No IPv6 Doomsday In 2012

itwbennett writes "Yes, IPv4 addresses are running out, but a Y2K-style disaster/frenzy won't be coming in 2012. Instead, businesses are likely to spend the coming year preparing to upgrade to IPv6, experts say. Of course there's a chance that panic will ensue when Europe's RIPE hands out its last IPv4 addresses this summer, but 'most [businesses] understand that they can live without having to make any major investments immediately,' said IDC analyst Nav Chander. Plus, it won't be until 2013 that North America will run out of IPv4 addresses and there's no sense getting worked up before then."

Business as usual

[InterestingFella]

ISP's and hosting companies will not run out of IPs. This only means that the price per IP will start to slowly grow. Hell, every time I order server the companies still happily hand me over 5 IPs without me even asking for them. With a simple request I can also buy 256 ips for the price of $300 a year.

Re:Business as usual

a Y2K-style disaster/frenzy won't be coming in 2012. Instead, businesses are likely to spend the coming year preparing to upgrade to IPv6

Sounds just like a Y2K-style disaster/frenzy.

Re:Business as usual

[SJHillman]

During an ISP changeover in March, we only needed one IP but the ISP gave us a block of 4. Hmm, maybe we can resell the extras...

Re:Business as usual

[SJHillman]

On second thought, maybe I can finally get a static IP at home. Damnit Time Warner, let me have a static IP.

Re:Business as usual

[Aighearach]

he.net won't run out, because they're already ready with ipv6!

This story is actually great news for a lot of geeks, get your selves over to H.E. and get your free ipv6 certs in time for this wonderful pre-Y2K year of bounty!!!

Re:Business as usual

[pak9rabid]

You can...it's called Time Warner Business Class. And besides, with stuff like DynDNS, why do you even need a static IP for your home?

Re:Business as usual

[DamnStupidElf]

Sounds just like a Y2K-style disaster/frenzy.

Pretty much. It's a technical problem that is being solved incrementally over a period of years so that there aren't eventually widespread shortages or other major problems (NAT is pretty much the two digit year format). "Normal" people got frenzied over technical issues, but of course they'll also frenzy over some person on TV having a scripted event happen to them.

Re:Business as usual

[EdIII]

I did not even bother. I got 16 static IP addresses on of my last orders and I told them flat out on the phone I only need 1. You can keep the other 15.

I ended up keeping 2 to split the network off, but let them keep the other 14.

How do you sell it anyways? It's not like I can call up the ISP and tell them to transfer 14 IP addresses to a different account like a telephone number.

Re:Business as usual

[SJHillman]

With stuff like DynDNS why do you need a static IP anywhere? It's useful for VPNing into my home network, setting up DNS (dynamic DNS only goes so far), hosting a webserver, etc... same as any commercial use for people that host stuff at home.

Also, you generally can't get Time Warner Business Class in an apartment.

Re:Business as usual

[Shakrai]

why do you even need a static IP for your home?

The question I'd like to ask is why don't they just hand out a static IP by default? The vast majority of broadband connections are always on; they aren't saving IPs by handing out dynamic assignments.

Of course I already know the answer to my question. It can be located above the '4' key on most keyboards...

Re:Business as usual

[InterestingFella]

Get VPN connection from a company that offers static ip's to users, or host VPN server on your servers. Problem solved.

Re:Business as usual

[Qzukk]

ISP's and hosting companies will not run out of IPs.

No, no, of course not.

This only means that the price per IP will start to slowly grow.

Yes, yes, of course it will.

Claiming that the second will prevent the other is like claiming that if I have an expensive enough metal detector I'll find the pirate treasure in my backyard. You can claim that the last IP will be held ransom for trillions of dollars and never sell, the counterclaim is that there's an upper bound to what people will pay for IPs, the price will find that boundary, and the last of them will sell at that maximum price.

Re:Business as usual

[InterestingFella]

Of course I already know the answer to my question. It can be located above the '4' key on most keyboards...

Â? $ is on the side of '4' ;-)

Re:Business as usual

[pjr.cc]

And besides, with stuff like DynDNS, why do you even need a static IP for your home?

ahhh, well, depends what you do from home doesn't it? take this as an example of why dyndns doesnt really solve some of the problems static-ip-for-home does..

1) my dns entry "me.dyndns.org", points to my current dynamic home ip
2) i run a webserver, chat server (xmpp), mail server perhaps... many different things you could list here
3) my home internet switches off for some reason and i loose my dynamic ip address.
4) someone else logs on and gets my ip adress while im offline
5) someone else starts getting a bunch of connection attempts....

Note: "me" and "my" in this scenario are hypothetical, not actual references to me specifically.

The effect of which can be somewhere between unnoticeable and catastrophic, if you really think it thru... Personally i do run a web server on my home machine for unimportant things and only for me, but there are lots of scenario's where some service your expecting to send data to on your old ip address may expose something you didnt want someone else to see... Then again, it may lead to something more annoying like the user who's getting random connection attempts assumes he's being hacked and acts accordingly...

Re:Business as usual

[Eevee]

t can be located above the '4' key on most keyboards...

Well, on my Dell keyboards it's the F4 key (slightly offset), but on my HP and Sun keyboards it's F3.

Re:Business as usual

[pak9rabid]

Don't use a stupid VPN solution. Last I checked, OpenVPN works just fine over a dynamic IP.

Re:Business as usual

[pak9rabid]

The question I'd like to ask is why don't they just hand out a static IP by default?

There's a few good reasons off the top of my head that I can think of:

• - Dynamic IPs cut a lot of bullshit out of support calls
• - DHCP servers hand out more information that just IPs (default gateway, DNS servers, domain, etc)
• - ISPs like to have the option of re-allocating blocks of IPs without having to call hundreds/thousands of customers to have them renumber their equipment

Re:Business as usual

[XanC]

DHCP can be used to hand out a static IP.

Re:Business as usual

[bbn]

If you are using Debuan/Ubuntu/etc just do this simple command:

sudo apt-get install gogoc

Tada! You got IPv6. Test it at http://test-ipv6.com/

Re:Business as usual

[jandrese]

Not easily if the end user is prone to changing out their hardware (plugging in only one thing at a time into the router, like the instructions told them to do).

Re:Business as usual

[bbn]

There is no such thing as the last IP. You can always take one from another customer that pays less. What, you thought that address you paid extra for was yours to keep for ever? Not so.

In some cases the address space is actually yours to keep. But even then, there will be a price where you will choose to sell it. And if not you, then someone else.

Re:Business as usual

[GPLHost-Thomas]

5) someone else starts getting a bunch of connection attempts....

6) that someone else also runs a mail server, and it's replying "no such domain / user", and sender receives a bounce message

Re:Business as usual

[Culture20]

It's a technical problem that is being solved incrementally over a period of years so that there aren't eventually widespread shortages or other major problems (NAT is pretty much the two digit year format).

NAT is more like checking the code to make sure a jump from 99 to 00 won't hurt anything, then sticking with the two-digit format. It's IPv4, but it's a semi-solution.

Re:Business as usual

[Columcille]

And the good news about this is "normal people" don't have a clue what you're talking about when mentioning ipv4 or ipv6. Tell them, "We're about to run out of IP addresses!" and they'll blink at you. Tell them, "No! PANIC! IPV4 IS ALL FILLT UP!" and they will call for some friendly people to take you to a padded room. Tell them, "Oh, and we have a problem with programs that use a two digit year instead of a four digit year" and they will build disaster shelters.

Re:Business as usual

[DocSavage64109]

On my keyboard, it's a 7 key.

Re:Business as usual

[geekprime]

That was a very profitable time for all my consultant friends and I.

I look forward to businesses putting it off till the last possible second and paying me double to do it RIGHT NOW!!!!!!

Re:Business as usual

[Culture20]

With stuff like DynDNS why do you need a static IP anywhere?

Whenever I'm SSH'd into work from home, I have to remember to run screen because my IP address changes almost nightly, and it seems to be always when I'm in the flow.

Re:Business as usual

[u17]

Because all sorts of services won't talk to you if you are on a spam blacklist. And pretty much all dynamic address pools are on such blacklists.

Re:Business as usual

[ard]

Point being?

Re:Business as usual

[morgauxo]

With any service I have used the DHCP server 'remembers' your MAC address and waits a considerable amount of time (days to weeks) for your return before giving the ip to someone else. unless the ip pool is close to exhaustion anyway...

Re:Business as usual

[noh8rz2]

always when I'm in the flow.

How odd that the ip change is in sync with your monthly hormonal cycle. Could it be pheromones?

Re:Business as usual

[Charliemopps]

#1. They don't want people hosting websites on their broadband connection
#2. They don't want people hosting FTP servers on their broadband connection
#3. Because service areas expand and shrink all the time. New subdivisions go in, routers get moved, equipment gets replaced. Static IPs make all this a pain. With Dynamic, they just unplug stuff, plug in new stuff, customers modem goes down for about 5seconds, comes back up and pulls a new IP. No call required.
#4. Fragmentation. This is something that phone companies are very very used to. Say you own a block of phone numbers 555-555-0000 through 9999, if you're not using a certain amount of any 1000 block, another phone comapny can come in and buy it. It's a law or something. So if you have people that request specific numbers (everyone wants 1000, 1111, 1212, etc...) you end up with 5 customers in each thousand block... now another phone company wants that block and you have a mess... Same with IP blocks. Say you're handing otu static IPs... say an area gets a new competitor in it and you want to sell it off... but there are 5000 customers in there all with random IP addresses inside blocks that you own. Now you have to call them all and change them... yadda yadda...

Dynamic is best for just about every situation unless the user wants to host servers and webpages.

Re:Business as usual

[klapaucjusz]

sudo apt-get install gogoc

More difficult to debug when it fails, but often yields better performance:

sudo apt-get install miredo

--jch

Re:Business as usual

[Aighearach]

That isn't really going to help people get certs and make money, though.

And, if that's all you know is to run that command, you won't actually be able to complete the conversions well enough to be part of the frenzy, as that involves a lot more; dns, http servers and name based vhosting, smtp, etc

Re:Business as usual

[AliasMarlowe]

1. My router notifies DynDNS.org of my current IP as soon as it changes (while running) or is assigned (from router boot).
2. My IP has changed via DHCP precisely once in the last 5 years, when my ISP transferred me to a different service level (it did not change when the ISP was bought out 3 years ago)
Now, if anyone was accessing my site by raw IP address they would have had a hiccup a few months ago. But for anyone accessing it by DNS name, it was a doddle.

Re:Business as usual

[Grishnakh]

But there seem to be strange intermittent problems doing so if you use a Cisco/Linksys E4200 router.

Re:Business as usual

[hairyfeet]

The problem is it WILL be a disaster but not for the reasons people think of, it'll be the flyover states that cause the disaster. Frankly the pay for IT in right to work states is so damned bad nobody bothers learning more than the bare minimum and the corps sure as fuck aren't gonna pay for courses on their dime, so you have poorly trained worker with zero incentive to learn this new tech. Add to this the shitty pay and even shittier hours have caused most of the older guys like myself to run to the hills and get away from the bullshit equals a perfect storm where the old guys that could have picked it up easily are gone and the new guys hate their jobs and are doing the bare minimum until they can find another line of work.

So my prediction is while the coasts will work everything in between will rapidly fall apart. problems that would have taken an hour or two under IPV4 and which will take the same time under IPV6 on the coasts will take days or weeks simply because the skilled manpower isn't there and frankly won't be forthcoming because corps have screwed IT so badly here nobody is taking the courses anymore. My local college is thinking about dropping the IT related courses simply because everyone is in medical or law, nobody is bothering with IT as its seen as a dead end. Basically the corps made the bed but we're all gonna get to lie in it when everything that has to cross the flyover states goes to shit. Hell I called my local ISPs the other day and even their tech guys didn't know jack shit about IPV6 nor could they give me a timetable, NOT a good sign folks and talking to friends in neighboring states they are hearing the same thing.

Re:Business as usual

[tftp]

like claiming that if I have an expensive enough metal detector I'll find the pirate treasure in my backyard.

However strange that may sound, this is true, as long as there is at least one pirate treasure anywhere on this planet. Some digging may be required.

Re:Business as usual

[stamour547]

It's not a static IP then... it's a dynamic IP with an infinite lease. There is a difference. As others have said, DHCP hands out other important information other than the actual address. Do I agree that "static DHCP" could work for broadband internet? Sure it would be really nice... well that is until your router at home dies and you don't know the mac address of the WAN port on said dead router which then leaves that ip address lost unless you call your ISP and have them release that lease from their pool/remove the binding to MAC address. That is one good reason why this thought process does NOT work. But hell what do I know, I'm just a router monkey.

Re:Business as usual

[smash]

Unfortunately, DNS is a cache, and does not instantly update throughout the entire internet. Setting your domain to have miniscule TTL is a BAD THING, and conflicts with the entire design principle of the DNS service.

Re:Business as usual

[chrisgeleven]

Incorrect in some aspects. All caching means is IF a recursive DNS server had done a lookup on your domain recently enough that the TTL hadn't expired, then you use the recursive DNS server's cached copy of the DNS record.

If the recursive DNS server doesn't have a cached copy of the record, it will simply go through the resolution path to get to the authoritative DNS provider and get a fresh copy of the DNS record.

Having a low TTL just means that more queries will hit the authoritative DNS provider since the recursive DNS provider is less likely to have a cached copy of it. It's not bad necessarily to have a low TTL, it just means more queries are generated which results in a little bit longer DNS resolution time compared to using a cached copy. In the case of Dynamic DNS, you are never really going to care/notice any speed hit caused by less caching.

Re:Business as usual

[Ihmhi]

The first time I learned about IP addressess, I learned they were like phone numbers for computers. When you look up a website, your computer is calling the "phone number" (IP) of another. I'm pretty sure you can break it down easily enough using this analogy.

"An IP address is like a phone number for a computer. Everything that connects to the Internet, from your computer to your phone to your television (!) has to have its own IP address. We have so many internet connected devices that we're running out of the numbers, and we need to start using new ones - but to do it means that we need to get new equipment running."

Re:Business as usual

[the+real+darkskye]

For unauthenticated connections, this is true.

But for RADIUS authenticated services (most ADSL connections for example), the IP address can be included in the Access Accept response.

Your cable modem/router may be sending authentication details along with its MAC, and the remote side may use the MAC as a factor in assigning the IP address, but I am unfamiliar with cable technology so I can only speculate.

Re:Business as usual

[cthulhu11]

This is really two issues: a static vs. dynamic address, and a *routable* vs private address. It would be feasible for a residential NSP to use DHCP to give a given customer a static 172.16.x.x address that's NAT'd at their end. Many residential customers don't have a compelling need for a static address, but it could be nice in that eg. a bank's web site wouldn't prompt for additional authentication on every visit. Some want a static address so they can run servers of various sorts without hassling with some sketchy dynamic DNS contrivance. I personally pay the extra $5/mo for a static address so that ACL's of various sorts at work can be configured *once* to let me through.

Re:Business as usual

[neokushan]

And there was me wondering what F3 did that was so special...

Re:Business as usual

[neokushan]

In the UK, Virgin Media (about the only Cable/DOCSIS ISP here) managed to do both incorrectly.
They don't give out static IPs, but they also don't like it when customers plug in different equipment. In "the old days" it was particularly bad, if a customer plugged in a device with a different MAC (e.g. they went from being directly connected to using a router) the DHCP lease refused to issue an IP until the host table on the UBR was flushed.
These days it isn't too bad, but there's still a 4-device limit and sometimes the DHCP lease can last for weeks.
To make matters worse, the only OFFICIAL way the host table can be flushed is via second-line support - first line don't have any tools to do this, so if you do get stuck in that position and don't have a way of spoofing your MAC, you're in trouble - and that's if you know what you're doing.

If you're lucky, the agent you speak to will recognise the problem (self-assigned IP) and not immediately blame the equipment, get second line to flush the UBR and away you go. If you're REALLY lucky, you'll get an agent that knows a trick to flush the UBR manually (Remove Coax from Modem, power on and let it assign a 192.x.x.x IP, then plug the Coax back it - it flushes the internal host table to remove the 192 IP and at the same time flushes the UBR's host table for that modem - simples).

Still, I did always wonder why the bothered doing this and not at least have the graciousness to offer a static IP, especially as their IP leases get longer and longer with each renew (mine is currently at something like 3 months).

Re:Business as usual

[jcurran]

For the last 10 years I have read: "Yes, IPv4 addresses are running out.. blaa FUD blaa blaa FUD" So far nothing has happened. Most computers out there are NAT'ed so, please stop spreading FUD.

And indeed, they have been running out for the past ten years - look at slide 5 from this presentation: https://www.arin.net/knowledge/v4_deplete_v6_adopt.pdf The fact is that ISPs and hosting companies are having to now undergo major changes in order to continue to grow. The fact that we've known this was coming and developed IPv6, gotten into every major OS and the gear of every major network equipment manufacturer is simply good preparation for what's to come.

Re:Business as usual

[digitalsolo]

I've worked with IT all over the country and have seen a pretty consistent spread of incompetence. I will say that I've dealt with more competent people in California than most other areas, but I've also worked with more IT companies in California than most other places, so the results are somewhat skewed on that one.

I suppose my opinion should be of little value though, I currently reside in a fly-over state.

Re:Business as usual

[Bengie]

A few of my friends have switched their entire datacenters over to IPv6 and they claim it is so much easier to use and can't wait to drop IPv4. Almost any server/router in the past 5 years supports IPv6, or you're buying crap. "Hey, I'm gonna drop $10k on this router.. Hmm, this model is $100 cheaper and doesn't have IPv6" well, that's your own fault.

Re:Business as usual

[Grishnakh]

Um, I think you may be a little confused. I'm talking about where you set the router up so that it issues reserved DHCP addresses (i.e., specific addresses are reserved for specific MAC addresses). The router's doing the DHCP addressing, it's not a client. The problem the Cisco/Linksys E4200 has is that, for my laptop, it'll issue a dynamic DHCP address just fine. But if I try to set a different IP address for the laptop using the reserved DHCP function, then restart the networking on the laptop, it simply won't issue a DHCP address to the laptop at all. What's weird is it has no problems with some other machines, but maybe it's because the laptop is wireless and the others are not. Whatever the problem is, it's with Cisco's unit.

Re:Business as usual

[Bengie]

That's gotta be annoying. My IP changes almost exclusively after Network maintenance or my MAC address changes. The longest I've ever noticed having the same IP was over 4 months.

Re:Business as usual

[mintrepublic]

More likely is that the device pulling the IP requests the same one it had before reboot/whatever and the ISP's equipment honors this request if the address is still available. This is how my company's DHCP servers operate.

Re:Business as usual

[steffann]

ISP's and hosting companies will not run out of IPs.

One problem is that while existing ISP's and hosting companies will still have some IPv4 space left, exhaustion at the RIR (RIPE NCC, ARIN, etc) level will block the market for newcomers. With the current policies they will still get a few IPv4 addresses, but not enough to give some to every customer. So there will be older companies where customers can get IPv4 addresses and new companies where they can not. Not a very competitive market :-(

Business opportunity

[ccguy]

Well, anyone looking to make some big bucks in the next 1-3 year should start learning IPv6. Nothing major needed, just setup a IPv6 network at home, if you can rent an external server with IPv6 in any of the many data centers that already offer it, and play with it.

It's not a lot of effort and there will be many highly paid job offers soon.

Re:Business opportunity

[rubycodez]

I doubt much "highly paid jobs", it'll just get thrown onto the backs of IT droids with the rest of the crap they have to do (speaking as one myself)

Re:Business opportunity

[SJHillman]

I think he means you can hire yourself out as an "IPv6 Changeover Consultant", spend ten minutes coming up with an IPv6 addressing scheme and then passing it on the the IT droids while taking the credit and the money.

Re:Business opportunity

[Aighearach]

That's how the free he.net cert works, they give you the lesson, and it involves setting up the tunnel and then configuring a local server to match each lesson.

Re:Business opportunity

[pak9rabid]

Lots of SMB's don't have "IT droids". This actually would be a good opportunity for people such as yourself to break away from the shackles of corporate IT and write your own ticket as a consultant/contractor.

Re:Business opportunity

[EdIII]

The problem is not learning IPv6. That's easy. At least to anyone with more than a little experience doing this. I was working before the Internet even came around and before Ethernet, so I don't see it as a big obstacle.

Where is all the fucking Enterprise hardware and firmware updates to support it?.

That's what needs to be solved. I could support IPv6 tomorrow if it was a simple firmware change. IPv6 will not be rolled out into Enterprise environments for at least 10-15 years completely. Reason why is simple. Not every network device supports it. I got clients that still have 5 years or more to go on lease contracts for huge printer and document systems. No IPv6 firmware updates in the pipeline that I know about.

Operating systems will be faster of course, but you need to cover all of the devices first.

My biggest issue is the routers themselves. If you are running a business or have branch offices, you are not, or should not, be doing that on any hardware you can pick up at BestBuy. Prosumer or higher routers that can set up multiple WAN ports don't have IPv6 yet. Perhaps the absolute newest ones might, but that could represent 20-30k in new equipment costs for a medium sized business with branch offices. For what? Just IPv6?

Unless the manufactures get off their asses, stop being greedy, and push out a firmware update for existing hardware to support IPv6 there will be a lot of people like me that have two choices:

1) Stay with IPv4
2) Spend tens of thousands of dollars on new hardware.

Tough situation.

P.S - Why do any of that until at least 1/3rd of all customers are using IPv6?

Re:Business opportunity

[equex]

Yeah, until someone declares IPV4 'a security risk' and a 'terrorist network'.

Re:Business opportunity

[smpoole7]

> make some big bucks ...

Yes ... and no. It depends. Maybe. No way to predict it reliably for each geographic location. Frankly, for better or for worse (and just for the record, I think IPv6 rocks; I like it) ... that's not likely to happen for the vast majority of small-to-medium-sized private networks. Not if they're working fine now. You might can make a little money helping people go IPv6 on the Internet, but that's about it.

Our facilities are a case in point. We have so much IPv4 stuff, including licensed microwave links that have never heard of IPv6, that we're just not in a hurry. Our 12 broadcast studios use an audio-over-IP system that's IPv4 (with no way to upgrade). All of my remote controls systems, transmitters, satellite receivers and other equipment are IPv4. We need to get a return on that substantial investment before we can even think about replacing it.

We could do a mixed IPv4/IPv6 network, but why bother? It works, don't fix it. We will buy IPv6-ready equipment whenever possible, but here's the real rub: there ain't a lot of it available, not for what we need. (I've been looking for 2 years, since I first heard about IPv6. If you go to a typical equipment manufacturer's Website and search for "IPv6," you won't even get a HIT. "No results found.").

I'm going to ensure we can still do that Internet-thingie (which means that we'll need some IPv6 work there, including IPv6 static IPs and DNS "AAAA" records), but our in-house network is fine the way it is.

I doubt very seriously that I'm the only one saying this, either. Consultants who expect to become wealthy in the next two years helping people with their "IPv6 Migration Strategies" are going to be disappointed. That's my prediction. :)

Re:Business opportunity

[interval1066]

The last few times I installed an os (which were Windows and Linux machines) they came with ipv6 stacks, and it seemed like very little configuration was nessessary. In fact, if I recall, the configuration instructions were how to turn the ipv6 stack off if you wanted to do that. It seemed to be on by default.

Re:Business opportunity

[pjr.cc]

I'd love to know what hardware your running that doesnt have ipv6 support.... just about every supportable, mainstream vendor does, the short list:

- juniper (screenos and junos)
- cisco
- avaya
- netgear
- hp
- ibm

Actually, I take it back, theres too many. If your running gear right now that cant do a firmware upgrade to support ipv6, you really should be considering replacing it cause it must be decades old. Even still-supported decades old kit from cisco has ipv6 support via firmware upgrades.

To be honest, I cant really think of many vendors that dont support it off the top of my head.

Re:Business opportunity

[klapaucjusz]

Where is all the fucking Enterprise hardware and firmware updates to support it?.

Most large companies have been requiring IPv6-capable gear for the last 4 years or so, while the DoD mandages IPv6 support since 2005.

Because of that, most recent hardware and software is IPv6-capable. Cisco IOS, for example, has been doing IPv6 since 2001. Microsoft servers have been able to work over IPv6 since Server 2003. Mac OS X since 10.4, Linux since the 2.4 series.

If you're still stuck with IPv4-only hardware or software, it's your fault.

--jch

Re:Business opportunity

[smpoole7]

> If you're still stuck with IPv4-only hardware or software, it's your fault.

See my next post. Some of us have networks that are composed of far more than just computers, switches and routers, dood. :)

Re:Business opportunity

There's nothing preventing business from dual stacking.

There's no equipment today that supports V6 ONLY. (feel free to prove me wrong there.) The simple solution is to maintain two networks, one IPv4 for legacy devices or anything that doesn't really need to speak with the outside world. Enforce a policy that all new hardware acquisitions need to support V6 or both, and moving forward you'll simplify to 100% V6.

V6 LAN/WAN maintenance for 5000+ device networks is simple, if the network was well designed.

And I'm sorry, I'm a little biased on "Where is all the fucking Enterprise hardware and firmware updates to support it?" Cisco has had extremely good v6 support dating back to 2007. I admit, even today: there's a few v4 features that I miss working with full v6 customers, but it's nothing you can't work around.

If the price of Cisco equipment is too much for your company blood (Being a Canadian, I know the price can be a deterring factor in many small-medium businesses) Software routers with multi-port NIC's, with a small array of 24-48 port Layer two switches will do wonderfully.

As a simple "inexpensive" enterprise solution, For a 400 seat building, a pair of loaded 6513's will provide two - layer three one-gig ports at each station, and allow you to maintain more redundant 1/10G WAN/LAN links then you'll need for years to come. Oh, and they'll do it in V4 AND V6 simultaneously.

Re:Business opportunity

[bbn]

HP did a quick one. We got a ton of IPv6 enabled HP 2910al HP layer 3 gigabit switches. Did I say layer 3? What I meant was layer 3 IPv4 and managed layer 2 IPv6 switches.

Yes, HP apparently figured the switch would qualify for all those government deals that mandates IPv6 support. I bet they were right. But the switches are just some very expensive managed switches for any IPv6 work. No support for routing IPv6 nor any other useful IPv6 support. But you _can_ telnet, ssh, SNMP etc to them using IPv6. The switch can be assigned an IPv6 address. So this qualifies for an IPv6 gold logo. They just do not advertise very loud that it is a logo for a "client"-device.

So does HP suck? Not especially so. It is the whole industry pulling this stunt.

Re:Business opportunity

[trejrco]

Part of the goal of dual-stacking is to enable IPv6 where you can. Noone says you "MUST HAVE 100% IPv6-only EVERYWHERE". Your printers, for example, can stay IPv4-only ... everything else (which probably already supports IPv6, BTW) can move to IPv4+IPv6 in a planned fashion. The benefit: you are ready before you need to be, and don't need a firedrill style deployment down the road. Oh, and it really can be fairly straight-forward :).

Re:Business opportunity

[helix2301]

If you want make money start buying as many IPv4 addresses as you can now and hold on to them. In a few years you can sell them to people that are going to need them and make a small fortune my dad always tough me "Supply and Demand."

Re:Business opportunity

[GPLHost-Thomas]

I got clients that still have 5 years or more to go on lease contracts for huge printer and document systems. No IPv6 firmware updates in the pipeline that I know about.

We never asked that these migrate to IPv6. They are fine with v4.

Re:Business opportunity

Amen to that. We have equipment on the shop floor that is several years old. One of these machines is a laser that cuts huge sheets of material into parts. We have no way to upgrade the embedded hardware, and we can't just 'toss this machine out and buy new' (it's a 175k machine). We have 15 other machines just like that one.

That's not including the Quality Control computers used for measuring the parts ... which are 15 years old.....newer versions of Windows don't support the software that run on these computers.....

Man, I wish people would actually step out into the world.....

Re:Business opportunity

Windows 7 homegroup functionality actually cannot operate over v4 - and requires v6. It is very much there on every new Windows machine, and actively communicating with other machines too. Its probably the most widespread use of v6 currently, in that just about every Windows machine will be checking up on each other via this protocol.
Linux configs vary a bit more in that v6 is not typically enabled by default, but it is often trivial to start and at the very least present in the system's network configuration utility.
Macs are no different either. Ask for v6 - and it'll comply.

Re:Business opportunity

Because you can't simply setup a proxy/NAT in front of them that listens to the v6 addresses and talks to the devices on a private v4 network? I agree that isn't practical for thousands of printers in a enterprise environment, but a single Linux box should be able to handle all 16 of your machines. Worst case is that you have a machine for each device, but that would still be much less than replacing a single machine.

Re:Business opportunity

[klapaucjusz]

we can't just 'toss this machine out and buy new' (it's a 175k machine) [...] newer versions of Windows don't support the software that run on these computers

So you invest $175,000 without making sure you'll get software updates?

I rest my case -- it's your own fault.

--jch

Re:Business opportunity

[klapaucjusz]

Linux configs vary a bit more in that v6 is not typically enabled by default

IPv6 is enabled by default on all Linux distributions known to me, and that has been the case for five years or so.

(Your confusion may stem from the fact that, unlike Windows, Linux distributions do not enable the Teredo protocol by default. But that's a different matter.)

--jch

Re:Business opportunity

[SlashV]

Can you post the public IP (v4) address of those machines? I have some cutting I wanna do.

Re:Business opportunity

[tftp]

So you invest $175,000 without making sure you'll get software updates?

Most of the CAM software has updates readily available. They are just not affordable. In best case you have to pay yearly tax^W maintenance fee for the right to upgrade. In other cases the vendor wants you to buy a whole new software (for tens of kilobucks per seat.) Some vendors may even want to upgrade the hardware as well (if the new software intentionally doesn't support the old hardware.)

So you'd be too quick to blame the machinist for not having the foresight to see in 20th century that IPv6 will be of use in 21st century. Machinists are like that, more focused on drills and mills. Besides, how much choice do you expect to see in the market of CNC laser cutters?

Re:Business opportunity

[Chris+Mattern]

So you invest $175,000 without making sure you'll get software updates?

For a lot of specialized software, you don't have a choice. You buy it and use it, or you can't do business.

Re:Business opportunity

[smash]

Exactly... "IT droid" work is for noobs, consulting is where the money is at.

Re:Business opportunity

[smash]

Yup, this is it. We just rolled out Lync 2010 for example. requires 4 IPs or something stupid like that. DOES NOT SUPPORT IPV6. What. The. Fuck. Microsoft?

Re:Business opportunity

[smash]

The other trick with non enterprise "gig" switches is that sure, they may possibly be able to run gig from one port to another. But try running gig throughput on all ports simultaneously and see how you fare. There's a reason enterprise switching is expensive.

Re:Business opportunity

[smash]

So you run dual-stack on your LAN, and move on.

Re:Business opportunity

[rubycodez]

yes, I've done that. I get paid more now

Re:Business opportunity

[Rogerborg]

Insightful and funny, you win an Internets.

Cleanup the IP Space

[na1led]

There are so much junk IP addresses out there going nowhere, probably enough to keep us going for the next 10 years. If your site has been down for more than a year, time to forfeit that IP.

Re:Cleanup the IP Space

[SJHillman]

You assume everyone with an IP is using it to host a website. And what about people that have a redundant data link that only comes up when their main link goes down? "Well, we haven't had any downtime in the past year, guess we don't need any backups! Go ahead, take my IP!"

Re:Cleanup the IP Space

[tokul]

There are so much junk IP addresses out there going nowhere

Couple of A blocks won't give you 10 years with the way things are expanding in Asia and Africa.

Re:Cleanup the IP Space

[ae1294]

There are so much junk IP addresses out there going nowhere

Couple of A blocks won't give you 10 years with the way things are expanding in Asia and Africa.

I have an idea, why don't we separate the African Internet from our Internet. We could have two Internet's! They would be separate but equal..

Re:Cleanup the IP Space

Almost every single US DoD endpoint (read a few hundred thousand dell workstations and laptops) is using a public IP. The DoD has reserved the same amount of IP addresses as all of the caribbean, central and south america combined, a little over 150 million. The reason we're out of IP space is that corporations and governments are using full class B networks (65536 IPs) for Jill the secretary's laptop and laser printer. A point to point network for a backup ISP is only going to use an extra /30 subnet (4 IP addresses). The IPv4 problem is much less of an ISP and internet problem and more of an incompetent/underpowered/gunshy IT department problem.

Re:Cleanup the IP Space

[SJHillman]

I don't deny that we have a lot of unused/misused IPs. My college had an entire 65,534 IP class B block to itself. The college has around 3,000 students (a third of which are commuters and not there every day) and maybe 1,000 professors, administrators, janitors and other staff. Even if every student, professor and janitor was given ten publicly addressable IPs, they would still have thousands left over. My point to the poster was about forfeiting IPs if they're unused for a set period of time or just because there's not a website on them, not a denial that there's a shitric ton of wasted IPs.

Re:Cleanup the IP Space

[ralphdaugherty]

Nearly all the traffic to the US from those places are attacks anyway.

I see attacks on my little site from new IP address ranges everyday. In my opinion the criminals are constantly expanding to new IP addresses for two reasons: short term it evades prior IP address range blocking, and long term I believe they are trying to use up ipv4 to bring on ipv6 as soon as possible. Once we are on ipv6 the attacks might as well be from every grain of sand. There will be no way to block them, game over.

To those who say blocking IP addresses shouldn't be done anyway, I would say not blocking IP addresses where 99 per cent of traffic is attacks and no real business need for it for your main servers is why there are constant reports of server breakins, data stolen, money stolen, trojans installed, and worse. Yes there are some high profile Anonymous attacks but 99 per cent are from those other places and proxy servers which also should be blocked.

I would be more than happy for Asia, Soviet Union, and Africa to use ipv6 if they are in such dire need of IP addresses and limit connectivity to whom they consider future victims.

Re:Cleanup the IP Space

[ae1294]

Took the words right out of my mouth.. 'The people' in those countries have been shown time and time again that they can't be trusted. We've been letting them get away with raping and stealing from our servers for long enough. My oldest server got raped just last month and I'm still worried that some root-kit or other may still be inside of her. They deserve to be segregated from the rest of us upstanding types...

Re:Cleanup the IP Space

[tokul]

I would be more than happy for Asia, Soviet Union, and Africa to use ipv6 if they are in such dire need of IP addresses and limit connectivity to whom they consider future victims.

You are replying to person from former USSR. Most of us are smart, intelligent and just want to live our lives. Attacks are not initiated from original attackers addresses. If you look up spammer lists, you will find some white meat there. If you segregate internet, you lose global connectivity, critical networking mass and you go back to cold war and little rock nine.

Re:Cleanup the IP Space

[ralphdaugherty]

If there were any appreciable ratio of legitimate traffic to attacks then it'd be different, but there isn't. Practically all traffic from those areas are bots. I'm not cutting off communications if you're not communicating, and vis versa.

Most attacks are from RIPE, APNIC, South American, and AFRIN IP addresses. Maybe 10 percent from ARIN proxies. I and many servers that are broken into have no legitimate business to conduct with these addresses, and if there were better to compartmentalize the traffic to dedicated servers for different areas.

The people like you say are intelligent and well intentioned, but it's the bots that come this way.

Re:Cleanup the IP Space

[tokul]

bots that come this way

Skynet does not exist yet and bots are started by humans from somewhere. Guns don't kill people. Bots don't hack into servers.

RIPE is not USSR. It is European IP networks. I have my portion of Asia connections trying admin password, but I also had alerts about brute force attempts from amazon hosting services.

Other Little Rock High School students had no legit business to conduct with Little Rock Nine, but it does not mean that local government had the right to block them from entering that school.

I suspect that ae1294 user comments about 'separate but equal' pointed out at little pearl from American history. You can call it 'compartmentalization' if you want, but it also can be called 'segregation' and 'racism'. You are free to setup your firewall rules to filter network blocks assigned to unrelated world parts, but it won't free those blocks for ARIN use and one day your customers will ask why something is not working for their customers in that area.

Re:Cleanup the IP Space

[ralphdaugherty]

All legitimate points. FYI I didn't say RIPE was USSR, I said most attacks came from RIPE and the other non-ARIN which I listed. I don't understand your point about bots. I was agreeing that most people are intelligent and well intentioned but some people created and use bots, and that's what the traffic is.

I agree with server host thing as you mention and include them under the broad category of ARIN proxies. It is irrelevant to me whther they are actually a proxy or not, servers accessing my web site are not people and I block them. I used to have a ton of legitimate traffic from education networks but I am changing my focus and at this point schools are idiots downloading the worst of the internet, so they are blocked.

Based on the business the criteria would be different but I said legitimate business accessing the site from the beginning.

Businesses often block outgoing overseas phone calls for same reason. There's only one reason these communications with overseas are taking place, and it's not good.

I also said earlier that if there were legitimate traffic I would compartmentalize the traffic to separate servers. There is no reasin for all these servers being cracked to be exposed to the Chinese and Russians, but businesses and government are being raped by them every day. I attribute it to Chinese and Russians being smarter than the clowns running these servers.

I don't have to be one of them.

Re:Cleanup the IP Space

[smash]

Conversely, most of the spam i see hit my mail server logs is from the US.

Re:Cleanup the IP Space

[garry_g]

That's what some attempts have been ... but defining "unused" is pretty hard - unannounced? Well, I doubt some larger institutions announce their /16 or similar sized networks as individual /24 subnets, so even if they barely use a tripple-diggit number of IPs, you won't see that ...
Unannounced? Even then there might be legitimately used number of IPs ... e.g. for VPN-connections ...
RIPE has made some efforts recovering IP space, namely be starting to charge yearly for PI-space and ASNs ... by that, some areas have been returned when companies either weren't reachable/existent anymore, or when they decided they did not really need the space anymore if it actually costed some money ... (depending on the LIR a /24 cost something betwen 50 and 200â, so an "ancient" /19 or /16 would be pretty pricey ...)

Re:Cleanup the IP Space

[Bengie]

" If your site has been down for more than a year, time to forfeit that IP."

You can't just randomly grab one IP and assign it somewhere else. You have to grab entire blocks. IP block fragmentation has caused the routing table to triple in size in the past 2-3 years, even though the amount of IPs routed has only grown ~50%.

The routing table routes based on blocks. The small the blocks, the more routes.. At the same time, the high and low IP of a given block are reserved. So If I have a /28 that holds 16 IPs, you have to subtract 2 IP right away because of this. So now you're down to 14 IPs. If I only have 8 machines on my network, 6 IPs are being wasted. No one else can take those 6 unless you break the block into something smaller. So now you break that /28 into a /29. Now you have two routes in the routing table instead of one, and you have two blocks that only have 8 IPs. But again, the high and low IPs are reserved, so only 6 per block are usable and 4 are wasted.

But wait, I have 8 devices. I still need both blocks because either block can only support 6 devices. Break those blocks smaller yet. /30. Now you have 4 IPs per block, two of those IPs cannot be used because they're a high and low. Now you can use 4 blocks for your 8 devices, but 8 IPs are being wasted because of high and low.

So your 8 device network now has 4 routes adding extra load on the routing tables, and of that initial /28 you have 8 IPs in use and 8 IPs wasted on high/low reservations. You're even worse off now. Instead of 6 unused IPs, you now have 6 IPs that CAN'T be used and extra routing entries. We're all better off with the /28 and 6 unused IPs. At least the internet won't be slower from the extra routes.

Understand now?

It's a huge mess. IPv6 helps this by having "too many" IPs. We can waste all the IPs we want(with in reason) to make for better routing and organization of blocks.

Re:Cleanup the IP Space

[Bengie]

Not all IPs are available in a block. You lose many IPs when you start breaking a given block into subnets for routing purposes.

Have 80 computer in a computer lab. Well, you need at least 80 IPs. So you need 2^7 bits. If you only have 2^6 bits, you can only address 62(64-2 .0 and .255 are reserved) computers, so you need 7 bits. So now you have enough IPs for 126(128-2) computers, but you only have 80. You've wasted 46 IPs.

Not much you can do about that unless don't care about organizing your network.

Re:Cleanup the IP Space

[Coren22]

http://en.wikipedia.org/wiki/Private_network

Why does your lab need public IPs to start with?

Silly

[HBI]

Only the regional NICs have run out of blocks to distribute. No one has actually run out of IPv4 addresses. Moreover, there is a lot that still can be done to reclaim addresses. Lastly, the huge swathes of multicast and class E addresses haven't even been tapped.

This is just more attempts for the shill media to try to herd people into replacing their gear. It'll fail like the rest.

The USG was scheduled to go to IPv6 in 2006. It hasn't even begun yet.

Re:Silly

Well, I don't want no stupid NAT - anywhere. I can ssh to my home machine and my work machine from anywhere in the world. No NAT at work, and portforwarding at home. I'd like to ssh to every machine at home though - without paying for more addresses. I'd like to ssh into my smartphone too (so I can turn on the gps and find out where I put it.) But that isn't even offered today. IPv6 will make all of this easy. Enough addresses, nothing to pay extra for. Except the transition.

Re:Silly

[Todd+Knarr]

You're right about unused IPv4 space we can reclaim from people who aren't using those blocks. But multicast and class E? Trying to use those as unicast addresses would break most of the existing IP protocol stacks.

Me, I figure the gear will need to be replaced soon. There may be a question of whether it'll be next year or the year after, but I can see the writing on the wall now. Better to get everything started now when I don't have to rush.

When you get -40F winters and you know your furnace wasn't working as well as it ought to, you get it fixed during the summer or early fall when if it needs new parts it's no big deal if they take a week to arrive. You don't wait until it's 10 o'clock at night, the first blizzard of the winter's blowing outside and it's already below zero in the house and dropping fast to find out it'll be 5 days minimum to get the new motor in from the warehouse.

Re:Silly

[HBI]

That would make more sense if IPv6 was easy. It isn't. It's a lot more complicated than IPv4 from a network engineering perspective and I don't see many people doing much to prepare for it in a mindshare sense. v4 was easy in comparison, but even then, it took a few years in the 90s before most private sector types were fully understanding it.

I couldn't see any significant switch even 5 years out.

Re:Silly

[thue]

> Only the regional NICs have run out of blocks to distribute. No one has actually run out of IPv4 addresses.

APNIC is the only NIC which has run out of IPv4 adresses, on 14 April 2011. Surely there have been an ISP somewhere in Asia since then who wanted to use an IPv4 address, but haven't been able to. That should qualify as running out.

Re:Silly

[pjr.cc]

Only the regional NICs have run out of blocks to distribute. No one has actually run out of IPv4 addresses.

Thats actually incorrect. RIR's still have "plenty" of ip addresses to go around, its only IANA thats run out of address space to give to those RIR's.

Re:Silly

[HBI]

My gear is replaced already: everything is IPv6 ready. I have a tunnel already feeding me IPv6.

That said, fixing IPv4 to last a few more years would be a single patch to the IP stacks of most systems. We could have the worst of it done in the next 3-6 months.

Re:Silly

[delt0r]

My router is 3 years old from my ISP and it fully supports IPv6. Seriously what out there doesn't?

Re:Silly

[jesseck]

Well, I don't want no stupid NAT - anywhere. I can ssh to my home machine and my work machine from anywhere in the world. No NAT at work, and portforwarding at home. I'd like to ssh to every machine at home though - without paying for more addresses. I'd like to ssh into my smartphone too (so I can turn on the gps and find out where I put it.) But that isn't even offered today. IPv6 will make all of this easy. Enough addresses, nothing to pay extra for. Except the transition.

I, too, would like to ssh into your machines at home and your smartphone.

Re:Silly

[Todd+Knarr]

See: flag day. Best avoided. You can't make the change simultaneously on every single computer connected to the Internet, and if you don't you're going to have random breakages from the point where you start until the point where the last computer's been patched. I'd rather not have frequent and unpredictable failures of the global Internet for 3-6 months.

Re:Silly

[Princeofcups]

This is just more attempts for the shill media to try to herd people into replacing their gear. It'll fail like the rest.

Agreed. The article should be "Almost no one is talking about IPv6." There are some places where it could be useful, such as universities and national labs, where most machines have their own IP on the internet. But most companies are ten dots behind firewalls. Hell, most home machine are 192s or 10.s behind firewalls.

Re:Silly

[am+2k]

Not to mention every single business that I've ever dealt with has some sort of proprietary in-house software for one need or another. If it's a networked application then it's running on IPv4 no doubt.

All Java apps magically support IPv6 without any changes to the code (unless the program does some IP trickery itself, like storing the IP address as text in a database field that only allows 15 characters max). HTTP clients and servers all support IPv6. That should take care of a lot of custom software.

Re:Silly

[jandrese]

In my experience the difficulty with IPv6 translation isn't at the socket layer--all of that stuff was figured out ages ago and only requires a few tweaks here and there to support both easily--the difficulty is with parsing configuration files, creating dialog boxes, etc... Lots of UI elements were spaced assuming that an IP address would only need 15 digits to be fully displayed, and IPv6 breaks that.

The upshot is that converting an application over to IPv6 is rarely as easy as it should be.

Re:Silly

[jandrese]

For what it's worth, IPv6 world day went quite smoothly back in June. My only complaint is that they turned IPv6 back off at the end of the day instead of leaving it on and getting people started with actually fixing their broken stuff.

Re:Silly

[jandrese]

Apparently Verizon still gives most FiOS customers IPv4 only routers because they're some custom conglomeration of an incredibly low end home router and in-home data-over-coax setup so they can sell you horrible movies at terrible quality and high prices on their PPV system.

Seriously Verzion, I know that PPV is supposed to be a big moneymaker for you, but why is it every time you advertise it, you're showing us movies that nobody could possibly want to watch? "Mr. Popplers Penguins, Watch this incredible blockbuster now with FiOS On Demand!" (for $6). It's a running joke in my house how bad movies they advertise on those spots are.

Re:Silly

[Todd+Knarr]

Yep. Which is going to come back and bite them the day they don't have a choice, they have to have IPv6 turned on to talk to something they need to talk to. I'd rather find and fix the broken stuff over the next 6 months to a year, instead of a year from now when having it on's causing production outages and turning it off isn't possible.

Re:Silly

[bbn]

APNIC ran out 19 April 2011: http://www.potaroo.net/tools/ipv4/index.html

Re:Silly

[QuantumRiff]

From what I have seen, IPv6 is MUCH simpler in implementation.. the part that gets tricky, is working with hardware, and 30 years of businesses working around the limitations of IPv4..

Re:Silly

[HBI]

It's not simpler. The concept of addressing is completely different, for one.

Read this and tell me IPv6 is MUCH simpler. Puhleeeze.

Re:Silly

[theunixbomber]

I use openvpn to allow me to to exactly what you're describing. My connection home network is NAT'd, but from work or anywhere else that I have my laptop, I can ssh directly to any machine on my home network. I only need to make my openvpn connection. It works really well. I'd be willing to bet you could get an openvpn client for your phone and make set it to always connect. Then you'd be able to get to your phone from anywhere also.

Re:Silly

[arose]

NAT is not a firewall.

Re:Silly

[bbn]

And when you are done reading it, you will realize that nothing in there was something you actually need to know.

Deploying IPv6 is dead simple. Really.

Having every subnet to be /64 means people will not need to understand concepts such as netmask.

Having automatic default routes means people will not need to understand routing even when configuring addresses manually.

Having no NAT means people will not need to understand NAT. Yes really. NAT is a complicated subject for the average user.

In general it can be said that deploying IPv6 is so easy, that will happen automatically as soon as your ISP provides it. Your IPv6 ready router will pick it up and so will your computer.

Re:Silly

[HBI]

Find a router in Best Buy that supports it.

Then realize that Windows clients default to link-local addresses. Now, suddenly, the stuff in that page IS something you care about. User has address that doesn't work. Kind of like APIPA but completely unintelligible to the end user.

How about XP clients not supporting DNS on v6? Seen the numbers on how many XP clients are still out there?

Yeah, dead simple. Right. It's not simple and it won't be simple in the near term for anyone who doesn't do this for a living (and understand it) to switch. And by understanding I don't mean a freshly minted A+ help desk guy.

Re:Silly

[bbn]

Then realize that Windows clients default to link-local addresses

No Windows does not default to link-local addresses. Windows will _never_ use a link local address for accessing an internet site. No IPv6 enabled device would. If you actually read and understood that Wikipedia page, you would know why too.

How about XP clients not supporting DNS on v6?

XP clients has the needed support for DNS. Nobody would be crazy enough to deploy a pure v6 only network with XP clients on it. No home router on the marked operates in this mode. The XP clients will continue to lookup AAAA records using v4 and this works just fine.

It's not simple and it won't be simple in the near term for anyone who doesn't do this for a living

I think the difference between me and you might be that I have actually deployed an IPv6 network to customers on a large network. There are zero problems. It just works. And yes, for windows clients too.

Re:Silly

[tftp]

"Mr. Popplers Penguins, Watch this incredible blockbuster now with FiOS On Demand!" (for $6). It's a running joke in my house how bad movies they advertise on those spots are.

My theory is that majority of PPV users don't care how good the movie is. The cable company earns more if it offers a cheap movie and 100 people watch it than if it offers an expensive movie and 150 people watch it.

Re:Silly

[marka63]

For a network administrator IPv6 is simpler that IPv4 to run. No more calculating subnet masks. No more trying to guess how many addresses you
need to assign to a subnet that needs to be externally addressable. No more having to match up internal / external addresses when debugging. No more having to configure port forwarding.

There are a few new things with IPv6, like prefix delegation, but in reality they are no more difficult than what you have been doing with IPv4 for the last decade.

At the wire level IPv4 and IPv6 are equally complicated.

For the application developer they are equally complicated.

For the home user there is basically no difference. Just make sure that the router you buy is IPv6 capable. They exist now. When you next replace your router make sure you get one that is IPv6 capable and don't forget to re-flash it when you get home. Like any other computer they need to be updated regularly. When your ISP supports IPv6, the router will get a address block from the ISP, using prefix delegation (PD) and use that prefix to give your internal machines
a second IPv6 address which it will use to talk to the world.

Re:Silly

[marka63]

Not to mention every single business that I've ever dealt with has some sort of proprietary in-house software for one need or another. If it's a networked application then it's running on IPv4 no doubt.

If the application developer has been worth the money you have been paying them then the in-house software should be IP version agnostic. Additionally, even if it is IPv4 only, there is no reason not to bring up IPv6 in parallel. It will then allow you to test updated versions of the in-house applications to ensure that are IP version agnostic.

Enabling IPv6 on the network has NO effect on IPv4 only equipment.

Re:Silly

[marka63]

Well, I don't want no stupid NAT - anywhere. I can ssh to my home machine and my work machine from anywhere in the world. No NAT at work, and portforwarding at home. I'd like to ssh to every machine at home though - without paying for more addresses. I'd like to ssh into my smartphone too (so I can turn on the gps and find out where I put it.) But that isn't even offered today. IPv6 will make all of this easy. Enough addresses, nothing to pay extra for. Except the transition.

I, too, would like to ssh into your machines at home and your smartphone.

There is no security difference between "port forwarded" ssh and "directly reachable" ssh. Just because the owner of the equipment can get it doesn't mean that others can get it.

Re:Silly

[HBI]

I'm going to jump all over you here. Sorry.

IPv6 is infinitely more complex than v4. Sorry. You just don't know what you're talking about when you say that it's simpler or equivalent. You're looking at it from a jaded perspective. No user will ever understand this heap of dynamic configuration. They won't be able to troubleshoot it. They'll resist switching to it, kicking and screaming all the way.

Why? Well, go back to why IPv4 won out in the first place. The use of TCP/IP version 4 on the network even back in the 90s was not a given. You could run IPX or AppleTalk amongst other protocols over a wide area network. True, they sucked. I spent a few weeks at a major telco's headquarters trying to tune AppleTalk to run over a WAN. It wasn't pretty - these protocols were made for LAN use and required constant handshaking and ACKs that were relatively painless on a LAN but destroyed performance over DS-3 class WAN links. Still, it could have been done, given time and effort and coding resources. There were ways to apply the lessons of IP to these protocols.

Instead, everyone put the effort into writing TCP/IP stacks - or taking them from BSD, really. The reason wasn't technical superiority. The reason was that the protocol was fully intelligible to those who were working with it, given a bit of study. In comparison, the other protocols of the time were dynamically configured and hid most elements of addressing from the end user. TCP/IP was written to be simple and straightforward. The others weren't, they had different design goals - dynamic configuration aka usability by complete morons being one of them, particularly in the case of AppleTalk. IPX was no slouch in this department, though. I seem to remember pretty much the only choice in addressing required was the IPX internal network number on a Netware 2 or 3.x box.

Once people saw how easy IP was to set up, they wanted it, and the OS vendors (Apple and Microsoft, mostly) chose to embrace it rather than provide an opening for someone else.

With IPv6, the authors have pretty much come full circle. It's an almost totally dynamic protocol from the perspective of the end user. It's like someone took one of the dynamic LAN protocols of yore and made it work well in the WAN sphere. You think this is good. I think this is bad. The barrier to understanding how it works is much higher than with v4. It has duplicated functionality, a sure sign of design by dysfunctional committee. No one wants it except geeks.

The bottom line is that I see this conversion ending up like the DTV fiasco that has just concluded. It took the better part of 20 years to do that conversion.

Re:Silly

[marka63]

And those boxes will need to be able to talk to IPv6 only servers elsewhere in the world and no there isn't good technology for IPv4 to IPv6 initiated connections.

Bringing up IPv6 in parallel to IPv4 will allow all those home/business machines to reach these IPv6 only servers. It's only a matter of time before such scenarios become common and not test as that are today.

Re:Silly

[smash]

Airport extreme. Next.

Re:Silly

[marka63]

I'm going to jump all over you here. Sorry.

IPv6 is infinitely more complex than v4. Sorry. You just don't know what you're talking about when you say that it's simpler or equivalent. You're looking at it from a jaded perspective. No user will ever understand this heap of dynamic configuration. They won't be able to troubleshoot it. They'll resist switching to it, kicking and screaming all the way.

The basic trouble shooting tools are identical between IPv4 and IPv6. ping, traceroute.

Why? Well, go back to why IPv4 won out in the first place. The use of TCP/IP version 4 on the network even back in the 90s was not a given. You could run IPX or AppleTalk amongst other protocols over a wide area network. True, they sucked. I spent a few weeks at a major telco's headquarters trying to tune AppleTalk to run over a WAN. It wasn't pretty - these protocols were made for LAN use and required constant handshaking and ACKs that were relatively painless on a LAN but destroyed performance over DS-3 class WAN links. Still, it could have been done, given time and effort and coding resources. There were ways to apply the lessons of IP to these protocols.

You still running UDP/TCP/ICMP etc. above IPv6. All of these are still designed for WAN use.

Instead, everyone put the effort into writing TCP/IP stacks - or taking them from BSD, really. The reason wasn't technical superiority. The reason was that the protocol was fully intelligible to those who were working with it, given a bit of study. In comparison, the other protocols of the time were dynamically configured and hid most elements of addressing from the end user. TCP/IP was written to be simple and straightforward. The others weren't, they had different design goals - dynamic configuration aka usability by complete morons being one of them, particularly in the case of AppleTalk. IPX was no slouch in this department, though. I seem to remember pretty much the only choice in addressing required was the IPX internal network number on a Netware 2 or 3.x box.

Once people saw how easy IP was to set up, they wanted it, and the OS vendors (Apple and Microsoft, mostly) chose to embrace it rather than provide an opening for someone else.

With IPv6, the authors have pretty much come full circle. It's an almost totally dynamic protocol from the perspective of the end user. It's like someone took one of the dynamic LAN protocols of yore and made it work well in the WAN sphere. You think this is good. I think this is bad. The barrier to understanding how it works is much higher than with v4. It has duplicated functionality, a sure sign of design by dysfunctional committee. No one wants it except geeks.

IPv6 can be as dynamic or as static as you want.

The bottom line is that I see this conversion ending up like the DTV fiasco that has just concluded. It took the better part of 20 years to do that conversion.

Re:Silly

[unixisc]

Only the regional NICs have run out of blocks to distribute. No one has actually run out of IPv4 addresses. Moreover, there is a lot that still can be done to reclaim addresses. Lastly, the huge swathes of multicast and class E addresses haven't even been tapped.

This is just more attempts for the shill media to try to herd people into replacing their gear. It'll fail like the rest.

The USG was scheduled to go to IPv6 in 2006. It hasn't even begun yet.

Class D & E addresses are all recognized by all IPv4 routers as being multicast and experimental addresses. Re-programming them to be usable as Class C addresses, w/ or w/o NAT, would involve reprogramming every IPv4 router on the face of the earth to recognize them as such. In short, the same amount of effort as getting routers to recognize the whole new IPv6 protocol.

People do not need to immediately replace their gear - all they need is to ensure that any new gear supports IPv6, and that they start transitioning to it as they expand their network. Start w/ services that benefit the most w/ IPv6, such as Skype, Mobile IP, and applications that work badly w/ NAT. That's where the pain points will go. Then introduce something like Dual-Stack Lite, which would allow local networks to remain IPv4, but tunnel them over IPv6 over the larger network. Nobody has to dump existing hardware - just make sure that new hardware that's procured supports IPv6

Re:Silly

[HBI]

One IOS update fixes that. The firewalls don't care, they pass addresses regardless of their origin. For that matter, on the IOS devices, one could route-map a fix for the D and E blocks without even an update, though an update would make it easier. It's not anywhere near as hard as doing IPv6. Flashing routers is easy. Writing configurations is hard.

You folks can keep fooling yourselves that IPv6 is easy...doesn't mean anyone else is buying, though.

Re:Silly

[unixisc]

One IOS update applied to millions of routers worldwide! Given that effort, there is no difference b/w trying to recoup multiplexed & experimental addresses, (222-255 i.e. 32 blocks) vs going to IPv6. Flashing routers - the code updates that the routers will be flashed w/ would have to be written, which is as difficult as writing configurations. Besides, writing configurations for IPv6, one has the choice of auto-configuration, if one does not want to go the DHCP route.

Addresses cannot be reclaimed in the quantities that are needed by ISPs to support a growing number of customers. With IPv6, they don't need to bother - they get, say, a /32 from ARIN or whoever their RIR is, and can give each customer a /64, if not a /60 or /56 or /48. At the customer end, they can configure it either to autoconfigure, or use DHCPv6 in the same way that one uses DHCPv4.

As far as businesses go, if one has applications that are hard-coded using IPv4 addresses, as opposed to using DNS, I agree some work is needed in finding those and having IPv6 addresses available as well. In fact, for applications that assign or need to assign new IP addresses, it's easier w/ IPv6, where one has the entire /64 to play w/, as opposed to IPv4, which either has to be re-used, or another local IP address given. In particular, for the networking of virtual machines, IPv6 is a godsend, since the hose machine can have one IP, while each of the virtual machines it's running can have different IPs.

The transition from IPv4 to IPv6 may be painful. But once that switchover is done, IPv6 is easy. This transition needs to be done w/ at least a major fraction of the seriousness that Y2K was - sans all the food hoarding, and building disaster shelters.

I'll be getting ready now, thanks

[Todd+Knarr]

I'll be getting my network IPv6-ready now, thanks. I'll need to get a tunnel running to get connectivity, but I'll have a solid 6 months to a year to get all the bugs ironed out before I need to depend on it. That way I won't have to panic and rush if problems come up, and I won't be doing a mad scramble to get everything done as a hard deadline looms.

It's always easier and less disruptive to do something if, when something goes wrong, it can stay broken for a couple of weeks while I sort things out and it's no big deal.

Re:I'll be getting ready now, thanks

[rubycodez]

you are being a drama queen since it's so easy, I set up ip6 tunnel for myself in three hours a year ago including the pf rules, been working flawlessly for two home servers (accessible from the internet at large), two workstations, and three laptops.

Re:I'll be getting ready now, thanks

[Todd+Knarr]

No, I'm not a drama queen. I'm a paranoid bastard who makes Mad-Eye Moody look positively naively trusting. Which is another way of saying I've been through major infrastructure deployments before. I don't believe in Murphy, I'm on a first-name basis with the little toerag.

Making an IPv6 tunnel work, that's easy. The hard part's making it not work in the spots that need to not work without breaking what's supposed to work. If everything goes smoothly it'll be a piece of cake, and if I do it now it'll probably go smoothly. But if I wait until the last minute, 99 times out of a hundred it won't go smoothly. So I'll be paranoid and get it done now and be pleasantly surprised at the lack of problems, then kick back and relax with a bowl of popcorn while Murphy visits all the people who waited and zany hijinks ensue.

Re:I'll be getting ready now, thanks

[Fred+Ferrigno]

There will never be a do-or-die moment where you need to use IPv6. For many years coming, IPv4 addresses will still be available, just at a slowly increasing cost. People and institutions will switch over gradually when the cost of IPv4 exceeds the cost of switching to IPv6, which will happen at a different point for everyone.

Re:I'll be getting ready now, thanks

[Todd+Knarr]

Actually there will be a do-or-die moment: the moment the first server I need to access only has an IPv6 address because the person who owns it doesn't want to pay the cost of an IPv4 address. At that moment I'll need to have IPv6 working. That point won't be under my control. Cost/benefit from my side won't matter. The only thing that'll be gradual is the number of things I need to have working that won't work at all. So better to be prepared now, so that when other people start deciding it's just too costly to get IPv4 addresses I'm not caught flat-footed.

Re:I'll be getting ready now, thanks

[rubycodez]

I do major infrastructure deployments for a living. Deploying IPV6 in a home, even with a few servers, is not one of those

Can't help but wonder...

[f3rret]

Why they're even bothering to do all of this, I mean didn't science prove world's gonna end by the end of 2012.

Re:Can't help but wonder...

[jellomizer]

No it is the Evangelical Christians who are believing a Pagan calendar designed to help worship many gods. Sometimes I don't think most of these people actually read the bible.

Re:Can't help but wonder...

[ae1294]

No it is the Evangelical Christians who are believing a Pagan calendar designed to help worship many gods. Sometimes I don't think most of these people actually read the bible.

Maybe they know their own religion is full of shit.

You can mod me down but you can't mod down the coming Mayan Apocalypse. Ah Pukuh shall call fourth Ah Muzencab to smite thee all.

They don't know what they are talking about

Those guys must be stupid:

"IPv6 might allow those applications to operate in a more seamless way because of peer-to-peer capabilities built into the protocol"
What is he talking about? It appears that he never actually spent time trying to understand the protocol and that he got the quote from some marketing brochure that he downloaded.

"2012 is a great time to learn and to plan,"
YOU HAVE TO BE KIDDING ME!

"Figure out how to incorporate IPv6 into your upgrade cycles and your process update cycles"
If you didn't figure that out 3-5 years ago, then you have a lot of upgrading to do next year.

"The lack of IPv4 addresses probably won't force many enterprises or carriers into IPv6 in the next few years"
Not sure what carriers he talked to. Most of them already have IPv6 projects and real customers.

"NAT (network address translation) can bridge the gap to make IPv4 resources available to IPv6-only systems and vice versa"
Let me know what device I can install to translate from v4 to v6. I would be very interested in understanding how such device would work so I don't have to migrate my users. NAT46 is a myth...

Re:They don't know what they are talking about

[bbn]

If you are a lazy enterprise, you can buy a NAT64 box and put in front of your servers. It is a one step solution to exposing your services on the IPv6 network.

And for the employees, well what are they doing browsing the net during working hours anyway? Plus, you probably have them using a proxy server already (so you can filter dangerous non-work related pages) and said proxy server will work as a translation technology. Only the proxy server needs an IPv6 address.

Lazy enterprises can get away without implementing IPv6 for almost forever. Just like they did with IE5.

Arrogance.

[Jaruzel]

Plus, it won't be until 2013 that North America will run out of IPv4 addresses and there's no sense getting worked up before then.

Christ. Arrogant much? last time I looked the Internet existed beyond the terrorist state known as the USA.

Re:Arrogance.

[HBI]

Christ. Arrogant much? last time I looked the Internet existed beyond the terrorist state known as the USA.

Your hate proves the submitter's point. You hate because the US is a hegemon. What happens outside the hegemon state is fairly irrelevant to those within.

Keep hating, it'll shorten your lifespan to no point.

Re:Arrogance.

[AdamJS]

The United States is the main concern for, well, Americans, obviously.

Way harder than a firmware update.

[Sycraft-fu]

For cheap consumer devices that do everything in software, sure a firmware update is all it would take, at least in theory (IPv6 can take more memory and CPU so on limited devices there might not be enough). However enterprise networking devices? They usually have to have parts replaced.

Reason is that to get the kind of speeds and latencies we want, you need ASICs, Application Specific Integrated Circuits. Those are just what they sound like: Devices designed to do a specific thing. That also means they aren't programmable. ASICs allow us to do stuff cheaper and faster than we could do in software.

A simple example is a gigabit switch. Crack one open and you see a very small little chip that handles all the switching. Now try it with a PC, stick in 8 gigabit cards and have it bridge between them. It'll overwhelm it, despite having a powerful CPU. Reason the switch can handle it is that little chip does nothing but switch packets. It is designed for only one task and does it well.

So enterprise stuff has this too, but some more complex ones. You get ASICs to speed up routing. Problem is if the ASIC was made for IPv4, it cannot be expanded to IPv6. You need a new one.

On the campus where I work they upgraded all the big routers to do IPv6 and it was pricey, seven figures even with our discounts. All the supervisor modules had to be replaced. Now yes, before that they could have technically turned it on, there was IPv6 for IOS on the older stuff. However it was all done in CPU, which is pretty limited on those routers. So if a couple people used it, it'd be fine. However if lots of people did, it'd crash the routers. The only way to give them the capacity to support it for everyone was to get new IPv6 hardware.

It isn't a matter of being greedy. As I said, Cisco would let you turn IPv6 on for many devices, like the 6500/7600s we use. It just couldn't accelerate it because it lacked the hardware. No magic fix for that.

Remember high end networking equipment isn't replaced often. You can leave it in place for over a decade. They aren't going to replace it all just for fun.

Re:Way harder than a firmware update.

A PC will handle layer 2 bridging just fine /w 8 ports. There really isn't a whole lot of effort involved in shoving packets around like that. Did you base your statement on actual observation or did you pull it out of your ass?

Those desktop 5 and 8 port switches from Linksys or whatever have "switch on a chip" type IC's because they're cheap, not because they're wonderfully efficient (though obviously lower power and better latency than a PCI bus)

Obviously in a datacenter, you want a real switch.. They're more efficient, lower latency, easier to manage, and have a full array of enterprise management and configuration capabilities.

Re:Way harder than a firmware update.

[EdIII]

I can understand switches needing to be replaced, but that is typically less expensive than a router. That would not break us. Additionally, we can have a hybrid environment internally at least.

It comes down the router. I did not think about the ASIC only being able to handle IPv4. At least not on a multi-thousand dollar router.

You bring up a good point, and it is going to be very very hard to justify the expense for business until consumer adoption reaches a certain point.

It's like a major business push to be supporting something browser specific when that browser has less than 1% of the market share and the costs of support and implementation are non-trivial to say the least.

To my knowledge DD-WRT does have IPv6 support, so consumer adoption is possible for that small portion of the market, which means it is possible for the major manufacturers to push out an update for consumers. Even an advertisement campaign, rewards, etc.

It would be in their interests too. If I knew that consumer adoption was reaching even 25% for IPv6 I would start seriously considering the financial investment for the new routers from the manufacturers.

Until then, if they want me to spend 5k plus on a router, it must have more benefits than just IPv6.

Basically, it is not businesses that can push this, but consumers first. ISP>Consumers>Businesses. Only way I see it making sense for us.

Re:Way harder than a firmware update.

[Sycraft-fu]

No I base it on having used a computer for such things. Turns out it hits things pretty hard to try and move 16 gigabits of data around.

Also you seem to somehow think that cheap and and efficient can't go together. The first is because of the second. Because the switch ASIC is so efficient, it can be made extremely small and thus extremely cheap.

Go look up ASICs, go read on the things they are used for, go and learn about the difference between doing something in hardware and software.

Software implementations are great because they are flexible. However they are slow, relatively speaking. Dedicated hardware is much faster, but inflexible. It does only one thing but does it really well.

Go have a look at a big switch some day, see what kind of CPUs they have. You'll be amazed, it isn't much, in relation to what they do. Particularly since we aren't talking about just switching. A 7600 is a layer 3 switch and you can have it do routing and firewalling on every port, and yet still get latencies and throughputs like you were doing switching. Guess what? Takes purpose built hardware to do that and yes, it means it is designed for particular protocols. You can't just have the CPU take over, it lacks the power.

Re:Way harder than a firmware update.

[Sycraft-fu]

I guess I'm sort of misusing switch. Many of the high end devices are switches, routers, and firewalls all in one. I tend to generically call them switches. As I said at work we have mostly 6500s and 7600s for the distribution layer (12000s in the core now, used to be 6500s). They act as switches, routers, and firewalls to all ports. Data moves with the sub-millisecond latencies of a switch, however there is full routing and access lists on all the ports.

Takes some serious dedicated hardware to pull all that off. When we first bought them, IPv4 was all they had on them. IPv6 was still really new. As such they had to be upgraded later (also the firewalls are additional modules).

Same shit with any other protocol. We used to route IPX/SPX and again, the 6500s couldn't do it. I mean they could, but only in their CPU, no acceleration. So we had separate routers they handed the traffic to so they didn't get overloaded.

These days basically all high end kit handles IPv6 in hardware no problem. Only thing is, you don't go replacing it all the time.

Re:Way harder than a firmware update.

[Bengie]

You're thinking of a "dumb" switch. Most enterprises are thinking Layer3 managed "switches". In an enterprise infrastructure, the difference between a switch and a router is effectively where it's located. An edge router is a router, a router with 48 gig ports is a switch. Both can do Layer3 and both have route tables. One is designed to connect many computer and one is designed to route data to the internet/wan.

Re:Way harder than a firmware update.

[unixisc]

In a way, I agree w/ Ed III that the manufacturers of networking gear should do what's possible to make firmware upgrades available cheaply to all gear that can be upgraded, and work w/ customers on migrating their IPv4 gear to IPv6, instead of looking @ it as just another opportunity to make their numbers.

For the equipment you mentioned that requires ASICs, like Gigabit switches, there is no reason why such things for IPv6 cannot be implemented in FPGAs initially, and later, once sales reach critical mass, do ASIC spins of those. That's what typically happens anyway - if the volumes don't justify the development costs required in getting separate masks and tapeouts, simply program FPGAs to do what's needed, and use that for the initial low volumes that are initially required. Once the volumes ramp to the point that a networking company would indeed improve its margins by going to ASICs instead of keeping on using FPGAs, they can do that, ramp their volumes, and that too would become as mainstream as its IPv4 counterpart. In short, it's not that expensive for a networking company to build IPv6 gear out of FPGAs initially, and migrate them later when volumes go up.

Also, as some other posters have indicated, all the major vendors claim IPv6 support now, although I guess the actual level of support would depend on how they define it. Incidentally, I too think that w/ something like IPv6, which is designed to accommodate plenty of nodes, one should be less likely to see single port routers, but instead Layer 3 switches instead. Maybe use a new term for it in IPv6, such as Routing Switches. One can have different price points based on the #ports.

Re:Way harder than a firmware update.

[unixisc]

For an IPv6 network, is there really a need for an edge router in the first place? You can have a router w/ its usual serial input & output ports, as well as all the gigE ports it needs. Similarly, do layer 2 switches make sense anymore? They made sense in SPX/IPX, where you didn't have layer 3 at all, and in IPv4, they made sense given that there were a lot more MAC addresses than IPv4 addresses, which is why each IPv4 address had to be mapped on to a MAC address. But in IPv6, is that even necessary anymore? At the router level, one should be able to assign IPv6 addresses, be it DHCP or Auto-configuration, and that address can be used to get directly to the required node. MAC addresses just play the roles of a middle-man, a sort of hardware level NAT, if you will.

In other words, while IPv6 can certainly work w/ current Layer 1 devices, that doesn't imply that future Gibabit cards, or other such equipment can't be made differently to take advantage of IPv6. For instance, if they returned to having some E2PROM or flash on such devices, then from the host end, one could assign all the IPv6 addresses that one wants to a given host, w/o having to go to the DHCP server. Like lets say somebody gave one IP address to one's httpd server, another to one's SMTP server, another to one's POP server, another to one's SCP server and so on, but they all were physically on the same BSD or Linux tower, one could do it easily if newer networking equipment allowed for such special IPv6 features. In IPv4, one doesn't have multiple IP addresses associated w/ a single network card, but that restriction doesn't need to be there in IPv6. It also allows the node to belong to multiple networks, just in case....

why arent the nerds excited?

[pjr.cc]

Yes, running out of ipv4 address space is alot of hot air, probably for another 3-5 years. In reality they could even extend that quite a bit. assuming you dont take into account china and india all getting internet-connected phones... thats a somewhat scary scenario.

But, what I dont get is why geeks arent excited about the move to ipv6... I *LOVE* ipv6, i wish my isp would get it faster.

From a purely geektechnonerd perspective, i find ipv6 interesting and hence want to use it (do use it in fact).. i think it has its flaws though, and what scares me is the lack of a "real" private address range (with nat) like we do now with ipv4. While I can understand people in the linux kernel going "nat was crap, we're not doing it in ipv6", i find that view very short sighted. Yes, ipv4 nat is a "hack" (or was originally created to facilitate a hack), but its come to be a useful one and can get you around some nasty things an isp can do to you simply by limited the number of addresses you can have (not to mention many other things it can give you)...

But, the techo in me who loves setting up networks cant wait till the next job im doing that uses ipv6, and thats coming more frequently now.

Quite honestly, if the press wants to make a big deal out of it and blow it out of proportion, im not going to stop them or even criticize them. I love doing ipv6 and if a client is thinking "maybe i should do ipv6 with my next network overhaul" I dont really care what the reasons for it are, be it a sensationalist media hype reflex or an interest in the protocol itself...

But then i get excited over most new bits of tech - be it physical or not. As in, i get about the same levels of excitement when google announce a new android phone (i.e. the nexus) as I do when a client starts asking me about how they adopt their network for ipv6.

Ok, ipv6 aint exactly new by any means, but people implementing it is another matter. The best part is until you see real (i.e. complex) networking scenarios using ipv6 you dont even some of the challanges that lay in store for you when implementing the protocol... but thats an article, not a slashdot post.

Re:why arent the nerds excited?

[Jeremi]

what scares me is the lack of a "real" private address range (with nat) like we do now with ipv4.

Dunno what your threshold for "real" is, but Wikipedia mentions this... perhaps that would do.

Re:why arent the nerds excited?

[unixisc]

But NAT did not exist in the initial period of IPv4, when there wasn't a shortage of addresses. It was only introduced as an interim solution to the address shortage while IPv6 was being defined and developed.

I'm not actually getting what you will be missing. If you want a local network, all your laptops will have link-local addresses of fe80::/16, which would belong to your network, and not leave the place - you can do anything in your fiefdom w/ it. If you want addresses to be independent of your ISP, you can get provider-independent IPs from your NIC, which you can keep even if you switch ISPs. If you want unique site addresses, for now, you could use something like fd00::3. (Okay, no globally unique site addressing methodology has been developed so far, but I'd argue that it ain't difficult). Only thing you're 'losing' is the address switchover when going from your router to your laptop. And if you have a DHCP6 configured to manage the interface ID portion of your addresses, it could remain unchanged, irrespective of the prefix domain you get.

Bologna

[Karl+Cocknozzle]

We're not changing to IPv6 on our internal network ever. Why would we bother with a forklift changeover of the entire internal network? It's a waste of time--nothing we need to do now requires "end to end" addressing, and frankly, if it does we don't want it. All the articles I've read seem to come down to "it's more convenient" for applications not to have to deal with NAT... Of course it is also more convenient for people who mean to do you harm, too, since we're back to connections to outside resources coming from the machine's actual IP address, a public NATing of the private one.

Once again, we're back to "convenience" vs. "can a competent admin secure it in a reasonable length of time or with a reasonable budget?"

Re:Bologna

[evilviper]

All the articles I've read seem to come down to "it's more convenient" for applications not to have to deal with NAT... Of course it is also more convenient for people who mean to do you harm, too, since we're back to connections to outside resources coming from the machine's actual IP address, a public NATing of the private one.

NAT doesn't provide any security. Never has, never will. No, I'm not wrong. No, I'm still not wrong.

If you have a firewall between your private network and the public Internet, then you'll have all the security you want, whether using IPv4 or IPv6, with or without NAT. If you don't, then it's trivial for bad guys to reach services you don't want them to get to. If there's NAT in-between, it'll take a couple extra specially-crafted packets, but it's pretty trivial to get around.

IPv6 addresses with a firewall? Bad guys can know the IPv6 address of your valuable systems all they want, but if your firewall is blocking incoming connections by default, they can't get a single bit through to the destination.

I don't understand why people's brains turn to jello when talking about IPv6.

Re:Bologna

[gbjbaanb]

I don't understand it either - but I assumed they were either totally ignorant of the difference between NAT and Firewall, or trolling.

To put it in a way they can't explain away - sure a NAT router provides blocking of incoming requests, just like a firewall. Until the user decides to check out that 'DMZ' configuration option, or his uPNP software decides to do it for him, so he can run some skype, p2p or web server and suddenly his NAT router is no longer providing an incoming blocking service.

They don't like to consider that scenario.

Re:Bologna

"If there's NAT in-between, it'll take a couple extra specially-crafted packets, but it's pretty trivial to get around."

In theory only, because in practice none of the home routers people buy that do NAT allow source routing. For all other methods, you're either abusing a buggy firmware or you're already behind the NAT, so the reason that you can do 'things' has nothing to do with NAT, nor something that also wouldn't be possible with a filter (or 'firewall' as most people like to call it).

Re:Bologna

[evilviper]

Source routing isn't the only option by far. There are a dozen other ways you can get a packet, with a private address as the destination, to the NAT box.

Re:Bologna

Right, now I am curious. I don't use NAT as a firewall replacement, but none the less I don't really see how you would attack a machine behind a NAT if it doesn't have any open/redirected ports and isn't already talking to you.

Re:Bologna

[Bengie]

NAT isn't a standard, just a bandaid. As such, there are many different implementations of it. They all follow the general idea, but there are different corner cases for different implementations. As long as it works for most cases, it doesn't get fixed.

A network admin will find IPv6+Firewall easier than NAT+Firewall.

Re:Bologna

[evilviper]

I don't really see how you would attack a machine behind a NAT if it doesn't have any open/redirected ports and isn't already talking to you.

A NAT box is a router. Give it a packet destined for PrivateIP, and it'll happily forward it on through to any connected networks. The trick becomes getting it there, as your ISP's routers obviously won't know you want PrivateIP to be handled by that particular NAT box's PublicIP.

Someone already mentioned source routing... In a network you control, routers may honor the source route options in IP packets, and you can simply do a: traceroute -g PublicIP PrivateIP
Bingo, you're communicating. I've done this many times.

Another very simple way you can do at home it is to have your computer on the same broadcast domain as the PublicIP of the NAT box you want to bypass. Then, change your default gateway to the NAT box's PublicIP address, and start connecting. Your computer isn't directly connected to PrivateIP, so it forwards it to the NAT box, and the NAT conveniently forwards it through to the private network. The PrivateIP has it's default gateway set to the NAT box as well, and the NAT box knows how to forward it to you, so you've got a simple routed connection.

And those are just the two simplest "Try it at home" methods. There are dozens of other ways to do it, you just need to hack up the header of an IP packet to do some screwy things.

All of this is possible if you're just up against a NAT box. If there's a firewall in there, none of this can work. There are a few methods of firewall traversal, but they're very, very narrow cases, which are difficult to execute and generally something you get very, very little out of.

It's not YOUR addresses ...

[garry_g]

... what you don't seem to get is that the problem is not when ARIN runs out, but when your business partners get IPv6 addresses you can't reach because you didn't do your f@ckin' homework and upgrade to dual-stacked ... So go ahead, stick to IPv4, and once your boss comes in and asks why you can't exchange data with your possibly largest customer, tell him: "why would we want IPv4? Arin hasn't run out yet" ... good luck on finding a new job afterwards ...
And if you believe "Hey, no problem, it's just the Chinese and Japanese and Australians, who needs them" - think again, Europe's RIPE will run out of IPv4 addresses next ...

Artificial scarcity

[mcrbids]

Also, strangely, the need for additional IP addresses is also on the decline, as the ability to manage NAT traversal improves. Using technologies such as wildcard SSL certs with subdomains rather than individual certs for each IP address, SSL/TLS for HTTP, STUN for VOIP traffic, and so on gradually ease pressure on the need for public IP addresses.

I'm not saying that IPV6 is DOA, but the cost of IP addresses will grow slowly enough that the transition will take a very, very long time. Our colo hasn't yet announced IPV6 capability, though they are expected to sometime this year. As soon as they support it, we'll roll out support for all our products shortly thereafter even though initial demand is almost nonexistent.

Re:Artificial scarcity

[smash]

Wildcard certs are not a magic bullet.

Re:Artificial scarcity

[knorthern+knight]

> Also, strangely, the need for additional IP addresses is also on
> the decline, as the ability to manage NAT traversal improves.

And there's a lot of "conservation" that can be carried out. E.g. I retired earlier this year from a Canadian government office in Toronto. It has approx 800 desktop PC's (1 per employee), and every last single one of them has a publically routable address. You can get fired for setting up unauthorized public servers or bittorrent (assuming you could hack the 2-way firewall), so public addresses are pointless. Nobody would notice any difference if all desktop PC's went to RFC1918 space. 8 public IP addresses leaves 5 usable external IP addresses (subtract network base, broadcast, and gateway addresses). This is easily sufficient for public mailserver, webserver, and 2 ftp servers. leaving 1 spare address.

Ability to transfer address space

[jcurran]

Correct.  If you received IPv4 address space directly from one of the Internet number registries (whether that was IANA, or the InterNIC, or a regional Internet registry), the address space is assigned to you and can be transferred to another party according to the policies of the registry serving your region.  If you received address space from your ISP, it's quite likely that the ISP is only providing it to you as a component of service and will recover them if you leave or change providers.

Yes let's wait until the last minute

[drb226]

to get worked up about problems that are imminently arising. Because that worked so well for us in this SOPA/PIPA situation.

Re:Profit!

[jcurran]

Only parties with operational need can obtain address space, whether that's directly from the Internet number registries or via transfer from an existing address holder.

Re:ask the us fbi for some

[jcurran]

they have 65 + million ipv4 addresses....

Registrations are publicly visible in the WHOIS database, so please elaborate which address blocks you refer to?

Re:Bias?

[bbn]

Stupid too. So you got your splendid IPv4 address but need to talk to your European IPv6 friend? Guess what, you are out of luck!

When do people learn that as anyone is out we are effectively all out?

Oh it might yet only be a few Chinese dudes that we do not like that much anyway. But soon enough it will be Europe. I know Americans like to think that USA is the whole world, but in fact there is a reason they call USA+Europe+others "the western world".

There will probably always be v4 addresses for servers to go around. The first to go will be end users.

So what if some European pal is on an v6 only network? Surely his ISP has enabled some sort of NAT that allows him to access your old v4 site? Yes of course they have. But let me say from experience: Said ISP also undersized that NAT device, so it will be overloaded, slow and unstable. We have yet to see how easy DOS attacks on carrier NAT really is.

If you do _any_ business outside USA, and if you are an enterprise of any size of consequence you do, the message is very clear: Very soon a big chunk of your business will have a bad experience if you are not IPv6 ready.

As for end users, we also need to get on the bandwagon. The only way to do peer to peer communication with the increasing number of v6-only people is by having an v6 address yourself. Soon you will only get the full utility out of programs like Bittorrent if you got dual stack. It does not matter were in the world you live, some of your peers are going to be in those regions that are out of v4 addresses.

Re:Source of information

[jcurran]

I don't know what your source of information is, but i recall a previous announcement that no more IPv4 address were being provided, and that only IPv6 were being given out.

If that is true, then we are already out of the IPv4 addresses. and the big IPv6 potential doomsday has already come and gone.

It's worth reading the original article referenced in the post... The central free pool of IPv4 address space ran out on 3 February 2011. The Asia Pacific region (under the APNIC registry) ran out of address space for issuance per their standard policies at the start of summer. RIPE (serving Europe) is likely to run out in this spring, and ARIN is likely to run out in early 2013. Telecommunication companies and ISPs rely on getting additional address space from their regional registry, and if they can't get any more IPv4 space, they either need to stop adding new customers, scavenge IPv4 space from elsewhere, or use IPv6 for new customers.

ISPs & hosting companies will not run out of I

[jcurran]

There is a finite number of IPv4 address (2**32, aka approx 4.3 billion)... There are 7 billion people on the planet today, and most want an always on smartphone, and a home computer, and a computer at work, etc. This doesn't consider the demand for office servers, data centers, cloud services, etc. The reality is that the depletion of the free pool doesn't mean we run out, but it does start us on the path of higher and higher utilization of these 4.3B numbers. At some point, it becomes very difficult to get additional addresses because all of the relatively easily recovered address space has been redeployed. For an ISP, this won't be 2012, but there's no assurance that its not going to happen very quickly in the next few years.

APNIC has entered next stage of runout

[jcurran]

In this stage, APNIC has a fixed block of address space reserved and available under a special policy for new and emerging service providers, but that doesn't help one much if you're a existing telecomm company who had been getting tens of thousands of addresses every few months in order to grow - you can now longer obtain additional blocks and now must scramble to come up with an alternative (such as IPv6) if you want to keep growing. More info - http://www.apnic.net/community/ipv4-exhaustion/exhaustion-and-network-operators

Re:broken record

[mattventura]

how the hell am I suppose to remember my VPS IP than?

Maybe this?

Just a little

[RandomAvatar]

"it won't be until 2013 that North America will run out of IPv4 addresses and there's no sense getting worked up before then."

I think whoever wrote this is a little self-centered. The rest of the world matters too.

Really?

[idbeholda]

The "end" of ipv4 has been harped constantly for nearly 10 years. I remember in one of my classes, the big thing about learning ipv6 was because we were going to be completely out of ipv4 addresses in 2 years, no ifs, ands or buts. 10 years later, the same cries are heard far and wide across the internet. Sorry, but you can only cry wolf so many times before it's obvious that you're just plain full of shit.

Amusingly, what most don't realize is that ipv4 was designed from the ground up to be vastly subnetworked. The theoretical number of ipv4 addresses from the base network is a whopping total of 4294967296. We'll round that down and say it's 4 billion. From one subnet, while the mode of access is from one source ip address (given decent network hardware, this is not a problem), that's an additional ~4 billion addresses from ONE SUBNET. I hate to be the bearer of bad news, but I'll be surprised if we ever "run out" of ipv4 addresses.

Keep clanging your pots and pans, and shooting off fireworks. Nobody with an ounce of common sense believes that ipv4 addresses are an endangered species. Give it seven minutes and The Dragon From The Sky That Ate Teh Intarwebz will pass. Nothing of value will be lost; nothing of importance will be noted. Move along now, there really is nothing to see.

Re:Really?

[unixisc]

I've done the math on this on a previous IPv6 thread on /. First of all, lose all the Class D & E addresses. Then lose all the private addresses - 10.x.x.x, 172.16/x/x-172.32.x.x, and 192.168.x.x. After that, get rid of all the network & broadcast addresses (E.g. if you have a network of 200.1.2.x, you cannot assign anybody 200.1.2.0 nor 200.1.2.255.) And w/ CIDR, the smaller you subnet your networks, the more addresses you lose, since in any subnet, the boundary addresses are unusable for a node, which is why the smallest you can subnet is /30. Anyway, after running all the numbers, the actual figure is 3.7 billion.

After that, assuming that you NAT to the fullest extent each of the addresses you have, it will extend it some, but the fact remains that while some networks may not have been fully NATed, ofhers may have been NATed into 10.x, 172.x and 192.168.x networks, and there's nothing to expand: it's not that all networks will hit the limits at the same time, but just that a lot of them will hit the limit long before others. In many places, you are likely to see multiple levels of NAT. At that point, routability is totally lost, and what one has is akin to layer 2 switching, and nothing more.

From where are you getting 4 billion addresses in a subnet? In IPv4, the bigger your network, the greater the #blocks you need, thanks to CIDR. In IPv6, everything is now locked so that you can have 18446744073709551616 subnets, and within each subnet, 18446744073709551616 nodes. Both have fixed boundaries, and there is no question of growing the interface ID nor the global prefix.

There will be no IPv6 changeover

[RoLi]

IPv6 cannot be introduced because it is incompatible

Re:There will be no IPv6 changeover

[Predatory+QQmber]

what a load of crap...

i will say only few things:
author wants Internet industry to be like phone industry.
while most phone monopolists and oligopolists are in ISP business too, design and business methods for Internet services are quite different from phone services and even they have to abide that difference. their old methods still work and their old services still actual only because of their size and ubiquitous infrastructure. but even they will have to become pure Internet data pipe some day which they don't like a one bit.

author wants IPv6 to be IPv4, or simply, not to be at all.
yeah, let's just be sitting on our asses until our very death and leave changing the world and ways of living for the next generation... well, we already have generation of doofuses who honestly believe that NAT is a security feature in contrary to the principle of non-routed address spaces which it broke, among other things.

author says that networking enthusiasts ignore IPv6 because of "opensource" DD-WRT.
DD-WRT is quasi-proprietary at best. if you want true opensource and Free Software you go with OpenWRT. and it has full-fledged IPv6 support. even works on my old shitty hardware.

Re:Bias?

[unixisc]

The OP remarks about everybody having all the time in the world until the US runs out is genuinely inane. Even within the US, the bulk of IP addresses belongs to large corporations. Major ISPs like Comcast & Hurricane Electric have already made the switch to IPv6.

Problem is that if some servers have only IPv6 addresses - very likely as IPv4 addresses become scarcer, as they already are in APNIC, then IPv4 only computers can't access them. Things like dual stack only work when the services being provided are dual stack as well: if a web server is offered on both IPv4 & IPv6, then a laptop somewhere can access it regardless of whether it's IPv4 or IPv6. But if a server is IPv6 only, then there is no way an IPv4 only laptop can access it. Reason being that most companies that implement transition technologies would use something like Dual Stack, Dual Stack Lite or Teredo, but not translation techniques such as NAT46 or NAT64.

The OP story is just one more of those stupid 'don't worry about putting out the fire until it spreads to every part of the building, and everybody can see it, so that at that point, the money spent on it will be more easily justified to management.

Because a lot of them likely can't!

[brunes69]

People involved with IT who do not also have a development background like to drone on and on about "where are the updates", without realizing how much incredibly different IPv6 support means than IPv4. Aside from the protocol itself, you have to remember here that each and every address takes up FOUR TIMES as much memory.

When you are dealing with devices that are routing hundreds of thousands of packets per second, this is not a small change. Think of how many maps and tables and caches now have four times the memory footprint - now think about how thin the margins are on hardware costs. A lot of these devices can not get a simple firmware upgrade to support IPv6 because the hardware they are running on simply would not be able to handle it.

Even if you are talking about simple things like a document system , the IP stack is quite possibly implemented in hardware, not software, using 32 bit registers in key locations. You can't just swap 32 bits to 128 bits and expect everything to fit when you are talking about low-level devices like this.

Re:Because a lot of them likely can't!

[EdIII]

Since I am involved with development I know how long it takes to actually make something. Also, being involved in vendor-lock-in hell gives me another perspective too.

I understand that the hardware might not be able to handle it, but I am not sure that document systems have the IP stack implemented in hardware and not software like higher end switches.

Your points are valid, but when it is possible years is not an excuse. Linksys literally took years because they did not care about making firmware updates, not because it was hard. I have been involved with very complex platforms and pushed out tens of thousands of lines of code in just a few months. So I have no sympathy for a Enterprise vendor with the budget that can't do a complex firmware update in less than a year.

The point about low-level devices is well taken. If it can't be implemented in software, then there really is no solution but to provide hybrid support (not difficult) until you can justify replacement.

However, on multi-thousand dollar switches I would be surprised if the hardware could not handle it. Then again, I fully admit, I am not a deep down hardware guy. I just get frustrated when IPv6 adoption is thrust upon businesses first when it is more complicated than that (we both seem to agree on that at least), and you can't justify the budget when such a small portion of your possible market even uses it yet.

I know that the low-end routers for consumers can support IPv6 since DD-WRT supports it and can be installed on a wide variety of switches. When more than 25% of consumers support IPv6 connections (along with the ISPs) then I will have a much better case to spend tens of thousands of dollars replacing routers and switches.

Silly it is

[Predatory+QQmber]

That would make more sense if IPv6 was easy. It isn't. It's a lot more complicated than IPv4 from a network engineering perspective and I don't see many people doing much to prepare for it in a mindshare sense.

what ? IPv6 is almost the same as IPv4 in network design.
the only significant difference is that with it you can build network by their actual supposed design without a lot of crutches and work-around to conserve address space and to adapt to the scale it was not designed for.

IPv6 is design for present and future.
IPv4 was designed for estranging past and have accreted with ugly hacks. it is inadequate for modern networking and so is the mindset of people who can't comprehend IPv6 and problems it solves.

I don't think you understand

[Sycraft-fu]

These big switches support IPv6, and they do it in hardware, ASICs, if they are new. Cisco has Supervisors that fully support accelerated IPv6 Layer-3 switching. However you have to buy new sups to do it. They can't magically, retroactively, make the old ones support it. Their hardware wasn't designed for it. There is no magic firmware update to fix that.

Now speaking of firmware updates, or rather OS updates in this case, you can get IOS that has IPv6 support for those older switches. They don't prevent it. However lacking the hardware, it has to do it all on the CPU. That means that it is really good only for testing. You can't roll it out to everyone, you'll overload the CPU and it'll crash.

Seriously, you people need to stop thinking everything is like the little router you've got in your house. Go have a look at some of this high end network equipment, see the massive amount of special hardware it takes to make it able to do what it needs to do. Then maybe understand that it isn't as simple as a little software fix.