until I enter them into a hosts file.

Re:IP4 - elegant IP6 - Rube Goldberg

[9Nails]

I agree with the person who said elsewhere that NAT solves this problem much more neatly than IPv6. How many routable addresses do you really need, even at the biggest companies? It surely can't be that many (1000, tops?), and for the rest, you can use the 10.0.0.0 block, and use NAT. I can't imagine that having 16 million addresses for your internal network wouldn't be sufficient.

That's what I feel is the important take away from this. the big Telcom guys might need it, but little ole me on this desktop in my house can care less. My ISP might need my router to be IPv6 compatible so they can interface with many more clients. Maybe my Cel Phone will need it in the future? But from behind a router, I'm always going to run IPV4 inside my networks because they're easier to understand and IPv6 doesn't give me any additional benefit when my 10.6 network is "all that I'll ever need." Right?

Society shouldn't wait for a business case

[registrar]

Business is inherently focused on the short-term, unwilling to take risks, and overly exposed to market-share effects (i.e. network effects). Business alone can't make the leap to IP6.

Government is one of several arrangements by which we make decisions on technical or social cases rather than solely business cases. (Some people think that's a bad thing, and that everything should be entirely economically rational, but we can safely ignore them.)

If there is a technical case for migrating to IP6, which prima facie there is, then some of the cost needs to be borne by government. There are lots of ways of doing that, and it's reasonable for them to bear the cost of kick-starting the IP6 network effect:

• Migrate their own networks wherever there is even a weak business case (i.e. where it is not clearly cost effective, but there are useful technical advantages). Fund migration as part of routine upgrades of university and research institute networks.
• Subsidise telcos to migrate their own networks. In the case of sparsely populated areas where Govt subsidy is necessary for any roll-out, pay the extra cost of IP6.
• Assuming it's easy, but 'people don't know how', provide subsidised or even free technical assistance to small business and geeks who want to migrate. Provide free introductory courses for geeks. Start a network effect for IP6 expertise and knowledge.

Etc.. The point is that any national government can, for a reasonably small up-front cost, arrange it so that their internet infrastructure is way ahead of anyone else's.

Re:There is a business case *in the US*

[wumingzi]

I work for a company in the IT/networking sphere (name omitted to protect the guilty).

The internal (RFC-1918) network is a mess. Years of acquisitions have created overlaps where 10.50.x.x is used in four separate locations on the corporate network, and every owner has given extremely sound reasons why migrating their address space will cause the world to end. If you have to connect two of these locations, you get to do fun stuff with NAT addresses and routing traffic all over creation which will make your eyes bug out.

In addition, there is a point not to far in the future where IP exhaustion will take place. Our numerous public /8s, 10.0.0.0/8, 192.168/16, and 172.16/12 will all be out of IPs to allocate. It is not a "somewhere in the distant future" date. It is on some execs calendar. "This is the day when there will be no more addresses".

Migration to IPv6 is progressing as quickly as humanly possible.

IPv4 no where near exhausted

[FeatherBoa]

If there were a real crunch on IPv4 address space, you'd see 127/8 redefined as 127.0.0/24 to gain back 16 million odd addresses. You'd see legacy class A holders -- Hewlett Packard has at least 2, or 32 million addresses -- auctioning off or leasing out their address space. You'd see IANA raising cash by FTC-style address space auctions like they do with radio bandwidth. You'd see the huge swaths of "reserved" and "experimental" address space, like 240/8 through 254/8 being converted over to CIDR and used for normal IPv4 stuff.

None of that is happening.

Re:IPv4 no where near exhausted

[Cajal]

The policies for address markets are being developed by the RIRs. That will let the legacy class A holders sell off their unused addresses. The RIRS are also changing their IPv6 allocation policies to make it easier to obtain space. As for the Class E's, there have been a few proposals in the IETF to reclassify it for some sort of use. They probably won't be marked for public use, since so many devices are hard-coded not to allow them. But there is discussion about using them for large private networks.

Innovation does not come from the IT department.

[mellon]

These rationalizations all sound great, but they are just that: rationalizations. Corporate users don't operate on a grand level on the basis of rationalizations. Corporate users will not lead the deployment of IPv6.

Who led the personal computer revolution? Corporations? No. Corporations are conservative. They follow the trailing edge, not the leading edge. Corporations adopted PCs because their employees started finding ways around corporate policies /against/ PCs, not because of some grand central plan to do so.

IPv6 adoption will go the same way. Individuals who discover uses for IPv6 will start using it. Departments will adopt it. Large IT organizations will legislate against it. Eventually it'll be deployed because the people who actually use the network will have enough pull to tell the IT departments what to do.

So look for IPv6 adoption to happen first in the home, and later in internal corporate teams, and *finally* at the corporate level. Not vice versa.

A good business case

[sjames]

How about avoiding a repeat of Y2K?

The public side of Y2K is a lot of fear followed by 1 or 2 websites displaying the date wrong, no big deal.

The behind the scenes view is that a lot of corporations shoveled money by the ton to COBOL programmers dragged out of retirement or from the executive ranks (and insisted on executive level pay) in order to have it be "no big deal" when the time came.

Wouldn't it be nice to not discover in a few years that your competition is eating your lunch because a major ISP went v6 (after being denied a v4 block) and that nobody in your organization has any idea how to do v6 or if any of your hardware can handle it?

Re:IP4 - elegant IP6 - Rube Goldberg

[st0rmshad0w]

And when the app you need to use to admin the device has no capacity to use a name to establish a connection? (in this instance I'm referring to a security system building controller that used a proprietary app that connected via IP only)

Re:IP4 - elegant IP6 - Rube Goldberg

[SanityInAnarchy]

And when the app you need to use to admin the device has no capacity to use a name to establish a connection?

If the app is that poorly written, what are the chances it supports IPv6 in the first place? That's a sign you should get a new app, not that there's something wrong with IPv6+DNS.