No Business Case For IPv6, Survey Finds

alphadogg writes "Business incentives are completely lacking today for upgrading to IPv6, the next generation Internet protocol, according to a survey of network operators conducted by the Internet Society (ISOC). In a new report, ISOC says that ISPs, enterprises and network equipment vendors report that there are 'no concrete business drivers for IPv6.' However, survey respondents said customer demand for IPv6 is on the rise and that they are planning or deploying IPv6 because they feel it is the next major development in the evolution of the Internet."

Let's flip the question....

[mark-t]

People ask what can IPv6 offer that NAT cannot. Try running multiple servers on multiple machines behind the same NAT, where one would like them to be accessible to the outside world via default port numbers. No amount of NAT configuration can get around this limitation, so saying NAT solves all the problems that IPv6 is supposed to answer is nothing more than self-delusional. Let's flip the question now.... what can NAT do that IPv6 cannot? Especially considering the fact that even *IF* for some reason that didn't involve how many IP's you actually have available, you still wanted to utilize NAT for some reason, you still could do that with ipv6... no problem at all. So what does NAT do that IPv6 can't? The only answer that might actually exist to this is that it arguably costs less to implement. So in reality, it's not that there's no business case of IPv6, it's really the case that these businesses are just cheap.

Self-defeat.

[numbski]

I tell this story all the time, and I'll tell it again.

I *tried* to build up a new fiber network in downtown St. Louis using IPv6. I couldn't get the address space!

It's insane - I could get 3x/24 blocks (non-sequential) assigned to my ASN, but in order to get an IPv6 allotment, I had to show proof that I *already* had utilized a full /24 of IPv6 addresses (which is NOT 256. It's 256*256*256!) They said to get it from my upstream provider - they said they don't do that, get it from ARIN. I go back to ARIN, ARIN says "They're full of it, get it from your upstream provider."

Even more insane? IPv6 allotments are FREE! I had to pay per year for an IPv4 allotment, but the free stuff? Pfft...we have it, we'll never run out of it within your lifetime, but you can't have it.

WTF?

Re:It will happen

[QuoteMstr]

You've hit the nail on the head. NAT dovetails very nicely with the "castle mentality" many network administrators have: this is mine, and you can't touch it. It's about control, and there are fewer more tangible symbols of control than your own network numbering scheme. Nobody wants to give up that sense of control by moving to IPv6.

But since 2005, you don't have to: IPv6 now has private address ranges just like IPv4's. Also, NAT has always worked with IPv6.

Since 2005, all four combinations of address spaces can work in principle: IPv4 inside, IPv4 outside, IPv6 outside; IPv4 inside; IPv6 outside, IPv4 inside (with DNS proxying), and obviously, IPv6 inside with IPv6 outside.

Whether this "castle mentality" is appropriate is a different debate. Moving to IPv6 for the public internet is too important to get bogged down in talking about NAT.

Re:Ever?

[QuoteMstr]

Your post demonstrates my point perfectly: the colon-separated hex notion screws up URL parsing, requiring algorithm changes for everyone, and as you see, lots of people still haven't gotten it right. Dotted-quad notation wouldn't have required nearly as much effort. The new notation was an unnecessary barrier to adoption.

We're talking about Joe Sysop and Joe Programmer, whose opinions regarding IPv6 are far more important than Joe Plumber's. These people see IPv6 as something exotic and frightening, and try to avoid it as long as they can. IPv6 should have been made as similar to IPv4 as possible; instead, the IETF tried to do too much too fast, and now we're paying the price.

Minor nit - ARP cache timeout

[karl.auerbach]

This is a minor nit - ARP cache timeouts are normally on the order of 300 seconds, not two minutes.

A less minor nit is this: IPv6 does not help decrease the size of routing tables as seen by major providers. Nor does IPv6 reduce the burden of sending routing updates so that routing updates are propagated faster than the underlying rate of change of usable net paths. (Enterprise subnets, whether IPv4 or IPv6, don't generally propagate into the routing announcements as seen by the big carriers.)

The compelling argument, for me at least, is that IPv6 is really a new internet that runs along side of the existing IPv4 net - there is no direct interoperability. This means that pretty much any new expansion of the net is going to require IPv4 connectivity, and IPv4 addresses, to reach the legacy net. And that makes IPv6 redundant from the user's point of view. That sort of drains the oil out of the IPv6 crankcase.

Of course the biggest argument of all is that IPv6 does not solve the hard issues of propagating routing information and finding usable paths across the net, particularly as the demands of human-conversational traffic and the political acts of nations are (unfortunately) driving routing to become increasingly aware of the types of traffic being routed.

I'm waiting to be shown that I'm wrong - I helped do the very first calculation of IPv4 address consumption back in the mid 1980's. And I was in the group at Sun back in the very early 1990's where IPv6 took form. I spent time at Cisco wrestling with questions like how to efficiently mechanize 128-bit longest-prefix matching on 32 and 64 bit hardware. And my company currently has IPv6 testing products. So I've been watching IPv6 for what will soon be two decades.

To me one of the tilt-points of IPv6 will be when I can go into Frys Electronics and find IPv6 capable print servers and other widgets of that ilk on the shelves.

I saw ISO/OSI come and go (I was rather a fan of TUBA - which included the use of ISO/OSI CLNP for the new IP layer - when the various IPv4 alternatives were being considered in the early 1990's.) It would not surprise me to see IPv6 go the way of ISO/OSI.

Re:Ever?

[mellon]

Ohforgod'ssake. You're going to *type in* raw IPv6 addresses in a URL? I don't *think* so. I do it for debugging, but there's no way I'd ever ask an end user to type one in, and if I did there's no way the end user would do it. Which makes it a non-problem.

Decimal dotted quads are too big, and they wouldn't look like IPv4 dotted quads anyway. For instance, my IP address as a dotted quad is:

32.1.31.56.2.6.0.0.2.23.191.255.254.133.196.90

In hex, it's:

2001:1938:206: :223:dfff:fe85:c45a

You really prefer hex? You really think that's going to look familiar and comfy to a person who can't handle the hex format? Naw, dude - this is really a great way to weed out people who shouldn't be on staff - if they can't handle the hex, there are a lot of other much more important things they also can't handle, in IPv4-land as well as IPv6.

Admittedly, there's always resistance to new stuff by a certain number of people, and that's perfectly understandable and not grounds for firing. But those people will get over it after a bit of hands-on.

Re:Ever?

[Darkk]

Sounds too familiar.... Kinda like the damn analog tv to digital switchover which been planned, discussed and advertised for YEARS!! Then it got delayed....AGAIN!! Cuz those 6 million viewers think analog tv works just fine and don't want to switch to digital and they don't comprehend that fact digital is better using a $50 converter box.

Sheesh. Ah well.. good luck with IPv6. I know it'll be the holy grail for the Internet but right now they don't see the immediate benefit and won't upgrade unless they are forced to.

Re:It will happen

[FireFury03]

No company wants their inner network visible to the outside world (which IPv6 requires unless one uses kludges.)

This very much depends on what you consider to be "visible". You can (and should) firewall incoming traffic, which means someone can't actively scan you. Once you've done that, someone can only gain information about your internal network by looking at the traffic generated by your network. If you think NAT protects you from this then you're sorely mistaken - NAT will only hide the source IP address, you can still gain a lot of information by traffic fingerprinting and other methods.

No company wants to use a protocol with zero real world support for encryption unless you go to a higher layer, or tunnel over IPv4.

I'm not sure what you mean by this. Under IPv4, most encryption is done using SSL - IPv6 doesn't change this, SSL still works and is still used. IPv6 also adds IPSEC support (which has since been backported to IPv4, but it originated on IPv6 and works very well there). So in what way does IPv6 have "zero real world support for encryption"? If anything, it has better support than IPv4 because encryption was written into the spec from the start.

No company wants to change their entire IP address range because they change ISPs.

This really shouldn't be a major problem - if you're using autoconfiguration and DNS then the amount of work required to renumber a network is minimal. You can also do a soft migration, so you can keep your old IP addresses in service for a while after your new IP addresses are put into service.

Some boxes have an infinite DHCP lease?

If that's your setup, you need to get a network manager who has a clue.

Businesses know that IPv6 is broken, untested, and unstable in production environments, with hastily written standards that factor little in the way of security.

You post indicates that people *think* they know that IPv6 is broken, untested, unstable and insecure. In reality, these people are grossly misinformed.