IPv6 Must Be Enabled On All US Government Sites By Sunday

darthcamaro writes "Agencies of the U.S. Federal Government are racing to comply with a September 30th deadline to offer web, email and DNS for all public facing websites over IPv6. While not all government websites will hit the deadline, according to Akamai at least 2,000 of them will. According to at least one expert, the IPv6 mandate is proof that top-down cheerleading for tech innovation works. 'The 2012 IPv6 mandate is not the first (or the last) IPv6 transition mandate from the U.S. government. Four years ago, in 2008, the U.S. government also had an IPv6 mandate in place. That particular mandate, required U.S. Government agencies to have IPv6-ready equipment enabled in their infrastructure.'"

Re:And on Monday, the headline will be

[heypete]

Why would a publicly-facing web server be behind NAT? That doesn't make any sense. NAT offers no security benefits.

Please note that "NAT" != "stateful firewall", though the two functions are often combined in a single piece of hardware.

My home network has been dual-stack for years (with NATed IPv4 and IPv6). All the systems on the network are behind a stateful firewall and even though my internal devices have globally-unique IPv6 addresses none of them are accessible from the outside world.

Re:Too Complicated

[kasperd]

IPv6 is too complex, which is what has hampered its slow adoption from the beginning.

IPv6 is simpler than IPv4.

Instead of simple address space extension, the brains behind it decided to add all sorts of fun features to it that just aren't necessary, thus leading to people not wanting to put the effort in to figure it out.

That's just a lame excuse. There are some new features, but those are mainly important to the endpoints. For routers in between, the job they need to do became simpler. And it is the network, which has been lacking, not the endpoints. The excuse that it is too complicated has mainly been used by those who didn't need to deal with the complexity.

Since those features have died off, it's getting less terrible, but now it's a moving target.

Name one change that affected a network provider, who just has to move packets between two endpoints.

KISS would have gotten us to IPv6 5 years ago.

No. There were only two approaches that could have speeded it up. Top down regulation or customer demand. But both of those were in the hands of people who won't understand the problem until they can no longer get online. Actually, there is one other thing that could have speeded it up. If we had never gotten any sort of NAT for IPv4 in the first place, then the transition would have gone faster.

Re:I blame the ISPs

[DarwinSurvivor]

Good point, lets wait for the ISP's to run out of IPv4 addresses and suddenly start mandating that people's homes be IPv6 ready out of the blue. We basically have 3 choices.

1) Wait until residents do need it and suddenly give them IPv6 only because there are no IPv4 addresses left. Phone support will have hour-long waiting periods, computer shops will be overloaded with "I need this upgrade tonight so I can submit my college thesus" support requests and a large percentage of Internet users will be SOL until they get their turn in the support line. There's also a VERY good chance we will simply run out of routers, as an alarminly large percentage of consumer (and some professional) routers STILL don't support it and all those people will need upgrades.

2) Wait until we need it and start NAT'ing everyone's internet connection. This may not affect facebook users, but will be a royal PITA for anyone using remote connections, peer2peer networking, etc. If this happens we may not see IPv6 for another 15 years at LEAST.

3) Roll it out NOW in dual-stack configuration world-wide so everyone can get their computers, routers and other devices working with IPv6. ISP's can send out regular (every 2-4 months) letters to consumers still using IPv4 only to warn them about the upcoming switch and give them enough warning to switch over (like they did with digital tv broadcasting). When we finally do run out of IPv4 addresses at the ISP level (and this is ALREADY happening in some areas such as mobile, etc), the ISP's can just disable IPv4 for new customers and/or those already fully using IPv4 and experience a truly smooth transition.

If the analog-2-digial transition for TV broadcasting has taught us anything, it's that consumers need a LONG time to transition between technologies. Considering the TV transition required nothing more than plugging in 1 box with 3 wires on it and IPv6 is going to require computer/OS and router replacement in many cases, we need to start the IPv6 transition on all ISP's about 2 years ago.