Slashdot Mirror
There Is No Plan B, the Ugly Transition To IPv6
An anonymous reader writes "The Internet is running out of IPv4 addresses — not at some point in the future, but right now. But the only solution to the problem, IPv6, is just now really starting to be deployed. That's why we're all in for some tough times ahead."
Maybe we should reclaim some of AOL's massive block of addresses. It would help a little in the short run. And they sure aren't using them.
What? We're running out of IPv4 addresses? Why are we only learning this NOW? This is an outrage! Why haven't tech sites told us about this problem sooner...say, several times a year?
Article invalid: Author considers NAT to be a security mechanism, and specifically cites Windows ICS as the example... I've personally had Windows machines owned by infected machines on the same segment.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Why is it that problems never seem to get corrected until they are well and truly disastrous in scope.
We should just censor half the internet and reclaim those IP addresses! That should solve the problem and give us plenty of time to move to IPv6!
Hey, it looks our "tech-aware" government is already trying that -- never mind!
Finally we will no longer have to use this IPv4 NAT garbage with all it's limitations!
Wow. DJB misunderstands something?
Say it ain't so, Joe!
(His piece, written in his usual "I am not at all nuts" style, assumes that IPv6 is *solely* a new "address space", and not an entire replacement protocol.
(While that might have been a better design, smarter people than me decided it wasn't practical to approach it that way, so listing the ways in which that wasn't well implemented is useless, since *that wasn't what they were TRYING to implement*; the entire page is a strawman.)
Nobody cares, nor needs to, except the ISP's and hosting outfits. If they provide a nice 6-4 proxy (or whichever way around it is), 99.999% of users can continue doing everything they normally do. I've done it on several of my machines in the past, been in the IPv6 net and browsed IPv6 websites to confirm it, and I never once had to touch my IPv4 config or do anything too fancy - certainly nothing that an ISP couldn't do transparently from their side of the net.
It's an issue if you're hosting websites, because then your site needs to be accessible from the IPv6 addresses, but that's an issue for the hosters, most of the biggest of which are managed hosting outfits that can switch that on overnight if they haven't already - if they are allocating static IPv4 addresses, it's just a matter of translating and passing on IPv6 requests for a recognised IPv4 equivalent address to an internal IPv4 network. The root DNS servers are running IPv6 already, etc. There's absolutely nothing to stop this just working on most people's machines today and, no, not every machine needs to upgrade to IPv6 addressing in order to do that. In fact, if anything, suggesting that internal business networks suddenly become IPv6 addressable is the most stupid suggestion in the history of the world - most places just want an "4-6 convertor" in layman's terms and they'll tick along quite nicely on their internal 10, 176, and 192's without caring. Most places would run absolutely fine, the only place it matters is the extreme borders of the Internet.
People don't run IPv6 not because of any of those reasons in the article but because a) they haven't heard of it, b) ISP's don't support it or won't do it for them automatically and c) a lot of OS's never come preconfigured to use IPv6 if it's available. Oh, and of course, d) nobody will care until their IP address allocation requests start getting turned down.
It's not a big deal, it's not going to kill NAT's and 30 years from now there will STILL be local networks, internal VoIP systems, print-servers and whatever else using IPv4 addressing because it's a damn sight easier to leave a working config alone than to upgrade/replace every bit of hardware that touches IP. I can use IPv6 today. There's absolutely no need to until every link in the chain supports it and that's still YEARS away even with US government backing. And even then, IPv4 isn't going anywhere - it's just being superceded. It's like saying that all SSH servers have to switch to SSH2, or all wireless LAN's to 802.11n - it'll happen, and a little nudge won't hurt, but overall people just don't care enough for the majority of cases and their old stuff will still work on IPv4 in 20-30 years time if it's still operational.
Tell me when even 5% of the websites that I use regularly are available over IPv6 and I'll look at setting up my VPS to do the same.
And at every job I've worked in the past 5 years, management has completely had their head in the sand about it. :-( And none of the developers understood enough about IPv6 to push in an even faintly credible way. :-(
I've been running IPv6 on my home network since about 2002. It's just not that hard. In fact, it's a lot easier than running IPv4. My IPv4 home network has a seriously contorted configuration because of the constrained addressing. When I wasn't even given a block of IPs but instead given X number of individual IP addresses it was even worse. My IPv6 network, OTOH, is configured quite simply and obviously.
OTOH, even though I've had an IPv6 DNS server for ages, my stupid registrar STILL does not support IPv6 glue records. It's ridiculous. The standard has been stable enough to do something like that for at least 3-4 years now. I just want to strangle them.
Last I checked, we only have about 200 days before ARIN stops being able to hand out new IPv4 addresses. It's around 7 months. After that, hosts start appearing on the Internet that only have IPv6 addresses. The connectivity breakage will be slow, subtle and inexorable. I bet it takes the tech industry at least another 5 or 6 years before they have to fix the problem or not have customers, and I bet it won't be fixed before then. So very very stupid.
Need a Python, C++, Unix, Linux develop
Just force all porn sites on the internet to be accessible from IPv6 addresses only.
Serious question. I already have an IPv6 address, why doesn't Slashdot have one?
Follow your Euro bills at EBT
So, what are the best ways to profit from this crisis?
Hoarding IP addresses is an obvious way, but that market seems pretty crowded already.
Actually you might say we've been running out of them since the moment the first one was assigned...
While that might have been a better design, smarter people than me decided it wasn't practical to approach it that way
The problem with the approach is that it's very difficult to do in a way that doesn't break backwards compatibility, and if you're going to break compatibility then you may as well fix other things at the same time.
One option, for example, might have been to get rid of the port field as a fixed length and make network, machine, and port number all combined in the same way that network and machine addresses are now. This would let you have, for example, 256 ports per machine while getting 256 times as many IP addresses, or doubling the available addresses at the cost of only having 32K ports per machine. Only the routers at the very last hope would need any modification for this to work. Since you only need a unique port for each app that connects to the Internet (you can reuse ports, as long as the remote end is different), 2^16 is a lot more than most machines need, and losing 3-4 bits from the port field would be a lot more convenient than NAT for a lot of home users.
Of course, that would still not be a good long-term solution. After a little while, you'd end up with the port field being shortened so much that people would complain. You'd also have the problem that you actually use the variable-length port field, every machine on your local segment would need an upgraded network stack, and protocols that expected to be able to use high port numbers would have serious problems.
The effort in deploying such a solution would only be slightly lower than the effort of deploying IPv6 and it would be a significantly inferior long-term fix.
I am TheRaven on Soylent News
attackers don't only come from the Internet. The "hard shell, gooey centre" security model is doomed now that people are buying laptops, ipads, iphones etc. Mobile devices need to protect themselves, and since everybody is buying mobile devices, upstream network located firewalls are losing their effectiveness.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
Is it not entirelly impossible that IP vendors, network providers, ISPs and hosting companies have already accumulated or say squattered enough 4byte IPs to take advantage of the upcoming IP shortage situation and are not rushing the much needed IPv6 hardware deployment as they should?
It's the unnecessary use of IPv6 on private networks.
> The only thing that *fails* is when [...]
thats quite a lot of things failing.
> similar to using an NAT router
no, there are 100 million people connected to the internet using ADSL and all *their* stuff works fine
why, because NAT is a solved problem with lot's of workarounds
ergo: IPv6 is just NAT all over again
we might as well solve the IPv4 address-space problem with huge /8 NAT'd networks.
good luck to the 0.0000001% of the Internet that has "successfully" switch to IPv6 after 20 years of IPv6 promotion.
-paul
For your information, plan B is ISP NAT and a zero-sum game address transfer market. That would allow us to reallocate upwards of 80% of IPv4's addresses, extending the life of IPv4 some 10 to 20 years. It's not a fun prospect, but it's eminently workable -- perhaps even more so than IPv6.
So, anyone who says there's no plan B doesn't know what they're talking about.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
So why do we need entire replacement protocol?
Let's see, IPv6 autoconfiguration is nice, but DHCP is working fairly well by now. So no need for a new protocol here. No checksums for mutable header IP fields? Nice, but does it require a whole new protocol?
What else? Multihoming? Nope, IPv6 doesn't help here. Mobile IPv6? That's just a result of a large address space, so nothing new here.
So, why do we need a replacement protocol if not because of a larger address space?
I'll never switch to IPv6 with its cold, digital precision rendering of data. The lower resolution of IPv4 just provides a better rendition of old favorites like slashdot, to my eyes anyway. Sure, there's some noise, some clicks and pops, but nothing matches wikipedia seen through a nice tube monitor.
September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA
Really?
Well, ok, a little recap:
IPV6 has been resisted by virtually all major players, with few exceptions.
IPV6 is poorly tested in the real world. We will see massive problems getting it working.
IPV6 WILL WORK. It will take some time.
IPV6 will coexist with IPV4 poorly, and we will see a dramatic changeover as the critical mass of IPV6 nodes comes online, and IPV4 is more trouble than it's worth to keep around for a little while longer. My estimate, 3 years.
Asia will lag behind in IPV6 adoption.
Some interesting points:
The U.S. Department of Defense holds 11 Class A blocks. If they could reduce their usage to just 3, we could give IPV6 another 3 years of grace. But:
- If we give IPV6 3 more years, it will still take 3 years from then to substantially implement it. And the industry will take those 3 years to avoid the pain.
- The DOD will need at least 5 years to reorganize and give back those Class A blocks. The Navy alone will need 2 years to negotiate with EDS/HP to make the changes. Read up on NMCI and you will recognize a genuine military-grade CF. NMCI is a failure. IPV6 would merely give EDS/HP another opportunity to gouge the service. They rarely miss these opportunities.
- There are several Class A block owners that look like better candidates for either conversion or elimination. None seem ready to do what the DOD would have to do, i.e. spend massive amounts of time and money to make a change for the community, without any real benefit to them.
Just some personal IPV6 observations:
I had two different Fedora distros fail for me at home because IPV6 was turned on and both my router (Linksys WRT54G stock F/W) and my ISPs (Cox and Qwest) fritzed their IPV6 implementations. No, wait, both ISPs had no working IPV6 in the Phoenix area in 2005-2008, despite claims to the opposite. The Linksys I will probably have to reload with something more useful, but it's the early one that can take a lot of new firmware.
Oh, and turning off IPV6 in each Fedora release required different and arcane methods. A hint to the Linux community - common and stable configuration methods would be a blessing. And not just a GUI. I know, security, security, security. I can assure you, my broken Fedora builds were secure, even from me. A stopped clock is right twice a day.
I think my Ubuntu distro left IPV4 on and IPV6 off, but I haven't looked. It works, and has for 3 years.
Despite the clamoring for IPV6, it just has no traction. Why bother yet? Like a lot of things, crisis will have to escalate to failure before this gets fixed.
If Jon Postel were still with us, he would have already made this happen. I miss him so. We need individuals that drive Internet management and administration, not groups. Internet by committee is failing. Can we not find anyone trustworthy to lead Internet functionality at this level?
No, Stallman is not the answer. And nobody at Sun/Oracle either.
deleting the extra space after periods so i can stay relevant, yeah.
Non-IT Companies like Ford doesn't need to be on a list like this at all. Apart from a a few WAN IPs, a webserver, and a mailserver, they could probably put their whole network behind NAT, and no one would notice.
Basically, this is what is going to happen:
Some ISP somewhere with a /20 is going to project that in 6 months time they will be out of IPs, /20.
and it's going to be too expensive to buy another
So they are going to buy some Cisco-hardware-NAT-appliance and say to their customers: "look here,
you are all on NAT from now on, if you want a real IP you pay extra."
This NAT box will NAT a /20 to a /24 of temp addresses+ports. It will be plug-n-play and
easier than setting up IPv6.
99.9% of customers won't read the announcement and won't notice. They are all NATing through
their DSL modems anyway, and this Cisco equipment will have hacks for all those special
apps that need it to work behind double NATing.
And no one will ever think of switching to IPv6
-paul
... is increased network isolation.
There are services possible with IPv6 that are not possible, or certainly more expensive to implement, with IPv4 and its partitioning and NATs and all that. Think multi-cast, for instance. Or, ubiquitous IPSEC. Or, working QOS that is what ATT, Verizon, and Google ought to be talking about instead of trying to defeat net neutrality. Those are new building blocks.
There is money to be made in new services, if we get off our butts and transition.
Well, apparently, you only have to fool the majority of people for a little while.
A friend of mine just colocated his server. The colo he used gave him 4 or 5 IP addresses for his single computer. Even though he is running VM's, he does not need 4 IP's.
This kind of thing is happening everywhere. Cleaning up that kind of junk will give us time to convert to IPv6
The problem with the approach is that it's very difficult to do in a way that doesn't break backwards compatibility, and if you're going to break compatibility then you may as well fix other things at the same time.
Didn't have to be that way. We could have had an IPv5 with all the addresses and none of the backwards compatibility issues if not for special interests in the IETF:
http://bill.herrin.us/network/ipxl.html
Gets my vote for IPv7...
is why didn't we just go for an extension?
That would have made too much sense and the IPv6 committee wanted to build a monument.
Have you got your LWN subscription yet?
If you can think of a way to expand the address space without expanding the number of bits in the address, I think there's a Nobel prize in it for you.
But to answer your concern, you should look into this cool new technology: http://en.wikipedia.org/wiki/Domain_Name_System
Putting the remaining 2 sections on separate portion of the packet, keeping the first 4 sections normal, would allow legacy hardware to route these, yet trivial to make new hardware to understand.
This would have made minimal to no impact whatsoever for backbone networks at this moment, all it would have needed are:
- Some new edge routers for those who wish to extend
- Software update to operating systems of trivial level
- Instead of Class Cs given for new applicants, you give just a Class D (what is now single IP address)
So they go into the payload? Thus decreasing the amount of real, useful data that you can actually put into the packet and increasing the total number of packets flowing through the backbone, as well as the total amount of data that's being pushed through. This quite obviously impacts the backbone.
You seemingly haven't considered low-mtu links, either. The extra data you have to put into the packet will really start to add up there.
- Software update to operating systems of trivial level
Networking stacks are hard--not because the protocol itself is hard, but because interoperability is absolutely essential. We can't get IPv4-only network stacks right. To suggest that this would be a trivial modification blows my mind.
- System requests dns for slashdot.org
- Switch detects this and waits for response
- Response is arriving, switch looks into the results: (changed to extended)
slashdot.org. 3583 IN A 216.34.181.45.100.100
Changes response IP to:
224.216.100.100
And this adds a huge amount of complexity by breaking the networking stack model wide open. Switches modifying content? No. Just...no.
Y2K was only a minor issue BECAUSE every programmer and their cousin was busy fixing the bugs for several years. A few million man-hours and workarounds from hell later, you'd expect things to function fine. There were vendors that ignored the issue and it is those vendors that reported problems in 2000. It is THOSE examples you should look at, because THAT is what your world would have been had the rest of us not fixed things for you. Be grateful, wretch, that we bothered. Because next time we might not. And there is NOTHING you can do or say to change that.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Hey, did you actually read the fucking article?
What djb says is exactly what's wrong with IPv6.
No, IPv6 clients cannot, under any circumstances, talk to IPv4 ones. They also have to run IPv4. There is no conversion at all, and the IPv4 address space 'inside' IPv6 will never, under any circumstances, be turned into IPv4 when it hits the 'edge' of IPv6, nor will it be turned into IPv6 going the other way.
And, no, routers cannot 'convert' between protocols, as there is no way to convert back and forth. There are ways to tunnel, but no way to convert. The IPv4 address space in IPv6 is just a goofy allocation scheme, saying 'If you have some addresses in another protocol, you get these addresses free also.' They are utterly different addresses in any sense of the word, you can have them on different computers or even different networks.
Christ, you read an article about how IPv6 is broken because the way that people expect the upgrade to work is broken, and you walk away going 'What an idiot. The way people thinks it works is great, and I've decided to ignore the place where points out that way is not, in fact, how it actually works.'
How you think it works, how everyone including djb thinks it should have worked but doesn't, was not chosen, for no apparent reason. Instead, we've got a damn stupid 'dual stack' approach.
Incidentally, I'm no djb fanboy, he's a total idiot in my book. He has no idea of the proper way to actually follow standards and write software, instead choosing to invent entirely different control systems, and that's just the start of the problem.
But that doesn't mean anything written by him is wrong. He's exactly right about how IPv6 fucked up, and if it had been a superset of IPv4 we might actually have an internet that's 90% IPv6 and 10% IPV4, and we'd be talking about the sysadmin's hard choice to keep paying for IPv4-compat IPs or use IPv6-only IPs.
Instead, IPv6 is still almost completely unused, and we've run out of fucking time.
If corporations are people, aren't stockholders guilty of slavery?
I own blocks of IPv4 addresses, yes a query to ARIN produces my name. I own many Domain Names (my DNS bills are substantial). I also own several IPv4 blocks because I purchase a business account for my home internet connection; these ones aren't ownership, but part of product agreement from the ISP I go through. I have co-los directly connected into Yahoo's backbone in the NBC building downtown San Diego. I have considerable network resources, for personal use and as nerdy as it is... I'm proud.
The IPv6 problem largely persists because there is 0 infrastructure support. When I say infrastructure, I mean everything from the AT&T copper telecommunications level all the way to the consumer level Service Providers like Cox Cable or Road Runner services. Almost all "IPv6" solutions a consumer can find is nothing more than a IPv6 WAN configuration scheme between you and your ISPs first router and their router does IPv6 to IPv4 translation for all requests. Some companies might have their own IPv6-to-IPv4 translators on the routers facing their upstream providers... again this isn't connected to a IPv6 "internet". The IPv6 support found in software primarily seems to most revolve around one requirement "translation to IPv4".
I know this might hurt a lot of feelings. Bind Ping, a lot of FOSS software has "native" IPv6 support and I'm not debating this. What I'm pointing out is none of it is anything more than experimental code as there is no real means of testing any of it on a real life network. I have faith in it, yes but I have a hard time thinking it could have been extensively tested on a real network.
I realized all of this after trying to get my co-los on a hardcore, pure, real-life IPv6 network with network addresses and all services go. Even up to the point where IPv4 wouldn't work at all. It logically can't be done at this point in time; there are no big time upstream providers in Southern California that can provide a real IPv6 link, even to businesses such as mid-sized ISPs let alone to consumers. This is the problem, without infrastructure support... all we are doing is translation and pseudo-WANs running on top of IPv4.
All the telecommunication companies need to jump on board. All the major universities need to abandon IPv4 for communicating with each other (effectively converting the major backbone of the internet to IPv6). We need the translators to be in primarily reverse, IPv4-to-IPv6 instead of IPv6-to-IPv4. We need all the major ISPs to start offering IPv6 to the consumer. This is the easy part I think, consumer doesn't care or know the difference.
Adding a few bits would be no easier than adding 96.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
That ought to scare people into compliance.
September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA
Maybe, maybe not. I'm not so sure it is harder now. We are just far more cowardly than we were in the mid 1990s and far less staffed up for change. Heck we got the country moved from DOS to Windows which meant replacing essentially all the hardware. We got the whole world hooked up on local lans, which involved physically touching every computer in the USA.
We scoped it, we did it.
What's changed is that:
1) People are much more dependent on the internet.
2) We've lost the manpower we used to have
I'd love to see IPV6 help fix (2).
The internet was undergoing explosive growth in 1995 people were distracted and focused on change that was happening monthly. There really is nothing complex about doing the shift to IPV6 by 1990s standards. You go in you, you tell people how to switch to the new system, you replace the old equipment with the new; configure away any bugs.
Further, the internet is big enough now that the FCC for example could just declare various days that things happen.
Feb 1, 2011 all ISP must provide IPV6 technology or lose their right to use of telecommunications / cable company interconnects for data.
April 1, 2011 All corporations operating in the United with over 50 employees must have a list of all routers and switches not IPV6 capable or lose their right to business class connectivity.
etc.... It really isn't that hard to do as a series of dictates. The US government used to lead on technology shifts. They refused to so under the GW Bush administration but that doesn't mean they couldn't go back to leading like they did under Clinton and HW Bush.
So in 1995 it would have been much easier when getting on the internet was supposed to be hard, and people expected it to be tricky and thus followed instructions. Also far fewer protocols you had to get working all at once. On the other hand you don't have a unified infrastructure. In 1994 I still would have believed that gopher was more important protocol than HTTP as far as information sharing.
Moreover I'm not even sure people would have wanted it. I would have wanted a much more hierarchical internet like we had but were losing. That sort of internet allowed for community, a low security environment. Things like spam, heck advertising didn't exist. I wouldn't have seen enabling commercial activity the way it exists today as a good thing. I probably would have been against the massive proliferation which is the whole point of IPV6. Widespread internet ubiquity destroyed accountability. We still had an open internet in 1995. If I could have looked 5 years in the future I'd see how cool the commercial internet would become and absolutely I'd say that's worth losing the open internet. But in 1995?
Remember the commercial people were online service providers that offered internet as a gimmick on top of their core offerings.
So no, I don't think its harder now. Its more work absolutely but that not the same thing.