IPv6 Challenges and Opportunities

1sockchuck writes "Opinions differ on when the Internet will run out of IPv4 addresses, prompting a wholesale transition to IPv6. In recent videos, John Curran of ARIN provides an overview of issues involved in the IPv6 transition, while Martin Levy of Hurricane Electric discusses his company's view that early-mover status on IPv6 readiness can be a competitive advantage for service providers. Levy's company has published an IPv4 DeathWatch app for the iPhone to raise awareness of the transition."

corpspeak to english dictionary

[DaveV1.0]

According to my copy of the CorpSpeak to English dictionary "challenge" and "opportunity" both say "See 'problem'."

Re:corpspeak to english dictionary

[eln]

According to my copy of the CorpSpeak to English dictionary "challenge" and "opportunity" both say "See 'problem'."

Yes, but there are subtle differences. For example, when they speak of challenges, your corporate overlords are telling you there will be massive layoffs soon. However, when they speak to you of opportunities, it means you personally will be laid off immediately.

marketing speak = teh suck

[Em+Emalb]

"Challenges" means problems. "Opportunity" = cool features.

Features of IPv6:

Every known star in our universe can now have 252 ip addresses with ver6.

My frigging socks can tell me they need to be cleaned via a script. My shoes can use GPS to track where I'm going, how many miles I walked/ran that day, etc.

Problems of IPv6: Screw it, we'll just nat our existing IPv4 addresses.

Re:marketing speak = teh suck

[BobMcD]

This, this, o-this-ily-this!

Also I think proponents of IPv6 also tend to overlook the value of DNS. Human short-term memory only has so much space in it. IPv4 addresses tend to be hard to memorize, ergo DNS puts an easy handle on it.

In an IPv6 world you get this memory problem magnified in a huge way:

1) The addresses are now ridiculously long.

2) There's not supposed to be any such thing as NAT (which also means your practice of always having your inside router be x.1 now gets more complex)

3) Many things that don't REALLY need addresses are now going to get them, because we have so many, so lets just go crazy.

To recap, many minor devices will all have a very-long, unique address, and each will be difficult to fit into brain-space alone, let alone together.

This scenario only works in a fully-DHCP world, which is fine for some, but I'll keep my static IPv4 for as long as possible, thanks.

Re:marketing speak = teh suck

[mikael_j]

I'm not sure I'm following you here, so what you're saying is that instead of Joe Q. Sysadmin always having his internal router be 10.0.0.1 and all the hosts having 10.x.x.x IPs tied to hostnames he'd have something like 2001:1001:f00f::1 as the router and all hosts would be in the same subnet? Yeah, that's really scary and confusing...

Also, NAT is an ugly hack that doesn't really need to exist, the packet filtering can be handled with a plain old packet filtering firewall just like it used to be done prior to everyone using NAT and what exactly is the point of address translation? Isn't that like going back to pre-IP days when every network seemed to use its own protocol (or in this case, everyone uses local addresses internally and a single or small number of external addresses) and inter-network communication was a PITA?

And I'd rather see devices that don't need public addresses getting them than "The amazing NAT future" where you have to pay big bucks to get a public IP address instead of being stuck in NAT hell (first they came for the residential connections, but I did not speak up because I wasn't running a home server or playing games, then they came for the small business DSL customers but I did not speak up for I was not running a small business and finally they came for the corporate customers and we ended up paying thousands of dollars per server to avoid getting thrown off the 'net)...

/Mikael

Re:marketing speak = teh suck

[Dog-Cow]

Where the fuck do you live where you have more than 2 viable choices for an ISP?

What universe do you live in where the "competition" would realistically compete on this feature?

IpV6 reality check

[AbbeyRoad]

Dan Bernstein has chimed in on this before:

        http://cr.yp.to/djbdns/ipv6mess.html

He is basically dead right.

The people who came up with IPv6 seemed to be too ivory tower: they forgot about
the reality on the ground. Few ISPs are even thinking about IPv6.

-paul

Re:IpV6 reality check

[r7]

The people who came up with IPv6 seemed to be too ivory tower: they forgot about
the reality on the ground. Few ISPs are even thinking about IPv6.

Amen to that. But I don't see an academic angle so much as an ILEC angle i.e., IPv6 is being handicapped by large telcos, large ISPs, legacy netblock owners and their proxies in order to drive up fees for IPv4 addresses. The threads on new fee structures, in mailing lists like arin-ppml, make this obscenely clear. IPv4 netblock owners are salivating over the potential for profit from what should be a public resource.

Only thing more disappointing than ARIN's failure to either reclaim unused IPv4 netblocks (and there are plenty of those, both large and small) or speed the adoption of IPv6 is the DOC and FCC's failure to foresee the damage, both economic and to communications, which the coming address shortage will cause.

IPv6 is the protocol of the future

[Chris+Mattern]

...and always will be!

What, again?

[Nobo]

2002 called. They want their impending-IPv6-transition stories back.

try it tonight

[digitalsushi]

Ok kids. Go home tonight and turn ipv6 on. I know you're all running homebrew linux nat routers.

Here's all you gotta do.

Install radvd. It's a Router Advertisement server. Router Advertisements are how your LAN clients learn what the hell their IPv6 "prefix" is. You're going to use something clever called 6to4, which basically converts your public ipv4 address into the first half of your ipv6 address. You plug that information into your radvd configuration, and voila, all your LAN clients can learn their unique global ipv6 address. Then you just run a little script, which turns up the 6to4 tunnel on your linux nat, and all of a sudden, all your LAN clients have globally routable ipv6 addresses! And once the v6 stack fires up, your computers will try resolving AAAA records, so you might even get to visit some v6 websites!

You're not strictly running native ipv6, since 6to4 is a tunnel to an anycast server (dont worry, there's plenty of them sharing the same address). It emulates pretty damned close though. Enough for you to try it out!

Here's the thing that keeps blowing my mind. Remember back before NAT? The Internet was actually symmetrical back then. Any host could contact any host. Well, it's restored. I keep forgetting I can literally contact ANY lan host from remotely, using its v6 address. Security nightmare? You betcha. Restored services? Makes up for it! Maybe I can figure out what a firewall is, after all!

Sure, there's tunnel brokers out there too... don't waste your time with all that. 6to4 is quick and easy, and it works fairly faithfully. By the time a tunnel broker OKs your info, you could be pinging already with 6to4.

Oh yeah. That malarkey about "ooh my address is so long, it's just not worth it" -- My address is 2002:xxxx:xxxx::1 through ::5. Also, a few weeks ago they released an interesting workaround to memorizing ip addresses, called "The DNS". As ominous as that sounds, it's actually pretty clever and I've been enjoying it for a while.

And yes, ::1 is easily guessable and that makes it hackable. So please, no nmapping the 2002:xxxx/32 subnet tonight. (At the rate of 2^96 pings per second, it should be done by next century)

Re:try it tonight

[digitalsushi]

here's one way of setting a 6to4 tunnel up. i squished some semicolons in cause it's pasting funny.

#!/bin/bash

# Create a 6to4 tunnel in linux.

if [ $# -eq 0 ]
then
    echo "Usage: $0 [delete]";
    exit;
fi;

ipv4=$(ifconfig $1|grep "inet addr:"|awk '{print $2}'|awk -F: '{print $2}');
ipv6=$(printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "`);
echo "ipv4 address: ${ipv4}";
echo "ipv6 address: $ipv6";

if [ "$2" = "delete" ]
then /sbin/ip link set dev tun6to4 down /sbin/ip -6 route flush dev tun6to4 /sbin/ip tunnel del tun6to4
    echo "IPv6 tunnel has been deleted."
    exit
fi; /sbin/ip tunnel add tun6to4 mode sit ttl 255 remote any local ${ipv4}; /sbin/ip link set dev tun6to4 up; /sbin/ip -6 addr add ${ipv6}/16 dev tun6to4; /sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1;

if ping6 -c 1 he.net 2>&1 1>/dev/null
then
    echo "Verified IPv6 connectivity.";
else
    echo "Can't ping IPv6 network.";
fi;

A pack of Luddites, honestly!

[Just+Some+Guy]

Every time something on IPv6 comes out, there's a thundering herd of people who've never used it but are certain that it's awful and won't ever work. What's wrong with you people? Do you feel threatened because you're used to being the networking expert among your clique and don't want to lose that reputation? If not that, then what is it that's making you sneer at a cool new technology without even trying it first?

I'm not addressing people who tried to make IPv6 work but had problems along the way, or who otherwise had bad experiences with it. That's totally understandable and I'm not going to tell such a person that they're wrong. I am talking directly to the people who've read old articles talking about why it won't work, or who are trotting out the same tired, invalid reasons to dislike it.

Here's what you need to know about IPv6:

1. It's here and working today, and a lot of people are starting to adopt it.
2. You can run IPv4 and IPv6 on the same network and machines. I don't know of any IPv6 implementation that can't run alongside IPv4.
3. DNS works perfectly fine for IPv6. I have a long address on my machines at home and work, but ever have to manually type them anywhere after adding them to DNS.
4. If you enable IPv6 alongside IPv4 and try to connect to another host, and that host has an IPv6 DNS record, then your machine will try to connect to that address and then fall back to IPv4 if that fails. If it doesn't have an IPv6 DNS record, then you'll connect via IPv4. There's no penalty for enabling it.
5. NAT sucks. It might seem like a reasonable idea until you're reminded how nice it is not to have to mess with it, then you'll come to loathe it.
6. There are plenty of good, free, reliable IPv6 tunnels available. I use Hurricane Electric, but there are lots of others to choose from.
7. All modern OSes support IPv6 out of the box.
8. Many/most consumer routers do not support IPv6 natively (although you can still tunnel through those routers from your Linux or Windows or Mac server or desktop). Some do, though, and an Airport Extreme is still a consumer product even if it's more expensive than some of the others.

I think that about covers it. There's no reason to be afraid of IPv6. If you haven't tried it, give it a shot before bragging about how smart you are for recognizing that it can't work. Again, if you've tried it and had problems, I can understand why you're leery of the idea. If you haven't at least used a free tunnel to see what IPv6 is like, though, then you don't have a lot of room to comment on the subject.