Slashdot Mirror
Why the Journey To IPv6 Is Still the Road Less Traveled
alphadogg writes The writing's on the wall about the short supply of IPv4 addresses, and IPv6 has been around since 1999. Then why does the new protocol still make up just a fraction of the Internet? Though IPv6 is finished technology that works, rolling it out may be either a simple process or a complicated and risky one, depending on what role you play on the Internet. And the rewards for doing so aren't always obvious. For one thing, making your site or service available via IPv6 only helps the relatively small number of users who are already set up with the protocol, creating a nagging chicken-and-egg problem.
That works fine for me.
Oh STFU already, damn.
Everything worth anything supports it now.
So just deploy the stupid thing and be done with it.
There is really NOTHING more to be said here.
My border router is more than IPv6 ready. It's already passing out IPv6 addresses internally to the few devices which are capable of them. Not that it matters to me though, my ISP doesn't support IPv6 so what's the point? Yea, I can touch my router from my laptop over IPv6, but what does that get me?
Who is my ISP? Why Verizon FIOS of course. Until they decide to support IPv6 and give out addresses to people like me who are ready to use it, there won't be any mass adoption of IPv6 by their customers.
Are their any ISP's out there which support residential IPv6?
IPv6 is up there with Rust.
They're both overrated, overhyped technologies that people in general just don't want to deal with.
They aren't being adopted because they try to solve problems that aren't really problems.
Why are we revisiting? Ipv6 simply has too much overhead.
Have Facebook and/or Google go IPV6 only for website access. You will see virtually 100% adoption of IPV6 within 24hrs ...
IPv6 has a number of weaknesses:
1: No encryption. This was promised, but in reality, transport encryption is still at the SSL/TLS level.
2: Attackers can view your entire IP space. A simple nmap scan, then choosing what zero days to use... instant pwn-ership.
3: Untested stack, relatively. The IPV6 versions of land, teardrop, ping of death, and other attacks have yet to be found.
4: Support is spotty. Using IPv6 on the edge means most people around the world can't touch the websites.
I'll give up my 5 class-C addresses now, can we give it a rest?
We've been running out for the last decade and nothing's happend yet. zeesh!
There is no benefit to using IPv6 for most people. IPv4 works fine and there are enough workarounds to keep IPv4 relevant for a long time. IPv6, while it gives more address space, does not in itself really carry any benefits for either service providers or end users. That greatly reduces the motivation to switch.
ISPs are not helping. Where I live the local ISP charges extra for IPv6, it's something that needs to be expressedly added onto the account Who is going to want to pay extra to provide/access a service most people aren't using?
Oh, and there's a learning curve. Most people are like water... path of least resistance.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
obat pembesar penis
obat pembesar penis VigRx
obat pembesar penis neosize xl
boneka full body
Vagina senter getar flashlight
viagra obat tahan lama
Personally I've found IPv6 to be an extremely ungainly language.
It's plain to see that there just aren't enough variable names left in the world to continue using IPv5, but for me, it's Ruby++ on Python or nothing at all.
I have IPV6 at home (took some calls to AT&T Customer Support). I don't have it at work, the migration will probably start small network endpoints (phones (apparently t-mobile has already switch), and home networks).
Link local IPV6 is already fairly broadly available - it's the fe80 prefixed address on your ifconfig output. You should be able to ping other ipv6 addresses on your network (*nix to *nix).
Google's IPv6 stats page indicates this too... https://www.google.com/intl/en... has a peculiar comb effect for the last few years. Zooming in seems to give a bit more insight. Google's count of IPv6 connections has a full 1% swing over the weekends vs the week days. Due to IPv6's addressing method, each unique device on your network appears as a unique device on the internet, vs the NATed IPv4 that we all know and love. This would also have an accelerating increase in the number of unique IPs that are visible on the weekend. I know I use more devices over the weekend (chromebook, phone, laptop, table) vs during the week.
Open to other insights, but our homes will be likely IPv6 before our offices are. (Of course aggressive tech companies like google and facebook are likely already IPv6).
few things
Microsoft windows XP
Microsoft windows server 2003
Microsoft windows server 2005 ( without the non MS patch )
will NEVER use ipv6 they are forever stuck on ipv4
and the idiots at Comcast !!!!!!!!!
whenever is enable ipv6 on SUSE or RHEL6 and using Xfinity
the modem runs into a ram overflow VERY FAST
Comcast says they support it but it is one F'ED up version of something that almost resembles IPv6
"I don't pitch OpenSUSE Linux to my friends, i let Microsoft do it for me
Why learn long addresses and worry about firewalls when you can still use IPv4 + NAT.
I think that in countries with many ipv4 addresses per internet user, we won't see any change soon, they still can support one ip per home. The US is one of those. It has tons of IPs. In countries without much ipv4 addresses, the companies (especially new ones, which don't sit on millions of addresses) will see the pressure, and will run a carrier grade NAT & native ipv6 approach.
I can do IPv6 from my ISP since last November. My issues so far have been:
On the other hand, IPv6 was doing fine 12 years ago, on the IPv6 backbone from the university.
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
I wonder how many IPv6 unready appliances do we have. For instance, I do not trust my ISP to have given me an IPv6 compatible router. And I cannot easily replace this router, Huawei HG253s V2, due to the fact that is needed for the optical trasducer.
With the current incantation of Amazon Web Services (VPC),
IPv6 support is currently not available for load balancers in Amazon VPC (EC2-VPC).
http://docs.aws.amazon.com/Ela...
So there goes lots of the internet....
http://cr.yp.to/djbdns/ipv6mess.html
The writing has been on the wall for quite a while now. I think it was first discovered written underneath "As I sit here all brokenhearted..."
This has been written in a very pro-selldata approach:
For example, if the proxy that’s providing a user’s address is located in a different city from that user, then location data that could aid in targeting ads would be unusable, he said.
So, should ipv6 be enabled because it kills privacy? This article is stupid shit. I really don't like if internet protocols are designed with "targeting ads" in mind. This is where the google involvement into internet standardisation has brought us to: an internet built to spy on us. Google is not very much more than that: a company getting billions from running the most profitable internet ad network in the world (visit this, and search for "Advertising revenues"), and running other services in order to show those ads on.
T-Mobile supports IPv6, so I use IPv6 on my phone. Cox doesn't so I can't use it with the devices that generate the most traffic.
I would switch, but then I'd have to rewrite my hosts files.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
That the point at which end users like us need to be proactive. ...or just move to a country with pervasive IPv6... :-P
Setup tunnels (like Sixxs and other similar IPv6 brokers), open tickets at your provider asking for 6rd support, etc.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
You know what else solves the "not enough IP addresses" problem? NAT.
It's a short-term quick hack which might make some problem seem to disappear, but creates ton of other problems.
NAT creates layers of indirection, and NAT makes machines not directly addressable.
Require hole punching and the like even for very basic functionality (like VoIP).
The internet was envisioned as a distributed network with all being equal peers, but NAT is contributing to the current assymetry of having a few key content distributor and every body else being a passive consumer.
And it's a lot less of a change than switching to IPv6.
IPv6 here. No it's not that complicated, and can be made automated. (e.g.: you don't even need to setup DHCP. your router just hands out prefixes, and the devices on the net autonomously decide their address by appending their mac address).
With NAT, you'll end up needing to fumble with your router and open / redirect ports anyway, just to be sure that everything works as it should.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Att uverse at work supports ipv6 Verizon wireless claims to support ipv6 but you can't route to their addresses stateful firewall or something So i can connect to equipment at work with either ipv4 or ipv6 but if i need to connect to anything on vzw I'm sol because the ipv4 is nat'ed and the ipv6 is firewalled
Minimum threshold fixed. Thanks!
That why solution like 6rd.
ISP can keep their current IPv4 gear, and just offer an IPv6 tunnel that the clients can use over the IPv4 infrastructure.
No need to immediately replace all the components, and meanwhile, IPv6 is already available.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
The original article adds no insights to the real issue, but Dan J. Bernstein outlines the issue
nicely in http://cr.yp.to/djbdns/ipv6mess.html
Choice quote: " Unfortunately, the straightforward transition plan described above does not work with the current IPv6 specifications. The IPv6 designers made a fundamental conceptual mistake: they designed the IPv6 address space as an alternative to the IPv4 address space, rather than an extension to the IPv4 address space. "
...I'd be more incline to do the move myself. The problem is when you ask if or when it will be available, you get the long pause and the "We don't know". My ISP, who shall remain nameless at this point, doesn't appear to have a plan. FOr the size of their organization, you would think they have a plan or at least are looking at it but their front line makes them look amateur-ish.
I will not name my ISP but I'm in Canada and they are based out of Toronto...lol. (This should tell you who they are...)
We should start calling them once a day and politely request IPv6 support once a day every day. (Politely because I'm canadian...lol)
Windows and networks can run both side by side just fine. I think the one issue is typing the addresses, no fun at all.
you don't even need to setup DHCP. your router just hands out prefixes, and the devices on the net autonomously decide their address by appending their mac address
If you don't set up DHCP, then how do devices on the net bootstrap enough service to be able to resolve www.example.com. into an IPv6 address? Does each machine need to run its own recursive resolver or rely on 2001:4860:4860::8844?
just wait for ISP's to bill you per IP / outlet and ban / lockout NAT.
Right now ISP like Comcast may a lot of outlets fees on there TV side and when TV starts to really die down the last thing you want to have is to have it like the old phones days where they made for pay / rent EACH PHONE. Right now the cell phones provides make you pay per line to use the same shared pool of data / minutes and make you pay more to unlock tethering.
and big business want to have INTERNAL only networks as well VPN's that let you get into stuff that you want to lock down to be inside only. A VPN with username / password does more then just basic firewall rules.
http://tangkasnet99.co/prediksi-bola/prediksi-pertandingan-napoli-vs-wolfsburg-24-april-2015/
My ISP is IPv6 capable but customers are configured for IPv4 by default. Making the change is just a matter of logging in to your account settings to enable IPv6 and making sure it is enabled on your router and devices on your home network.
Most local ISPs do not support IPv6 so end to end IPv6 isn't really an option. There were also some strange issues with a few websites after making the switch. There were no measurable performance improvements. After trying IPv6 for several months, I couldn't see any benefits so disabled it on my account and went back to IPv4. It means a lot to those limited by public address availability but not much to the average Internet user.
Automatic address assignment: Useless. DHCP is better.
No more NAT: Useless. NAT is part of firewalls which are still needed. It's easy, and incredibly flexible.
Better multicast routing: Useless. Multicast is dead, and will remain so.
Simplified routing: Useless. This has been implemented outside IP
QOS: Useless. The IPv6 implementation is wrong for how QOS is used now.
Larger Address Space: The only useful feature in IPv6, but it was done wrong, and should be abandoned.
We need IPv8 that does things right for the internet we have *today* not the internet we thought we'd need in 1998.
set softtabstop=4 shiftwidth=4 expandtab nocp worlddomination
At some point, there will be nothing but growth. It might be tough now, but time and space is rapidly running out. When all space is gone, every new user will be using IPv6 and IPv4 will be considered 'old fashioned'.
I quite like vastly increased difficulty of scanning the whole IPv6 Internet. As soon as Comcast fixes their business class remote access via IPv4 is going bye bye. Sick of looking at all this crap in my logs. If random fools want to spam me they are going to have to work for it.
I can remember the IPv4 of ~10 of my servers. With IPv6 I'd be lucky to remember just one :(
IPv6 was thought up before NAT and was the solution to theIPv4 address space problem. With NAT and cheap router that is no longer a problem. And _why_ would you want all your variables global? That is just silly.
IPv4 4ever!
THIS ^^^ a thousand times.
Indeed, IPv6 was the vision of the future as it was seen from the past. As of today, it is useless garbage. Ever watched those sci-fi movies from the 60s and 70s? Where they thought we would by now have solved space travel problems yet our computers would still be the size of a fridge with tiny monochrome screens? That's what IPv6 is.
You've clearly never had to talk someone through configuring a port forward on their router so that a file transfer over IM could work, or so they could host a game server. NAT mostly works, but it turns a lot of things that should 'just work' into a need to fiddle around with the router config.
I'm in this weird bubble where I live. I'm currently on the city owned cable internet here in Tacoma WA. This ISP has some really shitty upstream connections depending on what site I'm trying to access. I also have Hurricane Electric's IPv6 Tunnel Broker service on my router itself, so my entire network has public IPv6 over IPv4. The route to the HE server in Seattle WA (~35mi away) seems to ALWAYS be stable. HE's backbone is also rock-solid world wide. Sites that are IPv6 enabled, I generally have a much better / faster / lower latency route to them, simply because my ISP has shit IPv4 routes leaving our local region.
Some major companies that are or are not IPv6 enabled: :face:b00c: in their IPv6 addresses)
google: yes
facebook: yes (interesting note: they always have
wikipedia: yes
mozilla.org: yes
amazon: no
AWS anything: mostly no (they have some half-assed thing on their load balancer service that sucks ass, but nothing else)
slashdot: no
twtter: no
microsoft.com: no
The problem of why IPv6 isn't spreading as much as its proponents would like is that it is a completely new, distinct and separate protocol.
Currently; *everything* on the Internet uses IPv4 - It is the Lingua Franca of the Internet.
IPv6 has absolutely no relation to IPv4 apart from the name. There is currently no way for IPv4 hosts to talk to IPv6 hosts easily or simply, and this is a critical flaw IMHO with IPv6.
With IPv6, you essentially have to throw away the WHOLE IPv4 Internet and start again; This is why the roll out is going so slowly; You are effectively building the Internet Mk2 from scratch, bit by bit, with this new system.
IPv4 will be around for a long time because of this for the same reason we still use x86 - There are too many current and legacy systems which only speak IPv4.
It still boggles my mind that they didn't consider interoperability at all when they were developing IPv6; If there was a standard for bridging between the two systems so IPv4 and IPv6 hosts could communicate with each other this rollout would be moving a lot faster.
And IPv6 still has the same shortsighted flaws for futureproofing as IPv4; It lacks extensibility. Sure it looks infeasibly big now, but they keep saying that and then we find we run out of space. It wasn't that long ago when a terabyte was considered unbelievably big yet now computers routinely come with drives of such capacities!
I'm still running IPv4 at home because I don't have a IPv6 firewall. My router, with NAT, shuts down my external facing ports. I've been meaning to setup IPv6 for a few years now, but I always do some research, and then drop the idea when I don't know how to secure my home network.
NAT mostly works, but it turns a lot of things that should 'just work' into a need to fiddle around with the router config.
I don't see how. Either you keep essentially all ports open to your public IP at all times (bad idea), or you need to open ports on demand.
The latter requires the same fiddling around with the router config as with NAT, assuming UPnP isn't used. If UPnP is enabled it's not an issue with NAT either and the whole point is moot.
I figure the problem will resolve itself by Y2K38. After all, legacy machines will have issues by then, right?
I think one June, when Google did that thing with IPv6, my browser wouldn't load google.com until I turned off IPv6 on my XP machine.
It's not that it wasn't considered. The biggest problem with interop between v6 and v4 is that you can't really do interop between v6 and v4. The v4 header only has 32 bits available for the dest host, so there's no way to specify which v6 host you want to send packets to.
Unless you count NAT64-like solutions or 6to4-like solutions, both of which do already exist.
And IPv6 still has the same shortsighted flaws for futureproofing as IPv4; It lacks extensibility. Sure it looks infeasibly big now, but they keep saying that and then we find we run out of space. It wasn't that long ago when a terabyte was considered unbelievably big yet now computers routinely come with drives of such capacities!
It does lack a way of expanding the address space, but we'd need to actually run out of space first for that to be a problem, and 128 bits really is a lot. 1 TB drives and v6 are in completely different ballparks: if v4 is 1 TB, then v6 is 80 million billion yottabytes. There are 300 million /64s available... for each person on the planet. And each /64 has essentially no limit on the number of hosts it supports. I could understand an argument that each person might end up running billions of computers (which would be no problem at all), but a quarter of a billion networks? Each?
And that's just using the 2000::/3 space. There are five more unused /3s available, so we could do it all over again five more times (presumably with smaller-than-/64 subnets) before actually running out.
I think we might have found the root cause for the glacially slow rollout.
My external servers - all IPv6, publish AAAA records, all services available on IPv6.
My home - IPv6 compatible router, IPv6 compatible network, IPv6-compatible clients, even IPv6 VPN to my servers.
What I don't see - IPv6 compatible websites. Slashdot is not IPv6 reachable. Nor is The Register. If even the IT crowd can't manage it, what chance do other places have? But that's no big deal, so long as they're IPv4-reachable anyway.
What I don't have - an IPv6 compatible ISP.
I can't use any IPv6 protocol except for 6to4, but the local 6to4 relay is "not supported" by my ISP and not run by them. That puts me at the behest of whatever routing is set up for that magic 6to4 address at any given point.
Sure, I could go with Sixxs etc. but that requires all kinds of signup. It's actually easier to just VPN to my IPv6-ready external server over IPv5 and bypass worrying the in-between link entirely.
It works. It's up. I receive email from third-party servers solely over IPv6 every day.
And then, you find that Google mail and DNS is IPv6. The occasional website is IPv6. The odd mail server is IPv6. And nothing else. And they are all also on IPv4 too. All that hassle, hardware and configuration and I gain... nothing.
Until we literally say "IPv4 is going to be marked for obsoletion in 6 months, and routing for it will going off on the 1st of Jan 2016, worldwide", nothing is going to change. Absolutely nothing.
Slashdot - I'm invoking my rule again. You can post articles on the IPv6 deployment when you BOTHER to put a single AAAA record on your DNS.
If I could easily apply for an IPv6 allocation that was portable then I would implement it. However I can only use our ISP supplied addresses, so it is not worth the trouble as renumbering would have to happen every time we switch ISPs.
With IPv6 it's one rule at the firewall. With NAT, you need to forward a port from NAT device to NAT device, all the way from the carrier-grade NAT device at the ISP border router to your own - and most of those you will have to pay your ISP to have any forwarding added to.
Oh, did you mean "NAT as it existed before we ran out of IP addresses"? Well, that's why we need IPv6, now when we are talking about NAT, it includes carrier-grade NAT.
Google should give search result priority to IPv6 sites. This will provide a nudge to get the momentum of SEO sensitive businesses on the right path.
That's a good argument. I would agree the switch to IPv6 has taken too long and thus it has legacy problems already before implementation. I'd pick IPv6 over IPv4 but I'd certainly pick something better were that on the table as an option.
I've had IPv6 connectivity for the past 8 years, and native IPv6 connectivity through Comcast for the past two. The last time I installed a new modem and router, the configuration was automatic.
The deployment process has been extremely slow, but in 10 years, most connections will be happening over IPv6 and most people won't even notice. Even tech savvy people will mostly find out when they try to debug something and realize the IP address is funny looking.
-- The act of censorship is always worse than whatever is being censored. Always.
people who have no interest in running a server
Are they just unaware of what advantages running a home server can offer? Or have the benefits of a server been explained to them after which they still decline?
It's still a chicken-and-egg question. How does the link-local nameserver in customer-owned equipment configure itself?
have the porn industry convert and all the issues will get solved quickly. Adaptation will follow ASAP.
I personally believe that IPv6 is just too many numbers for most people to input and remember when something is needed to be done quickly. If they could only make an alternate version slightly shorter. I do like the concept of the double colon (xx::xx) for a shortcut.
Oh, did you mean "NAT as it existed before we ran out of IP addresses"? Well, that's why we need IPv6, now when we are talking about NAT, it includes carrier-grade NAT.
If you're behind a carrier grade NAT then fiddling with your own router config won't help much will it. That's the part I quoted and objected to.
I've been playing around with my own (tunneled) IPv6 prefix at home for some time now. (I think Comcast will deliver IPv6 to me - but I haven't bothered yet.)
I run IPv6 on some of my home LANs, but not on the one I have with legacy equipment on it like webcams, TV sets, printers, and other "Internet of Things" like devices that never get patches. Those networks get the usual NAT'd IPv4 stuff.
On my IPv6 networks, I have EUI addressing turned off - a pseudo-random address gets generated from time to time (within the IPv6 LAN network prefix), and I often see those devices having multiple simultaneous IPv6 addresses. I believe that this is the default anyway for modern OSes.
And so I think that any counting of adoption by full 128-bit IPv6 addresses will dramatically over-count IPv6 adoption - even if NAT could be taken into account. Google's technicians will know this. Google's marketeers might not care.
You clearly don't understand what NAT is. Though NAT is included with almost all firewalls, it is not there to address security. It was introduced to conserve the limited address space that IPv4 provides. Since IPv6 greatly expands the number of available addresses, it is painfully obvious that NAT will go away for a great majority of users.
Will NAT go away in an all IPv6 world? No. It will fill some niche for those that have a specific need for NAT. A niche that 99% of home users, much like yourself, won't need or even understand.
NAT is gateway functionality and was never meant to address security.
> Though NAT is included with almost all firewalls, it is not there to address security.
You missed my point. Firewalls are needed for security, and if you have a firewall, you can do NAT. Not needing NAT becomes a non-feature because it doesn't significantly impact complexity or cost.
set softtabstop=4 shiftwidth=4 expandtab nocp worlddomination
"ISPs".
"now, an ISP".
"may impose a lot of" or "may charge a lot of".
"outlet".
"their".
"providers".
etc.
Slashdot thoughtfully provides a "Preview" button on its post/reply page. Please use it.
My Australian ISP (Internode, now iiNet) was one of the leading promoters of IPv6 and was one of the first to offer such connections, years ago. Many customers used IPv6 with no issues for several years. Then Netflix came to Australia. Netflix, in addition to some Australian digital TV channels and a few local mirrors is excluded from the ISP's broadband quotas. But it turns out, quota exclusion only works for IPv4. So people set their account back to a IPv4 connection.
Because of this, valuable momentum in IPv6 adoption has been lost.
> Are they just unaware of what advantages running a home server can offer? Or have
> the benefits of a server been explained to them after which they still decline?
Linux nerd here... sorry, but I have better things to do with my time than worry about constantly patching and running smtp/web/ftp servers, and constantly monitoring logs, etc, etc, etc. Having a life gets in the way of an internet.
I have a reasonable idea of how vulnerable linux servers are on the open internet. It's mind-boggling how easily the average Joe/Jane Lunchbucket gets pwnd/social-engineered even with a client machine behind a stateful firewall. Give every one of them a server, and if you think today's botnets are something, you ain't seen nothing yet.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Comcast may have lots of other issues as an ISP, such as banning customers from running server at home, and monthly usage caps (if they still do that), but they were ahead of most other US consumer ISPs on taking IPv6 seriously.
(My ISP supports IPv6 over tunnels, but doesn't run native dual-stack, at least on telco DSL. And I really should get around to actually trying it out, but I haven't...)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Back when I was closer to the ISP business, the general plan of most consumer ISPs was to start supporting IPv6 (once they had all their hardware and operations support systems able to manage it - it's amazing how many moving parts there are), and migrate most users to dual-stack, with NAT for IPv4 plus native IPv6, or else to use NAT IPv4 with tunneled IPv6.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
IPv6 was originally supposed to solve a whole lot of problems - not only did it have longer addresses (which ISPs need to avoid having to deploy customers on NAT, and in general to avoid running out of address spaces and crashing into the "Here Be Dragons" sign at the edge), but it was also supposed to solve a whole lot of other problems, like route aggregation, security, multihoming, automatic addressing, etc.
A lot of that turned out to be wishful thinking, e.g. the hard part about IPSEC tunnels is the key exchange and authentication, not building the tunnels, route aggregation didn't really work out because enterprises weren't willing to use carrier addresses instead of their own, and small carriers also wanted their own addresses instead of sharing their upstream's address space, or if it wasn't wishful thinking, it was addressing problems that IPv4 found other solutions for, like DHCP for automatic addressing.
And while NAT is a hopeless botch, it does provide a simple-minded stateful firewall as default behaviour, while IPv6 users need explicit firewalling to get the same security with real addresses (which they needed to do anyway, but especially if you're using tunnels, you have to be sure to put it in all the right places.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Yeah, that turned out to be one of the big problems with IPv6 address aggregation - sounds great in the ivory tower, doesn't meet the needs of real customers, which is too bad, because every company that wants their own AS and routable address block is demanding a resource from every backbone router in the world.
IPv6's solution to the problem was to allow interfaces to have multiple IPv6 addresses, so you'd have advertise address 2001:AAAA:xyzw:: on Carrier A and 2001:BBBB:abcd:: on Carrier B, both of which can reach your premises routers and firewalls, and if a backhoe or router failure takes out your access to Carrier A, people can still reach your Carrier B address. Except, well, your DNS server needs to update pretty much instantly, and browsers often cache DNS results for a day or more, so half your users won't be able to reach your website, and address aggregation means that you didn't get your own BGP AS to announce route changes with, but hey, your outgoing traffic will still be fine.
My back-of-a-napkin solution to this a few years ago was that there's an obvious business model for a few ISP to conspire to jointly provide dual-homing. For instance, if you've got up to 256 carriers, 00 through FF, each pair aa and bb can use BGP to advertise a block 2222:aabb:/32 to the world, and have customer 2222:aabb:xyzw::/48, so the global BGP tables get 32K routes for the pairs of ISPs, and each pair of ISPs shares another up-to-64K routes with each other using either iBGP or other local routing protocols to deal with their customers actual dual homing. (Obviously you can vary the number of ISPs, size of the dual-homed blocks, amount of prefix for this application (since :2222: may be too long, etc.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
your outgoing traffic will still be fine
That may not be fine as well, since unless IPv6 can cram both host IPs into the packet, existing sessions will get dropped (which may not happen with IPv4, since IPs stay the same). Also, that requires more complex firewall configuration (what's the probability that one of the IPs will not be entered?).
My back-of-a-napkin solution to this a few years ago was that there's an obvious business model for a few ISP to conspire to jointly provide dual-homing.
There are a few problems with this:
1. The ISPs must be willing to cooperate (unlike now, they only have to provide BGP access).
2. The customer still cannot change ISPs (now I can take my AS to another ISP if I do not like the current one or another pair of ISPs if I'm moving and the current ISPs do not provide service in the new location).
3. The failure of an ISP must trigger a BGP announce to stop traffic from coming to it. This may not happen. Currently we had multiple problems where the main ISP failed but did not announce that - out BGP router still though that the ISP is good. I had to write a script that checks if the internet is accessible and if not (for a few minutes) forces our BGP router to use the other ISP (done with prepends and priorities).
NAT != Firewall != Stateful Packet Inspection, they are all useful tools but independent functions. Having NAT for IPv6 might be useful in some circumstances but not as they way to access the Internet. The default way should be as IPv6 promises via unique addressing and your router should just operate SPI to protect your site from inbound attacks.
Simplified routing is very useful, smaller global routing tables, no need for (buggy/problematic) extensions to BGP to cope with a large number of ASes and large number of prefixes announced.
Larger Address Space: You do not cite any actual issue. I can't think of a downside. 6 extra bytes per packet, there is plenty of useless bits in IPv4 headers, but Meh!, technology now is faster more dense than it was in 1970s when IPv4 was created. So the extra bytes in the header fine by me.