Little Interest In Next-Gen Internet

Ant wrote in to mention a Computerworld article that is reporting on the slow acceptance of the IPv6 version of the internet. From the article: "Information Technology (IT) decision-makers, in U.S. businesses and government agencies, want better Internet security and easier network management. However, few see the next-generation Internet Protocol called IPv6 as helping them achieve their goals, according to a survey released Tuesday by Juniper Networks Inc."

Re:Give me an easy upgrade path

[MartinG]

What are you talking about?

I run ipv6 and ipv4 together on the same net all the time.

For ipv4 I have one static internet address on my router machine which provides NAT for all the other internal machines.

For ipv6, I have a /48 allocated to me so each machine has its own real ipv6 internet address and can talk directly to all other internet ipv6 addresses. (plus, I have over 281 trillion ip addresses spare for later)

Also the applications don't need writing for one or the other. By using the ipv6 API you automatically get support for ipv4 at the same time.

There is an easy upgrade path. What will really get folks upgrading is when more and more sites become ipv6 only. For example I am setting up a nature webcam site which will be ipv6 only for exactly this reason.

Re:Give me an easy upgrade path

[csgames]

Of course it can run on the same network. Just need a v6 connectivity, just as you have a v4 one. You absolutly don't need multiple nics! Are you one of those who think an interface can only be configured with one ipv4 address ?

Re:Give me an easy upgrade path

[Anonymous Coward]

IPv6 -> IPv4 proxies do not exist. All fantasy

Re:Give me an easy upgrade path

[iblech]

Ehm, I'm currently surfing on Slashdot (IPv4), while my mail is sent using an IPv6 SMTP server. I only have *one* connection to my ISP, and only one NIC, and only one router.

IPv4 and IPv6 can easily coexist, and IPv6-only programs don't even have to be modified to accept IPv4 connections (keyword "IPv4-mapped addresses").

A miracle?

Re:Give me an easy upgrade path

[dlippolt]

much to the dismay of all my developers, my answer to just about every problem is "you can use an ssh tunnel for that"

when i bought my powerbook 15 months ago, reverse tunnels stopped working, and it took me awhile to figure out why.

normally you'd run something like:

ssh -R 8080:localhost:8080 user@remotedevbox.com

to let a remote server access tomcat running on your laptop.

i suspect OSX routes "localhost" to the ipv6 address by default in this case. the solution was to change the tunnel:

ssh -R 8080:127.0.0.1:8080 user@remotedevbox.com

point being... from the "what have you done for me lately" perspective, ipv6 has been nothing but a headscratcher. and we're supposed to run the internet on it?

use this tunnel broker

[puzzled]

These guys have a good tunnel broker interface:

https://tb.ipv6.btexact.com/ [btexact.com]

I used these guys a couple of years ago and they made me very sad:

ipv6tb.he.net/

Re:What does ipv6 get you?

[Danathar]

Other than larger address space?

- New header format (less overhead in routers)
- A new Efficient and hierarchical addressing and routing infrastructure (again....less overhead in routers)
- Stateless and stateful address configuration (You could theoretically dump your DHCP servers)
- Built in IPsec
- Better support for QOS (Quality of service) in the protocol fields
- It's extensible (more headers can be added..it's in the protocol)

and more...

Please note:

[CrazySailor]

Juniper has a horse in the race, selling network devices.

There's currently an IPv6 conference [coalitionsummit.com] at which they're appearing as well. The conference ends today (2005-May-26).

There's a Washington Post [washingtonpost.com] article [washingtonpost.com] on the summit.

I'm posting from the summit, where they have a IPv6 802.11 network up for visitors use.

Re:Need more software and support

[Qzukk]

When they get around to rebuilding their kernel and hitting Y next to ip6tables.

Re:Give me an easy upgrade path

[Anonymous Coward]

It's not backwards compatible, that is true. But why can't you run it on the same net? Interfaces support both, at the same time.

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host

Re:NAT works...

[Anonymous Coward]

The heck?

No backward compatibility ::ffff:* is specifically for backwards compatibility with IPv4.

ugly naming scheme (tell me , who like ::1 ?)

And 127.0.0.1 is better? Easier to type? Shorter? This is a moot point, this is why ISC gave us bind, from which flows an endless bounty of hostnames.

the requirement for large IP chunks for offices and stuff disappeared.

What rock have you been hiding under? Game playing through NAT is nearly impossible. Scratch that... if there is more than one person trying to play the same MMORPG from the same IP, it IS impossible for many games.

As someone else mentioned, connecting two NATted offices via a VPN is incredibly difficult when they both use the same 192.168.1.x addresses. The list goes on and on.

Could have had a V8 - IPV8 that is!

[RouterSlayer]

Hey guys, how about you get a clue?

Try IPV8! its a hell of a lot better!

its backward compatible with IPv4 - not necessary to change all the internet hardware or BS

and it has a LOT more addresses than Ipv6 ever will.

Dont like it? then try IPV16 !!!

sheesh you guys are behind the times... really!

Re:NAT works...

[dpilot]

>NAT is not good enough.
Good enough for whom. That's the first, and unfortunately only real question that we have to ask, here. From my own personal point of view, I agree with every one of your points. But your and my points of view don't really count.

Think of another point of view. Think of ??AA, for instance, as the most visible, and current whipping boy of the /. community.
>Too many things have to work around NAT problems.
Problems? NAT has no problems. The only "problem" is that some people have the wrong concept of the Internet, thinking of it as some bizarre "end to end" system. It's really supposed to be like broadcasting-on-demand, with a few handy things like email and customer feedback thrown in.
>I run a small network and all the users running filesharing programs have problems. I have to give them each a port.
Filesharing is EVIL. NAT is good, in that it hinders filesharing.
>What happens when more than one of them wants to run server for a protocol which needs a specific port? SMTP?
Ordinary people should NEVER run servers, only ISPs should, especially SMTP. Only ISPs and corporate IT departments could possibly have a clue about how to properly secure SMTP, or any other server.
>Why shouldn't people be able to have full IP connectivity? NAT does not provide that, and UPNP is not enough to fix that.
As I said, only corporate intersts need full IP connectivity, for regular people it's highly undesirable.

To go a little further, the article talks about the improved QOS available from IPV6, and how it makes streaming media MUCH better. That's BAD too, because QOS is a function more properly implemented by the ISP. That way the ISP can push streaming media to you - for a fee, while other media just won't stream without hiccups. That way the Baby Bells can be secure phone providers, because they can make sure THEY offer the best VOIP and everyone else's has hiccups.

Nope, from a corporate interest point of view, IPV6 is BAD. In a simplistic point of view, and without bringing EVIL into the discussion, it's bad for profits.

India/China IPv4 myth

[shani]

It's just FUD. Probably from IPv6 fan-boys.

But don't take it from me. Take it from the guy who runs the organisation that gives out addresses to India and China [com.com].

Re:will IPv6 give me an unique identifier?

[Wouter Van Hemel]

You can run dhcp on ipv6. Your isp can choose how they set up things, just like with ipv4.

Autoconfiguration with MAC addresses might not be the answer for ISP networks, since an ISP might not have enough control about people's NICs or how they will use MAC numbers. I suspect they will offer two solutions: one DHCP-like with 1 ip for cheaper accounts, and one with /64 subnetting for more expensive accounts.

In 2000, I had an ISP that had native ipv6 support, and I was assigned one random ipv6 address through dhcp.

As I understand it, one of the main selling points of the whole ipv6 setup was that end-users would be alotted a /64 to enable them to connect more smart appliances without the hack of NATed networks (although I wish ignorant end-users would be forced to put their windows disasters behind a NAT firewall)... So personally, I would like to have a fixed /64 and use the internet as it was meant to be, with direct access to my machines at home.

Lost in the debate

[rockhome]

I posted about this a couple of years ago I think.

Everyone keeps talkign about NAT and its problems and support for apps and services. The real reason that IPv6 isn't being adopted is because core backbone providers aren't forcing it. No one has made a real commitment to IPv6, so it is not used at the enterprise level.

If you start with service providers, I don't believe that there is a lot of IPv6 even at that level. This is only really my conjecture, but as a consultant in the network management space, I don't hear customers begging for products that support IPv6. And until the backbone providers , and the IETF, decide that IPv6 must go forward, NAT is going to work for most people, and not much will change.

IPv6 is going to be a tough row to hoe, it will necessitate a lot of updates to libraries and software before it can be fully supported. A lot of companies spend a lot of money every year to monitor and manage their business systems with IPv4 based applications, and aren't going to risks the expense until IPv6 is necessary and vendors fully support it.

Re:Need more software and support

[Just Some Guy]

there's not even a good IPv6 firewall up and running

Ahem [openbsd.org].

Re:A sound point

[Anonymous Coward]

The whole point of converting to IPv6 is that a user is not required to memorize a number. With IPv6 it'd be nearly impossible. Thus the integration with name resolution services such as DNS or WINS. The reason SysAdmins are reluctant to switch are two fold. One, cost prohibitive still. An IPv4 router is much cheaper than an IPv6 router. Second, with the advent of NAT, many SysAdmins see no reason to switch. However, with IPv6, administration of IP networks is immensely easier because of auto-configuration built in to the protocol, security via IPSec, and easier route aggregation.

Re:Duh

[quantum bit]

Not picking on you in particular cHiphead, just happened to be a convenient place to post.

IPv6 = everybody gets their own ip address, walk up to a computer, swipe your worldID card, it switches to your personal ip.

Except it doesn't work like that. IPv6 uses a hierarchical routing model, much stricter even than IPv4 classful routing.

The IPv6 address you get assigned (each customer is supposed to get their own /48 subnet, we'll see) comes out of your ISPs pool, which is probably a /32 or something. The really big carriers (i.e. backbone) get /24s, and they allocate smaller subnets to smaller ISPs. The big carriers get their subnets assigned out of a pool, but of the remaining 24 bits, the first 3 specify the address type and the last 8 are reserved. That leaves 13 bits, so there can be a maximum of 8192 "big" carriers (called TLAs).

Now, unlike the current internet, ONLY TLA's exchange routing information with each other. Every single address withing a TLA's block MUST be routable from one of its peering points. Routing between the TLA blocks may only happen at those top-level points. Small netblocks are no longer portable, so when you change ISPs, you get new addresses. No exceptions -- doesn't matter how many you have. That also means if you want to have a redundant connection for your server (multiple ISPs), it has to have multiple IP addresses too. No more BGP tricks.

So you can't assign an IPv6 address to a person, as every terminal they use has to have a different address by definition of IPv6.

The other common misconception is that IPv6 has more addresses (2^128) than particules in the known universe. This isn't really true as the lower 64 bits are not routable. They're usually automatically derived from the 48-bit MAC address, but can be statically assigned if so desired. Even if you did statically assign them, all (2^64)-2 of them would have to be on the same (flat) subnet, which would be one huge honkin LAN.

So that really only leaves 2^64 routable networks, each of which MAY have a lot of machines but in practice probably won't have more than 100-200 max, and probably averaging much lower than that. If you take into account that the specification calls for each customer to be given their own 48-bit subnet (giving them 16 bits worth to route internally if they so desire), there isn't just a whole lot more room then IPv4 because so much is forced to sit unused. It is considerably more to work with yes, but not astronomically like many people seem to think.

Ok, sorry for the rant, but just trying to make sure reasonably accurate information gets posted somewhere :)

Re:Duh

[BridgeBum]

Certs use names, not IPs for certification. It is common practice to have web server farms running on private IP space (RFC1918) behind a load balancer.
The certs can and frequently do live on each server. The cert needs to match the URL domain name you are hitting, otherwise browsers pop-up a warning.

(There are other factors which trigger pop-ups as well.)

In otherwords, one IP can serve an entire farm of hosts. In fact, one IP can serve more than one domain, by using different webservers running on different TCP ports behind said load balancer above.

None of this is in the least bit unusual in today's internet.