Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worldwide IPv6 Adoption: Where Do We Stand Today?

Posted by Soulskill on from the very-slightly-ahead-of-where-we-stood-several-years-ago dept.

skade88 writes "IPv4 is much like a limited natural resource; it can't last forever. The well of new IPv4 addresses is already running dry in many parts of the world. The solution to this problem, which was presented decades ago, is to switch to IPv6. With peak IPv4 far behind us, why do we still see limited IPv6 adoption? Ars takes a good look at where we are and where we are going with the future of IP addresses, the internet and you. Quoting: 'As with all technology, IPv6 gets better and cheaper over time. And just like with houses, people prefer waiting rather than buying when prices are dropping. To make matters worse, if you're the only one adopting IPv6, this buys you very little. You can only use the new protocol once the people you communicate with have upgraded as well. Worse still, you can't get rid of IPv4 until everyone you communicate with has adopted IPv6. And the pain of the shrinking IPv4 supplies versus the pain of having to upgrade equipment and software varies for different groups of Internet users. So some people want to move to IPv6 and leave IPv4 behind sooner rather than later, but others plan on sticking with IPv4 until the bitter end. As a result, we have a nasty Nash equilibrium: nobody can improve their own situation by unilaterally adopting IPv6.'"

55 of 327 comments (clear)

  1. Re:That's easy. by Ultra64 · · Score: 2

    Not really, you just track them by their IPv6 subnet prefix instead of their full IPv4 address

  2. The reason why is by Anonymous Coward · · Score: 2, Interesting

    With peak IPv4 far behind us, why do we still see limited IPv6 adoption?

    The reason why is simple: because we haven't run out of IPv4 addresses yet.

    1. Re:The reason why is by YodasEvilTwin · · Score: 2

      This. You can't stick with IPv4 if you have no IPv4 address to use.

    2. Re:The reason why is by Forty+Two+Tenfold · · Score: 2

      With peak IPv4 far behind us, why do we still see limited IPv6 adoption?

      The reason why is simple: because we haven't run out of IPv4 addresses yet.

      Close: because for the time being the costs of the transition are higher than those of maintaining the status quo.

      --
      Upward mobility is a slippery slope - the higher you climb the more you show your ass.
  3. IPv6 Internet is "here" for some of us by insecuritiez · · Score: 5, Informative

    I have a native, public, non-tunneled IPv6 address at home through my non-business Comcast cable Internet service. My computer and phone automatically use IPv6 whenever available.

    I can use IPv6 at work too.

    It's already here and adoption seems to be accelerating.

    1. Re:IPv6 Internet is "here" for some of us by insecuritiez · · Score: 4, Informative

      It's very nice. I was in the process of setting up a tunnel between my home gateway and a Linode machine (Linode provides native v6) and making Linode my publicly visible exit point to the Internet. A few weeks into the project Comcast implimented v6 making my tunneling efforts redundant.

      Comcast currently allocates a /64 to each customer but they say they'll hand out shorter prefixes later.

      I currently use "privacy addressing" with my Linux machine which I do with:
      # IPv6 privacy stuff
      echo 209600 > /proc/sys/net/ipv6/conf/wlan0/temp_valid_lft
      echo 10800 > /proc/sys/net/ipv6/conf/wlan0/temp_prefered_lft
      echo 128 > /proc/sys/net/ipv6/conf/wlan0/max_addresses
      echo 2 > /proc/sys/net/ipv6/conf/wlan0/use_tempaddr

      This is mostly so that I'm trying out the most extreme end of IPv6 where I'm going through addresses quickly and have up to 128 at a time.

    2. Re:IPv6 Internet is "here" for some of us by jbgeek · · Score: 2

      Yeah. And ironically, Comcast Business doesn't offer IPv6 yet, so I'm still tunneling. :-(

      If only their "business class" service were as aggressive about it as their residential service. And more irony, the only reason I have business class I can have static IPv4 addresses.

  4. Re:That's easy. by Anonymous Coward · · Score: 3, Funny

    I'm not taking any chances... I've moved our network to IPv8

  5. Re:That's easy. by Anonymous Coward · · Score: 3, Informative

    How so? Many (if not most) end system addresses have the MAC address embedded in the v6 host address, so you get more information out of a v6 address than you do out of a v4 address (including the ability to trace the same device even if it changes layer-3 networks).

    Since most vendors aren't supporting RFC 3972, tracking is probably going to be easier, not harder.

  6. IP6 addresses are a pain by Viol8 · · Score: 3, Insightful

    We have so many test VMs appearing and disappearing on our network that we don't bother putting them in DNS, we just give out the IP4 192.168... address for the testers and devs. I dread to think what would happen if we had to give them the line noise that is an IP6 address. Whatever other merits IP6 has, the designers REALLY didn't think it through at the manual address entry level.

    1. Re:IP6 addresses are a pain by Aqualung812 · · Score: 3, Insightful

      the designers REALLY didn't think it through at the manual address entry level.

      Yeah, they did, and they decided that the only servers that need a manual address are DNS servers and DHCP servers (if you choose to run DHCP).
      Outside of those, the only other things that need manual addresses are routers.

      Everything else should use Dynamic DNS.

      Give me a good reason why someone shouldn't be using DNS instead of direct IP address, other than lazy programmers.

      --
      Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
    2. Re:IP6 addresses are a pain by PlusFiveTroll · · Score: 2

      Your routing prefix is unlikely to change (first 48 bits)
      Your subnet id says the same per 'net' and only varys if you have more then one addressable network (16 bits)
      the last 64 bits are the easy part...
      type :: to compress out the 12 zeros you don't need to type then start at 1 and go up to ffff

      Just avoid automatic addressing for systems that you are going to access like servers. Everything else should use a automatic dns registration system when getting an IPv6

      ANY 128 bit address is going to have 'human' issues at the entry level because people don't handle that many bits well.

    3. Re:IP6 addresses are a pain by gclef · · Score: 5, Insightful

      One good reason why *servers* shouldn't be using DynamicDNS? I'll give you two.

      First scenario: your server isn't responding. How do you tell the difference between a failure of the server itself and a Dynamic DNS registration failure? If you don't know it's IPv6 address, how can you tell if its fine, just not registering in DNS properly? Heck, if it's not registering properly, how do you find it at all?

      Or, more fun: the server reboots & ends up with a different dynamic IPv6 address....even if it registers the new address to its name properly, clients don't always honor DNS cache times, and will keep trying the old address for a while. You've now created an outage for no good reason.

      If you said that desktops don't need static DNS, I'd agree with you completely. But making server infrastructure totally reliant on a middle layer is asking for trouble...things'll work fine until you have a problem & need to troubleshoot. Then your reliance on an external system will bite you in the ass.

    4. Re:IP6 addresses are a pain by Viol8 · · Score: 2

      "Give me a good reason why someone shouldn't be using DNS instead of direct IP address, other than lazy programmers."

      I'll give you a number of good reasons - manpower , deadlines, simplicity. When you get a proper job instead of playing around at college you might understand.

      Oh , and programmers generally don't set up DNS. Just FYI.

    5. Re:IP6 addresses are a pain by arth1 · · Score: 4, Informative

      For example, you can omit segments that are 0, and collapse consecutive such segments, which is why you can write the loopback address as ::1.

      To be fair, you can do that with IPv4 too. Using 127.1 for the loopback address or 192.168.1 for a typical NAT gw address works just fine.

    6. Re:IP6 addresses are a pain by MajroMax · · Score: 2

      It's probably the index of your machine's IP that received the echo reply. An IPv6-connected host will have many addresses of different scope, so some implementations use the "%" to distinguish which of your addresses has handled a connection.

      --
      "Evil company X is threatening to restrict our rights! Let's all get together to stop--OOOH! SHINEY!!!" -- AC
    7. Re:IP6 addresses are a pain by maz2331 · · Score: 3, Interesting

      Seriously, it sounds like SOMEONE can't convert between decimal and hex.

      The addresses are easy once you get even slightly used to them, and once you memorize your /48 or /64 prefix is no more difficult than v4. 2001:123:45:67::2E/64 isn't hard. [2001:0123:0045:0067:0000:0000:0000:002E]. I have memorized our /48 and our usual scheme is to split it into /64s that then match the 3rd octet of our 192.168.x.x private range...so for example, I'd set up a host that is on 192.168.16.5 as 2001:123:45:10::5/64.

      Or even better... just let the router on the subnet autoconfigure the hosts, or setup DHCPv6 on a server.

      (Ocourse the 2001:123:45 addresses are totally made-up and fictitious... no need to give my real-world v6 netblocks on here!)

    8. Re:IP6 addresses are a pain by Fred+Foobar · · Score: 4, Informative

      That address is a link-local address. The number following the percent sign is the zone index, which specifies which network interface the address is on. If it were not there, the address may be ambiguous with multiple interfaces (imagine if two hosts on two different network segments had the same IP address; neither host can talk to the other but the machine you're on can talk to both through separate interfaces). I don't think IPv4 handles this case at all. Indeed, RFC 3927 discusses address ambiguity but provides no real solution for it. IPv6 provides a solution in the form of zone indices.

      --
      It was a really good paper.
    9. Re:IP6 addresses are a pain by sl4shd0rk · · Score: 4, Informative

      Give me a good reason why someone shouldn't be using DNS instead of direct IP address

      Here's 4. Not trying to be a wiseass, but there are times when bypassing DNS is preferable.

      1) When you cannot trust your DNS source
      2) DNS is not working or too slow
      3) You didn't want to/need to spend $$ registering a domain
      4) Your IP changes but DNS hasn't updated yet

      --
      Join the Slashcott! Feb 10 thru Feb 17!
    10. Re:IP6 addresses are a pain by Anonymous Coward · · Score: 3, Informative

      Umm... Seems you haven't understood how IPv6 addresses work. Everything starting with fd is private. So you could assign the addresses
      fd00::1
      fd00::2 ...
      to your private VMs. Quite a bit shorter than then IPv4 192.168... madness.

    11. Re:IP6 addresses are a pain by Dagger2 · · Score: 4, Informative

      The right-most octet in the abbreviated address substitutes for the right-most octets of the full address.

      e.g.:
      127.1 -> 127.0.0.1
      192.168.1 -> 192.168.0.1
      192.168.257 -> 192.168.1.1
      10.65536 -> 10.1.0.0

    12. Re:IP6 addresses are a pain by icebraining · · Score: 3, Informative

      But nobody is saying we should burn all traces of IP addresses, just that manually writing them should be a negligible use case. One can just copy/paste the IP from some file if DNS happens to break.

      --
      Dilbert RSS feed
    13. Re:IP6 addresses are a pain by DarkOx · · Score: 3, Interesting

      I have this fight for a long time and some of what you say is true, but in my experience its always worked out better where my DNS rule is observed on a largish network. That is: if its not in DNS it does than it does officially not exist, that address is mine ( network admin ) to freely use as I please, and if your refer to a resource by IP directly its subject to change with minimal warning.

      A proper DNS infrastructure does not just fail ( most organizations don't have that but its a different matter ). Other 'stuff' happens all the time. Companies get acquired that happen to use your same address space, services have to be moved to different sites for one reason or another, something at some subsidiary starts causing problems on the wan and you need to know what is right away etc. A solid DNS database makes it possible to find the information you need quickly both for humans and machines, and to effect changes easily without having to chase all across your 30 site nation wide WAN to fix every the address of the time server on every box. If you are not using DNS, even in ipv4 world, everywhere you possibly can I say you are doing it WRONG. That extra layer is there to help you and give you options.

      Also even without DNS and DHCP most the time ipv6 is not going to require you to know any more bytes of an address than you do today. If you subnet properly the prefix should be predictable inside your organization. So you should still only need to communicate the last part of the address to all but the least clueful users

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    14. Re:IP6 addresses are a pain by unixisc · · Score: 2

      Simpler to read ==> shorter ==> fewer addresses ==> run out of them sooner

    15. Re:IP6 addresses are a pain by cc1984_ · · Score: 3, Informative

      just so you know, the 2001:db8 is reserved as a fictitious subnet to use in documentation. You'd be better off using that instead of 2001:123:45

  7. Re:That's easy. by houghi · · Score: 2

    Governements do. ISPs don't.

    Without it, they can sell IPs for nice amounts without paying for it themselves. For ISPs it would even be nice to just give everybody a 10.x.x.x address (as they do with phones) so you can not run any server, or with very much work.

    It is much better and easier to control on many levels of control.

    So why would they go to IPv6, which will cost money, while sticking with IPv4 will bring in money.

    --
    Don't fight for your country, if your country does not fight for you.
  8. Re:That's easy. by Ultra64 · · Score: 5, Informative

    >Many (if not most) end system addresses have the MAC address embedded in the v6 host address,

    http://en.wikipedia.org/wiki/IPv6#Privacy

    Privacy extensions are enabled by default in Windows, Mac OS X (since 10.7), and iOS (since version 4.3).[39] Some Linux distributions have enabled privacy extensions as well.[40]

  9. Still not working... by bartjan · · Score: 5, Insightful

    bartjan@ix:~$ ping6 slashdot.org
    unknown host
    bartjan@ix:~$

    Maybe about time to update this story from 2003??

    1. Re:Still not working... by Anonymous Coward · · Score: 2, Insightful

      No-one at Slashdot knows very much about this technology stuff. It's more about maintaining a nerd image by wearing weird glasses.

    2. Re:Still not working... by alanw · · Score: 3, Informative

      I run the Firefox plugin SixOrNot. Google - a green 6. Youtube and Facebook ditto. Slashdot, a red 4. There are major sites out there running IPv6.

      I have a free tunnel from Hurricane Electric. The only issue is that Google thinks I'm in the USA, which can't be a bad thing.

      Now that there are no more IPv4 addresses available in Europe, it's in the interests of the established players to suppress IPv6 and lock out disruptive new startups: e.g. ISP's or Co-Lo's.

  10. Better yet.. by micber · · Score: 2

    maybe we should just say "the Internet is full!" and call it a day...there's already too much crap floating around anyway!

  11. Re:That's easy. by MajroMax · · Score: 4, Insightful

    That won't work in the long-term. The problem with carrier-grade NAT is that the ISPs have to... maintain carrier-grade NAT.

    Network Address Translation is a stateful protocol, and it's orders of magnitude more expensive to maintain connection tracking on a per-connection basis for your customers than it is to simply route packets between networks. Even ISPs that use Deep Packet Inspection have the luxury of looking at selected traffic flows; carrier-grade NAT has to cover everything or it doesn't work.

    --
    "Evil company X is threatening to restrict our rights! Let's all get together to stop--OOOH! SHINEY!!!" -- AC
  12. Re:That's easy. by MajroMax · · Score: 4, Interesting

    ISPs don't want to do carrier-grade NAT, because then they have to maintain carrier-grade NAT.

    CGN is a stateful protocol, meaning that each of their implementing-boxes needs to maintain and process state for each data flow to or from your devices. That's no big deal for a single home, but it's a problem for a carrier. If the boxes are too far towards the customer-end of their network, they will be small but they will also be numerous, making maintenance more frequent. If the boxes are too far towards the core of their network, an ISP will only need a few, but the hardware requirements are much heftier to provide acceptable performance. (Already, bittorrent can saturate some of the cheaper home routers).

    Simply routing packets is technically far, far easier than running network address translation. Even ISPs that use deep-packet inspection have the option of turning it off if things go wrong -- the network fails open. Carrier grade NAT doesn't have that option.

    --
    "Evil company X is threatening to restrict our rights! Let's all get together to stop--OOOH! SHINEY!!!" -- AC
  13. Re:As long IPv6 wastes more data per hearder, by YodasEvilTwin · · Score: 2

    A con does not make the number of pros zero. Learn to count.

  14. Re:As long IPv6 wastes more data per hearder, by Ultra64 · · Score: 2

    http://www.startnetworks.info/2011/08/ipv6-and-ipv4-headers.html

    "Due to all these reasons, IPv6 headers are more efficient and less CPU intense to Routers than IPv4 headers. "

  15. Re:End to end by Kjella · · Score: 3, Informative

    Don't call us, we'll call you. I actually had an Internet connection like that years back, entire campus hidden behind a single IP and no incoming ports. It was rather crippled but as long as the other half of the connection had a normal connection I could always connect to their servers and up/download. On modern IM services it'll even negotiate so that other people can send you files because under the hood you connect out instead. Worst case if you're both stuck behind such solutions you can always pass files via some third party file host. It's not pretty but it's not useless either, I bet enough people just browse and check their mail to not even notice.

    --
    Live today, because you never know what tomorrow brings
  16. Comment removed by account_deleted · · Score: 2

    Comment removed based on user account deletion

  17. Re:That's easy. by NatasRevol · · Score: 4, Funny

    They can still find it.

    Try IPv9¾

    --
    There are two types of people in the world: Those who crave closure
  18. Re:IPv6 isn't the solution by Dagger2 · · Score: 4, Insightful

    You've pretty much just described 6to4. We have it already.

  19. Multicast? by Anonymous Coward · · Score: 2, Interesting

    I've been waiting for the IPV6 killer application to show its head. Until then I don’t think Joe public will know or care what IPV6 is and why they should use it.

    So I mention this here in the hopes that it will light somebodies bulb and somebody will probably correct me on this, but I always thought IPV6 included global multicast, which would make lots of new application possible. Imagine being able to stream content from your home to any number of people without the need for a costly connection. Kinda makes bit torrent look so last century.

    1. Re:Multicast? by tftp · · Score: 2

      Imagine being able to stream content from your home to any number of people without the need for a costly connection.

      You'd have to do the imagining from within the prison cell :-) A copyright crime is worse than murder because when a peasant kills another peasant nobody cares; but when a peasant steals content from a corporation then the sirens start wailing, and no punishment is too high for such a crime.

      The Internet remains the Internet only for highly technical people. Everyone else is a consumer; and corporations do not want consumers to run servers and stream anything. If they want to do that they can always pay some small fee to a Corporation that will do this work for them, legally and with no effort. Consumers should only buy services. The majority of consumers are not even aware of those possibilities because they are not the specialists. More and more consumers switch away from general purpose computers (that could, in principle, do such things) to phones and tablets that aren't designed for advanced networking, and it would cost you way too much to stream over a wireless data connection. Those phones and tablets are often a walled garden anyway.

      In other words, the IP version is not a significant factor in development of new commerce over the Internet. Skype works fine over IPv4 as it is, and the browser works. That's all that the common man cares about.

    2. Re:Multicast? by WaffleMonster · · Score: 2

      In other words, the IP version is not a significant factor in development of new commerce over the Internet. Skype works fine over IPv4 as it is, and the browser works.

      Most of skype is dealing with endpoints who are both behind nats and threfore unable to connect directly to each other so conversations are punted unecessarily thru other users systems with better connectivity. This creates significantly higher latency, unecessarily wastes resources of multiple parties and lowers overall reliability and quality of the communication.

      With a network of peers "skype" would simply consist of an optional directory to facilitate people finding and connecting to each other.

      People don't care about IP version and they don't care about network topology. What they care about is results and capabilities of the tools they use.

      Delivering a network of peers enables better tools and lowers the barrier to entry for developers. You no longer need to design complex P2P schemes or operate an armada of supernode servers to facilitiate communication between people.

      That's all that the common man cares about.

      These sorts of arguments ignore the opportunity cost of the equation. It is not enough to simply assert x works fine so y is not needed. One should also consider what would additionally be possible if y was delivered.

  20. Re:IPv6 isn't the solution by Alomex · · Score: 3, Informative

    6to4 is an extension which is optional as opposed to an intrinsic part of the protocol. This distinction is important.

    Moreover the fact that 6to4 was developed at all, after IPv6 was proposed, proves my point and shows that my criticisms of IPv6 were/are shared by many.

  21. killer app? by DECula · · Score: 2

    Unless we come up with a viable DNS RBL for ipv6, the killer app for ipv6 is going to be spam. Hey mister, wanna buy a Rolex?
    I hope someone is working on services like this. I can also imagine one heckofa bot net once we get all those soda machines and
    refrigerators online.
     

    --
    dreaded scurrilous bit-twiddler from Oklahoma
  22. Re:That's easy. by firewrought · · Score: 5, Interesting

    Privacy extensions are enabled by default in Windows, Mac OS X (since 10.7), and iOS (since version 4.3).

    But it doesn't keep ISP's from moving to permanent, static IP addresses. So privacy extensions will "blur" the PC's within a single household together and keep stalking firms (um "ad agencies") from tracking you as you move between coffee shops*, but, in practice, all household traffic you generate will be branded with the same permanent, unique address.

    I'm not poo-pooing IPv6, that's just an unfortunate drawback that comes with all of its advantages.

    *Tracking you by IP, that is, there are still cookies, local storage, browser fingerprinting, etc.

    --
    -1, Too Many Layers Of Abstraction
  23. Want to make it happen fast? Easy solution by WindBourne · · Score: 2

    Start removing classes for use in the IPv4 arena.

    Right now, ISPs, esp. in America, are not converting because they do not need to. BUT, to speed it up, all that needs to happen is to require that 5% of the IPs be returned every year or so, starting 1 year out. That will pretty much force the situation.

    And for those that will scream that this is not right, BS. It is needed. Long needed.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  24. Re:End to end by unixisc · · Score: 2

    Which is normally a bitch under IPv4, since the same Class C or Class A private addresses are used in the separate networks, and so connecting the 2 and resolving the differences b/w overlapping addresses would give one a migrane. With IPv6, one could either use dedicated routable addresses, or if one needs a VPN, one could use a site-unique address.

  25. Re:It ain't working by WaffleMonster · · Score: 3, Informative

    IPv6 ain't working. This should pretty much be clear to all, since it is not being widely adopted.

    All major ISPs in US are in the process of testing and rolling it out.

    Google, Netflix, Akami, Federal government, Facebook all on IPv6.

    All major CPE vendors shipping IPv6 enabled gear.

    Perhaps you know something they don't?

    There will be a long tail and it will take forever to move enough for the plug to be yanked on IPv4. Nobody is saying RFC 801.

    A more constructive approach was to take steps to facilitate its adoption, such as tunneling, the IPv6 day and the IPv6 experiment.

    All these "steps" did was throw a wrench in the process of adoption. This is 2013 and people demand a production quality network. Tunneling does NOT provide that.

    Content is not going to deploy to a shit network with no bandwidth and crappy availability that tunneling provides.

    IPv6 day was necessary mostly to identify and fix what went wrong with the tunneling nonsense already deployed.

    still only 1% of the internet. At this point we have to believe that nothing short of a completely new protocol will succeed.

    We all get to believe what we want. I choose to believe publically available bandwidth charts showing an exponential curve and the interface statistics on my router showing ~30% of my traffic by volume is IPv6.

  26. Re:That's easy. by Cimexus · · Score: 2

    Well I don't know "why", but many ISPs around here offer or are starting to offer IPv6. None are thinking about doing carrier-grade NAT (with the exception of some of the cheaper mobile phone networks, and frankly, I don't really have a problem with it for phones ... not like I'm running a server on my phone, plus you can usually pay a nominal sum for a 'real' IP if required).

    People want real IPs and any decent ISP will offer them. Simpler to administer for them, and not really much of a cost - they just make sure they always buy IPv6-compatible hardware and software over the course of their normal upgrade cycle, and eventually they will be able to offer IPv6.

  27. Re:That's easy. by petermgreen · · Score: 2

    In England, we are lucky, most geolocation services get the city info wrong,

    AIUI the free geolocation services are basically built on freely available data while the pay services supplement that with data from their own research. If the ISPs don't make the data easilly available (I don't think there is any obligation on an ISP to post where in the country and allocation is being used) the free databases won't have it. If the ISPs put users from different places in one subnet then the pay databases won't have it either.

    But when I wrote that post I wasn't thinking of publically available geolocation services, I was thinking of the government (who can demand information from your ISP) and possiblly big companies (who can correlate IPs used for one activity with those used for another).

    --
    note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
  28. Re:NAT by jbolden · · Score: 3, Interesting

    ARIN has been pretty clear they don't want carrier grade NAT. The carriers don't want carrier grade NAT. You aren't going to be forced behind a NAT. You'll have a v6 address and pool for v4 outgoing once they roll out v6.

  29. Re: That's easy. by LostMyBeaver · · Score: 2

    There is still a cost on large ISPs. The holy land of carrier grade NAT would be to NAT the entire ISPs v4 network and route statics for customers who want their own addresses. Even with big iron (think ASR9k) the active translation table can be far beyond the scale of the hardware.

    That said, a more conservative approach would use private IPs for the P routers and internal addresses for the PE routers. Then a VRF would provide a /30 between edges for private networking. Another VRF would carry static routes for customer subnets. Customers would be CGNATed at the PE from a single IP for multiple customers. This makes the router requirements larger at the provider edge but much easier to maintain. Then it would use 2-4 IP addresses (depending on use of /30 or /31 subnets) per PE router and completely free up the pool used for P routers. This means a national scale ISP like Comcast could probably function on a /16.

  30. Re:It ain't working by jbolden · · Score: 2

    It is being widely adopted. Virtually every major carrier on the planet has an adoption plan that is underway. In many Asian countries they are almost fully converted. In the USA the cell networks are converted with home / small business likely to be converted by end of 2014. Too slow yes. Not being adopted, no.

  31. Re:IPv6 is coming, but NAT will save the day by ledow · · Score: 2

    I find that anyone that mixes NAT and IPv6 problems usually doesn't administer their own networks.

    NAT saves a lot of administration for a small business or home network. You have ONE outside address, and all your Internet traffic goes through ONE machine. That ONE address is unmistakably external, can have several thousand services running over it, and can be your external address for everything all at once. As an admin, you only need to know that one address (or corresponding DNS alias), and you can be fairly sure when setting up your firewalls etc. that you know what's coming in / out, from / to where.

    And then all your internal client machines? Well, their numbering is by definition none of anybody else's business, not even your ISP. It absolutely, 100% does not matter. I could be running them over token-ring and IPX for all anyone outside cares, so it honestly does not make any difference whatsoever to anyone else. And 99.99999% of networks will never, ever, ever exhaust the reserved internal ranges of IPv4, so it's easier to keep it simple internally, not have to make ANY internal changes, and have one single machine visible to the outside world handling all the "complex" stuff and horrendous addresses that are a pain to memorise, type, tell others, trace through logs with grep, etc. And if (when) the time comes that IPv4 is unsupported on a machine? You assign the gateway an internal IPv6 address, add a DHCPv6 range, and viola - it all works 100% again.

    The trick to most small business network administration is to simplify changes down to their smallest possible set so as to have the least impact. You use your brain to do less work without compromising elsewhere. And using IPv4 internal and NAT'ing that to "whatever" is external is the easiest way to do that without having to risk leaving holes in your configuration for a while to come.

    I don't WANT direct-accessibility to internal network ranges, that's why NAT has always been a viable option because it prevents that and that's what I WANT to do anyway. Yes, a firewall is capable of intercepting anything anyway, if I really want to, but having things go through a single machine that sanitises traffic and discards any attempt to communicate directly to machines that may not have the protection they should (e.g. random public devices on an internal Wifi connection offered as a convenience to guests). Instead of administering hundreds of individual machines and their software firewalls, plus an expensive IPv6-capable router at the border with thousands of rules in order to secure the machines, you can just NAT the whole network and secure that one external router/gateway machine to block things that were unsolicited or shouldn't be getting through to any machine.

    And, given that most people would have to deploy a non-trivial configuration where they DON'T just pass external traffic direct to internal machines (whether by NAT'ing or by a complicated firewall configuration), people who complain about NAT are complaining about something that will NEVER affect them - a total side-issue that concerns almost no-one.

    My networks are IPv6 compatible already. 100%. You can put an IPv6-capable host into it, get an address, and talk to all internal services and externally. You can also access remotely by IPv6, and even access IPv6 websites from an internal IPv4 client that has no support for it. It's literally a handful of lines in your existing configurations. And we have external servers with IPv6 addresses. Nobody uses them but they are there, and work.

    The fact is that the entire NAT thing is a diversion to make us think we have to do entire network overhauls and upgrades to make this new-fangled thing work. It's just not true. I will no more allow internal clients to send out on SMTP ports or allow external hosts to access, well anyway internal, over IPv6 than I would over IPv4. It's just a diversion.

    And a nice diversion from those sites, like Slashdot, that posts an IPv6 article about once a month

  32. Why isn't IPv6 deployed? Let's see... by bogd · · Score: 2
    I'm surprised nobody has posted this yet:

    http://meetings.ripe.net/ripe-55/presentations/bush-ipv6-transition.pdf

    It's a presentation I keep coming back to again and again (every single time somebody asks me "why don't people deploy more IPv6?").

    Yes, the font and colors used will make your eyes water (I really wonder if he actually chose them that way on purpose :) ). But the actual content is just as accurate now as it was in 2007, and it comes from someone who actually has quite a bit of experience working with this stuff...