Slashdot Mirror
Military Pressuring Vendors On IPv6
netbuzz writes "US military officials are threatening IT suppliers with the loss of military business if they don't use their own wares to start deploying IPv6 on their corporate networks and public-facing Web services immediately. 'We are pressing our vendors in any way we can,' says Ron Broersma, DREN Chief Engineer and a Network Security Manager for the Navy's Space and Naval Warfare Systems Command. 'We are competing one off against another. If they want to sell to us, we're asking them: Are you using IPv6 features in your own products on your corporate networks? Is your public Web site IPv6 enabled? We've been doing this to all of the vendors.'"
Say you love IPV6, damn you! Say it!
I'll be pretty suspicious if Steve jobs tried to pitch me a mac while he is running fedora on his personal laptop. Point taken, good job I suppose.
2^128 unique address. I don't think we'll be exhausting them any time soon. That's like each person on earth have access to roughly 10^38 unique address.
As long as they're applying this across the board and not playing favorites (at least not without a damn good in-writing reason), I'm okay with this. I fact, I don't really see IPv6 being adopted soonish absent measures like this.
We're down to the last 5 IPv4 /8 netblocks. A little late for that.
-- I have a private email server in my basement.
(Deep breath)
When we have colonised the entire observable Universe (at a (hugely over)estimated one habitable planet per star), our descendants* will be able to own about three-quarters of a million cellphones each.**
If you mean we should skip a step while we're at it, we are: we're going straight from 32-bit to 128-bit, rather than 64-bit.
* In before "this is Slashdot".
** 715,925 cellphones should be enough for anyone!
# cat
Damn, my RAM is full of llamas.
IPv6 has been around since 1998 ( http://tools.ietf.org/html/rfc2460 ). That's Windows '98/NT territory. If Windows Server can't handle it, it's not because it hasn't had long enough to be tested in that configuration.
To address your ideas in turn:
1. Auditing by who? The first crisis with IPv4 allocation is the inability to allocate new chunks. Organisations with enough IPv4 addresses already aren't going to be bothered by this for a long time.
2. So... you're avoiding the cost of configuring networks to be dual protocol, by re-configuring servers... why is that necessarily cheaper?
3. Reclaiming IP addresses is akin to solving a lack of phone numbers for the NY area by claiming back some from a less populated state. It would rapidly lead to routing tables that are infeasibly complicated.
4. Again, you're suggesting an alternative way of investing time to solve a problem instead of solving it properly, and I'm not sure why this is inherently faster.
5. Possibly some variation on the SRV records, but... again, why is replacing every OS world-wide (absolutely nothing supports that, so everything will need upgrading) cheaper than enabling IPv6 on systems that are already out there?
Sticking with IPv4 means constructing an ever more elaborate set of workarounds on top of each other. For a while it will work, but I can't see the result remaining workable, or being cheaper in the long term.
There might be some pressure in the States to push IPv6 adoption, but there's none here in Australia.
Every consulting project I've been on in the last two years, I've asked this standard question: "Do you have a business requirement or mandate to deploy IPv6 now or in the future?"
Inevitably, the answer is "No."
Here in Australia, at both private enterprise and government, nobody has even begun to think about IPv6 at any level. Nobody requires IPv6 capability when purchasing software or equipment, and even when the capability is available, nobody turns it on. The more "IPv6 aware" clients turn it off to avoid compatibility issues. Even when I offer to implement IPv6 for some new system ("no extra cost, I'll just turn it on"), nobody wants it.
Pure IPv6 networking will be particularly hard to implement. I've tried experimental setups with products from various vendors. The usual result is that with IPv6 only most things work, but some things break. Stop and think about this for a moment: imagine if that sentence was: "the usual result is that with IPv4 addresses most things work, but some things break." That would be totally unacceptable for any enterprise software, yet it's "perfectly acceptable" for every major vendor to ship software where that's the situation with IPv6, because... nobody cares. The failures are often quite pathetic too, like dialog boxes that require an IPv4 address to be entered, even if it's never used or needed, or only accept IPv4 address for things like DNS servers. Clearly vendors have never tested their products in pure IPv6 environments, or did test them and decided it's too much effort to fix for something nobody cares about.
Let me whip out my crystal ball and predict that when IPv4 addresses run out and organisations scramble to implement IPv6, it's going to be a rush job, and we'll start hearing horror stories of incompetent admins that inadvertently bypass or break firewall rules by enabling IPv6 and cause major issues. These reports in turn are going to scare off management, who'll assume "IPv6 is bad", because they "read about some horror story of how Incompetent-r-Us Pty Ltd was hacked when they turned IPv6 on, hence, IPv6 must be insecure". Combined with stories of broken software and issues like IPv6-connected browsers waiting 30-60 seconds for IPv6 requests to time out, I'm certain that nobody is going to start using it until absolutely forced to.
It's a bad, bad sign that all the major websites like Google and Facebook have "ipv6.normalurl.com". That's because practical IPv6 implementations are often broken, and if enabled it on the main website, it breaks it for a huge fraction of users. If Google and their like can't implement IPv6 transparently without issues, and are forced to create "experimental" websites, then what hope does the typical admin have?
Newegg doesn't sell them, but the Apple Airport Express (and any 802.11n based Apple router) supports IPv6. $99 and up. Buffalo had one out in 2007, before their WiFi lawsuit, and has a few more out now. DLink does too.
http://www.sixxs.net/wiki/Routers has a good list.
It will be interesting to see what router manufacturers decide to be nice and offer IPv6 formware upgrades, and which ones push people towards new equipment.
You should refrain from lumping the rest of the world in to your little delusions, the rest of the internet that actually works in networking, do not in fact, share your paranoid view of "OMG PEOPLE SEE MY IPS! THEY CAN HACK ME!" and are actually quite comfortable in the significant distinction between stateful fire-walling and IP masquerading / Network Address Translation.
You may have actually had a smidgen of an argument if you had brought up PI space as opposed to using assigned space in your uninformed rant due to portability issues when switching carriers or multihoming, but unfortunately, you avoided even the one tiny hope of an argument you could have made in your favor.
As to your DNS vs IP comment, (although this applies to your previous ranting as well) To quote a favorite movie of many:
What you just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone in this room is now dumber for having listened to it. I award you no points, and may God have mercy on your soul.
Thank you for warning the rest of the internet of your ignorance, I have as such, marked you as -1 in my list, and appreciate the gracious warning so that I may avoid your drivel in the future. Have a nice day =)
a handful of selfish greedy people are no match for millions of selfish, greedy people -u4ya
There is a difference here. IPv6 would be the equivalent of IBM saying something more like:
640 exabytes ought to be enough for anyone.
(note by exabyte I mean 1000 terabytes, not Exabyte the brand name of many 8mm digital video tape drives).
340*10^36 (the IPv6 address space) is more than 10^26 times the current demand for addresses.
Compare to 640k which was roughly 10^1 times the standard memory size for machines of the day.
In fact, today, I doubt you can identify many (any?) machines with more than a terabyte of RAM.
In fact, it's rare to find more than 128GB of RAM capacity in most machines. (64GB is roughly
100,000 times the original 640KB number, so 128GB would be 2*10^5 times 640KB).
To put the comparison in some perspectives you might be able to wrap your head around...
If you were to allocate an almond M&M for every 256 IPv4 addresses, the resulting amount /24 prefix)
of almond M&Ms laid out in a 1-M&M thick layer would cover only 70 yards of an american
regulation football field (NFL, not FIFA). (16.7 million M&Ms, 1 for each IPv4
Contrast that with the number of IPv6 /64 prefixes (a bit more than 18 quintillion) which
would provide enough M&Ms to fill all of the great lakes.
Where each /24 can accommodate a single router and up to 253 other hosts, each /64 can accommodate more hosts than you could ever physically put on any
IPv6
conceivable scale of network gear (18 quintillion+ hosts).
There will not be a likely shortage of IPv6 addresses in any of our lifetimes.
I'll try...
I have no idea of any meaningful measurement of Library of Congress for comparison, sorry.
It takes 39 digits to define the number of addresses in IPv6. Only 10 digits to define the number of addresses in IPv4.
If you treat each address as a unit of mass and consider IPv4 to have mass equivalent of 7 liters of water, then, IPv6 would have mass equivalent roughly to Earth. (The whole earth, including all the oceans, lakes, land masses, people, buildings, etc.)
In IPv4, there are more than 1.5 people alive today for every address.
In IPv6, there are 50,041,524,547,196,832,862,260,971,681 addresses for each person alive today.
Or, perhaps consider the following:
The US public debt is 13,848,000.000,000. If IP addresses were pennies, we would need 3,462 IPv4 internets to pay it off. The IPv6 address space, converted to pennies, OTOH, would pay the public debt more than 24,572,672,365,752,344,270,896,491 times. /64 network worth of pennies, please ;-)
(If anyone wants to send me even a single IPv6
email me for contact information.)
Hope that helps.
You try to design a router ASIC with variable length addresses!
You and I might struggle, but Tony Li didn't seem to have a problem with it. Really. Go and look at Google Groups for info.big-internet around 1993-1994 and see Tony provide pseudo-code that demonstrated that variable length was not a problem for ASICs, nor was it any slower.
Yes, it is obvious that fixed length must be better than variable length. Yes, that is incorrect. What everyone 'knows' may be far from the truth.
Now, continue surfing using the more efficient, cheaper ATM (fixed size cells) NIC rather than that inefficient , expensive Ethernet (variable size frames) NIC.
Protoplasm. Quiet Protoplasm. I like quiet protoplasm.