One Step Closer to IPv6

gbjbaanb writes "IPv6 came a step closer yesterday as ICANN added IPv6 host records to the root DNS servers, reports the BBC. 'Paul Twomey, president of Icann which oversees the addressing system, told the BBC News website there was a need to start moving to IPv6. "There's pressure for people to make the conversion to IPv6," he said. "We're pushing this as a major issue." The reason for the urgency, he said, was because the unallocated addresses from the total of 4,294,967,296 possible with IPv4 was rapidly running out. "We're down to 14% of the unallocated addresses out of the whole pool for version 4," he said. Projections suggest that this unallocated pool will run out by 2011 at the latest.'"

Sad

[suso]

Its sad to look at the list of class a allocations [iana.org] and know that we're almost out. All this was done before NATs became popular. I think ICANN/IANA should work on wrestling some of those class As back from companies like Ford, Apple, HP, etc. None of those companies are going to ever have 16,000,000 hosts on public IPs. I know some of those companies have already made sub allocations. We could probably buy 5-10 years if they could reclaim just the 3, 9, 13, 17, 19, 20, 34 and 40 class As and get over 130,000,000 IPs back.

I mean, if those companies complain, who cares. They wouldn't get such large and prestigious allocations in an IPv6 network anyways. So what's the difference.

I know, I know, we should move to IPv6 anyways. Just a suggestion. Poor initial planning warrants changes down the road.

Re:Sad

[Anonymous Coward]

I completely agree with you. That is why I am going to pledge my entire allocation of the 10.0.0.0/8 network back to the IANA. As long as we ensure that it is reallocated properly, I think it will be a huge benefit for the Internet as a whole. For those of you who might control a part of or the entire 172.16.0.0/12 or 192.168.0.0/16 network, you might want to ask yourself this question: do I really need that many addresses?

Re:Sad

[misleb]

Didn't Bill Gates once say, "127.0.0.1 should be enough for anybody." Damn, he's always so short sited.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[burndive]

I believe you mean short cited.

Re:Sad

[Guppy06]

I just hope that the guy who holds the 127.0.0.0/8 network never follows suit. All his hosts have the largest pr0n collection I've ever seen!

Re:

[timbo234]

ocalhost (127.0.0.1) has a 32-bit subnet mask, so 127.0.0.1/32

It may be setup this way on your computer's network settings but the RFC says the whole /8 is valid is part of the loopback:
http://www.faqs.org/rfcs/rfc3330.html [faqs.org]

Re:

[Profane MuthaFucka]

130x10^6 addresses isn't that many. It'll push off the exhaustion of the address space by a year or two at the most, and then we're still going to need IPv6.

Also, without IPv6, there's only a maximum of 2^32 Linksys routers that will be needed. IPv4 is unfairly capping the maximum number of needed NAT routers, and thus unfairly capping the profits of Cisco. We must think of the cost of IPv4 in terms of corporate profits, or we are doomed. Our economy depends on exponential growth, and that applies to addres

Re:

[93 Escort Wagon]

Its sad to look at the list of class a allocations [iana.org] and know that we're almost out. All this was done before NATs became popular. I think ICANN/IANA should work on wrestling some of those class As back from companies like Ford, Apple, HP, etc. None of those companies are going to ever have 16,000,000 hosts on public IPs. I know some of those companies have already made sub allocations. We could probably buy 5-10 years if they could reclaim just the 3, 9, 13, 17, 19, 20, 34 and 40 class As and get over 130,000,000 IPs back.

I mean, if those companies complain, who cares. They wouldn't get such large and prestigious allocations in an IPv6 network anyways. So what's the difference.

Halliburton has a TLD? I dunno... if you tried to take it back, a certain someone might "accidentally" shoot you in the face!

Re:

[93 Escort Wagon]

Er, sorry, not enough caffeine. Definitely NOT a TLD, but they do own the 34.* block.

Sheesh.

Re:

[WhiteDragon]

We could probably buy 5-10 years if they could reclaim just the 3, 9, 13, 17, 19, 20, 34 and 40 class As and get over 130,000,000 IPs back.

Well, think about this: 3.x.x.x is owned by General Electric:

whois 3.0.0.0

OrgName: General Electric Company

NetRange: 3.0.0.0 - 3.255.255.255
CIDR: 3.0.0.0/8
NetName: GE-INTERNET

So naturally, you would expect www.ge.com [ge.com] to be in that block. And you would be wrong.

dig www.ge.com ;; QUESTION SECTION: ;www.ge.com. IN A ;; ANSWER SECTION:
www.ge.com. 30 IN A 216.74.131.56

I have always thought it was rather irresponsible of them.

Re:Sad

[tknd]

We could probably buy 5-10 years if they could reclaim just the 3, 9, 13, 17, 19, 20, 34 and 40 class As and get over 130,000,000 IPs back.

130,000,000 / 4,294,967,296 = 3%

The article says we will run out of unallocated IPs by 2011. The unallocated pool is 14%. It is currently 2008. 2011 - 2008 = 3 years. What makes you think that reclaiming 3% is going to buy us 5 to 10 years?

Re:Sad

[CopaceticOpus]

But 3% of 2011 is over 60 years!

Re:

[Rolgar]

All class A's should be re-designated as class B's, and entities that currently have class As that need more than a class B should be able to claim multiple class B's from their current class A.

I'm a contractor with the Postal Service (Class A 56) and I don't think we need the whole thing. Probably 50-75% of postal computers are individual post offices that access the network through a DSL (or in some small towns, dialup) and VPN. Data Centers and other large facilities should easily be able to fit in 1-1

Re:

[WhiteDragon]

I'm a contractor with the Postal Service (Class A 56) and I don't think we need the whole thing. Probably 50-75% of postal computers are individual post offices that access the network through a DSL (or in some small towns, dialup) and VPN. Data Centers and other large facilities should easily be able to fit in 1-10 class B's depending upon just how many sites there are.

Well, it used to be that all that ip space was divided up amongst different processing & distribution centers, post offices, etc. Now like everyone else, they are using a lot of NAT.

Re:

[gbjbaanb]

I mean, if those companies complain, who cares. They wouldn't get such large and prestigious allocations in an IPv6 network anyways. So what's the difference.

yeah, we'll restrict them to a meagre 281474976710656 addresses like everyone else. That'll show them, and if they want more than a single /48 then they can just go whistle, loooosers.

Re:

[Above]

The current IPv4 burn rate is around 10-11 /8's per year worldwide. You list 8 /8's that might be recovered; that would be under 1 year of additional time at the current rate.

For more information on the rate of IPv4 consumption, see http://www.potaroo.net/tools/ipv4/ [potaroo.net]

And, while those companies aren't using 100% of their blocks, they are using some of them, so it's not as trivial as just returning the unused block; they have to make sure they are numbered in a small subset of it and return the rest.

A lot of

Re:

[Cheeko]

HP actually has 2 Class A's and a class B (though they may have let the B go). When I was working there (till this past year), everything we did generally had a 15 or 16 IP. (15 = HP, 16 = DEC, the class B was the old Compaq)

Re:

[ptbarnett]

HP actually has 2 Class A's and a class B (though they may have let the B go).

HP used to have another Class B: 130.168.x.x, which it acquired along with Convex Computer. However, they subsequently gave it to Agilent when spinning it off.

Re:

[MikeyTheK]

We've been hearing about how we were about to run out of IP4 addresses in three years back in 1990. It's been 17 years. The same silly article gets published every six months. I'm still waiting. Call me when we actually hit Peak Oil, too. Oh wait! We just passed it AGAIN!

Re:

[A beautiful mind]

I challenge you to bring 5 mainstream articles each six months apart from the past 10 years.

Re:

[BitZtream]

How do you define prestigious? I hope its not by number of addresses assigned.

I have a /64 assigned to my house. In IPv4 speak, that means my house has approximately 4.2 billion IPv4 address spaces to itself. I'll probably tunnel one IPv6 address space worth to my iPhone, and one to my car, maybe one to my toaster ... Not sure what I'm going to do with the rest. /MSG me for trade

Re:Sad

[ACMENEWSLLC]

I'm ready to begin to add IPv6 to my network. 99% of my machines can support IPV6. There is no RFC1918 private space needed with IPv6 since there is so much space. I went to allocate space, but found out that I can't;

http://www.arin.net/registration/guidelines/ipv6_initial_alloc.html [arin.net]

Re:

[anticypher]

So what is stopping you?

Have you not paid your 2008 ARIN fees?
Are you not an ISP?
You can't come up with the US$35 for a /32?
How is ARIN blocking you in any way?
Are you just trolling /. as a substitute for having a life?

I don't understand your complaint. If you already have an IPv4 allocation from ARIN, getting an IPv6 allocation requires only filling out the form, sending it in, and getting your allocation. They stick the $35 onto your ARIN fee at the next billing cycle. It's even easier than getting an IPv

Re:Sad

[TheRaven64]

Thats 2^48 Internets!

Why would you want that? One of my staff sent me an Internet the other week, and it took three days to arrive! If everyone has 2^48 Internets, my staff's Internets will never arrive.

Re:

[Torvaun]

Do all of your machines need to be publicly accessible? Subnets for the win.

Just Like Oil

[mrxak]

Just like how when we run out of oil, solutions will come along, when we run out of IP addresses, solutions will come along. The only problem is people don't get very motivated until we're really on the edge. I don't have much hope for IPv6 for another few years yet. Still, progress is progress.

Re:

[Anonymous Coward]

the solution came along, its ipv6

Re:

[mrxak]

How many people are using it though? Probably the same number of people using solar cars.

Re:

[joeytmann]

That's why ICANN is adding IPv6 to the root DNS servers. IPv6 adoption has to start somewhere, and for years everyone has been waiting for someone else to start the ball rolling. Well looks like ICANN finally got fed up and have given the ball a small push to see how far it rolls and is now waiting for someone else to give it another push to keep it rolling.

Re:

[ThreeGigs]

Well looks like ICANN finally got fed up and have given the ball a small push

Actually, it's the other way around. Everyone has been fed up with ICANN because they've been dragging their feet on getting this done.

Re:

[Wesley Felter]

People are adopting IPv6 from the outside in, but they're using 6to4 and Teredo instead of the obsolete 6bone.

Re:

[Wesley Felter]

Most people don't understand anything about IP, yet they use the Internet just fine. If your OS or router enables 6to4 automatically then you don't need to know anything.

6to4 is pretty similar to configured tunnels, but it structures its IPv6 addresses in such a way that each endpoint can automatically discover the IPv4 address of the other endpoint. Thus 6to4 requires no configuration or state in the network.

Re:

[discogravy]

well, the PJ O'Rourke line ("We're waaaay out of whale oil, but instead of sitting in the dark we found other oils for our lamps") -- which is the standard American Republican line in this case -- is that we'll innovate a new way. So far the oil/energy problem has the same problem that IPv4/IPv6 have, namely that everyone wants it, but no one wants to be the one to start (or wants it enough to actually *DO* something).

Re:Just Like Oil

[rmstar]

Do you know how deep people will drill for oil? Do you know how many kilograms of battery you need to substitute a kilogram of gasoline? No? Thought so :-)

We are not addicted to oil just because we are lazy. We are addicted to oil because it is so god-damn good. We will be badly screwed if it runs out, and no amount of innovation will bring such a wonderfully convenient energy source back. In comparison, and, come to think of it, not even in comparison, IP6 is a complete and total triviality.

Re:

[betterunixthanunix]

We have solutions to both problems. People just don't want to put in the time, effort, and of course, money to implement the solutions. Would you want to pay higher taxes to help subsidize the creation of bioplastics and wind power? Would you want to pay higher taxes to help subsidize an upgrade to broadband access and IPv6 use in your country?

Re:

[mrxak]

Which is why IPv6 probably won't get any real use until ISPs start charging a premium for you to get a unique IPv4 address since they don't have enough to go around.

Re:

[Tony Hoyle]

If you want more than one some already do..

Mine gave me 16 for free, but it's a rare case of an actually good ISP.

Re:

[Unoti]

If higher taxes would honestly go to bringing high speed fiber right to my doorstep, yes, I'd seriously consider it. I just don't have much faith in the government spending my money properly.

Re:Just Like Oil

[explosivejared]

The Universal Service Fund is evidence enough for you. Billions of dollars of subsidies wasted as windfalls to stockholders. Your lack of faith is wise, and it's only being supported by the new broadband plan laid out by the president.

It would be nice to have a perfectly efficient method of coercion to force ISP's to actually spend their subsidies on broadband penetration, but no one in power seems to be interested. It's the same story as IPv6 up to now. ICANN seems to be taking the lead finally. Hopefully someone will follow suit in the broadband arena.

It's a sham - the Internet is mostly dark

[mcrbids]

The sad part is, most of the IP addresses in question are... dark. Nothing there. Even though we're approaching 85% allocation, utilization is probably around 1-2%. No, I'm not kidding.

Try it yourself - hack up some script to randomly generate IPs and then ping sweep the network blocks. You'll probably be quite surprised at the result.

A while back, I wanted to have a way to detect if a host was "offline" so that it could modify its behavior. (EG: halt outgoing SOAP requests if the server's network connectio

Re:

[RedHat Rocky]

Ping?

Most large server farms block ICMP/ping at the border. Relying on ping to indicate whether an IP is occupied is just wrong.

Granted, I'm with you on the "large empty pool" theory.

Re:

[Hognoxious]

I once heard that MIT has enough IP adresses for everyone who's ever worked or studies there and will for the next 100 years to each have a unique one.

Re:

[dAzED1]

just because nothing responds, doesn't mean nothing is there.

iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

Tada. "reject" is one thing, because it actually responds. "drop" though - just drops the packet...almost like nothing is even there. And yet, I can go out and do things, and stuff can get back to me on established sockets.

Re:

[gmack]

You can go out and do things as long as those things don't happen to be on a link that happens to have a smaller packet size than yours. Blocking all ICMP is a common firewall mistake.

Re:

[Aqualung812]

It isn't that simple. With IPv4, you have to subnet and that takes a few addresses. You'll have to have a gateway and a firewall/NAT device, there is two addresses. Network address and broadcast address take up two more, so now assuming you only need 1 IP address and took the smallest block, you just "wasted" three.

Now, maybe day one I only need 4 IP addresses. I get a subnet that can handle that, plus maybe 2 more. Now, when I need to add 2 more, I have to add a whole new subnet, waste more IPs, AND

Re:

[TemporalBeing]

Getting back to end-to-end networks is what needs to happen (no more NAT), and IPv6 is the way.

That's assuming I want all my devices to be publicly visible. What if I don't? While NAT is a little PITA to set up, it works beautifully for the job. I don't want people to be able to easily figure out the all the systems on my network, and even if I converted my network to IPv6, I want a solution like NAT.

NAT just makes it easy for the network to have a single point-of-contact going in/out of the network.

Re:

[Rhys]

You're going to hit a lot of firewalls, many of them at the ISP level, that block your ping or traceroutes from going through. I wouldn't count on that as reliable.

Re:It's a sham - the Internet is mostly dark

[BitZtream]

While I would love to agree with you completely as I believe ARIN is a bunch of tards (can't speak for the other registries). There are/were technical reasons behind the way IPs are assigned. Machines haven't always had 2 gigs of ram. Maintaining routing tables on a network the size of the Internet was a difficult task, which required aggregating networks at upstream links and all sorts of stuff in a desperate attempt to prevent every multihomed router on the Internet from needing a few gigs to hows the paths to various subnets and determine what path was the best.

Of course, time goes on, ram is cheap, and doing it now is somewhat easier, but it still requires ram and processing power, and that increases latency and cpu utilization.

For instance, assume that everyone was assigned address space in blocks of 256 address (class C) and had to show they utilized the address space before getting more as well as prove they continued to use it. Now assume that only half of the address space available was assigned. 2.1 billion addresses in use. Thats approximately 8.3 million class C blocks
allocated. I'm going to assume thats higher than what we have actually in use these days (not allocated, in use) but bear with me for reference purposes.

Now, for each packet you route, you have to search through those allocated blocks and find the one that contains the address you're communicating with. You also have to determine which path of the many you may have on your router is the best path to use based on number of hops to the destination (we'll pretend AS hops are real hops for simplicity), include other factors such as your internal weights for a route because its expensive for you to use the OC3 you have rather than the DS3 because you got a great deal on the DS3 but not so much on the OC3.

You've just spent a lot of CPU cycles trying ot figure out which path to use. Now ... do this on hardware from 10-15 years ago. Well, first off, unless your at a NAP 10 years ago, doing this would require expensive memory upgrades on your routers because most didn't have the ram required to deal with a such a routing table in the first place, now add in the processing increase your going to need because even though you can cache routes and deal with updating the cache only as the external paths change, it only helps so much because those external paths change a lot so your cache hits have to be revalidated more often than you think. God forbid you have a flapping connection, as I can tell you from personal experience, on many routers from 15 years ago, a flap of a line that relays BGP information resulted in a router that was busy for a few seconds dealing with the BGP changes unless it was a fairly high end router.

So ... the point to all that is, a lot of the way address space was assigned was because the hardware we had to work with 'back in the day' was only capable of so much.

Okay, so now we can do better, great! Lets readdress everyone ...

I'm not going to bother going into the complexities of re-addressing a large network, but its rather a pain in the arse and can cost a whole hell of a lot of money in IT resources. So when you look at the big picture and think, 'well, I can readdress now and help deal with the problem and then have to eventually switch to the new protocol (for now, IPv6) eventually anyway OR I can wait till everyone has to switch to the new protocol because of this problem and only do it once'

It makes more sense to wait and do it at once, save yourself some money, deal with it when everyone else does, and deal with the least amount of work you can until that time. And ... this is how businesses make money, but not doing extra work they are just going to have to do again later if they can prevent it.

Of course, on that same note, there are plenty of businesses which don't exist yet that will make a killing off the scare of running out of IPv4 address space and the switch to IPv6 ... just like all the ones who made out over y2k fears/bugs.

Re:It's a sham - the Internet is mostly dark

[mxs]

You are an exceptionally bad engineer, coder, thinker, and internet citizen.

The sad part is, most of the IP addresses in question are... dark. Nothing there. Even though we're approaching 85% allocation, utilization is probably around 1-2%. No, I'm not kidding.

And you have ANY hard data to back that up ? No. Others are trying to come up with better metrics (http://www.potaroo.net/tools/ipv4/index.html is exceptionally verbose), but you ? You are not kidding about thinking that it maybe probably is around 1-2% ... Wow.

Try it yourself - hack up some script to randomly generate IPs and then ping sweep the network blocks. You'll probably be quite surprised at the result.

Bzzzt. No, I would not be -- nor should anybody be. First of all, it's not a requirement for every address to be routable to (and you can check that much better by looking at what percentage of prefixes are actually advertized). Second, many, MANY hosts and networks are behind firewalls, intrusion detection & response systems, etc. -- a "simple pingscan" can easily land you in a black hole at the network border after a couple of pings -- if access to those machines is even allowed from your network. Sure, in consumer broadband connections you don't often have such firewalls restricting inbound access, but that's not the "entire internet". Hell, go ping amazon.com and see what you get back. Nada, that's what.

A while back, I wanted to have a way to detect if a host was "offline" so that it could modify its behavior. (EG: halt outgoing SOAP requests if the server's network connection was disrupted, preventing bogus error messages from entering the system)

A problem many others have faced and solved before you.

My first thought was to randomly generate 10 IP addresses, then ping them to see if they were offline, guessing that at least 50% would respond.

Accounting for the different classes of addresses, unroutable space, bogons, etc. in that random calculation would be more work than the result is worth, especially seeing as how the state of netblocks can change over time. I wonder, why was your first thought to crap out (at least) 10 packets to the net that really are not needed ? What possible reason could there be for you to automatically ping a cellphone in Singapore ? Just imagine everybody doing this, just to check whether they are "online" ... How about choosing some well-known addresses (such as one of your own servers in a different locale, or possibly "well-known" servers that you know will respond and that don't mind a ping from you every now and then ... Not only do you get a 100% response rate when everything is working correctly, you also forego abusing bandwidth in remote locales you are not at all interested in.

Basically, none did. So, then I tried randomizing addresses and keeping a list of only those that had, at one time, responded. Even that turned out to be unfruitful.

You know, while still a bit dickish, it might have occured to you that most of {a-m}.root-servers.net do reply to ping or DNS requests. So do, in all likelihood, a router in your upstream, or DNS resolvers you know about. Instead, you now latch on to addresses that respond. The cellphone in Singapore, for instance.

So finally, I took a dictionary and randomly created domain names from 1-2 normal dictionary words, pinging those, and keeping a list.

Ah. So now that flooding ICMP out to the net is not enough, you have to litter it with bogus DNS requests the reply to which you are not really interested in. Again, imagine EVERYBODY doing this. Why not pick 10 known domain names and always ping those ? At least the results will be cached, and you may even choose ones whose owners you know and can ask whether they mind to be flooded with icmp every now and then.

That yielded some 40% usable responses, allowing me to keep a list of fairly

Re:

[Ashtead]

Maybe 1 or 2 percent is a bit on the low side, but there is a lot of attrition with sub-netting /30s, where there are 4 addresses taken, of which two (one half) are the network and the broadcast address (x00 and x11) leaving the remaining two (x01 and x10) for actual devices, of which one will most likely be a router or gateway, and the last one is the actual server doing something interesting.

On the other hand, several ISPs use dynamic allocation when assigning IP-addresses to their customers, and a numb

Re:

[vertinox]

The only problem is people don't get very motivated until we're really on the edge.

The key problem with that is that the longer you wait the more equipment you have to replace and/or upgrade. And more upgrades and replacements means more money spent that would otherwise not had the equipment been installed with IPv6 from the get go.

So if you wait too long you can cripple your company/agency with overhead in contractor and equipment costs which could have been averted if you implemented a plan earlier. Of co

Re:Just Like Oil

[WhiteWolf666]

Offtopic, but---

It simply doesn't follow that Co2 levels haven't ever been this high. That Co2 that we are generating; you know, from fossil fuels?

Where do you think it was before it became fossilized?

http://www.geocraft.com/WVFossils/PageMill_Images/image277.gif [geocraft.com]

For most of the current Cenozoic era, Co2 levels have been *higher* than they currently are. The *only* possible issue with "global warming" right now is whether or not the rapid rate of change in Co2 levels will be damaging, not the absolute level of Co2 in the atmosphere.

For example, during the Jurassic period, Co2 levels were at 1800 ppm. During the Cambrian period, Co2 levels were 5000 ppm. Currently, Co2 levels are at 378 ppm, and even if we burn ALL known sources of Fossil Fuels it is unlikely we will drive that above 900 ppm or so.

Oh Noes The Internets!

[Apple Acolyte]

We're running out of tubes!!!

Seriously, though, I have a feeling that IPv4 will be saved by an ingenious tech solution far in advance of the world running out of addresses.

Re:

[betterunixthanunix]

An ingenious solution like...IPv6? We have the solution already. We just need to get people off their behinds and get it implemented.

Re:

[jez9999]

Seriously, though, I have a feeling that IPv4 will be saved by an ingenious tech solution far in advance of the world running out of addresses.

Yeah, there are loads of great solutions that you can just invent really easily.

For example, we could put the whole world on 1 IPv4 IP. Then we simply use a secondary metric for determining which host we want to send data to; this could be a 128 bit number, meaning there will easily be enough secondary numbers for all hosts in the world for a long time to come.

Re:

[timeOday]

That's what NAT already does; the secondary metric is the port number.

Re:

[timeOday]

Well, it's 64K * 4 billion. The 4 billion does help some.

My home network allows over 10M hosts

[davidwr]

Sadly, it can't Talk dirEctly to my Next-DOor neighbor, who runs an equally large neTwork.

Re:

[Junta]

Unfortunately, it Looks like my network is more Awesome (over a septillion hosts, and less than one in a trillion chance it would conflict with my neighbor's)

Re:

[Ankur Dave]

10.0.0.0/8 is one of the IP blocks allocated as for private networks (ten dot star), but if hosts are in a private network they can't contact other private networks directly.

Good.

[Anonymous Coward]

Maybe we can finally get rid of the abomination that is NAT. Then all those Windows machines will become exposed to the Real Internet, and the false sense of security granted by their little home router will shatter the illusion of Windows stability once and for all.

Either that, or router manufacturers will start including SPI firewalls that aren't completely useless.

Re:

[Macrat]

There is an illusion of Windows stability?

temporary fix

[JeanBaptiste]

just switch to IPv5 until things get sorted out

Re:

[account_deleted]

Comment removed based on user account deletion

IPV6, a lame solution for no problem

[Anonymous Coward]

So just because people waste IPv4 addresses by not using NAT and not recycling unused addresses, we want to force everyone to go to a solution that won't work correctly on existing devices that don't support v6, has a completely silly address, makes people get out from behind the elegant and awesome solution of NATs, and is basically poorly conceived, designed and executed?

Forcing v6 will be a disaster. It's better to force people to better implement v4 and take that time to design a system that will expan

NAT Sucks

[JSBiff]

NAT is, well, better than nothing, which, currently, is your alternative. But I'd hardly call it an "elegant and awesome solution". IMO, ultimately, NAT sucks because you *do not have a globally routable address* for devices in your network. Sure, that gives some security benefits, but makes it a PITA when you do want to open connections directly to a computer or consumer electronic device in your network.

A few reasons you might want to have a public address inside your network:

* Direct VOIP telephony (SIP, Skype, various instant messenger clients, run a TeamSpeak Server), etc

* Running game servers, web server, mail server, etc

* Remote access (VNC, SSH, etc)

* Direct file transfer with a friend (I've, from time to time, run into problems with things like instant messenger client based file transfers not working behind a NAT - though they do seem to have somewhat alleviated that problem - I suspect by routing my file transfer through the IM network instead of directly to the other person), or P2P file sharing systems, like Bittorrent - yes, they can usually work behind NATs; but they work better if direct connections could be more easily made).

Yes, yes, I know about port forwarding. That's fine and dandy as long as you only have a single device per port that you want to allow incoming traffic to. Ultimately, IPv6 is a much better solution to the problem of address space limitations than is NAT. NAT usually requires software to do ugly hacks to get around the limitations of only allowing outbound connections. A simple firewall with every device having a global address is a better solution, because then I can open up as many ports to as many devices as I like, without having to worry about only allowing one device per port.

I've had a number of times where I've been extremely frustrated by NAT. Often times, if software isn't explicitly written with NAT in mind, and the problems it creates, then it won't work well in a NAT'ed network.

more the story

[trybywrench]

The only justification you ever hear for moving to IPv6 is address exhaustion in IPv4. There's a lot of other stuff built into the protocol that will make the net a much better place. Even if IPv4 had the same amount of addresses as IPv6 it would still be worthwhile to switch. Just give this a once over for an introduction

http://en.wikipedia.org/wiki/Ipv6#Features_and_differences_from_IPv4 [wikipedia.org]

Re:more the story

[gclef]

Yes, lets take a look at those:

Larger address space
This is the address exhaustion argument.

Stateless address autoconfiguration (SLAAC)
Interesting, but not a selling point for users, and will make administrative management a pain in the ass. Most networks will use DHCPv6 to have records of which host had a given IP address...but they'll still have to run AutoConf to get a default gateway. This kind of split is annoying more than it's helpful.

Multicast
This is really only used on the link level, with one or two site-level things. I don't think this will not be used heavily. Also, if you want multicast, it's already available in IPv4. So this isn't really a gain with IPv6.

Link-local addresses
End users don't care, most sites won't care. In fact, the only people who do care are the authors of EIGRPv6 and OSPFv6 implementation. This isn't really a gain...just a difference.

Jumbograms The first possibly interesting thing in the list. It won't be used by many places, but DB->App server jumbograms are a common thing in IPv4, and making those bigger & standard is a reasonable gain.

Network-layer security
aka IPSec. Implemented, but key exchange is left as an exercise for the reader. (In other words, it's not happening.) This will be used very, very rarely. This is also something that's already available in IPv4, so not a gain for IPv6.

Mobility
Interesting, and also something definitely new....but not actually implemented anywhere. Not clear if this will fly at all.

No more checksum at the network layer
I'm not sure if anyone really cares.

In short, the single biggest selling point for the vast majority of businesses and users really is the extra size. The other stuff is either already available in IPv4, or only useful for some rare cases. In the majority of cases, the extra IP space is IPv6's only real selling point.

I don't expect much to change

[Waffle Iron]

ISPs see the limited IPv4 address space as a revenue stream. Many of them charge almost double for the privilege of getting a fixed public IP address. They don't have to spend money on a lot of scarce IP addresses themselves since they can always stick their customers in NAT ghettos.

They're not going to be very eager to give up their position as a gatekeeper of a limited resource just so their customers can frolick in a vast address space for free. Since most of them operate in a monopoly or duopoly situation, the proverbial "free market" won't force them to move off IPv4 either.

Re:I don't expect much to change

[Tony Hoyle]

Exactly... Expect 'cheap' accounts to be allocated within a 10.x.x.x net long before an ISP thinks of implementing ipv6. They'll probably pitch it as a security feature ('let us control the firewall for you! Surf in safety! Only $10/month!').

If a user wants a public IP. That's more cost. If they want a *fixed* IP.. go talk to the business services manager over there.

If they do implement ipv6 it'll be done the same way. 1 ipv6 address per account (ipv6 NAT exists and has done for a while). If you want 8 of them that's more cost. If you want more than 256.. see that guy in a suit waving? Go hand him your chequebook.

And before anyone says 'but but we'll all get 16 million addresses!'.. yeah, over the rotting corpses of every major ISP in the world.

Re:

[Kjella]

While I'm sure that's true, surely many ISPs must be running into the same problem themselves? I mean it's not like they have a magic bag of IP addresses to take from either, even with NAT. When enough of them get tired of trying to squeeze IPs out of other ISPs or enough pissed customers that don't get real IPs, they'll probably band togather and move to IPv6. I'm not holding my breath though...

Re:

[Diagoras of Melos]

It's not just the ISP's deriving revenue from fixed IPv4 addresses. Aside from all the corporate Class A's mentioned up top, there are hundreds or thousands of Class B's, and many of them list the possession of these address pools as an asset on their balance sheets. They are fought over in bankruptcy court. It's outrageous.

I used to work for Ampex, the inventors of the VCR, once a company with about 20,000 employees, now essentially a patent licensing firm with fewer than a hundred. They have a Class B: 13

oh grow up

[Quadraginta]

I'm sorry, but this seems like a whole bunch of arrogant cluelessness rolled into one.

First of all, it certainly used to be easy to be an ISP, and there used to be a whole slew of mom 'n' pop ISP operations. The fact that a lot of those closed up shop has much more to do with the fact that they just couldn't compete with the cutthroat pricing the telcos (and to a much more limited extent) the cable companies were rolling out to acquire market share. If you're living in an area with only one or two ISP cho

Re:

[Danathar]

I expect once the address space runs out in IPv4 and new biz are FORCED to use IPv6 for their Web servers on the internet that there will be some screaming that public ISP's must provide v6 service to ALL customers.

If I want to start a business and it HAS to be on a v6 block because there are no v4 blocks left it would be a bit unfair competitively for me if the consumer ISP's refused to allow access to my web site due to lack of providing IPv6 to consumers.

I expect something like an edict from the Fed to c

Peak IP?

[misleb]

Have we reached Peak IP?

Re:

[Surt]

Depends on your interpretation. It is likely we have now created all the IP we are ever going to create. Allocation, however, is likely to continue to rise for many years to come.

Blame it on the man!

[Zaphod The 42nd]

This is all Al Gore's doing, I just know it. Go make the internet again, and this time do it right!

Re:

[The Angry Mick]

Go make the internet again, and this time do it right!

It wasn't his idea to put a refrigerator [lginternetfamily.co.uk] on the 'net.

IPv6 migration behind a NAT

[Midnight Thunder]

IPv6 is not quite there yet, with some of the popular web sites still not accessible via IPv6.

If you are stuck behind a home router, with NAT then you will probably find yourself unable to access IPv6 sites. In the meantime there are two solutions:
    - Teredo. If you have Vista this is standard. For everything else there is Miredo [remlab.net]
    - Aiccu. A litte more work and bureaucracy to get up an running, but a solution non-the less

Of course there is also Apple's Airport Extreme, which is one of the few home routers out there that support IPv6. I believe some of the third-party firmwares will do this too, but I don't think the IPv6 support is mature. As for Linksys, D-Link, et al. I think you are out of luck for the moment.

Also, if you running Apache, you will need a minium of Apache 2 and specify IPv6 support, using the configure script, prior to building it.

IP6 won't matter til Google supports it

[wowbagger]

Wake me up when I can pull up the main page of Google using nothing but packets with IP6 headers.

That means that I can do a DNS query using nothing but IP6 packets - NOT IP4 packets.
That means that I can do an HTTP transfer from Google's servers using nothing but IP6 packets - NOT IP4 packets.

Hell, wake me up when there's a AAAA record for Slashdot.

This is a *baby* step towards IP6 being useful.

Re:IP6 won't matter til Google supports it

[gbjbaanb]

This is a *baby* step towards IP6 being useful.

Yup. The thing with first steps is that you have to do them in order to make the second step (obviously), but then you can make a third and fourth steps. Next thing you know, you've got to where you were going.

Now Google can register an AAAA record, do you think they will? If they couldn't register one, do you think they would?

Re:IP6 won't matter til Google supports it

[Cajal]

This is actually a very important step towards what you want. About two-thirds of the TLDs have authoritative servers which are reachable over IPv6. There's a complete list at my blog - http://www.personal.psu.edu/dvm105/blogs/ipv6/2008/01/ipv6-dns.html [psu.edu]

So you can query the root and .com DNS servers using IPv6. If you want Google to be reachable over IPv6, go talk to Google. Everything higher in the tree is IPv6-enabled now. And Google has an IPv6 allocation from ARIN - they got a /32 2005 - http://ws.arin.net/whois/?queryinput=!%20NET6-2001-4860-1 [arin.net]

I agree that there isn't much content on the IPv6 internet now. So if you want it, yell at the content providers.

Consumer router support

[nsayer]

I've been waiting a while for Netgear, Linksys and that crowd to add 6to4 support to their home NAT routers as a way to help jump start IPv6 adoption. There would be no security issue if incoming connections were blocked by default and people could turn it off if they didn't want it. But 6to4 can be set up automatically by any machine with a publicly routable IPv4 address.

Well, I'm happy to say that my wait is finally over. They didn't make a big deal about it, so I don't know exactly when they did it, but Apple added that support to their Airport Extreme. So now when I go anywhere that has one of those, I can directly SSH into those inside machines that I've opened ports for without undue muss or fuss.

Apple has been a stalwart supporter of IPv6, from my observation. It's been possible to use AFP file sharing over IPv6 since at least Tiger and the built-in VNC stuff works over IPv6 too (though there is a naming lookup bug that requires you to connect using the IPv6 address literal if you use the command-K "Connect to" dialog).

So, Netgear and Linksys, what's holding you guys up?

I get a surprising number of IPv6 hits...

[Omnifarious]

I get a surprising number of IPv6 hits on my webserver at home. Most of these appear to be XP or Vista boxes with Internet connection sharing turned on that automatically assign themselves a 6to4 [wikipedia.org] addresses when they have an interface with a public IPv4 address.

IPv6 with 6to4 is easy to set up, and I'd recommend it to anybody who has a static IPv4 address. You can use NAT-PT [tomicki.net] so all your IPv6 hosts can still get to the IPv4 network. If you have a couple of DNS servers, you can even set up reverse DNS for your IPv6 network just the way you want using this nice web interface [nro.net] from the NRO [nro.net].

I maintain some good links to stuff about IPv6 on del.icio.us [del.icio.us].

I hate NAT. And I think IPv6 can be just as secure. Partly because a 64-bit address space is really hard to effectively randomly probe working addresses and partly because it's fairly easy to configure a firewall to not allow incoming connections.

Before IPV6 gets popular, it needs:

[JoeD]

Before IPV6 gets popular, it needs:

1. Home routers that support it.
And/or
2. DSL and cable modems that support it.

I'd love to convert my home network to IPV6, but as long as I connect through an IPV4 ISP, and my wireless router only does IPV4, I'm hosed.

Joe D

Re:

[nsayer]

Before IPV6 gets popular, it needs:

1. Home routers that support it.

Done [apple.com].

What about NATs

[llZENll]

So when IPv6 finally does become the norm, will there be any need for NATs on home routers, or will ISPs simply give you many addresses?

Re:

[Just Some Guy]

So when IPv6 finally does become the norm, will there be any need for NATs on home routers, or will ISPs simply give you many addresses?

Given a standard end-user allocation of a /64 network, you will have 1.8*10^19 addresses to play with. It is unlikely that you would need to fake more with NAT.

Re:

[imemyself]

Yeah, but I really have my doubts as to whether consumer ISP's will actually give their customers anything more address wise than they have now. Just because its recommended doesn't mean that ISP's will stop being dicks about it.

Re:

[Todd Knarr]

They'd have to really work at it. The normal IPv6 link configuration process only allows the ISP to set the leading /64 prefix. The trailing 64 bits are entirely determined by the host, and can't be forced to any particular value by the upstream router. It's possible to force the issue by way of MAC registration and DHCPv6 or a firewall, but it takes a fair amount of configuration to do it and it doesn't work well with the Windows IPv6 stack (which much prefers that you use stateless autoconfiguration of in

Projections

[mxs]

"Projections suggest that this unallocated pool will run out by 2011 at the latest.'"

Riight. Last I read it was 2011 for ARIN, 2012 for RIPE, assuming current allocation procedures. If allocation- and revocation-procedures are changed before then, "at the latest" suddenly becomes "at the earliest".

There is a problem, but it's not got a final due-by date attached to it just yet.

Double byte AS numbers are running out too

[MavEtJu]

Not only the IPv4 IP space is running on empty, at the last AusNOG conference (a must for everybody who is into internetworking) a talk was given about the similarities and differences in the allocation of AS numbers.

Where the IP space allocation graph shows an exponential line since 1990something, the AS number allocation graph shows a linear line.

The interesting thing is that somewhere in 2010/2011, when the IPv4 IP space is running out, also the double byte AS number allocation is running out. At around

Re:

[Tony Hoyle]

We've been hearing this 'addresses will run out by year x' for 20 years, and the predicted date has been wrong every single time. It's very hard to get enthusiastic about something that seems to be run by chicken little... Sure they'll run out eventually, and there's a network there to deal with it when it happens.. until then... zzzzzzz

If google, microsoft, redhat, CNN and the BBC (insert favourite site here) all go ipv6 (and by that I mean google starts indexing it too), that will be the year of ipv6.

Re:

[Midnight Thunder]

Look, IPv6 is all well and good, but apart from typing 1:: for localhost, how am I going remember my outside IP?

There shouldn't be an inside or outside for IPv6, since there is no notion of NAT. If you mean your router, then using a service like dyndns.org is an alternative.

Re:

[Abcd1234]

Look, IPv6 is all well and good, but apart from typing 1:: for localhost, how am I going remember my outside IP?

Uhh, using the DNS name you registered?

Re:

[kellyb9]

Look, IPv6 is all well and good, but apart from typing 1:: for localhost, how am I going remember my outside IP?

Ummmm... right it down?

Re:Great, IPv6, an insecure protocol

[Just Some Guy]

Lest anyone think this jackass is correct:

IPv6 barely supports firewalls or NATs, allowing any Joe Sixpack to see what your secured corporate network topology is like from anywhere.

It is not up to the protocol to support the hardware. And anyway, all good firewalls support IPv6 already. NAT? It's there if you're dumb enough to want it.

It also does not support reserved IP blocks... change ISPs, and you are forced to re-ip your whole network.

Step one: update your router to the new netblock.

Step two: sed -i'' 's/^old:net:block/new:addr:ess/' db.mydomain.com; rndc reload

Step three: laugh at people who go around changing ISPs all the time.

Of course, IPv6 has -zero- hooks for IP level encryption, so this has to be handled at the trensport or app level.

If only it support IPSec [ipv6.com], "the goal of [which] is to provide various security services for traffic at the IP layer, in both the IPv4 and IPv6 environments." Oh, wait...

Re:

[Just Some Guy]

With no ability to NAT or firewall in IPV6 , anyone on the external Internet can find out exactly what you have, theb stage targeted attacks on every single host on a private network.

End-user netblocks are 2^64 addresses in size. If an attacker could ping a billion hosts per second, it would still take them 585 years to scan a single block.

So, again, NAT-as-security is even dumber on IPv6 than it is on IPv4.

As for the stated IPsec, it was a nice draft... but never made in the standard.

From Wikipedia:

IPsec is a mandatory part of IPv6 (mandatory to implement, not mandatory to use), and is optional for use with IPv4.

Wow. Guess you're wrong there, too.

Re:

[growse]

I firewall ipv6 very nicely, thank you very much.

And you're last comment proves you're not a net admin.