Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Ready Is IPv6 To Succeed IPv4?

Posted by timothy on from the depends-what-you-want-to-do-with-it dept.

New submitter unixisc writes: Over the last 2 years, June 6th had been observed as IPv6 day. The first time, IPv6 connections were turned on by participants just for a day, and last year, it was turned on for good. A year later, how successful is the global transition to IPv6? According to Cisco 6labs, adoption rates vary from 50% in Belgium to 6% in China, with the U.S. coming somewhere in the middle at 37%. A lot of issues around IPv6, such as the absence of NAT, have apparently been resolved (NAPT is now available and recognized by the IETF). So what are the remaining issues holding people up — be it ISPs, businesses, consumers or anybody else? When could we be near a year when we could turn off all IPv4 connectivity worldwide on an IPv6 only day and nobody would notice?

13 of 595 comments (clear)

  1. Absence?! by Denis+Lemire · · Score: 5, Insightful

    Absence of NAT is a feature! If not THE feature of IPv6!

    1. Re:Absence?! by Denis+Lemire · · Score: 5, Insightful

      NAT has no security benefits. NAT's sole purpose is address scarcity. Firewalls are for firewalling. NAT is for breaking the pre-IPv6 internet out of necessity.

      My home subnet is 2610:1e8:800:101::/64. Go ahead and tell me how many machines are in there...

      I'll wait.

    2. Re:Absence?! by Denis+Lemire · · Score: 5, Insightful

      Without NAT, you're still hitting the stateful firewall and default deny rule at the edge of my network... Most home routers should default to this sort of behaviour.

      The difference is, I can open up as many ports as I need with no limitations. None of this crap with forwarding port 80 to one box and then... Oh, I need another web server... Hmm. 8080? Other random / arbitrarily selected ports? That sucks! It's broken.

      The IPs I'm leaving in web server logs are also throw-away addresses - read up RFC-4961.

    3. Re:Absence?! by Denis+Lemire · · Score: 4, Insightful

      That's not a security benefit of NAT, that's a quirky side effect that would be better replaced with a proper stateful firewall.

    4. Re: Absence?! by Denis+Lemire · · Score: 4, Insightful

      Yes, the WEB works GREAT... I also use THE REST OF THE INTERNET.

    5. Re: Absence?! by Denis+Lemire · · Score: 4, Insightful

      So you're cool with the Internet being forever limited to cat videos? The applications for the Internet were unforeseen. It changed the world in ways nobody could predict. IPv6 will pave the way for new applications in a way just as significant... But you can't see past today's furry thrills.

    6. Re:Absence?! by Bengie · · Score: 4, Insightful

      Incorrect. NAT does have a security benefit. Unless ports are opened, there is no direct inbound access into the backend subnet.

      Incorrect. Many implementations of NAT have been known to allow an outside user to cause a port to get indirectly forwarded. NAT offers no additional security while increase the surface area that needs to be secured, in addition breaks the normal OSI model by cause leaky layers, making for more complicated interactions that make configuration and debugging harder.

      If you don't think this true, you should not be giving out advice about network security.

    7. Re: Absence?! by kiddygrinder · · Score: 5, Insightful

      you're ignoring gamers and people using skype or other direct message programs just to begin with, because of NAT you can't have 2 xboxes online on the same internet connection. NAT is a fucking cancer that needs to be cut out.

      --
      This is a joke. I am joking. Joke joke joke.
    8. Re: Absence?! by rseuhs · · Score: 4, Insightful
      IPv6-adherents just don't get it.

      IPv6 requires you to:

      - give all your devices new addresses (because these morons didn't expand the address space like any sane person would, they replaced the address space)
      - configure all your network infrastructure to manage the new addresses
      - maintain two sets of addresses for the forseeable future

      IPv6 is broken because it is incompatible to IPv4.

    9. Re: Absence?! by swb · · Score: 4, Insightful

      IMHO, it's kind of the typical overreach common in IT where rather than evolving a protocol they mostly completely redesigned it, tossing out a lot of accumulated knowledge, adding a lot of complexity and lack of interoperability. A few propellerheads then stand around wondering why nobody's adopting it.

      I think there is a good argument to be made that if network space exhaustion was the principal problem with IPv4, IPv4 should have just been extended with a couple more prefix octets. The entire existing IPv4 address space could have been just arbitrarily prepended 1.1. The stack would still have needed an overhaul to accommodate this, but less so than IPv6.

      To be fair, IPv6 fixes a lot of deeper issues with IPv4, but I think it's debatable whether those problems were worse or more pressing than IPv4 exhaustion.

  2. IPv6 has been working fine, no issues by Morgaine · · Score: 4, Insightful

    The official "switch-on for good" of IPv6 a year ago was entirely seemless in my experience. There wasn't anything to fix, as nothing was broken, and IPv6 autoconfiguration handles everything so there isn't even any setup involved, it just works. This simplicity will be a boon for non-technical users once the IPv6 rollouts gain steam.

    Unfortunately the ISPs are still dragging their feet and so public rollout is slow, but it's an always upward trend, and the adoption curve is close to exponential so IPv6 will be ubiquitous before long. So many ISPs are currently planning their rollouts that there's going to be a sudden upsurge when they finally appear.

    People shouldn't talk about switchover to IPv6 though, that's not how it works. IPv4 and IPv6 networks run together side by side, and you use both together. Your application (eg. browser) generally picks IPv6 if your destination is accessible on that network, or else it falls back to IPv4. This is all automatic of course. It's better described as a switch on of IPv6 by your ISP followed by your gradual increasing use, not a switchover. There is no plan to switch off IPv4. The last remnants of IPv4-only equipment could still be around and operational for decades ahead.

    IPv6 works so well that I recommend everyone to get on it as soon as they can. You'll be able to see 100% of the Internet, whereas if you don't have IPv6 then you're only seeing a part of it. IPv4 is by far the larger part for now of course, but it's not all of it, and the parts you can't reach are growing daily.

    Happy First Anniversary of the official turn-on, IPv6! :-)

    --
    "The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
  3. Why IPv6 is broken by rseuhs · · Score: 4, Insightful
    IPv6 is broken because it is incompatible.

    To illustrate, let's look at phone numbers.

    Imagine a phone company with 6 digit numbers which wants to give users world-accessible phone-numbers. What did the phone companies do? Easy: Just add prefixes to the numbers and everybody is happy. The old numbers stay valid, you can still connect within the old network(s), nobody has to remember new numbers.

    But what if phone-numbers would have been expanded the "IPv6-way"?

    Then you would have your old number and would receive a completely different new number, which would also be in an incompatible format (maybe letters instead of digits). Then you would have to update all your phone numbers everywhere, to "switch over". of course such a scheme would fail instantly and that's why IPv6 continues to fail.

    The IPv6 adherents just don't get it. If the IPv6-designers were smart enough to just extend the IPv4-address space we would all be running IPv6 already, because it would require no reconfiguration of routers, no reconfiguration of DNS names, no reconfiguration of anything.

    But these morons thought that a billion people will just change all their addresses just because they tell them. Well, it doesn't work that way.

  4. Re:IPv6 shortcomings? by vtcodger · · Score: 4, Insightful

    It isn't (and never was) a question of capabilities. It is a question of cost. Most decision makers at every level from individuals on up to CEOs view IT (correctly BTW) as an expense, not a corporate treasure. The IP6v train left the station without the capabilities required to make eventual I{Pv4 replacement cheap and easy -- backward capability and NAT. Lots of people tried to point out that was a mistake. It was done anyway, and the same folks that didn't understand why it was a mistake still don't seem to understand why it was a mistake.

    Compared to the average business or public organization, our home setup here is not very complex at all. But we still have about two dozen devices whose software would need to be upgraded in order to change from IPv4. to IPv6. And we'd probably have to buy some new kit because some of the routers and software probably have flawed IPv6 implementations -- if they have IPv6 at all. And, of course our ISP is IPv4. Assuming they can/will deign to talk to us using IPv6 it's a safe bet that "upgrading" would cost us more time and money.

    And what do we get from all that? IFAICS all we get is the capability to expose all the digital devices in the house to external hackers. Why would we want to do that? Much less spend time and money to do that?

    It'll most likely be a long, long time before IPv6 completely replaces IPv4.

    --
    You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey