Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vint Cert Warns IPv4 Users: 'Time To Get With the Program' (zdnet.com)

Posted by EditorDavid on from the happy-sixth-anniversary dept.

An anonymous reader quotes ZDNet: Vint Cerf notes that the world ran out of IPv4 address space around 2011, some 13 years after internet engineers started sketching out IPv6, under the belief back then that IPv4 addresses would run out imminently. Since 'World IPv6 Launch' on June 6, 2012, significant progress has been made. Back then just one percent of users accessed Google services over IPv6. Now roughly a quarter of users access Google over IPv6. But Cerf noted that "it's certainly been a long time since the standards were put in place, and it's time to get with the program"...

The Internet Society's snapshot of IPv6 in 2018 notes that Google reports that 49 countries deliver more than five percent of traffic over IPv6. There are also 24 countries where IPv6 traffic is greater than 15 percent, including the US, Canada, Brazil, Finland, India, and Belgium. Additionally, 17 percent of the top million Alexa sites work with IPv6, while 28 percent of the top 1,000 Alexa sites do. Enterprise operations are IPv6's "elephant in the room", according to the Internet Society. Around 25 percent of all internet-connected networks advertise IPv6 connectivity, and the Internet Society suspects that most of the networks that don't are enterprise networks.

38 of 282 comments (clear)

  1. Verizon Fios doesn't support IPv6 by ebrandsberg · · Score: 2

    it is 2018, and as of today, Verizon FIOS still doesn't support it. Why? Who knows.

    1. Re:Verizon Fios doesn't support IPv6 by Anonymous Coward · · Score: 4, Insightful

      Nothing important uses only IPv6.

    2. Re:Verizon Fios doesn't support IPv6 by locofungus · · Score: 2

      With privacy addressing, which almost everything IPv6 uses, it's hard to probe for devices.

      It's not something to rely on, and 1x1 pixel images will be used to get the victims IP from phishing emails, but even if IPv6 routers do allow inbound connections by default (mine doesn't) it won't be an instant disaster ( NAT can be bridged if you can get the victim to start the connection)

      --
      God said, "div D = rho, div B = 0, curl E = -@B/@t, curl H = J + @D/@t," and there was light.
    3. Re:Verizon Fios doesn't support IPv6 by sjames · · Score: 2

      You haven't a clue. For the end user it will be exactly as easy as slapping a NAT router between their LAN and modem, only it will also include the simple IPv6 firewall rules that provide the equivalent protection for IPv6. Many common consumer devices do that right now. They're just waiting for ISPs to support v6

      On the server side of the fence, many would dearly love to have v6 capability widespread enough that they could run v6 only servers and not have to fill out justifications that require a crystal ball and a colonoscopy to complete.

    4. Re:Verizon Fios doesn't support IPv6 by sjames · · Score: 3, Interesting

      In many cases, the ISP supplies the router as well as the modem.

      I have IPv6 on my Comcast service and have no issues like that. If Comcast can get it right, anyone can.

      Further, since the cable modems are point to point with the head end, the ISP certainly can and should be droping the non-routing addresses that are used by Bonjour and similar discovery protocols. No need to do anything draconian, just do as the spec says to do.

    5. Re:Verizon Fios doesn't support IPv6 by Cyberax · · Score: 2

      Talk to Comcast representative again. They do business IPv6 just fine. They also do it the right way, by prefix-delegating you a /48 network.

    6. Re:Verizon Fios doesn't support IPv6 by locofungus · · Score: 2

      I have a static IPv4 address anyway. Previously, although it wasn't static, I kept it unless I disconnected for at least an hour - so effectively it was static.

      But this is orthogonal to NAT as a firewall. ISPs could offer changing prefixes the same way they offer changing IPv4 IPs and some may do that so as to have 'static' addresses for premium business services.

      --
      God said, "div D = rho, div B = 0, curl E = -@B/@t, curl H = J + @D/@t," and there was light.
    7. Re:Verizon Fios doesn't support IPv6 by Bert64 · · Score: 2

      What's needed is for large companies like google and facebook to offer benefits to ipv6 users, such as early access to new beta features etc, and then promote this... Currently very few users are demanding ipv6, so most isps can get away with not offering it. If large numbers of users start asking for ipv6 and switching to providers which already offer it, then providers will very quickly start implementing it.

      Microsoft actually state that the xbox one will work better with ipv6, so that's at least a start and some xbox users ask for ipv6.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    8. Re:Verizon Fios doesn't support IPv6 by Bert64 · · Score: 2

      If you've never had a problem with ipv4, then your use of the internet must be pretty limited...

      Getting new ipv4 addresses to host anything is now much more expensive.
      NAT breaks many things, so now instead of being able to connect back to your machines at home you have to rent a server somewhere and open a tunnel from your home network to the hosted server.
      p2p file transfers and p2p communication (eg gaming) are broken by nat, you have to involve an intermediate host - either a server you rent for yourself, or a third party who can snoop on your traffic.
      And no, NAT is not a security feature - its a kludge to cope with a lack of addresses, a stateful firewall is what will prevent unwanted inbound connections and all consumer level ipv6 routers deny unsolicited inbound connections by default.

      When your using a third party server like this, not only do you give up your privacy to the owner of that server, but you also rely on their goodwill to keep the server running. Despite the fact that quake was released in the 90s, today i can fire up a quake server on a non natted address, share the address with my friends and we can have a game. This doesn't work if you are behind nat, and games which require developer-supplied servers probably wont still be playable 20+ years later.

      For work i have point to point vpn links between our central office and our clients networks to facilitate devices that we manage for them...
      It has to be an outbound connection initiated from the clients to our network because many of our clients are behind nat gateways controlled by the ISP so we can't connect directly to them and the provider charges a lot more for a dedicated ipv4 address.
      Also on the vpn links, many companies use overlapping internal address space (192.168.0.x etc), which becomes very messy when we're trying to address devices over the vpn as there will be many networks and devices using the same addresses. IPv6 solves this nicely as everything can have unique addresses.

      NAT also causes other problems for ip based blacklists and ips systems - traditionally you could block abusive users by their ip address, if you do that now there might be thousands of customers from the same provider behind the same ip. If you block one address you block all that provider's customers and if you leave it open you invite further abuse. Conversely many innocent users find themselves on blacklists because other users of the same provider did something or became infected with some kind of malware.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    9. Re:Verizon Fios doesn't support IPv6 by arglebargle_xiv · · Score: 3, Insightful

      This is half the reason why it's now the twenty-year anniversary of IPv6 failing to launch. IPv6 has now been around for longer than IPv4 (counted as the time between RFC 791 and RFC 188x) and it's still perpetually "the other protocol", the novelty thing that you use from time to time for a lark until you go back to the one that works. It's the Duke Nukem Whenever of network protocols.

      The other half is that we've been told the IPv4 sky is falling so many times now that the response to any new claims are "oh god, is it that time of the year again?". For the vast majority of users, there's simply no incentive to switch, no matter how many times someone tries to scare them into it.

    10. Re:Verizon Fios doesn't support IPv6 by Bert64 · · Score: 2

      You misunderstand how privacy addressing works...
      Periodically your system makes outbound connections from a different address, so a single user might use hundreds of different addresses within a /64, and once the address has been rotated there is no way to tell what address that device has now.
      You'd only be able to track to the prefix, which is no different than ipv4 when you track to the nat gateway.

      The RIAA and copyright cops HATE ipv6, they love NAT because it breaks p2p protocols. A centralised service is much easier to shut down, and requires much more bandwidth to operate.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    11. Re:Verizon Fios doesn't support IPv6 by Bert64 · · Score: 2

      What the customer may notice is that performance increases or some things such as video, voice conferencing and real-time games now work better than they once did yet they are unlikely to know why. Millions of users have been transitioned to IPv6 automatically without having or needing to care.

      Well that's the problem, users aren't aware of the advantages of ipv6 and aren't demanding it from their providers.
      If there are user-visible reasons for using ipv6, then users will start demanding it and providers will have to offer it.

      Google for example often run beta features for a limited audience, if they were to make these beta features ipv6 only to start with then word would soon spread and people would start demanding ipv6 or recommending providers that already offer it.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    12. Re:Verizon Fios doesn't support IPv6 by Z00L00K · · Score: 2

      So if Steam suddenly says that in order to play this game in 4K you need IPv6 then people would really take note and ask their ISPs for it.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  2. fear, lack of training, lack of compatability by Anonymous Coward · · Score: 2, Interesting

    The few managers and consultants I've talked to dislike ipv6 because

    They do not want to type long ipv6 addresses. (their or their client's DNS is probably not setup well)

    They fear incompatibility. (mostly I heard Exchange Server, which might still need netbios names (I'm not talking wins), even thought microsoft said with Active Directory you don't need netbios resolution, but you do...

    Perhaps microsoft should have an end netbios campaign, like they did with ie6.)

    1. Re:fear, lack of training, lack of compatability by presidenteloco · · Score: 3, Insightful

      Obviously we have to move to the larger address space, but IPv6 was invented by those most dangerous of engineers, those who think they're f'ing clever because they can make something complex and have lots of options.

      When making the most core standard imaginable, that's like, the stupidest thing you could possibly do.

      Many original core internet standards were widely adopted because they were simple for people to understand and program to.
      204.92.16.108 etc is an example of this.

      So in short, the IPv6 transition was made way more messy that it should have been, because of fundamentally incompetent design of the new standard.
      Multiple ways of expressing addresses? Lots of special little address spaces reserved for this and that thing of the present day? Both of those are complete counterproductive bullshit. For example.

      --

      Where are we going and why are we in a handbasket?
    2. Re:fear, lack of training, lack of compatability by fahrbot-bot · · Score: 2

      So in short, the IPv6 transition was made way more messy that it should have been, because of fundamentally incompetent design of the new standard. Multiple ways of expressing addresses? Lots of special little address spaces reserved for this and that thing of the present day? Both of those are complete counterproductive bullshit.

      It seems that the IPv6 designers used the kitchen sink approach and tried to solve multiple (actual, potential, and far-future) problems at the same time rather than the single, simpler problem of the IPv4 address-space exhaustion and that approach made IPv6 a complex mess that's difficult to easily understand. If they had done something simpler, everyone would have switched over by now. IPv6 is another case of smart people doing dumb things - specifically, not thinking things through enough by thinking things through too much.

      --
      It must have been something you assimilated. . . .
    3. Re:fear, lack of training, lack of compatability by sjames · · Score: 2

      They do not want to type long ipv6 addresses.

      That's what copy/paste and mDNS are for. Complaining about that is like griping that they just learned to do a Western Union splice and now people want them to use those diabolical newfangled RJ-45 thingies.

      Do they also get mad when they crack the whip and the car doesn't go ant faster?

    4. Re:fear, lack of training, lack of compatability by sjames · · Score: 2

      Quick, don't look it up, what is Wikipedia's IPvv4?

      BZZZZZZt

      Special addresses, you mean like 10,0.0.0/8 or 127.0.0.1?

      Careful or you'll find yourself in the park shouting at clouds.

    5. Re:fear, lack of training, lack of compatability by WaffleMonster · · Score: 2

      It seems that the IPv6 designers used the kitchen sink approach and tried to solve multiple (actual, potential, and far-future) problems at the same time rather than the single, simpler problem of the IPv4 address-space exhaustion and that approach made IPv6 a complex mess that's difficult to easily understand. If they had done something simpler, everyone would have switched over by now. IPv6 is another case of smart people doing dumb things - specifically, not thinking things through enough by thinking things through too much.

      The only part of IPv6 that matters is the address space. The rest is noise.

      Personally I think 128-bits was a great decision. Not only did it give everyone more room than they'll ever need it also thwarts low effort global scanning and exploitation campaigns. I even like SLAAC for as dumb as it is since it kind of nudges providers not to skimp out and take more of the address space for themselves.

      Also going with a completely separate address space rather than mapping across was a very smart move due to pigeonhole principal, network reliability and not inheriting scarcity driven route disaggregation.

      Operationally it doesn't matter how much IPv4 and IPv6 peers can communicate with each other. What really matters is reliability. The door was forever closed on address space expansion the moment ink dried on IPv4's fixed address space. There was nothing that IPv6 could do. No matter what you would by necessity be required to expand address space in an incompatible manner.

      The naming service in my view is the proper place to advertise support for a particular address space. When I hear people talk about how everyone was dumb and they could have did it different in a more compatible way what I never hear is an operationally viable plan of action.

      It is ALWAYS some tired old NAT/tunneling/overlay scheme which fails to provide the same reliability and capability as IPv4 and for which insufficient address space likely remained to properly implement.

    6. Re: fear, lack of training, lack of compatability by Brockmire · · Score: 2

      You generally had same area code and exchange, so you just had to remember 4 digits of your friends number that you actually dialled, not Contacts. And it became muscle memory. I can muscle memory a number pad better than 1-9,0 in a row.

    7. Re:fear, lack of training, lack of compatability by Bert64 · · Score: 2

      IPv4 has multiple ways of expressing addresses - x.x.x.x, 0x12345678, etc...

      IPv4 has extra special reserved address spaces, 224.x for multicast, 127.0.0.0 for local, 192.168 etc reserved for internal use etc.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  3. Centurylink by darkain · · Score: 2

    I'm a Centurylink gigabit customer near Seattle with a static block of IPv4 addresses. Their IPv6 support is still only 6rd, which their implementation only works with a small handful of routers. Sadly, I just found out that my latest router is one that doesn't support it. STILL waiting on that native dual-stack support.

    I firmly place all of the blame on the major ISPs at this point. Most have IPv6 dual-stack on their carrier networks, but are sluggish as fuck delivering the packets to the last mile for some ridiculous unknown reason?

  4. not really true by Anonymous Coward · · Score: 5, Insightful

    We haven't "run out" of IPV4 addresses. Not even remotely so.

    A good comparison would be land. There was a time, even within the last 50 years -- where one could (for example) 'stake out' land in Canada. You'd head to unclaimed land, put up your fences, work it and use it -- and in 5 (or 10? it's been a long time since I read up on this), the land would officially be yours.

    This is closer to IPV4 realities, than not.

    Why?

    Because, IPV4 used to be *free*. You needed netblocks, you got netblocks. You request, and they were delivered.

    Then they became non-free. Much like land in Canada, you can't just take it and use it, nope -- you have to buy it from someone.

    A lot of that goes around, too. One corp selling to another. CorpA leasing to subscribers. ISPs selling additional IP addresses / month, for a fee.

    If we had really "run out", I would have to WAIT to connect to the internet. Or, I'd be stuck behind a NAT device (I'm not), because my ISP had to aggregate clients because they had no free IPs.

    Truth is, there's loads and loads of IPV4 laying around.

    Otherwise, why would people be saying WE'RE GOING TO RUN OUT! for TWENTY FUCKING YEARS, and there's still a shit-tonne of IPs left.

    Hmm?

    Eh?

    Hum?

    Bah!

    (And yes, SNI alone helped a lot... but that's not the point. Or maybe it is -- because, it's an example of "look -- there's gold all over the ground" and now "we have to dig for it, maybe we'd better use gold more wisely")

    I bet in 2050, we'll still primarily be IPV4.

    1. Re:not really true by WaffleMonster · · Score: 3, Insightful

      We haven't "run out" of IPV4 addresses. Not even remotely so.

      A good comparison would be land. There was a time, even within the last 50 years -- where one could (for example) 'stake out' land in Canada. You'd head to unclaimed land, put up your fences, work it and use it -- and in 5 (or 10? it's been a long time since I read up on this), the land would officially be yours.

      This is closer to IPV4 realities, than not.

      Why?

      If you think IP addresses should be treated as a limited resource and priced by the market accordingly then of course you're right. Chances are YOU can afford to have an IP address. Therefore they are not scarce for you.

      Yet from a global perspective there are more Internet users coming online than publically routable IPv4 addresses. Basic math would seem to indicate there are not enough addresses to go around.

      If we had really "run out", I would have to WAIT to connect to the internet. Or, I'd be stuck behind a NAT device (I'm not),

      Good for you. Population of Internet users will soon be a much much higher number than publically routable IPv4 addresses. Others are today not so lucky and this problem only grows worse with time.

      Even if you assume all server infrastructure has no IP addresses allocated to it and 100% efficient distribution of IPv4 to end users only there are still NOT ENOUGH IPv4 addresses for everyone.

      I bet in 2050, we'll still primarily be IPV4.

      I bet IPv4 at least in terms of public Internet is shut down in its entirety by 2050.

  5. Re:This sucks! by Anonymous Coward · · Score: 4, Funny

    You can keep your IP address, 192.168.1.42

    Hey! that's the IP address of my luggage.

  6. Re:IPv6 was invented before NAT. by 4im · · Score: 4, Insightful

    Spoken like a mere user. Those of us who've had to connect NATed enterprise networks via VPN, having to find common unused IP spaces, NATing around both ways to get machines from both ends to talk to each other, having to implement DNS zones, know just how wrong this is. IPv6 is a godsend, solving one hell of a lot of problems those of us actually working in networking have. Now, if only more of the management guys listened to us, we'd have moved on to IPv6 for quite a while.

  7. Re:but why slashdot still doesn't use IPv6? by DontBeAMoran · · Score: 2

    And you're stuck with first century numerals.

    --
    #DeleteFacebook
  8. Re:IPv6 was invented before NAT. by vux984 · · Score: 2

    That's pretty ignorant. Because NAT creates very nearly as many problems as it solves.

    And if users don't want a device traceable or directly reachable by ipv6 address you can still do NAT with ipv6 too if you want; you just don't HAVE to.

  9. Re:IPv6 was invented before NAT. by Z00L00K · · Score: 2

    And that's a good reason for NAT and private addresses for IPv6.

    In my home net I run fd00::/8 and when the ISP finally get their thumb out of their behind I plan to do a NAT of that.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  10. Re:Agreed by DontBeAMoran · · Score: 2

    I'm going to downgrade our internal network to IPv3.14159 just to piss off our administrators.

    --
    #DeleteFacebook
  11. Azure by watermark · · Score: 3, Interesting

    Chicken and egg. In Azure, the only way you can get a public IPv6 address is by using a load balancer. You can't just put a single VM up on IPv6. Even if some other provider does offer better IPv6 support, Azure is #2 atm, so they'll need better IPv6 support as well.

  12. Re:This sucks! by RandomFactor · · Score: 2

    192.168.1.x is just too damned crowded.

    I moved to 192.168.2.x ages ago.

    --
    --- Mercutio was right.
  13. When's Slashdot going to IPv6 ? by Mozai · · Score: 4, Insightful

    $ dig tech.slashdot.org aaaa
    tech.slashdot.org. 59 IN CNAME www.slashdot.org.
    $ dig www.slashdot.org aaaa
    (no answer)

  14. Re:Tell the ISPs, not the users by MrL0G1C · · Score: 3, Funny

    My ISP isn't even offering IPv5 yet, let alone IPv6.

    --
    Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  15. Vint "Cert" by epine · · Score: 3, Interesting

    Vint Cert Warns IPv4 Users: 'Time To Get With the Program'

    That error should be fixed.

  16. Re: Better tracking for the three letter agencies by Dagger2 · · Score: 2

    From what I've seen, those "reputable, well-engineered VPNs" block v6 because they're crap and don't support it. What they should do is exactly the same thing they do for v4: put the traffic down the VPN.

    v6+privacy addresses is no worse than v4+NAT for your privacy. Both of them are crap, of course, because they let you connect to web servers which track you via cookies and browser fingerprinting, but there's no reason to avoid v6 on this count.

  17. Re:Dear Vint Cerf by Dagger2 · · Score: 2

    Because there's no way to make it work. v4 is incapable of talking to v6, because there isn't enough space in the v4 destination address field for the v6 address to go. You'd need to somehow make every v6 address also be a v4 address, but that won't work because there are only 32 bits available in v4 and that's nowhere close to enough. There's nothing v6 can do about this, because it's v4's problem.

    One possible workaround would be to do NAT with v6 on the inside, but doing that would only allow outbound connections from v6 to v4. Also it's called NAT64 and it's already a thing that exists and you can use it and it works. Is that good enough for you?

  18. Re:Of course adoption is slow... by Dagger2 · · Score: 2

    > They really really should have engineered some sort of backward-compatibility into it

    It's really easy to say this, but if you sit down and think about it you'll realize that it's not possible to do. v4 isn't forwards compatible, so v6's hands are tied, and there's nothing that anybody could've done about that or could do about it in the future because it's not due to any flaw in v6 but rather due to a flaw in v4. Criticizing v6's designers for not doing something that's impossible seems incredibly unfair to me.

    If you think you have a way of doing it, then great -- share it. I keep asking people to do this, and for some reason they never actually do.

    (Also, if you think v6 adoption is still relatively low then you haven't been paying any attention to the stats. Google's published statistics are a little bit under 25% worldwide, and Facebook are seeing days where their US traffic is primarily v6. Those numbers should be higher, but they're not exactly low.)