After Launch Day: Taking Stock of IPv6 Adoption

darthcamaro writes "So how did World IPv6 Launch go? Surprisingly well, according to participants at the event. Google said it has seen 150% growth in IPv6 traffic, Facebook now has 27 million IPv6 users and Akamai is serving 100x more IPv6 traffic. But it's still a 'brocolli' technology. 'I've said in the past that IPv6 is a 'broccoli' technology,' Leslie Daigle, CTO of the Internet Society said. 'I still think it is a tech everybody knows it would be good if we ate more of it but nobody wants to eat it without the cheese sauce.'" Reader SmartAboutThings adds a few data points: "According to Google statistics, Romania leads the way with a 6.55% adoption rate, followed by France with 4.67%. Japan is on the third place so far with 1.57% but it seems here 'users still experience significant reliability or latency issues connecting to IPv6-enabled websites.' In the U.S. and China the users have noticed infrequent issues connecting to the new protocol, but still the adoption rate is 0.93% and 0.58%, respectively."

IPV6 is BROCCOLI!?

[X0563511]

What a terrible metaphor. Everyone knows that IPv6 is closer to a Brussels Sprout.

Re:IPV6 is BROCCOLI!?

[I_am_Jack]

Blanch it, which is to say boil it for no longer three minutes. The general rule about steaming versus blanching is if it grows below the ground, steam it; if it grows above the ground, blanch or braise it. And no, boiling doesn't remove any more nutrients than steaming does. /off topic.

Re:IPV6 is BROCCOLI!?

[X0563511]

To be fair, broccoli is good if it's fresh and is in the "goldilocks zone" - not too crisp, not too soggy. Brussels sprouts are similar: Obviously don't give them to me raw, but I'd prefer to not eat a soggy bitter mass of plant pulp.

Can't say I've ever had kale. I enjoy collard greens, does that count?

Re:IPV6 is BROCCOLI!?

[Hatta]

Fat with your vegetables improves their nutritional content (fat soluble nutrients don't get absorbed without them).

This is an interesting claim. Do you have a reference for it? I'm imagining people being fed broccoli with and without fat, and then serum concentrations of vitamins being tested shortly after. Would be an interesting experiment.

Re:IPV6 is BROCCOLI!?

Here is an example Carotenoid bioavailability is higher from salads ingested with full-fat than with fat-reduced salad dressings as measured with electrochemical detection. It is basically accepted lore in the field that fat is required to absorb fat-soluble nutrients (if there were no fats, all the hydrophobic molecules would cluster together into unabsorbabably large clumps; with fats they would dissolve into them, which can then be absorbed in the intestines).

Re:IPV6 is BROCCOLI!?

[osvenskan]

Can't say I've ever had kale. I enjoy collard greens, does that count?

Amazingly enough (getting way OT now), broccoli, kale, collard greens, cauliflower and cabbage are all the same species. Ladies and gentlemen, I present to you Brassica oleracea.

Facebook.com AAAA records

http://blogs.voxeo.com/speakingofstandards/2011/05/22/fun-with-ipv6-addresses-check-out-facebooks-aaaa-record-in-dns/

Network gear features are still WAY behind v4

[BagOBones]

On the consumer front only just recently did home WiFi routers start shipping or start getting IPv6 support, even then finding an ISP that will provision you is next to impossible.

On the enterprise front gear has been labeled as IPv6 ready or compatible or even listed it as a feature for a long time. However if you work in security and have to implement policy control over content, you quickly see that the functionality is years behind when applied to IPv6 flows... At an enterprise level switching isn't easy without swamping out a lot of gear, or reducing expectations... IPv6 enabled deep inspection, and application layer inspection tools are only now becoming available, or only now becoming mature enough to roll out.

Re:Network gear features are still WAY behind v4

[imemyself]

I definitely agree with the concerns about IPv6 in the enterprise. Sure, almost everything has had some IPv6 support for years, but the feature parity with IPv4 was not there. (For example maybe something supports OSPF / BGP with IPv4 but only static routes with IPv6...or you can reference address groups from within a IPv4 ACL but not from IPv6). Even today some vendors (*cough* Juniper on their EX switches *cough*) see IPv6 routing as "extra" feature that isn't available on the basic license level. This is unacceptable, and shows a complete disconnect between vendors and enterprises / service providers with respect to what's actually needed for real world IPv6 deployments.

Re:Privacy Concerns

NAT isn't a security feature, that was a consequence of it breaking things to try and patch a bandaid fix on the problem IPv6 solves.

nat routers...

How many ipv4 nat routers are out there? How many of the big ISP's turned it on (or will by 'end of the year')?

Take my ISP for example (a pretty big one). They are just talking about turning it on this year 'by the end of the year' (which is marketing speak for next year).

Then how many consumer grade routers out there can you buy that are still only ipv4 (a lot btw). You have to go out of your way to get something with IPv6 you need to know exactly which router to get. You even had one decent sized manufacture yank the feature out for all intents and purposes so be careful which firmware you are running... Sure you can flash the firmware on many to get it. But what a pain. I dont feel like playing root my wireless access point to get a feature which should ALREADY be included... In 2005 this was understandable. In 2012 not so much anymore...

Then we can talk about the devices themselves. There are thousands of embedded devices out there sold within the past 2 years that ONLY do IPv4. TV's being the worst of the offenders... Bought a network enabled bluray a couple of months ago. IPv4 only... And both of these devices are from major manufactures...

the tl;dr ver 'it will take time not enough devices that support it yet'.

Re:Horrible Analogy

[gstoddart]

Calling IPv6 broccoli is a horrible analogy. IPv6 is chocolate, vanilla, cake, topped in cheese sauce.

So, it sounds disgusting and nobody wants it? Cheese sauce on cake?

That would explain a lot.

I Tried Anyway...

I bought a business connection from my local provider, asked my salesperson if they had IPv6, they said yes. Tried to set it up for World IPv6 day. Well, their tech support says no they do not have IPv6. So, that was my IPv6 day experience.

Re:I Tried Anyway...

[mikael_j]

When I last worked in the ISP business, or more specifically for an open citynet which handled last-mile access for a number of ISPs, we would get the occasional request about IPv6, both from regular customers who couldn't get a clear answer from their ISP and from the ISPs using "our" network. From the number of requests and the tone of the requests from the ISPs there was clearly customer demand for IPv6.

After a very long time of us forwarding all of these requests to upper management the reply finally came through. The official stance of the citynet was that there had been no noticeable demand for IPv6 and thus there were currently no plans to make the network IPv6-capable. This was told to all tech support and customer service staff as well, any requests from ISPs (or customers calling us directly) was to be answered with some version of "well as far as I know you're the first to ask and we currently don't have any plans to make our network IPv6-capable in the foreseeable future.".

Yup, upper management thought the investment would be too big so they "decided" that there was no demand and ordered everyone else to play along with their little fantasy.

Re:Privacy Concerns

[Jon+Stone]

I've never understood this concern. With IPv6 I have, say, 2^64 addresses to use. I could use a different source IP address for each and every HTTP request I send out. Even at 1000 requests a second we'll all be long dead before you had to reuse a source address.

IPv6 gives you loads of room to hide. This is my concern - address based blocklists will quickly become infeasible.

China???

[GPLHost-Thomas]

I'd like to know who's the users in China with IPv6. There's no provider, ADSL or otherwise, that provides IPv6. The only place where you could find IPv6 would be universities. And what's funny with it, is that it shows that the Great Firewall of China doesn't cope with v6 at all. All sites that would normally be blocked are wide open. So until the GFW is "patched", I don't think IPv6 will come. That's quite a shame, because I've read multiple times that the big ISPs backbones are already IPv6 capable.

Re:Quick Fix

[doshell]

Routers and end systems would still need to be taught how to speak a new protocol; machines that only know how to construct and decode packets in IPv4 format would be unable to deal with your "extended addresses". What exactly would you gain?

Also, IPv6 is much more than just an extension of the addressing space. I won't bother listing all the niceties here since it has been done before (and you can find them easily). But to think that everything IPv6 has to offer is a lot more addresses is extremely narrow-minded.

Re:Privacy Concerns

[SuricouRaven]

Not quite. Your ISP still assigns you a /64 (typically) so all your requests would have to come from within that - and the other end could easily recognize this. The only real privacy implication of ipv6 is that it'd be possible for a server to tell via IP address which computer in a household a request came from, rather than just the house - so it could make different profiles for the teenage daughter to see lots of clothes and music ads while the mother gets lots of furniture and household products advertising. But even without ipv6, this is trivial anyway - it just needs to be done by cookies, which is how every major profile-building ad network does it already.

Also with enterprise gear

[Sycraft-fu]

There can be a real difference between "Can do IPv6" and "Can do IPv6 with realistic traffic." Most high end Cisco gear, even older stuff could be updated to support IPv6. However the problem is that it is all in software, all on the rather small CPU. So sure it'll work if you have only a couple IPv6 flows, however if everything went IPv6 it'd fall over. You need support in the ASICs for it, and that means buying new hardware.

Of course being high end it isn't so cheap. We upgraded all our stuff on campus to do IPv6 and it was millions to get all the hardware needed. Now we are large, but not compared to many ISPs. So it isn't so easy to just say "Oh buy a bunch of new equipment to replace the perfectly good stuff you already have."

IPv6 is coming, slowly, but it isn't going to be a fast process and anyone who things people, ISPs, etc should "Just do it," hasn't spent any real time looking at what is involved.

Re:Privacy Concerns

[mikael_j]

Mostly because a lot of enterprise IT departments have serious issues with anything new and thus "scary" and "untested". Hell, I know places that still critical production systems on NT4 and think Subversion is too new and untested to be used as a production VCS so they just stick to CVS since "everyone knows it and it works".

On a similar note, these are the kind of places that mandate that all database queries be made as stored procedures (T-SQL, of course) since that's the only "safe" way of accessing a database. Bring up parameterized queries and they look at you like you're mad. In places like that they have working security put in place 10 - 15 years ago and they have no intention of changing anything until they absolutely have to. In their world security "needs" NAT (because that's what their equally old firewall appliance needs).

Re:Privacy Concerns

[WaffleMonster]

I've never understood this concern.

Me either.

IPv6 gives you loads of room to hide. This is my concern - address based blocklists will quickly become infeasible

It it won't be that much different with v6 and a slight change in mindset. Instead ofblocking an IP you go after the prefix instead.

For example an ISP customer is abusing my service and I want to block him. I don't go after his IPv6 IP I go after his entire /64, /48 prefix or whatever it is his ISP allocated to him. He can change his local bits all he wants he is still blocked.

There are other examples where it is difficult such as blocking some computers on the same /64 segment as others you want to allow however when we look at this problem today all we see most of the time is a NAT for the whole network with a single IP.

The address space is bigger and there is more room to hide yet allocation is still hierarchical and we still know what blocks are allocated to who via SWIP or working an ISPs abuse channels.

How to eat Kale

[camperdave]

In one pot, put some kale, some olive oil, water, a little salt and pepper, and let simmer on low heat. In another pan, brown up some ground beef, with some chopped onions, green peppers. Add in a can of salsa or crushed tomatos. If desired, some hot sauce or jalapenos can be added. While that's cooking, do up some Kraft Dinner according to the directions on the box. When the KD is ready, add in the ground beef mix, and serve. Throw out the kale.

Note: This recipe works well for broccoli, Brussels sprouts, cauliflower, spinach, and many others.

Re:Privacy Concerns

[icebraining]

IPv6 most certainly does NAT: http://tools.ietf.org/html/rfc6296

What about /.?

Why isn't slashdot accessible over IPv6?

Re:Quick Fix

[Bengie]

Extending an IPv4 stack to use 64 bit addressing

Almost as much work as IPv6. You would still have to change out ALL of the hardware in the world and still have to update ALL of the software. If it's going to be the same amount of large scale work, just do it correctly the first time.

I've been using native IPv6 for well over a year

[tdelaney]

My ISP (Internode) has been providing opt-in dual-stack support for at least a couple of years, and enabled it by default for all new customers in January. Internode currently have about 2% of their customer base on IPv6.

Note: if you go to that page and the logo is spinning, it means you've connected via IPv6.

I get a static /56 prefix (earlier when it was still considered a trial they gave a /64 that could change when you lost ADSL connection). My router (Billion 7800N) acts as a DHCPv6 server and everything is hunkey-dory except for one minor quibble - the router advertises the upstream DNSv6 servers instead of itself, so if you've done static MAC->IPv4 mapping in the router they won't be returned when a DNSv6 request is made. The fix there is to manually set the link-local address of the router as the DNSv6 server on each of the machines.