Slashdot Mirror


If You Think You Can Ignore IPv6, Think Again

wiredmikey writes "Now that the last IPv4 address blocks have been allocated, it's expected to take several months for regional registries to consume all of their remaining regional IPv4 address pool. The IPv6 Forum, a group with the mission to educate and promote the new protocol, says that enabling IPv6 in all ICT environments is not the endgame, but is now a critical requirement for continuity in all Internet business and services. Experts believe that the move to IPv6 should be a board-level risk management concern, equivalent to the Y2K problem or Sarbanes-Oxley compliance. During the late 1990s, technology companies worldwide scoured their source code for places where critical algorithms assumed a two-digit date. This seemingly trivial software development issue was of global concern, so many companies made Y2K compliance a strategic initiative. The transition to IPv6 is of similar importance. If you think you can ignore IPv6, think again."

12 of 551 comments (clear)

  1. ISP by 0racle · · Score: 5, Insightful

    Until my home ISP or the ISP for the company I work for offers IPv6, I think it's going to be very easy to ignore IPv6.

    --
    "I use a Mac because I'm just better than you are."
    1. Re:ISP by The1stImmortal · · Score: 5, Insightful

      He's right - NAT has useful functionality beyond just the "security" aspects.

      The IPv6 internet model still only allows provider-independent addressing if you're a member of your regional NIC (with all the associated bits and pieces, like ASNs etc)

      NAT is the only sane way to give your network provider independence under this system. If you're forced to renumber your network when changing ISPs, it's a real pain in the neck. Also - what if you want to do redundant internet connections? With IPv4 NAT you just set up the NATing firewall to have two connections with the same priority, enable stateful tracking, and away you go. That's flat out impossible with directly addressed IPv6 - every device would need two IP's (one for each provider subnet), and you'd need to manually configure each device to spit out some traffic with one source IP and other traffic with another source IP.

      Additionally, NAT lets you do some useful stuff, like providing multiple services on multiple back-end machines via a single IP (which would of course correspond to a DNS record). For example, providing a "mail.example.com" address which provides POP3, IMAP, Webmail and SMTP submission service - POP3 and IMAP going to the mailstore machine, Webmail to a webserver and SMTP to an MX machine, without needing to configure slow port proxy services which lose valuable information (such as the source IP for connections)

      As for IPv6 autoconfiguration, autoconfiguration doesn't deal with:

      - Changing application settings dependent on IPv6 addresses
      - Updating DNS records
      - multiple internet providers/multiple subnets
      - port remapping

      making it an incomplete solution in itself.

  2. boring ipv6 articles by godrik · · Score: 4, Insightful

    Do we really need to have 3 ipv6 article a week on slashdot. I believe every single slashdotter knows and understands what the problem is about. So I suggest the editors to skip all the articles about "how my god we need to move to ipv6 FAST",

    1. Re:boring ipv6 articles by Red+Flayer · · Score: 4, Insightful

      Yes. These submissions link to articles that we can cite when attempting to convince our PHBs or CxOs that yes, we do indeed need to budget for the ipv6 migration, and no, we can't wait a couple years to get the ball rolling.

      Just wait until "ipv6 conversion specialists" are charging you $450 an hour to make sure your business is not floundering because you ignored the problem until it was an emergency.

      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
    2. Re:boring ipv6 articles by couchslug · · Score: 4, Insightful

      "Just wait until "ipv6 conversion specialists" are charging you $450 an hour to make sure your business is not floundering because you ignored the problem until it was an emergency."

      That doesn't argue for warning PHBs. It argues for becoming a Conversion Specialist!

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  3. but ignoring is working so well... by green1 · · Score: 5, Insightful

    I finally found the group responsible for IPv6 at my company, and asked about our readiness. now keep in mind, we don't need to wait for an upstream provider as we are the upstream provider, with many peering agreements in place.

    The answer I got back basically amounted to two things:

    1) nobody else is ready, so we don't need to be either.

    2) it's not legally mandated, so it's not important.

    I'm so glad we pride ourselves on our ability to innovate...

  4. Re:IPv6 Mess by SmilingBoy · · Score: 5, Insightful

    Not so fast:

    http://cr.yp.to/djbdns/ipv6mess.html

    I don't agree at all with this article. The author claims that IPv6 should have been designed as an extension to IPv4 so that IPv4 and IPv6 hosts can communicate with each other directly. This is fundamentally impossible. The IPv4 host can only send packets to IP addresses with 32 bit. Any longer number is not understood by the IPv4 host. In order to make this work, the IP stack of every IPv4 host would need to be updated. Guess what has to be done to have IPv4 and IPv6 dual stack? The IP stack of every IPv4 host needs to be updated!

  5. Stop already, it's getting old. by bill_mcgonigle · · Score: 5, Insightful

    Yes we know.

    Major ISP's are just now getting the ball rolling. Client software is still being perfected. The bridges for early adopters are known to be flakey. Talk to the people working on that stuff (oh, wait, you don't need to, they're already underway).

    Most readers here will move along when the infrastructure is ready. We know the address space is effectively out but there's little reason to do much at this point, and anybody trying to push people to adopt IPv6 before the tools are robust is kidding themselves.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  6. Welcome to the real world by gmuslera · · Score: 4, Insightful

    ... the one where by far most of the people, even if you go just to the IT ones, ignores even what is IPv6. How many isps or carriers now are giving ipv6 as an option? Probably the most common policy now is "lets wait till everyone else already took the first step before moving a finger" (later it will be "let all scream and run in circles")

  7. Re:NAT will never go away by grcumb · · Score: 5, Insightful

    The idea that NAT will go away just because a network is IPv6 is a pipe dream. No sane security admin would ever allow that. The idea that the firewall is the only thing between you and the outside world is, and should be, a non starter.

    IT security is all about multiple layers, and one of them is the fact that you have a DMZ between you and the internet, and that the internet can't route outside of it. That is not going anywhere.

    Look, I don't want to be disrespectful to you as a person, but your understanding of network security is... limited. What the fuck does having a DMZ have to do with NAT? It's true that NAT is how the most common way to configure a segregated v4 network, but if you think that NAT is the only (or even the best) way to handle this, you're sorely mistaken.

    This may strike you as heresy, but you can construct your network with public-facing addresses, a DMZ and a network of addresses inaccessible from the outside world (except under prescribed circumstances)... all using public IPv6 addresses. The secret is... wait for it... don't fucking route to them, except when you decide it's okay.

    The simplest way to do this would be simply to refuse connections originating from outside your network for a designated subnet. Hey presto! All the benefits of NAT without the insanity of NAT!

    My employer, a university with campuses in 12 countries, does this already with a public IPv4 block. Last I checked, it was working just fine, thank you very much.

    P.S. Yes, we're IPv6-ready.

    --
    Crumb's Corollary: Never bring a knife to a bun fight.
  8. The big mistake was not making mobiles IPv6 by Animats · · Score: 4, Insightful

    The big mistake was not making mobile IP devices IPv6 from the beginning. Even if they had to go through a NAT at the telco. Most of the growth is in mobile devices.

    Fortunately, most mobile devices respond to updates pushed from the carrier. So mobile carriers need to be encouraged to implement that transition. Carriers are in a good position for this, since they control both ends of the air link. Some of this must be happening already.

  9. You can't "flip the switch" for decades by George_Ou · · Score: 4, Insightful

    Even if you switch to a pubic IPv6 address, all your internal stuff will still be IPv4. My home print server and IP telephony adapter are all IPv4. The problem with IPv6 is that you can't entirely switch to it and just shut down IPv4. You have to run dualstack for the foreseeable future. That's why every IT consultant and IT manager and CIO I've spoken to says they don't give a crap about IPv6 because every adopter of IPv6 will have to be backward compatible with IPv4 so why bother running dual stack. Even after all the addresses are assigned, not a single IPv4 device or network will stop working.

    The choice is between IPv4 single-stack or IPv4/IPv6 dual-stack. Given those as the only choices, people are choosing the former instead of the latter. There is no possibility of running IPv6 single-stack. IPv6 will essentially become the new "private IP addresses" that have to translate to "public" IPv4 addresses used by 99% of the IP devices in the world. The only difference is that IPv6 devices will be able to talk to each other without a NAT across organizations.