Slashdot Mirror
One Year After World IPv6 Launch — Are We There Yet?
darthcamaro writes "One year ago today was the the official 'Launch Day' of IPv6. The idea was that IPv6 would get turned on and stay on at major carriers and website. So where are we now? Only 1.27% of Google traffic comes from IPv6 and barely 12 percent of the Alexa Top 1000 sites are even accessible via IPv6. In general though, the Internet Society is pleased with the progress over the last year. '"The good news is that almost everywhere we look, IPv6 is increasing," Phil Roberts,technology program manager at the Internet Society said. "It seems to be me that it's now at the groundswell stage and it all looks like everything is up and to the right."'"
But its still difficult to get an ipv6 home connection in many areas. I can see that for years to come we will have an ipv6 backbone, ipv6 in amjor organisations but most people connected via NAT and an IPv4 isp
that it was back and to the left.
No sooner do I get over one, then you put a better one right next to me. Bastards.
Remember in 1992 when they told us that HDTV would be the standard in like 3 years, then in 1995 they said it was 5 years away. The biggest issue is that there aren't easy migration options, and there aren't, yet, many compelling reasons to switch to v6.
Yea the ability to address every molecule on the planet is nice, but I don't have internet for them right now. At best, right now, in my house, I have about a dozen ip addressable things. Only one do I trust with a publicly addressable ip, and that's my router. As we've seen the shitty security practices of the past two decades with security primarily through obscurity, we have reached a point where it would look something like Die Hard 4 if you placed all things on the internet with publicly addressable ips. No thank you.
IPv6 is ready for hockey stick growth, as Phil Roberts (ex-Surface RT marketing manager?) points out.
paquets arrive before they are sent.
Or at least IPv6 packets have a latency respect IPv4 of -20.
http://www.google.com/ipv6/statistics.html#tab=per-country-ipv6-adoption
Not a single business partner, client, or home user that I've dealt with for the last 3 year has an active IPv6 DNS registration. _None_.
The critical factor for IPv4 exhaustion was the lack of "/24" addres spaces for businesses and buildings. This has been impressively ameliorated by the use of NAT, which shares numerous intenral and protected IP addresses behind a single or pair of public addresses and should be the _default_ configuraiton in most businesses and organizaitons, simply to reduce the constant external vulnerability scanning of any host directly connected to the Internet.
The growth of high capacity load balancers for web servers and other network services has also helped tremendously, allowing a wide set of behind the scenes hosts to be serviced by a single exposed device and reducing the IPv4 footprint of these services. Also, people have learned how to economize in the ir IPv4 use: They _do no tneed_ a different IP address for their email server, their FTP server, their web server, their phone server, their chat server, and their IRC server. The services are being easily funneled through a single exposed router or firewall, far more efficiently than before.
The result has been that the great need for IPv6 simply has not yet occurred, and is unlikely to occur for another 10 years. The foundation of the need for IPv6 is basically that of ubiquitous comuputing: the idea that every single device scattered around the home or around the workplace will have its own IP address for remote communications, and they _should not have_ public IP addresses. Providing public, routable IP addresses puts them at risk of attack at all times: putting them in the unroutable, easily tracked and maintained IPv4 address space handles almost all internal network needs quie effectively and is a signigicant security advantage and eases scanning and tracking of local resources.
I can't think of a better place to cite it. I mean come on, I don't even have to click through and RTFA. It's right there in the summary that no, we aren't there yet.
What's the AAAA record for slashdot.org?
Oh....
Unfortunately, this should of happened 10 years ago, probably the only way to make this switch is a mandated date, like the US TV digital broadcast change.
The Chinese government loves IPv6 because it provides extra granularity for surveillance of their citizens. Fuck that. They can kiss my shiny metal NAT.
If you don't have much stuff on the inside of your firewall it's not really any harder. Actually if you have a lot it's not really harder either since it's still all ports and addresses. The fuckup you've linked to is due to separate teams working on separate firewalls for IPv6 and v4 and is a management issue which only affects the endpoint. If you've got the network under the adult supervision of even a cheap and nasty ADSL IPv6 aware router the filtering should just work without having to care about problems due to internal empire building at Microsoft or Apple. "Block all except ports X,Y,Z" is not that hard to do on any sort of sane interface, and if you have to do it twice due to an unforgivable fault of UI design from office politics it's still not that bad.
I consider myself LATE, WAY LATE to the ipv6 game, and I've had my tunnel for a year.
Meanwhile comcast business STILL hasn't provided native ipv6 to me.
'"The good news is that almost everywhere we look, IPv6 is increasing,"
Every time we measure it the mean distance between the Earth and its moon is increasing. Wooooo Hoooooo.
IPv6 has gone "live"? First I've heard of it! :-O
Call me crazy but I still want NAT with IPv6.
Well, maybe that's a bit dramatic. How about: IPv6 day is a failure.
It will be a long few years of slow IPv6 roll outs. It will likely be a decade or more of dual stack IPv4 and 6 and then IPv4 will SLOWLY fade away.
It seems to double every year. At this rate Google will have 10% ip6 traffic in 3 years and 40% in 5 years.
Me: "Hello, big boss! I'd like to go to IPv6 soon!"
BB: "What will that take?"
Me: "Oh, probably a couple of months worth of completely dedicated work from your best network folks. If you don't exclusively task them, could take a year."
BB: "Sounds complex. Is it risky?"
Me: "Absolutely! We could totally drop off the internet or lose internal connectivity for quite a while if we mess it up."
BB: "What, exactly, am I getting from this expensive and risky thing?"
Me: "More or less what you have now. The features it does you don't really care about."
BB: "So it's expensive and risky and I get nothing out of it."
Me: "Yep! When can I start?"
*doorslam*
Ack!
IPv4 is the backbone of nearly all networked systems and applications; to expect EVERYONE to switch over to IPv6 immediately is a bit naive. It's not just the service providers (Quest, Lightbound, AT&T, Verizon, etc) that have to update their WHOLE infrastructure, but applications and operating systems have to natively support IPv6. Many home users cannot afford to upgrade their hardware and software on a whim and won't have a budget to do so for a few more years (mostly due to slow economy and unemployed consumers). I suspect it will take five to 10 years before we start seeing IPv6 make its way into mainstream services. I have a VM with Rackspace and it has a public IPv6 address, but the only service that I've found useful (or even readily available) are the primary Debian mirrors. Having worked as an IT Consultant for small businesses, a SysAdmin in the ISP vector (gaining insight from a vendor aspect) and now as a SysAdmin for a software company (consumer aspect), I have first hand experience at witnessing the readiness from two different ends of the spectrum. The insight I've gained tells me that NO ONE is ready to simply flip a switch; it's going to be a painful, multi-year migration.
att wants to you pay for a IPv6 modem
screw that, I'm not paying a 50% premium when my old IPv4 kit just works.
And in every single Fucking IPV6 discussion this comes up again. Using NAT as a safety is like removing your wheels as a brake. A better solution exists; it is called a firewall. Look it up! Instead of biting the bullet and going IPV6, we are adding layer upon layer of crap and "optimisations" which are hard to maintain and hard to learn. And a billion chinese smartphones, you gonna NAT them as well? The only future of NAT is as a (very long term) transition protocol running in parallel with IPV6. I want my home PC on IPV6, and my smart-TV can then download updates over NAT. Unfortunately I can't get that here in Denmark (yet).
10 ?"Hello World" life was simple then
As a consumer, I'm really looking forward to the switch. But the reality is that we don't have any ISP around who provides IPv6 access as their standard service package. I want to move on, but I also don't want to pay a double/triple of what I'm paying only for a longer IP address on my router.
I recently took an exam that covered IP6, so I was *determined* to get it working through a tunnel broker or some such means, just to say I did. I fired up test-ip6.com and...I was already on it.
My shared office had recently upgraded their modem from AT&T, which apparently supports v6 out of the box. Absolutely zero manual config on the router or client. Found out later, it's the same with Comcast where I live (northern California).
OTOH, I work at an ISP that has IP6 nowhere on its radar. I haven't raised the issue yet because I'm so new, but I have a few guesses:
So, it comes down to huge cost with little to no appreciable gain (for our organization). Sure, routing gets simpler, no NAT overhead, but it's not like v4 is going to disappear overnight. Dual stack is the way it's going to be for a very, very long time. My grandkids may see widespread native v6. Maybe.
[1] http://samsclass.info/ipv6/proj/flood-router6a.htm
FTFS:
it all looks like everything is up and to the right
I'm confused, is up and left an option? I'd love it if my graphs with negative slope indicated time travel instead of a decrease over time!
"Space Exploration is not endless circles in low earth orbit." -Buzz Aldrin
I have been looking at the IP v6 specs for enterprise level hardware, top of the line products from Cisco and the likes. The last I check, a few months ago, the accelerated routing on their top of the line Layer 3+ switch had about 1/2 the aggregate routing for IPv6 as it did IPv4, and older hardware is much worse.
Until the hardware ASIC's are acellarated as much for IPv6, I think businesses will lag unless they need to use IPv6 due to contract requirements (military and the likes). Why would they pay more for modern hardware that is slower than what they have to adopt IPv6 when IPv4 is satisfying their needs, even if NAT is a gimped solution. It still works, and is pretty fast.
To home users, it provides a whole host of IP addresses that can be used to enhance their security. For instance, if someone sets up a DHCP to pool a certain set of addresses to his laptop, that would exceed anything that was available when IPv4 was not in such a shortage. For instance, one could set it up so that the laptop would pool 65,536 addresses within a certain range, while addresses outside that can be static for certain devices.
To business users, plenty, since it blows up the number of routable IP addresses available to set up a whole host of things, from IP phones to varous servers and so on. A company located in a single site with just a single /64 would have all the addresses it would ever need for every internet facing service that it uses.
If you buy a router that supports IPv6, it is a waste if the network provides a NATed IPv4 connection. But if they provide a dual stack connection, you can through that link have every internet device that you own connected directly to the internet.
I don't think there has ever been a computer industry failure as large as IPv6. It was actually launched twenty years ago and it's gone nowhere. Why is that? It's because the committee that designed it screwed up in the largest way possible. They decided the easiest way to fix the relatively trivial problem of address exhaustion was to create an entirely new network protocol and have the entire world switch to it.
I'm sure that someone on that committee must have had at least average intelligence. That guy must have known that the whole idea was a non-starter. What must it have been like listening to a bunch of engineers getting excited about a totally unworkable solution.
How would IPv6 expose one's intranet? Just like you have local addresses in IPv4, you have link-local addresses as well as site-unique addresses in IPv6 that achieve the same thing. And just b'cos every node has a public IPv6 address does not imply that it has to be accessable - it'll still be behind a firewall. Also, if one doesn't want a certain computer to access the external internet, one can simply not assign it any routable IPv6 address, but just assign it the link-local address and be done with it.
Also, scanning that /64 address space would take forever, but even without that, a good DHCP set-up would enable the user to have a pool of any number of dynamic addresses within the /64 space, and keep changing it at regular intervals (say 1 hour) making it practically impossible to breach.
You've completely and utterly missed a very simple point and missed those words "two separate things" - the word "separate" indicates things that are supposed to be apart and not dealt with by load balancers or proxies. It usually means different people wanting to do different things instead of running it all on one box - hence knee deep in virtual machines or some other way to keep other people's stuff from getting in their way.
It's not hard, but it appears that for some reason you are currently not in a state to grasp the topic and are instead spewing misleading drivel that's going to fool some newbies into thinking it has value. Giving some rambling lecture about apache and sendmail virtual hosts that only the absolute newbies are unaware of is just wasting space and showing you didn't bother to read and understand my reply.
....IPv6 day this year as well? What did they do different from the last 2 years, if anything?
In theory, you are correct. In practice, the home router firmware is a lousy piece of work and is seldom, if ever, updated. A bug in the NAT implementation will usually cause things to to not connect. These bugs are obvious and get fixed. A bug in the stateful firewall can easily leave it open. The bug is not as obvious. It will never get fixed.
Yoghurt
$ nslookup -type=AAAA google.com
Name: google.com
Address: 2a00:1450:4007:80a::1001
$ nslookup -type=AAAA slashdot.org
Name: slashdot.org
$
From what I've read, privacy extensions seems to be IPv6's equivalent of dynamic addresses in IPv4. Essentially, it's one alternative to using EAU-64. But a better idea is to configure a DHCP server so that services that need static IP addresses have them, and services that need dynamic IP addresses have them as well.
"Switch over to IPv6" is a concept that detractors have pulled out of thin air, as it bears no relationship to how IPv6 rollout was planned and expected. Adding the word "immediately" just makes the misconception worse.
IPv6 was always intended to run alongside IPv4 for the foreseeable future, because old IPv4-only equipment will be around for decades until it rots and it will need to be reachable until it is replaced. So, please don't talk about needing to "switch over" to IPv6. Wherever you got that idea from, it's wrong. Talking about it is propagating an invalid concept, and calling the expectation "naive" is just knocking down a straw man.
IPv6 service merely needs to be enabled (without touching IPv4) on an IPv6-capable dual stack home router, and ISPs who offer IPv6 provide routers with it already enabled so you just need to plug them in. (If it's an old router then you'll have to enter the new IPv6 address info that the ISP gives you of course.) Simple home systems don't even need user configuration for IPv6, because IPv6 router advertisements then handle everything. It's as simple as USB for the home user, totally plug'n'play, which IPv4 never was.
And once enabled, IPv6 works totally happily and transparently alongside IPv4 in the home network and at the server end, so there are no "switch over" issues. IPv4 continues to work exactly as it did prior to enabling IPv6. Browsers in particular just use IPv6 by default on a site that has it, and IPv4 if not. It's completely seamless for the end user.
The pain and angst of "switch over" that you describe simply doesn't exist, because switching over was never planned, expected, nor even desired.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
I read that Comcast was providing DS-lite, which is the best, in that it sets up the underlying infrastructure as IPv6, and only provides private IPv4 nodes at the end behind public IPv6 addresses for only those IPv4 nodes that for some reason can't use IPv6. That sounds to me like the best solution, in that it uses zero public IPv4 addresses, and only uses the abundant IPv6 addresses or the reused IPv4 local addresses, which don't cause any issues.
OK so my ISP gives me an IPv4 address.
How do I get on this IPv6 thing? My router runs pfSense (FreeBSD) and my desktop OS of choice is Windows 7. Where is the howto?
Me and my 255 friends are still on IPv1, you insensitive clod!
Get free satoshi (Bitcoin) and Dogecoins
http://en.wikipedia.org/wiki/Betteridge's_law_of_headlines "No."
Every single point in the parent's attempt at humor is factually incorrect:
* It doesn't take a couple of months to a year. For small businesses, it takes 5 seconds to plug in a new router from an ISP that offers dual stack IPv6. All current end user machines already support IPv6, even phones and tablets.
* It doesn't require expert networking folks to implement it. IPv6 is MUCH simpler than IPv4, it's totally plug'n'play because IPv6 router advertisements handle everything. It's about as "hard" as USB, and creating most IPv6 networks requires no special knowledge at all.
* It's not risky, because IPv6 runs alongside IPv4, not instead of it. If your IPv4 network worked before, it will continue to work after IPv6 is enabled. Businesses will need to configure a new IPv6 firewall, but that's identical in concept to IPv4 except simpler.
* It's even LESS risky than IPv4 alone because if you get your IPv6 connection from a different ISP than IPv4 then it gains your business automatic failover and redundancy, at home prices.
* What companies get out of it is that their customer base grows, because they become reachable by all the Pacific Rim users that are being allocated IPv6 addresses because IPv4 address space ran out for them a while back. In an era of worldwide online commerce, deliberately excluding parts of the Internet is a very poor business plan.
* What end users get out of it is that they can reach all parts of the Internet and P2P works MUCH better than it ever did on IPv4. Being limited to IPv4-only is like living behind the firewall in China. Not being able to see the whole Internet is deliberate self-restriction, and it sucks as bad as imposed censorship.
I know the parent was only going for laughs, but the post was ill-founded and giving incorrect advice on every point.
IPv6 is the current version of IP, and IPv4 is now the previous version. It became so, officially, in June 2012.
If you weren't aware of this, it just reflects how well you are informed about the Internet and its protocols.
IPv6 has been "live" for a decade though, and has been in use by enthusiasts and early adopters around the globe throughout that time. The adoption curves are exponential, and because it runs alongside your existing IPv4 and just enhances it, there is nothing to lose and everything to gain. In any case, you can't fight maths, especially exponentials.
The APNIC and RIPE NCC registries which represent almost the entire eastern half of the planet ran out of IPv4 address blocks to allocate a while back, so much of their new growth is on IPv6 and they're expanding fast. Wanting to deliberately restrict yourself to only the old part of the net is a bit wierd.
I recommend you take a look at IPv6, because if you have only IPv4 then you're not seeing the whole Internet. If you use P2P, it's especially beneficial.
What is this "att" you are speaking of?
Probably American Telephones & Telegraphs, or AT&T. Although I wonder whether they still do telegrams?
One question - in IPv6, is there a need for VLANs? In IPv4, there is, since people may be arbitarily demarcated within subnets, but there may be a need to pull out members of different subnets and put them under a common virtual network. But in IPv6, since a host can have multiple IPv6 addresses, does it make sense to have VLANs there? Since there is no upper limit (2^64 is not a limit that's ever likely to be reached), does it make sense that one would have VLANs in IPv6? Yeah, one could, in the same way that it's there in IPv4 and there is no difference in implementation of a lot of things b/w IPv4 and IPv6, but there are some things that are necessary in IPv4 that are just not needed in IPv6. So is it a good practice to continue it in IPv6 just to keep the paradigms consistent?
Recently I had a spam message, nothing new here you say, well read on. So I decided to look a little further into the email and discovered that the IP address which was allocated to this clod had a further 126,000 IP addresses allocated to this bozo.
Which brings me onto IP6. Why are all routers NOT allocated IP addresses when they are manufactured, instead of relying on these ISP's? At least the numbers of IP addresses would go down. It would then be easy to track where a piece of internet data is coming from and then ISP's could stop spamming so much easier. Currently the main email companies can do very little in stopping spam or any other unwanted data (think p*rn etc).
As far as companies who use, internally, vast numbers of IP addresses nothing would change. Home routers would not change other than having an IPv6 address allocated to them just the same as companies. So internally IPv4 would continue to be the norm.
Banks could set-up a more secure method of connection and anyone else for that matter.
Just my 2 pence worth.
I was working for a company that works with Comcast (I had access to their systems, and I remoted into their customers computers).
I saw quite a few people that had ipv6, and Comcast is pushing ipv6 compatible equipment pretty hard. Other ISP's don't seem to be trying as hard, but Comcast (despite their other failings) is making the ipv6 effort.
Surely, this is the year of the Linux Desktop^W^W the really long and unwieldy IP addresses.
ATT U-verse in my town that covers 2 square miles gives a public IPv6 address by default. Comcast is simple to set up IPv6 via a r6d tunnel. I just finished deploying IPv6 at a university in a day and will be doing a large state agency next month when their web filter supports v6. For the end users its a nonevent. IPv6 is everywhere and no one even knows they are using it.
about a 3rd of my home internet traffic is IPv6 driven mainly by my teenaged daughter whos only technical skill is to call me when the old AP I'm using locks up.
How is it that none of the networking companies - Cisco, Brocade, Juniper, Foundry, et al have thought it worthy of taking a lead in this potential market in IPv6 by creating custom ASICs that are specialized for IPv6 accelarated routing in their Layer 3+ switches?
The way I imagine it, they could make their initial solutions available on FPGA, which would help them avoid fabing custom ASICs before the market size hits critical mass. Then, once the early adaptors have taken it and it reaches critical mass, they could spin ASICs from those designs thereby achieving cost reductions due to volume, and then grab marketshare there. Then they could either become the next Brocade or Foundry, or get acquired by one of the above companies, thereby getting it made!
Impose a Latency Tax on IPv4 traffic. Prioritize IPv6 traffic.
Then I think the organic interest and growth of IPv6 push the migration.
> And just b'cos every node has a public IPv6 address does not imply that it has to be
accessable
The problem is not that it needs to be accessable, but that it can be accessable.
With some non-routed address you know everything out and their answer must come through NAT, so there is some machine there doing a stateful handling of the traffic and only is special conditions allowing incoming connections.
Once you have a routable IP that does not need any translation, then someone doing a mistake and switching the wrong cable at the wrong place or misconfiguring a firewall or or or, means you are directly accessible from all the world.
The additional security of NAT is no addition if all is working correctly. The additional security of NAT is making if fail in a safe direction: If something is wrong, no connection will be possible.
What are we discussing here - businesses, or home users? For home users, yeah, the case is weak, depending on the usage. For business users, it's certainly not the case.
If one has a business and uses IP phones, having unlimited routable addresses for each of them, no matter how many, is a godsend. Similarly, if that business has VPN connections for its employees and similar tie-ups w/ partners, again, IPv6 is invaluable: using site-local addresses, the organization can avoid situations akin to IPv4 where 2 orgs have the same 192.168 addresses for different networks. While in IPv4 it's a pain to set-up, in IPv6, due to site-local or site-unique addresses, it would be a breeze.
Similarly, if the organization servers have multiple virtual machines running on them, each of them can have a separate, routable connection to the internet independent of the host box, and therefore not depend on the connection of the host box. Also, if the organization has different e-mail, web, file servers, each of them can have independent IP addresses that can be set up to be either publicly accessible, or have limited public distribution.
In short, if a business thinks that it doesn't need IPv6, in a lot of cases, they may simply not know that they actually do.
We're trying to deliver IPv6 for our customers, but some major ISPs still either cannot give us IPv6 service at all or if they can, they cannot deliver it over our existing circuits, so we have to bring in new fiber, buy additional network equipment to terminate it, etc.
Don't let anyone fool you into thinking that adding a AAAA address to www.yourcompany.com will be easy or cheap. For most people, it's not.
There's a reason slashdot.org still doesn't have it, and it's not just because CmdrTaco quit.
This Web site's content is provided via IPv4 only. You should be able to reach this site regardless of your IPv6 compatibility. Guess we're not there yet.
Web hosts and websites can't switch to IPv6 until all possible site visitors are on it, because simply you can't address an IPv6 website from an IPv4 address.
So neither hosts nor sites will switch until all the users are on IPv6.
Which won't happen because until all the sites/hosts ae on IPv6 there's no reason to spend the money.
Comment removed based on user account deletion