×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sale of IPv4 Addresses Hindering IPv6 Adoption

Soulskill posted about a year and a half ago | from the can-we-blame-al-gore-for-this dept.

The Internet 214

hal9000(jr) writes "While IPv6 day was a successful marketing campaign, is anyone really moving to IPv6? On World Launch Day, Arbor Networks noted a peak of only .2% of IPv6 network traffic. It appears that IPv4 addresses are still valuable and are driving hosting acquisitions. Windows 8 will actually prefer IPv6 over IPv4. If you want IPv6, here's what to do about it."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

214 comments

delays ... delays ... delays... nothing but delays (0)

Anonymous Coward | about a year and a half ago | (#40689725)

Only delays the inevitable. Also all the major ISPs are working on it...

Re:delays ... delays ... delays... nothing but del (5, Interesting)

camperdave (969942) | about a year and a half ago | (#40690251)

The sale of IPv4 addresses isn't what is delaying IPv6, but rather:
  • Lack of IPv6 ready devices.
  • The sense that the IPv6 specification is still in a state of flux. Site local addresses have come and gone, being replaced with unique local addresses. Unique local addresses are supposed to be randomly generated, however, there are movements to have a central registry for these. A number of schemes for encoding an IPv4 address in IPv6 have come and gone, as well as certain allocations of address ranges.

Re:delays ... delays ... delays... nothing but del (0)

Anonymous Coward | about a year and a half ago | (#40690923)

# The sense that the IPv6 specification is still in a state of flux. Site local addresses have come and gone, being replaced with unique local addresses. Unique local addresses are supposed to be randomly generated, however, there are movements to have a central registry for these. A number of schemes for encoding an IPv4 address in IPv6 have come and gone, as well as certain allocations of address ranges.

"Oh, draft these standards. They're so naughty and complex."

No need (3, Interesting)

_Sharp'r_ (649297) | about a year and a half ago | (#40689743)

From the article:
"Transitioning to IPv6 will take much, much longer than anyone expects, mostly because there is no clear reason to move to IPv6 anytime soon."

Not everything works with IPv6 yet. Most stuff does, but most organizations still have some stuff that doesn't quite yet. It'd be great if it was all just transparent, but it's now.

Re:No need (2)

sneakyimp (1161443) | about a year and a half ago | (#40689801)

I'm mostly wondering what to do about my iptables in linux. I have this vague feeling that some day I will be assigned an IPv6 address by my ISP and suddenly I won't be allowed into half my servers. I'm also wondering how to reconfigure my firewall to use IPv6 internally.

Re:No need (1)

lindi (634828) | about a year and a half ago | (#40689959)

You probably already have a link-level ipv6 address. If your ADSL modem is in bridged mode you have probably already exposed some services to your ISP :)

Re:No need (1)

sneakyimp (1161443) | about a year and a half ago | (#40690101)

I'm not pretending to be any expert here, but I'm not using DSL and thus don't have an ADSL modem. I do see that my ubuntu workstation's eth0 interface has an IPV6 address assigned and I suspect that you are suggesting my services are exposed to requests via IPV6 because I have not explicitly blocked/managed them using iptables. This is rather alarming! Got any useful links?

Re:No need (4, Informative)

LilBlackKittie (179799) | about a year and a half ago | (#40689975)

ip6tables is a doddle to use, and assuming you have a new enough kernel pretty much all you'll need will be a variation upon:

ip6tables -A FORWARD -i lo -j ACCEPT
ip6tables -A FORWARD -i $lan_if -o $upstream_if -j ACCEPT
ip6tables -A FORWRRD -i $upstream_if -o $lan_if -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -P FORWARD DROP
sysctl net.ipv6.conf.all.forwarding=1

(NB: you probably want more than that, but assuming your $lan_if and $upstream_if have appropriate IPv6 subnets on, and everything is routing correctly, then you get "the same behaviour you used to" when you had your IPv4 NAT... only now you have "real" end-to-end connectivity)

Re:No need (1)

sneakyimp (1161443) | about a year and a half ago | (#40690199)

I appreciate this. Given my relatively modest iptables skills, i'm don't entirely understand everything you've said but it does make some sense. I'd greatly appreciate a slightly more basic introduction if anybody knows one.

Re:No need (4, Informative)

darkonc (47285) | about a year and a half ago | (#40691371)

It's pretty easy to explain to anybody with even a minial understanding of iptables:

-i X means 'if the packet is inbound on interface X'
-o Y means 'if the packet will be forwarded (outbound) on interface Y
$lan_if and $upstrea_if are variables to which you've assigned the proper names for the interfaces conected to the LAN side and the Internet side (respectively)

# accept anything originating at localhost (this machine/router)
ip6tables -A FORWARD -i lo -j ACCEPT
# Allow outbound connections to be initiated by machines on the inside net.
ip6tables -A FORWARD -i $lan_if -o $upstream_if -j ACCEPT
# allow packets associated with aformentioned connections to come back in.
ip6tables -A FORWRRD -i $upstream_if -o $lan_if -m state --state ESTABLISHED,RELATED -j ACCEPT
# Drop anything else.
ip6tables -P FORWARD DROP
# Turn on packet forwarding of IP6 packets between interfaces. (off by default)
sysctl net.ipv6.conf.all.forwarding=1

This effectively gives you the same protections as an IP4 NAT setup -- but with none of the disadvantages. -- Like the fact that each machine on the inside gets it's own (external) IP address. This means that if you want you can give machines on the inside the ability to be servers (acccept inbound conections to the machine and port) without the NAT thing of also having to assign each machine an inbound (non-standard) port number.

Re:No need (1)

arttulaine (258278) | about a year and a half ago | (#40690715)

For quality IP6 connectivity, you also need to accept the multicast address space in INPUT chain, or at least parts of it. Good old ICMP is also nice, your policy allowing:

    ip6tables -A INPUT -d ff00::/8 -j ACCEPT # Multicasts are necessary and nice
    ip6tables -A INPUT -p icmpv6 -j ACCEPT # ICMPs make us all quite happy

For example, the IPv6 replacement of IPv4 ARP is performed using IPv6 link-local multicast, among other thingies.
Firewall policies on (even the upstream) links must understand the IPv6 specific requirements for accepting inbound multicasts for the fullest IPv6 experience.

When your local ISP still does not offer native IPv6 addressing and traffic, a good way to start using IPv6 is to get a free 6to4-tunnel from Hurricane Electric [tunnelbroker.net] .

Re:No need (4, Informative)

vlm (69642) | about a year and a half ago | (#40690105)

I'm mostly wondering what to do about my iptables in linux.

The good news is that ipv6 has been available on linux for I donno a decade or so, and ipv6 tunnels have been available, etc. The ipv6 land rush is very much like people in 1997 talking about that "brand new" internet thing, and just like the great ipv4 rollout its a good thing there's a decade or so of sound traffic engineering experience out there already for ipv6.

1) I guess it depends a lot on your distro.
2) Some terms to google for beyond the obvious are "ip6tables".
3) nobody needs NAT on ipv6 which inherently provided stateful firewalling on ipv4. TCP is pretty easy, SYN packets only allowed in one interface...
4) Personally I find it easiest to make two firewall scripts a ipv4 and a ipv6. If for no other reason than totally screwing up ipv6 will not mess up your ipv4 access and vice versa making it simpler to recover from mistakes.
5) Good luck wrapping your head around the concept of "every host is a multihomed host" aka "link-local addresses". Please don't attempt to route LL out on the greater internet, mkay, they're for mdns / bonjour type stuff.
6) Good luck with dynamic addresses and revdns. If you never used BIND's ORIGIN lines well you best learn how, and quickly.
7) Please block all RH0 aka rt-type 0 packets they're the ipv6 evil bit
8) Go to Hurricane Electric (they rock in general, BTW) and become a sage ipv6 dude. I found this quite easy when they initially rolled this out several years ago, maybe its harder now. You need to do this "course" to learn the ropes and glossary before you can learn to firewall or you'll turn all sorcerers apprentice.

http://ipv6.he.net/certification/ [he.net]

9) Once you know ipv6 you could do worse than to start at

http://www.sixxs.net/wiki/IPv6_Firewalling [sixxs.net]

SIXXS is kind of like a major cell phone company, in that everyone's opinion of them seems exclusively driven by their local sixxs pop or their local cellphone tower quality. So you'll get meaningless comments all over the map about how they rock or suck based on the little neighborhood the commenter lives in. That said if you live in range of the Chicago pop, it rocks, although it had some exciting momentary outages a couple years ago. I use them on a dynamic endpoint and HE's tunnelbroker on a static endpoint and I'm very happy with both... your mileage may vary...

Re:No need (1)

sneakyimp (1161443) | about a year and a half ago | (#40690239)

Bless you, kind sir. I want so badly to be a good internet citizen and will do my best to spread the IPv6 gospel once I know a little more. Speaking of ipv6 land rush. How do I get me some ipv6 addresses?

Re:No need (1)

vlm (69642) | about a year and a half ago | (#40690421)

How do I get me some ipv6 addresses?

That's kind of toward the end of my epic long post... to restate... what worked for me when I last set this up years ago. Both services are free.

Your ipv4 addrs is static -> Go to hurricane electric aka tunnelbroker.net no hassle just works very quick mostly painless.

Your ipv4 addrs changes every Fing time the cablemodem reboots, or so it seems -> Go to sixxs and they put you thru quite an amazing hassle to sign up but eventually you have perfect automatically re-connecting dynamic service.

You can just do the tunnelbroker service on a dynamic address, perfectly good for short term learning purposes. But its going to be a hassle once you rely on it... Then again tunnelbroker is easier to sign up, or at least it used to be, so maybe you Should start there.

I simply cannot recommend he.net highly enough as a happy yet former customer. Whenever their name comes up here, "everyone on /." agrees they rock.
SIXXS on the other hand is a volunteer org and response time is... what you'd expect from a volunteer org, but they try their best and do a pretty good job given that constraint.

Re:No need (1)

vlm (69642) | about a year and a half ago | (#40690149)

Not everything works with IPv6 yet. Most stuff does, but most organizations still have some stuff that doesn't quite yet.

That list is ridiculously short. Even my half decade old brother laser printer supports ipv6. The only barrier at this time in "my organization" is my openafs fileserver cluster doesn't support ipv6. Other than that...

Re:No need (1)

lucifuge31337 (529072) | about a year and a half ago | (#40690709)

Not everything works with IPv6 yet. Most stuff does, but most organizations still have some stuff that doesn't quite yet.

That list is ridiculously short. Even my half decade old brother laser printer supports ipv6. The only barrier at this time in "my organization" is my openafs fileserver cluster doesn't support ipv6. Other than that...

Unless you work in VoIP. Then then that list is "most of your non-commodity equipment and none of your carriers."

Re:No need (1)

Anonymous Coward | about a year and a half ago | (#40691335)

Equipment is probably the reason the carriers don't. My provider says:-

"Our call servers theoretically support IPv6, but we are having problems finding equipment to test against." [aa.net.uk]

Re:No need (2)

lucifuge31337 (529072) | about a year and a half ago | (#40691437)

Equipment is probably the reason the carriers don't.

Yes, like I said "most of your non commodity equipment". While I could set up signaling with IPv6 using OpenSIPs or similar, the idea of running a bi-lat with a major carrier that way is laughable. Not to mention the fact that you'll pretty much have to B2BUA traffic going from v6 to v4 (since none of your other carriers support v6) or it will be an even bigger support nightmare. And as far as support nightmares go......none of the packet capture and analysis tools commonly used support v6.

VoIP (real carrier voip.....not you nerds with an Asterisk box in your house) is a long way away from being v6 ready.

Re:No need (1)

jawtheshark (198669) | about a year and a half ago | (#40690989)

My nearing a decade (8 years, think) old laser printer doesn't. I have no intention to replace a small-office class printer that cost an arm and a leg back in the day. Besides, it prints perfectly fine and it should easily work for another 5 to 10 years.

Re:No need (2)

_Sharp'r_ (649297) | about a year and a half ago | (#40691023)

I work in a messaging/transmissions service that interfaces with pretty much the whole world, one way or another. We recently did a survey and ... 80% of the software products out there in actual use with our products didn't quite support IPv6 fully yet. Oh, most were coming "soon", or in the next release, or in the roadmap for X .... but not yet.

Network level devices, routers, switches, firewalls, LBs, servers, storage, etc... have done a much better job of current revisions supporting IPv6. Now consider all the software out there that may need to be configured with an IP address configuration, setup to bind to a network port, etc... that was built when it was assumed an IP address was X.X.X.X ?

That's a much bigger and older world than a router running the latest network vendor OS.

So then you're back to running mixed IPv4 and IPv6, which means a lot of hassle and transition period, etc... without all the benefits.

slashdot (1)

lemur3 (997863) | about a year and a half ago | (#40689757)

ipv6 is coming to a slashdot near you.. soon!

Re:slashdot (1)

sxpert (139117) | about a year and a half ago | (#40689833)

seems like this one will take a while... all IPv4 from here, apart from google analytics

Re:slashdot (0)

Anonymous Coward | about a year and a half ago | (#40690093)

Yeah, about the same time they get https, unicode character support, and editors.

Re:slashdot (2)

Andrew Lindh (137790) | about a year and a half ago | (#40690139)

I guess the easiest way to "support" IPv6 is by name alone...

ipv6.slashdot.org = 216.34.181.48

No IPv6 AAAA record for ipv6.slashdot.org

Buy an IPv4 Address Here!! (5, Funny)

Anonymous Coward | about a year and a half ago | (#40689779)

For sale, one barely used 127.0.0.1 ip address. $5000. First come first serve!

Re:Buy an IPv4 Address Here!! (3, Funny)

sick_uf_u (515976) | about a year and a half ago | (#40689939)

That address is like the village bicycle... or like all the villagers' bicycles.

Re:Buy an IPv4 Address Here!! (4, Funny)

jd2112 (1535857) | about a year and a half ago | (#40690125)

For sale, one barely used 127.0.0.1 ip address. $5000. First come first serve!

I'll show you. I'm going to launch a DDOS attack against that IP and then we'll see how much you can sell it f[NO CARRIER]

Re:Buy an IPv4 Address Here!! (0)

Anonymous Coward | about a year and a half ago | (#40690221)

Man down! I'll help this attack by launching a smurf attack on that IP. That'll teach you a lesson!

IPV6 == no security (-1)

Anonymous Coward | about a year and a half ago | (#40689781)

Part of the reason is that IPv6 has a number of security issues:

1: No NAT, so an intruder can fire up a scan and find your network topology from anywhere in the world. Only way to deal with this is to tunnel to IPV4 then back again, which is a hack.

2: No support for packet level encryption. It is mentioned, but it is an option that vendors don't need to follow or bother with.

3: Change ISPs? All your internal IPs have to change. Again, no NAT, so you can't just leave your internal 10.x.x.x network as it is and just let the routers deal with the new external stuff.

4: Unknown 0-day security holes. Just what we want... to relive the days of pings of death, land, teardrop, smurf, SYN flooding and other attacks.

IPv4 sucks, but if I'm worried about security, I'll keep my ticket to admission, thank you very much.

Re:IPV6 == no security (4, Insightful)

LilBlackKittie (179799) | about a year and a half ago | (#40689813)

Scan your network topology from anywhere in the world?

See also: stateful firewall. NAT is not a firewall.

Re:IPV6 == no security (1)

techno-vampire (666512) | about a year and a half ago | (#40691179)

NAT is not a firewall.

Of course not. However, if properly implemented, NAT can be one of the outlying parts of your firewall. If your router is set to drop all incoming connection requests, port scanners will never find your machines, making them that much safer. Yes, I understand that there are other routes in that this can't protect you from. That's why I called it part of a firewall.

Re:IPV6 == no security (5, Informative)

ftp coward (245726) | about a year and a half ago | (#40689911)

Yes, I think worrying about someone scanning the 18,446,744,073,709,551,616 addresses in your /64 is a valid concern.

Re:IPV6 == no security (1)

Anonymous Coward | about a year and a half ago | (#40690499)

It will only take 1,048,576 PetaBytes of 64byte ping packets!

Re:IPV6 == no security (0)

Anonymous Coward | about a year and a half ago | (#40690681)

Once I finish building my new-fangled quantum computing thingy, I'll be able to do that before I even realize I want to.

Re:IPV6 == no security (4, Informative)

gbjbaanb (229885) | about a year and a half ago | (#40690955)

so with a 1ms response time, it'll only take 584,942 years to scan the pathetically small /64 my ISP has given me. Go for it hackers.

Re:IPV6 == no security (1)

jandrese (485) | about a year and a half ago | (#40691245)

For what it's worth, the number of addresses they would need to scan (assuming you use the default "turn my MAC into my IPv6 addr) scheme is not quite as big. At worse you only need to scan 281,474,976,710,656 addresses. You could make some assumptions that would cut down the number of addresses you need to search too, like the first octect being 00 (common for physical NICs, although not a guarantee anymore).

Still, brute force scans on IPv6 are not going to be very common I think.

Re:IPV6 == no security (1)

armanox (826486) | about a year and a half ago | (#40689921)

In response to 3 - or we no longer need dynamic IP's and can give everyone their own address, at which point it no longer matters what ISP you are using.

Re:IPV6 == no security (1)

shentino (1139071) | about a year and a half ago | (#40690699)

NAT is useful as an economic barrier to force people to pay a premium for a static IP.

Re:IPV6 == no security (0)

Anonymous Coward | about a year and a half ago | (#40691557)

Not to mention it encourages a one-way directional model of Internet that the major media companies would love. NAT makes things like p2p/server apps more frustrating for the average computer.

Re:IPV6 == no security (1)

lucifuge31337 (529072) | about a year and a half ago | (#40691091)

at which point it no longer matters what ISP you are using.

Did I miss that part where home routers are all running BGP now?

Re:IPV6 == no security (1)

swalve (1980968) | about a year and a half ago | (#40691321)

Yes, it matters what ISP you are using. If you change ISPs, you change IP addresses. That's how routing works. However, you wouldn't need to change internal addresses because ipv6 allows an adapter to have multiple addresses. You can have private IPs for private use that stay the same, and public IPs that change based on ISP.

Re:IPV6 == no security (2)

aix tom (902140) | about a year and a half ago | (#40689925)

On point 1 and 3, that is mainly not "NAT" but "routing".

You can put all your internal stuff in a Private IPv6 [simpledns.com] address range, then have one router in the network of the ISP that gives you your internet connection. Routing is a basic functionality of both IPv4 and IPv6, NAT is an ugly hack.

Re:IPV6 == no security (3, Insightful)

dgatwood (11270) | about a year and a half ago | (#40689971)

No NAT

Not true. Linux has a NAT implementation for IPv6 already. There's nothing about IPv6 that inherently prevents NAT. It just isn't necessary in nearly as many places.

No support for packet level encryption.

Probably because in practice, encapsulation is "good enough".

Change ISPs? All your internal IPs have to change.

Only if you aren't using NAT. Besides, with service discovery and SLAAC, chances are you won't have to reconfigure anything anyway.

Unknown 0-day security holes.

No more so than any other piece of OS-level code.

Re:IPV6 == no security (4, Informative)

Qzukk (229616) | about a year and a half ago | (#40690027)

1: No NAT, so an intruder can fire up a scan and find your network topology from anywhere in the world. Only way to deal with this is to tunnel to IPV4 then back again, which is a hack.

Maybe you should install FreeBSD then, it's pf has supported IPv6 NAT since 2010 [blogspot.com] (at least).

2: No support for packet level encryption. It is mentioned, but it is an option that vendors don't need to follow or bother with.

Which is how ipsec works now. In other words, you and your partner obtain compatible implementations and it works.

3: no address independence

See nat66 (or freebsd).

4: Unknown 0-day security holes. Just what we want... to relive the days of pings of death, land, teardrop, smurf, SYN flooding and other attacks.

Now it's true that there are probably buggy implementations, after all the implementations have only been around a decade or so and only 0.2% of the internet has used them. That's what, 10 people?

Re:IPV6 == no security (0)

Anonymous Coward | about a year and a half ago | (#40690551)

The FreeBSD IPv6 "NAT" is better than IPv4 NAT. It is a 1:1 instead of 1(external):Many(internal). This makes it useful for cheap pseudo-multi-homing. It will map the same suffix no matter which prefix it comes on aka Many(external):1(internal)

Re:IPV6 == no security (1)

Qzukk (229616) | about a year and a half ago | (#40690965)

IPv4 NAT can do 1:1 if you bother to set up the mapping (this is how "address independence" works: your internal 192.168.1.x network stays the same when you change ISPs, you just update the firewall with the new address mappings), and you could probably whack at iptables/conntrack on linux to get N:1 mapping in IPv4 as well (you need conntrack to get the return packet back to the right external IP). Even if it was easy, IPv4 just doesn't have the address space to do cool tricks like your automatic multi-homing example.

Re:IPV6 == no security (1)

tlhIngan (30335) | about a year and a half ago | (#40690975)

If ISPs are giving out /48's or /64's to users, I see it as a great opportunity to DDoS people again. Before, they had one IP address and if they changed their IP, you couldn't flood them off. Now, they get a whole range of IPs and you can easily get a bunch of PCs to just flood any address in that range - the bottleneck will be their connection. So unless they change their prefix (which probably won't happen too often), you could keep someone lagging out during gaming and they can't do a damn thing about it.

Quite a nice benefit to those who want to cheat at online gaming - you don't need IP addresses, just their prefixes.

The other thing is - IPv4 addresses have to get WAY more expensive first. Because IPv6 equipment is pricey if you need to upgrade at an enterprise level, and since the entire upgrade cost is bourne by the company wanting to upgrade, there's little financial incentive still. When you're talking about $100,000 worth of equipment that has to be bought brand new again... (or millions for larger companies) while their current gear still works...

Re:IPV6 == no security (1)

darkonc (47285) | about a year and a half ago | (#40691135)

It really should just be a software upgrade (DD-WRT, anybody?) -- But then convincing vendors to put out an IP6 patch when they can get away with selling you a $50.000 piece of equipment with that same patch could be an uphill battle.

Re:IPV6 == no security (0)

Anonymous Coward | about a year and a half ago | (#40691215)

So.. you're going to flood about 2^64 addresses at the same time? "A bunch of PCs" will have to be a rather large number. Keep in mind that the whole IPv4 Internet has less than 2^32 publically reachable addresses. So even if your 'bunch of PCs" can flood the entire Internet, you'd stil be orders of magnitudes off.....

Re:IPV6 == no security (1)

jandrese (485) | about a year and a half ago | (#40691283)

Most of the gear you have should already support IPv6 unless you're in some sort of computing museum. There are some things that hate IPv6 still (VPN hardware annoyingly), but it's pretty rare. Even crappy home equipment supports IPv6 a lot more often than you might expect.

Re:IPV6 == no security (1)

techno-vampire (666512) | about a year and a half ago | (#40691275)

4: Unknown 0-day security holes.

That's not unique to IPv6. Every Internet protocol, every web or database server is subject to that, along with many, many other programs. Changing to IPv6 doesn't increase the issue in the slightest, so it's not relevant.

Re:IPV6 == no security (0)

Anonymous Coward | about a year and a half ago | (#40691537)

4: Unknown 0-day security holes

That's not unique to IPv6. Every Internet protocol, every web or database server is subject to that, along with many, many other programs. Changing to IPv6 doesn't increase the issue in the slightest, so it's not relevant.

It does when new code is written to support IPv6 and that new code contains vulnerabilities.

"here's what to do about it?!!!" (2)

sneakyimp (1161443) | about a year and a half ago | (#40689785)

That last link doesn't have one spec of advice. It merely describes the problem again. FAIL.

It's not a problem. (1)

Colin Smith (2679) | about a year and a half ago | (#40691339)

I've seen vines, ipxspx, osi etc fall by the wayside.

Really. Nobody cares about ipv6. It's not a problem, people like you are a bigger problem.

Why? (2)

grumpyman (849537) | about a year and a half ago | (#40689871)

As an individual user... why? This should be something that I shouldn't have to worry about and the change should be transparent.

Re:Why? (2)

DigiShaman (671371) | about a year and a half ago | (#40690013)

There's profit in scarcity. Some ISPs may start offering IPv6 only to mobile devices while public IPs (both static and dynamic) will require either a premium or business account. That means that home users get double-NATed. That in of itself breaks all sorts of network functionality including VPN and hosting/sharing files from home. So yes, the scarcity of IPv4 might rear its ugly head that will bite both the consumer and corporate America in the ass.

Re:Why? (1)

slimjim8094 (941042) | about a year and a half ago | (#40690067)

It will be, if you have a reasonable router (AirPort is one, but not the only, example) and your ISP uses something like DHCPv6 with prefix delegation. One day your ISP will say "hey, here's a v6 subnet!" and your router will go "alright, you guys (your devices) go ahead and pick one from this range". And it'll just work. If you don't have a new enough router, this won't happen, but it shouldn't affect v4 connectivity.

FWIW I've been running v6 at home for 5-6 years (through a tunnel), my university has it for all wired and wireless connections, and there's not a problem. Not one, literally, anywhere that I've heard about. It just uses v6 for any enabled service, and falls back to NATted v4 otherwise.

Re:Why? (2)

Hatta (162192) | about a year and a half ago | (#40691043)

The consumer had to worry about the transition from leaded gas to unleaded gas. The consumer had to worry about the transition from analog TV to digital TV. The consumer had to worry about the transition from 7 digit phone numbers to 10 digit phone numbers (where applicable). Why shouldn't the consumer have to worry about IPv6?

Widespread adoption is far off (1, Insightful)

undefinedreference (2677063) | about a year and a half ago | (#40689895)

There are still vast ranges of unused addresses that have not been monetized, so there's no incentive to change. The cost of conversion is higher than the cost of addresses, therefore we will keep using them and developing software that doesn't support IPv6 until costs escalate.

Beyond this, how many of your ISPs offer native IPv6? This will be a prerequisite to widespread consumer adoption.

Re:Widespread adoption is far off (1)

shentino (1139071) | about a year and a half ago | (#40690797)

Actually, the cost of the address is not really proportional to the cost of giving it up as it is to the value that can be extracted from a desperate buyer.

Prices are high because demand is high and early adopters with a large hoard of addresses are effectively a cartel.

Want to know what I am going to love the most? (1)

Anonymous Coward | about a year and a half ago | (#40689931)

That I won't see those same damn bots that scan the entire IPv4 range all the damn time as often.
Hope they enjoy scanning the entire IPv6 range.

Admittedly they might get better results as NAT won't be causing as many problems with detecting actual hosts.
Sometimes I just feel like messing with them.

Re:Want to know what I am going to love the most? (2)

undefinedreference (2677063) | about a year and a half ago | (#40690087)

It reminds me of the early-mid 90s where basically every connected computer had a public IP address. It was glorious.

No one cares! (1)

na1led (1030470) | about a year and a half ago | (#40689947)

Until some new technology that everyone wants comes along and requires IPv6, no one will care about it. It makes no sense for businesses to pay thousands on larbor to reconfigure their entire network for IPv6, and see no beneficial gain. Not to mention a lot of legacy hardware still don't support IPv6, like network printers/copiers, camera systems, security systems, etc. It also complicates maters worse when you try to network across long distances.

Re:No one cares! (3, Interesting)

mlts (1038732) | about a year and a half ago | (#40690041)

Businesses will switch when IPv4 addresses get so expensive that there is no other option, and the ugly hack on ugly hack to maximize the use for them gets to a point where it isn't worth doing.

Call me crazy, but NAT, ugly as it is, may still be a useful tool. It isolates the internal fabric, so that regardless of what the external routers are talking to, packets get out. Does it improve security? NAT by itself doesn't, but that is what SPF, a good IDS/IPS, and proper segmenting is for.

IPv6 has been around for a long time now. You can't buy an IPv4 only device pretty much, as almost anything that has Net capabilities has at least a dual stack.

Re:No one cares! (1)

na1led (1030470) | about a year and a half ago | (#40691217)

There are other tools besides NAT, like vlan's and vpn that can extend local networks.

Re:No one cares! (3, Informative)

WaffleMonster (969671) | about a year and a half ago | (#40691229)

Until some new technology that everyone wants comes along and requires IPv6, no one will care about it.

The killer app for IPv6 is maintaining a global network of PEERS. It's what you or others don't have to worry about loosing which makes a transition more appealing than accepting status quo for eternity.

Content extracts value by reaching everyone directly without having to worry about degregation through additional hops/congested CGNs.

Service providers extract value by not having to operate expensive CGN.

Governments and LEA extract value by not having to deal with multiple devices cloaked behind a CGN.

Even partial deployment provides some value to all stakeholders.

It makes no sense for businesses to pay thousands on larbor to reconfigure their entire network for IPv6, and see no beneficial gain.

Nobody is suggesting they do. All they need to do is make their *external* presence accessible via IPv6. They can keep IPv4 internally forever for all anyone cares.

Not to mention a lot of legacy hardware still don't support IPv6, like network printers/copiers, camera systems, security systems, etc.

IPv4 is not going away anytime soon. IPv6 is being added. Noone is taking away your toys. You don't have to go out and buy new stuff.

Even if the global IPv4 network went away IPv4 private networks would still be avaliable. You could still tunnel your IPv4 network over IPv6 with anyone you chose to have access to it.

It also complicates maters worse when you try to network across long distances

Having more globally unique addresses complicates matters? I won't pretend I understand how this complicates matters more than attempting to communicate with two peers both stuck behind CGNs.

Lol (4, Insightful)

Anrego (830717) | about a year and a half ago | (#40689979)

Each and every one of you reading this is a customer of service providers and equipment vendors. It's time to use your voice and demand an IPv6 migration strategy that you can plan on.

On my walk in to work, there is this beautiful historic stone fence with cobblestone walk way for about a 2 block stretch... and demanding an IPv6 migration strategy I can plan on from it would likely be a better use of my time...

The article does nail the obvious problem on the head... the fact that IPv6 offers no benefit anyone cares about (we've learned to work with nat and even come to love it) except a solution to a problem that hasn't actually hit yet. Thing is this is the easy part. We all _know_ why IPv6 isn't being adopted. The hard part is how do we change that.. and "call up your ISP" is a really silly answer.

One problem? (1)

Anonymous Coward | about a year and a half ago | (#40690973)

The benefits to IPv6 are significant but I'd like to take apart your assertion that it "[solves] a problem that hasn't actually hit yet".

That's just wrong.

The world supply of IPv4 is empty. Gone. No more available. What about the regional registrars I hear you ask?

Asia. Empty. Dry.
Europe. Imminent exhaustion. 2 - 8 weeks until they're dry.
North America. They're better off. Instead of mere weeks we're up in the months range. 6 - 12 months.
South America and Africa. They're better off only because they have significantly lower burn rates not because they have . This will only stay low until it becomes economically viable to export IPs from these regions or until growth in internet devices ramps up like it has in China or India.

As the price of IPs rise there will more aggressive conservation strategies. You think people like NAT when they control the box just wait until Double-NAT, also known as carrier grade NAT, arrives. People have spent years trying to get NAT traversal working right, and still haven't gotten quite right, and now we're preparing to dial it up to 11.

We can either spend money and transition to IPv6 or spend more money managing the problem rather than solving it.

Re:One problem? (1)

Anrego (830717) | about a year and a half ago | (#40691451)

Current impact to most of the populations daily life: 0

And that's what it comes down to. People en-masse are reactive, not preventative. You can have all the charts and stats and proof showing that it's _going_ to cause huge headaches for everyone.. but until it actually does, nothing will be done.

We can either spend money and transition to IPv6 or spend more money managing the problem rather than solving it.

Big time on option 2. That's just reality.

Re:One problem? (2)

petermgreen (876956) | about a year and a half ago | (#40691647)

We can either spend money and transition to IPv6 or spend more money managing the problem rather than solving it.

Unfortunately IPv6 has a massive chicken and egg problem. We can't really start deploying v6 only stuff until most of the internet has moved to dual stack but there is little financial motivation to move to dual stack while there is virtually no v6 only stuff out there.

So for the foreseeable future the choice for an ISP that is short on addresses (or one that has decided that the market value of their addresses is greater than the "use value") is between deploying some form of ISP level NAT and deploying IPv6 or deploying some form of ISP level NAT and ignoring IPv6.

T-Mobile has IPv6 on 4 Samsung phones (1)

Anonymous Coward | about a year and a half ago | (#40689995)

IPv6 works well at T-Mobile USA https://sites.google.com/site/tmoipv6/lg-mytouch

Better regualte the free markets! (1)

Bulldozer2003 (824009) | about a year and a half ago | (#40690019)

I thought IPv4 was gone, all the IPs handed out willy-nilly for free?

Oh wait, the free market is allocating them more efficiently now that they are all quasi private property?

Better pull out the legislation to stop this and force IPv6 to go faster just cause we want it to.

I always wondered why the ISP I worked at could just be handed a /16 for free with unverified supporting documentation!

Disclaimer: I like IPv6, but I am preempting any comments proposing we stop this IPv4 "black market".

Re:Better regualte the free markets! (1)

shentino (1139071) | about a year and a half ago | (#40690619)

This is the price we pay for handing them out freely in the beginning and failing to force them to be treated as a public resource.

Ceding quasi-property rights in them was the big mistake that let early adopters scoop up loads of addresses for free and presently milk them for all they are worth. It's a black market that is paying monopoly profits to the hoarders of old.

This is nothing more than speculation in a cornered market.

Internet registries need to grow some balls and start seizing IP space that is being used inefficiently or being sold on the black market.

Come to think of it, I don't really think IPv6 is going to fare any better if efficiency is not enforced.

Re:Better regualte the free markets! (1)

shentino (1139071) | about a year and a half ago | (#40690739)

I have no problem with the free market treating them as quasi private property.

Except for the presence of early adopters that were allowed to hoard them in the days of plenty and are now collecting a windfall.

Re:Better regualte the free markets! (1)

lucifuge31337 (529072) | about a year and a half ago | (#40691141)

I always wondered why the ISP I worked at could just be handed a /16 for free .

They weren't. AS numbers cost money, as do IP allocations.

Once I get a modem with that supports it. (0)

medv4380 (1604309) | about a year and a half ago | (#40690043)

My ISP already supports IP6RD if I had a modem with the firmware updated need I'd be on it already. At least it looks like my ISP has been trying to get their supported modems upgraded. They went from only having 1 modem that supports it to now having 3 modems. In a year or two I'll ether have a new modem that supports it or I'll have a upgraded the firmware. Upgrading to IP6 will take time since their is a lot of IP4 only hardware still out there that needs to be purged.

Instructions? (2)

defaria (741527) | about a year and a half ago | (#40690123)

Lots of people talk about IPv6 and how they are "ready" etc. But nobody I've seen gives exact instructions on how I would configure IPv6 for my SOHO setup. What equipment do I need? What configuration do I need to set exactly? And, after I do all of this, can I get to IPv4 places or am I in the 1% as they say?

Clear Instructions? (0)

Anonymous Coward | about a year and a half ago | (#40690203)

I've set up IPv6 to the extent possible on my equipment and the problem is that the steps (for a newbie) are complicated and unclear. How is IPv6 going to spread if one needs a degree in networking to get it all to work?

Re:Instructions? (1)

mactard (1223412) | about a year and a half ago | (#40690825)

You need an ISP that is giving their customers IPv6 subnets (Comcast does, I'm not sure who else though), a newer router that supports IPv6 (everything that's current seems to) and Win7/WinVista/OS X post 10.1/Linux. It's zeroconfig from thereon out. I'm on IPv6 and it's been somewhat useful. I have a AAAA header on my domain so I can access my desktop without dyndns. It's really all about your ISP though.

Really? (-1)

Anonymous Coward | about a year and a half ago | (#40690349)

And in other breaking news, sale of large, luxury cars down due to availability of affordable, economical cars. Highlights at 6.

IPv6 cons (1)

Anomalyst (742352) | about a year and a half ago | (#40690515)

Expensive IANA wants multiple thousands to allow us, as an ISP, to provide equivalent IPv6/48 address blocks to our customers match their IPv4 currently allocated blocks. It provides no incentive for us to give back IPv4 allocations after moving our customers to IPv6
Lacking toolsI have not seen any transition tools to allow a quick and easy remapping from IPv4 to IPv6. The existing blocks and their descriptions (you do put descriptions on your blocks don't you?) should be detected and re-tailored for IPv6. Building the address block heirarchy in an IPv4 design tools and having a script to translate it to a DHCPv6 config would go a long way to easing the pain.
Missing FOSS IPv6 DHCP GUI Microsoft has had a DHCPv6 GUI for quite a while, haw hard can it be to use it as a template? Integration with the DHCPv6 LDAP objects would be a big plus
PXE not supported in DHCPv6 So you are back to IPv4 for remote boot until you can remote configure a host for IPv6

Re:IPv6 cons (1)

darkonc (47285) | about a year and a half ago | (#40691445)

well, PXE isn't a big problem because it's internal network only.... Unless you have cross-network connections that are necessary to boot your machines (an extreme rarity in my world .... bordering on stupid in most cases).

DHCPv6 is a stupid idea (1)

tlambert (566799) | about a year and a half ago | (#40691457)

Unless you are an anal meta-administrator attempting to keep yourself employed, or a repressive government trying to keep your people firmly under your jackboot, everything should be done via stateless autoconfiguration.

Personally, I know I will not miss having to set up tons of hardware that's too stupid to assign its own address correctly.

Re:IPv6 cons (0)

Anonymous Coward | about a year and a half ago | (#40691503)

If you're an ISP, you should be requesting address space from an LIR, not an RIR, let alone IANA, right?

Prefer IPv6? (4, Interesting)

WaffleMonster (969671) | about a year and a half ago | (#40690685)

Vista and Windows 7 "prefer" IPv6 too... Heck even Windows XP with its crappy IPv6 stack turned on prefers IPv6.

If you read the whole cnet article what has changed is network awareness sending an IPv6 only HTTP request periodically to a Microsoft server using this to judge if IPv6 connectivity is actually available.

In other words the behavior of all windows 8 systems on the planet with regards to IPv6 usage is dictated by the availability by a single Microsoft URL. What could possibly go wrong with that? Is it not also wonderful MS having their system ping out to MS servers by default periodically without anyone knowing or providing a user choice to turn it off not involving registry hacks?

With regards to IPv6 usage I just checked the interface stats on my gateway with an HE tunnel configured. Very interesting...IPv6 Internet traffic is a full 25% of overall Internet usage over the last 145 day period. This predates the June 6th IPv6 go live day by several months.

IPv6 = 32GB
IPv4 = 129GB

ISPs are still dragging their feet lighting up IPv6.. I fear we will have to wait another two years before most large ISPs get their act together on full production deployment.

The most interesting thing seems to be the "long tail" effect reflected in my actual usage.

Given current environment where just a handful of megasites are responsible for the majority of all Internet traffic by volume huge changes in traffic patterns can tip the scales on IPv6 usage rapidly while the countless millions of other sites run by the rest take just as long to switch over as the IPv6 naysayers say it will.

Useless Article (1)

StormReaver (59959) | about a year and a half ago | (#40690913)

The "here's what to do about it" teaser amounts to, "complain to your ISP." Thank you so much. If only we had thought of that.

The article is useless.

I Saw What You Did There (1)

j h woodyatt (13108) | about a year and a half ago | (#40691095)

Headline on the original article: What to Do About the Scarcity of IPv4 Addresses
Headline on the Slashdot post: Sale of IPv4 Addresses Hindering IPv6 Adoption

Well-played.

IPv6 address = person? (1)

gottabeme (590848) | about a year and a half ago | (#40691351)

We all know IP4 addresses don't identify a person. Will this change with IP6? With the "an IP address for every toaster" idea, will they still be dynamic enough for plausible deniability?

Here's an idea... (1)

tlambert (566799) | about a year and a half ago | (#40691467)

Give all the IP4 addresses away to China and other countries where botnets tend to originate most often, and make then NAT to get on the IP6 network the rest of us will live on when we don't own any of the IP4 space any more.

Question, Why was IPv4 Even Allowed? (-1)

Anonymous Coward | about a year and a half ago | (#40691475)

Perhaps somebody has an (expert) answer here to this question: Why was IPv4 even allowed or implemented in the first place? Did this have to do with computing and/or memory limitations back in the day (1974 to 1981) that nobody every thought could be overcome or even required? I know hindsight is 20/20.

I find it hard to understand how the researchers developing the IP protocol could think that 4.29 billion address would be sufficient given the scale of possible adoption in the future. I'd have to imagine if everybody had a phone, for example, with an IP address back in 1974 -- which as I understand is the year of the first version implementation of the IP protocol -- the global population was around 4 billion according to wolfram alpha. In 1981, according to the same source, the population was 4.6 billion, which was the year IPv4 was finalized and is still in use today according to the Wikipedia entry; http://en.wikipedia.org/wiki/Internet_Protocol.

Now we are dealing with this IPv4 wall mess. And as far as I can tell the IPv4 is not going away anytime soon. Interesting how the telco's can upgrade networks and hardware implementation. Everyone who develops internet capable devices know most likely have implemented a dual operation mode of IPv4/IPv6 in the devices, but defaulted to IPv4. My ISP provided router has both IPv4/IPv6, but they have now documentation about future implementation or migration to IPv6.

Why are mobile devices on IPv4 any more? (1)

Animats (122034) | about a year and a half ago | (#40691545)

For mobile devices, the software is controlled by the carrier and the data path is controlled by the carrier, and the apps are controlled by the carrier or the handset maker. Mobile devices don't act as hosts. And all the growth in devices is in mobile. So why aren't they all on IPv6?

If the carrier has to do an IPv6 to IPv4 translation, they can do that at their head end.

.2% is not 'just a blip' (2)

darkonc (47285) | about a year and a half ago | (#40691559)

An Arbor Networks graph shows less than .2% of the traffic the company measured was IPv6. That's up from a peak of .04%, which occurred on the first Worldwide IPv6 Day in 2011; hardly a blip in a year.

That's a 5-times increase in a year.

If we pretend that we're business math students, then next year we'll see 1% -- then 5% in 2 years and 25% in 3 years -- which would be easily enough to trigger further network effects.

It all breaks down in the 4th year with 125% of traffic, but I'll just take that to mean that the remaining IP4 traffic will be encapsulated in IP6 packets by then.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...