How Ready Is IPv6 To Succeed IPv4?

← Back to Stories (view on slashdot.org)

How Ready Is IPv6 To Succeed IPv4?

Posted by timothy on Friday June 5, 2015 @12:34PM from the depends-what-you-want-to-do-with-it dept.

New submitter unixisc writes: Over the last 2 years, June 6th had been observed as IPv6 day. The first time, IPv6 connections were turned on by participants just for a day, and last year, it was turned on for good. A year later, how successful is the global transition to IPv6? According to Cisco 6labs, adoption rates vary from 50% in Belgium to 6% in China, with the U.S. coming somewhere in the middle at 37%. A lot of issues around IPv6, such as the absence of NAT, have apparently been resolved (NAPT is now available and recognized by the IETF). So what are the remaining issues holding people up — be it ISPs, businesses, consumers or anybody else? When could we be near a year when we could turn off all IPv4 connectivity worldwide on an IPv6 only day and nobody would notice?

19 of 595 comments (clear)

Min score:

Reason:

Sort:

Absence?! by Denis+Lemire · 2015-06-05 12:41 · Score: 5, Insightful

Absence of NAT is a feature! If not THE feature of IPv6!
1. Re:Absence?! by Denis+Lemire · 2015-06-05 12:54 · Score: 5, Insightful
  
  NAT has no security benefits. NAT's sole purpose is address scarcity. Firewalls are for firewalling. NAT is for breaking the pre-IPv6 internet out of necessity.
  My home subnet is 2610:1e8:800:101::/64. Go ahead and tell me how many machines are in there...
  I'll wait.
2. Re:Absence?! by Denis+Lemire · 2015-06-05 13:33 · Score: 5, Insightful
  
  Without NAT, you're still hitting the stateful firewall and default deny rule at the edge of my network... Most home routers should default to this sort of behaviour.
  The difference is, I can open up as many ports as I need with no limitations. None of this crap with forwarding port 80 to one box and then... Oh, I need another web server... Hmm. 8080? Other random / arbitrarily selected ports? That sucks! It's broken.
  The IPs I'm leaving in web server logs are also throw-away addresses - read up RFC-4961.
3. Re:Absence?! by Denis+Lemire · 2015-06-05 13:34 · Score: 4, Insightful
  
  That's not a security benefit of NAT, that's a quirky side effect that would be better replaced with a proper stateful firewall.
4. Re:Absence?! by Enry · 2015-06-05 13:52 · Score: 1, Insightful
  
  Security is a process. If that process is made easier for some users by using NAT, then it's a benefit. Home users can't manage firewalls effectively. NAT is a good method (even if flawed) to protect some classes of users. Is it perfect? No. But that's why you also have other protections at other layers (host-based firewall, virus scanners, etc.)
5. Re:Absence?! by bigfinger76 · 2015-06-05 13:54 · Score: 3, Insightful
  
  We're running out of IPv4 addresses, that's what's broken. You keep hearing these arguments because the adults are talking. No one is saying that NAT is broken, just that IPv6 does away with it, and those that do not understand firewalls feel vulnerable.
6. Re:Absence?! by khasim · 2015-06-05 14:08 · Score: 2, Insightful
  
  The IPs I'm leaving in web server logs are also throw-away addresses - read up RFC-4961.
  You may be referencing the wrong RFC. That is more about port numbers than different IP addresses. The IP address of your machine should still be showing up in /.'s logs.
  
  Without NAT, you're still hitting the stateful firewall and default deny rule at the edge of my network... Most home routers should default to this sort of behaviour.
  Either that breaks most of the functionality of IPv6 or it entails a lot more effort and expertise on the part of the home user.
  
  None of this crap with forwarding port 80 to one box and then... Oh, I need another web server... Hmm. 8080? Other random / arbitrarily selected ports? That sucks! It's broken.
  So your hypothetical home user has a single IP address and runs multiple web servers. And you feel that "Most home routers" should default to supporting that?
  
  The difference is, I can open up as many ports as I need with no limitations.
  While I can manage as many ports AS I NEED without problems. Even with more than a 1,000 users at a single site.
  Which is why IPv6 has been so slow to be implemented. You either lose the benefits in order to get the same level of security you had with IPv4 or you lose that level of security for features that the average person is not demanding today.
7. Re: Absence?! by Denis+Lemire · 2015-06-05 14:47 · Score: 4, Insightful
  
  Yes, the WEB works GREAT... I also use THE REST OF THE INTERNET.
8. Re: Absence?! by Denis+Lemire · 2015-06-05 14:59 · Score: 4, Insightful
  
  So you're cool with the Internet being forever limited to cat videos? The applications for the Internet were unforeseen. It changed the world in ways nobody could predict. IPv6 will pave the way for new applications in a way just as significant... But you can't see past today's furry thrills.
9. Re:Absence?! by Bengie · 2015-06-05 15:05 · Score: 4, Insightful
  
  Incorrect. NAT does have a security benefit. Unless ports are opened, there is no direct inbound access into the backend subnet.
  Incorrect. Many implementations of NAT have been known to allow an outside user to cause a port to get indirectly forwarded. NAT offers no additional security while increase the surface area that needs to be secured, in addition breaks the normal OSI model by cause leaky layers, making for more complicated interactions that make configuration and debugging harder.
  
  If you don't think this true, you should not be giving out advice about network security.
10. Re:Absence?! by Bengie · 2015-06-05 15:10 · Score: 3, Insightful
  
  NATs offer more security in the same way diesel makes engines bigger. Look an semitrucks, those are diesel, and look at cars, those are mostly gasoline. Obviously diesel requires larger engines. Correlation is not causation. NATs require a basic stateful firewall, the firewall is what provides protection, not NAT.
11. Re: Absence?! by kiddygrinder · 2015-06-05 16:24 · Score: 5, Insightful
  
  you're ignoring gamers and people using skype or other direct message programs just to begin with, because of NAT you can't have 2 xboxes online on the same internet connection. NAT is a fucking cancer that needs to be cut out.
  
  --
  This is a joke. I am joking. Joke joke joke.
12. Re:Absence?! by kiddygrinder · 2015-06-05 16:31 · Score: 3, Insightful
  
  You think people understand NAT now? people will just buy ipv6 routers with pre-configured firewalls instead of ipv4 routers with pre-configured NATs and the world will go on exactly the same
  
  --
  This is a joke. I am joking. Joke joke joke.
13. Re: Absence?! by rseuhs · 2015-06-05 18:54 · Score: 4, Insightful
  
  IPv6-adherents just don't get it.
  IPv6 requires you to:
  - give all your devices new addresses (because these morons didn't expand the address space like any sane person would, they replaced the address space)
  - configure all your network infrastructure to manage the new addresses
  - maintain two sets of addresses for the forseeable future
  IPv6 is broken because it is incompatible to IPv4.
14. Re:Absence?! by TCM · 2015-06-05 20:07 · Score: 3, Insightful
  
  NAT has nothing to do with security. What people confuse as security is the fact that NAT is always implemented in the form of NAT+filter, never as just NAT alone. So they think the security comes from the NAT part when in reality, it's the filter part that does the job of keeping the network secure. You can remove NAT and keep the filter and have exactly the same security with IPv6.
  If there was such a thing as NAT _without_ a filter, your ISP could simply set a route to your private address space via your external router - since he's the next hop - and access your internal network freely.
  If you think NAT has anything to do with security you're just an amateur who knows nothing other than his plastic blackbox "consumer" router, and draw conclusions from what he sees in the user interface of that thing.
  
  --
  Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
15. Re: Absence?! by swb · 2015-06-06 01:53 · Score: 4, Insightful
  
  IMHO, it's kind of the typical overreach common in IT where rather than evolving a protocol they mostly completely redesigned it, tossing out a lot of accumulated knowledge, adding a lot of complexity and lack of interoperability. A few propellerheads then stand around wondering why nobody's adopting it.
  I think there is a good argument to be made that if network space exhaustion was the principal problem with IPv4, IPv4 should have just been extended with a couple more prefix octets. The entire existing IPv4 address space could have been just arbitrarily prepended 1.1. The stack would still have needed an overhaul to accommodate this, but less so than IPv6.
  To be fair, IPv6 fixes a lot of deeper issues with IPv4, but I think it's debatable whether those problems were worse or more pressing than IPv4 exhaustion.
IPv6 has been working fine, no issues by Morgaine · 2015-06-05 14:39 · Score: 4, Insightful

The official "switch-on for good" of IPv6 a year ago was entirely seemless in my experience. There wasn't anything to fix, as nothing was broken, and IPv6 autoconfiguration handles everything so there isn't even any setup involved, it just works. This simplicity will be a boon for non-technical users once the IPv6 rollouts gain steam.
Unfortunately the ISPs are still dragging their feet and so public rollout is slow, but it's an always upward trend, and the adoption curve is close to exponential so IPv6 will be ubiquitous before long. So many ISPs are currently planning their rollouts that there's going to be a sudden upsurge when they finally appear.
People shouldn't talk about switchover to IPv6 though, that's not how it works. IPv4 and IPv6 networks run together side by side, and you use both together. Your application (eg. browser) generally picks IPv6 if your destination is accessible on that network, or else it falls back to IPv4. This is all automatic of course. It's better described as a switch on of IPv6 by your ISP followed by your gradual increasing use, not a switchover. There is no plan to switch off IPv4. The last remnants of IPv4-only equipment could still be around and operational for decades ahead.
IPv6 works so well that I recommend everyone to get on it as soon as they can. You'll be able to see 100% of the Internet, whereas if you don't have IPv6 then you're only seeing a part of it. IPv4 is by far the larger part for now of course, but it's not all of it, and the parts you can't reach are growing daily.
Happy First Anniversary of the official turn-on, IPv6! :-)

--
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Why IPv6 is broken by rseuhs · 2015-06-05 19:05 · Score: 4, Insightful

IPv6 is broken because it is incompatible.
To illustrate, let's look at phone numbers.
Imagine a phone company with 6 digit numbers which wants to give users world-accessible phone-numbers. What did the phone companies do? Easy: Just add prefixes to the numbers and everybody is happy. The old numbers stay valid, you can still connect within the old network(s), nobody has to remember new numbers.
But what if phone-numbers would have been expanded the "IPv6-way"?
Then you would have your old number and would receive a completely different new number, which would also be in an incompatible format (maybe letters instead of digits). Then you would have to update all your phone numbers everywhere, to "switch over". of course such a scheme would fail instantly and that's why IPv6 continues to fail.
The IPv6 adherents just don't get it. If the IPv6-designers were smart enough to just extend the IPv4-address space we would all be running IPv6 already, because it would require no reconfiguration of routers, no reconfiguration of DNS names, no reconfiguration of anything.
But these morons thought that a billion people will just change all their addresses just because they tell them. Well, it doesn't work that way.
Re:IPv6 shortcomings? by vtcodger · 2015-06-06 00:21 · Score: 4, Insightful

It isn't (and never was) a question of capabilities. It is a question of cost. Most decision makers at every level from individuals on up to CEOs view IT (correctly BTW) as an expense, not a corporate treasure. The IP6v train left the station without the capabilities required to make eventual I{Pv4 replacement cheap and easy -- backward capability and NAT. Lots of people tried to point out that was a mistake. It was done anyway, and the same folks that didn't understand why it was a mistake still don't seem to understand why it was a mistake.
Compared to the average business or public organization, our home setup here is not very complex at all. But we still have about two dozen devices whose software would need to be upgraded in order to change from IPv4. to IPv6. And we'd probably have to buy some new kit because some of the routers and software probably have flawed IPv6 implementations -- if they have IPv6 at all. And, of course our ISP is IPv4. Assuming they can/will deign to talk to us using IPv6 it's a safe bet that "upgrading" would cost us more time and money.
And what do we get from all that? IFAICS all we get is the capability to expose all the digital devices in the house to external hackers. Why would we want to do that? Much less spend time and money to do that?
It'll most likely be a long, long time before IPv6 completely replaces IPv4.

--
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey