Google Deploys IPv6 For Internal Network

itwbennett writes "Google is four years into a project to roll out IPv6 to its entire internal employee network. At the Usenix Large Installation System Administration (LISA) conference in Boston last week, Google network engineer Irena Nikolova shared some lessons others can learn from Google's experience. For example: It requires a lot of work with vendors to get them to fix buggy and still-unfinished code. 'We should not expect something to work just because it is declared supported,' the paper accompanying the presentation concluded."

IPv6

Something no one would need if proper assignment of IP ranges had been done.

Re:IPv6

assignment of smaller blocks may have extended the life of IPv4 addresses however, there are physically not enough addresses for the devices we currently have. While, there may be enough at the moment, there wont be soon.

What is IPv4; 4.3 billion addresses. There are over 6 billion people on earth and many people in the western world have numerous devices. My household of 2 has 8 devices that are nearly always online. (Computers, Phones, Top-set Boxes, printers, etc....) This number does not take into account either one of our work sites which probably add another 1-2 addresses to that number.

And no, NAT is not a solution.

Re:IPv6

[AliasMarlowe]

Something no one would need if proper assignment of IP ranges had been done.

No point asking what you mean, since you evidently speak from ignorance. Even with optimal assignment of IPv4 addresses, it would only delay the inevitable shortfall. Sooner or later, the number of addressable end-points on the internet would exceed 4 billion. NAT is an unfortunate workaround to delay the effects of the shortfall; it should be a freely-chosen option, not an enforced requirement.

Re:IPv6

[Mr.+Underbridge]

Right, if decades ago the inventors of the internet had realized that it would scale from 10s of users to billions. I'd say the address space length that they used still makes it outrageously overengineered for the time, and we're lucky they had the vision that they did. To criticize them is preposterous.

Re:IPv6

[Arrepiadd]

Yes, because with a total of 4 billion IPv4 addresses and the fact that an ever increasing number of people are having more and more devices connected to the internet this is not something that would eventually be bound to happen.
You must be from a first world country, to be able to waste your time in Slashdot. How many IP addresses are you responsible for yourself? Phones? Tablets? Routers? E-book readers? Multiply that by everyone else in a first world country and that's a ton of IP addresses, and we are not even counting companies, the public sector or any non-first world country in the planet...
How many Chinese and Indians have a phone which needs an IP address? Is the number gonna get smaller anytime soon?

Screw IPv6, let's all use NAT... it's such a wonderful thing!

Re:IPv6

[SuricouRaven]

2^32 - 2^24 - 2^16 - 2^20 - 2^16 - 2^28 = 4008574976. That's if you put them all on one giant flat network from hell, and so didn't use any for network or broadcast addresses. Yes, 2^16 in there twice - don't forget APIPA. The 2^28 is reserved for multicast.

Re:IPv6

[vlm]

I'd say the address space length that they used still makes it outrageously overengineered for the time, and we're lucky they had the vision that they did.

Not really. Don't forget there is a HUGE difference between the old classfull and VLSM/CIDR/classless numbering. That gain is the whole point of spending all that effort implementing netmasks. There really were not that many possible classfull lans compared to the number of minicomputer owning businesses in the world, etc.

For the post-92ish noobs, a really simple one line explanation is the netmask used to be stored inside the address itself, so for example if the first octet was 0 to 127, that meant that LAN had to be a (presumably giant bridged) /8, first octet 128-191 meant the netmask had to be a /16, not defaulted or was a pretty good guess, but operationally "had to be".

The early years of VLSM were pretty entertaining, old timers lecturing us how a LAN addressing scheme like 1.2.3.0/24 was "impossible" and so forth.

Without VLSM we would have to have done the ipv6 conversion years before the dotcom boom, rather than a decade or so after. Not entirely sure if we'd all be better off now, or not.

Re:IPv6

NAT has improved protocol design a lot though. Before NAT, there were things like FTP, with inband port signaling. Most modern protocols avoid mentioning port numbers in the payload and can run on any port, through multiple port forwardings if necessary. Notable exception and bad example: SIP. I expect more bad protocol design once people again assume that end-to-end IP addressing is universally available.

Re:IPv6

[Rising+Ape]

Why is that bad in the absense of NAT?

Re:IPv6

[kqs]

And for the post-1980s noobs, the original idea was that the first octet would be the network part and the last three would be the host part. Since 250 or so networks was 10 times what was expected. Classful addressing is a jonny-come-lately.

And yes, the fact that IP was expandable from 250 subnets to the present day shows that the initial engineering was phenomenal, but we're well past time for the next version of IP. If people spent a quarter of the time they spend complaining about IPv6 just implementing it, we'd be in a much better Internet.

          -Kevin

Re:IPv6

[Ihmhi]

Oh man, what I would have given to be there for that conversation.

"How many addresses do you figure we need?"

"Couple billion I guess."

"But what if we need more?"

"Dude, okay, let's just say one per person. 4 and a half billion or so. Now everyone on the world can have one."

"But what if, you know, there ends up being a few more people than that in the future?"

"Jesus Christ man, it's not like 3 billion extra people are gonna pop up out of nowhere in the next 30 years!"

Re:IPv6

Firewalls

Re:IPv6

[akanouras]

I have an SIP phone at home, that is connected to my company's PBX through the internet.
When I call a landline number, the PBX sets up a data path directly from the SIP provider to my phone, without it being relayed through the PBX.

How would you implement that without in-band address signaling?

Re:IPv6

SIgning comments on the web is a symptom of severe narcissism.

You ought to get that looked into, Kevin.

Re:IPv6

[DaMattster]

I thought there was an announcement that the IPv4 address space is now totally exhausted. Or at least there are no new blocks to be assigned. The tunnel broker, Hurricane Electric indicates that IPv4 is exahusted.

Re:IPv6

I would have made the protocol single-port and I would have made the reinvitation address a higher level address (SIP URI) instead of an automatically allocated port number at an automatically detected address. Skype has a business because setting up SIP is so complicated unless you run it on public IP addresses, and SIP is so complicated because of network addresses in the payload.

Re:IPv6

[Rising+Ape]

OK, but that's not very clear. I can see why a program that picked a completely random port might be awkward to get to work with a firewall. But restricting the range of ports that it can use, then permitting those, would work wouldn't it?

I'm not sure it's a good idea to restrict protocol flexibility in that way anyway. There's a fundamental issue with NAT or firewalls in that they need to know details of what the users behind them want and don't want to do. This may be true for a business with a central IT department who can configure the device as necessary, but it's not true in general. If my ISP runs a NAT to conserve IP space, am I supposed to contact them to forward whatever ports are necessary? I don't think that'll work well. I just hope IPv6 actually does get rolled out before that becomes necessary.

Re:IPv6

[FingerSoup]

I think the conversation would continue a little more like this...

"Yeah, well Not EVERYONE is going to be on the internet.... This is DARPA. Only the government is going to use it. Mostly Military. What do you think the D stands for?"

"True. Well, I don't think the politicians see the point of what we can do with this. I think they're going to cut our research funding soon."

"OK, lets get some schools and scientists on board for funding. I don't mind if we let a few schools use this thing... We can handle over a thousand people from there. It's not like the whole world will be on this thing. This is America!"

"Yeah, you're right. It's not like people are going to connect directly to the internet with their Apple II... Besides, you are going to need Mainframe or Minicomputer access. Where are they going to get access to one of those?"

"Good point. Nobody has enough money or room for their own mainframe or Mini. 4 Billion IP's sounds almost excessive..."

Re:IPv6

[hairyfeet]

That is because nobody will do squat about the squatters. Little known fact only 15% or so if the IP V4 addresses are actually being used by honest to God websites, the rest are either really old companies that got a shitload of numbers because they got there first and are now sitting on them, and of course the traditional squatters with an Adsense page hoping to make enough off of typos.

So if one were to do something about al the squatters we would have 85% free which we could in turn hand out and buy us some time to do the next IP version right, which means backwards compatibility along with offering free education and tax credits for those willing to go into networking to learn the new IP. Because as it is the flyover states are gonna severely fuck ALL of you friend, all of it goes right through those states sooner or later and the pay in right to work states suck so frankly nobody has bother to learn the new IP V6. When things go wrong which would have taken a couple of hours on IP V4 you'll be looking at days or even weeks simply because most of the old guard only know IP V4 and nobody is going into networking or IT anymore thanks to offshoring.

Any way you slice it thanks to no BC and no workers trained in the new protocol the switch is gonna be one giant clusterfuck. But hey this is what happens when you base a whole society on the race to the bottom and don't protect your workers from offshoring and H1-Bs, nobody wants a job where they don't know if they are gonna even have a job next week. I predict lots of breakage and middle America pretty much being a network dead zone where if anything breaks you are well and truly fucked. I personally haven't taken more than a glance at IP V6, I mean why should I? Nobody offers it here, pretty much every SMB and home router will have to be shitcanned and replaced with a router that may or may not work correctly unless you spend more money than its worth to buy an Airport, and in the end thanks to NAT it really doesn't offer my customers anything they don't already have, and of course no BC which means double the setup and double the hassles. No thanks.

Re:IPv6

[Lennie]

Remember the mini-computer didn't even exists then.

So a computer was a large machine which took up a room.

And it was just an experiment, the experiment never ended.

If you want to know more about what the original creators thought, you should look up talks by Vint Cerf:
http://www.youtube.com/results?search_query=vint+cerf+ipv4+ipv6+depletion

For example this video:
http://www.youtube.com/watch?v=LcXCieD5YKE

Re:IPv6

[justforgetme]

Nah, from what I have read the conv went something like this:

RC : "... well there's two in my office, one in yours, the Synchrocyclotron requires fifteen and the LEP guys requested four dozen."

TBL : "so, what do you say? 4 or 8 per network?"

RC : "No no no, they all are to have a common address pool, weren't you listening?"

TBL : "common address pool, listen to yourself and who is going to build that then?"

RC : "no, that is the idea. I was thinking of two bytes of address space in the packet header, that is 65k addresses"

TBL : "weeeell, this experiment isn't going to work anyway...."

RC : "..."

TBL : "..."

RC : "Hey, lets give them 4bytes and brag that the address space in infinite!"

Re:IPv6

[aztracker1]

I think you probably have that number backwards.. the vast majority of addresses are held/assigned to various ISPs and being used for peer devices, home internet, mobile devices etc. Most small-medium businesses are using 1-8 addresses. Most of the unused IPs are in the mid-large businesses that aren't using all they've been assigned, though segmenting an address block may, or may not be possible.

I would suggest that anyone with even a class B should probably be encouraged to break them up and return unused blocks. That will only help for so long. With 4 billion addresses (maybe 3.5 billion usable) and 6 billion people and counting, more and more with multiple devices, it wil only go so far. I really think that mobile companies should be among the first on IPv6 with IPv4 access via NAT & proxy. Just my $.02

Re:IPv6

[locokamil]

Nice random hit on H1B's there. Blame ignorance and lack of initiative on the foreigners -- that always works out!

Re:IPv6

[allo]

you see, the good thing is not the NAT, but the firewall dropping packets from outside, again. As always, the people say the security comes from NAT, and really mean the requirement of having a firewall which drops packets coming in, because there is no mapping to which internal ip they should be routed.

Re:IPv6

[Chrisq]

Something no one would need if proper assignment of IP ranges had been done.

No point asking what you mean, since you evidently speak from ignorance. Even with optimal assignment of IPv4 addresses, it would only delay the inevitable shortfall. Sooner or later, the number of addressable end-points on the internet would exceed 4 billion. NAT is an unfortunate workaround to delay the effects of the shortfall; it should be a freely-chosen option, not an enforced requirement.

I'm tempted to say pot - kettle - black here as far as speaking from ignorance goes. NAT allows devices behind the wall to be addressed by port, sharing a single IP address. At an extreme you could have 65535 addressable devices behind a NAT firewall, exposed to the public internet as one IP address. There are many reasons that this is not a good idea - primarily it would involve NAT at ISP level, leading to "double NAT" issues to people with home routers, but the number of IP addresses available is not an issue.

Re:IPv6

[tyler_larson]

Decades ago, the engineers did in fact consider 128 bit addresses, but in the end they went with 32 specifically because v4 was not considered a "production" version. There's a link on the wikipedia page for ipv6 to a video with vint cerf explaining exactly that.

Re:IPv6

Have your SIP phone initiate the data connection.

That's probably what's happening already. If not, it would not work with almost all home routers.

Re:IPv6

You can certainly deal with it, but it's a complication. Every protocol you use requires administration of the firewall. Every administration of the firewall introduces a possibility of introducing human error into things and accidentally leaving a hole in your firewall you didn't intend. Plus it's more work :P

Re:IPv6

you see, that wasn't the point. What has happened is that NAT killed the idea that the end point of the connection has the same IP address that an external node would address packets to to reach that end point. That lack of end to end connectivity has made protocol designers create better protocols with less inband signaling. Firewalls alone would not have had that effect.

Re:IPv6

[iserlohn]

What happens when both end-points are behind a hide-NAT? ... ...
Many-to-one NAT by nature breaks the bi-directional model of TCP and UDP communications. You can workaround it by using dynamic port mappings ala uPNP, but it's a ugly hack really.

Re:IPv6

[RoLi]

And no, NAT is not a solution.

Well, since IPv6 just will not happen, it's the best (which is not hard, because it's the only one) solution we have.

Re:IPv6

[jimicus]

I really think that mobile companies should be among the first on IPv6 with IPv4 access via NAT & proxy.

AFAICT the majority of mobile companies - at least in the UK - already are. Plug a USB dongle into your laptop or check the IP address on your phone, there's a good chance it's in RFC1918 address space and they're NAT'ing you.

Re:IPv6

It's about routability, stupid should be the quote used for IPv4 vs. IPv6. Who cares if you have unused IPv4 if you can't route them? The entire point of IPv6 is to fix routing problems on the internet. Finally, most of the address space (eg. /32) will almost exclusively be dedicated to routing and not assignments. In IPv4, the routing bit was "suppose to be" /8-/16, but that didn't work out very well. Internet routing is basically broken for the last decade+, but according to "everyone" it is A-OK!

Re:IPv6

And dikes don't keep out the ocean forever. But Amsterdam has been doing quite well with it for centuries.

Re:IPv6

No inband addressing would certainly make the IPv4 to IPv6 transition easier.

Re:IPv6

Of course sometimes its still necessary, avoiding that just isn't as flexible.

SIP/H323 are a good example as the media has to be sent in a separate RTP connection. If it's not immediately obvious why that's the case RTP has to be sent as UDP to avoid latency/loss making a call unusable which TCP would. SIP can use TCP and H323 always does, so you can't send the media in the same connection.

Plus a lot of telecom environments don't have the same server handling the media as the signalling. One such use case is sometimes you get the phones to bypass the server and talk directly. That means less latency and less bandwidth used at the server, but it is only possible where end-to-end connectivity between the phones is is possible and NAT almost always breaks that.

Re:IPv6

[justforgetme]

that article is drawing to conclusions way to fast.

Re:IPv6

I think you made a mistake in your link.
I'm sure you meant to link to an announcement from the IETF and ISOC that they're calling off the whole thing, or at least a post from Google saying that they won't go through with that whole IPv6 thing at all, but it appears you accidentally linked to yet another blog claiming that IPv6 will never take off because it actually requires work on the part of the implementers instead of using magic pixie dust to "just add more numbers".
This despite that the very FA shows that Google remains committed to getting 100% IPv6-compatible, and that large ISPs like Comcast are initiating IPv6 trials this year.

Re:IPv6

Remember the mini-computer didn't even exists then.

The ARPANET was built on minicomputers. Specifically, the Honeywell DDP-516. Which naturally is a red-link on Wikipedia, because no doubt the first computers that were used to build the internet weren't "notable".

Re:IPv6

[BlueParrot]

v4 was not considered a "production" version

I knew there was a language issue. Had they only realise that in manager speak "it still have some issues" means "ship it" ...

Re:IPv6

Speaking as a Canadian on an H-1B:

Blame Canada...?

Re:IPv6

[viperidaenz]

Vodafone in new zealand was putting their users behind a nat since at least 2003, probably since they provided internet over their gprs network. You had to configure different AP's if you wanted a public IP

Re:IPv6

And no, NAT is not a solution.

nevertheless, NAT is our future, like it or not.

Re:IPv6

[silas_moeckel]

65k devices you say, you seem to know very little about NAT you need to have a unique port at the NAT box per unique ip/port/ip/port tuple, I've seen far more devices than that overloaded onto a single IP in corp networks, that said a lot can depend on the devices your using to perform NAT (PAT realy but that's a whole other debate). NAT still breaks things that should work SIP and FTP being the prime examples realy anything that can find 3 or more way communications useful. It makes sense for my phone call to go between phone A and B in my house even though were using a outside PBX, it makes sense to be able to copy files from server a to server B but getting instructions and authentication from client C. NAT was a hack that got the job done it's far from the optimum.

The whole debate is mute we need to move to a new addressing platform, 4 billion addresses are not sufficient for 7 billion people. I've got 40 ish IP's in use at my home alone and as everything become connected I expect that number to go up. I expect that the number of network to increase Bluetooth pans, zigbee and others can all link devices together including ip traffic. Is my refrigerator supposed to NAT for my coffee maker or the other way around? I do want my hypothetical coffee maker to talk to my alarm clock and hot water heater letting them know I've trying to get up at 5:30 not 7:30 and to get things ready,

Re:IPv6

[saleenS281]

NAT breaks the internet, and it isn't a solution to running out of IP addresses.

The real issue is that in their eagerness to make sure we never run out again, they made it too complicated. It would've been far more sane to add a fifth set of numbers. That way all existing IP's would've been 000.XXX.XXX.XXX --> essentially not requiring ANY renumbering at all. And they still would've been in a format that people could relatively easily memorize or manually enter.

Re:IPv6

[Pi1grim]

NAT killed one of the basic principles of the internet and you're trying to make it look like a good thing.

Re:IPv6

[compro01]

Which naturally is a red-link on Wikipedia, because no doubt the first computers that were used to build the internet weren't "notable".

It appears that no one has ever bothered to make said article. There's nothing in the deletion log.

Re:IPv6

[The+Askylist]

Weirdly, my 3 dongle gives me an IP address in the 188.28.x.x or 188.29.x.x range, but uses 10.64.64.64 as a gateway. I can only assume it's NATted, but since 188.x is a public address owned by 3, they must be doing something odd.

Re:IPv6

[um...+Lucas]

Nat is defiantly a solution. There are so man devices connected directly to the Internet, consuming precious ip's that,frankly have no real reason for doing so. I worked at a publishing company some time back, thousands of employees, each with an accessible public ip address. So we're talking gobbling up thousands of ip's when through services like NAT, etc they could have shrunk their footprint to 10 or 15 public ip's. Widen that policy across the entire Internet and we'd likely be using a sliver ofthe ip4 space and not even need to contemplate ip6

Take the fridge of the future. It "needs" to be able to look up product information by barcode or RFID, send order requests to the grocer (or most likely to amazon), send diagnostic info, retrieve software updates, and maybe poll the power company to find out if it should ratchet down its energy consumption. All of that can be accomplished while sharing the same public ip address of every other device in the house. Or even every other device in the neighborhood.

Re:IPv6

I guess decisions weren't just made for sake of projected size, but also for overhead. That said, even when ipv4 was created they should have had the imagination to assume that at least every human would be connected with at least one device, and at least double that to be sure. I think they could have easily done a cost/benefit calculation and check to see how much more expensive it would be to implement something like that back then, instead of waiting for the ipv4 pool to run out before changing equipment. Although, having people change equipment of course benefits the equipment producers.

The sad thing is, considering how old IPv6 is, we're still running on IPv4... :(

Re:IPv6

Note that the deletionists can make it so you would never know an article existed. (unless you have super-secret access to the wikipedia backend.)
Capacha: Overdone

Re:IPv6

[danomac]

Thank the internet-based attacks. I've had the pleasure of plugging in a fresh Windows XP (before SP3/firewall) computer to get security updates and have it infected 30 some odd seconds later.

Re:IPv6

[grcumb]

Nat is defiantly a solution.

Yes, but its defiance is actually part of the problem.

Your publisher example wouldn't be a problem if we were all using IPv6. In such a scenario, running out of addresses would be inconce- er, hard to conceive. Unfortunately, silly, awkward shims like NAT give hardware manufacturers the excuse they need to avoid moving to the new standard.

As to your fridge example, before you share your fridge's address with every other fridge in the neighbourhood, I'd recommend you study man-in-the-middle attacks a little more carefully.

Re:IPv6

[Rising+Ape]

Sure, but that's the fault of Windows, not the network protocol.

In fairness, modern WIndows versions are better. I left my Vista box with a public IP and no separate firewall for months and nothing bad happened.

Re:IPv6

Which means it's also the worst solution we have.

Re:IPv6

[Tim+the+Gecko]

I thought there was an announcement that the IPv4 address space is now totally exhausted. Or at least there are no new blocks to be assigned. The tunnel broker, Hurricane Electric indicates that IPv4 is exahusted.

The announcement - http://www.nro.net/news/ipv4-free-pool-depleted - was made when IANA, the central authority, ran out of addresses to give to the five regional internet registries. These regional registries will run out at different speeds. Geoff Huston's graph is very useful to see how fast this will happen - http://www.potaroo.net/tools/ipv4/plotend.png

Re:IPv6

[hairyfeet]

No I'm able to actually add. let me put it THIS way: Do you honestly think if your HS football team went against the Chicago bears they would have a shot?

They pay on average $4500 a degree while YOU pay $50K+, this means they will ALWAYS be able to undercut you, same as there is no way with current safety and health regulations you can compete manufacturing against China where they can dump the waste in the river and pay peanuts for wages.

Its simply math friend, they can afford to take jobs for pay that wouldn't even cover your student loan payments, much less put food on the table or a roof over your head. With the corps in a race to the bottom and videos like "How NOT to hire an American" which i'm sure if you've seen it you'll agree that against poorly paid foreign labor the American hasn't a prayer, there is simply no point in going into IT because you'll be fighting with 300 other guys for the scraps if they don't just follow the video and not give any of you a shot.

I mean do you HONESTLY think if we tried to flood India's market with OUR IT workers they'd put up with that shit? they are spending billions on their Aerospace just so they won't have to buy anything from the USA! But as long as corps ONLY care about how much the worker costs then Americans would have to be insane to take IT in college, same as its nuts to go into construction anymore because there is one white guy and a shitload of illegals. You should yell "Immigra!" around a construction site sometime, i swear they scatter like deer.

Re:IPv6

[Electricity+Likes+Me]

You could argue it's very much the fault of the prevalence of NAT too - most of the time it simply wasn't a problem, but not for any good underlying reason (i.e. USB key or drive-by download type attacks then propagating via RPC vulnerabilities on internal networks).

I mean, silver-lining of NAT, whatever, but I don't think it's been remotely worth it.

Re:IPv6

Its not typically a matter of the home user.....

nat can be quite useful in that situation

The problem is ISPs are starting to build networks that nat, behind nat, behind nat behind nat

Its a total kludge

Why is this part of the problem....Think of Spam email.

If you have 3 layers of NAT for a home ISP, how do you block 1 bad host.

You may block 1 IP address but you could be blocking 1,000 or 10,000 or 1,000,000 legit costumers all at the same time.

so instead of being able to block the 1 bad host, you are faced with the choice of

1.) Choke down the data and hope it doesn't break your server
2.) block 1 ip address which could knock off an unknown number of paying customers.

Re:IPv6

[rev0lt]

NAT killed the concept that evey host is accessible via routing. That is not a bad thing, as some "troublesome" protocols are deprecated or somewhat rewritten to work around NAT. Someone mentioned SIP, an abortion that should never be routed without encryption on a public network. Almost the same as FTP.

Re:IPv6

[JSG]

So your anecdote has become data?

A sample size of one in your study is somehow important?

Hand in your geek card.

Re:IPv6

[budgenator]

New Orleans not so much so YMMV

Re:IPv6

[Rising+Ape]

I didn't realise I was publishing a scientific paper. I *thought* I was responding to one anecdote with another.

The "OMG you don't have a NAT you're going to get pwned" fearmongers are fond of using anecodes of unpatched XP boxes being hacked within seconds. If that was still such a problem, it shouldn't have been possible for even a single user such as myself to have an out-of-the-box Windows install connected directly to the itnernet for months without being hacked. Simple statistics should say that if there's a significant chance of getting hacked in minutes, the chances of surviving for months must be utterly negligible, to the point where a single counterexample *is* relevant.

Re:IPv6

[budgenator]

LOL .I'm still waiting for my flying car and my in basement nuclear fusion power generator.

Re:IPv6

[JSG]

Wrong 'n' epic fail.

'phone numbers == IP addresses. In telephony your number is your identification. On t'internet your IP address is simply that - a number. Your A record is your identification and that does not really care about your IP address.

IPv6 will happen. Just not overnight.

Why did you bother linking that article?

Cheers
Jon

Re:IPv6

[camperdave]

As to your fridge example, before you share your fridge's address with every other fridge in the neighbourhood, I'd recommend you study man-in-the-middle attacks a little more carefully.

No man stands between me and my fridge!

Re:IPv6

[TarpaKungs]

The 3 MIFI dongle will allow a DMZ host - ie forward all ports to an internal machine of your choice. The IP is of course, dynamic, but works well enough with dyndns.

Re:IPv6

[Rhodri+Mawr]

http://download.wsusoffline.net/

WSUS Offline Update. For those who can't/won't run a Microsoft WSUS Server but have enough machines to need one. Can be run on Linux.

Re:IPv6

[danomac]

Oh, I completely agree about the newer versions of Windows being better.

However, after being burned once, I don't ever plug any Windows machine directly into the internet. It's not worth the pain of reinstall and hours of Windows Updates and reconfiguring everything. I also seem to recall that there is a point between Windows bringing the network interface up and setting the firewall to active where it could be vulnerable. I just don't take that risk anymore.

Re:IPv6

[petermgreen]

I thought there was an announcement that the IPv4 address space is now totally exhausted.

IP allocation is heirachical. The IANA assigns IPs to the RIRs, the RIRs assign IPs to ISPs and big companies, ISPs assign IPs to their customers and so-on.

Currently the IANA have run out and APNIC have run-out. The other RIRs still have IPS to hand out for now (not for much longer though).

Re:IPv6

[petermgreen]

They had grandiose ideas with IPv6 about improving routability but afaict it never really panned out that way. Afaict the idea of multihomed sites running multiple IP ranges in paralell has been pretty much abandoned and the RIRs have started handing out v6 IP blocks directly to such sites. There will be some gains as they can give an AS a bigger block at once (so less routes per AS are likely) but each routing table entry will be bigger.

Oh and of course in the transitional period (which I'd expect to be at least a decade) routers will have to handle both the IPv4 table and the IPv6 table OUCH.

Afaict hardware capabilities have grown faster than the v4 routing table so the system has kept on working. The only real problem is it's quite expensive to get a router that can import the entire table so smaller multihomed sites have to import a subset of the table and route the rest to default.

Re:IPv6

[petermgreen]

I worked at a publishing company some time back, thousands of employees, each with an accessible public ip address. So we're talking gobbling up thousands of ip's when through services like NAT, etc they could have shrunk their footprint to 10 or 15 public ip's.

And then someone sends them a network abuse complaint. Unless the sender of the complaint had the forsight to record port information AND the nat saved a log of port mappings they would have no idea who the compalint was directed against.

Re:IPv6

[QuantumRiff]

try having two IP's on the 'outside' of nat forward the same port to the same server (ie, port 80 on both IP's to your web server).. I have yet to find a single vendor that can do that, since it would not be able to figure out source traffic..

My ISP is a rural wireless ISP that does NAT at their POP. (I don't have much choice in Providers, its them, dial up, or satellite) Their whole wireless infrastructure is a 192.168.168.x network. All client sites sit behind another NAT device (the CPE router) that then translates that to a 10.10.x address.. I can't use any service that needs to address a certain port.. (people in my area get mad they can't host games on their WII's.. things like "whatsMyIP.com" are useless, so is dynamic DNS, since the public IP is a box serving thousands of customers.. This is the future of NAT, as IP's get scarce.

Re:IPv6

[BitZtream]

Windows 7 requires you to configure the firewall on first run, right off the bat. Its initially on until that step, and what happens after that step is up to you. Its not labeled as such, Windows asks you what type of net you're connected to, Work, Home, Public, and picks some basic settings based on which one you choose.

Re:IPv6

[BitZtream]

NAT is by definition, ONE to ONE.

It is NETWORK ADDRESS translation.

What you are refering to is PAT:

PORT and ADDRESS TRANSLATION.

But hey, why know what you're speaking about when telling others how it is.

Re:IPv6

[BitZtream]

You can have an internal gateway on private address space and still talk to the Internet using your public one.

This is extremely common, you give your customer a real address so they can do anything they want on the Internet, but you put ALL of your own internal infrastructure that doesn't have to directly communicate with external hosts on private address space. Makes it far harder for external entities to talk to your network equipment directly and saves you a lot of address space and reassignment issues as blocks need to be moved around.

the 10/8 network being private is a imaginary thing, theres nothing that prevents it from being fully routable other than no one is announcing it out via BGP ... and if they did, others would just filter it out (big/competent ISPs already DO filter out these nets to prevent problems)

Re:IPv6

[danomac]

If that was still such a problem, it shouldn't have been possible for even a single user such as myself to have an out-of-the-box Windows install connected directly to the itnernet for months without being hacked.

Well, sure, but now most residential ISPs block incoming connections to some ports (http and smtp comes to mind) as well as some Windows-related services so it's probably not nearly as big a factor as it was. This wasn't done when there was a few major outbreaks and it spread like wildfire. NATs are good for the end user who doesn't know (or generally doesn't give a shit? The ignorance of some people I've met...) about having a malware-infected computer.

While dealing with the blocked ports is a pain (especially if you're a geek and want to run http and smtp) the greater good is definitely there for the 99.9999% of residential customers that don't use it. I shudder to think of what infections there would be if the ISPs didn't actively stop blocking some traffic to save people from themselves...

Re:IPv6

[eugene+ts+wong]

4,008,574,976

You took time to calculate all of that, but you couldn't be bothered to add 3 commas? The reason for the commas is it helps us to count the number of digits. It helps with readability.

I believe that you have something important to communicate. I wish that you believed it too.

Re:IPv6

[Electricity+Likes+Me]

This has precisely nothing to do with it.

Whether you add another 8 bits or another 256 bits, the reality of the problem is the fact that for anything to work you have to upgrade pretty much the entire routing infrastructure of the internet, and solve a chicken and egg problem.

That the addresses are complicated is irrelevant. There's nothing particularly nice about an IP address, we're just used to them.

Re:IPv6

[dave87656]

One of the advantages I see of IPV6 is that every device can have a unique ID which makes it addressable from the everywhere without port forwarding. Is this correct?

Re:IPv6

[dave87656]

You've got to be kidding. Were you just looking for some way to criticize his post?

Re:IPv6

I mean do you HONESTLY think if we tried to flood India's market with OUR IT workers they'd put up with that shit?

India would love to have more qualified people, it'd help their growing economy. So, yes, I think they would gladly accept them (although I doubt most would like being paid in peanuts).

they are spending billions on their Aerospace just so they won't have to buy anything from the USA!

Maybe if the USA wasn't such an asshole with their planes that wouldn't be necessary. They downgrade the exported hardware (for military; no idea about civilian planes) whenever they feel like, of course that'd make people a bit pissed off.

Re:IPv6

[I'm+Not+There+(1956)]

And this usage will increase hugely when Internet of Things as promoted by IBM and others will be more real. Don't forget that number of devices like TVs, cars, and refrigerators that people use is massive when compared with computers.

Re:IPv6

[unixisc]

That is a bloated figure - the actual number is something like 3.7 billion. I had calculated it in a previous thread on IPv6 on /. - take 2^32, subtract all the private addresses of class A, B, C, subtract all the class D & E addresses as well, and also lose all the network and broadcast addresses. The number comes down to 3.7 billion. Even that is somewhat approximate, since it doesn't count all the classless configurations that are there, which would haemorrage even more network and broadcast addresses. I detailed the calculations there - don't feel like re-doing it here.

Bottom line - the total #IP addresses would amount to 1 for every 3 devices today, and going to be even less going forward. Even a 64-bit wouldn't have helped, since in some cases, more than 1 level of NAT is required, so a minimum needed would have been 96 bit. No, structurally, IPv6 is the best laid plan out there. Yeah, I can think of ways in which it could have been better, but I'm impressed w/ what is there.

Oh, and I'm glad that Google is planning to transform its network into IPv6. Once the big hitters - Google, Facebook, and others take the lead, the reasons to migrate to IPv6 will get more compelling.

Re:IPv6

[unixisc]

NAT has improved protocol design a lot though. Before NAT, there were things like FTP, with inband port signaling. Most modern protocols avoid mentioning port numbers in the payload and can run on any port, through multiple port forwardings if necessary. Notable exception and bad example: SIP. I expect more bad protocol design once people again assume that end-to-end IP addressing is universally available.

But there are apps like Google maps that need several ports, and if you have NAPT, which is the most common type of NAT out there, then it ends up eating up more ports, particularly for larger networks. Was IPv4 that bad before NAT came along, when everybody had a flat address space in which to lay out their network architecture?

Re:IPv6

[Yaztromo]

Little known fact only 15% or so if the IP V4 addresses are actually being used by honest to God websites

It's funny how the network is designed so that multiple clients can access a single server.

Talk about misusing numbers in furtherance of an argument! I'd expect the number of servers to be relatively low in any network -- servers are typically designed to be shared resources, and (in general network topography terms) only really make sense when there are multiple clients to access it.

Little known fact: there are currently enough people on this planet to overwhelm the IPv4 address space if we just gave every person one address. And this doesn't include even having any web servers with independent addresses. Nor any SMTP servers, POP3/IMAP/Exchange servers, FTP servers, NTP servers, DNS servers, nor any other sorts of servers you care to imagine. Nor any routers (they each need an address) or other infrastructure devices.

So even if your number is correct, so what? Would we want to live in a world where 100% of IPv4 addresses are used by websites, with none left for actual clients? Websites are hardly the most voluminous nor the most important part of the Internet. Anyone with half a brain would expect that clients and other systems would make up the most voluminous parts of the network; claiming that only 15% of addresses are used for the web and then trying to intimate that the other 85% are just "wasted" is completely non sequitur.

Yaz

Re:IPv6

[unixisc]

Where did you get that number of 15%? All these kludges that IPv4 has used over the years - be it CIDR, NAT - has been b'cos they have been running short on addresses for a while now, and hence had to juryrig the protocol for these 2 fixes ever since they discovered that purely classful routing is limiting them, and then no matter how they slice and dice their address space, they're still running short. And IPv6 has been developed over the last 10 years, and is now pretty much ready, and being rolled out. Yeah, since it's new, there may be hiccups that early implementors may find, but the 6bone and KAME projects have been testing it over that time. It's not exactly something as brand new as Windows 8 will be.

Also, do you have any idea of whether a compatible protocol is even possible in the first place? Obviously not, since you haven't taken a glance @ it, as you admit. It's not possible to have a compatible protocol, which is why the IETF came up w/ a totally overhauled Internet Protocol. Why can't it be compatible? Simple reason - the number of address bits - 32 - is defined in the IPv4 header. The moment you change even one bit and made it, say 33, to allow for 8 billion users instead of 4, then you'll need to redefine the IP header so that the number of source and destination address bits get to change. Then guess what - every router on the face of this planet would need to be reprogrammed in order to recognize this new standard, no matter what you called it. The IETF saw this pretty early, and decided that since they'd have to go through this magnitude of effort anyway, they might as well throw in everything they've learned about protocols from the shortcomings of IPv4, so that the new protocol is not likely to have to change for a considerable while. To be fair, IPv4 has been around since the 70s, and so it's not unreasonable to tell society at large that it's over, and out of address space, and that the next thing should last at least the next 1000 years.

Since we are getting close to running out of IPv4 addresses - squatters or no squatters - it's pretty much going to be Hobson's choice for everyone out there - either IPv6, or no connectivity. For a while, equipment will be dual stacked, and probably, in that timeframe, most will migrate, since that will come automatically when old equipment is replaced w/ new. In the long run, ultimately, all equipment will be IPv6 only, just like one sees little support for IPX or AppleTalk or DECnet these days. At that point, those who want to avoid moving b'cos of any resentment towards H1Bs and offshored businesses and all can enjoy having no connectivity at all to begin w/. This migration is a lot more necessary than past migrations to Windows 95, Windows 2000 or even the Y2K fix. It's not a case of Chicken Licken - there actually won't be addresses to dole out, and unlike in the case of money, which governments can print, there is no way 2^32 can end up equaling a number greater than 4,294,967,296.

Re:IPv6

[unixisc]

I thought there was an announcement that the IPv4 address space is now totally exhausted. Or at least there are no new blocks to be assigned. The tunnel broker, Hurricane Electric indicates that IPv4 is exahusted.

The original such announcement came from APNIC I think a year ago, when they indicated that they were out of IPv4 address assignments to their ISPs. More recently, they changed their transfer policy so that even if 2 organizations want to undergo a transfer of IPv4 addresses from one to the other, the recipient has to justify their requirement for IPv4. In short, getting IPv4 is getting more difficult in this region.

ARIN so far seems to have pretty much the same policy that it had months ago - nothing has changed, even if Comcast and HE are indicating that they are out of IPv4 addresses. RIPE will be distributing /22s, while AfriNIC was supposed to have run out by August 11 but their status is unclear and not current. LACNIC too seems to be @ an end of its allocations.

Given all that, there is no reason why any ISP shouldn't start forcing the move to IPv6, since that's the only place where all the addresses really are.

Re:IPv6

[Kjella]

Note that Asia is for all practical purposes already out of addresses, they've been in a special last-block allocation mode now since April where no regular user will get a IPv4 address, just ISP-wide NATs and such. In reality they're already millions of addresses short.

Re:IPv6

[unixisc]

Oh and of course in the transitional period (which I'd expect to be at least a decade) routers will have to handle both the IPv4 table and the IPv6 table OUCH.

Why would that be necessary, and indeed, if we are running out of IPv4 addresses, how does that help at all? I'd think that Dual Stack Lite would be the way to salvage things - have IPv6 routing happening in between CPEs, and at the customer ends, assign them w/ IPv6 or private IPv4 addresses. The beauty of DS-lite is that for IPv6, it's a native IPv6 network, while for IPv4, it's IPv4 tunnelled over IPv6, and @ the ISP end, the IPv6 address is decapsulated once it gets to the customer premises, and there, the IPv4 address of the customer's box takes over.

I'm not getting why routability didn't improve? The whole idea of having such a huge space is that within an RIR, you'd have the ISPs, within the ISP, you'd have the subscribers, within the subscriber, you'd have the subnets, and within the subnets, the interface ID. Once one is within an ISP (say a /32), one can get in a customer block (a /56) and finally into a subnet (/64). It all seems to be a case of drilling down. What's it that I'm missing here?

Re:IPv6

[AliasMarlowe]

NAT allows devices behind the wall to be addressed by port, sharing a single IP address. At an extreme you could have 65535 addressable devices behind a NAT firewall, exposed to the public internet as one IP address.

In most cases, NAT allows multiple clients behind the address translation, but does not necessarily allow multiple servers, since each service typically can handle only one or a few ports. For instance, how many ftp servers or http servers can you have behind a NAT router? Hint: it's not a large number.

Here's another example of where NAT breaks down: to access our work VPN from home, you connect to an outside box, which sends a token to a third box. That third box then sends an unsolicited packet on port 500/ISAKMP to the IP of the first box. With NAT, the router cannot know where to send this unsolicited packet, since it is sent to the router's IP address. We have to designate a particular internal node as the recipient for unsolicited port 500 packets, and then it works - for that machine. Here's the rub: we have two PCs which we'd sometimes like to connect to the VPN simultaneously (my wife works for the same employer as me), but NAT allows only one to do so at a time, so NAT breaks this function. Port 500 is the standard port used for key exchange in secure VPNs.

Re:IPv6

[unixisc]

Precisely! As I pointed out above, if they had added even one bit to make it 1.xxx.xxx.xxx.xxx, they'd have broken IPv4, since the header would now have to support 33 source and destination address bits. Every router on the internet would have needed a workover.

As far as ease of notation goes, one option might have been to use only octal numbers, and make the address 96 bits instead of 128, and bunch 4 octal numbers together. Keep the old IPv4 like notation alive, like only have something like 1234.5670.7654.3210.1234.5670.7654.3210. The first 3 bits would have been the various RIRs (2-6) while 0 & 7 would have been reserved for things like multicast, and other experimental usages by the IETF, the next 3 for the RIR to reserve for future growth, the next 6 the various countries within each RIR (no RIR has more than 63 countries),so only the first 12 bits would have been eaten that way. The next 12 bits would have gone to ISPs within a country, and the following 12 to its subscribers. The next 24 could have gone to subnets, which would have allowed 8 levels of subnetting, and following that, the remaining 36 bits could have been used for the interface ID.

The above would have had a notational advantage, and its difference from IPv4 would have been obvious that whereas IPv4 has only 3 dots between the number groups, this one would have 7. One would still easily recognize it as an IP address, not have to worry about colons or [brackets] or a-f. That aside, though, it would have no other advantages on the current IPv6 notations.

Re:IPv6

[unixisc]

The 4 billion world population is not a relevant argument today, but that can change anytime, and there's no acceptable reason not to be prepared for it. Yeah, between the US, Europe, Australasia, you have 1 billion people, and between India & China, there are around half a billion internet users - since there are 2 billion people in these 2 countries, assume that tops 1.5 billion people can potentially have them - on phones. So worldwide, the number of people on the internet is tops 2 billion. Out of a possible 3.7 billion routable addresses.

However, the real issue is not the number of people, but the number of devices, and that's where IPv4 falls short now. And once Internet penetration increases not only in the BRIC countries but also in Africa and Latin America, there is no way there will be enough. And speaking of NAT, they will soon need multiple levels of NAT to support everybody, and that will screw up protocols already crippled due to having to go around NAT even more.

Re:IPv6

[petermgreen]

Why would that be necessary, and indeed, if we are running out of IPv4 addresses, how does that help at all?

The IPv4 internet isn't going away any time soon whatever some people might want. so during the transitional period core/border routers at major ISPs (which are the only ones that need the full internet routing table now) will need to have both the IPv6 and IPv4 tables.

They could have two totally seperate sets of core/border routers for v6 and v4 but most places will probablly want to be able to run both on the same infrastructure.

I'd think that Dual Stack Lite would be the way to salvage things

DS-lite for home users and conventional tunnels for those who need real v4 IPs would save v4 addresses allow the access network to be v6 only but the core network still needs to support v4 so that the AXFR elemements and other tunnel endpoints can talk to servers on the v4 internet.

The whole idea of having such a huge space is that within an RIR, you'd have the ISPs, within the ISP, you'd have the subscribers, within the subscriber, you'd have the subnets, and within the subnets, the interface ID. Once one is within an ISP (say a /32), one can get in a customer block (a /56) and finally into a subnet (/64). It all seems to be a case of drilling down. What's it that I'm missing here?

No medium-large buisness wants to rely on a single ISP for their connectivity, to be forced to run multiple addresses in paralell for different ISPs or to be forced to change IPs when they change ISP. When one of their connections goes down they want their IPs to stop being advertised on that connection so that traffic is re-routed to their remaining connections.

The number of entries in the v6 routing table probablly will be lower than the v4 table simply because there is less legacy cruft but we are still looking at a bloody big table. Exactly how big I don't think anyone will know until deployment is complete.

Re:IPv6

[Arrepiadd]

So me mentioning "devices" in the first line and phones, tablets and other internet connected devices on the rest of the text wasn't enough to make it a post about devices?

Re:IPv6

[unixisc]

No medium-large buisness wants to rely on a single ISP for their connectivity, to be forced to run multiple addresses in paralell for different ISPs or to be forced to change IPs when they change ISP. When one of their connections goes down they want their IPs to stop being advertised on that connection so that traffic is re-routed to their remaining connections.

But isn't that what the concept of provider-independent IPs is all about? Company X gets a /48, or even a /52 from some ISP, splits it between say 4 ISPs, and assigns each of them, say 64 subnets each. That way, the solution you are alluding to gets achieved.

Re:IPv6

[unixisc]

Your post seemed to suggest some 1:1 mapping between the world's entire population and devices, which is why I brought that up and pointed it out.

Re:IPv6

[danomac]

You mean you can't even count to 10? It's not really that hard, you even have eight fingers and two thumbs to help...

Re:IPv6

[eugene+ts+wong]

No, I'm not kidding. It's all about readability. It takes him way less time to type in 3 commas, than it takes people to count digits.

Re:IPv6

[eugene+ts+wong]

It's all about readability. It takes him way less time to type in 3 commas, than it takes people to count digits.

Re:IPv6

If you had a firewall that wouldn't have happened. No NAT needed.

Re:IPv6

[Chrisq]

65k devices you say, you seem to know very little about NAT you need to have a unique port at the NAT box per unique ip/port/ip/port tuple,

Which as I said, at the extreme is 65k devices, i.e. one port per device

Re:IPv6

[silas_moeckel]

You can get far more machines behind a single IP, the 65k limit is how many of them can talk to the same IP/port at the same time this does not limit them to that many total devices behind nat.

Re:IPv6

Apparently they had the imagination in regards to device count, but not in regards to people adopting experimental tech and refusing to upgrade.

Re:IPv6

[Pi1grim]

You won't believe, but there are ISPs, that offer external IP and turn on port-blocking by default, allowing more experience customers to disable that.

Re:IPv6

[HappyPsycho]

If everyone is hiding behind NAT, how are you supposed to initiate a connection? At the very least SIP provides a way for the callers to route their way through a gateway if both are behind NAT.

If your solution was actually possible then why does every type of P2P network require something resembling a super node to allow communication between nodes hiding behind NAT? Last I checked Bittorrent, eMule and Gnutella all require such a node to exist on the network to facilitate communication.

SIP is no more complex than any of those protocols, if anything makes it more complex it is that the P2P protocols autodetect allot of their configuration (skype is built on what they call a "type 2" P2P network hence it benefits from some of the autoconfig), and that in most P2P networks you really don't care who you connect to (under normal circumstances its a pool of clients anyway so anyone in the pool will do) so authentication requirements can be relaxed.

Re:IPv6

[HappyPsycho]

PAT is a subclass of NAT, hence the terms can (and often are) used interchangeably.

Given that he specified "Many-to-one NAT" which indicates the most common type which you correctly identified as PAT you aren't adding anything to his statement or even correcting it.

Re:IPv6

[HappyPsycho]

Not sure I completely agree with that statement, first point would be that forcing the network to know about state when it was designed to be stateless is as we all know asking for trouble.

Forcing the protocols to go through a complete connection cycle to activate a concurrent transfer is not exactly great from an efficiency standpoint. Hypothetically speaking (I know most FTP servers don't work this way), using one control connection I could transfer multiple files concurrently down to my machine without going through the full authentication cycle each time (e.g. as with SFTP). Timing attacks and man-in-the-middle would rip such an argument apart so maybe in this circumstance it can be seen as an benefit but if those problems could be resolved I believe there could be some benefit. Also if memory serves SSH in general has gotten some improvements to mitigate the effects of the repeated authentication.

Where I also see an issue is NAT forced the pull model, there is no easy way for a server which just got new mail for you to notify you about it without you constantly asking or keeping a constant connection to the server open. The former is needed by mail or dynamic web sites (think ajax) and has the downside of potentially needing lots of storage to buffer updates for the clients whereas the latter is used by games and chat and suffers from forcing the servers to maintain connections to lots of clients with the possibility of infrequent updates (obviously more an issue with chat-type-apps vs games where there is a constant stream of updates). Ironically NAT itself (or rather aggressive NAT settings) is the biggest threat to maintaining a constant connection to a server (assuming the server isn't heavily loaded).

Finally any type of "true" p2p which does not rely on "super nodes" to keep traffic flowing to peers behind NAT (which are the vast majority) can never exist as long as NAT does. You can see this as either a benefit or loss depending on your views of P2P in general. There isn't much to say on this topic as regardless of NATs existence and using in-band signaling, P2P networks not only survive but flourish.

What Vendors?

What vendors, Cisco? They seem big on advertising and limited on support.

Re:What Vendors?

Every vendor is short on delivery.

The only reason they have some support is because of the U.S. Federal Government mandate that all vendors support basic IPv6 by (i forget the year its somewhere between 2008 and 2012)

Now, that doesnt mean its a comprehensive solution (those cost even more development dollars). They simply did the least amount of work needed to still sell the product to the government.

It wont be until the rest of us demand proper support any vendor will put the time and money into a proper solution

Re:What Vendors?

[hedwards]

And that's the rub, the hosting companies probably won't provide it until they absolutely have to as the ISPs are generally not providing access. And the ISPs won't be providing it until after the customers demand it. The customers mostly think that the internet is Youtube and probably Facebook and probably won't ever request it unless those sites go unavailable.

Re:What Vendors?

[Lennie]

The quote below is from the he.net website, that doesn't seem all that great.

But people are starting to deploy it now, look at the growth of the number of BGP route entries in the routing tables:
http://www.flickr.com/photos/23667510@N03/6493294453 (IPv4)
http://www.flickr.com/photos/23667510@N03/6493294527 (IPv6)

And that is even though we need less IPv6 entries than IPv4 per network, because one IPv6 entry is much larger than one IPv4 entry. A lot of networks that now have 4 or 10 IPv4 entries, might now only need 1 or 2 IPv6 entries.

____

Networks Running IPv6

We can measure the percentage of networks running IPv6 by comparing the set of ASes in the IPv6 routing table to those in the combined set of IPv4 and IPv6.

IPv4 and IPv6 RIBs Last Parsed: Sun Dec 11 01:07:46 PST 2011
IPv4 ASes: 39706
IPv6 ASes: 4923
ASes using only IPv4: 34893
ASes using only IPv6: 110
ASes using IPv4 and IPv6: 4813
ASes using IPv4 or IPv6: 39816
Percentage of ASes (IPv4 or IPv6) running IPv6: 12.4%

Re:What Vendors?

[Almost-Retired]

"It wont be until the rest of us demand proper support any vendor will put the time and money into a proper solution"

Precisely. Here at the coyote.den, I've been NATing all my stuff to a 192.158.xx.xx scheme and will never ever use even the last block of 254 addresses fully. But that is whats forced on the home user because his ISP only gives us one address.

ALL of the existing, can be purchased from Amazon, reference books are both quite a few years old now, and damned expensive in dead tree formats, too damned expensive. Yes, you can get the e-book versions for a $20 bill, but Amazon won't sell it to you without the kindle itself logging in somehow. So they are not accessable without first dropping the card for the Kindle at $200 and up. That's bull shit but it won't grow any corn where I come from.

Amazon should make up their mind, either sell books, or Kindles but not both.

Then, figuring if I could buy the e-book I could read it with Calibre, but figured I had better check out the e-pub compatible reader (an Aluratek Libre!) that I bought the missus for Christmas last year (which supposedly came with a 1 year warranty that has about a week to run), I pulled it out and discovered it is deader than a 5 year old mouse. Plugged its charger in, no response. Plugged the charger into one of those universal usb powered read/write anything adapters, one that when plugged into a normal usb port, lights up the whole room with an erie blue light. Nothing, charger is dead.

Plug the reader into a usb port, which Aluratek claims can charge it in 8 hours. 16 hours later, still dead. Now, since I am a C.E.T., I open the thing up, a 3.7 volt battery reads 4.7 _millivolts_but even with power on the usb plug, no charging current is getting to the battery. So, it appears to me that the charger may have gone wild before it failed completely, and let the magic smoke out of the internal charge regulation parts, but very close inspection with a very high powered magnifying lens doesn't disclose anything that looks to be damaged, and a simple ohmmeter test of the transistors says they are good. I wrote Aluratek at their email support site asking, but of course its the weekend, and by the time a reply gets here, the warranty will be fini.

I might buy another, but the warranty had better read damned good before I drop the card.

Back to ipv6: The relatively elder age of the available books on the subject means they will cover only the RFC's for it, and likely zero content will actually address what, where & how we should attack the problem with our favorite editors, in my case vim.

So, the bottom line is this: Google needs to write an e-book documenting how it is actually done, and likely make it available in a non-drm'd format for a $20 bill. At that point, ipv6 might take off, perhaps at 1% of the ISP's in the next year.

Until such time as the implementation details are actually published at an affordable by Joe & Jill Lunchbucket price, google may well find they are virtually the only ones in this truly humungous ipv6 pond. The rest of us, ISP's included, will go about the daily business without worrying about it until the address crunch really happens. Since most ISP's have 3 to 20 times the address space assigned than they are actually using, TPTB simply cannot see any reason to spend even a $20 bill on ipv6. And at the end of the day, I see no real reason to call mine up and do anything more than ask when ipv6 services may become available. I did that shortly before that national test last summer, and got a "what's ipv6?" reply.

Anyway, since folks are saying it, so will I. That's my $0.02 on the subject. Adjust for inflation though, it only took $0.05 to buy a loaf of bread when I was born.

Cheers, Gene
--
"There are four boxes to be used in defense of liberty:
  soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
My web page: <http://coyoteden.dyndns-free.com:85/gene>
Most people eat as though they were fattening themselves for market.
                                -- E.W. Howe

Re:What Vendors?

[M0j0_j0j0]

You should be aware that due to my attention deficit due to extreme computer usage i cannot read all your post.

Re:What Vendors?

I worked on the IPv6 support in some of Cisco's products.
I can confirm that the only reason we did this was for JITC conformance. There is simply no incentive on the market to support it otherwise.

Re:What Vendors?

[unixisc]

There are a host of good IPv6 books here, all reasonably priced.

Supported

[inglorion_on_the_net]

"'We should not expect something to work just because it is declared supported,' the paper accompanying the presentation concluded."

I think that if something is declared "supported", it is perfectly reasonable to expect it to work. If it turns out it doesn't work, I think the problem is more that the vendor hasn't done as good a job as they should have than that your expectations were too high.

Re:Supported

[Chuckstar]

I don't think they meant "we shouldn't hold the vendors accountable if the equipment doesn't work right".

I think they meant "we shouldn't expect that just because the vendor says it works, that it does".

Google has the benefit of size. If Google calls up Cisco and say "please fix this problem that exists in the thousands of routers we buy from you", it'll get fixed. If you or I call up Linksys and say "please fix this problem that exists in this one router I bought from you"... well... don't hold your breath.

Re:Supported

[jimicus]

I think that if something is declared "supported", it is perfectly reasonable to expect it to work. If it turns out it doesn't work, I think the problem is more that the vendor hasn't done as good a job as they should have than that your expectations were too high.

Indeed, but it's the same with all commodity technology - you find various implementations, not all of which work properly.

The same was true 10 or 15 years ago with booting from CD. Same was true 5-6 years ago with PXE. Same's true with CIDR - I've come across equipment like printers that can't handle the idea - you have to give them a class A, B or C subnet mask. Same with STP (spanning tree) - I've met switches that just plain don't work if you turn on STP then plug in a cheapie unmanaged switch - and I don't mean the port plugged into the cheapie switch doesn't work, I mean the entire expensive managed switch doesn't work. Only a couple of weeks ago I met a server BIOS providing software RAID (yeuch) that needed the drives set to RAID in the BIOS for it to work. But if power to the server was lost, that specific BIOS setting would go. Every other BIOS setting would be just fine and you'd get no error at bootup; you'd just find your disks magically appeared differently on boot.

If Google's network team honestly thought that any product with "IPv6 supported" on the label meant "Every aspect of IPv6 fully supported, tested, interoperable with other vendor's implementation - basically it'll work as well as you'd expect IPv4 to work in something released in the last five years", they're displaying incredible naiveté.

Re:Supported

Were it so easy.

The hardware may not even be capable of supporting IPV6. So Cisco's magic fix will be " Buy our newer hardware. We'll might even be generous enough to give you a discount. "

If Google is smart ( and we know they are ) their infrastructure likely isn't from a single vendor. Gives the vendor way too much leverage. So this process has to be repeated with all the infrastructure they have in place from all of their vendors.

I'm sure there are folks out there " They knew this was coming, why isn't this a done deal already ? "

Size.

Yeah it's cheap to replace the router in your closet. Not so cheap ( or easy ) to replace thousands of them across multiple networks that all talk to one another via IPV4 now. One side can't speak X while the other Y. AND this has to be done in a manner so that it has minimal effect on network traffic. Even more so if you're talking about customer data.

For large companies, this is a huge and expensive undertaking just to " upgrade the network ".

Re:Supported

[mickey_mouse_2006]

With all due respect - it doesn't work that way. Cisco, Juniper, HP, have a huge customer base doing IPv4, and a minimal, almost non-existent base doing IPv6. So the R&D, new features, bug fixing and such will follow the money - ie, will go to IPv4 for the time being. Yes, it sounds (and it is!) shortsighted - but when Google brings to the table, say, $50 mill a year - that is chump change compared to the many other *billions* that IPv4 still brings (and will keep bringing, for the foreseeable future) to the table. And funnily enough - it's way more easier for Linksys/D-Link/Netgear to fix a bug or implement a feature on a SOHO device than it is for Cisco - not only they don't have to care about the installed base, but their customer base is used to sub-par firmware - so were they to implement an IPv6 feature in a buggy or less-than-optimal way . . . not that much of backslash. And they also have way shorter, to none, QA cycles, backward compatibility testing, interop testing, etc.

Re:Supported

[mickey_mouse_2006]

If Google's network team honestly thought that any product with "IPv6 supported" on the label meant "Every aspect of IPv6 fully supported, tested, interoperable with other vendor's implementation - basically it'll work as well as you'd expect IPv4 to work in something released in the last five years", they're displaying incredible naiveté.

Maybe. But Google engineers don't live in a can - I'm sure they asked their vendors, "folks, what's the best way to go about this, in your opinion?" - and the IPv6 experts from Cisco/Juniper/others told them "here - like this" Only for Google to find out the "like this" didn't work exactly as expected - when that tidbit was fed back to the vendor, I bet they were like "hm, well, you're like the 1st one doing this. Let me get back to you on why it doesn't work as it should . . .". Don't hold your breathe. The bottom line is what Google itself says on its paper - not even the vendors are running IPv6. So the *customer* is doing the early field trial for them. Google and others end being beta testers for free, when they thought they were running production-quality, live-deployment, mission-critical ready code . . .

Re:Supported

I've met switches that just plain don't work if you turn on STP then plug in a cheapie unmanaged switch - and I don't mean the port plugged into the cheapie switch doesn't work, I mean the entire expensive managed switch doesn't work.

If you mean that a loop on the unmanaged switch cases a broadcast storm (the managed switch breaking is probably due to maxed CPU usage): this is a facet of RSTP-derived spanning-tree implementations - they are far superior for many purposes, but since they depend on communication between the bridges and not on detection of circulating BPDUs, they can fail to detect downstream bridging loops. Many unmanaged switches break 802.1Q and forward frames like BPDUs that are destined for the bridge management addresses. This breakage helps your situation, since the managed switch will see its own BPDUs on the port and block it.

If you mean that the managed switch dies when you connect an unmanaged switch with NO loop: then you have an extremely crappy managed switch. This use case has nothing to do with STP.

Re:Supported

[Midnight+Thunder]

On the other hand not supporting or working with a customer like Google in their move to IPv6 would be short sighted. If Google were not happy with Cisco's attitude they could easily go an invest in another company and publicize why they dropped Cisco. That would hurt Cisco down the road as they end up no longer being taken seriously.

Companies know that IPv6 is going to become a reality sooner rather than later, especially in markets such as east Asia and Africa, which already have a rapidly diminishing pool of available IPv4 addresses. To ignore these markets would be handing future success over to companies who recognized the expanding niche and got in there early.

Re:Supported

[jimicus]

If you mean that the managed switch dies when you connect an unmanaged switch with NO loop: then you have an extremely crappy managed switch. This use case has nothing to do with STP.

That's exactly what I mean; disable STP and it all starts to magically work.

This was a Dell switch, which probably explains rather a lot - rumour has it that particular model is a rebadged Allied Telesyn. Mind you, if Dell were to write to me informing me the sky was blue I'd stick my head out of the window.

Re:Supported

[saleenS281]

Hardly. That's called a lawsuit. If Cisco sells something claiming it supports IPv6 and it doesn't, they're either taking the gear back or finding their asses in court for misrepresentation of good sold. If they sold it to the government, they're likely facing more than a lawsuit.

Re:Supported

[inglorion_on_the_net]

And funnily enough - it's way more easier for Linksys/D-Link/Netgear to fix a bug or implement a feature on a SOHO device than it is for Cisco - not only they don't have to care about the installed base, but their customer base is used to sub-par firmware - so were they to implement an IPv6 feature in a buggy or less-than-optimal way . . . not that much of backslash.

That is exactly why this story is news. If it had been SOHO routers being buggy - well, that's sad, but it's not likely to surprise the /. readership. If it had been "professional equipment" not supporting IPv6, I don't think that would have surprised a whole lot of us, either.

The news here is that vendors who you might expect to deliver quality product shipped appliances that they claimed would support IPv6, and that the IPv6 support is shoddy. Now, some people will not be surprised by this, either (I'm not, for one), but some people will be - as you neatly illustrated by pointing out that people hold Cisco to higher standards than SOHO gear.

Re:Supported

[Gothmolly]

You clearly don't work with any software or operating system vendors then. Pedantically attempting to hold them to a 'supported' stance doesn't change the fact that their shit doesn't work right.

Re:Supported

My research indicates that IPv6 is not ready for prime time. The standards are incomplete and implementation software shallow/incomplete and buggy. This is true for routers, servers and clients. It's also very messy dealing with IPv4 and v6 on one LAN.

Re:Supported

[0123456]

I run V6 and V4 at home; the $20 LAN switches, wireless router and PCs support V6 but the DSL router doesn't. Otherwise the only issues I've come across are that some of the services on the my Linux server don't listen on V6 addresses, I've never got IPSEC to work with V6 and the XP machines don't really work very well with V6 (but they also don't get used much these days).

Re:Supported

It's not just about vendors. If the protocol was designed such that the adoption would be easy, it would have been adopted by the majority already. Anyone who is using the real Internet uses IPv4 and has no incentive to switch to a different protocol. Were IPv6 designed as an extension of IPv4 with complete, automatic backward compatibility (and not forcing AAAA to boot), we would all be running it already.

Re:Supported

[arglebargle_xiv]

Google has the benefit of size. If Google calls up Cisco and say "please fix this problem that exists in the thousands of routers we buy from you", it'll get fixed. If you or I call up Linksys and say "please fix this problem that exists in this one router I bought from you"... well... don't hold your breath.

So I'm not the only one who read the article as "stay as far away from IPv6 as possible for as long as you can manage"? If an organisation with the size, resources, and clout with vendors that Google has is four years into an estimated eight-year move to IPv6 (as opposed to "we switch over from v4 to v6 next weekend, set your watches"), that's a sign that I don't want to move my organisation to this stuff any time soon. A network upgrade should be, at worst, a somewhat over-long weekend, not a new career path.

Re:Supported

[JSG]

I suggest you get someone else to purchase your equipment then.

You seem to keep on buying rubbish.

Cheers
Jon

Re:Supported

[petermgreen]

The problem is the definition of "supports".

Consider for example a router, suppose it can bring up ipv6 interfaces and even forward packets between them BUT it's doing that forwarding in software so if too large a percentage of the traffic is v6 it can't keep-up and starts dropping packets.

Now suppose that the vendor said it "supports ipv6" but all the performance promises they made related to ipv4....

Re:Supported

all supported means is that the vendor will attempt to find a reasonable solution for any issues regarding a product and or its features, if that means they suggest using a different product or model that is still support!

Re:Supported

[jimicus]

Said I'd seen. Didn't say I'd bought. Most of that was inherited equipment.

Re:Supported

[MortenMW]

I actually have a PowerConnect 5424 with similar problems. I have to disable STP on ports connected to non-managed switches. As its not easy to control what the user plugs into his/her port i have to disable STP on the switch. As far as I can see on the labeling its Allied Telesys, just with a Dell logo slapped on top.

Re:Supported

[jimicus]

Glad to see I'm not losing my mind. Pretty sure it was that model I encountered - and in this case it was at a client where attempting to control what gets plugged into the port was such a complete non-starter it wasn't worth even broaching the topic. Disable STP, quietly curse whoever QA'd the firmware for that model then get on with life.

We need a Wikipedia for crap hardware that doesn't properly do what it claims to. The only issue is I can see Dell taking umbrage at being inducted into the Hall of Shame before we've even started.

Re:Supported

I bought a Cisco 877W which claimed to support IPv6. It turned out not to because it shipped with crippled IOS that didn't implement the advertised features. They charged me a small fortune for a firmware upgrade to 'Advanced IP services' which did, in a half-hearted way. Turns out that with the most recent IOS of the correct (expensive) flavour, it can do IPv6, but only if you don't use the wireless interface. This IOS bug (irb drops IPv6 packets; wireless interface doesn't even allow an IPv6 address to be specified) has been known for years, but they're apparently too incompetent/lazy to fix.

I don't have time to sue them, and they would just offer my money back and continue mis-selling to everyone else.

I bought a Cisco router assuming that IOS would give me a half-decent networking implementation, of the quality I've come to expect from Linux and FreeBSD boxes. Nothing could be further from the truth.

Re:Supported

[marka63]

Actually the article is telling you that you need to start to move to IPv6 today. Turning on IPv6 at the network layer is trivial. If you want all your application to work with IPv4 and IPv6 then you need to invest the effort to test and possibly fix them. With a large company with lots of non standard applications and tools this takes time. Remember you don't have to have everything working to begin with. You can bring services up one at a time.

Re:Supported

The problem with this is people are now beginning to use code that hasn't been customer tested after it was written. Unfortunately IPv6 is still cutting edge in the way that nobody is really using it yet. So it's fully expected there are going to be bugs in there. All supported means from a vendor standpoint (Juniper, Microsoft, Cisco, F5, HP, etc.) is the feature is available and if a bug is found, it'll be fixed. There is no implied guarantee that it'll be software without any problems.

Re:Supported

That's funny.
Personnaly, I read that like if a company with as many employees as Google and for which network is a vital part of its infrastructure and the core of its business is switching to IPv6, I am probably a moron if I don't consider the move.

Re:Supported

Exactly in this context, Cisco is quite broken. If you're large enough and report bugs being important to you, Cisco often does supply you with custom firmware images and tells you to use this instead of every other release. Cisco also does aim to include those fixes in their next releases, but sometimes it takes years to do so or those patches are accidentally lost after a few years (and of course, you're the first to notice).

Re:Supported

It is what it says it is: if it doesn't work, you can turn to the vendor with request for support. As we know it's often the case such requests are not always fulfilled.

The fine article is wrong

[agristin]

"Each campus or office got a /48 address block, which meant that it was allotted 280 addresses. In turn, each building got a /56 block of those addresses (or about 272 addresses) and each VLAN (Virtual Local Area Network) received a /64 block, or about 264 addresses."

a /48 block is 65536 subnets for each campus. A /64 has 18,446,744,073,709,551,616 IP addresses.

The RFCs on this type of thing are RFC 6177 which replaced 3177 and RFC 5375. For a itworld/usenix article, fact checking is really low.

Re:The fine article is wrong

[KiloByte]

Uhm, it's obvious something dropped <sup> tags. Just like, for example, Slashdot does.

Try this: 2⁸⁰ -> 280. Not the writer's fault, the blame lies on editors who didn't notice their software mutilates basic harmless tags.

Re:The fine article is wrong

[camperdave]

Uhm, it's obvious something dropped <sup> tags. Just like, for example, Slashdot does.

Try this: 2⁸⁰ ->280. Not the writer's fault, the blame lies on editors who didn't notice their software mutilates basic harmless tags.

It is the writer's fault. We have forced comment preview for exactly this reason.

Re:The fine article is wrong

We have forced comment preview for exactly this reason.

Comment preview? Isn't that just like those EULAs you click through to install something? *ducks*

Re:The fine article is wrong

[danomac]

So you mean they can't edit it afterwards, like on /.?

Re:The fine article is wrong

[KiloByte]

We do, but the incorrect number is not on Slashdot. Also, I doubt the person who wrote this text could made this mistake, it's quite certainly the editor's fault ("editor" as a person, not as a program).

IPv4.1

Simple solution, bump it up a notch.

My octets go to 257. Solved.

Re:IPv4.1

[hedwards]

You mean 256, noob.

Re:IPv4.1

[TheRaven64]

Depends on whether he's talking about cardinals or ordinals.

Re:IPv4.1

[kasperd]

My octets go to 257.

That's not how IPv4.1 works. Check the facts.

Re:IPv4.1

[hedwards]

Not really, the top of the octet is at 255. An address like 257.257.257.257 would be rather larger than one that goes 256.256.256.256 .

Re:IPv4.1

[Mike+Mentalist]

My one goes all the way up to 11.

Re:IPv4.1

[TheRaven64]

Other than informing me that you didn't understand at least one of the words in my post, did you have a point?

Re:IPv4.1

[FrootLoops]

I'm curious, what did you mean? I'm only familiar with the set theory definitions of cardinals and ordinals--roughly, one can say a cardinal is the equivalence class of bijectively equivalent sets, whereas an ordinal is the equivalence class of order-isomorphic well-ordered sets. (As ever with set theory, there are a world of subtleties.) In any case, these seem entirely irrelevant, and after glancing through a few other definitions, they also seem irrelevant.

Re:IPv4.1

[complete+loony]

Whoosh.

Re:IPv4.1

[Chaos+Incarnate]

Replying to fix bad mod.

Re:IPv4.1

Can you please mark this "funny" rather than interesting? It's an April Fool's joke, and would require exactly the same pain as IPv6 with not as much gain. How do you route from an IPv4 device to an IPv4.1 device? You don't. There is no backwards compatible solution to the IP crisis, otherwise the really smart people that came up with IPv6 would have done so.

Re:IPv4.1

[hedwards]

I know the difference between ordinal numbers and cardinal numbers. The difference isn't relevant as an octet tops out at 255.

Just because you're being pedantic doesn't make me any less right about it.

Re:IPv4.1

[TheRaven64]

If he's talking about ordinals then he's referring to the largest value that the octet can store, so if it starts at 0 then this would be increased from 255 to 256. If he's talking about cardinals then he's referring to the range of values that it can store, so this increases from 256 to 257. The phrase 'goes to 257' could be interpreted in either way - it either stores values up to 257 or it stores up to 257 unique values.

Re:IPv4.1

[unixisc]

The reason the current maximum is 255 is that it's the decimal equivalent of the binary number 11111111. The binary equivalent of 257 would be 100000001, in which case you are growing the number of source and destination address bits from 32 bits to 36 bits. Same problem. Incidentally, had that been a solution, we'd have had maximums of 511.511.511.511. As hedwards pointed out, octets top off @ 255.

Re:IPv4.1

Whoosh.

Whoosh.

Re:IPv4.1

It's an April Fool's joke

And in fact even the version number 4.1 is a hint that it is an April Fool's joke. That 4.1 sounds like a minor update to version 4, and that it actually suggests adding 1 byte to the existing 4 byte field makes the joke so much better. Having it show up just around the time where APNIC ran out of addresses is just great timing.
 
 

and would require exactly the same pain as IPv6 with not as much gain.

True, and that is true of every alternative to IPv6 that has been suggested for the last several years, sadly many of them actually think they could do better, the above link was at least meant as a joke.

Many people look at the current mess and think they could have done better, yet they don't realize that it doesn't matter how tiny they make the change, it is going to be just as hard to deploy. If it is 100% compatible with IPv4, it doesn't solve the problem. And even the tiniest incompatibility with IPv4 is going to make people reluctant to deploy it, as proven by IPv6. Even if somebody managed to look at what went wrong with the transition to IPv6 and find a better protocol than IPv6 which would solve that problem, it would still not help, as they would be 10 year behind.

It has taken more than a decade to deploy IPv6, and if it doesn't speed up dramatically, hell is going to break loose on the Internet pretty soon. If you think you can do better than IPv6, you will have to not only design something that truly is better, you'll also have to get most of the world to agree with you, and design and deploy hardware, which can do it, including several years of real world testing, and you have just a couple of months to get that done, as a matter of fact you should aim for completion by the end of 2010.

Making addresses shorter than 128 bits is not one of the things that will make it easier to deploy. In fact 6to4 and Teredo are examples of transition methods that aimed to ease the transition, and those make use of the large addresses. Actually Teredo had to squeeze a bit to keep within the 128 bits, for example Teredo servers must always run on port 3544 because there wasn't room in the 128 bits to include the port number of the server in addition to all the other information needed. 6to4 and Teredo try to solve the same problem, each have restrictions. If the IPv6 addresses had been 256 bits, and if people hadn't been using NAT to artificially prolong the life of IPv4, it would have been possible to design a transition protocol that would combine the advantages of 6to4 with the advantages of Teredo.

Of course such a hybrid wouldn't have solved the problem which 6to4 and Teredo have in common, which is relying on third party relays with no SLA. 6to4 looked like a great transition plan, but turned out not to work. None of the people suggesting alternatives have thought to the point of even starting to design a transition plan. And even what may look like a good transition plan can be improved, in which case you may very well end up with 6to4, which we know now, didn't work out.

Solving the problem with 6to4 would probably have required some end-to-end redundancy to have been built into the IPv6 protocol, but that would have made it much more different from IPv4 and likely harder to deploy as it would likely lead to new kinds of security threats. Just look at how something as simple as source routing, and how quickly it got deprecated.

Re:IPv4.1

[kasperd]

And even what may look like a good transition plan can be improved, in which case you may very well end up with 6to4, which we know now, didn't work out.

Yeah. Many people have suggested that IPv6 should have been made compatible with IPv4, but how would they even have made it more compatible than it already is?

One idea could have been to kind of force the deployment by saying that a certain subset of IPv6 addresses were used to make it so that any IPv4 route is also an IPv6 route with a specific prefix and a few bits left at the end for the end site to use instead of NAT. Then the packet could move towards the destination being IPv4 part of the way and IPv6 part of the way. The assumption would be that every link along the way was either IPv4 or IPv6 or both, and the routers at the two ends of the link agree on what they are talking on that link. A dual stack router would have to be able to route the packets between IPv4 only and IPv6 only links.

An idea like that would need a few tweaks to actually be possible. First of all you cannot map all of IPv6 address space into IPv4 address space. So you couldn't actually send the packet over an IPv4 only link unless you encapsulate it in IPv4. So, lets improve the idea by making it such that on IPv4 only links the IPv6 packet is encapsulated in IPv4 and will still make progress towards the destination. But what should the destination IPv4 of such an address be to ensure that it will actually progress towards the destination in place of a few IPv4 only routers along the path. Oh right, we are talking about an implicit IPv6 route build from an IPv4 route, so there is an IPv4 address embedded in the IPv6 address, we can use that as destination, and it will progress towards the proper destination until it reaches an IPv6 router than can decapsulate.

But why decapsulate the packet at the first IPv6 capable router? If it is already encapsulated in IPv4 and the entire path is already an implicit path build from a path towards the IPv4 address which is already in the IPv4 destination. So if we don't decapsulate it, it will make towards the proper destination, and we avoid potential problems caused by decapsulating it on a link we thought was dual stack, but where the other end of that link thought it was IPv4 only. So once it has been encapsulated, just leave it encapsulated until we reach a router where the route it is going to take depends on more bits than where put into the IPv4 destination field.

With the above approach everybody can just set up a dual stack router and even if some of the path is IPv4 only, they can still receive IPv6 packets. But how do we get the IPv6 packets back? If the sender is one which only has an implicit IPv6 address build from an IPv4 address, and the destination has an IPv6 address that was assigned in a different way, how do you know where to route it? Well since the sender only had the implicit address likely it is going to hand it off to an ISP with some IPv4 only routers, so it will have to be encapsulated in IPv4. But what destination IPv4 address are you going to use since the destination IPv6 address isn't an implicit one there isn't an IPv4 address that will send it the right direction.

The solution to route packets towards such a non-implicit IPv6 destination could be to reserve a specific IPv4 address to use for the encapsulation. The idea with this reserved IPv4 address is that it will take the default route on every router until it makes into the core of the network, and once it reaches the first dual stack router, it will be decapsulated and routed down a real IPv6 route.

So starting from the idea to make IPv4 and IPv6 routing compatible such that all IPv4 routes automatically result in an IPv6 route, I have improved on the idea to end up with something that sounds workable. But actually, it sounds awfully similar to 6to4. In fact the only point where the improvements on the idea to make IPv4 and IPv6 compatible differs from 6to4 is t

Business as usual?

[vlm]

For example: It requires a lot of work with vendors to get them to fix buggy and still-unfinished code. 'We should not expect something to work just because it is declared supported,'

In other words, business as usual in all other areas of IT. Glad to see there is nothing "special" about ipv6 deployment.

And while the current versions of most OSes support IPv6, they do not do so by default.

What are those OSes? Its been a long time since I turned on ipv6 at home. As I recall I had to do little other than turn it on. There is a difference between "activate" which is kind of like setting the sound mixer output to a comfortable level no big deal, vs searching on the internet to install 3rd party drivers and/or recompiling kernels.

Re:Business as usual?

[tgd]

And while the current versions of most OSes support IPv6, they do not do so by default.

What are those OSes? Its been a long time since I turned on ipv6 at home. As I recall I had to do little other than turn it on. There is a difference between "activate" which is kind of like setting the sound mixer output to a comfortable level no big deal, vs searching on the internet to install 3rd party drivers and/or recompiling kernels.

Windows 7 actually defaults to it being turned on, but will generally not do anything with it if it doesn't get an IPV6 DHCP address. But some MS technology (like the Win7 HomeGroup support, and DirectAccess) work via IPV6. Odds are there are a TON of people using IPV6 on their home network and just don't know it.

Re:Business as usual?

Hmm, would they use IPv6 for adhoc networks with wireless? My ubuntu cant seem to join one, and they cant seem to join me, maybe IPv6 is what causes this?

Re:Business as usual?

The Apple Airport Express requires IPv6 support if you set it up as a music player. My router support IPv6, so the AE will work if I connect it by Ethernet cable. But my WiFi access point doesn't support IPv6, so the AE doesn't work if you tell it to join the wireless network. If you look in the AE's log you can see messages about it playing a music stream, followed by a IPv6 address. No idea why they require this. To make this more confusing, the AE will get a IPv4 address by DHCP, which you can ping over WiFi. It just never uses IPv4.

So now I need a new WiFi AP if I want to use this thing to play music.

Re:Business as usual?

[rb12345]

If you're using the brcmsmac driver by any chance, it doesn't actually support ad-hoc mode, regardless of IPv6.

Re:Business as usual?

[viperidaenz]

The easy solution is to replace all your hardware with Apple products. It's what Steve would have wanted

Re:Business as usual?

Homegroups if I recall, cannot even run on v4 and must use v6. Without v6, the service will fail.

Re:Business as usual?

[dbIII]

With some situations the Win7 performance is horrible on an IPv4 network until you turn IPv6 off. I'm not sure if it's the card driver, the hardware, SMB, the IPv4 stack or what it is because it's hard for anyone other than MS to troubleshoot. I turned off IPv6 in one of those situations and suddenly I went from kilobit to gigabit speeds. Something in that big interconnected pile of obscurity doesn't like it when IPv6 is enabled and it's go nothing to talk to - or something else along those lines.
If anyone really cares there are better examples than my anecdote which were very easy to find on google.
There is still some way to go.

Re:Business as usual?

[rev0lt]

I've seen those kind of problems and usually aren't exclusivelly IPv6 related. The most usual case I can think of is poor internet "performance" in domain setups - the machines have their name resolution pointing to the domain controller, but the domain controller isn't configured to forward requests to the internet (or the router). From what I've seen, this is actually a big issue, because DC promotion doesn't require a correct DNS configuration as a proxy to work - only the local entries for the domain controller. If, in contrast, your machine has a different DNS server than the domain controller pool, you'd get horrible SMB/authentication performance unless you enable Netbios and have a correctly configured WINS server.
In short, it's usually the administrator fault, not windows. Nothing new here.

Re:Business as usual?

[dbIII]

OK - so you are blaming ME for a problem fixed by unticking a box that says "enable IPv6"?
I think that says more about yourself than anything else.
There are problems with various drivers, hardware and software with IPv6 implementations. Blaming the end users doesn't get anyone anywhere.

Re:Business as usual?

[rev0lt]

No, I'm blaming you for being unable to diagnose a routing or dns problem. In fact, I'm also blaming many MCEs that can't understand the basics of tcp/ip networking, and aren't able to read the documentation. Disabling IPv6 isn't "problem fixed", is "problem postponed". I know many times we don't have the time or sightness to be able to try all the magic fixes that are applied to the many windows hiccups, but that is one that is usually caused by ignorance of the administrator and not the operating system itself. If, by chance, you are a unix administrator and cannot correctly configure a dns server and networking routing, you'd be a lousy - and possibly out of a job - administrator. In windows, it's "welcome to the domain".

Re:Business as usual?

[Yaztromo]

No idea why they require this. To make this more confusing, the AE will get a IPv4 address by DHCP, which you can ping over WiFi. It just never uses IPv4.

The Airport Express can also be used as a router, WiFi (and WDS) access point, a wireless bridge, and a print server along with being an AirTunes sink. All of which can work in either IPv4 or IPv6.

Chances are what is happening for you is that the Airport Express is advertising both IPv4 and IPv6 addresses on your network via Bonjour/ZeroConf, as it is getting an autoconf address from your router. From what I've observed, Apple products tend to prefer IPv6 addresses when it receives them via Bonjour/ZeroConf, unless you force IPv4 only mode (which isn't generally an option in GUI apps like iTunes).

The trick for you is probably going to be to ensure that no IPv6 support is enabled on your client system, to force it to use IPv4 only. AFAIK, there is no way to completely disable IPv6 on the Airport Express, other than to ensure it can't get an IPv6 address.

Install a Bonjour/ZeroConf browser on your system, and take a look at the AirTunes (_raop._tcp.) entry. Looking at mine, it's advertising both IPv4 and link-local IPv6 addresses. If you either can get it to advertise only IPv4 addresses, or change your client such that IPv6 isn't even available for link-local access, you should fix it up. A lot of people use the Airport Express on IPv4-only networks -- I'm guessing the issue you're facing is that you do have an IPv6 supporting router running autoconf, but with the wireless part of your network having no IPv6 support across the link, the model assumed by Apple inside iTunes is breaking down.

Yaz

Re:Business as usual?

[Yaztromo]

And while the current versions of most OSes support IPv6, they do not do so by default.

What are those OSes? Its been a long time since I turned on ipv6 at home. As I recall I had to do little other than turn it on.

I'd like to see a list as well. Windows Vista, Windows 7, Mac OS X, and all modern Linux distros will automatically configure IPv6 out of the box when a suitable autoconf server is found on the network.

Oh, wait -- the current version of Commodore DOS has no IPv6 support that I can find. That must be what they were referring to.

Yaz

Hmm

[lightknight]

Even I am kind of curious to see what would happen if we set a week in the future to switch everyone over. I say a week, not a day, because vendors will need at least 72 hours to issue emergency firmware upgrades after sections of the internet disappear, and allowing for different time zones and what not, of course.

Does anyone know if all the major service providers have upgraded their equipment to ipv6 yet? Any laggards?

Re:Hmm

Unlikely.

Would be too cost prohibitive for some in such a short period of time. Think Fortune 500 + size companies. You're talking about upgrading or replacing an extreme amount of hardware. My company alone would have numbers in the tens of thousands ( routers alone ) to replace. The project is ( and has been ) underway for some time already, but it is a slow and expensive rollout to ensure IPV4 tunneling is working for the rest of the hardware while the changover happens.

Have to since many of the endpoint devices aren't capable of IPV6 at all in their current form. Replacing BILLIONS of dollars of infrastructure takes time and planning, realizing some can't be upgraded at all. ( replaced only ) This becomes more complicated when the hardware in question is rather important. Say the optical hardware that is a major net pipe ? Can't just offline it and replace it :D

Re:Hmm

[Midnight+Thunder]

In Europe, Asia and Africa ISPs are already making the slow move to IPv6. In North America it is only a handful of ISPs that have publicized their efforts (two come to mind: Comcast and TechSavvy), whereas others are putting short term profits before long term success.

In the short term companies that already have massive private networks can install a web proxy to deal with external IPv6 HTTP hosts. Long term they will need to revaluate the design of the network and what really needs to have access to the external IPv6 network and what can stay oblivious. In general anything that is only going to communicate with the internal network can stay IPv4 centric, while other devices with be dual IPv4/IPv6 stack.

The one challenge people with wanting to make the web server accessible from IPv6 clients are hosting centres that don't provide IPv6 yet. It is certainly possible to get around this by using a tunnel, but this is really far from optimal.

BTW Some hosting services that are IPv6 ready are listed here:

http://www.sixxs.net/wiki/IPv6_Enabled_Hosting

Re:Hmm

[jrumney]

The one challenge people with wanting to make the web server accessible from IPv6 clients are hosting centres that don't provide IPv6 yet. It is certainly possible to get around this by using a tunnel, but this is really far from optimal.

IPv6 tunnels are only an option if you have a dedicated server. If you are using virtual machine hosting, you are stuck with the kernel and modules from the VM, which usually does not include IPv6 support.

Re:Hmm

I'm skipping over the IPv6 fiasco, i'm already waiting for 256bit IPv7 .
I want my *own* private internet, just for myself.

Re:Hmm

[unixisc]

Since we went from 32-bit to 128-bit, the next jump, in the unlikely event that it ever happens, is likely to be 512-bit. But I expect the sun to expand and vaporize the earth long before that happens.

buggy and still-unfinished code

[Threni]

> It requires a lot of work with vendors to get them to fix buggy and still-unfinished code.

Google should be used to that. They could always lazily stick 'beta' next to the product name, I guess.

Re:buggy and still-unfinished code

[gl4ss]

maybe the vendors should have just sent them bipv6 products.

what about printers and other Internal stuff IPV4

[Joe_Dragon]

There is a lot of stuff that does not have IPV6. Do they have some kind of NAT for the older IPv4 stuff?

It took Google 4 years...

[s7uar7]

Just think how long it would take companies without access to virtually unlimited funds and brain power. It's no wonder everyone is reluctant to make the move.

Re:It took Google 4 years...

[allo]

not everyone has a network as large as the network of google.

Re:It took Google 4 years...

Google has, possibly, one of the largest and most complex networks of any company on the planet. Most companies would actually have a far, far, far easier time.

Re:It took Google 4 years...

I work for an ISP/Datacenter. We turned it on internally a year ago and any colo customer can have their /56 if they just ask.

Re:It took Google 4 years...

[Bob+The+Cowboy]

Really? You don't think that a company the size and shape of Google might have a slightly more complex network than a shop of, say, 100 people?

Vendors

[DaMattster]

Given the Google has absolutely no shortage of capital and brain power as noted before, I am surprised Google didn't just build its own routers, wireless access points, etc. Linux and BSD have come along way in their routing capabilities. Heck, Vyatta sells an open source router that probably competes very favorably. If I were Google, I would have opted for the open source methodology and contributed back to the community. You pay a vendor and expect quality, you don't beg them to improve their product. They should be jumping through hoops to help you.

Re:Vendors

[Lennie]

Because the hardware that can handle large amounts of small packets fast when you install your own software ('firmware'), does not exist AFAIK. Atleast not the type which will also be supported by (multiple) vendors (no1 wants to be stuck on, locked into, one vendor). designing not-massproduced ASICS isn't cheap. It would be like Google designing their own CPU's for their servers.

The closest things are:

- NetFPGA (some people at Google worked on that project I believe) / LibreRouter - which use FPGA's to handle packets, you tell it how to do that.

- projects like Netmap, handle packets in userspace so you don't have to push packets through the kernel on normal PC-hardware, making it faster: http://www.youtube.com/watch?v=SPtoXNW9yEQ

The best chance currently to be useful in 'doing your own thing' is probalby:

- OpenFlow, which basically is an API standard which multiple vendors would support to describe what the hardware in a switch should be doing, a programming language almost. Some demo's:
http://www.youtube.com/user/stanfordopenflow

Which can allow for lots of tricks, like 'software defined networking'

Re:Vendors

Unfortunately, current versions of OpenFlow don't support IPv6. It's a proposed feature for OpenFlow 1.2.

Re:Vendors

Given the Google has absolutely no shortage of capital and brain power as noted before, I am surprised Google didn't just build its own routers

http://tech.slashdot.org/story/09/01/07/1844239/google-router-rumors

Re:Vendors

>Because the hardware that can handle large amounts of small packets fast when you install your own software ('firmware'), does not exist AFAIK

Install DD-WRT, OpenWRT, or Untangle on a standard PC.

Re:Vendors

[Lennie]

A normal PC can't handle lots of small packets.

What's the point?

[C3ntaur]

IPv6 is cool, I get it. But how many ISPs are offering it to their consumers? If I want to build a web presence, would I settle for only IPv6 address space? If not, how much would I pay to buy into the IPv4 space so I can reach all my potential customers?

Re:What's the point?

[zootie]

IPv6 is very popular in Asia, and you have a large number of Eastern languages sites that are only reachable on IPv6 (some only have IPv4 for western visitors if their content applies).

And on ISPs. Cox and Time Warner (Road Runner) started running consumer IPv6 pilots this year, and I wouldn't be surprised if other ISPs also started.

The limiting factor is going to be the home routers. But as more ISPs begin offering the option (maybe bundled with a "higher performance tier" that will tie in with net neutrality), we'll likely see home routers advertising IPv6 support as if it was a new type of faster wireless. Albeit, it might take years.

Re:What's the point?

Even companies like Google will find it increasingly hard to get enough IPv4 addresses for their needs. See e.g.
Microsoft's recent purchase at $11.5 a pop.
I'm sure they require a lot of globally routable addresses for internal communication. Those can be converted to IPv6 to free up address space for their public endpoints, even while most of their users are IPv4 only.

From the user side of it, ISPs in growth areas like Asia simply cannot hand out IPv4 addresses to all their users, leading to kludges like ISP-level NAT. At that point, even if IPv4 is reachable due to the hacks, you would give them a better user experience (a faster and more reliable connection) by offering your services over IPv6 as well.

In short, even though IPv4 will be 'mandatory' for the foreseeable future, the hacks needed to make it work for everyone and everything that needs internet access may make it a second-grade experience compared to IPv6, maybe within a few years time.

Re:What's the point?

[swillden]

And on ISPs. Cox and Time Warner (Road Runner) started running consumer IPv6 pilots this year, and I wouldn't be surprised if other ISPs also started.

http://www.comcast6.net

Re:What's the point?

[petermgreen]

at $11.5 a pop.at $11.5 a pop.

I think prices will have to raise an order of magnitude from that level before cost of IP addresses will significantly change business behaviour.

Also all but the largest buisnesses will be able to use private addresses for internal and outbound communication and only use public addresses for machines that need to receive inbound communication.

Re:What's the point?

[unixisc]

IPv6 is cool, I get it. But how many ISPs are offering it to their consumers? If I want to build a web presence, would I settle for only IPv6 address space? If not, how much would I pay to buy into the IPv4 space so I can reach all my potential customers?

If you are building a network from scratch, chances are that IPv6 is something you'd not want to miss out on, since it's long term. Then the question is whether your IPv4 customers can access you or not. This might be worth a discussion with your ISP on their dual stack support, and whether end IPv4 customers would be able to access you. Currently, all Vista, XP, OS-X, Linux and BSD users should be able to access you, and the only question mark would be users that are still on XP. While I have theoretically installed IPv6 on my XP box, going to the testipv6.com site indicates that IPv6 still doesn't work on my box.

Re:What's the point?

The problem is less the cost and more the availability. Those addresses were bought from a bankrupt telecoms firm. If you do need more IP addresses you probably can't wait around for an IT firm to go bankrupt. The next alternative might be paying someone enough that it's worth their time to reconfigure their network and free up a routable chunk of address space.

Re:What's the point?

It's coming. My ISP is fully dual-stack and gives you a /56 prefix on request. It's an opt-in feature as in "If you don't understand ipv6, we recommend leaving it off".

ipv6 - a private protocol for google?

I'm lucky enough to use an isp that offers native ipv6.
This coupled with a nifty firefox plugin (IPvFox) enables me to determine with some certainty that somewhere between 95-99% (tongue in cheek) of all ipv6 traffic on the internet is googles.

They are pretty much the only company using it.

(O.K. rss.slashdot.org... kudos to you guys).

Re:ipv6 - a private protocol for google?

You left out www.xkcd.com.

Re:ipv6 - a private protocol for google?

$ host rss.slashdot.org
rss.slashdot.org is an alias for sourceforge.feedproxy.ghs.google.com.

well inside IP4 works and just the out side

[Joe_Dragon]

needs to be IPV6 so it can be like NAT is just need to make the out side stuff work with IPV6 and the in side can still have the older IPV4 only stuff.

Vendors are a tad better enabled now...

[Junta]

Early large-scale adopters like Google have suffered the leading edge of vendors trying to get ready. In terms of the problems Google ran into, I'd wager a large chunk of them won't be inflicted again by the same company. Once kinks are worked out for even one customer, they are generally worked out for all customers.

That said, while I've seen a large amount of increased IPv6 capability from vendors (showing they have expertise *somewhere*), it's still an arcane art for almost everyone at these companies still yet relative to IPv4.

Re:Vendors are a tad better enabled now...

[John+Hasler]

Early large-scale adopters like Google have suffered the leading edge of vendors trying to get ready.

I suspect that most of the pain was suffered by the vendors in this case. Google will have written the IPv6 requirements into the multimillion dollar purchase orders and is quite capable of phoning a VP of sales and telling him that if this is not fixed NOW you might find yourself no longer qualified as a Google supplier.

BTW I read that the DoD has come up with a unique way to encourage vendors to make sure that their IPv6 implementations actually work. They've been told that whether or not their own Web sites are accessible via IPv6 will be a factor in acquisition decisions. I can't reach Cisco on IPv6, though.

Re:Vendors are a tad better enabled now...

yeah you can access cisco on ipv6. well not you as such, but the DoD reqirment is actually that the site is accessible from ipv6 from the DoD network.

Doesn't mean they need to make it available to everyone

Technically complex...

[Junta]

While I anticipate Google to have one of the most complex networks, they also probably have a more reasonable organizational structure populated by more talented individuals on the whole. I say this not because I think Google is magic, but I optimistically *hope* they aren't as bad as some of the companies I have dealt with. Most companies have a technical staff either not talented enough, bound up in an impossibly convoluted organizational structure that paralyses them in any efforts to technically advance the state of things, or some combination of the two.

Re:Technically complex...

[TheLink]

Google may have the largest networks, but I doubt they have the most complex networks. Otherwise they wouldn't be able to "scale out" as easily and quickly. I suspect most Google data centers are very similar in network topology and technologies used.

Old large organizations are the ones with weird complex networks which are not self-similar and use different network technologies. x.25 over tcp/ip, frame relay, netbios over tcp/ip, SDLC, token ring, FDDI, stuff that's still using Novell 802.3 ethernet frames ( http://support.novell.com/techcenter/articles/ana19930905.html ). If you're unlucky you'd need network equipment that can handle both the old stuff and ipv6 properly. The networks may not be connected to each other, but what if the old expensive equipment handling the "legacy network stuff" are also handling some IPv4 stuff?

Unless forced to I wouldn't bother upgrading an old bank to IPv6. Users inside can't connect directly to the outside world, unless they go through a proxy? That's a feature not a bug ;).

Re:Technically complex...

The last company I worked for had a mess of an internal network. It was made up of about 4 different networks each coming from companies that were acquired patched together with a few firewalls and routers. and this was an telecommunications company - designing, installing and maintaining networks is their core business

Re:what about printers and other Internal stuff IP

[aztracker1]

yes

Re:what about printers and other Internal stuff IP

Most computers will use Dual-Stack for the foreseeable future for precisely this reason.

It took me 2 days...

Just imagine the amount of funds and brain power that is available to me...

To put it in perspective

Each home is supposed to get a /48 from the IPv6 ISP. Then the residential subscriber can provision up to 65 thousand subnets. The remaining 64 bits are left for the autoconfigured MAC address.

Because of privacy concerns, the MAC address can be obfuscated. That way, nobody will be able to tell for sure which physical device in your home posted the controversial contribution.

The talk about 2**128 IPv6 addresses are rubbish. The address allocation schemes have carefully been designed to support about as many addresses as there are MAC addresses, that is, in the range of 48 bits. It's much better than IPv4 but only by 5 orders of magnitude.

Re:To put it in perspective

[Just+Some+Guy]

The address allocation schemes have carefully been designed to support about as many addresses as there are MAC addresses, that is, in the range of 48 bits.

But while the bottom 64 can be used for MAC-based autoconfig, they don't have to be. There's nothing preventing you from running DHCP and handing out sequentially-numbered addresses if you ever feel the need to.

Re:To put it in perspective

[unixisc]

I agree that 2^128 is way overrated. There will be 2^32 (since 2001:/16 is what's likely to get assigned first) organizations which will have 2^16 subnets. In reality, I doubt customers will be getting /48 from their ISPs - it'll be more likely either /64, or if they need multiple subnets, say for 2 or more SSIDs on their Wi-Fi routers, they'll get a /60, which will allow them to have 16 subnets. For a home user, that seems reasonable.

I agree w/ knorthern knight below and I have in the past argued that giving 64 bits to the interface ID was overkill, despite the autoconfiguration requirements - 32 bits would have been fine, maybe 48. 16 bit subnets are okay, better 32. No subnet will ever have anything even close to a billion addresses - that would just be collisions begging to happen. Even for China or India, no ISP will have even close to a billion customers (unless they nationalize all ISPs into one). The first half of the address could have been w/ the ISP, and each end customer - whether a single user or a huge corporation - would have been given a /64, where they could then have /32 subnets, which in turn would have /32 users. Still pretty adequate. As Just Some Guy said, one could run DHCPv6 within a single subnet and have what one needs - a pool of dynamic addresses, static addresses, different addresses for different protocols (i.e. one address for an http server, another for the mail server), autoconfigured addresses and so on.

I however don't think that a new protocol will necessarily be needed. The consumption of addresses is going to be monitored by the RIRs, and at the end of it all, if they see that there have been too many addresses needed due to the excessive Interface ID space, then when they go to 3000:/4, they can reassign the global prefix:subnet:interface ID distribution to be 64:32:32 or 64:16:48 instead of the current 48:16:64 that it is. If the headers won't change - and they won't, since the source and destination address lengths will remain 128 bits - then the new assignment will still be compatible, and the migration won't be as painful as the current one.

Keypad

The Google guys need one of these: http://www.ipv6buddy.com/ :-)

speaking of squatters

Why does the soon-to-be-defunct USPS need a /8?

Re:speaking of squatters

Why does Zuckerberg own the majority of facebook.....

At one time, their parent company, The United States of America and OWNED then entire internet.

You should be thankful they gave you and your pitiful Youtube/Facebook/Whom ever you work for a sizable chunk of the pie......

No, They should probably give up a big chunk just like the other about 10 companies who bought Class As before ICAN

Re:speaking of squatters

[unixisc]

This time, every company (I'm not including ISPs in this) that gets a /48 has more than enough for all its global branches, as well as all its employees, and enough for having several virtual hosts, mail servers, web servers, ftp servers and so on. No more Class As, Class Cs and so on.

Obligatory XKCD

http://xkcd.com/865/

IPV6 is inevitable - better learn it now

[whistl]

Right now I'm running a free IP v6-over-v4 tunnel from my router to Hurricane Electric. I got assigned my own v6 LAN range. Mac OS X works fine, hits the v6 version of a website if it exists, the v4 version otherwise. Doesn't always work, I know. The DNS part is the problem to figure out. The larger infrastructure DNS servers (comcast, at&t, verizon, etc) need to support IPv6. Comcast has just begun rolling it out to end users, so hopefully they've got dnsv6 servers that work now and still return the correct regionally sorted IP addresses for cloud services like akamai.

Stupidity at Google, guess they have the money...

[internet-redstar]

IPv6 will be very important next year... ... so we are told for 15 years now. It will just never happen. Running out of IPv4 addresses internally... give me a break - who believes that? NAT is the answer delivered for a long time now. And it will remain there forever. Amen.

Re:Stupidity at Google, guess they have the money.

[Lord_Naikon]

While the rest of the world can use their instant messenger software to share files or make calls, you are stuck on IPv4 and must use slow 3rd party servers to proxy data between you and your other IPv4 friends because your NAT won't allow them to connect directly. I'm sorry, but the problem is not about running out of IPv4 addresses internally, it is about connectivity with the rest of the world.

We should not expect something to work just . . .

[tengu1sd]

'We should not expect something to work just because it is declared supported, . . ."

Why should IPv6 be different than any other feature a vendor documents?

Static IP addresses == end of privacy

[knorthern+knight]

> Each home is supposed to get a /48 from the IPv6 ISP. Then the residential subscriber can provision
> up to 65 thousand subnets. The remaining 64 bits are left for the autoconfigured MAC address.

> Because of privacy concerns, the MAC address can be obfuscated. That way, nobody will be able
> to tell for sure which physical device in your home posted the controversial contribution.

Well... like... whoopee. Marketeers (e.g. Fecesbook) will love it. It'll still let them know that certain web requests are coming from the same home. They'll be able to aggregate all your web browsing, etc, regardless of how much you spoof your mac address, because it's just a matter of seeing which /48 it's in. I prefer dynamic IP addresses thank you. Those l33t h@x0r d00ds out there who want to run your own public webservers are more than welcome to ask your ISP for static addresses.

And WTF are they thinking, handing out that many addresses per account? That's 9.022 * 10^14 addresses for every man+woman+child in China or 1.727 * 10^14 addresses for every man+woman+child on this planet. A /96 should be enough to run an ISP anywhere except China or India.

25 years from now, we're going to run into an unexpected shortage, and we're going to have to scrap a whole bunch of routers, etc which are hardcoded to expect /48's, and replace them with routers, etc that expect slightly smaller blocks. The Ciscos of this planet will love it.

Re:Static IP addresses == end of privacy

[Imagix]

More recent standards have been dictating a /56 to a subscriber home.

Ipv6 and OSI Addressing

OSI vs TCP/IP - check out OSI Addressing, it would have coped much better but TCP/IP and 4 octets won out. IPv6 is a retrofit to a wider space...but its much more...no more broadcasts. Its cool but the Hex will get clunky as the addresses get eaten up.

Re:Ipv6 and OSI Addressing

[unixisc]

Broadcast addresses in IPv6 are not there, but if one needs to do that, a multicast to the all nodes on the local link multicast group ff02::1 will have pretty much the same effect.

Had IPv4 been 32bit...

[unixisc]

Something no one would need if proper assignment of IP ranges had been done.

Or if IPv4 had been defined @ 128 bits the first time around, instead of 32. Only allowance I'd give is that in the 70s, nobody imagined that computers would be as inexpensive and widely available as they are today, or that a whole list of new devices would go digital and start needing IP addresses, not just some huge servers in some 50 big organizations in the US.

To put it in a different perspective

The difference with IPv6 is that the address space is big enough, that even if we were incredibly shortsighted and not able to see the future coming and squandered every single /48 except for one with inefficient assignment and we end up needing more than we predicted, we'll still have 2^80 addresses left to work with. Placing them under a new addressing scheme, assigning them more frugally, that's a hell of a lot more than 2^32 where we are today.

A small address space such as 2^32 has shown to be practical to manage, since this is how the Internet works today. It stands to reason that 2^80 would not be impractically small to be managed using similar techniques.

Over time, it's reasonable to assume that more old large assignments can be reclaimed (as we have seen in IPv4 - although in IPv4 returning a single net block won't have nearly the same impact as in IPv6), giving us virtually limitless potential for expansion.

To put it all in perspective, I for one wouldn't really mind if my home got a IPv6 /120 rather than a /48 - say. I doubt many people run a home network that requires more than 256 addresses. That's still a hell of a lot better than the single IPv4 address I get now.

Re:To put it in a different perspective

[unixisc]

To put it all in perspective, I for one wouldn't really mind if my home got a IPv6 /120 rather than a /48 - say. I doubt many people run a home network that requires more than 256 addresses. That's still a hell of a lot better than the single IPv4 address I get now.

While you would be happy w/ a /120, other organizations, like medium to large businesses, would need more, and a mobile IP network that depends on autoconfiguration would need even much more. One of the things the designers of this did right this time - unlike the segregation of IPv4 into Classes A-E, was that they put in a one size fits all, so that people, already new to the new protocol, wouldn't have to struggle w/ things like variable length subnets, networks and the like. Since the Mac addresses of Ethernet are 48 bit and the Firewire addresses are 64-bit, they assigned the entire lower 64-bits to the interface ID. It's also easier for new equipment, which already had to be programmed to support IPv6, to know which bits are the global prefix, which ones the subnet, which ones the interface IDs, etc.

I do think that that was overdoing it, since one doesn't have to use the entire MAC or Firewire IDs in order to create an autoconfigured unique interface ID. Had they simply assigned 32-bits to it, they'd have been fine - no network (include a mobile network in this) is likely to have 4 billion subscribers, or anything even close. So such an assignment would still have been fixed, and far exceeded the needs of any business or home. While you may not need 32 bits to start with, having them gives you the flexibility to configure DHCP6 to allocate static addresses, dynamic addresses, autoconfigured addresses and a whole lot more. With that, you can use a static address to host your own web, mail & ftp servers, dynamic addresses for all your internet browsing devices, autoconfigured addresses for things like your tablets and phones, and so on.

Re:Stupidity at Google, guess they have the money.

[marka63]

While you may not believe it, there are companies with over 17 million devices that need to be connected and directly addressed. Once you get up to those numbers RFC 1918 no longer is big enough to address all the machines (RFC 1918 covers 17891328 addresses). Add to that the need for rational sub netting and you can start to run out of address with less that a million machines.

Re:Stupidity at Google, guess they have the money.

[internet-redstar]

No, I don't believe that...

Re:Stupidity at Google, guess they have the money.

[internet-redstar]

The NAT traversal problem has been solved by a lot of services/applications. And instead of asking the entire world to change their home routers and throw away their embedded devices, NAT solves most issues more or less. IPv6 introduces a lot more problems than it solves. And privacy concerns is one of them.

Re:Stupidity at Google, guess they have the money.

[marka63]

You may not believe it, but it part of my day job to support such companies.

Re:Stupidity at Google, guess they have the money.

[internet-redstar]

17 million devices? Nah! Bad subnet planning; yes!

Re:what about printers and other Internal stuff IP

[unixisc]

Or more likely, Dual-Stack lite. Dual Stack won't be an option if one is out of routable IPv4 addresses.

Shoes and other feet

The reason for spending billions on their Aerospace industry is that if they were to buy stuff from the superpowers, they'd be at their mercy when it comes to the sale of spare parts, and I'm not talking about the price of those things, but whether the country would be authorized to even buy it in the first place, or if they paid for it, whether it would be delivered. That's why they do it.

As for IT workers, a number of Americans and other foreign IT workers can be seen in Indian tech hubs like Bangalore, Pune, Hyderabad, et al. If an American tech worker is willing to accept what are market salaries in India and move and work there, it's easier for them to get a work visa and job than it is for an Indian to get an H1B, which is capped for workers from India and China, but unlimited from countries like Mexico, Somalia, Saudi Arabia, Iran, Lebanon, et al.

Re:Stupidity at Google, guess they have the money.

[marka63]

Do you have any idea how expensive it is to continually re-size networks just so you can fit all your machines into a allocation that is in reality too small for your company? The fact that you say:

Bad subnet planning; yes!

means you just don't understand. One really shouldn't have to think about subnet sizes. That is one of the advantages of IPv6. You don't have to think about subnet sizes. You just subnet at the /64 and you have a subnet big enough for any conceivable use. No more juggling, No more getting it "wrong". No more renumbering because you need more space.

Re:Stupidity at Google, guess they have the money.

[internet-redstar]

I agree that it's a hassle. But the hassle of using IPv6 is a _lot_ bigger. It's plainly stupid to try and fix a problem by creating a bigger problem.

Re:Stupidity at Google, guess they have the money.

[marka63]

Have you actually been in a company that has deployed IPv6 internally and externally? I have.

Have you run a dual stack network? I have.

Have you dealt with the issues involved in moving from IPv4 only to IPv4 + IPv6? I have.

Have you dealt with the issues of run numbering networks? I have.

I will tell you this. I would much rather deal with the minor issues of bring up IPv6, than to repeatedly have to deal with the issues of renumbering. At least with IPv6, once you fix the problem it stays fixed.

The problems people are seeing with IPv6 are mainly lack of planning issues. Failures to build in IPv6 initially despite it being the only viable solution to address exhaustion. Failures to make IPv6 support a requirement. We are playing catchup at the moment, trying to cram what should have been 10 years of incremental development into 1 or 2 years.

For most applications that deal with IP addresses or sockets they cost to support IPv4 and IPv6 is actually minimal or zero when the application is being developed.

Most machines actually support IPv6. There are a few, memory limited, machines that can't but overall they are in the minority and are also relatively inexpensive machines to replace.

I would actually recommend that every company bring up IPv6 at the network level today and connect to the global IPv6 with a firewall that only allows reply traffic in initially. Don't add AAAA records for your servers initially. Do add them for your workstations. Add corresponding PTR records. You will find that IPv6 isn't as scary as you think it is. It also gives you a environment where you can test your servers, by adding AAAA records to the host file of the machines involved in the test. When the service is working you then add the AAAA records to the DNS and remove them from the host files. Don't forget to open up the firewall to allow external connections to the service if appropriate.

Re:Stupidity at Google, guess they have the money.

[internet-redstar]

It just will not happen. Many embedded devices build today don't even enable the IPv6 stack while it's only a configurable option away in the Linux kernel. And these devices aren't even released yet. They will after release run for a decade in the infrastructure. Sure we tell people who make them to care. Yet mostly they have more important things to care about, as for example to get them working in the first place.

An extra screen in the config box to set a static IPv6 address on an embedded device? Not seen one yet... Why? Because these embedded boxes are typically run in a seperate VLAN in the company.

Corporate requirements for IPv6 are close to nonexistent, so nobody cares, nor will. It's not that I'm against IPv6, but one has to be realistic about what to expect from the rest of the world - and a drastic change without a game-changing urgent need is not one of these things.

And I'm still waiting for an example of any organization _ANY_ organization who needs to have in the order of 16 million directly communicating devices on their private network. Just a million will do as well. Probably Google is the only organization which comes close to that order.

And even for them, there is not really an important reason why their infrastructure could not be split up between the google search cloud as one 10.x.x.x range and the gmail infrastructure as another one, for example, as direct communication between the two is probably unnecessary and managed by separate teams anyway.

One could argue that the 'renumbering' is difficult. Yet the cluster which Google build handles server failover, swap-in and swap-out and data partitioning as one of the major features. Fail to see why they couldn't implement it on the 'private IPv4'-level either...

While I agree that on their scale, such an experiment might be valid, my guess is that it will remain as such;... an experiment with a lot of problems:
1) increased latency because of IPv6 tunneling - and Google is very latency conscious 2) less proven technology leading to exotic problems which show up even more at the Google scale - because nobody uses it

And for what?
To solve the 'we are too lazy to write a stupid IPv4 pool re-numbering/re-partitioning'-problem? While it can be done with a very small shell script(TM)? ;)

Re:Stupidity at Google, guess they have the money.

[Lord_Naikon]

Really? Please back up your statements with some arguments. The NAT traversal problem has not been solved by a long shot. Sometimes software can configure the the NAT remotely (UPnP) but that obviously doesn't work when your ISP starts NATting you.
To me it looks like you miss some basic information about how client-server networking actually works and why NAT is a serious hindrance to correct internet functionality.

Care to elaborate on why IPv6 introduces more problems than it solves?

Re:Stupidity at Google, guess they have the money.

[marka63]

It just will not happen. Many embedded devices build today don't even enable the IPv6 stack while it's only a configurable option away in the Linux kernel. And these devices aren't even released yet. They will after release run for a decade in the infrastructure. Sure we tell people who make them to care. Yet mostly they have more important things to care about, as for example to get them working in the first place.

An extra screen in the config box to set a static IPv6 address on an embedded device? Not seen one yet... Why? Because these embedded boxes are typically run in a seperate VLAN in the company.

For some reason you seem to think turning on IPv6 precludes running IPv4 devices or being able to reach them from IPv6. IPv6 only internal networks are still a long way away.

Corporate requirements for IPv6 are close to nonexistent, so nobody cares, nor will.
It's not that I'm against IPv6, but one has to be realistic about what to expect from the rest of the world - and a drastic change without a game-changing urgent need is not one of these things.

Lots of corporate desktops talk to machines on the outside. These machines will be a mixture of IPv4 only, IPv6 only and dual stack. The need to talk to these machines alone will result in IPv6 being deployed internally. We are starting to see ISP complaining that they can't get enough IPv4 addresses to meet their needs. It won't be long before the first forced IPv6 only sites start appearing. When that happens, offices will start to adapt by enabling IPv6 to allow the desktop machines to reach these sites.

And I'm still waiting for an example of any organization _ANY_ organization who needs to have in the order of 16 million directly communicating devices on their private network. Just a million will do as well.
Probably Google is the only organization which comes close to that order.

Pick any large ISP that manages CPE equipment. These needs to be addressed.

And even for them, there is not really an important reason why their infrastructure could not be split up between the google search cloud as one 10.x.x.x range and the gmail infrastructure as another one, for example, as direct communication between the two is probably unnecessary and managed by separate teams anyway.

Multiple routing realms are additional operational complexity. Given the choice of "deploy IPv6" or "run multiple routing realms" I'm sure many companies will pick run IPv6.

One could argue that the 'renumbering' is difficult. Yet the cluster which Google build handles server failover, swap-in and swap-out and data partitioning as one of the major features. Fail to see why they couldn't implement it on the 'private IPv4'-level either...

While I agree that on their scale, such an experiment might be valid, my guess is that it will remain as such;... an experiment with a lot of problems:

1) increased latency because of IPv6 tunneling - and Google is very latency conscious
2) less proven technology leading to exotic problems which show up even more at the Google scale - because nobody uses it

Tunnels will go away and be replaced by native connections. This is a observable trend today.

The amount of IPv6 traffic world wide is growing rapidly. The bugs in equipment will be worked out.

And for what?

To solve the 'we are too lazy to write a stupid IPv4 pool re-numbering/re-partitioning'-problem? While it can be done with a very small shell script(TM)? ;)

There are lots of reasons to deploy IPv6. We are at a tipping point where staying with IPv4 will start to get more and more expensive. IPv6 will be seen as the cheeper alternative.

WTF?

[dbIII]

No, I'm blaming you for being unable to diagnose a routing or dns problem.

Now where did that come from? I do not have any routing or DNS problems and you would have no way to know if I did anyway.
Where does this blind rabid attack dog going for the messenger bullshit come from just because I dared to mention a problem on some machines that happen to have MS Windows 7?

Re:WTF?

[rev0lt]

OK - so you are blaming ME for a problem fixed by unticking a box that says "enable IPv6"?

You did transpose my previous response as some sort of accusation. In fact, there is no "shoot the messenger", because you never stated your IPv6 problems in the 3rd person. But, given that english isn't my first language, my choice of words probably wasn't the happiest one, so I apologize for any unintended assault.

Re:WTF?

[dbIII]

I'm sorry I misunderstood the intention.

Re:Stupidity at Google, guess they have the money.

I hear the same mantra since 1995, yet my smartphone isnt even NATed by my ISP and large corps still sit on large IP blocks for nothing.

Yes, some ISPs are now looking at IPv6, just as they are looking at NAT - I agree that there is no clear winner there yet. Though an IPv6-only ISP would still be the first... And using IPv6 on the internal corp network is an entirely different story. And just not happening.

Yes, dual stack is an option, yet it means that some parts of your infrastructure are unable to communicate - basically replacing the broken part with another broken part.

But hey, dont take my word for it. Ive been an IPv6 believer too... 15 years ago. Now Im just an IPv6 cynic ;)

Eat your own dog food

[ista]

Actually, I'm pretty scared of this announcement.

It basically says Google started offering public IPv6 services without the experience by running IPv6 on their own corporate network.

You need to be running IPv6 on your corporate network first (maybe not "everywhere", but at least "in most places"), so your own developers don't stick to IPv4-only code and learn what actually happens with IPv6 and your networking dept makes IPv6 an important requirement with your upstream or peering ISPs.

Your internal IT helpdesk needs to learn about IPv6 and promptly address it in a user-friendly way ("I do have trouble printing." - "Do you print via IPv4 or IPv6?" is NOT a good example), and so you do need to do this in order to educate any other customer-facing employee who may ever need to talk about IPv4/IPv6 (if you're an ISP, this also includes your customer helpdesk, your sales staff, product developers, marketing and public relations).

Another one is the often-retold stories about IPv6 being broken and being unreliable, and Google is exactly one of those companies doing a lot of publicity and buzz about it.

Probably one of the easier ways to solve this myth is by simply offering router advertisements on a workstation network and make your users actually use IPv4 and IPv6 in parallel (my employer did this a few years ago, with full management backing). So when they do come up with something like "I've heard that 30% of IPv6 connections are completely broken and IPv6 is hard to configure", prepare for seeing stunned faces when you tell them that their workstations have been running IPv4 and IPv6 for five years now.

It doesn't matter on an internal network...

[BlueCoder]

Tell me which business or government agency has filled up 10.x.x.x. IPv6 doesn't matter internally unless your a communications company. Yet it's the communications companies that are keeping it from their customers because it invites a more distributed internet.

It's trivial and easy to upgrade users, just get a new routers, upgrade the firmware on existing ones, or use simple IPv6 to IPv4 endpoint converters. So long as the internet tunnels are IPv6 there are no deployment problems. Servers want visitors which are predominantly web surfers, so they need need to be IPv6. IPv6 users can connect to IPv4 servers easily, the reverse is not true.

Speculation:

Geeks drive this technology. The reason for IPv6 is the contention for addresses. Yet the new IPv6 hands out /64's to end points like it's water... It's not like it was handing out /16's which might be reasonable. So anyone looking at this can clearly see we are being set up for failure and their will obviously need to be an IPv7 or IPv8 to fix the /64 mess. It looks like new scheme is trying to supplant/abandon port numbers.

Re:It doesn't matter on an internal network...

[unixisc]

The real issue here is not just the number of people or devices on the internet, but the number of networks (i.e. subnets) that will be there. For that, 64 bits is adequate, although in the process of trying to maintain a hierarchic structure, it may turn out to not be enough, as can be seen w/ some ISPs giving out /56 instead of /48..

I think /64s are being handed out not to end points, but to customer premise routers and modems, so that those can have a virtually unlimited #devices on their networks. In its first rollout, Comcast is providing /128s to people, and the assumption here is that it's going directly to an end point, and not to a distribution point. I believe that over the long haul, ISPs may have a dual policy of providing /64s to people who would need wi-fi routers or modems for multiple home devices, while providing /128s to people who just need single connections to a laptop or desktop. The advantage of providing a /64 is if a customer would want to be able to host a website, mail server and so on, or want to have dynamic and static IP addresses on his node, so that the ISP won't have to administer a number of this customer's address needs. But if a customer simply needs 1 or 2 connections, the ISP can assign them either static or dynamic /128s.