Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why You Shouldn't Worry About IPv6 Just Yet

Posted by CmdrTaco on from the more-worried-about-a-sandwich dept.

nk497 writes "While it's definitely time to start thinking about IPv6, it's not time for most to move up to it, argues Steve Cassidy, saying most can turn it off in Windows 7 without causing any trouble. Many network experts argue we're nearing network armageddon, but they've been saying that for years.'This all started when Tony Blair was elected. The first time. Yep, that's how long IPv6 has been around, and it's quite a few weeks ago now.' He says smart engineering has avoided many of the problems. 'Is there an IPv6 "killer app" yet for smaller networks? No. Is there any reason based on security or ease of management — unless you're running a 100,000-seat network or a national-level ISP — for you to move up to it? No. Should you start to do a bit of reading about it? That's about the stage we're truly at, and the answer to that one is: yes,' he says."

29 of 425 comments (clear)

  1. Ah, Yes, 'Let Someone Else Worry About It' by eldavojohn · · Score: 5, Insightful

    Is there any reason based on security or ease of management – unless you're running a 100,000-seat network or a national-level ISP – for you to move up to it? No.

    What if you're writing web applications that monitor IP addresses? Shouldn't you be making sure that your regexp fits for IPv6 as well? What if you're storing IP addresses and your sanitizing your data? What if you're doing anything at all with IP addresses? Like monitoring logs for abuse? Shouldn't be preparing for the inevitable move to IPv6? What if you collect metrics so you can report to management your country by userbase? I say this because we've started to account for IPv6 in our coding and auditing.

    What if you write any sort of firmware or software for network devices?

    And if you're a consumer and you're about to purchase something that's going to last you more than three years you should probably make sure it supports IPv6 in case the computer you buy down the line can only handle IPv6 addresses allocated to it.

    Go ahead and tell your readers that it's cool, Microsoft's got it covered. I'm going to err on the side of safety whether the armageddonists are right or wrong about the ETA.

    --
    My work here is dung.
    1. Re:Ah, Yes, 'Let Someone Else Worry About It' by hairyfeet · · Score: 4, Interesting

      Actually I'd say that in this case "Microsoft has it covered" hits the nail square on the head, and for the reason many here bitch about MSFT in the first place...backwards compatibility. I know lots of folks here like to bitch their asses off about "all the cruft" caused by backwards compatibility, but here is a damned good reason why MSFT has it, because many businesses keep older hardware for quite awhile and MSFT by and large was and is a business OS first and foremost.

      Thanks to backwards compatibility I can give my business customers Windows 7 Pro with XP Mode and that ancient software they use in accounting keeps right on ticking. Thanks to backwards compatibility I can play most of my old games even on Windows 7 HP X64, and thanks to backwards compatibility when IPV6 is the norm those with older IPV4 stuff will be just fine, MSFT has got you covered.

      It is all about picking the right tool for the job. You want bleeding edge? Go with a Mac. Jobs HATES old tech and tosses it quicker than anybody else. Need to squeeze that last point of performance out of that server? Take Linux, strip that sucker down like a used Buick and turn it into a hot rod. Need to be able to run your old stuff as well as the new? Go MSFT, who knows businesses will hang onto older shit much longer than average folks and therefor supports it longer. Considering how many routers we have out there that won't run IPV6 and whose companies will likely never give a firmware update to (why should they? It makes you buy a new one if they don't) I'm all for backwards compatibility.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  2. Torrenting by Anonymous Coward · · Score: 5, Insightful

    Torrenting is the killer app. Very unlikely all the spooks have updated to ipv6 snooping.

  3. Beware by Un+pobre+guey · · Score: 3, Interesting

    Word on the street is that some major cable/internet providers and content delivery networks (CDNs), and I do mean major, are quickly moving to get limited availability online to major customers within the next 12 months or so, and general availability by early- to mid-2012.

    Procrastinate at your peril.

  4. Re:I have read it... by GooberToo · · Score: 3, Insightful

    There is nothing in IPv6 which precludes the use of proxies and/or NATing. Its just that adoption of IPv6 no longer mandates the use of NAT'ing. Nothing is lost. There is only gain to be had from an IPv6 upgrade.

  5. Re:Won't even notice it by statusbar · · Score: 5, Insightful

    Many people are already using ipv6 by default without even knowing it!

    jdks-mbp:~ jeffk$ ssh jeffk@macpro.local.
    Warning: Permanently added the RSA host key for IP address 'fe80::21f:5bff:fe38:39e5%en0' to the list of known hosts.
    Last login: Tue Aug 17 14:32:43 2010

    One important reason to use it is for small devices that you really don't want to have to have a user interface to enable Static IP / Router Info / DHCP configuration on.

    Also, if you use use Apple MobileMe's Remote Desktop feature, you are using ipv6 only - MobileMe provides an IPv6 VPN to access all of your devices wherever they may be.

    So in fact there are many many users of Ipv6 out there, just not much sending packets over the un-vpn'd internet.

    --jeffk++

    --
    ipv6 is my vpn
  6. Roll it out in cell phones by xerent_sweden · · Score: 5, Insightful

    Roll it out in the cell phones and the problem is solved! Most of the growth in the adress space is in the mobile space, so if the telecom backbone is made IPv6-compatible and all our fancy iPhones and Android phones resolve IPv6-adresses instead, we won't run out of adresses.

  7. Re:I have read it... by Denis+Lemire · · Score: 5, Insightful

    You and many others desperately need to read more about v6 before regurgitating the same old myths.

    * Read up on RFC 4941 - Privacy Extensions for Stateless Address Autoconfiguration in IPv6
    * Their is NOTHING in IPv6 that negates a hardware firewall. You get a prefix routed to your 'router' it can have whatever allow or deny rules you like.
    * If you want to use NAT and non-routable IPs for whatever reason, however misguided, there is nothing in IPv6 preventing you from doing so, see also FC00::/7 link-local addresses
    * Whether a network is routed or switched has as little to do with IPv4 as it does with IPv6, these topology decisions have nothing to do with the protocol.

  8. Not yet by A+Big+Gnu+Thrush · · Score: 4, Funny

    I'm still writing my Y2K compliance docs. I want to make sure they're detailed and complete before I turn them in to management. Have to get the font and formatting just right. Too soon to worry about the latest fads.

  9. Re:I have read it... by vlm · · Score: 5, Informative

    Anonymity is lost pretty quickly with IPv6

    RFC 3041 dated January freaking 2001, assuming you're talking about using MAC addresses in the ipv6 address. Frankly I feel this is paranoia combined with ignorance of current ISP logging technology, in other words you don't have anonymity with ipv4 either.

    along with ISPs seeing how many systems you have running on their network

    Rates somewhere between 1) who cares 2) See RFC 3041 3) News to me that proxy servers are impossible on ipv6

    exposes systems to OS flaws.

    I suppose there are / will be bugs in v6 that would not happen in v4.

    The logic in fact seems to be nothing but a really big switched network.

    Thank god. Die NAT die! Can't happen soon enough. Some people will still want stateful "one way" firewalls. No problemo.

    In short, I don't like what IPv6 gives us over what we lose with IPv4.

    Given your list of misconceptions and misinformation, I'm not surprised.

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  10. Why i want ipv6 to come asap by toopok4k3 · · Score: 5, Funny

    Who the hell wouldn't like their toaster to have its own ip unique ip address?

  11. Re:Excuse me? by Again · · Score: 4, Interesting

    And here is a nice looking countdown until the moment the sky finishes falling. http://inetcore.com/project/ipv4ec/en-us/index.html I don't know how accurate it is but it is fun to watch.

  12. Actually you SHOULD worry about it... by nweaver · · Score: 4, Informative

    For three big reasons.

    a: Its actually ubiquitous in the LAN these days. Both Apple and Microsoft use IPv6 link local operations very heavily, because it Just Works with nice stateless autoconfiguration and multicast.

    b: You can have things screw it up if you don't have V6 deployed, and you have to worry about V6 even if you don't 'have' V6: EG, a Windows box with connection sharing and 6to4 enabled will happily try to "share" the 6to4 connection with everyone else on the LAN, so everyone else gets a V6 address that doesn't actually work. And with Apple prefering a 6to4 IPv6 address over a V4 address, the macs on the same network will now see horrible behavior going to any dual-stacked site, as it will try V6 first, take a timeout, then revert to V4.

    c: Address space exhaustion is real, and IPv6 + DS-Lite (or even just IPv6 + IPv4 NAT) allows an ISP to get around address space exhaustion in a much cleaner way than the alternatives.

    --
    Test your net with Netalyzr
  13. Network armageddon by Anonymous Coward · · Score: 3, Insightful

    "Many network experts argue we're nearing network armageddon, but they've been saying that for years." Say what?
    "Network armageddon" is already here and we've been living in it for years. The horrors of NAT, the crampedness of addresses making configuration a pain, public addresses expensive, and so on. It's just not been a sudden catastrophe, it's been more like boiling a live frog by putting it in cold water and then slowly heating it.

  14. Re:I have read it... by vlm · · Score: 4, Informative

    So if you want a NAT router to keep network wormable flaws away from the OS you can still do it.

    you're confusing NAT address translation with stateful firewalling. Linux has been able to do that for ages on ipv4 or ipv6.

    A side effect of ipv4 NAT is providing stateful firewalling, in that obviously the fw has no idea what to do with incoming traffic that doesn't belong to a flow you've already set up. All you need is one line to do this in v6.

    You're looking for a line vaguely similar to this:

    ip6tables -i eth0 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

    And try not to forget to drop by default anything coming in thru eth0 that doesn't match the line above, of course.

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  15. most hated part of ipv6 by jollyreaper · · Score: 4, Insightful

    Sure, ipv4 addresses were a little cumbersome but at least they were numbers and dots. 192.168.0.1. I can type that out on the numeric keypad. 2001:0618:71A3:0801:1319:0211:FEC2:82DC is just awful. Yeah, I know you need to have more characters in there to represent the value and a larger address space means it's going to be a larger number. Keeping the old ipv4 decimal scheme would make addresses look like 128.91.45.157.220.40.0.0.0.0.252.87.212.200.31.255. But I don't really see the hex as an improvement!

    --
    Kwisatz Haderach
    Sell the spice to CHOAM
    This Mahdi took Shaddam's Throne
    1. Re:most hated part of ipv6 by digitalsushi · · Score: 3, Informative

      they invented a fix for you

      --
      slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
    2. Re:most hated part of ipv6 by clone53421 · · Score: 3, Informative

      Hate to break it to ya but often in testing you don't want your host to have a name until it's ready for production.

      They invented a fix for you, too

      (horrors, actually using the hosts file for its intended purpose instead of using it to break DNS resolution for host names you don’t like?)

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  16. Re:I have read it... by mlts · · Score: 4, Interesting

    The sooner we get to IPv6, the better. If not, if someone wants a static IP, much less a /29 subnet with five usable host IPs, they will be paying through the nose, for it just due to artificial scarcity.

    I just fear that companies are going to spend big bucks for routers that can do NAT traversal (dev subnet gets NATted to another subnet which then gets translated to the outside IP), as opposed to going to IPv6 where one can keep firewalls up and the traffic isolated and secure, but keep NAT is an option, not a must-have. If a company is worried about the IPv6 stack having issues, just use IPv6 as an edge routing protocol and keep the internal network on v4 and use Toredo. Yes, this is still not optimal, but it is better than dealing with having to bid for v4 statics so one can have their own webserver online.

  17. From end-user perspective by wvmarle · · Score: 3, Interesting

    Is there really anything to worry about?

    Afaik all modern Linux distros are fully up to the task of IPv6. TFS mentions even Windows can do it.

    At this moment I am connecting my computers to the Internet via a wifi router/firewall - not likely this is going to change. Router is old, may not do IPv6 yet. My ISP also doesn't. But I guess the time will come that ISPs start to switch.

    Will it really make a difference for me as end-user? Is my browsing going faster? Will I get less spam in my mailbox? Will it be easier to find the information I am looking for on the net? Probably none of the above.

    At the moment I know I'm on IPv4 but on a daily basis I don't care as it just works. I don't know my IP address, it's not important to me what it is really. My home and office networks are internally IPv4, wouldn't make a difference if it's IPv6 except that addresses get harder to enter in BIND but that's one-off only. I suppose my uplink there also uses IPv4, not v6. I always approach my web site and mail server by entering an URL, not entering an IP address. Again what would I care? Let DNS take care of that part.

    Don't get me wrong I understand it's time to move on: we run out of address space, soon there are more devices/networks connected to the Internet infrastructure than that there are unique addresses to find them. But from an end user perspective... I say let the ISPs take care of that. It's their job. Get me the connection, make sure your hardware works, preferably understands both IPv6 and IPv4 (backwards compatibility; and mostly it's not broken in the first place), and use on your network whatever works best.

    There is always the talk of IPv6 will give any ISP subscriber a complete range of addresses instead of just one, so you can connect every computer, printer, whatnot directly to the Internet. I don't understand why an end user would want to connect their printer directly to the Internet. Their second computer maybe if they have one (makes torrenting easier) but then you lose the benefit of a hardware firewall in between. Simply because of security for my home network I prefer a single point of entry, not a dozen. Much easier to keep an eye on. So one external IP address is simply enough for most of us.

    So while IPv6 is important for developers and ISPs, for the end user it's not. I totally agree with this Steve Cassidi that it's simply not something to worry about. He says not yet, I'd argue not ever, unless you're developing network gear/software or work for an ISP or so.

    1. Re:From end-user perspective by Bruha · · Score: 3, Insightful

      You're wrong on several counts, within 2-3 years your ISP will most likely switch you to IPv6. Can you turn it off in Windows 7 without problems in a word, no. Windows 7 has features that depend on IPv6, OS X probably does as well.

      Those who really need to worry about it, is those who do not like using ISP provided routers. Many routers do not support IPv6 unless you're running a custom build on them. Those people should be looking around for IPv6 enabled routers of switch to one that can use custom firmware to do the job.

      The other set of people who should be concerned are those running Windows XP since support there is flaky at best.

      IPv6 is here folks, my new home printer even supports it out of the box.

    2. Re:From end-user perspective by Vancorps · · Score: 4, Insightful

      It is? I run hundreds of SIP phones complete with video calling behind NAT without a problem. It only becomes an issue when you have 10s or 100s of thousands of phones.

      Why would the phones even need Internet access? You have your SIP proxy on your network which connects to your SIP provider or POTs provider depending how you like to deploy. It's a very simple setup, makes auditing really easy, and allows me to do tricky stuff like divert the video from the gate to the phone so whoever answers can choose whether or not to let them in.

      Worms will propogate as they always have, properly firewalled setups have dramatically reduced this in IPv4 and the same will happen on IPv6. I keep hearing people speak of NAT like it's not a firewall but most of those people are forgetting that most NAT devices actually are real firewalls these days unlike the early days of NAT.

      I'm not against IPv6 but I have to agree with the parent, it has to start with the ISPs before it really makes sense for the rest of us to change. ISPs are having enough trouble with current traffic levels however that I have no faith in their ability to launch anytime soon on any real scale.

  18. We are already using it by WillAffleckUW · · Score: 3, Informative

    I don't know what artificial reality you guys are living in, but IPv6 is running in many research universities worldwide, and on virtually every Linux box in the military and university community.

    The fact that it's not being provided by your local residential networks is not our problem.

    --
    -- Tigger warning: This post may contain tiggers! --
  19. Re:Won't even notice it by MoldySpore · · Score: 3, Insightful

    Same here. There have been several instances where IPv6 has caused a lot of problems. I work for a local government and have 5000 new PC's being installed on my network and they are all getting IPv6 turned off on their images because it is annoying, to say the least.

    As a network engineer I am not worried about IPv6. The most that will have to be done is our main firewall and/or router will maybe eventually have to be setup to accept incoming IPv6 addresses. But for our internal network, IPv4 won't go away anytime soon. I doubt if it ever will. There is just no reason to run IPv6 on an internal network unless you need some specific function of IPv6 on your internal network (which other than the mandatory IPsec integration and multicast additions I can't see anyone needing the larger address space or any other features on an internal network).

    IPv6 seems to be more for ISPs and super-large networks than for the rest of us.

    --

    "I hope you know how very lucky you are to know me, because I am so incredibly incredible."

  20. Re:This is flat out bad advice by vlueboy · · Score: 3, Informative

    Ignoring the technology incompatibilities between v6 and v4 for a second, and just taking connectivity at heart, let's examine the effect of "isolation": your community runs out of telephone numbers for its area code. Your state creates a new area code. NEW numbers are given out to new owners; all old phone line owners remain unaffected and able to reach old phone lines and continue with business as usual with their other giant companies also using the old phone lines

    With IPv6, all new owners can talk to the old owners. The old ones already have websites that they can reach. Top sites like youtube, google, facebook and maybe even windows update with reserved IPv4 address isn't just going to magically lose it. They'll shuffle less important services to IPv6 the day they are forced to exceed their IPv4 allocation.

    Nobody is forced to "switch" to IPv6 entirely. They create DNS subdomains like the little known ipv6.google.com (if it works for you, then you have ipv6, by the way.) In the US, the government forced digital / HDTV adoption last year, but old and new channels coexist in your digital-ready cable boxes through the simple use of different channel numbers. I have no idea how many years it will take for them to force the non-HDTV channel numbers off, but I suspect that this will take as many decades as it took to implement HDTV and force it on us.

    The only people having reachability problems like you mentioned will be those in NEW address blocks from poorly developed countries. Large companies needing more IP's may have issues, but nothing their IT teams can't fix with more 10.x.x.x addresses (2^24 addresses for internal company addressing "oughta be enough for [er, OK, most companies]") Consider the address space sizes. Though IPv4 is only 16 bits smaller than the MAC address space, which is small compared to the IPv6 total of 128 bits, nobody I have every heard is saying that billions of computers out there are going to run out of MAC addresses to give out soon. Funny because wireless devices and network devices tend to have multiple macs a piece.

  21. Denial in not a river in Egypt by kevmeister · · Score: 3, Informative
    TFA is bad enough, but the comments to the thread are simply stunning in the level people will go to to avoid dealing with something new. Every old obsolete or never valid saw about IPv6 is getting re-hashed. None will make any difference.

    To be very, very clear, IPv6 will happen. There is no way around it. There is almost no IPv4 address space left. The folks who are at the top of the structure that assigns addresses will run out in the middle of next year. The next tier, call Regional Internet Registries may have addresses available for another year. By the end of 2012, there will be no address space available to assign. For the gory details, see the IPv4 Countdown Page. Especially, look at Figure 35. That is reality.

    As an end users, you may not care. Comcast is already beta testing IPv6 to its customers. I assume others are or soon will be doing so soon, but this should be mostly transparent to users as their system will only require IPv4 and that will be NATed behind an IPv6 address. But it must happen or people will not be able to get new addresses. That is the bottom line. IPv4 will remain in use for many years, but the net will start getting smaller and smaller for those who don't implement IPv6.

    --
    Kevin Oberman, Network Engineer, Retired
  22. Re:No NAT, no glory by LingNoi · · Score: 4, Insightful

    It's not a religious taboo, it's just you not knowing what the hell you're talking about (and this happens every damn time an IPv6 story on slashdot shows up).

    evil use of NAT (N-to-1 mapping) being taken into consideration

    Except NAT doesn't do that. PAT does that.

    without NAT every PC in your local network may be identified individually,

    Except NAT doesn't do that. A firewall does that.

    but takes away too much for me to consider using it for myself or my customers at the moment.

    You should not be doing any job involving networking with your current level of knowledge. If you don't even understand how current technology works how can you determine what is or isn't better for your customers.

  23. Re:I have read it... by Spazmania · · Score: 4, Informative

    Overloading outbound traffic from multiple machines onto a single IP address (what you call port address translation) *is* NAT, if only because most of the vendors appropriated the name from that other kind of address translator that was hardly ever used and few even remember (RFC 1631).

    PAT was never really a correct name for it anyway; that was a cisco-ism. What we call NAT today derived primarily from the stateful transparent proxies of the mid-90's and as the word "stateful" implies, it remains as much a proxy as a translator.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  24. It's time to start including it in home routers. . by JSBiff · · Score: 4, Insightful

    It might not be time for residential networks and ISPs to flip the switch yet. . . but it's *definitely* time for all new home routers, DSL/Cable gateways, etc, to include full IPv6 compatibility. That way, when the ISPs decide it's time to turn on IPv6, they and their customers don't need to replace most of the hardware already deployed. IPv6 support at the vast majority of network endpoints needs to already be present before you can actually make the switch - you can't change the protocol and just force people to suddenly change.

    ISPs need to start configuring networks to run in a dual-stack mode (at least as far as the end-user is concerned - once it hits the first ISP owned router, it could be all IPv6 from that point on), so that those who are ready to use IPv6 can start using it (yeah, you can use tunnel providers or 6to4 [which is really another sort of tunnel], right now, but that usually adds additional hops and latency to your connections - basically, if you are tunneling IPv6 traffic over IPv4, why bother using it to begin with).