Vint Cert Warns IPv4 Users: 'Time To Get With the Program'

An anonymous reader quotes ZDNet: Vint Cerf notes that the world ran out of IPv4 address space around 2011, some 13 years after internet engineers started sketching out IPv6, under the belief back then that IPv4 addresses would run out imminently. Since 'World IPv6 Launch' on June 6, 2012, significant progress has been made. Back then just one percent of users accessed Google services over IPv6. Now roughly a quarter of users access Google over IPv6. But Cerf noted that "it's certainly been a long time since the standards were put in place, and it's time to get with the program"...

The Internet Society's snapshot of IPv6 in 2018 notes that Google reports that 49 countries deliver more than five percent of traffic over IPv6. There are also 24 countries where IPv6 traffic is greater than 15 percent, including the US, Canada, Brazil, Finland, India, and Belgium. Additionally, 17 percent of the top million Alexa sites work with IPv6, while 28 percent of the top 1,000 Alexa sites do. Enterprise operations are IPv6's "elephant in the room", according to the Internet Society. Around 25 percent of all internet-connected networks advertise IPv6 connectivity, and the Internet Society suspects that most of the networks that don't are enterprise networks.

Verizon Fios doesn't support IPv6

[ebrandsberg]

it is 2018, and as of today, Verizon FIOS still doesn't support it. Why? Who knows.

Re:Verizon Fios doesn't support IPv6

[Z00L00K]

Neither do Telenor, and maybe it's time to spam the support of the various ISPs with request for IPv6.

Re:Verizon Fios doesn't support IPv6

I never had a problem with IPv4. This article is just alarmist BS.

Re:Verizon Fios doesn't support IPv6

Neither does Cox, even though they keep saying they're going IPv6 complaint for years.

Re:Verizon Fios doesn't support IPv6

As long as you're OK with not being able to communicate with a service which is only reachable via IPv6 then you're all set.

Re:Verizon Fios doesn't support IPv6

Nothing important uses only IPv6.

Re:Verizon Fios doesn't support IPv6

Virgin Media are still ipv6 virgins.

Re:Verizon Fios doesn't support IPv6

No such services exist nor will exist for some time, a company would be shooting itself in the foot to offer a service IPv6 only when such a small percent of the internet population could use it.

IPv6 is no better, faster, more secure than IPv4. It just gives more address space. If anything it is less secure to the average user because it is going to present internet routable addresses to all their internal LAN devices. This will be just like the practice that has been considered bad of directly plugging an IPv4 PC straight into a cable modem with no router in between. Hackers are going to be able to probe and attack your devices with public facing IPs.

The average internet user is going to have no clue how to properly firewall their home connection with all the internal devices having publicly routable addresses, it wont be as simple as slapping a NAT router between their modem and LAN

ISPs are going to love it though, since they will get to see just how many devices a home user had hidden before behind a NAT router. I can already see the new pricing structure $65.99 for 100/10 service for up to 5 devices. $10 up charge for each additional device.

Re:Verizon Fios doesn't support IPv6

[locofungus]

With privacy addressing, which almost everything IPv6 uses, it's hard to probe for devices.

It's not something to rely on, and 1x1 pixel images will be used to get the victims IP from phishing emails, but even if IPv6 routers do allow inbound connections by default (mine doesn't) it won't be an instant disaster ( NAT can be bridged if you can get the victim to start the connection)

Re:Verizon Fios doesn't support IPv6

I'm on an IPv6 internet connection right now. My Mac can currently see 15 of my neighbors' machines advertising themselves via Bonjour. I double-clicked on one, and it automatically made an anonymous connection successfully and showed me files (I immediately disconnected, I just wanted to see whether it was just advertising or if it would let the data packets through). Yes, they should have their machines better secured, but that wouldn't be possible with almost any off-the-shelf IPv4 internet connection. I'm not sure I believe anyone doing too much hand-waving about the lack of security issues with deeply-addressable home IPv6 networks.

Re:Verizon Fios doesn't support IPv6

And you used to be able to do the same when IPv4 didn't have firewalls properly setup at the ISP level, so Windows (SMB/CIFS) network shares would work across the internet. That's just the ISP being poorly managed; nothing to do with IPv6.

Re:Verizon Fios doesn't support IPv6

This really shouldn't be the job of the ISP. It should be the job of the router/firewall where your internet connection comes into your network. What are ISPs to do, they dont know what services may need to be blocked or not. Maybe they should just firewall all the ports except 80 and 443? ISPs back in the day did block SMB sharing because at that point there were no consumer level routers out there. I remember the internet before the 1st linksys router came out. Once those routers were on the market they effectively blocked anything like SMB sharing from advertising and being accessible to the world.

But this post just exemplifies the issues with IPv6

Re:Verizon Fios doesn't support IPv6

a company would be shooting itself in the foot to offer a service IPv6 only when such a small percent of the internet population could use it.

That's so cute, when you think of internet services, it's always some company.

Re:Verizon Fios doesn't support IPv6

Charter does not either (at least in my area)

( I specifically asked for it )

Re:Verizon Fios doesn't support IPv6

You're talking about border routers at the ISP. Even if the ISP has their border routers configured to deal with these kinds of traffic on IPv6 the GP was talking about being able to access other customers' computers inside the same ISP - something border routers won't even see. The problem GP is talking about is poorly configured modem/routers allowing all and sundry IPv6 traffic into the customer network.

Re: Verizon Fios doesn't support IPv6

Ipv6 works on cox for a couple years now

Re:Verizon Fios doesn't support IPv6

[Ingenium13]

Yup, it's really obnoxious. They've been saying they're getting ready to deploy it for years now... Verizon Wireless uses IPv6, though I know they don't really share any infrastructure. I guess they figure that they have enough IPv4 addresses to handle all their customers and potential customers for the foreseeable future...

Re:Verizon Fios doesn't support IPv6

[93+Escort+Wagon]

With privacy addressing, which almost everything IPv6 uses, it's hard to probe for devices.

While this is true, I think that privacy addressing is, in some ways, oversold - when it comes to generally tracking people around the internet, for instance. Take Comcast's IPv6 deployment, for example. We have a /64 at home which hasn't changed in well over a year. That's been great for work-related stuff; but anyone interested in our household's web browsing history would also find our data to be pretty easy pickings - they just wouldn't know if it was my wife, my daughter, or myself that hit a particular page (from the log data, anyway).

For my own laptop, in any case, I just turn the privacy extensions off.

Re:Verizon Fios doesn't support IPv6

[sjames]

You haven't a clue. For the end user it will be exactly as easy as slapping a NAT router between their LAN and modem, only it will also include the simple IPv6 firewall rules that provide the equivalent protection for IPv6. Many common consumer devices do that right now. They're just waiting for ISPs to support v6

On the server side of the fence, many would dearly love to have v6 capability widespread enough that they could run v6 only servers and not have to fill out justifications that require a crystal ball and a colonoscopy to complete.

Re:Verizon Fios doesn't support IPv6

[sjames]

In many cases, the ISP supplies the router as well as the modem.

I have IPv6 on my Comcast service and have no issues like that. If Comcast can get it right, anyone can.

Further, since the cable modems are point to point with the head end, the ISP certainly can and should be droping the non-routing addresses that are used by Bonjour and similar discovery protocols. No need to do anything draconian, just do as the spec says to do.

Re:Verizon Fios doesn't support IPv6

[omnichad]

They have 6rd, but not native.

Re:Verizon Fios doesn't support IPv6

[Junta]

It *could* be as easy as slapping a router in the middle.

The problem is the failure mode of the vendor getting NAT wrong versus getting a firewall mechanism wrong. If the vednors botches the NAT, they can't get through their test and can't ship.

If the firewall rules are incorrect or inadequately implemented, well the routing still works so they probably ship it anyway.

Even if they can work, it's *much* easier for applications to say "open up your firewall" versus "make your computer have a routable IPv4 address.

Re:Verizon Fios doesn't support IPv6

[sjames]

Applications can already arrange for a v4 port to be forwarded using upnp.

Re: Verizon Fios doesn't support IPv6

Flat earth NAT huggers!

Re:Verizon Fios doesn't support IPv6

you my fellow anon are spot on correct!
FUD PURE AND SIMPLE!

Re:Verizon Fios doesn't support IPv6

[WoodstockJeff]

I can get IPv6 at home if I have a non-business account. I can't order it for my Comcast Business fiber at the office, or for my Comcast Business account at the house, because Comcast doesn't "do" IPv6 for BUSINESS accounts yet.

Difference between "business" and "residential"? Primarily fixed IPs. My Comcast drop here at the house is fixed IP, my neighbors are dynamic, changing regularly. But they can have dynamic, changing regularly IPv6.

Re:Verizon Fios doesn't support IPv6

[Unbeliever]

I'm on Spectrum (née Charter) and am on native IPV6. (Pasadena area) They've actually had it for a while, but I didn't get it until I recently bought a new Cable Modem.

Re:Verizon Fios doesn't support IPv6

[Cyberax]

Talk to Comcast representative again. They do business IPv6 just fine. They also do it the right way, by prefix-delegating you a /48 network.

Re:Verizon Fios doesn't support IPv6

go for resi and do dynamic DNS. works like magic if you have some server or smth.

Re:Verizon Fios doesn't support IPv6

[locofungus]

I have a static IPv4 address anyway. Previously, although it wasn't static, I kept it unless I disconnected for at least an hour - so effectively it was static.

But this is orthogonal to NAT as a firewall. ISPs could offer changing prefixes the same way they offer changing IPv4 IPs and some may do that so as to have 'static' addresses for premium business services.

Re:Verizon Fios doesn't support IPv6

[tlhIngan]

With privacy addressing, which almost everything IPv6 uses, it's hard to probe for devices.

It's not something to rely on, and 1x1 pixel images will be used to get the victims IP from phishing emails, but even if IPv6 routers do allow inbound connections by default (mine doesn't) it won't be an instant disaster ( NAT can be bridged if you can get the victim to start the connection)

Who cares about probing for devices - with IPv6, it means every device is now trackable all over web. Without cookies, super cookies, or anything. It's almost too easy to track someone using IPv6, given that their IP address will basically stay the same. Add a cookie, and you can track people even when their IP address changes. Isn't this Google or Amazon or Facebook's ultimate dream?

Tracking users on IPv4 requires more work, because their IP is meaningless - with NAT, who knows how many people are behind it. And if you're someone like Google or Facebook, you can have easily 1-5 people you need to individually track behind 1 IP address, making IP addresses useless for tracking other than "You may know these people".

But with IPv6, it's so much easier - everyone's got their own address, and other than perhaps a shared PC (do they exist?) every IP address will basically be for one person only, so you'll have maybe 1-3 devices (IP addresses) belonging to 1 person - phone, tablet, computer. Once you know what those IP addresses are, that person's internet usage is much easier to track.

Oh, they can still do the "You may know X" thing by assuming most households would have a /64 and looking at the prefix, but now they can individually identify a person by IP address makes tracking so much easier.

And the RIAA and copyright cops would love it too - now an IP address can lead to a single device, so much easier to get warrants out for single devices that can be positively identified. And forensic capture can then identify the individual user and party responsible for "copyright infringement damages". No longer can people rely on the "one IP address cannot identify individuals" defense anymore, when for most devices, it positively can. Or the whole "someone hacked my WiFi".

It's almost as if someone will have to make a box that does IPv6 NAT just to restore a modicum of privacy, or at least, destroy any notion that a single IPv6 address can identify a single device.

Re:Verizon Fios doesn't support IPv6

[Bert64]

What's needed is for large companies like google and facebook to offer benefits to ipv6 users, such as early access to new beta features etc, and then promote this... Currently very few users are demanding ipv6, so most isps can get away with not offering it. If large numbers of users start asking for ipv6 and switching to providers which already offer it, then providers will very quickly start implementing it.

Microsoft actually state that the xbox one will work better with ipv6, so that's at least a start and some xbox users ask for ipv6.

Re:Verizon Fios doesn't support IPv6

[locofungus]

It would be better if you hadn't quoted the first line of my post before writing your ill-informed rant.

Re: Verizon Fios doesn't support IPv6

Yet.

Re:Verizon Fios doesn't support IPv6

[Bert64]

If you've never had a problem with ipv4, then your use of the internet must be pretty limited...

Getting new ipv4 addresses to host anything is now much more expensive.
NAT breaks many things, so now instead of being able to connect back to your machines at home you have to rent a server somewhere and open a tunnel from your home network to the hosted server.
p2p file transfers and p2p communication (eg gaming) are broken by nat, you have to involve an intermediate host - either a server you rent for yourself, or a third party who can snoop on your traffic.
And no, NAT is not a security feature - its a kludge to cope with a lack of addresses, a stateful firewall is what will prevent unwanted inbound connections and all consumer level ipv6 routers deny unsolicited inbound connections by default.

When your using a third party server like this, not only do you give up your privacy to the owner of that server, but you also rely on their goodwill to keep the server running. Despite the fact that quake was released in the 90s, today i can fire up a quake server on a non natted address, share the address with my friends and we can have a game. This doesn't work if you are behind nat, and games which require developer-supplied servers probably wont still be playable 20+ years later.

For work i have point to point vpn links between our central office and our clients networks to facilitate devices that we manage for them...
It has to be an outbound connection initiated from the clients to our network because many of our clients are behind nat gateways controlled by the ISP so we can't connect directly to them and the provider charges a lot more for a dedicated ipv4 address.
Also on the vpn links, many companies use overlapping internal address space (192.168.0.x etc), which becomes very messy when we're trying to address devices over the vpn as there will be many networks and devices using the same addresses. IPv6 solves this nicely as everything can have unique addresses.

NAT also causes other problems for ip based blacklists and ips systems - traditionally you could block abusive users by their ip address, if you do that now there might be thousands of customers from the same provider behind the same ip. If you block one address you block all that provider's customers and if you leave it open you invite further abuse. Conversely many innocent users find themselves on blacklists because other users of the same provider did something or became infected with some kind of malware.

Re:Verizon Fios doesn't support IPv6

[arglebargle_xiv]

This is half the reason why it's now the twenty-year anniversary of IPv6 failing to launch. IPv6 has now been around for longer than IPv4 (counted as the time between RFC 791 and RFC 188x) and it's still perpetually "the other protocol", the novelty thing that you use from time to time for a lark until you go back to the one that works. It's the Duke Nukem Whenever of network protocols.

The other half is that we've been told the IPv4 sky is falling so many times now that the response to any new claims are "oh god, is it that time of the year again?". For the vast majority of users, there's simply no incentive to switch, no matter how many times someone tries to scare them into it.

Re:Verizon Fios doesn't support IPv6

[Bert64]

The average user has no clue how to firewall anything anyway, and many ipv4 nat routers provide mechanisms for internal devices to arbitrarily open ports... Just look at the prevalence of security cameras and other iot devices on the internet with default passwords.
If anything, ipv6 will help in this regard because it will make it far more difficult to locate these devices. Scanning the entire ipv4 internet is easy and fast, scanning even a single /64 of ipv6 space will take years.

Consumer level routers do not allow inbound ipv6 connections by default, although many offer mechanisms to open connections on demand - this is no different to the ipv4 status quo.

ISPs will have no idea how many devices you have because of the privacy addressing, whereby your system continuously allocates new random ipv6 addresses within your /64 address space. They will however still be able to use techniques like monitoring for cookies and other unique identifiers, which they can already do with ipv4.

Re:Verizon Fios doesn't support IPv6

[Bert64]

You misunderstand how privacy addressing works...
Periodically your system makes outbound connections from a different address, so a single user might use hundreds of different addresses within a /64, and once the address has been rotated there is no way to tell what address that device has now.
You'd only be able to track to the prefix, which is no different than ipv4 when you track to the nat gateway.

The RIAA and copyright cops HATE ipv6, they love NAT because it breaks p2p protocols. A centralised service is much easier to shut down, and requires much more bandwidth to operate.

Re:Verizon Fios doesn't support IPv6

This is half the reason why it's now the twenty-year anniversary of IPv6 failing to launch. IPv6 has now been around for longer than IPv4 (counted as the time between RFC 791 and RFC 188x) and it's still perpetually "the other protocol", the novelty thing that you use from time to time for a lark until you go back to the one that works.

Available stats show a nearly exponential rate of increase in usage.

We've been using IPv6 in production for years. Today the majority of our traffic by volume is IPv6.

But yea "novelty thing".

The other half is that we've been told the IPv4 sky is falling so many times now that the response to any new claims are "oh god, is it that time of the year again?".

Amazing how accurate the predictions were in accurately predicting run out at each of the RIRs.

The sky already fell on peers having the capability to effectively communicate between themselves. Everyone has been living with consequence being made worse by continuing deployment of CGN.

For the vast majority of users, there's simply no incentive to switch, no matter how many times someone tries to scare them into it.

Well duh. Most end users don't know or care what version of IP is being used at all.

ISP lights up IPv6, customer systems automatically switch over as designed with no visible change.

Old router breaks and IPv6 is lit up as a result of installing replacement. Same story... no visible change.

What the customer may notice is that performance increases or some things such as video, voice conferencing and real-time games now work better than they once did yet they are unlikely to know why. Millions of users have been transitioned to IPv6 automatically without having or needing to care.

The real benefits will come when everyone can reliably prime SPIs for direct communication between themselves and applications can leverage that.

Re:Verizon Fios doesn't support IPv6

[Bert64]

What the customer may notice is that performance increases or some things such as video, voice conferencing and real-time games now work better than they once did yet they are unlikely to know why. Millions of users have been transitioned to IPv6 automatically without having or needing to care.

Well that's the problem, users aren't aware of the advantages of ipv6 and aren't demanding it from their providers.
If there are user-visible reasons for using ipv6, then users will start demanding it and providers will have to offer it.

Google for example often run beta features for a limited audience, if they were to make these beta features ipv6 only to start with then word would soon spread and people would start demanding ipv6 or recommending providers that already offer it.

Re:Verizon Fios doesn't support IPv6

[Z00L00K]

So if Steam suddenly says that in order to play this game in 4K you need IPv6 then people would really take note and ask their ISPs for it.

Re:Verizon Fios doesn't support IPv6

[anon+mouse-cow-aard]

IPv6 is an unequivocally good thing to get to, and I live in pain of IPv4 NAT (large environment) every day, and suffer greatly for it. Youre hurting me... Others in similar pain lashed out and called you clueless but didnt explain why, and abuse is unlikely change your mind. So here is an explanation:

DHCPv6 exists and is now being adopted, so any strategy used to allocate addresses in a LAN still works. You can have a lease that lasts 10 minutes if you want, and force use of a different address every time. A house typically gets one static IPv4 address. in IPv6 it typically gets a /64, which contains 2 billion entire internets, so the DHCP in any house can allocate addresses anywhere in 2 billion billion addresses and change them at the frequency they desire. good luck mapping that. I dont see any decrease relative to IPv4.

now you are probably referring to RA/SLAAC, which used to allocate an address that was calculable from the prefix and the MAC, and so easily traceable. in 2007 RFC4941 added privacy extensions which de-couples the addresses from the MAC, and uses explicitly temporary addresses that last a few days at a time at most, and its implemented everywhere. The addresses you are given are not calculable from anything, and they are not any more traceable than your public IPv4 on a NATed connection.

Using IPv4 and NAT everywhere forces people to do (fake) *peer-to-peer* using an intervening node to make contact, which is a great place to spy on people. Proper use of IPv6 would allow end-to-end (real peer-to-peer) and make spying much harder.

If you are concerned about something other than the above, then please mention it, and we will go through it. Please look into the technologies you are spouting off about and check for yourself, You will find that privacy and anti-snooping is at least as good on IPv6 vs. IPv4.

Re:Verizon Fios doesn't support IPv6

[The-Ixian]

And no, NAT is not a security feature - its a kludge to cope with a lack of addresses, a stateful firewall is what will prevent unwanted inbound connections and all consumer level ipv6 routers deny unsolicited inbound connections by default.

That's like saying that the front door to your house is not a security feature because its primary purpose is to allow you to enter and exit your house. Of course NAT is a security feature. NAT drops unsolicited packets.... that's a security feature. Yes, a sateful firewall will do the same.... but that just means that the two have overlapping functionalities.

I do agree with you that NAT is a workaround and life might be a little easier without it....

Re: Verizon Fios doesn't support IPv6

Yeah, cool story bro.

As with everything in life, I'll worry about that bridge when I get to it. For now, it's a loooong way off and I have more important things that I would rather focus my attention on.

Re:Verizon Fios doesn't support IPv6

[WorBlux]

NAT is not inherently a security feature especially if combined with UPnP or unupdated routers or those with default credentials. Most of it's security comes from the fact you have to set up a stateful firewall to do so. Any properly configured home gateway will implement the stateful firewall rules for ipv6.

Most people get their gateway device from the ISP,who could easily export `wc -l /var/lib/misc/dnsmasq.leases` or similar to find the number of devices on the network. They don't do it because everyone knows that pricing structure is BS, and one of the 5 devices could be doing NAT anyways.

Because of the shortage of IPv4, ISP's are already implementing NAT on their distribution lines, meaning anything behind a home gateway is going to double NAT'd, which is absolute hell to do anything peer to peer, especially if the other peer is also double NAT'd. It's a terrible kludge to avoid the cost many extra routable public addresses, that provides a bit of security as a side effect of it's implementation.

Re:Verizon Fios doesn't support IPv6

[WorBlux]

NAT doesn't drop unsolicited packets, the statefull firewall does (specifically the INPUT chain of the configured do a default of drop). The firewall then has a rule that also accepts packets related to existing established connections. NAT gives now outbound connection a way to look like they were from a valid public IP, and get routed back to the original source. (This could be a private IP with no other way to route packets to, or public IP that can be routed to normally.) You can also set up a 1:1 NAT that does no filtering whatsoever, just overwrites the source or destination address and forwards it on it's way.

Re:Verizon Fios doesn't support IPv6

Of course. Nobody wants to provide a service that isn’t reachble through some ISPs.

My ISP makes a big deal about supporting IPv6, but the last time I checked this is an opt-in by contact their support and you have to configure a PPPoE connection manually. It‘s depressing.

Re:Verizon Fios doesn't support IPv6

[ebvwfbw]

How do you know? If you had ipv6 turned on you should see an address, even if it's a mac address generated one.

Get a later computer, load a real OS like Fedora. Not sure if Debian has taken the code from RedHat to support IPV6 yet. Took them a while to get the network stuff that RedHat wrote into their production years ago. Hook it up to the router, fire it up and see if you get an address.

I've been IPV6 for years. It's not all a bed of roses though. Google for example supports ipv6, however from time to time I can't get to them using ipv6. I have to turn off ipv6 so it'll make it use ipv4. Works fine. Sometimes I can't get to any of the google machines, last time (yesterday) it was just the google search page itself. Symptoms are it'll just sit there and won't load. I can get to other places fine. Then if I leave it alone for a while it'll start working again. Nothing changed on my side, it's all static out to my firewall.

Hope you're running your own DNS as well. We don't need to use the providers stinkin' DNS.

Re:Verizon Fios doesn't support IPv6

[arglebargle_xiv]

Available stats show a nearly exponential rate of increase in usage.

So after the first user when the RFCs were published there were two the next day, four the next, eight the next, and at the end of the month the entire world was on IPv6? Wow, I didn't know. Thank you for enlightening me.

Given that the rest of your claims are presumably just as accurate as this one, I'm going to file them under the "complete bullshit" category.

Re:Verizon Fios doesn't support IPv6

[Bengie]

The doubling is every year or so, not every day, and it was pretty static prior to 2011.
2009: 0.23%
2010: 0.25%
2011: 0.23%
2012: 0.41%
2013: 1.09%
2014: 2.78%
2015: 5.95%
2016: 10.07%
2017: 16.42%
2018: 21.97%

Re:Verizon Fios doesn't support IPv6

[Bengie]

It's more like saying the "do not enter" sign on your front door does not add any security. The best part about NAT is how many firewalls require UPNP to work and listen on the WAN for UPNP. Over the years, I have seen attacks against random crappy implementations of NAT that were much worse than if they just had public IPs., like being able to make a device on the Internet look like a local private IP and other random crap.

Re:Verizon Fios doesn't support IPv6

Anyone sane disables UPNP as soon as you login to the admin interface of a new router

Re:Verizon Fios doesn't support IPv6

When I want to remote to one of my computer at home I open Chrome Remote Desktop, click on the computer name, and magically get connected to my home computer(s). Works perfectly every time and tunnels through the corporate firewall with ease. Not to mention, it is 100% free.

Re:Verizon Fios doesn't support IPv6

[Bengie]

IPv6 is actually faster. IPv6 has a fixed sided header and much smaller routing tables. And not just smaller because it's in less use, but drastically smaller because the virtually unlimited address space has virtually zero fragmentation. Fixed headers alone makes IPv6 much easier for ASIC implementation in routers, plus no CRC.

The way IPv6 is setup, it makes routing easier to manage and easier to implement in the hardware. IPv4 fragmentation has been horrible. I read some IPv6 blogs many years back where the regional network admin said IPv4 fragmentation forced them to have more hops. Their IPv6 routes were able to shave 5-10ms in hops because they have plenty of IPs to waste.

Fragmentation is becoming a serious issue. ASICs have limited memory for their TCAMs. I think they have O(n^2) transistor scaling. While you could throw more transistors at it, it also increases the latency because.. Physics.. Some networks are having to play games with routing in order to limit the number of IPv4 entries in a given router in order to not overflow the TCAM. Overflowing the TCAM can result in many symptoms depending on the implementation. Might drop an arbitrary entry causing BGP rebuild DOS, might just not route the packet, might fail over to software and run 100-1000x slower.

In practice, IPv4 and IPv6 are typically similar in performance, but Ipv4 can be quite a bit slower or have unexpected failures due to routing complexities in rare cases that are becoming more common.

Re:Verizon Fios doesn't support IPv6

[sjames]

But what really happens is the average internet user buys an AP/router, gets the teen next door to plug it in for them, and done.

Re: Verizon Fios doesn't support IPv6

[stroxor]

Yes you are right. I will now remove all 4 keys to my apartnent because thanks to Y.O.U. (Yetti Obscedance is Unhealthy) I know that they are unnecessary. Thank you so much period because you are Wright.

Re:Verizon Fios doesn't support IPv6

So if Steam suddenly says that in order to play this game in 4K you need IPv6 then people would really take note and ask their ISPs for it.

And those gamers would find out pretty quick that their ISPs don't give a flying F**K about user demands for IPv6.

ISPs will enable IPv6 when they are thoroughly satisfied that they can offer the same levels and types of service as they do with an IPv4-based infrastructure.

Having once worked for a very very large wireless company (100+ million subs) in the USA I can tell you with the utmost certainty that we didn't turn on IPv6 overnight. The process took about 4 years (start to finish) to sort out all of the impacts on services & systems, new handset requirements (no backporting of IPv6 support), network infrastructure hardware & software changes, actual nightly change control work, etc. The phones you get from them for the past 5 to 7 years are "dual stack" IPv4+IPv6 with IPv6 being prefered over IPv4 for Internet access like Google and Facebook (to name a few).

So Vint Cerf can whine all he wants about people needing to get on IPv6, but if Vint had ever gotten "his hands dirty working at an ISP" for more than 30 seconds in his working life, then he would have learned that business decisions like turning on IPv6 do not happen overnight. I am right to accuse Vint Cerf of not understanding the technical realities of the actual work because he is now little more than a "stuffed shirt" who has been away from the code and tools for too long.

I have absolute boxcar loads full of spite and derision for ISPs that haven't managed to enable IPv6 on their networks by now.

It's 2018 after all and where I used to work we accomplished this task for our customers AND internal usage by the end of 2009.

Re:Verizon Fios doesn't support IPv6

[dave420]

You are making a bunch of mistakes in your description of IPv6. You might want to stop.

This sucks!

[stroxor]

I mean I love my Ipv4 address! couldn't they let me use that 4ever? Why Vint whyyy

Re:This sucks!

[Z00L00K]

You can keep your IP address, 192.168.1.42

Re:This sucks!

You can keep your IP address, 192.168.1.42

Hey! that's the IP address of my luggage.

Re: This sucks!

[stroxor]

You have a cool luggage can I connect with it?( Pastor) Yes. Yes. Change your rings or else Samara will come!

Re:This sucks!

[RandomFactor]

192.168.1.x is just too damned crowded.

I moved to 192.168.2.x ages ago.

Re:This sucks!

Hehe, mine's 192.168.0.42

Re:This sucks!

[Megane]

I got me a block in the 10.x.x.x space, shhhh, don't tell anyone else about it!

fear, lack of training, lack of compatability

The few managers and consultants I've talked to dislike ipv6 because

They do not want to type long ipv6 addresses. (their or their client's DNS is probably not setup well)

They fear incompatibility. (mostly I heard Exchange Server, which might still need netbios names (I'm not talking wins), even thought microsoft said with Active Directory you don't need netbios resolution, but you do...

Perhaps microsoft should have an end netbios campaign, like they did with ie6.)

Re:fear, lack of training, lack of compatability

dislike ipv6 because They do not want to type long ipv6 addresses [..] They fear incompatibility.

Valid concerns neglected by the 'pro-ipv6' camp.

Meanwhile in other news, it was advocated against a proposal for a 1:1 mapping from IPv4 to IPv6.. which would/could solve a lot of issues. But had a theoretical issue.

The network world needs to become more pragmatic. I don't care if IPv6 lasts for 150 or 200 year, because hopefully in that time we moved to something better, and if not, we will see by then. In our world today we have practical issues which are not solved by a migration to a theoretical perfect solution - that no-one yet uses. There will be a transition period, and probably even a very long one. IPv4 will not go away anytime soon. So, any compromise that can be made to make a better adaption is fine.

Last 2 cents: personally, i don't like IPv6 too. It's like typing MAC addresses. it's horrible. As far i care IPv5 would have been sufficient for a few decades to come. The people behind IPv6 called this upon themselves. It's only a good solution on paper. It's only a good solution for computers - not for people. Compare to the password debacle - end of the day someone is typing IP addresses and will hate any needless character extra. And i don't blame them.

Re:fear, lack of training, lack of compatability

[FaxeTheCat]

IPv5 had the same address limitation (32 bit) as IPv4, so it would not have solved the address shortage problem.

Re: fear, lack of training, lack of compatability

[stroxor]

Haha. Busted!

Re:fear, lack of training, lack of compatability

[presidenteloco]

Obviously we have to move to the larger address space, but IPv6 was invented by those most dangerous of engineers, those who think they're f'ing clever because they can make something complex and have lots of options.

When making the most core standard imaginable, that's like, the stupidest thing you could possibly do.

Many original core internet standards were widely adopted because they were simple for people to understand and program to.
204.92.16.108 etc is an example of this.

So in short, the IPv6 transition was made way more messy that it should have been, because of fundamentally incompetent design of the new standard.
Multiple ways of expressing addresses? Lots of special little address spaces reserved for this and that thing of the present day? Both of those are complete counterproductive bullshit. For example.

Re:fear, lack of training, lack of compatability

[fahrbot-bot]

So in short, the IPv6 transition was made way more messy that it should have been, because of fundamentally incompetent design of the new standard. Multiple ways of expressing addresses? Lots of special little address spaces reserved for this and that thing of the present day? Both of those are complete counterproductive bullshit.

It seems that the IPv6 designers used the kitchen sink approach and tried to solve multiple (actual, potential, and far-future) problems at the same time rather than the single, simpler problem of the IPv4 address-space exhaustion and that approach made IPv6 a complex mess that's difficult to easily understand. If they had done something simpler, everyone would have switched over by now. IPv6 is another case of smart people doing dumb things - specifically, not thinking things through enough by thinking things through too much.

Re: fear, lack of training, lack of compatability

[Calydor]

Back in the day people could memorize phone numbers, and lots of them. What's the difference between remembering an IPv6 address and, say, four phone numbers in the proper order?

Re: fear, lack of training, lack of compatability

Back in the day people could memorize phone numbers, and lots of them. What's the difference between remembering an IPv6 address and, say, four phone numbers in the proper order?

The letters.

Re:fear, lack of training, lack of compatability

[sjames]

They do not want to type long ipv6 addresses.

That's what copy/paste and mDNS are for. Complaining about that is like griping that they just learned to do a Western Union splice and now people want them to use those diabolical newfangled RJ-45 thingies.

Do they also get mad when they crack the whip and the car doesn't go ant faster?

Re:fear, lack of training, lack of compatability

[sjames]

Quick, don't look it up, what is Wikipedia's IPvv4?

BZZZZZZt

Special addresses, you mean like 10,0.0.0/8 or 127.0.0.1?

Careful or you'll find yourself in the park shouting at clouds.

Re: fear, lack of training, lack of compatability

Back then it was often times just 4 digits plus a commonly used exchange. As you were unlikely to be dealing with a long distance number and probably wrote it down. Off you didn't get it right they were probably in the phone book of you didn't quite get it right.

Re: fear, lack of training, lack of compatability

That reminds me...my uncle Mike's phone number was 353-MIKE back in those days.

Re:fear, lack of training, lack of compatability

[Junta]

Having a private IPv4 address just makes sense, even if alongside IPv6 global addressing. I never need to use global IPv4 addresses manually, there I always rely upon dns. However locally I used htem all the time.

Re: fear, lack of training, lack of compatability

don't forget, he was on a party line with six other Mike's

Re:fear, lack of training, lack of compatability

[WaffleMonster]

It seems that the IPv6 designers used the kitchen sink approach and tried to solve multiple (actual, potential, and far-future) problems at the same time rather than the single, simpler problem of the IPv4 address-space exhaustion and that approach made IPv6 a complex mess that's difficult to easily understand. If they had done something simpler, everyone would have switched over by now. IPv6 is another case of smart people doing dumb things - specifically, not thinking things through enough by thinking things through too much.

The only part of IPv6 that matters is the address space. The rest is noise.

Personally I think 128-bits was a great decision. Not only did it give everyone more room than they'll ever need it also thwarts low effort global scanning and exploitation campaigns. I even like SLAAC for as dumb as it is since it kind of nudges providers not to skimp out and take more of the address space for themselves.

Also going with a completely separate address space rather than mapping across was a very smart move due to pigeonhole principal, network reliability and not inheriting scarcity driven route disaggregation.

Operationally it doesn't matter how much IPv4 and IPv6 peers can communicate with each other. What really matters is reliability. The door was forever closed on address space expansion the moment ink dried on IPv4's fixed address space. There was nothing that IPv6 could do. No matter what you would by necessity be required to expand address space in an incompatible manner.

The naming service in my view is the proper place to advertise support for a particular address space. When I hear people talk about how everyone was dumb and they could have did it different in a more compatible way what I never hear is an operationally viable plan of action.

It is ALWAYS some tired old NAT/tunneling/overlay scheme which fails to provide the same reliability and capability as IPv4 and for which insufficient address space likely remained to properly implement.

Re: fear, lack of training, lack of compatability

[Brockmire]

You generally had same area code and exchange, so you just had to remember 4 digits of your friends number that you actually dialled, not Contacts. And it became muscle memory. I can muscle memory a number pad better than 1-9,0 in a row.

Re:fear, lack of training, lack of compatability

[Bert64]

Exchange does not require netbios, and fully supports ipv6 - infact it can break quite badly if you turn off ipv6 on the server...

IPv6 addresses are easier to remember once you have a moderately sized network - you have a single prefix, and then you pick a sensible addressing scheme underneath that. With ipv4 any larger organisation or provider will have many different blocks, making it extremely messy. We have a /32, then a /48 for each site, and a /64 for each vlan within the site which is designated by the vlan tag id. Much simpler and you know at a glance where on the physical network a given v6 address resides without having to look it up.

Re:fear, lack of training, lack of compatability

[Bert64]

IP addresses are for computers, DNS is for people. Most users will NEVER have to type an ip address.

Re: fear, lack of training, lack of compatability

[Bert64]

If done properly, ipv6 addresses are easy to remember

xxxx:xxxx - your prefix which covers your whole company.
xxxx:xxxx:123 - your site id
xxxx:xxxx:123:10 - vlan id
xxxx:xxxx:123:10::1 - first device (probably router) on vlan 10 at site 123
xxxx:xxxx:123:10::666 - another device

So you can calculate the majority of the address based on where the device is, your prefix will always be the same and then your devices can be numbered 1 upwards... I typically use the first 3 addresses for routers, first 100 addresses for other infrastructure devices etc, dhcpv6 pool is always 1000-2000. I know that the switches are always starting 10, printers always start 20, etc. If you properly plan your addressing, then ipv6 becomes much easier than v4.

Of course, you shouldnt need to worry about addresses anyway, you should be using dns.

Re:fear, lack of training, lack of compatability

[Bert64]

IPv4 has multiple ways of expressing addresses - x.x.x.x, 0x12345678, etc...

IPv4 has extra special reserved address spaces, 224.x for multicast, 127.0.0.0 for local, 192.168 etc reserved for internal use etc.

Re: fear, lack of training, lack of compatability

[Dagger2]

So not really any different then.

Here's the v4 address of my desktop, compared to the v6 address:

203.0.113.42+192.168.1.2, vs
2001:db8:42:1::2

And here are some of the other IPs of machines on the network:

2001:db8:42:1::3
2001:db8:42:1::4
2001:db8:42:1::5
2001:db8:42:1::6

Notice how they all have the same prefix, with just a 1 digit difference at the end? And while I'm here, notice how the v4 addressing is actually longer? If you can handle v4 then you can handle v6.

Re:fear, lack of training, lack of compatability

[Citizen+of+Earth]

All IPv6 has ever done for me is make things not work until I disabled it.

Re:fear, lack of training, lack of compatability

This is a very superficial look at IPv6. When you look at IPv6 from the hardware required to do it fully, it is much simpler than IPv4. So let's see what we got going in the IPv4 space that makes it as complicated and confusing as possible that IPv6 clears up:
1. Not enough addresses so NAT is everywhere. NAT is a hacked disaster especially if you say want stateless connections through your DNAT router or say your job (my job was for a few years) is setting up business to business VPNs, most of which use the exact same 10.x.x.x private IP address ranges, which leads to double NAT hell. Oh yeah and large business NATs and such tend to run out of ports to use and so is a whole other can of worms. All of the security benefits of IPv4 DNAT can be had with IPv6 and more if you just have your firewall, DHCPv6, and client machine stuff configured correctly.

2. Unnecessary and outmoded method of checksumming packets. IPv6 realizes this check is stupid, redundant, and sucks compared to modern integrity check routines happening above and below and so dumped it overboard, meaning it is lighter on resources, important if you want to go fast on the cheap.

3. Crazy scheme of different sized network and subnet splits making tracking this in the global address table hell with overly expensive hardware routers to track this and many people finding their small allotment of public addresses is not enough and so end up with a fragmented mess of subnets to say represent their public facing servers sitting in the same rack in the same data center. IPv6 provides a simple 64-bit network, 64-bit subnet split allowing for a simple logical hierarchy for the global address table and plenty of addresses for your subnet. Actually IPv6 is more secure because you just cannot blanket scan all of these addresses like what I have been seeing nonstop on my home firewall system with IPv4 since day one back in the late 90's when I went from dial-up to behind someone else's firewall to direct cable modem connection.

4. IPv4 has all kinds of crazy and unnecessary things in it such as packet fragmentation when one node along the path does not support the packet size and source routing, which is a security hazard. If you ever go through the IPv4 standard, you can add all kinds of crap to the header in option fields. IPv6 just does away with all of this outmoded cruft making it at the packet level much simpler than IPv4 and so once again makes the hardware to do it cheaper and faster.

5. IPv4 has no scheme of automatic IP subnet assignment for home networking in case you ever wanted use IPv4 the way it was originally supposed to be used. IPv6 requires such a scheme as it forces you do to it right or not at all. Most modern WiFi routers will just automatically do it right and many people have this working without realizing what is going on. It does work fine when both sides properly implement RFC 3315, which I have read through and have made corrections to my firewall's DHCPv6 client when I found it was implemented wrong and the ISP was actually conforming to the specification perfectly (Cox) when I compared the packet captures to the RFC, which was a bit of a tedious process. As my firewall is all open source software, the fault was with brokeness in how the FOSS community has been handling their implementation of RFC 3315, which is unfortunate. At least with it being open source I could make the necessary corrections for myself, but I think my efforts to get things fixed upstream went nowhere due to dysfunction in this part of the FOSS community. Anywho dysfunction in a particular implementation of the standard is not the fault of the standard itself. The standard itself is good as my tests with corrected code has proven.

Re: fear, lack of training, lack of compatability

Nope, you are wrong. The ipv6 is way more complicated with its : :: and letters. Also, the IPv4 is shorter.

192=3 digits
168=3 digits
2 = 1 digit
42 = 2 digits.
_____________
== 9 digits.

Compared to the v6 which is 11 digits.

Re: fear, lack of training, lack of compatability

[Dagger2]

If you're only going to compare the local part of the address, then it's 9 digits for v4 vs 2 digits for v6. Comparing the local part of the v4 address pair with the full v6 address isn't a fair comparison.

Re:fear, lack of training, lack of compatability

[cheekyboy]

what about 1.1.1.1

or do you have a name for that?

Re:fear, lack of training, lack of compatability

[Junta]

Fair point for 1.1.1.1 and 8.8.8.8, though in practice I haven't had to manually enter a public nameserver in an eternity. Of course it's not too hard to imagine an IPv6-alike, say 1::1 or similar, which would be just as easy to remember.

I'm more concerned about the state of name resolution moving into web browsers to ignore system name resolution behavior than I am about IPv6 name resolution.

Re:fear, lack of training, lack of compatability

[tepples]

So how do you set the DNS name of a machine without first buying a domain name? Or should every homeowner be expected to buy a domain name under which to give names to the devices on his home network?

Re: fear, lack of training, lack of compatability

[stroxor]

Best way to tupe an IP address is to take a quill, pour it into ink and write. Thou must wirite ald poem abhout thee adddresss 4509:ghar:0070:0004:0003:0002:0001 :0666:smrA

Re:fear, lack of training, lack of compatability

[Bert64]

Just like every homeowner is expected to buy connectivity and addressing from their isp?
DNS is like email, if you want your own identity you can register your own domain, if you're content to use the same domain as thousands of others then there are many free options, and nothing to stop the isp from allocating a subdomain to their customers.

Plus there is always .local and llmnr/mdns if you don't need global reachability of your hostnames.

Better tracking for the three letter agencies

Vint Cerf remains loyal. After helping to make the Internet easy to track, now he serves his masters by pushing a tech to make things easier, like fixed IPs even when changing networks or ISPs.

Re:Better tracking for the three letter agencies

Precisely. FU Vint.

Re:Better tracking for the three letter agencies

[FaxeTheCat]

You do not keep the IP if you change ISP or network.

Re: Better tracking for the three letter agencies

IPv6 has huge privacy laws. That's why reputable, well-engineered VPNs block it. Until those concerns are patched somehow, no way to IPv6.

Re: Better tracking for the three letter agencies

[scdeimos]

I'm sure you meant privacy flaws. Privacy laws don't even work on IPv4.

Re:Better tracking for the three letter agencies

[ChatHuant]

Better tracking for the three letter agencies

That can't be right, since Vint Cerf hasn't worked for the Department of Defense for a long time now. He's currently working at Google... Oh...

Re: Better tracking for the three letter agencies

[Dagger2]

From what I've seen, those "reputable, well-engineered VPNs" block v6 because they're crap and don't support it. What they should do is exactly the same thing they do for v4: put the traffic down the VPN.

v6+privacy addresses is no worse than v4+NAT for your privacy. Both of them are crap, of course, because they let you connect to web servers which track you via cookies and browser fingerprinting, but there's no reason to avoid v6 on this count.

Re: Better tracking for the three letter agencies

[dave420]

It's quite the opposite, actually. IPv6 can do wonders for privacy.

but why slashdot still doesn't use IPv6?

It looks like slashdoters are still stuck with XX century protocol

Re:but why slashdot still doesn't use IPv6?

proabably they are scarred of it

Re:but why slashdot still doesn't use IPv6?

[DontBeAMoran]

And you're stuck with first century numerals.

Re: but why slashdot still doesn't use IPv6?

Show us your RFC for IP v7, then.

IP6 Is a XX century protocol as well.

Re: but why slashdot still doesn't use IPv6?

Show us your RFC for IP v7, then.

IP6 Is a XX century protocol as well.

In fact IPv6 has been standardised in 2017, see https://tools.ietf.org/html/rf...
BTW, there was even IPv9 and it wasn't a Chinese joke.

Re: but why slashdot still doesn't use IPv6?

[Megane]

You can find out all there is to know about IPv7 here.

Ipv6 Socks proxy

[stroxor]

Ipv6 Socks proxy war on humans. The sentence may not make much sense (of humor) but think about it...

no way old man

get off my lawn

IPv6 is a dead horse

Yes, we pretty much have to make it work somehow anyway. Because the kids who cooked it up fucked it up and nobody seems to be able to do better. But it's still a dead horse. You can flog it all you want, it's still dead, Vint.

Re:IPv6 is a dead horse

[Dagger2]

Crazy idea: if nobody can do any better, then maybe they didn't fuck it up? Maybe they already did make it as good as it could possibly be.

Centurylink

[darkain]

I'm a Centurylink gigabit customer near Seattle with a static block of IPv4 addresses. Their IPv6 support is still only 6rd, which their implementation only works with a small handful of routers. Sadly, I just found out that my latest router is one that doesn't support it. STILL waiting on that native dual-stack support.

I firmly place all of the blame on the major ISPs at this point. Most have IPv6 dual-stack on their carrier networks, but are sluggish as fuck delivering the packets to the last mile for some ridiculous unknown reason?

Re: Centurylink

Because there's no monetary reason to do so.

Re:Centurylink

[Creepy]

CenturyLink still is using absolutely ancient infrastructure where I live, stuff they inherited from Qwest. With my city having an exclusive fiber deal with Comcast, that is unlikely to change anytime soon. They did update their DSL to 10Mbps, but Comcast was running multi-gigabit service last I checked. Personally I'd like to not do business with either company and am waiting for Gen V wireless - high speed and low latency.

Re:Centurylink

Does your router support OpenWRT? If so, you've got your 6rd support.

Re:Centurylink

...Most have IPv6 dual-stack on their carrier networks, but are sluggish as fuck delivering the packets to the last mile for some ridiculous unknown reason?

I take it you've never run a business before? That "ridiculous" reason is called resources, which their time and effort usually have to be justified.

We ran out of NEW IPv4 assignments in 2011. Obviously looking at the adoption rates and efforts of ISPs, that hardly means we were or are anywhere near FUBAR. The situation is more like SNAFU. Hell, it hasn't even been upgraded to TARFU yet.

Re: Centurylink

I was told that Seattle only has dialup and ISDN lines, was I lied to?

Thanks!

"Vint Cert Warns IPv4 Users: 'Time To Get With the Program' "

Nahhh I still disable it on all my home devices. I don't respond well to nagging and ridicule. If you're thinking of doing that, go fuck yourself. I do not care what you think.

Comcast Business

They tested IPv6 service about 7 years ago, but took away my IPv6 routers at the end of the trial period. All I have left are my static IPv4 addresses.

Re:Comcast Business

[WaffleMonster]

They tested IPv6 service about 7 years ago, but took away my IPv6 routers at the end of the trial period. All I have left are my static IPv4 addresses.

All static IPv4 Comcast customers get at least a static /56 allocation whether you know about it or use it or not. Check your Comcast business account portal. Assigned IPv6 network will be listed there.

Re:Comcast Business

Currently blank. When I called they said I had to upgrade my router to receive IPv6 service. But what's weird is I used to have IPv6 working just fine.

Agreed

[110010001000]

I'm in total agreement: at least move to IPv5 already, if you aren't ready for IPv6! Sticking with IPv4 is just being stubborn.

Re:Agreed

[DontBeAMoran]

I'm going to downgrade our internal network to IPv3.14159 just to piss off our administrators.

Re: Agreed

[stroxor]

And you should transcode your movies into Divx 3.11 (on pII) or better: VHS tapes and prepare for living in a cave with toothless blonde Neanderthal woman addicted to chewing mammoths skin full of worms.

We are not out of IPv4 addresses.

ISPs are just sitting on huge allocations of unused addresses making it appear they are all used up. If they were all used up there is no way that a subscriber to an always on connection like a cable modem would be able to sign up for new service. I don't see any ISPs that have suspended new sign ups cause they are out of addresses to give out.

Theres also the issue that IPv6 brings to the table of every device on your internal network now having an internet routable IP at it's interface. For the average joe blow who knows nothing about internet security this is a huge problem. All the devices on their LAN will be able to be probed and exploited remotely unless proper fire-walling is setup, of which I don't see many consumer routers having this kind of proper fire-walling built in.

At least with the IPv4 space and NAT, you got a pretty effective setup out of the box to isolate your internal network devices from the wild west of packets smacking against the WAN port of that router. I highly suspect that once IPv6 does take foot, we are going to be seeing a lot more remote exploits against devices.

Re: We are not out of IPv4 addresses.

Unfortunately, IPv4 allocation around the world is not equal. In the US or UK, there is no shortage because the major ISPs have more than they need, bought from the ridiculous allocations in the early days of the net (at one point Hewlett Packard had 3 class A subnets until they sold them off).

In other parts of the world, ISPs may have a single class C and all their customers are on cg-nat.

Re:We are not out of IPv4 addresses.

[FaxeTheCat]

ISPs use NAT to provide enough addresses. Services like point to point communication (things like Skype) is difficult because each device does not have a unique address.

And for the internet visible addresses: With IPv6 each subscriber can get as many addresses as is available on the whole internet today (or more). With random address assignment, scanning the address range of just one sunscriber will take as mush effort as scanning the antire internet today. So even if the devices are available, they will not be easy to find.

Re:We are not out of IPv4 addresses.

You don't have to scan the whole space, It wouldn't be that hard for someone to setup some rogue internet ads, gather up all the IPs that hit those ads, then target those IPs.

Re:We are not out of IPv4 addresses.

[sjames]

But with IP privacy, those addresses will soon become invalid. Meanwhile, with a simple firewall rule, they will be non-responsive anyway.

Re:We are not out of IPv4 addresses.

[Dagger2]

We probably won't. Devices having a public IP isn't a problem; just because you have a public IP doesn't mean it's possible to connect to it. ISPs provide routers that have firewalls, and the firewalls block inbound connections. Your "average joe blow" just plugs that in and they're fine.

What happens today is that people buy IP cameras, and then they go "hey, how do I view this from the office?", followed shortly by port forwarding to the camera or putting it in the DMZ. 30 seconds later, somebody finds the camera in a random port scan, because the v4 internet is tiny and it's very easy to exhaustively scan the entire thing. With v6, this isn't going to happen -- it's nigh on impossible to find devices by randomly scanning the internet, because it's just too big. Of course that doesn't make the device itself secure, but it should render random network scanning useless as a technique for spreading worms, which should improve the security of the internet as a whole.

Re: We are not out of IPv4 addresses.

As far I understand, IPv6 are not necessarily randomly assigned, they are derived from the deviceâ(TM)s MAC address. So, if you know the vendor of the device you are targeting, you can find the OUI (first 3 bytes of the MAC address). That leaves you with only 3 more bytes to guess / brute-force. .

Re: We are not out of IPv4 addresses.

[Bert64]

It also ensures the existing providers can lock up the market, because new upstarts cannot get any addresses, or can't get enough to provide a comparable service to the existing providers.

Re:We are not out of IPv4 addresses.

[Bengie]

Most are not "just sitting" on large unused blocks. They may have a lot of total unused IPs, but most of their blocks are in use. This idea has been addressed soooo many times before. Even if everyone spent the several years re-numbering their devices to consolidate IPs and messing with routing, they could give back 1-3 months of IPs. Spending a dollar to save a penny.

Re:We are not out of IPv4 addresses.

Nah, most people buying IP cams these days are buying something that uses the "cloud" and connects itself back out to the mothership. Likely anyone using a non-cloud IP camera these days has bought it for the reason of not wanting their potentially private security footage in the "cloud" and has some kind of friggin clue what they are doing with not opening it up to the world to see.

My guess is nearly ALL of the IP cameras you can pickup from the major brands in typical retail that consumers would shop at are "cloud" based cameras be it nest cams, arlo, etc. Sure you can still get the ones that just provide a standard RTSP stream that you connect your own NVR to, but those are going to generally be the more clueful users that purchase those kinds of cameras these days.

IPv6 was invented before NAT.

Now there IS no shortage of IPv4# any more, since the invention of NAT. The only reason for IPv6 now is total traceability and the ability to directly address any device... something most users do not want.

Re:IPv6 was invented before NAT.

[4im]

Spoken like a mere user. Those of us who've had to connect NATed enterprise networks via VPN, having to find common unused IP spaces, NATing around both ways to get machines from both ends to talk to each other, having to implement DNS zones, know just how wrong this is. IPv6 is a godsend, solving one hell of a lot of problems those of us actually working in networking have. Now, if only more of the management guys listened to us, we'd have moved on to IPv6 for quite a while.

Re:IPv6 was invented before NAT.

[vux984]

That's pretty ignorant. Because NAT creates very nearly as many problems as it solves.

And if users don't want a device traceable or directly reachable by ipv6 address you can still do NAT with ipv6 too if you want; you just don't HAVE to.

Re:IPv6 was invented before NAT.

[Z00L00K]

And that's a good reason for NAT and private addresses for IPv6.

In my home net I run fd00::/8 and when the ISP finally get their thumb out of their behind I plan to do a NAT of that.

Re:IPv6 was invented before NAT.

Another reason for sticking to IPv4 is using cheapskate VPN services that don't route the IPv6 address - they only VPN your IPv4. Nearly all of the free ones do that, and distressingly many of the public paid ones still do. Something to look for when evaluatiing VPN services... The only practical way around that, if your VPN has the problem and you can't or won't change, is to turn off IPv6 in the client computer before using the VPN.

Re:IPv6 was invented before NAT.

[Kjella]

That's pretty ignorant. Because NAT creates very nearly as many problems as it solves. And if users don't want a device traceable or directly reachable by ipv6 address you can still do NAT with ipv6 too if you want; you just don't HAVE to.

Users have little choice on being traceable, it's what the ISP offers. Why do we bother with dynamic IPs, DHCP leases and all that stuff? Because IPs were/are a limited resource and when we were on dial-up reserving an IP for every customer was excessive. With always-on/mobile broadband most devices are always-on and and the IPv6 address space is massive. While there are some laws in some countries to preserve IP-customer history it's usually not forever and it takes a warrant to access. With IPv6 it'd be totally possible to move to a static default, you are path::to::ISP::customerNumber::MAC and it's yours forever and everything you do is linked by default. That's worse than Microsoft's Advertising ID because you can't effectively turn it off and switching to Linux doesn't help. At best maybe you can fake a new device every time and make them think you're a coffee shop or something.

Re:IPv6 was invented before NAT.

[Creepy]

MAC addresses aren't fixed, so changing it and regenerating your IPv6 address would be a way to avoid being traced (most if not all IPv6 generators use MAC addresses as a parameter and a fixed algorithm, so regenerating it without changing the MAC will give you the same address every time). That said, it is much more of a pain in the ass than just going to a coffee shop and logging on when you want to be anonymous. Also with coffee shops you need to either move around or know to clear your IP cache or the fuzz will be able to trace back to you eventually.

Not a criminal, but worked on network security enough to know how to be invisible if I need to be.

Re:IPv6 was invented before NAT.

[Junta]

are use really using fd00::/8 or are you proeperly using a fd::/48 from that network?

Re:IPv6 was invented before NAT.

[williamyf]

And if users don't want a device traceable or directly reachable by ipv6 address you can still do NAT with ipv6 too if you want; you just don't HAVE to.

Originaly, the creators of IPv6 (and the IETF) did not want _anything_ to do with NAT.

Only because of pressure from users and vendors did they _finally_ gave in and defined NAT for IPv6.

Just look at the RFCs. IPv6 was declared a Draf Standard in 1997. The IAB emited an RFC (5902) "starting" to consider the Issue in 2010, and we got an experimental standard (RFC6296) in 2011, so, 14 years were NAT on IPv6 was simply NOT POSSIBLE.

Fact check first, say comments are ignorant latter.

Re:IPv6 was invented before NAT.

[Eravnrekaree]

Wrong. You could not be more off the mark here. A lot of applications rely on a peer to peer connection, it can include a gaming application, peer to peer video conferencing and so on. Having to pay for central server/cloud resources to proxy this stuff around would drive up the cost unnecessarily . It unnecessary wastes bandwidth and congests the networks, slowing things down, to have to transmit data through servers. The bottom line, we need more IP addresses. Most users DO want their own IP address even if they don't know what an IP address is, because the applications they use work much better with it.

Re:IPv6 was invented before NAT.

[mlyle]

> With IPv6 it'd be totally possible to move to a static default, you are path::to::ISP::customerNumber::MAC and it's yours forever and everything you do is linked by default.

RFC4941.

Re:IPv6 was invented before NAT.

[Tough+Love]

The financial services industry will NOT use IPv6 because multicast doesn't work properly on switches, there is no good way to filter unwanted traffic.

Re:IPv6 was invented before NAT.

[WaffleMonster]

Now there IS no shortage of IPv4# any more, since the invention of NAT. The only reason for IPv6 now is total traceability

As a user I want to be able to directly communicate with others without my communications being mediated by a centralized server owned by corporate stalkers and governments. NAT makes this very difficult to achieve.

There is a certain logic in hiding behind a single IP and thinking this does something for your privacy. In some ways it's true. In most ways that matter it's an illusion.

Most CGN implementations use a port mapping structure in which each user is allocated a logged predictable fixed subset of ephemeral ports. Source port can be logged by any server you visit and used to uniquely ID you vs. others using the same address even though everyone is behind a NAT with the same public IP.

Obviously the gambit at all layers of the stack from exploitation of DNS caches, TLS resumption, browser fingerprints, cookies and sessions applies to Internet users especially web users.

So for me given the choice in terms of freedom and privacy I chose IPv6. I can use privacy addresses if I want to thwart correlation within my network. Having a reasonable chance of directly communicating with peers is worth way more to me in terms of capabilities, freedom and privacy.

and the ability to directly address any device... something most users do not want.

What your saying is not only wrong but completely backwards. IPv6 is SAFER than IPv4.

The reality is there are no consumer IPv6 capable routers that don't do SPI by default. IPv6 SPI affords users more secure than IPv4 NAT due to absence of ALG and associated packet mangling codes.

Re:IPv6 was invented before NAT.

[Z00L00K]

In reality I have broken it down to a /64 with a random 40 bit and also a random 8 bit subnet part. But in order to not expose what I have on my local net I still prepare to NAT it.

I understand that people think that NAT is bad, but it's not always bad since it also offers the ability to hide what you have from your ISP and some ISPs would like to control and know what you have in number of devices etc. It's after all a privacy issue to use NAT, not that it's technically better.

Re:IPv6 was invented before NAT.

[WaffleMonster]

The financial services industry will NOT use IPv6 because multicast doesn't work properly on switches, there is no good way to filter unwanted traffic.

It's called RA Guard.

Re:IPv6 was invented before NAT.

[Tough+Love]

You don't know WTF you're talking about.

Re: IPv6 was invented before NAT.

What do you mean by âoemulticast doesnâ(TM)t work on switchesâ ? While there were a few issues with multicast when Ethernet switches where first introduced, those issues have long been solved. Just activate IGMP snooping and you are done. By the way, even on old switches that lack support for IGMP, you could still force Ethernet frames with multicast destinations to be flooded to all ports. Multicast is much more flexible than broadcast.

Re: IPv6 was invented before NAT.

[Tough+Love]

IGMP is not an ipv6 protocol.

Re:IPv6 was invented before NAT.

[Junta]

Ok, was just seeing if people were using ULAs incorrectly. As designed it means pretty much never having to have the headache of a conflict when somehow getting routed to another private network, though for most people in practice I have been afraid the required 40 bits of random would exacerbate "I can't type this" sort of problems.

I think I'm less worried about people who know enough and take the time to properly do ULA addressing on their network not NATing than I'm worried about the family who buys a random cheap gateway and turns it on not setting up anything. Today that cheapo device can't help but to effectively firewall that user off for lack of a subnet, but for the default for the random endpoints to get globally addressable addresses *and* the chances of that device bothering to have a properly configured firewall... wel...

Re:IPv6 was invented before NAT.

[F.Ultra]

On the other hand the networks where we in the financial industry use multicast is all over private lines anyways so address contention is not a problem there and thus IPv4 is no problem there either.

Re:IPv6 was invented before NAT.

[anon+mouse-cow-aard]

IPv6 is BETTER from a traceability perspective (harder to track than IPv4), you are completely wrong on that. It isnt a conspiracy. IPv6 used to allocate traceable addresses, but it hasnt done that for a decade or more. With IPv4 NAT at home, they trace to your house (which has one public IPv4 Address) with NAT at any building, whoever runs the network can tell what your MAC address is and identify you. On your phone, the phone company has your IMEI and you are completely traceable as well. It is easy for governments to spy on people with the current tech. (all the above stuff is what Snowden and friends refer to as *metadata*)

IPv6 doesnt change much of that, but it adds the ability for true peer-to-peer connections, and allows the use of larger pools to pick addresses from, making it much harder to do network mapping. IPv6 isnt about privacy, but it doesnt make anything worse in that regard, and in some ways it makes it harder for spies.

Saying IPv6 is for traceability is the networking equivalent of being and anti-vaxxer.

Re:IPv6 was invented before NAT.

[Tough+Love]

Right, you got it. The same argument applies to data centers and nearly everywhere else that tech investment is really concentrated.

Re:IPv6 was invented before NAT.

[vux984]

" Why do we bother with dynamic IPs, DHCP leases and all that stuff? Because IPs were/are a limited resource and when we were on dial-up reserving an IP for every customer was excessive."

You aren't entirely wrong. But the bigger reason for dynamic IP and DHCP was simply convenience. Grandma didn't need to know her IP address to use the AOL CD.

IT people could centrally manage desktop and laptop IP allocations for subnets and etc without having to program it into each PC.

When laptops came along, DHCP allows you move around and connect to different networks with a minimum of hassle.

It wasn't really primarily about ip address space limitations; although, yes, that certainly was a factor, especially in the later years.

"With IPv6 it'd be totally possible to move to a static default, you are path::to::ISP::customerNumber::MAC and it's yours forever and everything you do is linked by default"

Yes, it would be *possible* to do this. But that's really not much of step beyond what they can already do for most cable, dsl, and fibre users, where the addresses are 'dynamic' but often remain stable for years and only get changed when services / infrastructure are changed.

And with ip v6, it would still be trivial to use VPN proxies, use random macs, and connect from public wifi APs.

ISPs *may* also go the other way; and flip the script, and NAT your ipv6 address by default. Then they can sell targeted advertising. If they gave you a global static public ip address by default -- like you said that's great advertising id... why would they give that away when they could sell it?? :)

Also, static is usually an upcharge today -- not just because of limited ip address space. (consider that whether you are on dynamic or static; and you are using cable/DSL/fibre you still need an ip address dedicated to you pretty much 24x7 so the demand on the ip pool is the same) but they charge extra for static because you need it to more easily run servers etc; and that won't change with ipv6. So again, static-by-default is giving up a revenue stream -- because some customers will need static and will pay extra for it.

Finally, even if the ISP went static by default, all you have to do is hire an ipv6 VPN service, and you are back to the same level of privacy you have now. To the outside world you originate at the VPN, and anyone who wants to know who you are will need to subpoena the VPN provider for logs. Obviously that won't work in a regime that both requires static ip and bans the use of VPNs... but if you live under such a regime you have a political problem not a technical one.

Re:IPv6 was invented before NAT.

[vux984]

"Originaly, the creators of IPv6 (and the IETF) did not want _anything_ to do with NAT."

Yes and?

"Only because of pressure from users and vendors did they _finally_ gave in and defined NAT for IPv6"

So ipv6 does NAT. Which is what I said.

"Fact check first, say comments are ignorant latter."

What was there to fact check? The comment was ignorant. Ipv6 does nat. And not only is it there, but its there precisely because of heavy pressure from users and vendors. That's a good sign that its not just going to be there, but that it will actually get used.

not really true

We haven't "run out" of IPV4 addresses. Not even remotely so.

A good comparison would be land. There was a time, even within the last 50 years -- where one could (for example) 'stake out' land in Canada. You'd head to unclaimed land, put up your fences, work it and use it -- and in 5 (or 10? it's been a long time since I read up on this), the land would officially be yours.

This is closer to IPV4 realities, than not.

Why?

Because, IPV4 used to be *free*. You needed netblocks, you got netblocks. You request, and they were delivered.

Then they became non-free. Much like land in Canada, you can't just take it and use it, nope -- you have to buy it from someone.

A lot of that goes around, too. One corp selling to another. CorpA leasing to subscribers. ISPs selling additional IP addresses / month, for a fee.

If we had really "run out", I would have to WAIT to connect to the internet. Or, I'd be stuck behind a NAT device (I'm not), because my ISP had to aggregate clients because they had no free IPs.

Truth is, there's loads and loads of IPV4 laying around.

Otherwise, why would people be saying WE'RE GOING TO RUN OUT! for TWENTY FUCKING YEARS, and there's still a shit-tonne of IPs left.

Hmm?

Eh?

Hum?

Bah!

(And yes, SNI alone helped a lot... but that's not the point. Or maybe it is -- because, it's an example of "look -- there's gold all over the ground" and now "we have to dig for it, maybe we'd better use gold more wisely")

I bet in 2050, we'll still primarily be IPV4.

Re:not really true

Do you think people will still be using napkins in the year 2050? Or is this mouth vacuum thing for real?

Re:not really true

[DontBeAMoran]

It is when I'm eating Munchos. It's like I'm inhaling these damn things!

Re:not really true

[WaffleMonster]

We haven't "run out" of IPV4 addresses. Not even remotely so.

A good comparison would be land. There was a time, even within the last 50 years -- where one could (for example) 'stake out' land in Canada. You'd head to unclaimed land, put up your fences, work it and use it -- and in 5 (or 10? it's been a long time since I read up on this), the land would officially be yours.

This is closer to IPV4 realities, than not.

Why?

If you think IP addresses should be treated as a limited resource and priced by the market accordingly then of course you're right. Chances are YOU can afford to have an IP address. Therefore they are not scarce for you.

Yet from a global perspective there are more Internet users coming online than publically routable IPv4 addresses. Basic math would seem to indicate there are not enough addresses to go around.

If we had really "run out", I would have to WAIT to connect to the internet. Or, I'd be stuck behind a NAT device (I'm not),

Good for you. Population of Internet users will soon be a much much higher number than publically routable IPv4 addresses. Others are today not so lucky and this problem only grows worse with time.

Even if you assume all server infrastructure has no IP addresses allocated to it and 100% efficient distribution of IPv4 to end users only there are still NOT ENOUGH IPv4 addresses for everyone.

I bet in 2050, we'll still primarily be IPV4.

I bet IPv4 at least in terms of public Internet is shut down in its entirety by 2050.

Re:not really true

We haven't "run out" of IPV4 addresses. Not even remotely so.

...

Truth is, there's loads and loads of IPV4 laying around.

That is VERY true, for up at least till about 10-15 years ago it was much easier for telcos and ISP's to simply acquire new blocks than clean up old uneffectively used blocks they already had. And the end result of this is that there are plenty of sparcely used or completely unused blocks that can be recycled to new use.

I was an founding member building from ground up an ISP which operated from 1996 to 2005 when we sold it. We had a dozen fairly large IP-blocks in use, before we got those more permanent blocks we used seven bit smaller blocks my name as contact from upstream providers. Once we got 2002 our own blocks from RIR we turned up the smaller blocks. Now that's 16 years ago and quess what? Both of the upstream providers (telcos) haven't even updated WHOIS registry and removed our contacts. They do advertise blocks with BGP so that blocks appear like they were used with their AS's but actually they aren't using those at all besides route adverstisements. I do know that there are still blocks from companies that went bankrupt and WHOIS records still shows after decade those blocks being used by them, but actually aren't similarly being used by anyone.

Around 2010 when I realized that that was still the case I tried contacting both and ask them to fix at least WHOIS records, but that got nowhere they were not interested and it appeared clearly that it was in their interest to show them used by customers so that they could still ask more address blocks from RIR. It's quite obvious that's exactly what they have planned long time ago. Hoard as much addresses as possible and then possibly use themselves later or monetize by selling later.

In my opinion there should be obligatory IP usage audit and blocks that were given free, but are not proved to being used would be were taken back. And with a decent audit, not just some mock audit without any real credibility we were selected couple of times our local RIR.

Re: not really true

That says a lot about you. Those chips are disgusting.

Re: not really true

We've heard this same arguments for 20 fucking years. Give it up already. Either depreciate v4 and implement v6 or Stfu.

Stop trying to scare monger users. It isn't fucking working.

Re:not really true

There ARE enough, for *now*. Otherwise it'd be like housing in CA and the price would be skyrocketing due to the increasming demand pressure of those who can't get an IP or a house. If allowed, the flip to IPv6 will occur as soon as the price delta on this demand can pay for it, or make it worthwhile. Or we could artificially prevent IPv6, like CA does with housing starts, and THEN you'd have an argument.

Re:not really true

[WaffleMonster]

If allowed, the flip to IPv6 will occur as soon as the price delta on this demand can pay for it, or make it worthwhile.

In functioning market based systems if you can foresee increased demand or a looming shortage you don't just wait passively by doing nothing until problem hits before reacting. Nobody concerned has any desire at all to be subject to negative consequences of reasonably avoidable problems.

This is simply not the way people who conduct business and still expect to remain relevant behave.

Re:not really true

[thegarbz]

Because, IPV4 used to be *free*. You needed netblocks, you got netblocks. You request, and they were delivered

Wow ignorance at its best. No you needed netblocks for actual technical reasons, the main one being that routing tables had to be efficiently sliced in order to maintain a performant network.

If we had really "run out", I would have to WAIT to connect to the internet. Or, I'd be stuck behind a NAT device (I'm not), because my ISP had to aggregate clients because they had no free IPs.

And yet the default for pretty much every new connection is to be stuck behind a NAT, just like your phone is stuck behind a NAT because there's not enough IPv4 addresses out there to give everyone a unique one. But you can comfortably say that from your position of privilege, high on your horse that you rent from someone who actually owns lots of one of the resources you claim aren't running out. Back in the real world we pay extra to get an IP address.

Truth is, there's loads and loads of IPV4 laying around.

There's also loads of parcels of land unfenced and unclaimed by anyone. But just because that narrow pathway between two houses doesn't have a private owner doesn't mean it's big enough to meaningfully build a house on, and like IPv4 addresses, doesn't mean it can't just be moved to where it suits you best. You want a land analogy, imagine the poor postman delivering to houses number 1-15 in Bad Street in the suburb of Analogy, only to find that number 6 Bad Street isn't actually in Analogy at all, but rather in Bumshart, Nebrahoma.

Otherwise, why would people be saying WE'RE GOING TO RUN OUT! for TWENTY FUCKING YEARS, and there's still a shit-tonne of IPs left.

I know, and it snowed last year so global warming is a lie. No matter what the topic, ignorance truly reigns supreme.

I bet in 2050, we'll still primarily be IPV4.

I call! No I raise. Google graphs of IPv6 usage. They follow a 3rd order curve and we will be above 50% IPv6 usage in only a couple of years. Assuming it didn't taper off (which it will) we will be 100% IPv6 in 2025, but we won't be. We will however be primarily IPv6 in 2025. Just like denying global warming doesn't stop the world from warming, denying the IPv4 address space has been exhausted won't stop investment into the alternative.

By the way you know what else is expected to happen in the next couple of years? Routing table sizes are expected to exceed the memory capacity of many BGP routers. A lot of older routers are about to be relegated to the scrap heap thanks to your supposed non-problem.

Clinton backed ipv6

is all you need to know. ipv4 forever, you fucking libtards.

Re:Clinton backed ipv6

[duke_cheetah2003]

Is this segment of the population just hell bend on NO PROGRESS for anything or anyone? Seriously, shut up.

RFC1918 & PAT

[js290]

RFC1918 and port address translation effectively dealt with the IP address problem without the additional complexity of IPv6. IPv6 isn't just "IPv4 with more IP addresses."

Re:RFC1918 & PAT

[Z00L00K]

That's probably the biggest problem with IPv6 - an attempt to solve more than what's really necessary with one blow.

Re:RFC1918 & PAT

[Tough+Love]

That's probably the biggest problem with IPv6 - an attempt to solve more than what's really necessary with one blow.

That and not making the slightest attempt at backward compatibility. Like those guys lived in an ivory tower or something.

Re:RFC1918 & PAT

[Dagger2]

I'm confused. Where do you get the idea that they made no attempt at backward compatibility? We have 6to4, Teredo, NAT64+(DNS64/464XLAT), 6rd and DS-lite, we have standard APIs that work with both v4 and v6 addresses interchangeably and you can run the two protocols in parallel on the exact same networks and hosts and they won't interfere with each other. What part of that comes under "no attempt at backward compatibility"?

Perhaps you mean that you can't make connections from unmodified v4-only hosts to v6-only ones, but that's impossible because of the pigeonhole principle, and it would be a little unfair to criticise v6 for not doing something that's impossible.

Direct connectivity is impossible, and any attempt at working around that results in something that looks like one of the transition techs that we already have. So what more could they possibly have done?

Re:RFC1918 & PAT

[WaffleMonster]

That and not making the slightest attempt at backward compatibility.

Are you joking? There have been countless RFCs dealing with compatibility from every which way. How many more do we need?

https://en.wikipedia.org/wiki/...

IPv6 day was the grownups sending a pretty clear message that clowning around with transition schemes were no longer appreciated. They demand a production quality IPv6 network at least as capable and reliable as IPv4.

This means all of these crummy tunneling overlays ended up being unused, unappreciated and ultimately rather pointless.

Like those guys lived in an ivory tower or something.

Ivory towers full of pigeon poop I bet. At least they appreciate the pigeonhole principle.

Re:RFC1918 & PAT

[Tough+Love]

IPv6 day was the grownups sending a pretty clear message that clowning around with transition schemes were no longer appreciated.

Typical ipv6 goon, patronizing. Yah, that's going to work. News for you: ipv6 mafia are the clowns. Not just my opinion.

Re:RFC1918 & PAT

[Tough+Love]

I'm confused. Where do you get the idea that they made no attempt at backward compatibility?

Other than it being a layer 3 protocol, ipv6 is incompatible with ipv4, please don't act stupid. As a protocol ipv6 is completely incompatible with ipv4. Must I express this in words of fewer syllables?

Re:RFC1918 & PAT

[WaffleMonster]

Typical ipv6 goon, patronizing. Yah, that's going to work. News for you: ipv6 mafia are the clowns. Not just my opinion.

Don't shoot the messenger. It's what content wanted. Google counts milliseconds of latency in terms of millions of dollars in lost revenue.

To them it is either native IPv6 with similar reliability and capability or IPv4. They are not interested in losing money on tunneled overlay schemes. This reality is something many "IPv6 goons" had no appreciation for. Goons only cared about clever ways to get everyone IPv6 with duck tape and bailing wire if need be as soon and as fast as possible. The "goons" were laughed out of the room by big content.

Re:RFC1918 & PAT

[Dagger2]

I just went over a bunch of ways in which it isn't incompatible. Do those not count?

Perhaps you could explain how it could've been made any more compatible than it already is? I don't mind how many syllables you use, so long as you describe something that would actually work.

Re:RFC1918 & PAT

[Tough+Love]

In the ways that count, ipv6 is incompatible. As everybody says, but you.

Re:RFC1918 & PAT

[Dagger2]

Alright, let's go with that for now. The next question is: what could they possibly have done about it?

v4 isn't forwards compatible, and doesn't support anything more than 32 bits of addresses. This is ultimately a flaw in v4, and there's nothing that v6 could have done to avoid it. What should the designers of v6 have done to avoid this problem? What changes could have been made to make it backwards compatible?

Re:RFC1918 & PAT

[Tough+Love]

Alright, let's go with that for now. The next question is: what could they possibly have done about it?

They could have banned Vint Cerf from the steering committee, great start. Then get down and seriously figure out the least painful way to extend the IPv4 address space. Too hard for Vint Cerf to comprehend, apparently. Maybe you also unless you are just being disingenuous, which is a distinct possibility.

Nobody said anything about forward compatible, do you know the difference? (I doubt it.)

there's nothing that v6 could have done to avoid i

Intellectually embarrassing claim for you to make.

Re:RFC1918 & PAT

[Bengie]

IPv4 is non-extendable in any useful way. That RFC is about as much of a joke as https://tools.ietf.org/html/rf... Computers must look like magic to you. If someone can't get something done, they must not be waving their magic wand hard enough.

Beyond brainstorming, anyone who takes extending IPv4 seriously should not be in change of anything related to networking. It's not an ivory tower issue. It's the limitations of logic in our Universe.

Re:RFC1918 & PAT

[Tough+Love]

IPv4 is non-extendable in any useful way.

Says who, you? A bald assertion without support.

That RFC is about as much of a joke as...

That RFC was the first draft of IPv6, before a lot of the really stupid stuff got put in. Feel dumb? You should.

Beyond brainstorming, anyone who takes extending IPv4 seriously should not be in change of anything related to networking.

Nobody who has anything to do with technology should listen to anything you say, you have adequately destroyed your credibility. Typical IPv6 fanboi... thinks it's great and everybody should do it, but isn't sure why. Is sure that nothing else could possibly be better. Likes to trot out talking points spammed by the IPv6 mafia. Doesn't know how do to anything else.

Re:RFC1918 & PAT

[Dagger2]

Perhaps you could spend less time insulting me (and Vint Cerf; what on earth did that man do to you?) and more time answering the question.

Dumping 80 pages of whitepaper on me isn't very reasonable, but okay, I went through it. The interesting part of RFC1710 looks like section 5. However, section 5 doesn't describe any backwards compatibility that "counts", under your definition. It describes SIPP versions of dual stack (element 1), 6to4 (element 2), dual stack again (element 3), NAT64 (element 4) and I'm not sure about element 5 but it says "does not look like it will be needed" so I'm not sure the mechanism there was ever even developed.

Dual stack, 6to4 and NAT64 are all things that we have already in v6, and I argued above that they are backwards compatibility, but you claimed that they weren't "in the ways that count", and I agreed to go along with that for the time being. So... by your own definition, these don't count.

Presumably, then, you weren't referring to section 5 of RFC1710 when you linked me to it. Could you tell me which sections of the RFC you were thinking about, that describe a method of backwards compatibility that counts under your definition? Or perhaps just describe the mechanism itself?

(I also went through the first few sections of the IPAE whitepaper, but again it doesn't seem to describe any mechanism that would qualify. Again, if I'm wrong then please point me to the relevant part.)

  >> there's nothing that v6 could have done to avoid i
> Intellectually embarrassing claim for you to make.

The claim is essentially the pigeonhole principle, which isn't intellectually embarrassing in the slightest. You clearly believe the pigeonhole principle is either wrong or can be sidestepped here, but your inability to articulate how is doing a poor job of convincing me that you know how, or even that such a method exists.

(Of course it can be sidestepped with methods like 6to4, but we need a method that "counts", and so far you haven't been able to describe one despite being given ample opportunity to do so.)

Re:RFC1918 & PAT

[Bengie]

IPv4 is non-extendable in any useful way.

Says who, you? A bald assertion without support.

I don't need support, it's a logic problem. I don't feel a need to disprove 2+2=5. I'll give you the benefit of the doubt and assume you're trolling.

/sigh Last attempt, in case you're not trolling. Riddle me this. How do you change IPv4 without changing IPv4? This is what you're advocating. The IPv4 extensions are not transparent, they require updating many devices and have translation devices in front of other devices that cannot be updated. If you're going to go through all of the hassle to update most devices, why not just throw it out and start over rather than making a cluster fk of a protocol?

If you think IPv6 is bad, an extended version of IPv4 will be 100x worse. The only benefit is the transition might kind of be better, but the end result will be a festering pile of crap. IPv6 is the bite the bullet, do it right, way. It may not be perfect, but perfect is impossible for the scale of IP.

I feel so dirty for continuing this argument. Like I'm arguing with a flat earther.

Re:RFC1918 & PAT

[Tough+Love]

I don't need support, it's a logic problem

But your logic is lacking, so you need support.

By claiming that IPv4 can't be extended you are the flat earther. IPv6 is already an example of such an extension, it's just a crappy one that alienates millions of users with its stupidly long addresses, NIH way of doing everything needless incompatibility with IPv4 address space and many other bizarre details. If you don't know how those issues could have been ameliorated, then you should fucking get down off your high horse because you are incompetent. Sheesh, you sound like a Vint Cerf clone, and that is how we got into this big sticky expensive mess. You are the problem, you are the flat earther. And yes, I feel more stupid after discussing this with the likes of you.

Re:RFC1918 & PAT

[Dagger2]

The logic is pretty well-supported: v4 is limited to 32 bit addresses, so there's no way for it to specify which v6 host it wants to communicate with. That, right there, kills your ability to do perfect backwards compatibility. There are some ways around that limitation, but v6 implements those ways and you already dismissed them as not counting further up.

If you think it's possible to do full backwards compatibility in a way that you'd accept, then you could easily convince us by just describing a way to do it (a valid way, one that works and doesn't have the limitations of the existing ways). The fact that you can't -- and then call us incompetent, as if it was our fault that you can't answer -- just makes it more and more obvious that you don't actually have a way to do it.

Re:RFC1918 & PAT

[Tough+Love]

That, right there, kills your ability to do perfect backwards compatibility.

That's where you fall off the rails and descend into a morass of wankery, right there. Perfect is the enemy of good enough. Users can deal with erring out because of not upgrading their network stack yet, after all that's exactly where IPv6 started. Effective workarounds include tunnelling and NAT, as you know (but probably will pretend not to know). The asshattery that you are promulgating is that, now breaking everything is justified, including not even trying to embed IPv4 in the IPv6 space, and a huge pile of other saliva drivellingly bad misbegotten design features. Sad to see that Steve Deering, former sensible designer of multicast, went on to become a central figure in the IPv6 debacle, how did that happen? He should have known better.

Re:RFC1918 & PAT

[Dagger2]

I already mentioned, multiple times, tunnelling and NAT as viable backwards compatibility options that are already available in v6, but if you remember, I asked you if those counted and your response was "In the ways that count, ipv6 is incompatible" and you called me stupid for mentioning them as a way to do backwards compatibility.

That's why I've been asking you to tell us your idea for making it compatible in a way that you consider as counting -- because as far as I can tell it's not possible to do, and I don't think it's fair in the slightest to blame v6 for not doing something that's not possible in the first place. Or are you now admitting that 6to4 and NAT64 actually do count as backwards compatibility?

Embedding v4 into the v6 space is easy enough, but how does that get you backwards compatibility? We already have ::ffff:<v4 addr> which does the embedding, but how do you enable two-way communication? If you could somehow also embed v6 into the v4 space then it'd be pretty easy, but there's not enough space in v4 to do that (if there was we wouldn't need v6 in the first place).

This post is either the 4th or the 5th time that I've asked you to describe a way of doing backwards compatibility in a way that would satisfy you. I think it's about time you either did so, or admitted that v6 is already doing the best backwards compatibility that it can given the constraints that it's working under.

Re:RFC1918 & PAT

[Tough+Love]

Look, IPv6 is a monumental failure, that is not in doubt, and you are an apologist for it. We both know what the addressing issues are, and we both know what the solutions are. Just give up on the wanking about perfect forward backward compatibility please. You are wasting your own time, and mine. Bye. Hopefully forever, and enjoy you IPv6 island with nobody on it.

Re:RFC1918 & PAT

[Dagger2]

It sounds like you've done a 180 and now agree that v6's backwards compatibility does in fact exist and works well enough, even though it doesn't and can't work perfectly (like I pointed out at the beginning and have been pointing out the whole time). That's good to hear, even though your attitude sure doesn't suggest you've realized that you've done it.

Incidentally, I posted this from a machine that only has v6. Slashdot works fine from this machine, and in fact I've yet to find a website that doesn't work from it. How is that an island, any more so than NAT44 already is?

Re:RFC1918 & PAT

[Tough+Love]

It sounds like you've done a 180 and now agree that v6's backwards compatibility does in fact exist and works well enough

No, IPv6 backward compatibility with IPv4 is crap as everybody knows, even if you admit that dual stack is a valid and sensible thing, which I do not. And to avoid outing yourself as a disingenuous prat, please admit that dual stack should never have been necessary for migration. And now we will never be rid of it. But being rid of you would be nice, if you are completely unable to admit the obvious and insist on defending the indefensible, an intellectual crime.

Re:RFC1918 & PAT

[Dagger2]

So you at least agree that it exists, and neither of us have been able to come up with any better ways of doing it so it seems likely that it's about as good as it can get. I guess you can argue it's not good enough, but if it can't be made any better then you can't really criticize v6 for not making it any better. (Instead, criticize v4 for not allowing any better mechanism.)

I'd say that dual stack never was necessary. It has always been possible to remove v4 from your network; v6 doesn't force you to keep it. The fact that I'm running a single-stack v6 desktop right now, with access to v4-only sites, demonstrates that. It's just that it's the only real way to keep existing v4-only software and devices working, and if that's something that you care about then what better choice do you have? If you do in fact have a better option then I'm all ears, but I'm not sure what you could possibly do that would work with existing v4-only stuff.

464XLAT support in OSs would've been, and would still be, really damn useful for dealing with v4-only software, but that doesn't help v4-only devices.

Re:RFC1918 & PAT

[Tough+Love]

neither of us have been able to come up with any better ways of doing it [more of the same blather]

You don't know that, but what both of us do know is that you are not willing to even try, the only question question is, what is the out-of-band reason why? Because your position is surely not based on any deep analysis, or if it is, then you suck at tech and should probably find another job. Sales maybe, or sanitation engineering.

Re:RFC1918 & PAT

[Tough+Love]

Obviously, you deal with the IPv4 devices on your network just the same way as always, by talking strict IPv4 to them. You arrange things so that they ignore any packets with extended addresses, even running the bad old 32 bit stack. But with an updated stack, the additional address bits are recognized and routed. Note: this is *not* dual stack, it is "extended stack". This is what IPv6 should have been, but the genius ivory tower guys, politicians, and anti-nat Nazis had their way with it, leading predictably to the current fiasco.

Re:RFC1918 & PAT

[Dagger2]

I'm willing to try, and I have tried, but I very quickly hit the pidginhole principle and I can't think of any way around that other than the ways that we are already using. I've gone over other people's suggestions too, but they generally either don't work or they suffer from the same issues that v6 already suffers from.

And you're right, I don't know that you haven't come up with anything. I just don't get why you'd keep it to yourself if you had.

Re:RFC1918 & PAT

[Dagger2]

Ah, so you did have the start of an idea... but I'm not really seeing how it differs from dual stack. It looks like you're suggesting to have an unmodified v4 stack to handle talking to v4 hosts, plus an "extended v4" stack to handle talking to v6 hosts. Or perhaps you're suggesting combining them into the same piece of code, but even if you did that, so long as you're using two different addresses and are talking two different wire protocols then it's still effectively dual stack. Calling it something different doesn't help.

How does your suggestion let v6 hosts talk to v4 hosts? "By using v4", okay. How does it let v4 hosts talk to v6 hosts? I don't see a way of making that work that isn't "by using v6". And how do routers handle routing it? Again it seems to require that the router do v6. If there's a difference in the backwards compatibility afforded by this vs by dual stack, I'm having trouble seeing it. What's the difference that I'm missing?

Re:RFC1918 & PAT

[Tough+Love]

Ah, so you did have the start of an idea

Fuck you. I have looked at it in detail, unlike you, and I am the not only one. When you have done at least some basic homework, get back to me. Your empty rhetoric in place of technical knowledge is just too irritating.

Re:RFC1918 & PAT

[Dagger2]

What I meant was, you didn't seem to have followed it through to the conclusion. It's easy to say "obviously you arrange things so that", but when you start trying to work out what the wire protocol will look like in order to do that, it seems to me that it's going to look very much like v6 already does. (If not, feel free to explain how you'd do it.)

Re:RFC1918 & PAT

[Tough+Love]

We already followed IPv6 through to conclusion: dual stacks to the end of time. That is, in a word, failure. You conflate dual stack with extended protocol. These two things are not the same. If you think that they are, and you presume to waste internet bits with your ignorant spam about it, it just shows that you are too stupid to be entrusted with anything of importance. I hope that you are just an armchair asshole, and not an actual actor in this sad tale of software misengineering.

Obligatory

[DontBeAMoran]

Would someone tell me how this happened? We were the fucking vanguard of networking in this country. The IPv4 was the IP to own. Then the other guys came out with TCP. Were we scared? Hell, no. Because we hit back with a little thing called DNS. That's IPv4 and easy to remember english names. For usability. But you know what happened next? Shut up, I'm telling you what happened—the bastards went to IPv6. Now we're standing around with our cocks in our hands, selling four numbers and names. Usability or not, suddenly we're the chumps. Well, fuck it. We're going to IPv12.

I'm all for using it.

I'm all for using ipv6, I think it's better, everyone should prefer it -- just don't mess with ipv4 users. Don't come saying it's obsolete when it still can work.

I'm all for Unicode, but ASCII has practical uses.

I'm all for country-code based top level domains -- just let's not mess with working [.com]s.

I'm all for 64-bit -- use it if you can and have RAM by the gigabytes... why not, it's cheaper these days... also, if it's costly, just drop the 32-bit version, if it's your call. Just don't campaign or annoy those who offer 32-bit in their own distros. Don't force new hardware on those for whom their existing ones work well.

Still no ISP support

I can't help it if my ISP still doesn't offer IPv6. They just assigned an IPv4 address permanently to all customers and figured "there, it's fixed".

Azure

[watermark]

Chicken and egg. In Azure, the only way you can get a public IPv6 address is by using a load balancer. You can't just put a single VM up on IPv6. Even if some other provider does offer better IPv6 support, Azure is #2 atm, so they'll need better IPv6 support as well.

Re:Azure

[Junta]

There are a lot of little services and facilities that still don't quite work right or fully with IPv6.A lot of these were problems in IPv4 as well, but they *had* to be solved. IPv6 on the other hand, people just shrug and use IPv4 where things are fixed.

Still not worth it, still not easy to use

NAT is going to be around for the next 50 years.

"Vint Cert" in the title?

Editors, at least check your TITLES for blatant typos before posting. 'Time To Get With the Program' ...

Tell the ISPs, not the users

[duke_cheetah2003]

My ISP doesn't give me IPv6 connectivity. So I'm sunk.

Re:Tell the ISPs, not the users

[MrL0G1C]

My ISP isn't even offering IPv5 yet, let alone IPv6.

Security with ipv6

I suspect that many of the security breaches we read about every other day are due to people not knowing how to properly secure ipv6. Maybe I'm wrong but I don't see many easy to use tools for ipv6 and average users need them.

I disabled ipv6 in my sysctl file and DROP all input, forward, and output in ipv6tables. I haven't had any problems at all.

Give me IPv6 NAT or Give Me IPv4 (with NAT!)

I have yet to meet a single competent CSO that will let IPv6 any further than a public DMZ or the outside of a corporate firewall.

Corporations hold onto NAT for reasons that are real, not imagined, and not easily overcome by smoothly worded IPv6 talking points.

If obscurity was not an effective part of security why do real security standards demand the obfuscation things like SSNs, Credit Card numbers, Bank Account numbers, etc? Why does Google block out zones on Google Earth when governments ask, And why are so many Police Officers afraid to give their real names to the public while serving in the line of duty?

Absolute identity has consequences. Many time the full risk of full exposure falls well into the realm of unintended consequences.

Re:Give me IPv6 NAT or Give Me IPv4 (with NAT!)

[WaffleMonster]

Corporations hold onto NAT for reasons that are real, not imagined, and not easily overcome by smoothly worded IPv6 talking points.

NAT is a security risk.

When's Slashdot going to IPv6 ?

[Mozai]

$ dig tech.slashdot.org aaaa
tech.slashdot.org. 59 IN CNAME www.slashdot.org.
$ dig www.slashdot.org aaaa
(no answer)

Re:When's Slashdot going to IPv6 ?

[Un-Thesis]

IPv6 support will be added right after editing posts and UTF-8 support.

Interesting Essay on IPv6

[ewhac]

The World in which IPv6 Was a Good Design. I found this brief history on IP and Ethernet to be quite informative. It also suggests a possible way forward for mobile IP (by basically putting another layer on top).

Re: Interesting Essay on IPv6

Real good read. Thank you for linking that.
I learned a lot.

Stupid people hate IPv6

A stateful firewall is exactly the same as IPv4 nat. Firewall solved.

Long addresses? Please. What is dns for? Why does bind support dynamic dns? Idiots complaining about IPv6 not being memorable needs to get out of the kitchen.

Privacy extensions, solved. Yet you still have eg cookies at the http level. You use Facebook and google. Static IPv6 assignments are not an issue in comparison.

RFC1918 addresses fucking suck for VPN.

Imagine you connect to your workplace VPN. You use a /24 in 10/8. Your work place uses the same /24. You are going to have issues...

Nat is an ugly hack and needs to die. Anyone advocating Nat over IPv6 is an uneducated fear mongering idiot who knows fucking nothing about networking or firewalling.

Unfortunately these idiots are in key roles at 99% of ISPs.

Also IPv4 really is exhausted. Itâ(TM)s done. Want to start a new business or isp needing ip space? Enjoy your max 1024 IPv4 addresses from your RIR. Then pay a premium to buy on the market.

Getting your final /22 from your RIR can get you a /48 to /32 of IPv6 space. Same price.

At this point anyone not jumping in is effectively stifling growth of the internet. Anyone arguing against IPv6 is a Luddite and is probably scared of the big hex numbers.

Re:Stupid people hate IPv6

Are you late for finals or something? You clearly have never worked in a real environment. The problem with IPv6 is that the creators didn't just fix the problem that existed (needing more IP space), they tried to take something that wasn't broke (well defined subnets and NAT) and force an ugly solution on top of it. Routing in IPv4 space is already error prone enough. Creating a new system, where the addresses are somewhat nonsensical and any of them could be internet routeable unless they are carefully managed is insanity.

Re: Stupid people hate IPv6

Nat not broken?

Clearly itâ(TM)s you who has their head up their own arse.

If you think Nat isnâ(TM)t broken, and overlapping rfc1918 addresses is a good thing, you really are a short sighted incompetent Luddite living in a bubble world.

If you actually do work in networking, you are part of the problem.

Re: Stupid people hate IPv6

Do you even CIDR? I bet you cannot subnet to save your own life.

Pro tip: cidr is cidr. The same principals apply for both v4 and v6.

Vinton Cerf and Robert Khan messed up

[williamyf]

And now is up to us to pick up the pieces.

They simply made the address field too small.

And do not but that "this was an experimental network, we couldn't have known" weasel-talk.

You see, about the same time Vint and Bob were working on their little 4 Bytes in the Address Field protocol (1981), Other people were also working on similar protocols.

Some Guys at OSI were working at CLNP, and guess what? That has 20 (5 times more!) Bytes in the Address Field...

Some other guys at Xerox were working on IDP, which has, hear this 12 Bytes! on the Address Field...

Those guys at Xerox and OSI knew how to think big, and were real visionaries. Other people realized big address fields were needed. Too bad uncle Vint and Uncle Bob did not...

But, by luck of the dice and historic accident, IP emerged as "the" network layer protocol. Fair enough.

When world + dog realized that IP had not enough addresses, the IAB came up with a nice solution: Use CLNP. Good, that thing was _already_ implemented debuged and tested in most routers in the world, client implementations existed (and were debuged and tested) for most OSs in the world, and all the IP (pun intended, I mean, intellectual property, such licesinsing and patents) was already sorted out. There is even an RFC (1347). Work and migration could have started then and there in 1992!

But even if you dislike OSI, you could have used IPX (a decendant of IDP with 12 Bytes addresses). Again, IPX had rock solid implementations for pretty much all OSs at the time, was implemented in every single router, and had all the Licensing/Intellectual properties sorted out. There is also and RFC for that (RCF 1791). So, again, the migration could have started then and there in 1995!

But the IETF, suffering from a bad case of Not Invented HEre Syndrome, did what is called the "palace coup" and decided to disregard the orders of the IAB, and create IPv6. What were Vinton's opinions on that? I think he stayed mum (or even worse, cheered the move).

What we know now as IPv6 was voted as "the way to go" between 1994 and 1995 , and the firts implementation (on AIX) appeared in 1997. And was not until 2000 that most OSs had production quality IPv6. So, we lost between 5 and 7 years of transition time (depending of if you preffer using CLNP or IPX)... And countless man-hours were wasted reimplementing the Long Address wheel in every OS and every Router and Every modem, and .... you get the drift. And is a weird one at that which, for example, does not have a header checksum...

And after all this, old uncle Vint is pontificating on the need of migrating fast to IPv6? Get a grip!

PS: In NO way is this post intended to diminish the contributions of Vint and Bob to networking. Those contributions are huge. is just to point out the incoungruence of getting us in this mess in the first place and then pontificating for us to hurry up!

Re:Vinton Cerf and Robert Khan messed up

[Tough+Love]

I used to get downmodded for calling Vint Cerf an idiot. But he is. Actually. And a vindictive narcissist to boot. Might have something to do with the fiasco, must maybe?

Re:Vinton Cerf and Robert Khan messed up

I don't know about Robert Kahn, but Vinton has always been a bit of a corporate shill.

Still no IPv6 on Spectrum

[Eravnrekaree]

Spectrum still has no IPv6 support. It really is getting to be ridiculous that its 2018 and there is still no IPv6 support. When, if ever? Do these companies need to be fined to compel them to upgrade>

Re:Still no IPv6 on Spectrum

Funny, I'm on Spectrum (previously Time Warner) in southeast Wisconsin and I've had native IPv6 for over three and a half years now (though they give me a different prefix every single time my cable modem reboots, while my IPv4 address hasn't changed in years). Maybe it's a regional thing?

Time for IPv7

[Peter+P+Peters]

I know I'll get burned for saying this but IPv6 fails the scratch and sniff test. I've grown up around the IPv4 dilemma yet no-one I know that I worked with (contractor worked at 30+ different businesses) ever seemed to fully grasp IPv6. Workers don't get it, vendors don't get it, network providers don't get it, telcos don't even seem to get it. Based on the fact that we've been at this for 15years+ and it still hasn't gained any traction it's time to call it a failure and move on.

Re:Time for IPv7

[Tough+Love]

Sad to say, there are many with you on that. Start over, and make it an extension of IPv4 this time. Just add one or two extra bytes to the high end of the address and deal with the issues, which are many and varied, but IPv6 has nearly all of the same issues and a bunch of its own making. At least make an attempt at compatibility. It's hard to think of anything worse than the current situation, but sigh, I suppose if you threw even more incompetence at the effort than the IPv6 designers did, it could be achieved.

Re:Time for IPv7

[WaffleMonster]

I know I'll get burned for saying this but IPv6 fails the scratch and sniff test. I've grown up around the IPv4 dilemma yet no-one I know that I worked with (contractor worked at 30+ different businesses) ever seemed to fully grasp IPv6.

Workers don't get it, vendors don't get it, network providers don't get it, telcos don't even seem to get it. Based on the fact that we've been at this for 15years+ and it still hasn't gained any traction it's time to call it a failure and move on.

IPv6 in all ways that matter is the same as IPv4 with 96 more bits of address space.

Re:Time for IPv7

It *should* be the same as IPv5 but with 96 more bits of address space. But it's so much more. All they had to do was increase the address bits but nope let's throw in a bunch of random extensions and get rid of ARP (admittedly ARP can be idiotic on large networks but at least it's possible to debug)

Requiring multicast support in switches (which causes random internet dropouts for some network users when some Neighbor Solicitation messages silently get dropped by the nearest switch)

And making fragmentation an extension so you end up with UDP packets getting dropped because intermediate routers couldn't understand something

And variable length IP header extensions, which can themselves be fragmented. Writing code to handle this would be difficult in software, and now imagine doing it in hardware.

I tried rolling out IPv6 in my enterprise network and gave up after people kept complaining about pages not loading. So it's not that I'm lazy but I have no freaking idea where to even start debugging all my supposedly IPv6 ready hardware. Luckily everything supports IPv4 so here we are in 2018. Maybe I'll try again in another 10 years.

Re:Time for IPv7

[Peter+P+Peters]

IPv6 in all ways that matter is the same as IPv4 with 96 more bits of address space.

Yeah I've been hearing this for 15 years, yet here we are...

Re:Time for IPv7

[dave420]

I bet that sounded awesome in your head! The problem is that any change requires effort from people involved, and people won't want to spend that effort until the very last moment, when they have no chance but to.

Re:Time for IPv7

[Peter+P+Peters]

I bet that sounded awesome in your head! The problem is that any change requires effort from people involved, and people won't want to spend that effort until the very last moment, when they have no chance but to.

Depends if the effort comes with some sort of reward. For most Tech upgrades there is a reward of smoother/faster/more reliable/more shiny etc. IPv6 seems to have ignored all that and thrown up a turd then wondered why no-one wants to eat it. The perfect example of why design by committee is so terrible.

Network Address Translation

Ever heard of that Vint?

Vint "Cert"

[epine]

Vint Cert Warns IPv4 Users: 'Time To Get With the Program'

That error should be fixed.

Way to go NBN

[MavEtJu]

There is not a single ISP on the NBN in Australia who provides IPv6 over FTTC. That is new technology launched in 2018. Way to go NBNco!

Of course adoption is slow...

Hardly anything works with IPv6 except new things. The vast majority of ISPs don't even support it.

The problem is, IPv6 is not an upgrade to IPv4, it's a completely different and incompatible protocol!
You may as well be trying to switch people to IPX /SPX or AppleTalk because the cost of migration is the same!

It's like saying You should all use Linux now! when all your programs run on Windows and aren't compatible with WINE.

Switching to IPv6 will require, in many cases, throwing out perfectly functional hardware and software and replacing it with newer unproven gear at great cost for no immediate benefit; Try selling that one to management!

They really really should have engineered some sort of backward-compatibility into it - As it is now, it is just a competitor to IPv4 in the same way the theoretically superior Itanium/IA-64 was a competitor for x86/AMD64 and we saw how well that went.

I honestly think they should go back to the drawing board while IPv6 implementation is relatively low if they are serious about getting people to switch in a more timely fashion, otherwise they'll have to just accept the transition will be glacially slow as it'll only happen as existing working systems become obsolete and break and replacement is forced.

Re:Of course adoption is slow...

[Dagger2]

> They really really should have engineered some sort of backward-compatibility into it

It's really easy to say this, but if you sit down and think about it you'll realize that it's not possible to do. v4 isn't forwards compatible, so v6's hands are tied, and there's nothing that anybody could've done about that or could do about it in the future because it's not due to any flaw in v6 but rather due to a flaw in v4. Criticizing v6's designers for not doing something that's impossible seems incredibly unfair to me.

If you think you have a way of doing it, then great -- share it. I keep asking people to do this, and for some reason they never actually do.

(Also, if you think v6 adoption is still relatively low then you haven't been paying any attention to the stats. Google's published statistics are a little bit under 25% worldwide, and Facebook are seeing days where their US traffic is primarily v6. Those numbers should be higher, but they're not exactly low.)

lol my favorite lilo.conf addition

append="disable_ipv6=1 disable=1 autoconf=0 ipv6.disable=1"

Yup!
no more ipv6 on the pipes...

just sayin it can also be configured similarly for grub with the GRUB_CMDLINE_LINUX_Default="quiet splash disable_ipv6=1 disable=1 autoconf=0 ipv6.disable=1"

Dear Vint Cerf

Why is every IPv4 address not also an IPv6 address, in fully backwards-compatible fashion?

Also, why isn't the IPv4 address I'm assigned behind my carrier-grade NAT, plus the IPv4 address of the carrier-grade NAT server, an IPv6 address?

Re:Dear Vint Cerf

[Dagger2]

Because there's no way to make it work. v4 is incapable of talking to v6, because there isn't enough space in the v4 destination address field for the v6 address to go. You'd need to somehow make every v6 address also be a v4 address, but that won't work because there are only 32 bits available in v4 and that's nowhere close to enough. There's nothing v6 can do about this, because it's v4's problem.

One possible workaround would be to do NAT with v6 on the inside, but doing that would only allow outbound connections from v6 to v4. Also it's called NAT64 and it's already a thing that exists and you can use it and it works. Is that good enough for you?

Large services need to lead the way to IPv6

for eg

If youtube for limited ipv4 users to 480p or less
if facebook limited ipv4 to just 2 hours a day
if netflix limited ipv4 users to 480p or less
etc..
progressively making it worse for ipv4 users as time go on...

There would be public outcry and the ISP's and service providers would be forced to get off the butts and implement ipv6

Re: Large services need to lead the way to IPv6

I think that would be against the law. For obvious reasons.

Whites created the internet

So why shouldn't they give themselves the best treatment?
To share the 'net with turd world hordes at all was a big mistake.

spelling error

Cerf with an F, not Cert with a T

Re:I warn Vint Cerf

[Tough+Love]

I warn Vint Cerf: if you had not done such a crappy job of designing IPv6 then you would not be whining now about why people do not want to use it. The warning: next time let somebody competent lead the project, if there is any next time for you.

Bleah. Vint Cerf, narcissist, responsible for arguably the most expensive technological mistake in history.

Still getting downmods for calling Vint Cerf what he is. If you had ever met him, you would know too.

Re:I warn Vint Cerf

[Citizen+of+Earth]

Vint Cerf followed up his Commodore 64 with the Commodore Plus/4. It's better because it has more bytes available for BASIC programs!

IPV7 Needed

We need an IPV7 which is IPV6 minus the stupidity of every address being route-able on the internet...internal systems should not be left to the possibility that a mistake is made and the system is on the internet all of the sudden.

Re: IPV7 Needed

Tell us where you are so we can come cut your connection. Then you'll be nice and safe, and the rest of us will be happy.

Potential New Brand

"Vint Cert" sounds like the name of a website where you can buy security certificates from Vint Cerf.

Forget "Let's Encrypt"; get your certificates from Vint Cert!

No, the firewall drops those packets.

NAT has nothing to do with packet dropping; NAT is juts "Network Address Translation".

Rather, the firewall is responsible for dropping packets.

Re: No, the firewall drops those packets.

Doesn't that firewall run NAT tho?

Re: No, the firewall drops those packets.

[Dagger2]

Both stateful firewalling and NAT require state tracking, so they're often implemented in the same piece of software or hardware. Nevertheless, the firewalling and the NAT parts are logically separate components. The NAT part is responsible for rewriting addresses, and the firewall part is responsible for deciding which packets to drop.

Re:No, the firewall drops those packets.

[Bert64]

Yes while a firewall explicitly blocks packets by design according to your specified rules, NAT loses packets due to breaking the way the system works.

It was not a historical accident. Gov coerced.

As always, the U.S. government (via the military) chose winners and losers; as always, government chose the wrong solution, and we're stuck with it.

Re: I warn Vint Cerf

If I had an account I'd mod you up.

Slashdot loves their old school leaders and will defend them to the death. Vince is an arrogant prick; that has been proven. Can't do shit about it but call it as you see it. Don't let the downmods stop you. Keep spreading the good word.

Re:I warn Vint Cerf

[Tough+Love]

I warn Vint Cerf: if you had not done such a crappy job of designing IPv6 then you would not be whining now about why people do not want to use it. The warning: next time let somebody competent lead the project, if there is any next time for you.

Bleah. Vint Cerf, narcissist, responsible for arguably the most expensive technological mistake in history.

Still getting downmods for calling Vint Cerf what he is. If you had ever met him, you would know too.

I have. Leaves nothing to the imagination.

Ipv4 loses steam and gog haha

[stroxor]

I mean I love ny IPV4 address. Why can't we marry and have cute little IPv2 addresses, we wouldn't hurt anyone. So why we have to suffer? Whyy?

AT&T?

[Agripa]

When I still had AT&T U-Verse, not only did they not provide IPv6 but they took steps to block IPv6 over IPv4 tunneling so maybe someone should talk to them? I complained to the FCC and they approved the practice.

Please just stop

This isn't like the argument of whether we should be using QUIC instead of TCP (which is a legitimate battle). We really need to switch over and move on..

Just stop... The world in which IPv6 was a good..

I'm ok with QUIC being used which it already is btw - in Chrome and other Google services. But we do still need IPv6.
After all the ivory tower BS of the article you linked to, we need shit that actually works. It's very easy for the ivory tower people to cry foul that it could have been done better etc. We need something that actually works and IPv6 does. Unless you come along and actually implement something better, that's what we have.

Yes, it's a disgrace we're not all using something like MinimaLT right now, but that's life. Much worse than any of that is running out of address space, when we have the technology to have static IP addresses for any device in the world forever .. with IPv6.

IPv8 (or whatever it will be called) will be a a battle for another day...

And the sooner we get IPv6 the sooner you can have that argument.

Save me the Ivory tower crap

Yeah, it was always going to be messy. Once you put your pen down and realize you actually have to have backwards compatibility and still push forward to make way for the future, it's going to be someway messy and most of that mess has been taken care of tirelessly over the last 2 decades. That's life. It's disgraceful people are holding this back. I'm a conservative and believe me, we need this. Vint Cert is right (unsurprisingly) We need to get with the program. ISP's and financial services companies who are stalling on this need to fall into line or f*** off to Mars.The internet wasn't created for those parasites.

"The financial services industry"

can suck it. They are the very people who resist IPv6 for political reasons. They like the idea of the internet being a constrained resource so they can kick out the little guy from having a dedicated IP address.

Home ISP putting all customers behind NAT

[tepples]

If we had really "run out", I would have to WAIT to connect to the internet. Or, I'd be stuck behind a NAT device (I'm not), because my ISP had to aggregate clients because they had no free IPs.

Many ISPs already put subscribers behind NAT, particularly mobile ISPs and home ISPs in later-to-develop countries. The only way to get your own IPv4 address from those ISPs is to upgrade to business class service with a static IP.

Synchronizing the clipboard across devices

[tepples]

That's what copy/paste and mDNS are for.

Copy/paste is practical within a single device but not, to my knowledge, across devices. What solution do you recommend for synchronizing the clipboard across devices that run Windows, macOS, X11/Linux, Chrome OS, Android, and iOS?

Re:Synchronizing the clipboard across devices

[sjames]

SSH

Re:Synchronizing the clipboard across devices

[tepples]

What solution do you recommend for synchronizing the clipboard across devices that run Windows, macOS, X11/Linux, Chrome OS, Android, and iOS?

SSH

Can one run both an SSH client and an SSH server on iOS? It appears to me that one would need to in order to use SSH to synchronize the clipboard between one iOS device and another, with one running the client and the other the server. Or what am I missing?

Even assuming you can run an SSH server and client on the each device, and the SSH server and client can speak mDNS to find each other, one still has to compare server key fingerprints visually when a particular pair of devices are connected for the first time. And these are even bigger than the IPv6 addresses that we're trying to copy and paste from one device to another.

Re:Synchronizing the clipboard across devices

[sjames]

It sounds like you're trying to invent a scenario where there might be a problem. What is your use case where you can't simply ssh from one box to another and cut/paste into the ssh terminal?

Re:Synchronizing the clipboard across devices

[tepples]

What is your use case where you can't simply ssh from one box to another and cut/paste into the ssh terminal?

To copy and paste an IP address from one iOS device to another iOS device using the method you suggest, you have to SSH from one iOS device to another iOS device. Is this practical?

Re:Synchronizing the clipboard across devices

[sjames]

Or both devices ssh to a device running an ssh server. Or they use mDNS. Or a text message, or a WhatsApp or Bluetooth, or....

Re:Synchronizing the clipboard across devices

[dave420]

Who does this? Seriously? It sounds like whoever is copying and pasting IP addresses has already screwed something larger up before getting to this point...

Corporate IT

Step 1 in the deployment of any computer at large corporation is to disable IPv6, otherwise things mysteriously don't work. The real problem with IPv6 is that it is not user friendly in the same way that IPv4 is. Remembering 4 sets of 3 digits is incredibly simple, especially when the first 2-3 sets of digits are all the same. I don't see IPv6 ever being adopted unless Google were to disable support for IPv4 forcing the whole damn world to switch or no longer be able to access Google Search and Ads.

Vint Cerf also supports

[whitroth]

...as he said when he was on campus a couple years ago, google's self-driving cars that have NO steering wheel and NO pedals.

Re:I warn Vint Cerf

[thegarbz]

But people do want to use it. They just can't because telcos don't support it. Minor telcos do. The ones that realise that investment is not a dirty word. It's not Vint Cerf's fault that some groups thrive on fucking their locked in users. At least when you invite over a prostitute you get some enjoyment out of it.

Re:I warn Vint Cerf

[dave420]

Did you mean to have a discussion with yourself?

Yet another bill, DDNS rate limit, server bans

[tepples]

Just like every homeowner is expected to buy connectivity and addressing from their isp?

And when smartphones were new, a lot of people were reluctant to buy a cellular data plan because they were already buying connectivity from their home ISP. Some householders just don't want yet another perpetual utility bill, which means yet another company dipping into the family's checking account and potentially exposing said account to accidental or fraudulent withdrawals that cause overdrafts.

if you're content to use the same domain as thousands of others then there are many free options

You mean free dynamic DNS? One drawback of this has been that Let's Encrypt issues only 20 certificates per registrable domain per week. The dynamic DNS provider has to apply to Mozilla for inclusion on the Public Suffix List, which is administered on a Microsoft-run website. Some are unwilling, and last I checked, others' applications were in a months-long backlog.

and nothing to stop the isp from allocating a subdomain to their customers.

Of course there is: The major last mile ISPs have a business policy not to let home users run servers in the first place. I concede that ISPs have power to amend this policy, but you'd have to show ISPs a good case for amending this policy, as upgrades to more expensive business-class service make them money.

Plus there is always .local and llmnr/mdns if you don't need global reachability of your hostnames.

Neither Let's Encrypt nor any other trusted-by-default HTTPS certificate authority does .local. It violates the CAB Forum's Baseline Requirements.