Slashdot Mirror
IPv6 and the Business-Case Skeptics
Julie188 writes "Experts keep screaming that the IPv4 sky is falling. Three such experts were recently asked point-blank to state an irrefutable business case for moving to IPv6 now, and their answer was more plausible than the old refrain (the lack of addresses and a yet-to-be-seen killer IPv6 app). They said that there isn't a business case. No company that is satisfied with all of its Internet services will need to move, even in the next few years. They also pointed out that Microsoft is a unique position in the industry both causing and hindering IPv6 adoption — causing through its IPv6 support in its OSes, and hindering by not extending IPv6 support into very many of its apps."
There are plenty of business cases for IPv6, you just have to ask business experts, not technology experts...
Countries like China and India, that have lots of people that might one day want to connect, but not a lot of existing infrastructure yet, and certainly not a lot of IP4 addresses, will have a far better motivation than countries that have an abundance of unused addresses.
The killer app will come, alright - just not from the US.
"Boss, I can get an IPv6 tunnel for free so that we can start experimenting and testing. We work with the Department of Defense, and they say that this stuff is important, so with your permission I'd like to spend $0 to start playing with it."
And that's how we came to be on IPv6.
Dewey, what part of this looks like authorities should be involved?
IPv6 will happen when China demands it. China's growing need for IP address space will drive the issue. China needs at least a billion IP addresses. Especially since the Chinese government would like a system where each device has a permanent IP address.
There's no business case if you don't care about growing your network. If you do, you need to care about IPv6, becuase in a few years, it's going to become increasingly difficult to get new public IPv4 addresses.
Actually, Microsoft supports IPv6 in several of its core products. IE, Outlook 2007, Windows Mail/Live Mail and Exchange 2007 support IPv6, as do many of the services in Windows 2008 (IIS, DHCPv6, DNS, POP, CIFS, LDAP, Kerberos, Remote Desktop). Some of these also have IPv6 support on Windows XP (IE, IIS, Remote Desktop, CIFS).
JoeRockHead: What is the status of good security tools for IPv6?
... like Teredo, ISATAP or 6to4. Security awareness is important when deploying IPv6. A lot of potential risks can be solved with prudent configuration, including turning host-based tunnels OFF by default. Command Information has been doing some interesting work in this area.
Fred_Wettling: We have found that several security tools (firewall, IDS, IPS) are ready for IPv6 traffic, others are at varying stages of maturity. While Microsoft should be applauded for its IPv6 deployment in its operating systems, it has not yet addressed IPv6 in its ISA Server that several organizations use for Internet traffic security logging. Current versions of Squid DO support IPv6. The "bad guys" are exploring the use of IPv6 to gain access to systems. A common approach is the use of tunnels that may be turned on in a default configuration
For the consumer how will this roll out? Moving to IPv6 means that I can't use NAT anymore for my home network. That means I need a block of IP addresses assigned to me. So does my telco/cable company have this set up and will it cost me a huge amount to get a block of IPs? If it does, I can see the resistance.
Well, there's spam egg sausage and spam, that's not got much spam in it.
192.168.1.87 -vs- fe80::e1c0:5620:bc95:3c71%9
I see your unwieldly addressing and raise you a DNS.
Besides, if you want to talk Rube Goldberg, check out IPv4's variable-length headers and the processing required to sort them out at line speed.
Dewey, what part of this looks like authorities should be involved?
For a long time, IPv4's limited address space looked to be a problem. And that was the #1 business case behind IPv6.
The problem is, NAT came around at just the right time. Most businesses only need a couple of external addresses, and many end-users don't need one at all.
Test your net with Netalyzr
Actually, Microsoft is the last company to add IPv6 support to its OSs. By the time of arrival of WinXP, most other OSs including Linux, Solaris and BSDs had it atleast for 2 years. And WinXP offered it as an optional protocol that had to be installed manually. Vista is the first version of windows to offer IPv6 in a default install.
The largest prime factor of my UID is 263267.
Number one killer reason to move to IPv6?
IPSec support is mandatory at the stack level, add transport level support, and you can lock down even telnet traffic.
Where you'll see issues is the ISP and government interaction. If all the traffic is encrypted, then you have to rely on other forensic means to guess at what is in the packets.
Though this doesn't mean that all traffic WILL be encrypted, just that it CAN be encrypted.
I see your unwieldly addressing and raise you a DNS.
Because DNS always works properly, and there is never, ever a reason to want to get to a machine by specifying its IP, rather than resolving a hostname. Oh wait...
Your average user doesn't worry about IP addresses now, they utilize DNS. If someone cares about how easy it is to work with an IP address, they're probably a techy who needs to do so for troubleshooting purposes, so giving a smart-ass "use DNS" response doesn't help them.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
The reason no one upgrades is that the new "standard" is not simply interoperable with the old. When color TV came out you could still watch the same programming on you B/W. It is not the case with IPv6. You need new routers, new software, new DNS and to train your people. Sure Apache 2.0 and Vista work but an Apache configured just with IPv6 can not serve people on the "internet" (yea yea build a bridge yada yada yada)
Please, the spec is bad just for this reason. The simple basic requirement for new addressing scheme is that it works with existing equipment.
Time to start over with a new spec.
And nobody's preventing you to use NAT, except that you might have to code it yourself.
Me I'm on IPv6 thanks to my ISP (Free.fr) having implemented it; but there isn't much to do there.
You can do port forwarding without NAT.
And he's wrong, nothing's preventing you from doing NAT on IPv6, except that it's probably never been implemented since it's kinda pointless.
Not to mention fragmentation processing by routers.
If someone cares about how easy it is to work with an IP address, they're probably a techy who needs to do so for troubleshooting purposes,
Correction: they're a tech on a tiny network where they're used to memorizing the DNS zones. At this very moment, I'm not sure I can tell you the IP of the webserver I work on most often - not because I never access it, but because I've been accessing it via DNS for the last five years and have never once in that time needed to connect via IP.
so giving a smart-ass "use DNS" response doesn't help them.
Neither does giving a dumbass "cant remember numb3rz lol" response.
Dewey, what part of this looks like authorities should be involved?
This is a bit like saying there is no business case for doing something about climate change. Sure, I can't tell anyone that specific bits of their infrastructure are going to get wiped out by hurricanes, or that particular segments of their markets are going to be bankrupted and / or drowned by rising sea levels, but that doesn't mean it's not a good idea.
Similarly, I can't forecast what the oil price is going to do, whether it will be higher or lower in 12 months time than it is now. I don't know when we will hit peak oil, or if we've hit it already, and I don't know the exact consequences of that. But that certainly doesn't mean that looking at ways of reducing energy requirements, and alternative sources for them, isn't a good idea.
I can't say what will happen as IPv4 address scarcity hits. Will people be denied allocations outright? I doubt it. Will small blocks of addresses in random parts of the address space be auctioned to the highest bidders? Seems more likely. Will dealing with the huge routing tables caused by all those disconnected little blocks put stress on routers, causing reliability issues and more money to be spent on upgrades? Quite possibly. Will we see people rolling out multiple layers of NAT, and all sorts of ugly application-helpers? Probably. Will it be reliable? I doubt it.
Times are hard economically now, and as a result people pull their horns in and look for hard, specific reasons to justify effort and expenditure, particularly immediate, short-term reasons. But short-termism got us into the current (economic) mess in the first place. Step back, look at the big picture. Yes, it's fuzzy. That doesn't mean there aren't obvious trends, obvious problems -- and also some reasonably obvious, big-picture solutions.
I've never, ever had my /etc/hosts file stop working. Ever. Even when my NIC was eaten by a dog, I was still able to resolve hostnames to IP address for systems where I already knew the IP address through some manual information exchange.
And honestly I can't think of a reason I'd need to get to a machine by IP address rather than hostname in the first place, other than the DNS server itself (an address that IPv6 auto-config and DHCPv6 both can provide for me).
Sure - let's blame Microsoft for IPv6 adoption as well! I know there are tunneled IPv6 connections available that are free, but there should be more support from ISP's for native IPv6 connections. I work in a major data centre and the IPv6 adoption rate and carriers that offer IPv6 connections is low. Microsoft being 2 years late in support IPv6 is a poor excuse.
I've noticed recently that an awful lot of *nix based software is now supporting IPv6, either in the upstream source or added by distributions.
A lot of the demand for new addresses (and hence possibly for IPv6) will be on the smaller and / or more portable devices (phones, netbooks, set-top boxes) that often run Linux anyway.
I also note that the KDE guys are porting to Windows. I don't specifically know whether their apps generally support IPv6 already, and if so whether their Windows ports will, but I can't imagine it will be hard to add, or that it will be long before someone does.
In a nutshell, if Windows apps don't provide support, there will be workarounds. Workarounds, indeed, that might act as incentives to get people off Windows onto other, freer platforms ..
When its a device without a DNS name or entry whose admin interface is set to be accessed via specific IP address? They do exist you know.
Comcast Business case is for you to pay per PC just like you do with the cable boxes / cable cards.
Correction: they're a tech on a tiny network where they're used to memorizing the DNS zones. At this very moment, I'm not sure I can tell you the IP of the webserver I work on most often - not because I never access it, but because I've been accessing it via DNS for the last five years and have never once in that time needed to connect via IP.
So you've never needed to troubleshoot a network problem. Good for you.
Your assumption that anyone who needs to know an IP address must be working with a tiny, memorizable DNS zone is completely false. Like I said, DNS is something that can break. For example, where I work, our dynamic DNS is broken, and the server team refuses to work on the problem (or delete bad entries...). So, when I want to work on one of my user's machines remotely, I sometimes need to find out from the user what their IP address is. Now, I don't know about you, but I'd much rather deal with repeating "192.168.1.87" over the phone than "fe80::e1c0:5620:bc95:3c71%9" (to use the previous example).
And what if you suspect the name servers are down, but want to be sure that they are, indeed, the problem? Boy, it would sure be nice to have a nice, easy IPv4 address memorized for testing, than a long, unwieldy IPv6 address.
Your lack of ability to imagine situations where knowing IP addresses is useful does not mean that they don't exist.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
If you are running Debian or Ubuntu (or another Debian derivative) and want to run IPv6, go to:
http://debian6to4.gielen.name/ - IPv6 for Debian and Ubunutu
This site generates an IPv6 configuration specific for your machine. The only thing you need is a working internet connection, which you have, otherwise you wouldn't be reading this.
I've never, ever had my /etc/hosts file stop working.
That isn't what I meant when I mentioned DNS not working. I meant DNS servers not working properly.
And honestly I can't think of a reason I'd need to get to a machine by IP address rather than hostname in the first place...
Dynamic DNS. You can wind up with two entries for one host, which makes trying to get to said host problematic. Thus, you might need an IP address. Our DDNS isn't working properly where I work, so it comes up about 15% of the time I try to remote in to a computer. I'd fix the DDNS, but I don't have that ability, so I have to get an IP address over the phone from my user, who really likes it (even if they don't know it) that they can give me a nice, manageable IPv4 address, rather than an unwieldy IPv6 address.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
Network architects and admins with clue are currently at the "Depression" stage (4th stage).
Why Slashdot feels that putting up a commentary authored by someone who's still in the first stage ("Denial") is useful to anyone is beyond me.
IPv4 exhaustion is coming. CIDR got us from the mid-90s until now. But it's coming now. Please stop denying, being angry, trying to bargain it away. Hopefully we'll all move past depression into acceptance (as vendors and infrastructure gets ready) before it hits. But I know a lot of smart people who would prefer to retire in the next 2 years instead of be there when it hits.
They probably won't, but would like to...
Instead of fixing some of the known flaws in IPv4, IPv6 is just spackle over the cracks. I'm not going to go into detail on it here, but if you care what they are, read John Day's 'Patterns in Network Architecture'. Really, the only reason to go IPv6 is to get more addresses, which is only sufficient and compelling if that is the reason you need it, just like there's no compelling reason to go from XP to Vista unless you need DX10.
But Vista has MS shoving it down everyone's throats (by trying its damndest to make sure you can't get a new computer without it), and there's nobody doing the same for IPv6 unless China becomes it that player, which seems unlikely globally for a while (since they want an insulated network).
You might reasonably argue that if IPv6 had tried to actually fix some of the architectual problems of IPv4 that it might have taken much longer. But now you've got a (relatively) simple solution that nobody really needs and has been languishing for years because of that, so I'm not sure how much time has been really saved here.
Even if you said "Here, have a /8 completely free, use whatever you like," they'd still want to do NAT. Why? Privacy and security. NAT automatically gives a good measure of security. You have an inbound firewall by default, simply because of how it works. You have to explicitly set up any inbound ports to be forwarded. Also this means that to get to any system that doesn't have a forwarded port, you'll have to get access to a system that does. With public IPs, there is always the possibility that the firewall fails or is shut off and you can get at a system. With NAT, you have to get inside to be able to get at anything.
Privacy you also get just by the way NAT works. Since you have many people using a few (or one) IP addresses, it is much harder to track what any given computer is doing. Web browsing can be tracked with things like cookies (if the client accepts them) but over all you really can't tell what is going on for a given system inside the network.
So NAT is something companies may well want to keep doing, even if they don't have to.
So you've never needed to troubleshoot a network problem. Good for you.
No, it's that (like others have mentioned) hosts file always work. Failing that, cat /etc/resolv.conf gives me the address of the nameservers if they're broken (not that they've ever all died simultaneously) and I need to connect in. Finally, remember that all the addresses in your company will have a static prefix that will be an even multiple of 16 bits in length, like AAAA:BBBB:CCCC. Memorize that. Your own machine's host portion will look like 21f:d0ff:fe22:b8a8. Honestly, I have passwords longer than that. I'm not a super-genius, but this is within my abilities. It's not like Jane Secretary's going to have to learn this stuff.
Anyway, it sounds like your need to memorize a whole slew of addresses is due to the incompetence of your network administrators. I'd say that is the fundamental problem that needs to be addressed. No pun intended.
But regardless of all else, we're running out of IPv4 addresses. You will have to learn longer addresses at some point, so you might as well get used to it.
Dewey, what part of this looks like authorities should be involved?
Because anycast, address scope, and multihoming aren't features; they are just synergistic advertising.
Seriously, if you are going to cite a book, you should really try reading it first. The fact that you don't understand the uses for these features does not mean that they are neither useful nor necessary.
Can't sell networking equipment into the gadget capital of the world unless it does v6.
I know. Because we do.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I accidentally moderated a comment with the wrong option but did not see how to undo it. I know that I can do so by making, but there must be a better way. On a side note, these comments are filled with FUD, mostly from people who have only heard a few rumors about what IPv6 is. Some really good comments though, but definitely a number that need to read more than a paragraph on what IPv6 is and how it works.
21f:d0ff:fe22:b8a8
16 bits of hex falls within the range of what I'd consider a pain in the ass to memorize, but I am admittedly not a good memorizer.
Anyway, it sounds like your need to memorize a whole slew of addresses is due to the incompetence of your network administrators. I'd say that is the fundamental problem that needs to be addressed. No pun intended
Yes, that's accurate, but my point wasn't that IPv6 was the problem, merely that since we already have one big problem, IPv6 makes it worse.
But regardless of all else, we're running out of IPv4 addresses.
I agree with the person who said elsewhere that NAT solves this problem much more neatly than IPv6. How many routable addresses do you really need, even at the biggest companies? It surely can't be that many (1000, tops?), and for the rest, you can use the 10.0.0.0 block, and use NAT. I can't imagine that having 16 million addresses for your internal network wouldn't be sufficient.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
IPv11!
A horse can't be sick, you know, even if he wants to.
As long as you can connect to the sites you want to connect to on the Internet there is no business case for IPv6.
The day you can't connect then the business case is made.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
This is a bit like saying there is no business case for doing something about climate change. ...
Oh, no! Now we have a Global Warming take on IPv6 adoption!
I think it's time for a new version of Godwin's law with Global Warming / Climate Change substituted for NAZIs:
As a scientific, technological, or political discussion or grant proposal grows longer, the probability of an assertion of a tie-in to climate change approaches one.
= = =
I realize you may have had a serious point. But (like NAZI analogies) the global warming tie-in has been used so often, and so inappropriately, that it's painful to read past it to search for any real meat in such a posting.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
So until then they won't be pushing IPv6 although it is available and even supported for the curious and brave.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
Repeat it until it sinks in. In some cases it is possible to tunnel through NAT routers. And there are several attacks that do not depend on the victim having a public IP address. If you want security, use a firewall, anti-virus and anti-spyware technology.
"by not extending IPv6 support into very many of its apps"
You're doing it wrong.
Your apps should be relying on the OS to handle the nastiness of networking. It's the OS, stupid Microsoft.
Sheesh. No wonder IPv6 is apparently the missing link to Duke Nukem 'whatever.
deleting the extra space after periods so i can stay relevant, yeah.
The summary refers to a possible "killer app" for IPv6. Now, AIUI, a killer app is something that can be done on the new platform, or with the new OS that couldn't be done before, or not very well and everybody wants. An example might be a new game that allowed you to rotate your POV around your character would have been a killer app when 3D graphics cards first came out; Bit Torrent would fit for broadband. What, however, would be a killer app for IPv6? What is there that you can do with it, from the end-user's POV that Just Doesn't work now? I'm not saying that there can't be one, but as of right now, nothing comes to mind.
Good, inexpensive web hosting
They don't. They are on four different ISPs on four different telephone networks.
Until you go insane trying to remember your port mappings when trying access services on a specific machine behind the firewall. Maybe you enjoy having to remember that IP:5900 maps to VNC on your main system, :5901 to the laptop, :5902 to the fileserver, etc. I tend to find it a bit annoying. Especially as almost all of my systems have VNC, SSH, FTP, HTTP, and a couple of other services running, so I need to remember which port maps to maps to a certain service on a certain machine. Short of setting up some sort of domain controller that would make subdomain-based conversions that achieve the same effect (beyond my current scope of knowledge, never mind the pointless hardware costs)... it's just a pain in the ass.
Of course this isn't a problem for the typical home user, but as remote access protocols and systems become increasingly common among normal users (think Back to my Mac, except functional) it'll become a problem very quickly. There may still be firewall issues, but at least you won't have to worry about port collisions when accessing things outside of the local network.
How are sites slashdotted when nobody reads TFAs?
Lucky you. There's not a system on my home network that can be reliably accessed through anything but the IP address. I've experienced the same reliability on every network I've ever touched.
Now internet-wide DNS is pretty damn solid, but that tends to happen when there are about seven levels of fall-back. LANs tend not to be nearly that robust.
Having said that, IPv6 addresses are stupidly over-complicated. Adding two groups onto IPv4 would probably have been more than enough for quite a number of years to come (281,474,976,710,656 IPs should be plenty for a while), even if it's not quite as futureproof as IPv6 which is something like 1 IP for every four atoms in the universe.
How are sites slashdotted when nobody reads TFAs?
...In _one_ customer deployment We're deploying 1.7 million devices over 1200 mobile subnetworks in under 18 months. Each device needs to be capable of self addressing and migrating from subnetwork to subnetwork subject to the local RF conditions.
These devices need to be uniquely addressable from existing Unix hosts, as well as capable of being monitored from current Enterprise Network Element Managers.
We've further hypothesized that by 2012 as many as fifty of these networks will be in existence, each of which may need to have all their nodes addressable by multiple vendors.
There is your business case for IPV6.
Ironically, internally, in our company, and on all of our servers - we are 100% split stack. No desire whatsoever to run IPV6 pure environments. NAT does everything we need. Don't even run IPV6 on our IPSEC Remote Access VPN or 802.11 environment.
- Any Day above Ground is a good Day (Michael Rich, 1997)
You cannot simply impose charges on allocations which have already been made. These sort of "simplistic" solutions are just non-sense.
... when they could make you pay for the upgrade that adds IPv6? They'll release support whenever it's most profitable to do so.
mysql> SELECT * FROM `places` WHERE `place` LIKE 'home`; Empty set (0.00 sec)
In the v4 Internet, multicast exists but is usually disabled (except U-Verse).
In the v6 Internet, multicast will exist but be disabled (except maybe U-Verse).
Why would you care whether other people didn't have enough IP to serve their needs? Or, in other words, as long as you don't get fewer IP addresses than you have now, why would you oppose moving to IPv6?
Are you adequate?
Until you go insane trying to remember your port mappings when trying access services on a specific machine behind the firewall.
Frankly, a 32-digit hex number is harder to remember than at most 17 decimal digits of IP and port. Regardless, if a "typical home user" ever has to know what a port or an IP address is, typical home users won't bother with it at all.
What they might try is something like GoToMyPC, which works fine with NAT. That's really what I'm talking about. There's a lot of active development going on to workaround NAT's problems because the workarounds are easier than the solution (IPv6).
I don't care if your dogma tells you it isn't, it is by the way it works. That doesn't mean it should be your only security, or that it is perfect. However this idea that it isn't security is stupid. It sounds like crap that people from the half-assed "hacker" certification classes spew. Real security comes in many forms and from defense-in-depth. NAT can be a good part of that. While I wouldn't say use NAT instead of a firewall, I think NAT and a firewall can be a great thing.
With public IPs, there is always the possibility that the firewall fails or is shut off and you can get at a system. With NAT, you have to get inside to be able to get at anything.
In that sense, it's also always possible that the NAT gets shut off -- thus implying that a handful of computers on your network have live Internet IP addresses, and the rest are denied DHCP access -- or it's possible that it fails, as is the case with things like NAT hole punching.
Privacy you also get just by the way NAT works. Since you have many people using a few (or one) IP addresses, it is much harder to track what any given computer is doing.
An anonymizer may make sense for an individual behind the NAT, but I doubt it helps the corporation at all. In fact, if I get a ton of spam, and I send mail to your domain saying "It's from <IP>", wouldn't you rather know exactly which computer that IP corresponds to, so you can shut it down?
Since the corporation has no real reason to provide that privacy, why should it be their obligation?
Don't thank God, thank a doctor!
So you've never needed to troubleshoot a network problem. Good for you.
Correction: Never needed to troubleshoot a DNS network problem.
And DNS is solveable -- one example is to perform a query on 4.2.2.1, since they're usually working.
For example, where I work, our dynamic DNS is broken, and the server team refuses to work on the problem (or delete bad entries...).
So the rest of the Internet should be held back, just so your server team doesn't have to do the work they're paid for?
So, when I want to work on one of my user's machines remotely, I sometimes need to find out from the user what their IP address is.
If they've got any connectivity at all, the simple solution is to tell them to paste that into an IM window. Much easier for IPv4, also -- have them paste a whole ifconfig/ipconfig log, rather than having to keep telling them things to type and guessing at what's wrong.
And what if you suspect the name servers are down, but want to be sure that they are, indeed, the problem? Boy, it would sure be nice to have a nice, easy IPv4 address memorized for testing, than a long, unwieldy IPv6 address.
I suspect that, if this is ever the case, I'll simply write down that IPv6 address and keep it somewhere safe. Maybe a hosts file, maybe a piece of paper.
How many times a month do you suspect the nameservers are down? I can count on one hand.
Don't thank God, thank a doctor!
When its a device without a DNS name or entry whose admin interface is set to be accessed via specific IP address? They do exist you know.
Yes -- until I enter them into a hosts file.
Don't thank God, thank a doctor!
I agree with the person who said elsewhere that NAT solves this problem much more neatly than IPv6. How many routable addresses do you really need, even at the biggest companies? It surely can't be that many (1000, tops?), and for the rest, you can use the 10.0.0.0 block, and use NAT. I can't imagine that having 16 million addresses for your internal network wouldn't be sufficient.
That's what I feel is the important take away from this. the big Telcom guys might need it, but little ole me on this desktop in my house can care less. My ISP might need my router to be IPv6 compatible so they can interface with many more clients. Maybe my Cel Phone will need it in the future? But from behind a router, I'm always going to run IPV4 inside my networks because they're easier to understand and IPv6 doesn't give me any additional benefit when my 10.6 network is "all that I'll ever need." Right?
Business is inherently focused on the short-term, unwilling to take risks, and overly exposed to market-share effects (i.e. network effects). Business alone can't make the leap to IP6.
Government is one of several arrangements by which we make decisions on technical or social cases rather than solely business cases. (Some people think that's a bad thing, and that everything should be entirely economically rational, but we can safely ignore them.)
If there is a technical case for migrating to IP6, which prima facie there is, then some of the cost needs to be borne by government. There are lots of ways of doing that, and it's reasonable for them to bear the cost of kick-starting the IP6 network effect:
Etc.. The point is that any national government can, for a reasonably small up-front cost, arrange it so that their internet infrastructure is way ahead of anyone else's.
But at least multicast is guaranteed to be available to the local Ethernet link. You can't resolve addresses without it.
I work for a company in the IT/networking sphere (name omitted to protect the guilty).
The internal (RFC-1918) network is a mess. Years of acquisitions have created overlaps where 10.50.x.x is used in four separate locations on the corporate network, and every owner has given extremely sound reasons why migrating their address space will cause the world to end. If you have to connect two of these locations, you get to do fun stuff with NAT addresses and routing traffic all over creation which will make your eyes bug out.
In addition, there is a point not to far in the future where IP exhaustion will take place. Our numerous public /8s, 10.0.0.0/8, 192.168/16, and 172.16/12 will all be out of IPs to allocate. It is not a "somewhere in the distant future" date. It is on some execs calendar. "This is the day when there will be no more addresses".
Migration to IPv6 is progressing as quickly as humanly possible.
I'm sure some people that don't know anything about IPv6 will reply, saying "oh, that's not actually IPv6!" They're wrong. Granted, it's not end-to-end IPv6, but that's not actually needed to reap some benefits. If you have a 6to4 address, and I have a 6to4 address, our respective routers will send IPv6 packets over the public IPv4 internet: no tunnels, no suboptimal routes.
And how is that better than VPN over IPv4?
I strongly suspect the result of that would be the major ISPs telling ICANN to go screw themselves.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Is it possible to do this thing in reverse? That is to access IPv6 network while my LAN is IPv4.
And no, I do not want all of my network devices to be accessible from the internet. If I want to access them, I use VPN (while it requires configuration, it also makes it impossible for anyone to connect to my local network without me giving them permission (and a certificate)).
Of course, I want certain applications to be accessible (like Bittorrent), that's why I use port forwarding.
Also, not everyone needs an external IP address. For example: a small company that uses internet only for web browsing and email. They now have a NAT router with no ports forwarded. They could even be under the ISPs NAT and would not feel a difference (although they have a single public IP).
Why would I want to use NAT even if I had to use IPv6 for my local network? Easy - so that I can hide the number of PCs I have connected to my network from my ISP. All they would see is a single IP in use...
About NAT hole punching: how do you do it without any help from the inside? If you can't then NAT is a very good security measure (like a firewall, deny by default)
If there were a real crunch on IPv4 address space, you'd see 127/8 redefined as 127.0.0/24 to gain back 16 million odd addresses. You'd see legacy class A holders -- Hewlett Packard has at least 2, or 32 million addresses -- auctioning off or leasing out their address space. You'd see IANA raising cash by FTC-style address space auctions like they do with radio bandwidth. You'd see the huge swaths of "reserved" and "experimental" address space, like 240/8 through 254/8 being converted over to CIDR and used for normal IPv4 stuff.
None of that is happening.
Big deal. That's not a reason to adopt IPv6.
These rationalizations all sound great, but they are just that: rationalizations. Corporate users don't operate on a grand level on the basis of rationalizations. Corporate users will not lead the deployment of IPv6.
Who led the personal computer revolution? Corporations? No. Corporations are conservative. They follow the trailing edge, not the leading edge. Corporations adopted PCs because their employees started finding ways around corporate policies /against/ PCs, not because of some grand central plan to do so.
IPv6 adoption will go the same way. Individuals who discover uses for IPv6 will start using it. Departments will adopt it. Large IT organizations will legislate against it. Eventually it'll be deployed because the people who actually use the network will have enough pull to tell the IT departments what to do.
So look for IPv6 adoption to happen first in the home, and later in internal corporate teams, and *finally* at the corporate level. Not vice versa.
How about avoiding a repeat of Y2K?
The public side of Y2K is a lot of fear followed by 1 or 2 websites displaying the date wrong, no big deal.
The behind the scenes view is that a lot of corporations shoveled money by the ton to COBOL programmers dragged out of retirement or from the executive ranks (and insisted on executive level pay) in order to have it be "no big deal" when the time came.
Wouldn't it be nice to not discover in a few years that your competition is eating your lunch because a major ISP went v6 (after being denied a v4 block) and that nobody in your organization has any idea how to do v6 or if any of your hardware can handle it?
Charge $1/year for *every* IP address and see how many free up. You think that MIT will pay $16m/year for its allocation?
So you're suggesting a 10% price increase?
A class C from ARIN is 2500/year now.
If that doesn't free up enough addresses, charge $1/month for *every* IP address. You'll free up enough to defer the "exhaustion" problem for about 50 years.
Net result, home users will be assigned 10.x.x.x addresses and be stuck behind a crappy outbound only NAT by their ISP. SIP phones and P2P will cease to work at all. Prices will go up slightly.
And when the app you need to use to admin the device has no capacity to use a name to establish a connection? (in this instance I'm referring to a security system building controller that used a proprietary app that connected via IP only)
And when the app you need to use to admin the device has no capacity to use a name to establish a connection?
If the app is that poorly written, what are the chances it supports IPv6 in the first place? That's a sign you should get a new app, not that there's something wrong with IPv6+DNS.
Don't thank God, thank a doctor!