IPv6 Achieves 50% Reach On Major US Carriers

Long-time Slashdot reader dyork brings new from The Internet Society: IPv6 deployment hit a milestone this month related to the four major US providers (Verizon Wireless, T-Mobile USA, Sprint, AT&T): "IPv6 is the dominant protocol for traffic from those mobile networks to major IPv6-capable content providers."
A graph on their "World IPv6 Launch" site shows those carriers are now delivering close to 55% of their traffic over IPv6 to major IPv6-capable content providers -- up from just 37.59% in December. "This is really remarkable progress in the four years since World IPv6 Launch in 2012, and the growth of IPv6 deployment in 2016 is showing no signs of abating." In fact, the NTIA is now requesting feedback from organizations that have already implemented IPv6, noting that while we've used up all the 4.3 billion IPv4 addresses, IPv6 offers 340 undecillion IP addresses -- that is, 340 followed by 36 digits.

fp

Instead of IPv6, we would be better disconnecting China, India, and Russia from the internet. That way, we can reclaim those IP addresses while dramatically reducing the amount of crime (ransomware, DDoS attacks, piracy) that takes place online.

Re:fp

[Sax+Russell+5449D29A]

I've had country blocks (most of Asia, Africa and Russia) for some time now and have seen a dramatic drop in crap that's trying to crawl up the tubes from those countries. Mainly automated out-of-the-box spam bots and hacking scripts (I was shocked to discover e.g. that w00tw00t is still a thing). This takes off some of the unnecessary load in the backend, too, and these countries are the ones that usually spam the Internet with fresh exploits, so that's a better-than-nothing first line of defence also.

Re:fp

[unixisc]

Even w/ that, you'll be nowhere near what is required in terms of needed IP addresses. And those countries already have a miniscule proportion of the IPv4 addresses, and in those countries, IPv4 is heavily NATed.

Re:fp

[davester666]

Still get "duh, we are evaluating the idea of considering a proposal to think about figuring out what IPv6 means" from the major Canadian ISPs.

In before...

[Just+Some+Guy]

Here, let's get the resistance out of the way:

"But, but, if we can't have NAT then we'll be h4xx0r3d! And I can't remember all those hex digits LOL."

Re:In before...

[KiloByte]

ip6tables -t nat -- this NAT? There are good uses of NAT, although not what most people are thinking of.

Re:In before...

[zamboni1138]

You can NAT IPv6. Works just like NAT in IPv4.

As for address length, my public IPv4 network number is 15 characters long, whereas my IPv6 network number is only 13 characters long.

Re:In before...

[unixisc]

I read his statement as being facetious. Last few times we discussed IPv6, we did bring up the fact that the IETF officially endorses NPT - Network Prefix Translation - RFC 6296

Re:In before...

Which is pretty close to the original meaning of NAT.
What people are calling "NAT" these days is PAT.

Re:In before...

[unixisc]

No. PAT involves using port numbers to supplement IPv4 addresses, so that a hybrid static-dynamic NAT in IPv4 can get a 1:1 mapping b/w the local IP addresses and the external IP address coupled w/ the port number. That's one of the things that IPv6 eliminates, but it also removes things like load balancing or address isolation.

NPT - Network Prefix Translation - is different. It keeps the Interface ID unchanged - the part of the address that's not part of the network address - is not touched. Instead, a public unicast address is converted into a site local address, w/o touching port numbers. What you have is a 1:1 relationship b/w local and routable addresses. In PAT, what you have is a 1:1 relationship b/w a routable address coupled w/ one of 65536 port numbers to a local address. Which is a mess, b'cos if one needs ports for anything else (like map segments in a mapping application), one has to keep tabs on the ports used for PAT vs the ones used for the applications that need them

Re:In before...

[unixisc]

I reread your statement. The original meaning of NAT was a one:many mapping from routable to local addresses. Whereas NPT is a 1:1 mapping. It achieves the advantages of NAT - load balancing, network isolation, while avoiding pitfalls like the consumption of port numbers

Re:In before...

[Tony+Isaac]

And I can't remember all those hex digits LOL

And THIS is the best thing about IPv6: it might finally stop enterprise IT teams and programmers from using IP addresses to access everything, rather than using their names. Because IPv4 numbers are easy to remember, it's tempting to use them in config files, command lines, and code. But this is a dangerous practice, considering that many IP addresses change assignments regularly, even if they are "fixed" addresses. I've seen entire VM clusters inadvertently wiped out by IT staff because they mis-typed an IP address.

Re:In before...

[jrumney]

it might finally stop enterprise IT teams and programmers from using IP addresses to access everything

It doesn't help when enterprise IT teams come up with DNS naming conventions that cryptically encode all the info about an asset into the name, and then apply that naming policy not only to desktops and laptops, but the servers that everyone needs to access, and steadfastly refuse to acknowledge the existence of CNAME records. The IP address is the easiest thing to remember where I work (there are only two 3 digit prefixes to remember for the two sites I deal with day to day, and the servers are all on low 4th digits, though the printers get higher numbers for some reason).

Re:In before...

Actually, what is interesting about the IPv6 rollout is that many people have their firewalls configured to protect their IPv4 but don't realize they also need to configure IPv6 separately. Many firewalls both hardware and software (Windows, Linux and appliances) don't copy the firewall protections over to IPv6 automatically. Make sure you ip6tables as well as iptables if you want to protect both. There are a ton of servers unprotected right now and no one realizes it. Also, as a server admin, having IPv6 open increases your traffic, not because more people are visiting but because a lot of bot nets are scanning IPv6 looking for vulnerabilities. Welcome to our brave new world.

Re:In before...

[Just+Some+Guy]

Also, as a server admin, having IPv6 open increases your traffic, not because more people are visiting but because a lot of bot nets are scanning IPv6 looking for vulnerabilities.

I'm very skeptical of this. What's the Venn diagram of "people who know what IPv6 is" and "people who think you can scan IPv6 space before the heat death of the universe"?

Re:In before...

[marka63]

Actually RFC 6269 dis-endorses NAT. RFC 6269 provides the least worst form for those that irrationally just have to have NAT.

For reasons discussed in [RFC2993] and Section 5, the IETF does not
recommend the use of Network Address Translation technology for IPv6.
Where translation is implemented, however, this specification
provides a mechanism that has fewer architectural problems than
merely implementing a traditional stateful Network Address Translator
in an IPv6 environment. It also provides a useful alternative to the
complexities and costs imposed by multihoming using provider-
independent addressing and the routing and network management issues
of overlaid ISP address space. Some problems remain, however. The
reader should consider the alternatives suggested in [RFC4864] and
the considerations of [RFC5902] for improved approaches.

Re:In before...

[Aqualung812]

I do DNS for a large enterprise.
We have a subdomain just for user-friendly names.
Only CNAMES or A records pointing to a load balancer are allowed.
Outside of those two rules, I don't give a shit what name you want. If you're the first one to grab it, and it is in a request that ties back to you so I can tell them who asked for H4X0R.user.domain.tld, you can have all you want.

But yeah, I agree. Places that don't allow this are jerks.

is that math correct?

[v1]

IPv6 offers 340 undecillion IP addresses -- that is, 340 followed by 36 digits.

IPv4 = 256^4 = 4.3 billion (4.2x10^9) - check
IPv6 = 256^6 = ... 340x10^36 ???

shouldn't that be 256^6 = 2.8x10^14? That's a MUCH smaller number.

Re:is that math correct?

No, it's actually 65536^8 (2^128), which is the 340 * 10^36 quoted.

Re:is that math correct?

which undecillion are we talking about here? USA's or GB's?

Re:is that math correct?

[Lord+Crc]

IPv6 = 256^6 = ... 340x10^36 ???

Not sure if bad attempt at joke or not, but in case it isn't: the 6 in IPv6 isn't the number of octets used in the addresses, it's a version number. IPv6 uses 128 bit addresses, and 2^128 = 3.4 * 10^38.

Re:is that math correct?

Either way, I'm waiting to hear about impending IPv6 exhaustion. They'll decide that giving out /56's to everyone calling themselves an ISP wasn't such a good idea, and even that idea of handing out a /64 to every Joe in the world wasn't so good either. Just wait.

Captcha: tantrum

Re:is that math correct?

I use IPv8. My address is 4bcff052ec3ada3b919b678230d13b60:b5be6d939170365190d879dab4978bda:576db2fa1c145668557aa89a86f4f19d:bd86d2a07b2faab75f141712161aeefc and I don't regret it an instant. It's much more convenient to remember than the older addresses with numeral digits only.

Re:is that math correct?

[WaffleMonster]

Either way, I'm waiting to hear about impending IPv6 exhaustion.

Your going to be waiting a while as just 1/8th of the total address space is currently in play. If things unexpectedly go off the rails there is opportunity for IANA to reign it in with policy changes for allocation from remaining 7/8's.

decide that giving out /56's to everyone calling themselves an ISP wasn't such a good idea

It's more like /32 or more... We pull a /56 from our ISP. A so-so rule of thumb for understanding allocation difference between IPv4 and IPv6 is every "ISP" is allocated IPv4 address space equivalent of a single IP address. On order of a billion ISP like allocations and your fucked assuming current policy is carried forward to remaining 7/8's... To put this into perspective globally there are currently only about 55k ASNs.

Given no IPv6 shortage and at least some limited benefit in reduced route disaggregation I favor the current policy. Also think sparse /64 allocations to each end user was a smart move because it significantly raise barrier to entry for those attempting scan/spam the entire allocated global space. Also tends to provide freedom to end users to attach whatever they want and maintain E2E across all systems without crappy hacks.

Re:is that math correct?

[hcs_$reboot]

Theoretically that's correct (3.4 × 10^38, including reserved spaces) but since usually half the address is made of the (0-padded) MAC address of the connected device (NIC) which may be customized (e.g. for privacy reason) there is only ~1.7 × 10^19 addresses. Each of them used by a house or an entire company ; should be enough for a long time!

Re:is that math correct?

which undecillion are we talking about here? USA's or GB's?

Great Britain now uses the short scale. There may be a few diehards hanging on to long scale billions, but I can't imagine 1e12 crops up in pub conversations very often, and 1e36 even less so.

Re:is that math correct?

[unixisc]

The GP was dismissive about address exhaustion, but there are not just possible, but plausible reasons why that would happen.

Currently IANA has already allocated a number of /16 blocks to the RIRs, and it's up to them to allocate it as they wish. While ARIN has been assigning blocks like birdseed (the way Jon Postel did in the early days of IPv4) downstream in /48s, RIPE and APNIC have been more conservative, and assigning them in /56 blocks.

The way address exhaustion is likely to occur is not distribution (for obvious reasons) but rather, lending structure to those addresses. While route optimization seems to have been abandoned for now, any good PAM system would prefer there to be structure lent to those addresses. Like, say, 2001:db8:beef:/48 is assigned to an ISP in the Bahamas. They assign it to organizations downstream, which may need to subnet further b/w departments. Like let's say Acme, Inc has 2001:db8:beef:1a00::/56. They then subnet various /60's to various departments, like Finance, Engineering, Marketing, Operations (hope they don't have >16 departments). Let's say Engineering has Product Engineering, Process Engineering, Quality Engineering and so on, and then assigns all of them /64s.

Just hope that none of the above entities - be it departments or so on - exceed the number of subnets at any level, or that would blow up the above address assignment structure. The other option would be to subnet even further to /80 or /96, at which point, one is breaking some IPv6 protocols like SLAAC, ND and I daresay just about all the multicasts

Re:is that math correct?

[unixisc]

MAC address is just one option there in the EAU64, which is just there on computers w/ ethernet interfaces. Other things like tablets, cellphones, et al would have other things that determine what the Interface ID (that's what the lower half of the address is called) would be

Re:is that math correct?

[Dagger2]

You're right that hierarchy in address allocation increases the address space requirements (you could say "wastes" addresses, but they're not wasted, they're being used to reduce routing table fragmentation). But it doesn't follow that v6 exhaustion is actually plausible as a result. v6 is really damn big (for precisely this reason!) and we're only allocating from one /3; over 60% of the total space is outright reserved at the moment.

Your example allocations are all shifted to the right a bit. ISPs are generally getting /32s, companies should be getting /48s, their internal departments could be getting /56s (so they'd need 256 departments before having a problem). But even /32s to ISPs isn't problematically big -- 4 billion ISPs would be a lot, given that there's only 7 billion humans.

Re:is that math correct?

[Dagger2]

An individual IP should be used by one machine. It'd be more useful to track the number of networks/subnets (where each subnet gets a /64). But houses can have more than one network, so they should be getting more like a /56 (with companies getting /48 or so for their bigger networks).

The numbers are still crazy though. 10 million houses per person? We should be able to keep under that.

Re:is that math correct?

[Dagger2]

The correct calculation is 2^(2*2^4) vs 2^(2*2^6))

Re:is that math correct?

[unixisc]

While I do think IPv6 addresses are wasted, I don't think the wastage happens in the global prefix. Rather, it happens in the Interface ID area. 64 bits is way overkill for an interface ID, since no subnet will have anywhere close to even 4 billion nodes, much less 2^64. In the meantime, in the global prefix side, things are squished w/o getting into a hierarchical routing, which would have been a real godsend, had it been implemented.

Yeah, my example probably shifted things, due to my use of documentation's 2001:db8::/32, and your scenario would be the more likely one. Still, I believe that the upper 4 words should have been strictly global prefixes, not including subneting: it should have been used to hierarchically route from IANA to RIR to country to ISP to organization/families/individuals. At a gateway, allow for either a /64 or a /96 (w/ 4 billion subnets), depending on the need. So if a home router needs 2 network addresses for 2 SSIDs, either get 2 /64s or subnet 1 /64 into /96s.

The reason that is given for the 64 bit interface ID is auto-configuration, but that's a lame excuse. First of all, even w/ 64 bits, it's unlikely, but not guaranteed that there won't be an address conflict, and at any rate, there is DAD to resolve that in IPv6. Then, using things like MAC addresses or IMEA numbers to obtain these addresses creates a potential for spoofing agents to deduce a target address, assuming that a network wants those things either hidden, or difficult to find w/o initiating from the user's end. 32 bits would easily have been enough for any subnet - even in the most crowded spot in Guangzhou, I doubt that there would be anything close to 4 billion devices that would be under a subnet, and even if there was, that network would grind to a halt w/o redundant APs, repeaters and other signal enhancing agents. So the IETF could have designed IPv6 to have the first 64 bits strictly the global prefix, then either have a 16:48 or 32:32 split b/w subnets and nodes.

Re: is that math correct?

You have obviously never been left with the bill for a group of Islay lovers.

Re:is that math correct?

[petermgreen]

Currently IANA has already allocated a number of /16 blocks to the RIRs

Actually they allocated them /12s . There are also some smaller older allocations. So currently less than 6 /12s of global unicast space have been allocated.

Currently IANA has already allocated a number of /16 blocks to the RIRs, and it's up to them to allocate it as they wish. While ARIN has been assigning blocks like birdseed (the way Jon Postel did in the early days of IPv4) downstream in /48s, RIPE and APNIC have been more conservative, and assigning them in /56 blocks.

The standard allocation for an ISP is generally a /32, they then suballocate to customers in smaller chunks (/56 is currently considered best practice as a default allocation for small customers).

The way address exhaustion is likely to occur is not distribution (for obvious reasons) but rather, lending structure to those addresses. While route optimization seems to have been abandoned for now

Mainly because the Internet is NOT a network with a strict and static heirachy, it's a network of private companies involved in constantly shifting relationships.

Like let's say Acme, Inc has 2001:db8:beef:1a00::/56.

If Acme is as big as your next sentances imply they should have no trouble getting at least a /48.

Messy internal routing due to poor initial layout may be a slight issue but I would expect it to be much less of a problem with IPv6 than with IPv4.

The other option would be to subnet even further to /80 or /96, at which point, one is breaking some IPv6 protocols like SLAAC, ND

AIUI the actual neighbour solicitation/advertisement parts of ND are independent of subnet size.

SLAAC is indeed broken by nonstandard subnet sizes but DHCPv6 can be used instead.

Re: is that math correct?

[Coren22]

Naa, they skipped 9 because 7 8 9.

Re:is that math correct?

[unixisc]

The subnet size can be anything from 1 to 16 bits, or even more, depending on assignments from the global prefix. But the Interface ID will remain 64 bits. Change that, and ND breaks, RA breaks, DAD breaks....

IPv6 early vulnerabilities proliferate

[ArtemaOne]

I'm really impressed that there have not been a lot more vulnerabilities exploited as IPv6 has grown in popularity. It was common in early supported routers to have all kinds of security on IPv4, but IPv6 was pretty close to wide open due to lack of understanding. With this kind of spread I'm sure the interest will rise soon. I have no doubt a lot of those old routers haven't gotten appropriate updates, and even if they have, the updates haven't been applied.

Re:IPv6 early vulnerabilities proliferate

[Bert64]

Many of the routers with ipv6 support are linux based, the linux ipv6 stack is quite mature already...
V6 also comes with some security improvements that v4 never had, like temporary privacy address and a huge address space - scanning an ipv4 range for targets is commonplace but scanning someone's /64 ipv6 space is impractical.
Also although v6 typically has fully routable addresses, all the consumer oriented routers i've seen block inbound connections by default so it's no worse than the default ipv4 setup with nat and better in many ways.

Re:IPv6 early vulnerabilities proliferate

[ArtemaOne]

Hopefully it is that simple, but most of the early ones I researched just had open tunneling.

Re:IPv6 early vulnerabilities proliferate

[thegarbz]

Routers? The only routers here are high end IPv6 routers used in mobile networks. The majority of cheap home routers are still very much on IPv4 and those who aren't (like myself) have incredibly shit IPv6 support.

Re:IPv6 early vulnerabilities proliferate

[ArtemaOne]

That's my point. IPv6 in home routers is over a decade old, but the support started as terrible implementation.

Re:IPv6 early vulnerabilities proliferate

[thegarbz]

No I didn't make my point clear. IPv6 support in shitty routers is not attacked because it's not used. No one is running around actively scanning for open IPv6 connections, and by far the default configuration even if IPv6 is available is to use the IPv4 (carrier grade NATed) connection first. I have an IPv6 connection, but good luck actually talking to it. In the mean time a browser exploit through an ad network will give you a few millions of hits or so.

Malware is now a industry and follows the rules of capitalism. No one puts effort into something rare that will net a low return. Same with all the bugs in Android that have zero exploits in the wild when social engineering via legit looking apps is much easier.

Re:IPv6 early vulnerabilities proliferate

[ArtemaOne]

And that's why I'm suggesting that the proliferation of it will make it a sweeter pot. I know there are far better vulnerabilities, but the obscurity is going away.

Re:IPv6 early vulnerabilities proliferate

[sjames]

You'll still see intrinsic difficulties that aren't there for V4. For example, if I set my AP wide open, you'll have all kinds of fun finding the 5 out of 4 billion addresses in my prefix that have anything on them.

I suspect malware will continue more or less as is in the form of drive bys and trojans. v4 or v6 won't matter much. The router won't matter much.

Re:IPv6 early vulnerabilities proliferate

Here, we see different types of attacks, depending on the IP version used. IPv4 gets complete coverage from ports 0-65535, in that all addresses get syn packets for all ports. IPv6 has almost all addresses get syn packets for ports from 1-1400 or so, 8000-8200, a couple of other ranges, well-known ports, pattern ports (54321, 40404, 13524) and exploits of the week (such as redis has a vulnerably announced so 6379 gets scanned for a few weeks afterward). Almost no ports over 50,000 are scanned on the IPv6 network. Sometime I should ask my boss if I could take the data from a year or the like and graph it.

Re:IPv6 early vulnerabilities proliferate

[unixisc]

An attack vector would have to penetrate 2^64 addresses (not 2^32). Assuming that once it gets past a firewall, it does a multicast to all nodes in the network (since there are no broadcasts in IPv6). But 2^64 is still 4 billion times more difficult to penetrate than the entire IPv4 internet

Re:IPv6 early vulnerabilities proliferate

[WaffleMonster]

You'll still see intrinsic difficulties that aren't there for V4. For example, if I set my AP wide open, you'll have all kinds of fun finding the 5 out of 4 billion addresses in my prefix that have anything on them.

There are some new problems that didn't exist before too. Using the example above one of them is now external actors spamming a /64 results in ND broadcast transmissions of router asking network if anyone matching spammers request is home. Given /64 is essentially infinite for purposes of response caching this can negatively affect available bandwidth between systems on switched networks and eat away at batteries of mobile devices connected via wireless Ethernet.

Re:IPv6 early vulnerabilities proliferate

[sjames]

True, but easily defeated at the firewall.

Re:IPv6 early vulnerabilities proliferate

[thegarbz]

And that's why I'm suggesting that the proliferation of it will make it a sweeter pot

That was the second part of my point. The proliferation that we're seeing now is not new home networks but rather carrier grade routers in mobile towers used to cope with 1.5 billion smart phones that have been added.

One would hope that someone with a brain programmed the IPv6 implementation on those rather than the lowest cost H1B import from India that seems to be in charge of home routers.

Not progress

[thegarbz]

This isn't progress at all. We've done little to nothing to move people to IPv6. The only problem is that we've run out of addresses and the easy solution to adding millions of smartphones was IPv6. The majority of home connections are still IPv4 and the majority of ISPs still only offer this.

As is true with all human nature where a profit centre is involved, we won't make "progress" until we're absolutely forced to.

Re:Not progress

[Tim+the+Gecko]

There has been quite a lot of progress in residential broadband too. The "Networks" tab of Akamai's IP adoption visualization page shows Comcast at 44%, TWC at 22%, and Sky Broadband at 53.5%, alongside the mobile carriers moving to IPv6.

The smartphone migration is also progress as it has helped to remove the old chicken-and-egg problem for IPv6. Why should websites take the effort to support IPv6 when the eyeballs aren't there? Well now the IPv6 eyeballs are there, and there's a lot of content for them: Google, Facebook, Wikipedia, Akamai, etc.

Re:Not progress

[unixisc]

It is a good first step, however. Everybody was never gonna move to IPv6 at the same time, so it's good that the carriers - the main area where the growth has been - have adapted them in such a big way.

As far as the broadband providers go, they do need to get moving. At Comcast, I have IPv6 at work - the Comcast Business (from my look at it, it seems to be dual stack lite or maybe dual stack - when I run IPconfig, I don't get a public IPv4 address) but at home, there is no IPv6. The default settings on the computers seems to be to get the IP addresses automatically on both IPv4 and IPv6, so that could come automatically.

But Comcast has been ahead of the curve in this department. Last time I looked, both Charter & TWC had pages about IPv6, but were nowhere near that. They need to get moving. All client devices are now IPv6 capable: there is no reason why IPv6 can't be laid out on the underlying infrastructure and made the default Layer 3 protocol. The websites and services can follow the moment that it's all there.

Cox HSI...

Said they were going to start rolling out IPV6 a couple years ago. I just checked the cable modem... Modem's IP Mode:IPv4 Only

Re:Cox HSI...

[kb7oeb]

I have cox in Phoenix and have IPv6. The modem will say that even if IPv6 is working. That message is related to how cox manages the modem, it has no impact on bridging IPv6 to your router. You also have to make sure your router is configured to pull IPv6 the way cox wants or it won't work. (It's been a year since I got it working and don't remember the specifics now).

Re:Cox HSI...

[LVSlushdat]

I have Cox HSI in Las Vegas. Prior to Cox turning their native ipv6 on a few months ago, I had a Hurricane Electric 6to4 tunnel. When Cox enabled ipv6 here, I tried 5 different times to switch to their DHCP6-PD configuration. The connection would work fine for a few days, then I'd lose v6 connectivity. Usually a reboot of the router would bring it back for a while, it would drop out again.. I tried pinging their tech-support but their first-line support is totally useless for advanced issues like this, and they balk at escalating to tier2. I finally said "fuck it" and went back to the HE tunnel, which *just works* ......

We shouldn't be proud of this

[davidwr]

We should've reached this level years ago and should've been well past 90% already, assuming you limit yourselves to people with IPv6-capable phones trying to connect to IPv6-capable destinations.

Any phone newer than 3-4 years old should be IPv6-capable.

Oh well, better late than never.

Re:We shouldn't be proud of this

[darkain]

But it is a two-way street. it isn't just about the phone being able to route v6, it is also about destinations being v6 as well. So in reality, this is more about destinations than the carriers themselves (which at least tmo has had v6 enabled this entire time for years now)

Re:We shouldn't be proud of this

[davidwr]

it is also about destinations being v6 as well.

From the way I read it, they are only counting traffic to destinations that are IPv6-capable.

Grey Goo Limit

[Ungrounded+Lightning]

I recall a joke scenario from a couple years ago:

Earth is in the throws of a Nanotech Grey Goo scenario. The microscopic self-replicating robots have converted about half the planet to more of themselves. And then they stop. The few surviving humans, observing from space, are puzzled.

Zoom in. Thought balloon from the mass of Grey Goo: "Damn! We shouldn't have stuck with IPV6. We've run out of addresses!"

Re:Grey Goo Limit

You recall xkcd 865.

Re:Grey Goo Limit

[Ungrounded+Lightning]

You recall xkcd 865.

Yep, that's it. Thanks.

There are 5 trillion /56 blocks

[raymorris]

IPv6 has five TRILLION /56 blocks.

There are enough /64 to give every person on earth 2,635,249,153 of them.

128 bits allows for HUGE numbers.

Long ago, when we were developing IPv6, I was part of the group who argued for 128 bit addresses rather than 64 bit. I've decided I was wrong. 64 bits would have been more than enough, and could be processed on 64-bit processors, in standard databases, without hassle. Since my side won the argument, we have 128-bit addresses, which are so big they are a pain in the ass in Microsoft SQL Server and elsewhere.

Re:There are 5 trillion /56 blocks

[flargleblarg]

The woes of MicroSoft SQL Server should not be dictating the future. I, for one, am very glad that you argued in favor of 128-bit addresses.

Re: There are 5 trillion /56 blocks

Thanks for admitting the error of your ways. Most would never do that. For the record I don't think you were wrong then or wrong now, most of the time tech evolves in to the best tool for the job. You proposed a solution and it seems to work for at least the mobile case. Maybe we have to develop something else for other cases but As much as I lack the same comprehension of v6 that I have with v4, we would have never gotten mobile to the point it is now without it or a huge mess of hacks.

Maybe it's not the right tool for every job but then again at a higher level neither is smb/cifs or nfs or ftp.

You designe a tool, it has a usage. Maybe it could be better but as much as it annoys me so does running out of address space.

Re:There are 5 trillion /56 blocks

[thegarbz]

and could be processed on 64-bit processors, in standard databases

It may surprise you that 64bit processors don't limit your ability to work with numbers higher than that.

Okay you knew that already but the world is built around needs and use cases. The use case for 64bit processors came out of memory limits just like the use case for increasing the IP addresses came out of its limits too. If you need a 128bit processing ASIC to get the performance you require then they will appear on the market, just like bitcoin number crunchers did.

The world is full of applications inherently larger than systems that process them. Even in the cheapest end of the spectrum 8bit microcontrollers have 16+ bit functions inside them. No one argues "we can't put a 16bit timer on this $0.50 chip because it only has an 8bit instruction set". Likewise it's absolutely absurd to complain about 128bit address spaces, especially since in 1998 when IPv6 was standardised we didn't have 64bit processors in general circulation.

Re:There are 5 trillion /56 blocks

[Antique+Geekmeister]

> It may surprise you that 64bit processors don't limit your ability to work with numbers higher than that.

Larger numbers create an additional storage, memory, and data access cost at some very deep layers of the stack. That cost is, in fact, a profound limit on the ability of network software, and hardware, to operate under load.

Re:There are 5 trillion /56 blocks

I don't know much about this some sort stuff.

I think I recall that one June Google turned on IPv6, Google searches stopped working one of my computers until I recalled that I had it turned on, and needed to disable IPv6. Don't know why it won't work, but not worth the hassle in fixing.

Legacy hardware is a concern. I mean consumer as well as commercial. The software on my XP machine may not be IPv6 compatible. And I may not want to upgrade said software due to various issues involved with newer versions of said software.

My Linksys CIT400 phone I use for Skype, I'm sure isn't IPv6 compatible. Although, no idea if Microsoft is killing it off in 2017 anyway. Hope it continues to work.

IPv6 is great for smartphones, which clears up much needed IPv4 or so I hope, for those who need it.

I think 64-bit would have been better. 2^8. Something like...
We'd have eight sets of 256.
And each end user would be assigned /56 block if I'm using that term correctly.
I don't know, maybe 190.0.0.0.0.0.0.0/8 would be for the public Internet, and 190.1.0.0.0.0.0.0/16 through 190.255.0.0.0.0.0.0/16 would be assigned to established countries at the time, with any splits or new countries having to share what was originally given to them. So the USA might get 190.1.0.0.0.0.0.0/16 giving it 281 trillion addresses, or about a trillion addresses with each end user getting a /56 block.

Is the Microsoft SQL Server thing the only reason why you think 64-bit would have been better?

Re:There are 5 trillion /56 blocks

[thegarbz]

Larger numbers create an additional storage, memory, and data access cost at some very deep layers of the stack.

All of which is offset by being able to intelligently route by using larger blocks. One of the fundamental problems right now is that routing tables are huge and growing exponentially not due to an increase in the number of devices, but a fragmentation of address space.

Re:There are 5 trillion /56 blocks

[Pentium100]

So, IPv6 does not support private ASs and (more importantly) addresses owned by private companies?

Currently, the company I work for has its own AS and its own IPv4 subnet. We can use whatever ISP we want and still keep our IPs (we use two ISPs for redundancy and are able to change the ISPs to new ones if we need to). Would this be not possible with IPv6?

Re:There are 5 trillion /56 blocks

[marka63]

And the company continues to use that AS with IPv6. AS's are independent of IPv4 and IPv6.

Your company should just request a /48 per site from the RIR's. You already qualify for IPv4 so you qualify for IPv6. The cost is max(IPv4 cost, IPv6 cost).

Re:There are 5 trillion /56 blocks

[unixisc]

IPv6 has five TRILLION /56 blocks.

There are enough /64 to give every person on earth 2,635,249,153 of them.

128 bits allows for HUGE numbers.

Long ago, when we were developing IPv6, I was part of the group who argued for 128 bit addresses rather than 64 bit. I've decided I was wrong. 64 bits would have been more than enough, and could be processed on 64-bit processors, in standard databases, without hassle. Since my side won the argument, we have 128-bit addresses, which are so big they are a pain in the ass in Microsoft SQL Server and elsewhere.

You made the right call!

64-bit addresses would have made sense only if the idea had been to just physically extend the addresses, as opposed to starting from scratch given everything that had been learned about networking in the previous decades. 128 bits make sense not b'cos of any physical limitation, but rather, numeric structural ones. As I discussed elsewhere, once one tries packing hierarchical meanings into the addresses, they either have to grow, or be grotesquely complicated.

The 64:64 split I do not agree w/. There is no subnet in the world that could come close to handling 4 billion nodes simultaneously. Autoconfiguration does not guarantee uniqueness no matter how big the number - it just improves the odds. A 96:32 split would have made more sense, w/ ISPs having the prerogative of either giving the subscriber 32 bits of subneting or 16. In the latter case, the ISP could use the extra 16 bits (bit 64-80) to pack in more hierarchy.

That said, your databases need not handle 128 bit addresses, since IPv6 addresses are coupled addresses of Global Prefixes and Interface IDs, w/ a variable number of subnets.

Re:There are 5 trillion /56 blocks

[unixisc]

Do you use your IPv4 addresses in conjunction w/ NAT? If yes, Marka's suggestion above is right - you can get a /48 or /56, and that gives you 65536 or 256 subnets for your organization. And if you use IPv4 NAT for load balancing, you can use IPv6 NPT for the same reason, and just get 2 separate /64s from each of your ISPs.

Re:There are 5 trillion /56 blocks

[Antique+Geekmeister]

You mean a non-routable address space for internal use only, becuase your IP addresses are really no one else's business? See http://www.networkworld.com/ar... and a dozen other articles like it about private IPv6 address spaces.

Re:There are 5 trillion /56 blocks

[Pentium100]

IPv4 sometimes with NAT. Some servers have public IPs some have private IPs.

Re:There are 5 trillion /56 blocks

[shalomsky]

And, the smallest subnet they are giving out now is a /64? so "only" 2^64 of those. Good or bad?

Re:There are 5 trillion /56 blocks

[shalomsky]

So... time for the world's first 128 bit CPU? Dedicated to routers? Measured in packets routed per second or something like that? But there was some game console that had a 128 bit GPU, I seem to recall.

In the meantime Canada ISPs are behind

[Midnight+Thunder]

Still frustrated that the ISPs in Canada are still lagging on getting IPv6. The biggest failing ISP is Bell, with no publicly announced plans.

There has been the "Call Your ISP for IPv6" campaign by the guys over at Sixxs:

https://www.sixxs.net/wiki/Cal...

Re: In the meantime Canada ISPs are behind

Canada only requires a /16 for everyone, quit being greedy!

Re:In the meantime Canada ISPs are behind

[c-A-d]

Telus is offering native ipv6 as well. Teksavvy, by extension, is also offering native IPv6 when using Telus as the carrier. Shaw is still stuck in ipv4 land though, which prevents Teksavvy from offering ipv6 on those links.

Re: In the meantime Canada ISPs are behind

[c-A-d]

We have more land per person in the world, why shouldn't we also have more IP addresses per person?

Re:In the meantime Canada ISPs are behind

[unixisc]

This story was more about cellular carriers rather than ISPs: even in the US, ISPs are really pathetic in terms of IPv6 support. How are Canadian cellular carriers, like Rogers, in terms of IPv6 support?

Re: In the meantime Canada ISPs are behind

It's coming very soon...

Re:In the meantime Canada ISPs are behind

[tlhIngan]

This story was more about cellular carriers rather than ISPs: even in the US, ISPs are really pathetic in terms of IPv6 support. How are Canadian cellular carriers, like Rogers, in terms of IPv6 support?

Which isn't surprising, actually, because I believe LTE, besides eliminating pure voice support (LTE is data-only), LTE also has NO support for IPv4. That's right, LTE is forward-facing and IPv6 only. Of course, most people want to hit IPv4 sites, so there are mechanisms that get you over - like IPv5 to IPv4 translators. Since it's mobile, those translators are a really fancy form of carrier grade NAT as well, since few expect full end to end connectivity.

Re: In the meantime Canada ISPs are behind

LTE supports IPv4 just fine, I think you are referring to Voice over LTE (VoLTE)? Having said that, expect the major carriers to go IPv6 only for devices that support clat/plat (aka 464XLAT) and DNS64/NAT64 and remain dual stacked for those that do not. This is due to shortages of IPv4 address space with the sheer number of connected clients. Mobile will be the driver of provider IPv6 for sure and I think the snowball will start gathering momentum quite quickly.

Re:In the meantime Canada ISPs are behind

[Midnight+Thunder]

This story was more about cellular carriers rather than ISPs: even in the US, ISPs are really pathetic in terms of IPv6 support. How are Canadian cellular carriers, like Rogers, in terms of IPv6 support?

Non-existant. They don't even know what IPv6 is. In the US there is already a move and while some may be dual stack, they are ultimately going pure IPv6 with NAT64 and DNS64, for performance reasons. This is part of the reason Apple required iOS apps to be IPv6 capable to be in the App Store.

Re:In the meantime Canada ISPs are behind

[unixisc]

Apple's reason could also be that the LTE spec mandates IPv6, and the iPhone depends on the network being LTE

Internet royalty walks among us

[destinyland]

I just think it's cool that the Internet Society's Dan York is posting to Slashdot (and has a six-digit UID).

Re:Internet royalty walks among us

six-digit UID

The noob.

Human

[backslashdot]

Unfortunately, and as far as I can tell, I am either a human or a holographic projection with limited storage capacity. I need IPv4 cause I can't memorize an IPv6 address. Seriously, who can remember an address like 2001:0db8:0a0b:12f0:0000:0000:0000:0001 .. you have got to be kidding me

Re:Human

Name: www.sprint.net
Address: 2600::

Name: ns1.sprintlink.net
Address: 2600::1

Name: ns2.sprintlink.net
Address: 2600::2

Are envious of Sprint yet?

Re:Human

[Dagger2]

Have you actually used v6? It's not really that hard. For starters, that address is 2001:db8:a0b:12f0::1. (Why did you write it with all the extra zeros?) Secondly, let's compare the v6 case with the inevitably-NATed v4 case:

2001:db8:a0b:12f0::1
vs
192.0.2.215+192.168.189.1

So, v6 is shorter. If you have trouble memorizing v6, then you should be having even more trouble with v4.

I'd also like to introduce to this wonderful thing called DNS that eliminates the need to remember most addresses. It's a pretty mature tech by now, is supported by most programs and I strongly suggest you start using it. It'll make your life easier.

Re:Human

No idea what you're trying to achieve with your IPv4 plus sign there. 2 separate addresses? You remember them as 2 separate addresses, depending on which side of the NAT you're on.

Try memorising a SLAAC address or any other autoconf.
Try building out an infrastructure provider PD hierarchy and other address management systems.
Now convert your management VRFs and interfaces to IPv6, which can't rely on central auto configuration or NMC suites to push config. You're going to want to remember how to ssh to these devices if provisioning fucks up.

I class IPv6 as "annoying" - there's a far bigger address space, many more rules/restrictions and tools you have to work with aren't anywhere near as polished as those for IPv4. The array of address assignment mechanisms for starters, the parts meant to make things easier, don't.

Re:Human

[Dagger2]

No idea what you're trying to achieve with your IPv4 plus sign there. 2 separate addresses? You remember them as 2 separate addresses, depending on which side of the NAT you're on.

One on either side of the NAT, yes. And v6 is basically the same: it's the prefix (2001:db8:a0b:) plus the subnet and host (12f0::1).

Try memorising a SLAAC address or any other autoconf.

Yeah, obviously you don't do that. This is what DNS is for.

Try building out an infrastructure provider PD hierarchy [...]

Ultimately, it doesn't matter what you want here. v4 is too small for the internet, v6 is the replacement. As an ISP it's your job to deal with it. And it won't be as bad as you think it is.

Re:Human

[unixisc]

IP addresses - whether IPv4 or IPv6 - are for digital networks, not humans. If they were human, we'd be using things like 123 Elm Street. Using IPv4 is like trying to use just the names Todd and Tammy for a group of 10 guys & 10 gals. IPv6 blows it up to 1000,000 names of which 20 can be given to the above population, w/ the remaining 999,980 left for others.

Re:Human

Name: www.sprint.com
Address: 2600::aaaa

Name: ipv6.sprint.com
Address: 2600::ffff

Wastage

[backslashdot]

What's clear is that huge swaths of the address space will be wasted by being bought up, monopolized, misallocated, and overused. I expect us to functionally exhaust the IPv6 space within a decade or two.

Re:Wastage

What's clear is that huge swaths of the address space will be wasted by being bought up, monopolized, misallocated, and overused. I expect us to functionally exhaust the IPv6 space within a decade or two.

You could do that and still only touch a tiny fraction of the address space. So that won't happen.

Re:Wastage

[backslashdot]

Really? it's _already_ happening.

For example sprint owns 2600:: - 2600:7:ffff:ffff:ffff:ffff:ffff:ffff ..which means they own billions of trillions of addresses .. to be clear .. sprint owns 633,825,300,114,114,700,748,351,602,688 ipv6 addresses. They don't have that many customers. Sprint is just one example. Similarly there will be a few hundred ISPs that will grab vast amounts of the address space an sub-allocate the addresses over-generously. It's not exactly easy to take it back especially if the numbers are address randomly. Sprint isn't going to want to give back chunks of the space since it would mean having to reconfigure servers that may have been in those chunks.

Re:Wastage

Yeah but this is Sprint we're talking about, Sprint is a major carrier with aspirations of buying out the others and becoming the number one monopoly. Remember the good old days when Bolt, Beranek and Newman owned half the Internet? Clearly BBN were a big deal and they deserved it.

Re:Wastage

[Tim+the+Gecko]

1. Sprint, a major ISP, has 2600::/29 - two billionths of the possible IPv6 addresses

2. ????

3. We're doomed! Somehow.

You should show your math for running out in 20 years. That takes a lot of /29s (five hundred million). Also remember that end users can get a /48, which is 524,288 times smaller than a /29, or /56, 256 times smaller again.

Re:Wastage

[Dagger2]

v6 has a lot of addresses. There's no point counting the IP addresses somebody has, because the answer is always "too many". And surely that's a good thing? Would you rather people had too few addresses instead?

Sprint's block is not overly generous -- in terms of overall consumption of the v6 space it's like allocating them 8 IPs in v4 space, to cover 60 million customers. We'll be fine, and even if we aren't and we somehow manage to run out of space in 2000::/3, we can break into the 5 other reserved /3 blocks using tighter allocation policies, so we do have a backup plan.

If you still disagree with me, show us the math. Try and make a reasonable argument for us running out, that doesn't boil down to "well we ran out in v4 so clearly the same must happen in v6".

Re:Wastage

[unixisc]

The range of what's been allocated has been cleanly shown on IANA's site. 2400 is assigned to APNIC, 2600 to ARIN, 2800 to LACNIC, 2a00 to RIPE and 2c00 to ARFINIC.

So it's ARIN that has 2600::/12, and they allocate downstream. From that box, Sprint has been given something lesser i.e. the number you see after the / for Sprint would have to be something above 12.

So whatever number you see after the / - let's say it was /24, subtract that number from 64, since the bottom 64 addresses are the Interface ID (yeah, that's wasted, but that's another argument that I spelled out in another post above). Then Sprint actually has 64-24, or 40 addresses. 2^40 is 1 trillion entities, be it people, networks, or any number of combinations. Each of these trillion entities would contain a subnet of 2^64.

Sprint would assign them based on geography to its various regions, where they could get split into something in between. Let's say, within 32 regions (clubbing some sparsely populated states together), they broke it down and assigned /29 to every one. That would still give them 8 billion addresses. Say they divided them b/w counties, cities and organizations within these boundaries, and those ultimately ended up giving everybody /48s. That would be 2^19, or 524,228 entities that would be distributing everyone 2^48 addresses for not just every subnet, but to support 65,536 subnets.

Get with it cloud providers. And network providers

[Average]

Every time I see a "new big features" announcement from the big 3-5 cloud vendors (AWS, Google, Azure, etc). I keep hoping that one or the other is going to really buy in to IPv6. And I keep being disappointed.

There are some ways to get them playing moderately nicely with IPv6 (especially if you're buying load-balancing services from them), but most of their networks are IPv4 internal-routing subnets.

Meanwhile, the middle range VM places (Linode, DigitalOcean, etc) are far more IPv6 friendly. My understanding is that is because they use standard commercial networking gear. While the biggest clouds (AWS, Google, etc) have totally custom network stacks which trade affordable performance for full feature sets.

Between the cloud vendors poorly supporting IPv6 and insanity like the Cogent-v-Hurricane split of the IPv6 internet (holy crud... it's SEVEN years now since Hurricane baked Cogent that cake begging them to peer with the world's largest IPv6 network... and it's still broken), it's amazing IPv6 has as much traffic as it does.

Re:idiot, not human

> IDIOT

> someone should teach you about DNS, or even /etc/hosts

Then can I teach you about "who broke the DNS server? Crap, what was its IP address!!!! Aiieeee!!!!!"

Re:Get with it cloud providers. And network provid

[Antique+Geekmeister]

> 's amazing IPv6 has as much traffic as it does.

It's really not been necessary. I've not seen a single business or service provider failing to find, or provide for its customers, some IPv4 space to host their services, even if it's a name based proxy. Can you think of or find a single commercial service whose IP addresses are only IPv6, without any accompanying IPv4?

IPv6 is the way to go

Remembering the IP addys is easy if you NAT with systemd.

IPv6 deployment is not a switchover

[Morgaine]

We've done little to nothing to move people to IPv6. .... The majority of home connections are still IPv4 and the majority of ISPs still only offer this.

What you say is not wrong, but many people will interpret it incorrectly as suggesting that there is a "switchover" from IPv4 involved. That's not how IPv6 was designed and planned at all. IPv6 was designed right from the start to run alongside IPv4, and "migration" or "transition" are poor words for what will mainly be an expansion of IPv6 use, and it may have very little early effect on IPv4.

Nothing will stop IPv4 from continuing to run other than the failure of old IPv4-only equipment and its replacement by IPv6-only gear, which will be uncommon (most replacements will be dual stack). IPv4 is quite likely to remain with us for many decades ahead, even if consumer ISPs cut it off earlier to save costs. IPv6 adoption may not even decrease IPv4 usage much at all, with the full 32 bits of IPv4 address space continuing to be used right up until the bitter end until it's stopped wholesale simply out of embarrassment. But that would be a long way off.

Short version: IPv6 merely expands IP use. It will be seen as a (very drawn-out) "switchover" only by individual users as their communication involves more and more IPv6, because single users don't scale. But on the Internet as a whole the rising adoption of IPv6 doesn't require a decrease in IPv4 use at all.

It is NOT a zero-sum game, but a growth of IP because the IPv4 bucket is too small.

Re:IPv6 deployment is not a switchover

[bromoseltzer]

I understand that the changeover from 4 to 6 has to be gradual, and I suppose the fact that all the new cellphones are using IPv6 is significant. Still, I wonder if we will ever be able to shut off IPv4 in home installations -- or on phones. Realistically, we can't do it until every server out there supports IPv6.

With Comcast service, I am now fully dual stack, and it's nice to see more of my traffic using IPv6. But there have to be extra overhead and security issues when running two IP systems compared to pure IPv6. Many or most of the services I use are still IPv4 only, e.g. Slashdot.

Re:IPv6 deployment is not a switchover

[Dagger2]

You can mostly run a NAT64+DNS64 network with no native v4 right now -- the only problem with it is v4-only client software (not v4-only servers). And even that could be fixed by client OS support for 464XLAT or some sort of automatic mapping of v4 sockets into a v6 prefix (which is something that everything should've supported years ago but unfortunately doesn't look like it's ever going to happen).

Re:IPv6 deployment is not a switchover

[thegarbz]

That's not how IPv6 was designed and planned at all. IPv6 was designed right from the start to run alongside IPv4, and "migration" or "transition" are poor words for what will mainly be an expansion of IPv6 use, and it may have very little early effect on IPv4.

Indeed. My point is that IPv6 is now legally old enough to vote in the USA and yet the most recent router I received from my ISP still doesn't have support. Based on the useful life of even industrial grade gear the entire world should be at IPv6 by now.

Instead we've done little. A crumb or two here and there, and a growth so slow and painful that it makes you wonder if it's actually moving at all. In the mean time all those lovely adoption figures are for new technologies like the mobile market where someone with a profit motive cares about IPv6, not someone rolling out a cheap Chinese home router and putting your home internet connection behind carrier grade NAT breaking the internet in ways more real than Kim Kardashian's butt ever will.

Re: idiot, not human

Rule #1, don't use DNS for critical infrastructure hostname address resolution. Rule #2, don't hardcode IPs anywhere except in your name resolution implementation. Rule #3, don't hire morons like the previous poster to manage your network and servers.

Re:Get with it cloud providers. And network provid

[Dagger2]

That's because those businesses are paying extra money to continue to support v4 -- which is of course being passed straight on to their customers.

Would you rather have waited until companies were being bankrupted by the need for v4 support until we did anything about it? (Because it sure seems like a lot of people would...)

Could have avoided this crap if not for politics

http://bill.herrin.us/network/ipxl.html

Re:Could have avoided this crap if not for politic

http://town.hall.org/trendy/sipp/sipp-main.html

Re:idiot, not human

[Dagger2]

Check `ipconfig /all`. Or I can tell you it's 2001:db8:420::53 because you deliberately picked a short address for it, because why would you pick something long and unrememberable like 2001:db8:420:f4ca:c6fb:d174:620e:37f9 for the one specific machine that you have to remember the IP for?

Which US ISPs?

[Sycraft-fu]

Cox is dual-stack on their entire network. Comcast is likewise. Time Warner is about 90% done with IPv6 on their network. That most of the US's cable providers right there, with Charter being the only major that doesn't have IPv6 yet and they are working on it actively.

Not every ISP has it, of course, when you count DSL CLECs, dial up, and so on there are literally thousands of ISPs in the US. However it seems that most of the major cable providers do, and combined those guys serve a massive part of the US population.

In fact, have a look at Google's IPv6 adoption map: https://www.google.com/intl/en.... Looks like the US is doing pretty good. Not only is adoption high compared to most countries, but it works well.

Also remember that IPv6 adoption is more than just ISPs getting it. It needs end-to-end support in that users have to get IPv6 capable routers and devices, and have it enabled.

Re:Which US ISPs?

[unixisc]

I have Comcast. Like I said above, at work, we have a Dual-Stack Lite or a Dual-Stack setup from Comcast Business. But at home, I don't have IPv6. I'm talking about the defaults Comcast gave, w/o me saying a word.

I had Charter in Atlanta a year ago, and TWC in Charlotte a year before that. Both of them had pages that described IPv6, but vaguely spoke about their plans. But in both these cases, I tested IPv6, and got it on neither. If TWC has it, it has to be more recent: it certainly wasn't there in 2014.

As far as users go, users get whatever the ISPs either give them, or tell them to get. Very few are the /. type who want to know whether the firmware is DD-WRT or OpenWRT or whatever. So ISPs just need to certify only routers that have IPv6 support in the first place, and then tell customers to get those, or give them to customers. Here w/ Comcast, they even suggested that I get a cable modem myself separately after checking their website for the supported ones. And the more newbie types would probably pay a rent for a modem, in which case the ISP gives them what it wants.

Re:Which US ISPs?

[Sycraft-fu]

I can't speak authoritatively to Comcast, not having it, but everything I see says they have dual-stack on their entire residential network. Have you tried it? You have to set up DHCP-PD on your router (that is how most ISPs are doing it) and they should give you a prefix that your devices can use.

What do you mean?

[Sycraft-fu]

What kind of vulnerabilities do you think would exist in IPv6, but not IPv4?

Re:What do you mean?

[ArtemaOne]

Early router implementations of it showed a large list of security measures for IPv4, but IPv6 generally was just a on/off. I'm not suggesting the flaw is in the stack, but in the 2005-2010 era routers that allowed IPv6 traffic.

What the fuck are you whining about?

[Sycraft-fu]

What do you mean we've done nothing to move people to IPv6? Do you think it is magic? Do you think we just wave a wand and people are on v6? No, what it takes is rolling out support on the OS, router, ISP, and so on. That has been happening, lots. Have a look at Google's IPv6 chart: https://www.google.com/intl/en... what you see is exponential growth happening. This is actual IPv6 connections as well, Google is counting the percentage of people hitting their site with v6, which means an end-to-end connection.

Oh and ISPs have indeed been making IPv6 available to home users, wouldn't see that graph otherwise. For US cable providers Comcast is dual stack on their whole network, Time Warner is on about 90% of it, and Cox is on all of it. That's a whole lot of the US population. This isn't theoretical support either or "Oh call us and maybe we'll turn it on," it is live, on the network, and working now. On my Cox connection all I had to do was tell my router to get itself a prefix and go. My connections to Google, Netflix, and anyone else who supports v6 go out over it.

You don't "move" people to v6 as in force them on to it and turn off v4. Rather you make it available, and chosen by default, which is precisely is what is going on. When the device supports it (Linux including Android and Windows are both dual stack and prefer v6, not sure about OS-X), the router supports it, and the network supports it you are good to go.

Re:What the fuck are you whining about?

[thegarbz]

What do you mean we've done nothing to move people to IPv6? Do you think it is magic?

Yes. It should have been magic. IPv6 is now 18 years old. Think about that for a moment. You could have had a child and raised him to an eligible voter in the time IPv6 has been around. How many routers did you replace in that time? 3? 5? I probably would have gone through around 4 with my jumping between ISPs. The most recent of which was last year. Guess what my router does NOT support.

That has been happening, lots. Have a look at Google's IPv6 chart: https://www.google.com/intl/en... [google.com] what you see is exponential growth happening.

And thus you missed my point. People haven't been moved to IPv6. People have been given new devices on new networks which have defaulted to IPv6 due to the lack of available IPv4 address space, and due to new deployments being an easy target. 4 of the 6 devices in my house have IPv6. None of them on my brand spanking new 200mbps internet connection. Call most ISPs and ask about IPv6, and they'll either ask why or move you to a business package.

You don't "move" people to v6 as in force them on to it and turn off v4. Rather you make it available, and chosen by default, which is precisely is what is going on.

Yes that is exactly the approach you take. No that's not what's going on. Based on the service life of industrial routers the entire internet should be on IPv6 by now. Instead we're still rolling out devices which lack support. This is NOT progress.

Re:What the fuck are you whining about?

[Sycraft-fu]

No, that's not the approach you take. If you think it is, well you need to grow up. You don't cause massive compatibility problems and huge disruptions just for the fun of it. Instead, you do things as smoothly as possible. There is no need to rush out IPv6, it isn't like the world will blow up. IPv4 works, and will continue to work.

You thinking that implementing something like this on a worldwide scale being cheap, easy or quick just shows a massive lack of experience and perspective.

Re:What the fuck are you whining about?

[thegarbz]

What the fuck are you talking about. I was agreeing with your last point, just pointing out that it isn't actually happening.

equipment...

[johnjones]

IPv6 often is faster to address and has been better monitored however

end user equipment that route's is lacking for example google OnHub is not IPv6 compliant
( https://on.google.com/hub/ )

whats the process for certification ?

thanks

John Jones

Luddite

I class IPv6 as "annoying" - there's a far bigger address space, many more rules/restrictions and tools you have to work with aren't anywhere near as polished as those for IPv4. The array of address assignment mechanisms for starters, the parts meant to make things easier, don't.

You stubbornly object to learning new tools, refuse to keep your skills up, and ... you're fired. This bright eyed brown skinned woman will replace you. Ordinarily you'd be expected to train her, but it's clear your knowledge is so far out of date that you're totally fucking worthless. Security will escort you out now. Bye!!

Re:Get with it cloud providers. And network provid

The big cloud providers are staying away from IPv6 for business motives. Why should they use IPv6? There is no reason. Why collecting as much IPv4 space as possible they effectively make it impossible for competitors to enter the market.

Re:idiot, not human

[drinkypoo]

Check `ipconfig /all`.

Your servers run windows?

Your servers use DHCP? I mean, some of them, yes. But some of them... no

Re:idiot, not human

[Dagger2]

No, I just figured that GP probably did, since any Linux sysadmin should already know how to look up which resolvers their system is using.

DHCP seems somewhat orthogonal here.

Re: IPv6 address space math:

FYI 10^19 is not twice as large at 10^9. It's 10^10 times as large. Try multiplying 4x10^9 by 2 and see if you get a number with 19 digits.

Bad really bad for tech.

They should have just added another quad 192.168.0.1.192
Or 1921.1681.0.1921

Or even moved to token and skipped ip all together.

Re:Get with it cloud providers. And network provid

[petermgreen]

insanity like the Cogent-v-Hurricane split of the IPv6 internet (holy crud... it's SEVEN years now since Hurricane baked Cogent that cake begging them to peer with the world's largest IPv6 network... and it's still broken),

It's irritating that those companies care more about interconnection politics than about serving their customers but I don't think it's that important in the grand scheme of things. Decent hosting providers are usually multihomed and thus reachable from both HE and Cogent.

64 allows 2 billion IPs per person. 2GB limits

[raymorris]

> Is the Microsoft SQL Server thing the only reason why you think 64-bit would have been better?

SQL server is one example that 64-bit software, on 64-bit computers, natively handles 64-bit numbers, while 128 bit requires gymnastics.

Generally, I think 64 bits would have been more than enough. It would have allowed us to assign 2 billion addresses to each person. :) Not that we'd actually do that, obviously. We would have done perhaps 256 addresses (8 bits) for most end users, while reserving 80%-90% of the address space for future addressing plans. As you said, we using only 190.0.0.0.0.0.0.0/8 (or even 0:0:0/16) would have been plenty for the next 40-200 years.

At the time, we were running into 2GB limits on RAM on Windows disk sizes, and I predicted that the 2TB limit on MBR partitions would be a problem soon. Getting rid of MBR and switching to GPT has in fact been painful. I wanted to go ridiculously big with IPs so we'd never run into a similar problem.

A compromise position would have been to define them as 128 bits, and reserve everything but 0/64 for later use - so all addresses in use would start with 64 zero bits. You'd only have to process the lowest 64 bits, even though the first 64 zeroes technically exist. Then, a hundred years from now, we could announce that we'd start assigning 001:/64 ten years later, so software would need to start paying attention to that additional bit. Of course we'd have 256-bit CPUs by then.

Re:64 allows 2 billion IPs per person. 2GB limits

[unixisc]

Or make custom CPUs just for routers. They don't need to use Atoms: something like a customized 128-bit MIPS would do the trick. And such a CPU would just need those instructions needed by a router, and could get rid of everything else.

In normal computing, I doubt that we'll ever even get to surpass 64-bit computing, where we need more than 2^64 bytes of memory that need to be addressed. If you addressed all the RAM, Flash and Hard disk storage, I still doubt you'll exceed 64 bits.

Re:64 allows 2 billion IPs per person. 2GB limits

[Dagger2]

I think overkill was the right call. I'm not convinced that 64-bits would be sufficient for everybody to get away with NAT indefinitely. I think it might be, but even if so I think realistically ISPs would've given allocations that were too small.

Case in point: ISPs giving /60s or even /64s in 128-bit v6, even though they easily have enough space to do /48s. In a 64-bit v6 world, that would probably translate into people getting 256 individual address or so, which technically is enough for "most" people today but actually starts to look really tight when subnetted or if you include future growth. That would lead to NAT, and I don't think that's a risk we should've taken.

And being bothered about how 128 bits don't fit neatly into a register is being bothered over nothing. It just doesn't matter that much. Very few systems are constrained by how many millions of IP addresses they can add together per second. Common-place NAT would (does) have a much bigger impact on people's lives, and it's much more important that we avoid that.

Re:64 allows 2 billion IPs per person. 2GB limits

Why a fixed length? Why not variable length IP addresses? That would be one way to future proof things. Although, I think I'd still favor a 64-bit address space instead.

My issue with legacy hardware and software not being compatible with IPv6 will probably "resolve" itself in 2038 anyway.

1000% performance penalty on Ivy Bridge

[raymorris]

64-bit CPUs *can* process 128-bit numbers, or anyway they can run code that emulates it. And it takes ten times as long compared to using native 64-bit types. Your mileage may vary, of course, but that's one benchmark on an Ivy Bridge - a 1000% performance penalty.

Actually try working with 128-bit numbers, IPv6, in common software like SQL Server. There IS no 128-bit unsigned number in SQL Server. You *can* jack around binary types, I have. It's a time-consuming pain in the ass. Speaking of databases, you may have noticed disks are WAY slower than CPUs, RAM, etc. So the bottleneck for performance on well-designed systems is how much data you have to read from disk. If the data is twice as big, you have to read twice as much, and you get half the performance (assuming you didn't add a stupidity bottleneck elsewhere).

64 addresses were provide enough for 2 billion addresses per person. That's already a ridiculously large number.

A compromise position would have ben to *define* IPv6 addresses as 128-bit, and only assign addresses starting with 64 zero bits, for the next couple hundred years or so. That way you'd only need to *process* the lower 64 bits for the next century or so. 200 years from now, we'll have 256-bit CPUs running on 256-bit busses, so it'll be easy to start processing the higher bits at that time, if we need to.

Re:1000% performance penalty on Ivy Bridge

[thegarbz]

And it takes ten times as long compared to using native 64-bit types.

Depending on operation it should take twice as many calls.

in common software like SQL Server

Border gateway routers do not run SQL Server.

Actually they don't run Ivy Bridge platforms either. None of what you say and your talk about CPUs is at all relevant to moving our data around on the internet except for maybe a microscopic penalty at the end point which now in addition to having to serve the content to the client needs to add a few bits to the packet.

We wish

[raymorris]

>> And it takes ten times as long compared to using native 64-bit types.
> Depending on operation it should take twice as many calls

Figure out how to manage that and I'll make us both billionaires. Maybe you'd care to demonstrate by showing us how you can two add 4-bit numbers using 2-bit operations.

Are you under the impression that border routers are the only thing that ever sees IP addresses?

Re:We wish

[unixisc]

Already, IPv6 consists of 2 parts - the global prefix, which is assigned from IANA right down to the subscriber, and then the interface ID, that is either autoconfigured or can be assigned using DHCPv6 or manually. Treat those 2 things separately, but when forming the address, couple/concatenate the global prefix w/ your interface ID. Job done.

Unless you are busy playing w/ things like loopback address ::1/128, or home ::/128

I had to switch IPv6 off

[lars_stefan_axelsson]

I had to switch it off. All of a sudden Netflix decided that my registered tunnel with my own IPv6 subnet was an indication of me not being in the place I was supposed to. So netflix just stopped working. (I'd cut them off by that point, but the rest of the family didn't see it that way...)

So the final and workable fix was to switch off IPv6 on my internal network. Now it's only my gateway that is v6 routable.

Talk about "giant leap for mankind" backwards. Thanks Netflix. (Or rather "MPAA" I guess.)

Re:I had to switch IPv6 off

[redcliffe]

I've got IPv6 Dual stack here and it works fine with Netflix. The netflix traffic is using IPv6.

Re:I had to switch IPv6 off

[lars_stefan_axelsson]

I've got IPv6 Dual stack here and it works fine with Netflix. The netflix traffic is using IPv6.

Yes. With native IPv6 Netflix works well and prefers that. It's only that many of us can't get native IPv6 and have to resort to tunnelling. That has worked well for years. However, since Netflix now bans VPNs they also ban IPv6 tunnelling, even though my tunnel ends in the same country I'm located in (and is registered in my name).

You can do it the same, or 1:1 nat (not PAT)

[raymorris]

You can get an IPv6 assignment:
https://www.ripe.net/publicati...

You also use the opportunity to no longer need to work with the next ISP to have your addresses routed by using one-to-one NAT (not the far more commom port address translation, which is yucky). With one-to-one NAT, each machine still has a seperate IP, you can just map the network prefix from FF08:x to BEEF:x or whatever at the router. You can change ISPs instantly in an emergency.

Re:You can do it the same, or 1:1 nat (not PAT)

[Pentium100]

We can change the ISPs pretty much instantly now. We just change the priorities and prepends on our BGP router and traffic now goes through the new ISP.

Might save me a lot of time, except SQL is signed

[raymorris]

You got me thinking. You're right,

If SQL had a 64-bit unsigned int, I'd use a pair of them. Alas, it doesn't. Postgres has an IP type which works, but my design has to work for SQL server. On the other hand, Microsoft SQL server does have decimal type, numeric. Hmmm ..

On the third hand, the idiot before me decided to store 32-bit integers (ip addresses) as four seperate bytes, in four separate columns (in some tables). That's pretty silly. So when rewriting it to handle IPv6, my first step would be to bring some sanity to the situation by storing each single number in a single column. However if I don't fix it, I can change those four byte columns to four signed 64s (or decimals/numerics) . That would allow a pretty clean conversion, though it preserves the silliness using four columns to store a number.

You're right, though, the IP legitimately is two 64-bit numbers. Unsigned, though. Damn Microsoft.