Slashdot Mirror

← Back to Stories (view on slashdot.org)

Military Pressuring Vendors On IPv6

Posted by Soulskill on from the small-arms-fire-can-be-a-powerful-motivator dept.

netbuzz writes "US military officials are threatening IT suppliers with the loss of military business if they don't use their own wares to start deploying IPv6 on their corporate networks and public-facing Web services immediately. 'We are pressing our vendors in any way we can,' says Ron Broersma, DREN Chief Engineer and a Network Security Manager for the Navy's Space and Naval Warfare Systems Command. 'We are competing one off against another. If they want to sell to us, we're asking them: Are you using IPv6 features in your own products on your corporate networks? Is your public Web site IPv6 enabled? We've been doing this to all of the vendors.'"

59 of 406 comments (clear)

  1. Say it! by Anonymous Coward · · Score: 4, Funny

    Say you love IPV6, damn you! Say it!

    1. Re:Say it! by c0lo · · Score: 4, Insightful

      I never thought I'll be agreeing with the idea of "army applying pressure" would bring anything good... until now.
      (note to myself: seems like I'm growing old faster than I thought).

      --
      Questions raise, answers kill. Raise questions to stay alive.
    2. Re:Say it! by c6gunner · · Score: 2

      Easy. The rear admirals are well known for applying pressure on the poop deck. They heard that the internet is a series of tubes, and, well, there ya have it ...

    3. Re:Say it! by gtall · · Score: 2

      Comedy aside, the Navy is the most technologically adept of all the U.S. military services. They do a lot of their own research as opposed to the Air Force which contracts out most of its which leaves the Air Force pretty much clueless. The AF are the guys who attempted to take over "cyber" work in military until Gates stepped on them. Their idea of cyber security is "standardizing on Microsoft products"....and actual edict from their most senior people.

  2. Well by zero.kalvin · · Score: 4, Insightful

    I'll be pretty suspicious if Steve jobs tried to pitch me a mac while he is running fedora on his personal laptop. Point taken, good job I suppose.

    1. Re:Well by ushering05401 · · Score: 5, Insightful

      Yeah, good job and more please.

      Whoever writes the speeches @ 1600 Penn ought to make sure this one at least gets some lip service. While not a big deal for the general public, it is something that shows some common sense due diligence and proactive thinking from a widely vilified branch of our Federal machinery.

    2. Re:Well by arth1 · · Score: 3, Informative

      More likely the military loves IPv6 because it's by nature a lot more traceable -- it defaults to unique addresses for each host, and even contains routing information.

      Granted, you can set up a fc::/7 network, and fake-NAT outgoing traffic, but even then your internal address is likely unique. When intelligence find a HD or USB key with an internal IP 192.168.0.15 in a log, it doesn't help when there are millions of networks out there with 192.168.0.0/255 networks, but if the address is fd17:192b:3fa7:0031::000f, there's a much better chance that it can be matched against a unique destination.

    3. Re:Well by caerwyn · · Score: 4, Interesting

      Actually, it really depends on the company you're looking at. One of the biggest problems isn't so much the $2000 hammer, but the "not invented here" syndrome that causes it.

      The government, and DoD especially, does procurement and research based on contracts. The problem is that the results of contract A are not well shared with the contractor for follow-on contract B- which means that they end up reinventing the wheel, and doing all the same work that A did, just to work on the problem that B was supposed to handle.

      Hence, many of the companies that do the work are, in isolation, especially the smaller ones, reasonably efficient. But the system as a *whole* is horribly inefficient, and the *big* companies that are involved in this whole thing can rake in huge profits and support huge bureaucracies in the process, so they have a vested interested in lobbying for the status quo.

      --
      The ringing of the division bell has begun... -PF
    4. Re:Well by adavidw · · Score: 2

      Well, Steve Jobs spent at least a few years pitching macs while running NextStep on his personal ThinkPad (1998 to around the time of OS X release in 2001). Not quite the same, since NextStep in a way represented the future of the product. But still, there's no better to way to reinforce the perception that the current direction of the company is a dead end than for the CEO to not use the company's products.

    5. Re:Well by SuricouRaven · · Score: 3, Interesting

      One better, actually: Auto-allocated addresses include the host's MAC address. Get someone's IPv6 address, and you can figure out roughly what motherboard or network card they have - and if you can sieze their computer, confirm if that computer actually has that MAC. Some OEMs might even keep MAC-to-Customer-Address databases.

      All this assuming that the user doesn't just fake their MAC address of course, which is trivial.

    6. Re:Well by Cyberax · · Score: 2

      "Auto-allocated addresses include the host's MAC address."

      Unless privacy extensions are used.

  3. How long will IPv6 last? by Anonymous Coward · · Score: 3, Funny

    Based on current rates of growth and industry trends, how long will it be before the IPv6 space is exhausted? Given how hard this transition is, would it be better to go directly to IPv8 or some kind of variable-length scheme?

    1. Re:How long will IPv6 last? by TheDarAve · · Score: 2, Funny

      640k of address space should be enough for anyone.

    2. Re:How long will IPv6 last? by Nethead · · Score: 3, Insightful

      You try to design a router ASIC with variable length addresses!

      --
      -- I have a private email server in my basement.
    3. Re:How long will IPv6 last? by Anonymous Coward · · Score: 2

      Until the surface of Earth resembles Coruscant.

    4. Re:How long will IPv6 last? by zero.kalvin · · Score: 5, Informative

      2^128 unique address. I don't think we'll be exhausting them any time soon. That's like each person on earth have access to roughly 10^38 unique address.

    5. Re:How long will IPv6 last? by Nethead · · Score: 2

      Why IPv8? Why not IPv9?

      http://www.rfc-archive.org/getrfc.php?rfc=1606

      --
      -- I have a private email server in my basement.
    6. Re:How long will IPv6 last? by Byzantine · · Score: 2

      Trantor is prettier.

    7. Re:How long will IPv6 last? by Nethead · · Score: 4, Insightful

      We're down to the last 5 IPv4 /8 netblocks. A little late for that.

      --
      -- I have a private email server in my basement.
    8. Re:How long will IPv6 last? by Junta · · Score: 3, Informative

      Though things aren't likely to exhaust any time soon, that's a fairly naive perspective on it.

      2^121 addresses are knocked out by ULAs, 2^118 knocked out by link-local addressing, 2^120 are only available for multicast. In aggregate, a small chunk, but sizable.

      Then, there is the inefficiency of distribution. Nothing smaller than /64 is ever supposed to be given to any single network segment. Currently, nothing smaller than a /48 is supposed to be given to an entity allowed to do routing (e.g. houses), though some have proposed allowing /56. Just like some places have 16.7 million IP addresses that don't need them, similar inefficient allocations will be made in IPv6 world.

      In order to do a competent assessment, a more complex projection is required.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    9. Re:How long will IPv6 last? by Gerald · · Score: 2

      There are 2^125 *global* addresses, you resource-hogging Earthist pig.

    10. Re:How long will IPv6 last? by bcmm · · Score: 4, Informative

      Based on current rates of growth and industry trends, how long will it be before the IPv6 space is exhausted?

      (Deep breath)
      When we have colonised the entire observable Universe (at a (hugely over)estimated one habitable planet per star), our descendants* will be able to own about three-quarters of a million cellphones each.**

      Given how hard this transition is, would it be better to go directly to IPv8

      If you mean we should skip a step while we're at it, we are: we're going straight from 32-bit to 128-bit, rather than 64-bit.

      * In before "this is Slashdot".
      ** 715,925 cellphones should be enough for anyone!

      --
      # cat /dev/mem | strings | grep -i llama
      Damn, my RAM is full of llamas.
    11. Re:How long will IPv6 last? by geniusj · · Score: 2

      ASNs+BGP for every home!!!

    12. Re:How long will IPv6 last? by vijayiyer · · Score: 2

      There are large corporations with whole class A blocks that expose all their internal addresses because it has nothing to do with security. So much for your "no organisation" argument.

    13. Re:How long will IPv6 last? by j-beda · · Score: 2, Insightful

      But, man, is it going to be a pain to switch to IPv8 at that point!

    14. Re:How long will IPv6 last? by CyprusBlue113 · · Score: 4, Insightful

      You should refrain from lumping the rest of the world in to your little delusions, the rest of the internet that actually works in networking, do not in fact, share your paranoid view of "OMG PEOPLE SEE MY IPS! THEY CAN HACK ME!" and are actually quite comfortable in the significant distinction between stateful fire-walling and IP masquerading / Network Address Translation.

      You may have actually had a smidgen of an argument if you had brought up PI space as opposed to using assigned space in your uninformed rant due to portability issues when switching carriers or multihoming, but unfortunately, you avoided even the one tiny hope of an argument you could have made in your favor.

      As to your DNS vs IP comment, (although this applies to your previous ranting as well) To quote a favorite movie of many:
      What you just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone in this room is now dumber for having listened to it. I award you no points, and may God have mercy on your soul.

      Thank you for warning the rest of the internet of your ignorance, I have as such, marked you as -1 in my list, and appreciate the gracious warning so that I may avoid your drivel in the future. Have a nice day =)

      --
      a handful of selfish greedy people are no match for millions of selfish, greedy people -u4ya
    15. Re:How long will IPv6 last? by walshy007 · · Score: 2

      Why on earth should consoles and internet-aware appliances at my folks house need a public address?

      VOIP is one application, being the game host in a multiplayer game is another. Nat essentially makes the internet one-way and to get around it involves serious hacks.

      NAT == BAD seems to be a religious expression more than anything actually practical.

      Suuure, because being against seriously breaking networks is a religion...

      As for DNS... are we going to have a DNS server in every home now too?

      router does this job, most modern ones already do. get a domain for your network and allocate subdomains from your router.

    16. Re:How long will IPv6 last? by owendelong · · Score: 5, Insightful

      There is a difference here. IPv6 would be the equivalent of IBM saying something more like:

      640 exabytes ought to be enough for anyone.

      (note by exabyte I mean 1000 terabytes, not Exabyte the brand name of many 8mm digital video tape drives).

      340*10^36 (the IPv6 address space) is more than 10^26 times the current demand for addresses.
      Compare to 640k which was roughly 10^1 times the standard memory size for machines of the day.

      In fact, today, I doubt you can identify many (any?) machines with more than a terabyte of RAM.
      In fact, it's rare to find more than 128GB of RAM capacity in most machines. (64GB is roughly
      100,000 times the original 640KB number, so 128GB would be 2*10^5 times 640KB).

      To put the comparison in some perspectives you might be able to wrap your head around...

      If you were to allocate an almond M&M for every 256 IPv4 addresses, the resulting amount
      of almond M&Ms laid out in a 1-M&M thick layer would cover only 70 yards of an american
      regulation football field (NFL, not FIFA). (16.7 million M&Ms, 1 for each IPv4 /24 prefix)

      Contrast that with the number of IPv6 /64 prefixes (a bit more than 18 quintillion) which
      would provide enough M&Ms to fill all of the great lakes.

      Where each /24 can accommodate a single router and up to 253 other hosts, each
      IPv6 /64 can accommodate more hosts than you could ever physically put on any
      conceivable scale of network gear (18 quintillion+ hosts).

      There will not be a likely shortage of IPv6 addresses in any of our lifetimes.

    17. Re:How long will IPv6 last? by c0lo · · Score: 2

      IPoAC?

      --
      Questions raise, answers kill. Raise questions to stay alive.
    18. Re:How long will IPv6 last? by smash · · Score: 2

      We can simply start using NAT... :D

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
    19. Re:How long will IPv6 last? by smash · · Score: 2

      Sorry can you please post the size of the ipv6 pool in something people can relate to, such as libraries of congress?

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
    20. Re:How long will IPv6 last? by owendelong · · Score: 5, Informative

      I'll try...

      I have no idea of any meaningful measurement of Library of Congress for comparison, sorry.

      It takes 39 digits to define the number of addresses in IPv6. Only 10 digits to define the number of addresses in IPv4.

      If you treat each address as a unit of mass and consider IPv4 to have mass equivalent of 7 liters of water, then, IPv6 would have mass equivalent roughly to Earth. (The whole earth, including all the oceans, lakes, land masses, people, buildings, etc.)

      In IPv4, there are more than 1.5 people alive today for every address.

      In IPv6, there are 50,041,524,547,196,832,862,260,971,681 addresses for each person alive today.

      Or, perhaps consider the following:

      The US public debt is 13,848,000.000,000. If IP addresses were pennies, we would need 3,462 IPv4 internets to pay it off. The IPv6 address space, converted to pennies, OTOH, would pay the public debt more than 24,572,672,365,752,344,270,896,491 times.
      (If anyone wants to send me even a single IPv6 /64 network worth of pennies, please
      email me for contact information.) ;-)

      Hope that helps.

    21. Re:How long will IPv6 last? by Drishmung · · Score: 4, Informative

      You try to design a router ASIC with variable length addresses!

      You and I might struggle, but Tony Li didn't seem to have a problem with it. Really. Go and look at Google Groups for info.big-internet around 1993-1994 and see Tony provide pseudo-code that demonstrated that variable length was not a problem for ASICs, nor was it any slower.

      Yes, it is obvious that fixed length must be better than variable length. Yes, that is incorrect. What everyone 'knows' may be far from the truth.

      Now, continue surfing using the more efficient, cheaper ATM (fixed size cells) NIC rather than that inefficient , expensive Ethernet (variable size frames) NIC.

      --
      Protoplasm. Quiet Protoplasm. I like quiet protoplasm.
    22. Re:How long will IPv6 last? by Cinder6 · · Score: 3, Insightful

      I'll try...

      I have no idea of any meaningful measurement of Library of Congress for comparison, sorry.

      Got one for you. The Library of Congress has (according to Wikipedia) 21814555 catalogued books. There are 2^128 IPv6 addresses. Thus, each book can have roughly 1.56 * 10^31 addresses assigned to it.

      --
      If you can't convince them, convict them.
    23. Re:How long will IPv6 last? by Yaztromo · · Score: 2

      Because NAT is perfect for plug-n-play devices with questionable per-device security. Why on earth should consoles and internet-aware appliances at my folks house need a public address? They don't know much about security and getting rid of in-home NAT just exposes them to far more risk.

      No, a stateful firewall is what is protecting them, not NAT. Nobody is suggesting that homes will no longer need a "router" device for their computing devices, consoles, media players, and other net-enabled devices to sit behind, which by default block all incoming port requests. That will remain the same. Having a private internal address doesn't fix those less-secure devices -- it's the device at the gateway to your home that permits or denies access. This won't change with IPv6, but you'll be able to have public addresses that are directly routable for those devices that do need them.

      (Apple's Airport Extreme has a stateful IPv6 firewall built in, and it's default i a to block everything. It has the same interface to explicitly allow certain ports to certain hosts as for IPv4 with NAT, and does the same job).

      Yaz.

    24. Re:How long will IPv6 last? by arth1 · · Score: 2

      Actually, there's a myria between mega and giga, but it isn't used much, because we tend to only think in terms of 1000^N or 1024^N. Oh, and because while it's part of the metric system, it's not an SI unit (but then again, neither is mega when used for 1024*1024).

      But the next time you want to screw with someone's head, you could say 100 myriabytes instead of a gigabyte.

    25. Re:How long will IPv6 last? by Vegemeister · · Score: 2

      Just firewall off whatever devices shouldn't be globally reachable.

    26. Re:How long will IPv6 last? by owendelong · · Score: 2

      Nope... I deliberately chose one that was even beyond Peta because the scale is really much much larger. Peta wouldn't cut it. Exa is probably even short, but, I don't know what the term is for exa *10^11.

      IPv4 = 4.2*10^9
      IPv6 = 3.4*10^38 (or almost IPv4 * 10^29)
      Exa = 10^18

      So, IPv6 = IPv4 * Exa * 10 ^ 11.

      Bottom line, the claim "640k ought to be enough" was based on 10x standard memory of the day.

      IPv6 ought to be enough is based on 8.5 * 10^28 times the IPv4 address space, so an accurate memory comparison would be the claim:

      85 brontobytes ought to be enough memory for everyone

      Do you know any one who is likely to even be able to conceive of 85 brontobytes in the lifetime of anyone now living, let alone actually procure it or address it in a system?

      Didn't think so.

    27. Re:How long will IPv6 last? by TheRaven64 · · Score: 3, Insightful

      At a minimum, each home user is going to be assigned 2^48 IPv6 addresses. That's enough for your private network to be 2^16 times bigger than the current Internet - wasting addresses is not really a problem. Will this leave enough for routing? It means that the netmask will be 2^80 bits. To put that in perspective:

      Imagine a network arranged like a tree. At the top level, you have as many routers as there are IPv4 addresses - roughly as many as there are Internet-connected devices now. Each of these routers controls a subnet the same size as the IPv4 address allocation, so you have a network the size of the Internet, where every node is a network the size of the Internet. Each of these leaf nodes is actually a network, connecting 65336 computers. The total number of computers on this network is the number of networks that IPv6 allows with this allocation scheme.

      Or, to put it in human terms, there are currently around 6x10^9 people on the Earth. If every person had as many networks as there are people alive today (each one, 2^16 times bigger than the current Internet), then we would be using just over 0.002% of IPv6 addresses.

      In fact, you want to waste addresses with IPv6, because it makes routing simpler. Every time you split an allocation into two subnets, just steal another bit for the subnet mask. An ISP would not allocate you a single IPv6 address, because it would make their routing tables horribly complicated.

      As to NAT - you can do it, but there's really no point. If a node should not be globally reachable, tell your firewall to drop packets to and from it. You may want your IP addresses to remain constant when you switch ISPs, but I'm not sure why. Using DNS (or mDNS) to identify machines is more sensible. You seem to be trying to solve a problem that doesn't exist.

      --
      I am TheRaven on Soylent News
    28. Re:How long will IPv6 last? by Antity-H · · Score: 2

      For just one second and because this is /. I thought you were proposing IP over Anonymous Coward , and started wondering how it would work ...

    29. Re:How long will IPv6 last? by TheRaven64 · · Score: 2

      Nonsense. An IPv6 firewall could be configured to, out of the box, allow all outbound and block all inbound connections. This would be exactly the same, in the default case, as NAT, only slightly more secure (some rebinding attacks that work on NAT would not work). You'd need to explicitly open ports, but you need to do that with NAT anyway and there are already simple interfaces in all consumer routers for doing it (and it would be easier with a simple firewall, because you'd just be opening ports, not forwarding them). NAT gives you nothing of value.

      --
      I am TheRaven on Soylent News
  4. I'm okay with this by Byzantine · · Score: 4, Insightful

    As long as they're applying this across the board and not playing favorites (at least not without a damn good in-writing reason), I'm okay with this. I fact, I don't really see IPv6 being adopted soonish absent measures like this.

  5. What's the big deal? by DeathSquid · · Score: 2

    Anyone with IPv4 addresses can use 6to4 right now to provide IPv6 connectivity. Software support for IPv6 is common, e.g. apache, postfix, etc. Operating system support is widespread, e.g. linux, *bsd, etc.

    There are no real barriers to having IPv6 public facing services for vendors except rank incompetence.

    1. Re:What's the big deal? by DeathSquid · · Score: 2

      You missed the bit where anyone with v4 connectivity can use 6to4 right now. No need for massive router upgrades or ISP cooperation, etc. Just turn it on. If you plan for a 10 minute upgrade, you'll have time to make a coffee as well. Assuming basic sysadmin competence.

      I'm mystified as to why you think switches (which are layer 2) would need upgrading to support IPv6,

      Of course, in the longer run, native v6 support from your ISP is highly desirable for optimal routing. But end users don't need to wait for this.

    2. Re:What's the big deal? by Nethead · · Score: 2

      You're right, for a switch it wouldn't matter.

      Management stack.

      Also, most "switches" these days also do layer three. Hell, the Juniper EX-4200 does BGP and it's sold as an enterprise top-of-rack switch.

      --
      -- I have a private email server in my basement.
    3. Re:What's the big deal? by segedunum · · Score: 2

      You missed the bit where anyone with v4 connectivity can use 6to4 right now. No need for massive router upgrades or ISP cooperation, etc. Just turn it on. If you plan for a 10 minute upgrade, you'll have time to make a coffee as well. Assuming basic sysadmin competence.

      You know, I despair at people who say utterly brainless shit like this because they obviously have not a clue about how large some organisations are and how long it's taken to get their existing network infrastructure sorted and working. You cannot do this in ten fucking minutes.

      I'm mystified as to why you think switches (which are layer 2) would need upgrading to support IPv6,

      A lot of switching equipment can be protocol aware.

    4. Re:What's the big deal? by beanpoppa · · Score: 2

      Not to mention, even my lowly access switches have multicast snooping functionality, which would require IP6 capability to continue function. And non-access distribution and core switches tend to be layer 3 'switches'.

  6. Re:IPv6 is a Failure by PsykoDemun · · Score: 2

    Following your argument: I live in Northern Virginia. They are constantly doing road construction here. Why? Why didn't they just plan out for today's traffic needs thirty years ago? That is the argument you are using. A technology that was designed in the 70's was supposed to miraculously anticipate the explosion of the internet and net enabled/connected devices that we are seeing today. That is a logical fallacy. That's like saying the roads that they built in the early 1900s should have been ready to rock when automobiles hit the big times in the late 40's to early 50's. Humans have consistently failed to accurately predict even thirty years in the future since the industrial revolution. It will only get worse as progress continues to accelerate.

  7. Re:IPv6 is a Failure by Xugumad · · Score: 4, Insightful

    IPv6 has been around since 1998 ( http://tools.ietf.org/html/rfc2460 ). That's Windows '98/NT territory. If Windows Server can't handle it, it's not because it hasn't had long enough to be tested in that configuration.

    To address your ideas in turn:

    1. Auditing by who? The first crisis with IPv4 allocation is the inability to allocate new chunks. Organisations with enough IPv4 addresses already aren't going to be bothered by this for a long time.

    2. So... you're avoiding the cost of configuring networks to be dual protocol, by re-configuring servers... why is that necessarily cheaper?

    3. Reclaiming IP addresses is akin to solving a lack of phone numbers for the NY area by claiming back some from a less populated state. It would rapidly lead to routing tables that are infeasibly complicated.

    4. Again, you're suggesting an alternative way of investing time to solve a problem instead of solving it properly, and I'm not sure why this is inherently faster.

    5. Possibly some variation on the SRV records, but... again, why is replacing every OS world-wide (absolutely nothing supports that, so everything will need upgrading) cheaper than enabling IPv6 on systems that are already out there?

    Sticking with IPv4 means constructing an ever more elaborate set of workarounds on top of each other. For a while it will work, but I can't see the result remaining workable, or being cheaper in the long term.

  8. Re:I'll move to IPv6 by blueg3 · · Score: 2

    ...but I don't have the time to fiddle with flashing a router right now

    Ten minutes of your time is that expensive?

  9. Too little, too late... by bertok · · Score: 4, Insightful

    There might be some pressure in the States to push IPv6 adoption, but there's none here in Australia.

    Every consulting project I've been on in the last two years, I've asked this standard question: "Do you have a business requirement or mandate to deploy IPv6 now or in the future?"

    Inevitably, the answer is "No."

    Here in Australia, at both private enterprise and government, nobody has even begun to think about IPv6 at any level. Nobody requires IPv6 capability when purchasing software or equipment, and even when the capability is available, nobody turns it on. The more "IPv6 aware" clients turn it off to avoid compatibility issues. Even when I offer to implement IPv6 for some new system ("no extra cost, I'll just turn it on"), nobody wants it.

    Pure IPv6 networking will be particularly hard to implement. I've tried experimental setups with products from various vendors. The usual result is that with IPv6 only most things work, but some things break. Stop and think about this for a moment: imagine if that sentence was: "the usual result is that with IPv4 addresses most things work, but some things break." That would be totally unacceptable for any enterprise software, yet it's "perfectly acceptable" for every major vendor to ship software where that's the situation with IPv6, because... nobody cares. The failures are often quite pathetic too, like dialog boxes that require an IPv4 address to be entered, even if it's never used or needed, or only accept IPv4 address for things like DNS servers. Clearly vendors have never tested their products in pure IPv6 environments, or did test them and decided it's too much effort to fix for something nobody cares about.

    Let me whip out my crystal ball and predict that when IPv4 addresses run out and organisations scramble to implement IPv6, it's going to be a rush job, and we'll start hearing horror stories of incompetent admins that inadvertently bypass or break firewall rules by enabling IPv6 and cause major issues. These reports in turn are going to scare off management, who'll assume "IPv6 is bad", because they "read about some horror story of how Incompetent-r-Us Pty Ltd was hacked when they turned IPv6 on, hence, IPv6 must be insecure". Combined with stories of broken software and issues like IPv6-connected browsers waiting 30-60 seconds for IPv6 requests to time out, I'm certain that nobody is going to start using it until absolutely forced to.

    It's a bad, bad sign that all the major websites like Google and Facebook have "ipv6.normalurl.com". That's because practical IPv6 implementations are often broken, and if enabled it on the main website, it breaks it for a huge fraction of users. If Google and their like can't implement IPv6 transparently without issues, and are forced to create "experimental" websites, then what hope does the typical admin have?

    1. Re:Too little, too late... by Anonymous Coward · · Score: 2, Insightful

      Maybe Australia has that problem, but I know for certain that Verizon is switching their cell network to IPv6 to deal with the number of smartphones on the network. They're a client and have insisted that we have everything ready for IPv6 to connect with them by early next year. They'll do 6to4 on the edges and IPv6 internally. It's that or stop selling smartphones, since they're already NATing and have found that that solution doesn't scale well enough to handle the volume they need.

    2. Re:Too little, too late... by bkk_diesel · · Score: 3, Interesting

      The more "IPv6 aware" clients turn it off to avoid compatibility issues.

      Interestingly, a google search for "how to turn on ipv6" has the first three results instructing me how to turn OFF IPv6, which seems to bolster your argument.

    3. Re:Too little, too late... by bertok · · Score: 3, Informative

      check your facts: http://www.google.com/ipv6 it is native on Google...

      Did you read all the way to the end? Where it says: "If your network meets these requirements and you'd like to receive Google over IPv6, please see our FAQ for how to request access."

      In other words, it would be broken if enabled, and it's not enabled for everyone, unless access is explicitly requested by an ISP network administrator. I even tested this, take a look:


      nslookup
      > set type=AAAA
      > www.google.com
      Server: ####.#####.###
      Address: 151.178.210.155

      Non-authoritative answer:
      Name: www.google.com

      > ipv6.google.com
      Server: ####.#####.###
      Address: 151.178.210.155

      Non-authoritative answer:
      Name: ipv6.l.google.com
      Address: 2404:6800:8004::68
      Aliases: ipv6.google.com

      In other words, the organisation that is likely the world's most competent "Internet host" in terms of pure technical skill had to develop a procedure to enable ISPs to dip their toe in the water and enable IPv6 access only if they're very very certain it won't break anything.

      If that's the state of IPv6 adoption in 2010, mere months from IPv4 address space exhaustion, we're in big trouble.

      And there is a quite active IPv6 forum in Australia, and AARNET is IPv6 for a long time...

      Talk is cheap. There's no action, particularly in management.

      Imagine if in late 1999, there would have been "active forums" for some techos to talking about "testing" the possibility of rolling out 4-digit dates just as soon as management approves it. Not too quickly though, because it might "break things". Meanwhile, the world's biggest banks have "experimental" 4-digit date support, if you open a new "test" account.

    4. Re:Too little, too late... by DeathSquid · · Score: 2

      NAT is stateful, 6to4 is stateless. Nat multiplexes using port numbers, 6to4 tunnels but doesn't multiplex. Nat munges headers, 6to4 doesn't. Nat undermines global addressability, 6to4 adheres to this principle.

      Yeah, they are practically identical.

    5. Re:Too little, too late... by smash · · Score: 2

      Not sure where you've been looking but Telstra have a public "Transition to IPV6" document available after a simple google search. The Aussie government has a time frame of 2008-2009 for preparation, 2010-2011 for transition and 2013-2015 for "implementation" whatever that means.

      Plans are most certainly afoot, I'm currently awaiting a response from my account rep, but he's just left for the christmas break.

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
    6. Re:Too little, too late... by DeathSquid · · Score: 2

      I run 6to4 in my infrastructure so I speak from direct experience. You are correct in that it provides IPv6 connectivity over v4 transport. Furthermore it does nothing to fix v4 exhaustion. However I believe you are mistaken on two points:

      1. You can have millions of v6 hosts sharing a single v4 endpoint. There is no one to one correspondence as you suggest.

      2. None of these hosts (or the v4 endpoint) need run NAT of any description).

      What 6to4 provides is an easy way for anyone with at least one v4 address to deploy entire v6 networks. No need for NATs or tunnel brokers or any cooperation from your ISP.

      In the long run 6to4 will go away. When most ISPs support native v6 it will have served it's purpose. Right now, it is a key element to solving the chicken and egg problem of bootstrapping v6 in the real world.

      6to4 is not "carrier grade NAT". It is a doorway into the v6 world where NAT of any sort is simply not required.

  10. Re:I'll move to IPv6 by Drakino · · Score: 4, Informative

    Newegg doesn't sell them, but the Apple Airport Express (and any 802.11n based Apple router) supports IPv6. $99 and up. Buffalo had one out in 2007, before their WiFi lawsuit, and has a few more out now. DLink does too.

    http://www.sixxs.net/wiki/Routers has a good list.

    It will be interesting to see what router manufacturers decide to be nice and offer IPv6 formware upgrades, and which ones push people towards new equipment.

  11. Re:Adding IPv6 is not difficult by Abcd1234 · · Score: 2

    Hurricane is far better than SiXXs, IMHO. They seem to have better peering arrangements (the additional latency for me over v6 is negligable), and you don't have to go justify to HE why you want a tunnel. You ask for one, you get it. Plus, then you don't have to deal with SiXXs killing your tunnel without warning.