Slashdot Mirror
Military Pressuring Vendors On IPv6
netbuzz writes "US military officials are threatening IT suppliers with the loss of military business if they don't use their own wares to start deploying IPv6 on their corporate networks and public-facing Web services immediately. 'We are pressing our vendors in any way we can,' says Ron Broersma, DREN Chief Engineer and a Network Security Manager for the Navy's Space and Naval Warfare Systems Command. 'We are competing one off against another. If they want to sell to us, we're asking them: Are you using IPv6 features in your own products on your corporate networks? Is your public Web site IPv6 enabled? We've been doing this to all of the vendors.'"
Say you love IPV6, damn you! Say it!
I'll be pretty suspicious if Steve jobs tried to pitch me a mac while he is running fedora on his personal laptop. Point taken, good job I suppose.
Based on current rates of growth and industry trends, how long will it be before the IPv6 space is exhausted? Given how hard this transition is, would it be better to go directly to IPv8 or some kind of variable-length scheme?
DREN Chief Engineer? I don't think that means what you think it does.
I work for a military contractor. I can confirm that we a.) have no orders from on high to move to ipv6, and b.) have no plans to move to ipv6. This is most likely just one tiny section of the military - it's by no means across the board.
As long as they're applying this across the board and not playing favorites (at least not without a damn good in-writing reason), I'm okay with this. I fact, I don't really see IPv6 being adopted soonish absent measures like this.
2^128 unique address. I don't think we'll be exhausting them any time soon. That's like each person on earth have access to roughly 10^38 unique address.
Huh?
That's not enough to address the cells of one human body.
(Of course putting your medical nanobots on the internet would be a pretty dumb move. DoS attacks would sink to a new level - about six feet under, while BSoD would become quite literal.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Maybe we should just go all the way to IPv11! That's what I'm talkin' 'bout! All Your Base Are Belong to US!
I upgraded my systems to ipv6 even though I just have IPv4 by signing up for a free tunnel broker service. I recommend SixXS if you are serious, or one of the others if you just want to flirt around with IPv6. Basically, you open a tunnel on one of the machines, it starts radvd which activates ipv6 on every machine on your LAN automagically, and thats all you do. Perhaps edit a config file here or there to turn on ipv6 if its lacking for some reason. The radvd machine broadcasts on your net and provides something like DHCP for all your ipv6 enabled machines which usually just pick it up on the fly with no reboot or anything required.
Clickety Click
Anyone with IPv4 addresses can use 6to4 right now to provide IPv6 connectivity. Software support for IPv6 is common, e.g. apache, postfix, etc. Operating system support is widespread, e.g. linux, *bsd, etc.
There are no real barriers to having IPv6 public facing services for vendors except rank incompetence.
Oops. Need to check my math BEFORE posting. B-(
About 47 bits to address the cells of one body (if you only have one device with one port each and nothing for other stuff). Another 33 for the current population. That's only about 2/3 of the bits.
Still, IMHO that's starting to get a little tight. You'll probably want more than one bot per cell, one port per bot, and that's not even counting things like the intestinal bacteria (which out-count the body cells by enough to reduce the body cells to a footnone.) More significantly, there are a LOT of things besides people's guts that could use such molecular-machine attention.
So IMHO ipv6's address space is only adequate for macro machines on one planet.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I'm presently in a web developer course -- mostly because my company is paying for it and I will get some paper that can maybe help me change careers -- we don't need to talk about that unless you're just interested. But as I am in Northern Virginia, I meet a lot of people who work for government or contract for and around government. One of my classmates works for the department of state. This person has to deal with sharepoint. Not only does it depend on MSIE but it even breaks MSIE in some ways. (A site created to work with MSIE suddenly becomes weird when loaded into a Sharepoint server... yeah, I am sure a little knowledge and understanding could smooth the problem through, but damn! It's a web page. Should implementing HTML really require special knowledge of a special server? HTML was supposed to be a standard.) Anyway, the MSIE centric nature of government is beyond sickening to me. If the web development classes have taught me one thing, it's that Microsoft is harming the internet and the desktop in ways that people will simply never comprehend fully. It won't be until people finally overcome their dependency on Microsoft that people will begin to see... we're still a long way from that point, but we've made significant progress.
Well, if you want to access each and every bacteria in your body from the Internet, you may as well write a higher level protocol just for this purpose. Your body can get a IPv6 address, and then you layer a Body Protocol on top of it. You can store a Body Address in the IP payload just fine. An since your application will be speaking this protocol, while everyone else won't give a shit, it should be perfect.
IPv6-enabled content is the first half... now to get a big ISP to enable it across all their systems (someone like Comcast, but more competent)
I keep hearing this "Oh, you must move to IPv6 now!" as if this can be done with a wave of a wand and completely ignoring the current economic realities of the chicken and egg situation we are in. I've also seen some wankers who think that giving lists of network equipment that supports IPv6 and that they've converted their basement office to IPv6 means that we can all magically start using it.
IPv6 is completely incompatible with IPv4. Don't give me any of that tunnel crap because organisations are going to have to maintain two different network systems within their infrastructure, and to be practically usable it has to be largely forwards compatible as well. Just take a look at the hair-pulling in mixed IPv4 and 6 networks with things like Windows Server. The hard requirement should have been a direct addition to IPv4 that would be as backwards compatible as possible, but no, the IPv6 weenies decided that we should be 'saved' from all of the mistakes of IPv4. This is where computer people are derided in other industries because they won't do what is necessary to keep the systems going we have now, warts and all. You don't rip out sewer systems and replace them with something you think is far better.
Solutions? There's a few and they are just unpalatable things we are going to have to swallow:
1. Auditing of all public facing systems and as much IP address sharing as possible.
2. Much IP address usage on the web has been brought about by SSL. SNI virtual hosting will help there.
3. IP addresses will get much more expensive and any unused IP addresses will simply be taken off you.
4. Far, far greater use of NAT and the sharing of external services via as few IP addresses as possible.
5. Beyond that we will probably have some sort of DNS extension where you can find a particular service on a port on an IP address with systems behind NAT.
IPv4 is here and is not going away. IT and computing people need to learn the hard way what is required in building and keeping infrastructure that is heavily relied on going.
....as soon as Consumer/SOHO routers that support it are in the right price range.
Right now, the lowest priced item on Newegg that comes up for IPv6 is a cable modem, which I don't need, and that's $77.
Then there is the Cisco router starting at ~$133 on sale.
OpenWRT does it, and it looks nice, but I don't have the time to fiddle with flashing a router right now.
When are we going to see a company hack something together with inexpensive chips, and flash that is dedicated to just running OpenWRT, then sell it?
Make America grate again!
There might be some pressure in the States to push IPv6 adoption, but there's none here in Australia.
Every consulting project I've been on in the last two years, I've asked this standard question: "Do you have a business requirement or mandate to deploy IPv6 now or in the future?"
Inevitably, the answer is "No."
Here in Australia, at both private enterprise and government, nobody has even begun to think about IPv6 at any level. Nobody requires IPv6 capability when purchasing software or equipment, and even when the capability is available, nobody turns it on. The more "IPv6 aware" clients turn it off to avoid compatibility issues. Even when I offer to implement IPv6 for some new system ("no extra cost, I'll just turn it on"), nobody wants it.
Pure IPv6 networking will be particularly hard to implement. I've tried experimental setups with products from various vendors. The usual result is that with IPv6 only most things work, but some things break. Stop and think about this for a moment: imagine if that sentence was: "the usual result is that with IPv4 addresses most things work, but some things break." That would be totally unacceptable for any enterprise software, yet it's "perfectly acceptable" for every major vendor to ship software where that's the situation with IPv6, because... nobody cares. The failures are often quite pathetic too, like dialog boxes that require an IPv4 address to be entered, even if it's never used or needed, or only accept IPv4 address for things like DNS servers. Clearly vendors have never tested their products in pure IPv6 environments, or did test them and decided it's too much effort to fix for something nobody cares about.
Let me whip out my crystal ball and predict that when IPv4 addresses run out and organisations scramble to implement IPv6, it's going to be a rush job, and we'll start hearing horror stories of incompetent admins that inadvertently bypass or break firewall rules by enabling IPv6 and cause major issues. These reports in turn are going to scare off management, who'll assume "IPv6 is bad", because they "read about some horror story of how Incompetent-r-Us Pty Ltd was hacked when they turned IPv6 on, hence, IPv6 must be insecure". Combined with stories of broken software and issues like IPv6-connected browsers waiting 30-60 seconds for IPv6 requests to time out, I'm certain that nobody is going to start using it until absolutely forced to.
It's a bad, bad sign that all the major websites like Google and Facebook have "ipv6.normalurl.com". That's because practical IPv6 implementations are often broken, and if enabled it on the main website, it breaks it for a huge fraction of users. If Google and their like can't implement IPv6 transparently without issues, and are forced to create "experimental" websites, then what hope does the typical admin have?
"That's funny, this is the first time someone ask." wash, rince, and reuse
Franck Martin
Avonsys
Standards are so wonderful, aren't they? After all, there are so many of them to choose from.
Good, inexpensive web hosting
In practice when I've worked with these guys (as a vendor) and been game on, lets install this in your IPv6 environment - things get quiet real fast. This is only about them trying to squeeze more from their budget dollars. They *have* software today that works in that environment. Guess what? They won't install it in anything but IPv4 networks.
That $400 hammer looks like a bargain when you deal with these folks. Sure, the engineering for the actual hammer costs $40, but all the other crap they 'want' the vendor to do does get added to the cost of the product.
Full of dumb...
+++ UGUCAUCGUAUUUCU
So there IS a purpose for NAT in the future...
back in 1946 the military got rid of racial segregation, and opened up any post to anyone of any color. It took the rest of the government 20+ years to catch up.
How about the entire federal gov't follow the army's lead and REQUIRE ALL COMPUTERS, ROUTERS AND NICS BE PRECONFIGURED FOR IPV6 OUT OF THE BOX from all vendors by end of 2012, or they don't get a gov't contract. How about it, Nancy Harry and Barry?
Yeah, old saying is old.
It's not applicable to HTML, however. It is a communications/media interchange format. When one expects to read and interpret data of a particular format, it needs to work as it is claimed to be. It might be okay if the HTML headers came out to say "Microsoft HTML 1.0 specification" or something like that. Instead it all comes out claiming to be some other standard.
Stargates ain't cheap to run yo.
I will wait until my ISP sends me the 'Or Else' letter
From wikipedia
IPv6 is largely incompatible with IPv4 at the packet level, and translation services have practical issues that make them controversial.[2]
IPv6 and IPv4 are therefore treated as almost entirely separate networks with devices having two separate protocol stacks if they need to access BOTH NETWORKS.
Sorry, I am not going to rush out and embrace this obvious clusterfuck.
Sounds like IPV6 is the Windows ME/ Vista/Edsel of network protocols.
Is the world waiting for some dumb schmuck to point out "The Emperor has no clothes" on IPV6?
OK, I'll Bite, THE EMPEROR HAS NO CLOTHES.
How come this is such a sacred cow? What is wrong with telling the packet geeks, NO! 'Back to the drawing board'. Enough already.
This article comes up every 6 months and nobody does nothing. It is obviously a dead issue. Are we going to see Bono and Melissa Ethridge for IPV6 next?
If windows 7 adoption is so slow because of legacy concerns, how is touching / replacing every box in the whole company going to fly?
It is not.
... and the 'poor planning' simile fits forced IP6 adoption far better than IP4 addy assignment audit/revision across the board.
The OP is right. Many organizations have large IP4 blocks that are not justified or properly utilized. I recently encountered a city hospital (!!) in northern NJ which has a PUBLIC IP4 ip for every floor. Pretty silly and exactly what the OP is talking about. Never mind the old A, B, C type allocations that have been left alone since old post ARPA days. If an organization wants a public IP4 addy, it should get only one and manage it properly. Yes that will take some work, but far easier than IP6 implementation.
The real IP6 motivation appears to be that Big Brother wants to be able to trace all traffic directly to a specific source host, which full IP6 adoption would make possible. IP6 adoption should be resisted by the free world on that principle alone.
Furthermore, you do realize that most IP4 and IP6 stacks are usually implemented separately, right? Considering that the US gov't is evidently still having trouble securing its IP4 based hosts, imagine how it is going to do with the challenge of securing them in an IP6 environment.
Can you say - come in - we are open, wide open, i.e. "Welcome, Chinese hackers..."
There might be some pressure in the States to push IPv6 adoption, but there's none here in Australia.
You've just mentioned Australia in a context relating to internet access.
Consider the thread ended.
Obviously that didn't work.
Twenty years later, and ONE branch of the US military thinks it can make a difference?
Sorry, US Navy.
Like everything else about the Internet, innovation will come from private enterprise. We don't mind accepting Federal money, but your contract lawyers and funky colored skittles won't change the Net. Oooh... piece of candy.
E
IP - written by Bolt Beranek and Newman (now part of Raytheon)
BGP - written by Cisco and IBM
ROUTERS - produced by Cisco, Juniper, Redback, and others
(in other words, while DARPA provided $$$, the real innovation wasn't done by the military or US govt.)
I'm a networking guy excited to play with some new tech, but I've been putting off converting my 'basement' network to IPv6 because sure, all the PCs (mac and linux) and routers (cisco and openWRT) will be easy, but what about all my legacy appliances? I check HPs website every 6 months or so to see if they've released a firmware update for my multi-function printer/scanner, but nothing. So far Polycom hasn't mentioned any support for their SIP phones, and Asterisk is still just dabbling with it - so far only SNOM and Yealink (and yealink only as of November) support IPv6 SIP phones (that I've been able to find), and SIP is supposed to be one of the IPv6 'killer apps', since all the hassle of transitioning NAT goes away. I won't even go into my mvix media player, chumby alarm clock, or nabastag wifi talking rabbit. Is it safe to assume the Wii doesn't do IPv6, either? I have yet to find an ISP that is even considering IPv6. I was impressed apparently the iPhone supports IPv6 since iOS v4, and that my folks Brother LaserJet (wifi/ethernet) supports IPv6, but I don't want to upgrade my printer just to not have to mess with dual stacks - I guess we'll get there eventually.
I'll start playing with dual stacks one of these days, but at the moment it doesn't appear to get me anything beyond novelty and geek cred.
I will wait until my ISP sends me the 'Or Else' letter
From wikipedia
IPv6 is largely incompatible with IPv4 at the packet level, and translation services have practical issues that make them controversial.[2]
IPv6 and IPv4 are therefore treated as almost entirely separate networks with devices having two separate protocol stacks if they need to access BOTH NETWORKS.
Sorry, I am not going to rush out and embrace this obvious clusterfuck.
You really should be asking your ISP why they failed to deliver IPv6 to you for the last 10 years. It's not like this is new technology. I've been supporting IPv6 in the products we ship for over a decade. I've been using IPv6 at home for 7+ years.
Sounds like IPV6 is the Windows ME/ Vista/Edsel of network protocols.
Is the world waiting for some dumb schmuck to point out "The Emperor has no clothes" on IPV6?
OK, I'll Bite, THE EMPEROR HAS NO CLOTHES.
How come this is such a sacred cow? What is wrong with telling the packet geeks, NO! 'Back to the drawing board'. Enough already.
This article comes up every 6 months and nobody does nothing. It is obviously a dead issue. Are we going to see Bono and Melissa Ethridge for IPV6 next?
If windows 7 adoption is so slow because of legacy concerns, how is touching / replacing every box in the whole company going to fly?
It is not.
Just turn it on in the router and most of the rest of the boxes on the network will auto configure themselves. Go on. I dare you to turn on IPv6.
Maybe the military could just specify IPV6 and not act like douchebags to the salesmen that have to stop by.
Their they're doing there hair.
What a load of BS. Dual stacks is not at all hard, it's easy, and transparent and just works.
I turned on IPv6 on at home and on the development network at work. Everything which does IPv6 autoconfigured itself, Windows PCs, Linux PCs, Macintoshes, even my damned iPhone autoconfigured an IPv6 address, and it all *works*. IPv4 only services work, and IPv6 services work. It's easy. Both "legacy" IPv4 is supported and works, and the new IPv6 works.
Oolite: Elite-like game. For Mac, Linux and Windows
Your post makes me salivate. That makes me scared :(
(If anyone wants to send me even a single IPv6 /64 network worth of pennies, please email me for contact information.)
Not exactly, but I have this chessboard, you see...
Sticking with IPv4 means constructing an ever more elaborate set of workarounds on top of each other.
Think of it this way: IPv4 creates jobs!
make sure you pay extra attention in the networking classes
I recently TA'ed a $Something and Networking class. We did IPv4, TCP/UDP, a bit of ARP. I gave pointers to out-of-scope practical stuff to my students (DNS, DHCP, RFCs @ IETF, ...).
I think we were quite justified in teaching this, because this is the technology the students will most likely be faced with---and because it teaches networking principles reasonably well.
(YMMV, FWIW, BLAH)
Has there been any chatter that indicates that the ISPs will be implementing ipv6 over ipv4 servers at their borders?
... in the unlikely event this wasn't meant to be a joke: IPv6 would provide sufficient addresses to provide each of the 7 billion people on earth 5 x 10^28 addresses. I've also heard it said that IPv6 would provide enough addresses to assign one to every atom in the observable universe (can't confirm that one, though).
So, to answer your first question: IPv6 addresses will be sufficient for pretty much forever.
This is a solved problem.
Why are people bitching about an issue that's been long addressed? I mean, there are a lot of reasons to complain about the way IPv6 was spec'd and implemented (why the hell did it take the IETF so fucking long to realize NAT64 was necessary??), but this certainly isn't one of them.
The D-Link DIR-615 has IPv6 support. I've been using it for IPv4 and IPv6 for almost a year. The current price on Amazon for the D-Link DIR-615 is $23.99.
I bought one at Office Depot for $50. It was the cheapest router they had.
A common shtick in third-rate science fiction is that when the crisis hits, the civilian government is busy pretending there's no problem, when the military heroes save the day. Like a lot of other people posting here, I'm not used to endorsing the military strong-arming anyone, but in this case, I'm relieved to see someone with some authority actually taking the problem seriously.
We've got about 58 days left before we run out of assignable IPv4 addresses. IPv6 has been ready-to-go for years, except for the ISPs, which are dragging their feet. Yes, I know about Comcast's beta testing -- I signed up to beta test dual-stacking over a year ago. They should have been rolling this out years ago, not running a tiny beta test at a glacial pace at the last moment.
I'm not sure how serious a problem suddenly running out of assignable IPv4 blocks will be for the global economy. It's certainly going to be a serious problem for IT. Continued expansion of the Internet, and services based upon it, depends upon IP addresses being available. A lot of us remember the comic overreaction to the Y2K problem -- in this case, there seems to be a comic underreaction.