×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

There Is No Plan B, the Ugly Transition To IPv6

CmdrTaco posted more than 3 years ago | from the no-not-that-plan-b dept.

Networking 717

An anonymous reader writes "The Internet is running out of IPv4 addresses — not at some point in the future, but right now. But the only solution to the problem, IPv6, is just now really starting to be deployed. That's why we're all in for some tough times ahead."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

717 comments

Reclaim Some? (5, Funny)

d0nster (989432) | more than 3 years ago | (#33746018)

Maybe we should reclaim some of AOL's massive block of addresses. It would help a little in the short run. And they sure aren't using them.

Re:Reclaim Some? (0)

Anonymous Coward | more than 3 years ago | (#33746164)

That helps for a couple of months at most, why put effort into bandaid?

Re:Reclaim Some? (1)

Darth_brooks (180756) | more than 3 years ago | (#33746236)

kidding aside, I'd be interested to know what the actual Class A block utilization numbers look like.

Re:Reclaim Some? (5, Informative)

Carewolf (581105) | more than 3 years ago | (#33746330)

kidding aside, I'd be interested to know what the actual Class A block utilization numbers look like.

True, that is obligatory. Map of the Internet [xkcd.com]

Re:Reclaim Some? (0)

Anonymous Coward | more than 3 years ago | (#33746406)

It's not exactly an accurate map. A lot of those A level owners have turned in large sections of their unused IPs to free them up and lessen the crunch.

Re:Reclaim Some? (5, Informative)

kaptink (699820) | more than 3 years ago | (#33746482)

I've wondered why this hasnt been done sooner. There are some relatively small groups out there with class A blocks (16.7m) still. Make those who own these blocks justify their use. I believe back when the internet was just a wee bub, IP addresses were handed out to anyone who wanted them. And some companies just took huge chunks.

Have a look at this list for starters http://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks [wikipedia.org] or http://abhishek.nagar.me/content/class-ip-address-and-owners [nagar.me]

Some organizations, such as Stanford University, formerly using 36.0.0.0/8, have returned their allocated block to assist in the delay of the exhaustion of addresses. Perhaps some others could follow in their steps.

Why didn't somebody tell us? (5, Funny)

Anonymous Coward | more than 3 years ago | (#33746036)

What? We're running out of IPv4 addresses? Why are we only learning this NOW? This is an outrage! Why haven't tech sites told us about this problem sooner...say, several times a year?

Right now? (0, Redundant)

aliquis (678370) | more than 3 years ago | (#33746166)

Exactly. Haven't we been running out of them for at least the last 10 years?

Awesome that no-one ever cared.

I can't see why anyone would now either.

Is it all thanks to Microsoft? Other network equipment? Embedded systems?

Re:Right now? (4, Insightful)

2.7182 (819680) | more than 3 years ago | (#33746224)

Actually you might say we've been running out of them since the moment the first one was assigned...

Re:Right now? (1, Funny)

Anonymous Coward | more than 3 years ago | (#33746368)

we're running out of ipv6 addresses!

buy your *now*

Re:Right now? (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33746340)

Exactly. Haven't we been running out of them for at least the last 10 years?

Awesome that no-one ever cared.

It will be like this as well for oil and clean water and air. Populations need to learn to dis-trust their businesses and governments more, that would be a good start and a help. It would also help a lot if people learned to look themselves in the eye.

Re:Why didn't somebody tell us? (2, Insightful)

catmistake (814204) | more than 3 years ago | (#33746308)

What? We're running out of IPv4 addresses? Why are we only learning this NOW? This is an outrage! Why haven't tech sites told us about this problem sooner...say, several times a year?

LOL Sarcasm aside... wouldn't it be better not to tell anyone? Just let them... how do I say this... movie metaphors might help... like letting them remain asleep inside the Matrix, or Inception style, dreaming inside their dream, or IPv6 is "oh, this is the real party" from Brain Candy. Then the NEW IPv6 Internet could be Flash-free! No more click fraud on pr0n sites! Just think of it!

Article invalid (2, Insightful)

drinkypoo (153816) | more than 3 years ago | (#33746038)

Article invalid: Author considers NAT to be a security mechanism, and specifically cites Windows ICS as the example... I've personally had Windows machines owned by infected machines on the same segment.

Re:Article invalid (1)

arndawg (1468629) | more than 3 years ago | (#33746076)

blablablabla. i99% of the times, NAT is in conjunction with a stateful firewall. That's why people say NAT = FIREWALLED.

Re:Article invalid (3, Interesting)

drinkypoo (153816) | more than 3 years ago | (#33746146)

blablablabla. i99% of the times, NAT is in conjunction with a stateful firewall. That's why people say NAT = FIREWALLED.

And yet, if you RTFA (I know, I must be new here) he talks about how dropping NAT led to having to use a firewall.

Windows ICS NAT never saved anybody. The machine which would be compromised is behind another system of the same or similar OS and vulnerabilities.

Re:Article invalid (1)

Ephemeriis (315124) | more than 3 years ago | (#33746526)

blablablabla. i99% of the times, NAT is in conjunction with a stateful firewall. That's why people say NAT = FIREWALLED.

So if shoes are normally encountered in the presence of socks, shoes are the same as socks?

Seems a little lazy to me...

Regardless, NAT is not a security mechanism. It is not the equivalent of a firewall. And removing NAT will not prevent you from putting in a firewall.

Re:Article invalid (3, Insightful)

jra (5600) | more than 3 years ago | (#33746108)

It *is* a security mechanism: you can't Ping Of Death a machine that doesn't have a routable address from the public Internet.

That doesn't say it's a *sufficient* security mechanism for any specific threat, but saying simply that it is *not* one is ignorant.

Re:Article invalid (2, Interesting)

aliquis (678370) | more than 3 years ago | (#33746200)

Nah you just ping the address you know and the machine behind that one still get borked.

Great.

I doubt OMGYOUCAN'TPINGME is the greatest benefit.

Re:Article invalid (1)

MightyMartian (840721) | more than 3 years ago | (#33746568)

That's only if you're redirecting ICMP packets. I don't know of too many people who do that on machines behind NAT firewalls, and the only time I ever did it was while working for a small ISP that had clients on a NATed proprietary wireless network who wanted a public static IP with all the fixings. I certainly wouldn't do it as a rule of thumb, leaving the dealing with such attacks to the firewall.

Re:Article invalid (1)

zlogic (892404) | more than 3 years ago | (#33746518)

That's about as stupid as locking the keys inside your car to prevent someone from stealing them from your pocket.

Re:Article invalid (2, Insightful)

jeffmeden (135043) | more than 3 years ago | (#33746126)

NAT is insecure only if the machine operating the NAT is insecure. A host running a NAT with sufficient hardness/dumbness will shield the interior machines from any sort of inbound attack; the fact that they are unaddressable from the outside is as secure as you can get without unplugging. An attacker on the inside is a different story but that attack vector would exist with or without an internet in the first place.

Cue the "oh but there are insecure browsers/email/cellphones/whatever" crowd in 3, 2, 1...

Re:Article invalid (1)

aliquis (678370) | more than 3 years ago | (#33746216)

NAT is insecure only if the machine operating the NAT is insecure.

I locked my NAT machine inside a bunker and hooked up my Macbook Pro through WIFI outside and now it's stolen.

Re:Article invalid (1)

jeffmeden (135043) | more than 3 years ago | (#33746428)

Yeah but the OS was intrusion free when it got nicked, wasn't it?

Re:Article invalid (1)

aliquis (678370) | more than 3 years ago | (#33746596)

Yeah but the OS was intrusion free when it got nicked, wasn't it?

Yeah, lucky me! ;D

Kinda like everyone claiming OS X and Linux is so secure because you don't use them as root.

Never mind someone can wipe all your data. Atleast your OS is safe! ;D

I'd rather host a DDoS zombie than have my data ruined :)

And still I don't do backups ;D

Hurray for me!

There is truth in what you say - (3, Interesting)

anti-NAT (709310) | more than 3 years ago | (#33746346)

attackers don't only come from the Internet. The "hard shell, gooey centre" security model is doomed now that people are buying laptops, ipads, iphones etc. Mobile devices need to protect themselves, and since everybody is buying mobile devices, upstream network located firewalls are losing their effectiveness.

Next bubble? (1)

Average_Joe_Sixpack (534373) | more than 3 years ago | (#33746044)

1980s Real Estate
1990s Tech Stocks
2000s Commodities
2010s IPv4 addresses

Re:Next bubble? (0, Offtopic)

Thanshin (1188877) | more than 3 years ago | (#33746206)

1980s Real Estate
1990s Tech Stocks
2000s Commodities
2010s IPv4 addresses

2020 The year of linux on the desktop?

Re:Next bubble? (1)

aliquis (678370) | more than 3 years ago | (#33746350)

Gold?

Maybe one could say the dollar is bursting right now? Euro to follow? =P

Anyhow I think real estate and stocks in general burst more often than that =P, at least nowadays :)

Over here in Sweden we haven't had our housing burst yet. People have already taken loans of 8.8% more than the same month last year, probably since rates are very low thanks to the global economical situation and "real estate always increase in value!". Loans are up to 2600 billion SEK atm. They are even complaining that you can only get a house loan of 85% of the value of the house (since they lack the first 15%, but sure they can pay more than 100% later!!) and not more as you used to. But that doesn't matter because they just take a blanco loan instead. They also sort their short-term economic situations by taking SMS loans with thousands of percents of rate.

Some US (?, I have the video in a tab but I'm too lazy to check it up) guy claimed Dow Jones would fall to 1000, it's at around 10800 now. Some article speculated in that it would raise to 14000 since there was a presidential election and it usually raised by 50% during those. So between those 1000 and 14000 I guess we could say: We don't know. But oh well, analysis like that doesn't make you a lot of money :D

Re:Next bubble? (1)

aliquis (678370) | more than 3 years ago | (#33746422)

(But everyone claim gold is secure in any situation you can think of. Afraid of inflation? Buy gold! Afraid of deflation? Buy gold! Want to instead in raw materials? Buy gold! Think the stock market will crash but still want to invest in something? Buy gold!)

I wonder how it will work in the case of starvation =P

So, anyone want to buy tulips?!

Does anyone know.... (1, Interesting)

Anonymous Coward | more than 3 years ago | (#33746048)

...how many patents related to IPv6 were filed until now?

The IPv6 nightmare begins with it's design... (1, Interesting)

AbbeyRoad (198852) | more than 3 years ago | (#33746058)

Re:The IPv6 nightmare begins with it's design... (3, Insightful)

jra (5600) | more than 3 years ago | (#33746098)

Wow. DJB misunderstands something?

Say it ain't so, Joe!

(His piece, written in his usual "I am not at all nuts" style, assumes that IPv6 is *solely* a new "address space", and not an entire replacement protocol.

(While that might have been a better design, smarter people than me decided it wasn't practical to approach it that way, so listing the ways in which that wasn't well implemented is useless, since *that wasn't what they were TRYING to implement*; the entire page is a strawman.)

Re:The IPv6 nightmare begins with it's design... (5, Interesting)

TheRaven64 (641858) | more than 3 years ago | (#33746256)

While that might have been a better design, smarter people than me decided it wasn't practical to approach it that way

The problem with the approach is that it's very difficult to do in a way that doesn't break backwards compatibility, and if you're going to break compatibility then you may as well fix other things at the same time.

One option, for example, might have been to get rid of the port field as a fixed length and make network, machine, and port number all combined in the same way that network and machine addresses are now. This would let you have, for example, 256 ports per machine while getting 256 times as many IP addresses, or doubling the available addresses at the cost of only having 32K ports per machine. Only the routers at the very last hope would need any modification for this to work. Since you only need a unique port for each app that connects to the Internet (you can reuse ports, as long as the remote end is different), 2^16 is a lot more than most machines need, and losing 3-4 bits from the port field would be a lot more convenient than NAT for a lot of home users.

Of course, that would still not be a good long-term solution. After a little while, you'd end up with the port field being shortened so much that people would complain. You'd also have the problem that you actually use the variable-length port field, every machine on your local segment would need an upgraded network stack, and protocols that expected to be able to use high port numbers would have serious problems.

The effort in deploying such a solution would only be slightly lower than the effort of deploying IPv6 and it would be a significantly inferior long-term fix.

Re:The IPv6 nightmare begins with it's design... (1)

hedwards (940851) | more than 3 years ago | (#33746374)

Precisely, there's all sorts of things you can do if you're not concerned with backwards compatibility. One of the main reasons why Apple has been resurgent in the OS market is that they broke backwards compatibility and made some really significant changes to the way their platform worked. OSX is significantly more reliable and more stable than their previous releases were. Mainly because they completely redid things with experience from known stable OSes.

MS has had a lot of trouble due to trying to maintain too much compatibility for too long. It's a competitive advantage that they can run old code, giving that up would make it much easier for people to switch platforms.

Re:The IPv6 nightmare begins with it's design... (0)

Anonymous Coward | more than 3 years ago | (#33746218)

the most hilarious part about that whole thing is that IPv4 is already embedded in IPv6. ie, IPv6 clients can talk to IPv4 hosts, and djb is wrong about everything. It's the routers that must be upgraded first, because they're the ones responsible for recognizing "oh this IPv6 host wants to talk to this IPv4 host and I need to convert the protocol here because this is the last hop that understands IPv6"

Re:The IPv6 nightmare begins with it's design... (1)

ewanm89 (1052822) | more than 3 years ago | (#33746392)

Host operating systems tend to already have support, Linux was early in 1996 with experimental support. By 2005 all the major desktop systems had support (well, winxp needed download from Microsoft). We've known this year is coming for quite some time. Also IPv6 is actually more effecient, removing a lot of the left over ARPA cruft that is nolonger neccersary, for an address size at 4 times the size of IPv4, the IP packet header is only twice the size. The problem is the router manufacturers and network engineers don't like it cause it's quite different from IPv4 with that cruft removed, and they can't seem to read the RFCs. FInally I had a friend who stated that IPv6 needs all routers to support it, as if 6to4 tunneling didn't exist. As long as it'll pass on protocol 41 packets like any other it works fine (with the necesity of manually forwarding through a NAT for the standard reasons.

Re:The IPv6 nightmare begins with it's design... (1)

hedwards (940851) | more than 3 years ago | (#33746410)

The problem is outside the home. There's no reason why people at home need to switch from IPv4 to IPv6, you can just replace or upgrade the modem to convert between the two without a whole lot of trouble. You can include NAT which does the translation nicely.

The bigger problem is that the ISPs haven't made it available yet in any universal way. I just checked the other day and Qwest still hasn't, as far as I can tell, made it available, definitely not on my modem anyways.

Re:The IPv6 nightmare begins with it's design... (1)

julesh (229690) | more than 3 years ago | (#33746452)

http://cr.yp.to/djbdns/ipv6mess.html

Much as I respect DJB (ROTFL), he's talking utter bullshit, and has clearly never used a modern implementation of IPv6.

Suppose someone sells you a public IPv6 address. You put your computer on that address. You find that you can't reach the CNN servers or the Google servers or your company's web servers. How will you react?

This is an example of what's called an interoperability failure. Right now, many---in fact, most---Internet servers can't talk to clients on public IPv6 addresses.

I did some experiments a few weeks ago with IPv6. You know what? Most things just work. There's this thing called ipv4-over-ipv6 tunnelling: if you attempt to connect to an address of the form ::ffff:[an ipv4 address] your local router should be able to handle tunnelling the packets as far as a router that has a public IPv4 address, at which point you get an NAT'd connection outgoing and everything works pretty much transparently. The only thing that *fails* is when connections back are needed. Pretty much no P2P software works. Active-mode FTP fails. The situation is pretty similar to using an NAT router that doesn't have any protocol mangling stuff like we generally expect these days.

The specifications could have defined a functionally equivalent public IPv6 address for each public IPv4 address, embedding the IPv4 address space into the IPv6 address space; but they didn't.

You can't route IPv6 packets directly to IPv4 addresses. The idea is absurd: how can a machine that only talks IPv4 reply to such a packet? Clearly the packet must be rewritten at some point, and that has to be done by a machine that has a public IPv4 address, which basically means either your router or some upstream router that your router should be aware of. Tunneling the packets is the only possibility, which is where the 4-in-6 tunnel comes in.

(RFC 2893 does some of this, but the IPv6 proponents say that RFC 2893 is a local option, not part of the IPv6 architecture. In particular, they say that an IPv6 client is not supposed to send a packet to an IPv4 address by using the RFC 2893 address.)

RFC2893 is an outdated RFC that has been superceded by RFC4213. Bernstein's rant is undated, but it's either at least 5 years out of date, or else he's attacking a strawman version of IPv6 that ignores recent advances.

As of 2002.11, Google hasn't published IPv6 addresses for www.google.com

OK, so the rant is probably nearly 8 years out of date. FTR, google.com is accessible through IPv6, as I believe are all the other specific examples of sites DJB quotes that were not IPv6 enabled at the time of writing.

Most of his concerns seem to be addressed by the easy methods available for automatically tunneling IPv4 connections over IPv6. The *only* outstanding issue is the one he glosses over briefly: that an IPv4-only client can't talk to an IPv4-only server. This is unfortunate, but it's hard to see how anything can be done about it, other than perhaps reserving the last few IPv4 addresses for server applications and only allocating IPv6 addresses to nodes that will be clients (which would be an administrative nightmare, but should be feasible).

Procrastination (5, Insightful)

dmgxmichael (1219692) | more than 3 years ago | (#33746086)

Why is it that problems never seem to get corrected until they are well and truly disastrous in scope.

Re:Procrastination (1, Insightful)

CoolVC (131998) | more than 3 years ago | (#33746102)

I'm not sure if I'd call needing to use NAT with private IPs for a little while during the transition "disastrous"

Re:Procrastination (1)

dmgxmichael (1219692) | more than 3 years ago | (#33746174)

Agreed - but people in groups procrastinate in the face of danger. Repairing the levees in New Orleans for example. The procrastination is even worse when the consequences are not disastrous. I predict IPv4 will be here 10 years from now enabled by nightmarish workarounds.

People will not fix anything with low impact or low frequency. This is why auto accidents aren't addressed more seriously by society as a whole - the loss of a few lives, or even 40,000 / year in a population of 300 million, is "low impact."

Re:Procrastination (1)

hedwards (940851) | more than 3 years ago | (#33746432)

This is the natural consequences of the small government platform. If you cut taxes and government size you must necessarily cut services or run up mountains of debt, then cut services and raise taxes.

Unfortunately, corporations seem to like to run themselves that way as well with a significant amount of the profits going to the executives running them.

Re:Procrastination (1)

Eivind (15695) | more than 3 years ago | (#33746530)

But car-accidents *ARE* adressed seriously -- very much so. The improvements have been DRAMATIC, even over short timescales.

Back when I got my drivers licence, 15 years ago, we learned, as a rule of thumb, that one person died in traffic every day, aproximately 400/year here in Norway. By now, we're down to half that. And that is despite the fact that there's a lot more cars, and the average car is driven more.

Measured in a mile-by-mile way, traffic-risk is reduced by more than 2/3rds in 15 years. That is, frankly, spectacular.

And it's the result of concerted effort on a multitude of areas: better roads. better crossings. better cars. better driver-education. better signs. better light. better snow-removal and so on and on and on.

If this is an example of things NOT being fixed, I can live with it.

Re:Procrastination (2, Interesting)

Enderwiggin13 (734997) | more than 3 years ago | (#33746182)

Only if you consider the possibility of getting a letter from the RIAA/MPAA's lawyers trying to blackmail you for several thousand dollars because some teenager sharing your IP via NAT decided to torrent the latest Uwe Boll movie "disastrous".

Although, I guess if sharing IPs will make it more difficult for the RIAA/MPAA to "legally blackmail" people it can't be all bad.

Re:Procrastination (1)

oldspewey (1303305) | more than 3 years ago | (#33746254)

Meanwhile, back in realityland, the ISPs all maintain records of which subscriber was assigned which NAT IP during various periods of time.

Re:Procrastination (1)

Enderwiggin13 (734997) | more than 3 years ago | (#33746446)

Yes it was hyperbole, but we already hear about users getting unfairly sued or threatened with being sued because their IP was supposedly torrenting copyrighted material. I can only imagine that NATing IPs would increase the probability of this happening.

If the **AAs crack team of network security pros can't correctly determine which user is using a static IP, how much trouble will they have with NAT IPs?

Re:Procrastination (2, Insightful)

cgenman (325138) | more than 3 years ago | (#33746418)

I'm glad someone finally said it. NAT is the (slightly slower) Plan B.

We don't need every computer on the network to have an address. We need every SERVER and external-facing router on the network to have an address. A company of 10,000 desktops may really only have 100 servers and a few external access routers, meaning they could work fine with 100 IP addresses instead of 10,000. Heck, most of those servers are internal anyway. You could require users to VPN in first (which you should be doing anyway), and then those servers could live entirely on the local NAT.

And yes, that will break a few applications, which will have to find ways around it. NAT issues have been worked around in consumer software since the mid 90's. It's not a deal breaker. I haven't had a real IP at home in about 10 years.

And then you start having DNS-style auctions with IP addresses. Eventually, those start going for too much money, and everyone gets off their butts and enables IPv6.

Re:Procrastination (1)

tsj5j (1159013) | more than 3 years ago | (#33746152)

The whole idea in a democracy is to have visionary leader(s) elected to lead the short-sighted (generalization) masses.

Unfortunately, our leaders today are mostly controlled by short term financial interests, which brings us back to square one.

Re:Procrastination (0)

Anonymous Coward | more than 3 years ago | (#33746280)

No, the idea of democracy is to elect a leader that will represent the will of electorate.

Re:Procrastination (5, Insightful)

oldspewey (1303305) | more than 3 years ago | (#33746228)

Because by being insanely focused on quarterly results, our society rewards short-term thinking, and often actively punishes long-term thinking. In most (not all, but most) companies, if a system architect told his CTO
"we need to undertake a $X million project to transition our systems to IPv6. This is going to become a big deal in about 10 years time and we want to be on top of it,"
the CTO might or might not take the idea seriously. But even if the CTO did decide to bring the idea to the board for approval, he'd be shot down in seconds.
"You want to reduce shareholder profits by $X million to fix something that might become a problem in 10 years? Let's move on to the next item on the agenda shall we? And don't bring stupid ideas like this one to the table again in the future Bob. We need you focused on shareholder value."
.

Re:Procrastination (5, Insightful)

hedwards (940851) | more than 3 years ago | (#33746472)

That's why some of us advocate increasing the short term tax rate to something much higher than what we currently have and tailing off to what we've got now for long term capital gains. And pushing the holding period to 2 years or so. And cut the tax rate on dividends to the rate that people pay for capital gains.

The effect of that is to increase the holding period of an investment and discourage reckless speculation. People tend to forget that Enron produced far more winners than losers. The people who ended up holding the bag were a small fraction of the total number of people who invested in it.

It also has the upside of discouraging charlatans that practice technical analysis from screwing up the markets with their charts. Any practice which ignores what a business does to make money should be discouraged.

Re:Procrastination (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33746484)

Say what you want, but disasters are just *so* much more motivating than distant problems

A Douchebag (1)

L4t3r4lu5 (1216702) | more than 3 years ago | (#33746538)

What are you for posting the answer to your question in the title of your post, but then posting the question in the body of the comment below it, and then failing to properly end your question with a question mark?

The solution! (3, Funny)

airfoobar (1853132) | more than 3 years ago | (#33746090)

We should just censor half the internet and reclaim those IP addresses! That should solve the problem and give us plenty of time to move to IPv6!

Hey, it looks our "tech-aware" government is already trying that -- never mind!

NAT (2, Insightful)

TheCount22 (952106) | more than 3 years ago | (#33746092)

Finally we will no longer have to use this IPv4 NAT garbage with all it's limitations!

Re:NAT (1)

alen (225700) | more than 3 years ago | (#33746220)

what limitations? my iphone is on NAT. what will IPV6 allow me to do on it that i can't do now

Re:NAT (4, Insightful)

betterunixthanunix (980855) | more than 3 years ago | (#33746268)

One issue with NAT is the difficulty in running a server. I like being able to ssh to my home computer when I am at work; but behind NAT, that becomes more difficult (not impossible, just more difficult).

Re:NAT (1)

TheCount22 (952106) | more than 3 years ago | (#33746354)

Exactly! Plus you can only forward to a single machine for a given port number.

Oh, also NAT needs to keep a translation table meaning you can't establish large amounts of connections (think torrents).

Re:NAT (0)

Anonymous Coward | more than 3 years ago | (#33746358)

I wouldn't go as far as to say writing a port forwarding rule is difficult. A minor one time annoyance at best.

Re:NAT (1)

alen (225700) | more than 3 years ago | (#33746506)

this has been solved by apps like logmein or something similar. i even have the iphone version in case my mom calls me with a computer problem and she's 2000 miles away

i was a beta tester for MS live mesh a few years ago and used the RDP feature along with the file transfer when on vacation to transfer pictures from a digital camera back home to clear up space on my ssd card

Re:NAT (0)

Anonymous Coward | more than 3 years ago | (#33746284)

Run a webserver without wasting time setting up forwarding. Or upload a file to an ftp server that doesn't support passive mode.

Re:NAT (0)

Anonymous Coward | more than 3 years ago | (#33746466)

1) ping your phone
2) traceroute to your phone
3) nmap your phone
4) ssh to your phone
5) run a web server on your phone
6) tether a laptop through your phone without double-NAT trouble
7) direct (no intermediate) video and audio to another endpoint
8) maintain long-term persistent TCP connections (NAT reuses ports)

None of thee may be useful to you, but on NAT you don't have the option to find out.

Re:NAT (1)

hedwards (940851) | more than 3 years ago | (#33746536)

Yeah, any application which requires a one to one mapping of IP addresses across the entire network is not going to work with NAT as it's typically used. And definitely not if we run out of unique IPs. As it stands now, it's likely that there are several layers of NAT in between you, me and slashdot.

The biggest limitations aren't really recognized because nobody has been able to release anything that is being limited. At least not on a major scale. We won't know what those things are until the excessive NATing is gone.

Wolf Wolf Wolf (0)

Anonymous Coward | more than 3 years ago | (#33746096)

We keep running out of IPv4 addresses since 2003 or something. I participated in a RIPE training 4 years ago and according to their statistics, we were supposed to deplete the IPv4 address space during 2009. Well guess what..
When we finally exhaust all IPv4 ips, nobody's going to believe them

Re:Wolf Wolf Wolf (1)

disi (1465053) | more than 3 years ago | (#33746188)

I see it a little like domains. If a domain is already taken, you contact the owner and pay for it. If an IP is already taken...

Re:Wolf Wolf Wolf (1)

julesh (229690) | more than 3 years ago | (#33746558)

I participated in a RIPE training 4 years ago and according to their statistics, we were supposed to deplete the IPv4 address space during 2009. Well guess what..

The low estimates for running out of addresses are the ones that usually get quoted, but both low and high bounds on the estimate have been available for a while and while they tighten taking a midpoint has been quite stable for some time now. 4 years ago the estimates were 2009-2013 [usipv6.com] . IIRC the bounds are now something like June 2011 - December 2012.

Routers (1)

hackwrench (573697) | more than 3 years ago | (#33746100)

Have routers use IPv6 and regular computers use IPv4 and reclaim the IPv4 addresses used by the routers. Use IPv4 tunnelling. I think I've got that right.

Re:Routers (1)

allo (1728082) | more than 3 years ago | (#33746196)

it does not work that way. you will reclaim one ip per router in very different nets. you cannot count the ips reclaimed, you need continuus nets to allocate.

Nobody cares. (4, Interesting)

ledow (319597) | more than 3 years ago | (#33746122)

Nobody cares, nor needs to, except the ISP's and hosting outfits. If they provide a nice 6-4 proxy (or whichever way around it is), 99.999% of users can continue doing everything they normally do. I've done it on several of my machines in the past, been in the IPv6 net and browsed IPv6 websites to confirm it, and I never once had to touch my IPv4 config or do anything too fancy - certainly nothing that an ISP couldn't do transparently from their side of the net.

It's an issue if you're hosting websites, because then your site needs to be accessible from the IPv6 addresses, but that's an issue for the hosters, most of the biggest of which are managed hosting outfits that can switch that on overnight if they haven't already - if they are allocating static IPv4 addresses, it's just a matter of translating and passing on IPv6 requests for a recognised IPv4 equivalent address to an internal IPv4 network. The root DNS servers are running IPv6 already, etc. There's absolutely nothing to stop this just working on most people's machines today and, no, not every machine needs to upgrade to IPv6 addressing in order to do that. In fact, if anything, suggesting that internal business networks suddenly become IPv6 addressable is the most stupid suggestion in the history of the world - most places just want an "4-6 convertor" in layman's terms and they'll tick along quite nicely on their internal 10, 176, and 192's without caring. Most places would run absolutely fine, the only place it matters is the extreme borders of the Internet.

People don't run IPv6 not because of any of those reasons in the article but because a) they haven't heard of it, b) ISP's don't support it or won't do it for them automatically and c) a lot of OS's never come preconfigured to use IPv6 if it's available. Oh, and of course, d) nobody will care until their IP address allocation requests start getting turned down.

It's not a big deal, it's not going to kill NAT's and 30 years from now there will STILL be local networks, internal VoIP systems, print-servers and whatever else using IPv4 addressing because it's a damn sight easier to leave a working config alone than to upgrade/replace every bit of hardware that touches IP. I can use IPv6 today. There's absolutely no need to until every link in the chain supports it and that's still YEARS away even with US government backing. And even then, IPv4 isn't going anywhere - it's just being superceded. It's like saying that all SSH servers have to switch to SSH2, or all wireless LAN's to 802.11n - it'll happen, and a little nudge won't hurt, but overall people just don't care enough for the majority of cases and their old stuff will still work on IPv4 in 20-30 years time if it's still operational.

Tell me when even 5% of the websites that I use regularly are available over IPv6 and I'll look at setting up my VPS to do the same.

Re:Nobody cares. (1)

am 2k (217885) | more than 3 years ago | (#33746304)

Tell me when even 5% of the websites that I use regularly are available over IPv6 and I'll look at setting up my VPS to do the same.

Hard to say, since you don't list what sites you are using regularly. However, google search is available via http://ipv6.google.com [google.com] , which is a rather big part of common web usage.

Re:Nobody cares. (1)

ledow (319597) | more than 3 years ago | (#33746380)

Useless is less than 5% of the sites returned support IPv6 (or could even tell you what it was).

Slashdot, for instance, doesn't.

Re:Nobody cares. (0)

Anonymous Coward | more than 3 years ago | (#33746348)

Hosters can just turn on a 6to4 gateway and the problem is mostly solved. In fact, I know that a lot of data center operators are planning to offer some sort of 6to4 gateway service to hosters in their data center. Other are even trialling VM solutions where you wrap an IPv4 virtual machine with services that handle the v4-v6 translation like NATPD, 6to4 and Teredo. Now that you can run XEN with virtual routers and even virtual switches, you can make some nice "hosting wrapper" solutions that give hosters access to the v6 Internet without pain.

Re:Nobody cares. (1)

Eivind (15695) | more than 3 years ago | (#33746434)

Yeah. The entire internal network in my house uses 10.*.*.* adresses as it is, and aslong as all webservers are on ipv4, none of them need to change that. Wake me up when there's a significant mass of internet-services only available over ipv6.

This is really sad (4, Interesting)

Omnifarious (11933) | more than 3 years ago | (#33746140)

And at every job I've worked in the past 5 years, management has completely had their head in the sand about it. :-( And none of the developers understood enough about IPv6 to push in an even faintly credible way. :-(

I've been running IPv6 on my home network since about 2002. It's just not that hard. In fact, it's a lot easier than running IPv4. My IPv4 home network has a seriously contorted configuration because of the constrained addressing. When I wasn't even given a block of IPs but instead given X number of individual IP addresses it was even worse. My IPv6 network, OTOH, is configured quite simply and obviously.

OTOH, even though I've had an IPv6 DNS server for ages, my stupid registrar STILL does not support IPv6 glue records. It's ridiculous. The standard has been stable enough to do something like that for at least 3-4 years now. I just want to strangle them.

Last I checked, we only have about 200 days before ARIN stops being able to hand out new IPv4 addresses. It's around 7 months. After that, hosts start appearing on the Internet that only have IPv6 addresses. The connectivity breakage will be slow, subtle and inexorable. I bet it takes the tech industry at least another 5 or 6 years before they have to fix the problem or not have customers, and I bet it won't be fixed before then. So very very stupid.

Gonna be a hard switchover (2)

Linsaran (728833) | more than 3 years ago | (#33746154)

As an employee for a major electronics retailer, I can see that this whole situation is going to be brutal on the general internet going public, but more importantly it's going to be brutal on me when I have to try and explain to grandma Jones why her internet doesn't work right anymore on her 10 year old computer and how she's going to have to buy a new router/modem/network card/computer. People don't want to deal with ugly inconvienent stuff like the switch to ipv6 (no matter how needed it might be) they just want their stuff to work. I really hope this transition goes a lot smoother than it looks like it's going to, but I don't have a lot of faith that it will.

Re:Gonna be a hard switchover (1)

Panaflex (13191) | more than 3 years ago | (#33746306)

Nah, it's an opportunity to sell new gadgets!

Someone will come up with an inline ethernet 6to4 proxy for $30. Router manufacturers will finally build it in... it will be as simple as serving ip4 to older DNS requests, and ip6 to newer machines. As long as the DNS requests are managed correctly it won't be a problem.

The real hard work will be at the ISP and enterprise level... The service software guys (RH, IBM, CA, Oracle etc) will be banking.

Re:Gonna be a hard switchover (0)

Anonymous Coward | more than 3 years ago | (#33746372)


As an employee for a major electronics retailer

They should really teach you more about IPv6 at Geek Squad Skool.

lol

Re:Gonna be a hard switchover (1)

hedwards (940851) | more than 3 years ago | (#33746574)

And those people shouldn't have to know. The ISP should be sending out a new modem or update that handles it in the modem. The end user shouldn't need to know about it unless he or she wants to.

The solution is simple (5, Funny)

Anonymous Coward | more than 3 years ago | (#33746168)

Just force all porn sites on the internet to be accessible from IPv6 addresses only.

When is /. going to get an IPv6 address? (5, Insightful)

avij (105924) | more than 3 years ago | (#33746178)

Serious question. I already have an IPv6 address, why doesn't Slashdot have one?

Re:When is /. going to get an IPv6 address? (4, Informative)

grumbel (592662) | more than 3 years ago | (#33746278)

Running IPv6 on a webserver means cutting of a chunk of your users with broken IPv6 setups. That is why you see a lot of http:://ipv6.google.com [http] style sites, but hardly anybody having a AAAA record on their main domain.

Re:When is /. going to get an IPv6 address? (1)

avij (105924) | more than 3 years ago | (#33746486)

Yes, that's unfortunately true.. At this point I'd be happy if Slashdot had an IPv6-only subdomain, such as ipv6.slashdot.org. At this moment that address does resolve (like any subdomain of slashdot.org), but unfortunately only to an IPv4 address :-/

Re:When is /. going to get an IPv6 address? (5, Insightful)

gmueckl (950314) | more than 3 years ago | (#33746572)

heise.de, a major German tech news site ran a test for precicely that reason about two weeks ago: they added an AAAA to heise.de in addition the normal AA record. Out of the thousands of visitors they have each day less than 10 were unable to reach that site in that configuration and wrote in about their problems and only one turned out to be unfixable because of a router misconfiguration somewhere else in the network. Since they advertised their test weeks ahead and asked users to report any problems they might experience during the test, the number of complaints they received is pretty low. So the argument of mixed AA/AAAA records not working properly of users is luckily losing its credibility, it seems.

crisis? opportunity! (4, Funny)

Fanro (130986) | more than 3 years ago | (#33746194)

So, what are the best ways to profit from this crisis?

Hoarding IP addresses is an obvious way, but that market seems pretty crowded already.

Re:crisis? opportunity! (0)

Anonymous Coward | more than 3 years ago | (#33746376)

IP Futures are hot.

/: No AAAAnswer (0, Informative)

Anonymous Coward | more than 3 years ago | (#33746252)

# nslookup -type=AAAA slahsdot.org ns2.dsredirection.com
Server: ns2.dsredirection.com
Address: 204.13.160.55#53

*** Can't find slahsdot.org: No answer

Re:/: No AAAAnswer (1)

ledow (319597) | more than 3 years ago | (#33746294)

Maybe if you spelled slashdot correctly?

Re:/: No AAAAnswer (0)

Anonymous Coward | more than 3 years ago | (#33746390)

Maybe if you spelled slashdot correctly?

Like Slashdot themselves can do this half the time.

the EASY fix (0)

Anonymous Coward | more than 3 years ago | (#33746448)

Countries that filter and/or block the internet on a massive scale (e.g. China's "great firewall") should be given no more than ONE /24 ('Class C') for their entire country.

If they insist on keeping vast portions of the internet away from their citizens and others within their borders, WHY the bloody hell should they get address space on that same internet?

Milking the IP4 squeeze (2, Interesting)

martyw (1911748) | more than 3 years ago | (#33746532)

Is it not entirelly impossible that IP vendors, network providers, ISPs and hosting companies have already accumulated or say squattered enough 4byte IPs to take advantage of the upcoming IP shortage situation and are not rushing the much needed IPv6 hardware deployment as they should?

RFC1365 (0)

Anonymous Coward | more than 3 years ago | (#33746580)

Its really hard to run out of IP4 addresses when IP extension blocks allow transparent extensions to the range of IP addresses. However, there's much more money in IP6 networking conferences and vendor upgrades.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...