Slashdot Mirror

← Back to Stories (view on slashdot.org)

IPv6 Adoption Will Grow With Smart Grid Adoption, Hopes Cisco

Posted by timothy on from the watch-for-rent-seeking-through-legislation dept.

darthcamaro writes "A lot of people in the US have not seen a use case for the use of IPv6 yet, since we've got plenty of IPv4 addresses. But what happens when the entire electrical grid gets smart? The so-called Smart Grid will need a networking transport mechanism that will connect potentially hundreds of millions of people and devices. Networking giant Cisco sees IP (internet protocol) as the right transport and IPv6 as the logical choice for addressing. 'Pv6 is an interesting discussion and one that occupies a lot of bandwidth at Cisco,' Marie Hattar, Cisco's vice president of network systems and security solutions marketing said. 'Some people say that for smaller deployments, we could get away with IPv4, but the smart grid has a number of parts. The point is that if you're looking to build this [smart grid] out, why not build it out on the scalable protocol from the get-go?'"

3 of 169 comments (clear)

  1. Re:Wishful thinking by hardburn · · Score: 5, Insightful

    NAT/IP Masquerade has worked well for scaling IPv4 in every conceivable application to date

    Much the same way that up to Aug 28, 2005, the New Orleans leeves were successful in holding back every conceivable rise in water level.

    NAT works as long as you have simple networking needs--nothing much more than web and email. As soon as you need to use VPN, or VoIP, or try to get two or more people to play the same game behind the same firewall, it becomes readily apparent what a pain NAT is. In some cases, the application is doing all sorts of trickery to try to keep the user from noticing the issue. In others, the user is left on their own to deal with it. That doesn't even count a bunch of potential applications where the developers realized that they wouldn't be able to get around NAT, and thus never built it at all or simply toiled in obscurity.

    Or to put it differently, do you really want every appliance in your house directly addressable from anywhere in the world?

    NAT != Firewall. The only thing NAT provides you with over a packet filter is hiding your network topology. There is some use in that, but it comes at the expense of everything mentioned above. On balance, NAT comes out wanting. If you still really want to hide your topology, you can still use NAT on IPv6, but this should be the exception, not the rule.

    --
    Not a typewriter
  2. If it's so interesting... by Gerald · · Score: 5, Insightful

    "IPv6 is an interesting discussion and one that occupies a lot of bandwidth at Cisco."

    So why can't I get to www.cisco.com via IPv6?

  3. Re:Translation by FireFury03 · · Score: 5, Interesting

    throw out routers? haven't ciscos been ipv6-capable for at least a decade now?

    Pretty much (although you might have to buy a firmware upgrade... but then if you aren't running a recent firmware you're probably infested with security holes anyway).

    those that aren't probably don't NEED to be, anyway.

    That's rather untrue though. If you're going to deploy IPv6-only systems then *all* the routers on the network need to do IPv6. Yes, this even includes the home DSL routers, most of which currently on the market *still* have absolutely no IPv6 support, even though we only have about 2 years until IANA runs out of IPv4 addresses. Anything else is going to involve kludging things to work through IPv4 to IPv6 gateways, or tunnelling IPv6 over IPv4 to bypass the non-compliant devices.

    The whole IPv4 address exhaustion problem is a really good example of people sticking their heads in the sane and hoping the problem goes away - most ISPs seem to not be interested in preparing their networks for IPv6 at all (PlusNet told me that they had no plans to roll out *any* IPv6 support over the next few years and EntaNet seem to have halted their IPv6 trials). Some time towards the end of 2011 there will be a "sky falling" moment similar to what we saw at Y2K when ISPs realise they are basically screwed and are going to have to do an expensive rush-job of deploying IPv6 over their networks in just a few short months.

    not everything needs a world-wide public address. NAT 'security' is actually a Good Thing(tm).

    Argh! Please will people stop spreading this crap. There is practically *no* security provided by a NAT. You get security from stateful packet inspection. NAT requires stateful packet inspection to work, but there is no significant security advantage (and many really serious operational disadvantages) provided by running NAT instead of just a stateful firewall. Also, most home NAT routers provide no stateful firewalling, only the limited stateful tracking required to make NAT work, and can therefore easily be bypassed by anyone on the upstream segment (which may be a few hundred random members of the public in the case of some cable setups).

    Security is better served by doing proper stateful firewalling, and this is probably best achieved by removing NAT from the equation so that people don't have a false sense of security. Removing NAT also solves a lot of operational problems, as there are an increasing number of protocols that can't be made to work well through NAT (and whilst many people regard this as a flawed protocol design, there are sound reasons for designing these protocols in this way).

    --
    http://blog.nexusuk.org