Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

IPv6 Must Be Enabled On All US Government Sites By Sunday

Soulskill posted about 2 years ago | from the anybody-taking-wagers? dept.

Government 179

darthcamaro writes "Agencies of the U.S. Federal Government are racing to comply with a September 30th deadline to offer web, email and DNS for all public facing websites over IPv6. While not all government websites will hit the deadline, according to Akamai at least 2,000 of them will. According to at least one expert, the IPv6 mandate is proof that top-down cheerleading for tech innovation works. 'The 2012 IPv6 mandate is not the first (or the last) IPv6 transition mandate from the U.S. government. Four years ago, in 2008, the U.S. government also had an IPv6 mandate in place. That particular mandate, required U.S. Government agencies to have IPv6-ready equipment enabled in their infrastructure.'"

cancel ×

179 comments

wha? (-1)

Anonymous Coward | about 2 years ago | (#41492697)

Who mandated this? Why? Sucks to be you...

Re:wha? (2, Funny)

phil_aychio (2438214) | about 2 years ago | (#41492729)

If Romney gets elected, he'll just repeal it back to IPv4

Re:wha? (0)

Anonymous Coward | about 2 years ago | (#41492773)

If Romney gets elected, he'll just repeal it back to IPv4

Get rid of this crap.

Re:wha? (4, Funny)

Anonymous Coward | about 2 years ago | (#41493787)

Romney or IPv4?

Re:wha? (-1, Flamebait)

Anonymous Coward | about 2 years ago | (#41493177)

Good. Why should the people who actually pay taxes have to foot all the bills while the 47% get this for free. The productive class should stop subsidizing the lazy.

parent = troll (0)

Anonymous Coward | about 2 years ago | (#41493445)

i see you trollin. that 47% meme is getting lame and sarcasm is unfunny no matter what your nerd friends tell you. inb4 pro-romney. like a lot of other slashdot hipsters i'm anti-obama, anti-romney, pro-flavor of the day which happens to be gary johnson. ron paul is like so yesterday.

Re:wha? (0)

Anonymous Coward | about 2 years ago | (#41493885)

If Romney gets elected, he'll just repeal it back to IPv4

What the fuck ever. Romney has his flaws and there's no way in hell I'm voting for him (I don't agree with his lassiez-faire style capitalism and rich white guy syndrome), but as a tech enthusiast, I can appreciate the strides he made to push technology forward. Six years ago, Slashdot couldn't get enough of this guy for moving Mass. to use ODF only, and spending a shit-ton of money on tech investments.

http://slashdot.org/story/06/06/30/1849245/MA-Senator-Decries-OpenDocument-Decision [slashdot.org]
http://tech.slashdot.org/story/06/01/31/0349223/romney-continues-odf-support-with-new-appointee [slashdot.org]
http://politics.slashdot.org/story/05/11/17/1653221/ma-governor-wants-more-new-tech [slashdot.org]

public persona vs the real guy (0)

Chirs (87576) | about 2 years ago | (#41494181)

I think Romney is actually more liberal than he needs to portray himself as in order to get tea party votes. I bet if he wasn't pandering to right-wing lunatics he and Obama could actually find a lot to agree on.

Re:public persona vs the real guy (0)

Anonymous Coward | about 2 years ago | (#41495555)

Romney's record as Governor pretty much confirms it.

Re:public persona vs the real guy (1)

spauldo (118058) | about 2 years ago | (#41496223)

I agree. It's funny, I didn't have any real issue with McCain (although his idea to shut the government down was a bit out there), and I don't have much problem with Romney based on his time in Massachusetts, but I didn't support either of them primarily because I want a Democrat with the veto stamp. (That, and the Republicans need to be punished for Bush. WMDs my ass.)

I never really cared that much for Obama - I wanted Clinton.

Not that it matters. I'm in Oklahoma, where a non-Republican vote doesn't count.

Pols & IPv6 (1)

unixisc (2429386) | about 2 years ago | (#41496145)

Flamebait indeed! This initiative started long before Obama, during the Bush administration. Not to mention that neither Clinton, Bush, Obama nor Romney have the slightest idea what IPv4 is. And speaking of the GOP, if they knew that IPv6 has 3.4028236692093846346337460743177x10^38 addresses, as opposed to a mere 4,294,967,296 addresses, they'd all be champions of IPv6.

Re:wha? (1)

kelemvor4 (1980226) | about 2 years ago | (#41496267)

If Romney gets elected, he'll just repeal it back to IPv4

More likely, he'll switch the internet over to lantastic.

I blame the ISPs (4, Interesting)

GeneralTurgidson (2464452) | about 2 years ago | (#41492755)

A lot of the government offices will face challenges with IPv6 connectivity to the internet because a very large number of US ISPs are not IPv6 ready. Especially up here in midwest, you mention "are you IPv6 ready?" and your ISP sales rep gives you a blank look and asks what you're talking about. Maybe if the governments push for this at the ISP level we might see it filter down.

Re:I blame the ISPs (3, Interesting)

geddo (1412061) | about 2 years ago | (#41492875)

As a consumer you do not need IPv6 unless your provider does not have IPv4 addresses to assign to you, as a service provider or Internet based company (or in this case a government agency) you do need IPv6 so that customers who only have IPv6 connections can reach you. Most business class ISP's I have dealt with are IPv6 dual-stack capable, so this is not an ISP issue. The government is doing what other companies are doing and trying to get this working now before it becomes an issue for the future. There is no blame to pass around unless an organization is putting their heads in the sand and ignoring it.

Re:I blame the ISPs (1)

kasperd (592156) | about 2 years ago | (#41493401)

As a consumer you do not need IPv6 unless your provider does not have IPv4 addresses to assign to you

You do if you need to communicate with somebody else who does not have an IPv4 address. And since ISPs have been handing out fever IPv4 addresses than the number of devices to be connected for the last 15 years or so, there is actually already a lot of devices, which do not have IPv4 addresses. Unfortunately, most of those don't have IPv6 addresses either.

Re:I blame the ISPs (1)

geddo (1412061) | about 2 years ago | (#41493675)

Its being deployed as dual stack, and where folks have IPv6 only I understand that the providers have 6to4 translation devices. This will not scale, however my point is as a consumer you don't have a need for IPv6 addresses unless there is a service that is only available on IPv6 that you need to reach, I do not know of any significant services that we IPv4 only users are missing out on so I can't see why it would be needed as a consumer at this point. I have yet to be told by a provider that I can't get IPv6 for a business DIA circuit.

Re:I blame the ISPs (5, Insightful)

DarwinSurvivor (1752106) | about 2 years ago | (#41494193)

Good point, lets wait for the ISP's to run out of IPv4 addresses and suddenly start mandating that people's homes be IPv6 ready out of the blue. We basically have 3 choices.

1) Wait until residents do need it and suddenly give them IPv6 only because there are no IPv4 addresses left. Phone support will have hour-long waiting periods, computer shops will be overloaded with "I need this upgrade tonight so I can submit my college thesus" support requests and a large percentage of Internet users will be SOL until they get their turn in the support line. There's also a VERY good chance we will simply run out of routers, as an alarminly large percentage of consumer (and some professional) routers STILL don't support it and all those people will need upgrades.

2) Wait until we need it and start NAT'ing everyone's internet connection. This may not affect facebook users, but will be a royal PITA for anyone using remote connections, peer2peer networking, etc. If this happens we may not see IPv6 for another 15 years at LEAST.

3) Roll it out NOW in dual-stack configuration world-wide so everyone can get their computers, routers and other devices working with IPv6. ISP's can send out regular (every 2-4 months) letters to consumers still using IPv4 only to warn them about the upcoming switch and give them enough warning to switch over (like they did with digital tv broadcasting). When we finally do run out of IPv4 addresses at the ISP level (and this is ALREADY happening in some areas such as mobile, etc), the ISP's can just disable IPv4 for new customers and/or those already fully using IPv4 and experience a truly smooth transition.

If the analog-2-digial transition for TV broadcasting has taught us anything, it's that consumers need a LONG time to transition between technologies. Considering the TV transition required nothing more than plugging in 1 box with 3 wires on it and IPv6 is going to require computer/OS and router replacement in many cases, we need to start the IPv6 transition on all ISP's about 2 years ago.

Re:I blame the ISPs (1)

QuantumRiff (120817) | about 2 years ago | (#41494385)

My rural ISP has always done this.. Its a royal pain in the ass. My CPE device is 192.168.100.62, on the WAN side. Makes VOIP, hosting your own video game server on a console, bittorrent, and a dozen other things very, very much a pain in the butt. I gave up with an IPSec VPN, and use an SSL one now, but its not the same.. its client based, instead of a hardware one I wanted for my home office.

Ubiquity (a major maker of wireless ISP equipment and backhaul) still doesn't support IPv6 very well at all on the brand new devices they are selling to ISP's.. And my arguments about setting up 6rd or something similar fell on ears that responded the same as the GPP (but, IPv4 is all you need to reach everything)...

Re:I blame the ISPs (0)

Anonymous Coward | about 2 years ago | (#41495353)

Nitpick: Computer shops will not be inundated. All modern OS's support IPv6 already. Yes, WinXP too.

Re:I blame the ISPs (2)

geddo (1412061) | about 2 years ago | (#41495441)

Good point, lets wait for the ISP's to run out of IPv4 addresses and suddenly start mandating that people's homes be IPv6 ready out of the blue.

Not my point, just not trying to write a dissertation here. My point is the provider's of web based services need to get on IPv6 dual stack, until a large number of these providers offer their services natively through IPv6 we will have a huge scalability problem with translation. Until that happens consumers do not *need* IPv6. It's a pretty massive investment to replace the consumer footprint especially with consumers not exactly happy to pay a premium, businesses will do it because they are willing to make an investment to reach the broadest number of users.

Option 4- ISP's continue to upgrade their backbone and edge to support IPv6 and sell the service to business customers to cover the costs while rolling it out in consumer markets as the opportunities arise or the need is highest.

Dual Stack? (1)

unixisc (2429386) | about 2 years ago | (#41496331)

The other thing ISPs can do is go dual-stack lite, where they set up everything in IPv6, and only provide local IPv4 behind IPv6 addresses to those who simply have to have IPv4 to communicate w/ other IPv4 nodes in the internet. After all, complete dual stack is not a solution if they are running out of IPv4 addresses.

Also, businesses and even consumers who consume a high quantity of IP addresses - which in case of IPv4 may be as low as above 16 - ought to implement IPv6 for such applications. That would include things like websites, ftp sites, messaging servers & so on. Essentially, once the high demand items go IPv6, pressure on IPv4 is that much lower, and even facilitates dual stack.

Most consumers are ready (1)

unixisc (2429386) | about 2 years ago | (#41496289)

From what I understand, let's look @ the OSs that natively include IPv6 support, as opposed to those who don't:

  • Windows 7 - check
  • OS-X - check
  • BSD - check
  • Linux - check
  • Android - check
  • iOS - ???

So all new devices that come out w/ an OS already have iPv6 support. Older devices already have all the IPv4 addresses they need, and more likely than not, they are behind NAT and can just keep issueing local IPv4 addresses. So the analogy w/ analog to digital TV fails somewhat as far as domestic customers go - here, it's the consumers who are ready, and the ISPs who need to make the switch. And a lot of the delay is due to the fact that there still doesn't seem to be IPv6 specific routers, switches and other networking equipment that is layer 3 aware. ISPs who are IPv6 ready ought to dual stack their customers who are not still on XP as a default, and over time, just quietly remove IPv4, or start charging a premium if that is needed.

With businesses, it's more complicated, since they have in-house applications that are IPv4, and so for them, migration would be a PITA. When they switch to Server 2008/2012, that's probably the right time to go from IPv4 to IPv6 as well, although I can see why IT departments would be reluctatnt to make 2 jumps in 1 transition. But fact remains that Server 2008 and Windows 7 have IPv6 as their native layer 3 support, as opposed to XP or Server 2003. So this transition is just the right place to go from IPv4 to IPv6.

Also, web hosting services switching to IPv6 would help a great deal as well. The bulk of websites hosted on these would go dual stack ASAP.

Re:I blame the ISPs (1)

jhoegl (638955) | about 2 years ago | (#41493755)

Routers convert the protocols... like they have been doing since inception.
How do you think IPX/SPX talked with TCP/IP?

Re:I blame the ISPs (1)

Eunuchswear (210685) | about 2 years ago | (#41493889)

Winner of the all-time most clueless post on Slashdot.

Or is it a Poe?

Re:I blame the ISPs (1)

jhoegl (638955) | about 2 years ago | (#41494059)

My bad... it just encapsulates it.
But then, it has been 15 years.

hybrid dual-stack (1)

Chirs (87576) | about 2 years ago | (#41494251)

Since all IPv4 addresses have a unique IPv6 representation, an IPv6-only subscriber using a device with a hybrid dual-stack can access an IPv4 address by specifying the applicable IPv6 address. See rfc3493, "Compatibility with IPv4 Nodes".

Re:hybrid dual-stack (1)

gmack (197796) | about 2 years ago | (#41495155)

That is for application level compatibility and only works if both hosts have valid ipv4 addresses. If only one side has ipv4 the ipv4 only machine will be unable to reply to the ipv6 only machine thanks to it's much larger address format.

Re:hybrid dual-stack (1)

unixisc (2429386) | about 2 years ago | (#41496361)

That feature requires IPv4-mapped addresses, which is something whose support varies based on implementation. It's been more or less abandoned, while organizations have instead been exploring other transition technologies, be it dual stack, dual stack lite, tunnelling, or even LSNAT translations. Other problem here is that IPv4 mapped addresses wouldn't work in cases where that IPv4 address is a local address behind a NAT, which will often be the case,.

Re:I blame the ISPs (1)

hairyfeet (841228) | about 2 years ago | (#41495267)

How many Americans are gonna be needing or even wanting to hook up with some address in the middle of China or Africa? All the major websites have IPV4, all the ISPs here in the states have IPV4 and if they had any brains at all they got extra IPV4 addresses so they have room to grow, its just a non issue for the average American. Then there are the security issues, how many of the software firewalls and antivirus packages have been testing to work with IPV6? How well do they perform? i don't know, i can't find any data which means i doubt anybody is even really testing this stuff except for internally.

So while I agree that governments need this because its a global WWW for consumers i'd say its not only not really needed for the average American but until I see some hard numbers showing how the various security software packages work with it I'd be leery of deploying it to my customers, just not enough data.

Firewall support for IPv6 (1)

unixisc (2429386) | about 2 years ago | (#41496399)

Where exactly do these extra addresses come from? The reason it's becoming critical now is that even w/ NAT, they're running out. And once one introduces 2 or more levels of NAT, a major overhaul would be required of NATing software, since your mapping - currently based on mapping a single layer 3 address to a layer 2 address - will have changed, since one would now have to map a combination of a layer 3 routable address and a layer 3 non-routable address to a layer 2 address. Once that level of work will be needed, one might as well go for IPv6 anyway.

The software firewalls - the ones based on BSD and Linux - things like PF and IP Tables - already support it. I think Norton is still behind the curve, and dunno about McAfee, Kaspersky, ESET or others. But at a router point, if they put in something like PF or IP Tables, they are providing a good level of security already, since they can block an entire /64 link. Beyond that, enable Antivirus and other malware, and don't bother about firewalls, until your security software supports IPv6. B'cos if you don't have an IPv4 address, there is no way any malware delivered via IPv4 can reach you anyway.

Re:I blame the ISPs (2)

Mathieu Lutfy (69) | about 2 years ago | (#41492983)

What kind of challenges will they face? It's not like they're turning off IPv4. Sites will be dual-stack, and many of them have been for quite some time already.

Google/Youtube, Facebook and many other mainstream sites have already enabled IPv6 on June 6th 2012.

PS: Comcast has been enabling IPv6 by default to some of their customers (5% ?). I was in a small US country-side hotel in March 2012, they had really broken NAT, but their IPv6 was working fine. I also have dual-stack native IPv6 at home (Canada, TekSavvy ISP). Works great, lots of fun to route public subnets to access points and routers that connect with neighbours. I even announce my address block on our neighbourhood mesh network.

Re:I blame the ISPs (2)

squiggleslash (241428) | about 2 years ago | (#41493461)

6to4 works on most ISPs too.

I actually prefer 6to4. It's less efficient, but reverse DNS is guaranteed to work - you don't have to rely on your ISP setting it up - and you can talk to pretty much any IPv6 address with it,

Re:I blame the ISPs (1)

fustakrakich (1673220) | about 2 years ago | (#41493407)

Maybe if the governments push for this at the ISP level we might see it filter down.

I hope you're not pimping for a mandate there. An internal one within the government itself is fine, but don't try to force it down our throats.

Re:I blame the ISPs (0)

Anonymous Coward | about 2 years ago | (#41493657)

Yep, socialized ISPs would be a nightmare. I say fuck the 47% and don't let them have access to the IPv6-enabled sites until they pay their fair share of the tax burden.

Re:I blame the ISPs (1)

jonadab (583620) | about 2 years ago | (#41493705)

> a very large number of US ISPs are not IPv6 ready

IPv6 ready, you mean, in the sense of making connectivity service available to the public using IPv6? I was not aware that there were *any* ISPs who were IPv6 ready, or planning to be. Can you name one ISP that is? I cannot.

The thing is, there's no significant demand for it, outside of a handful of industry hobbyists. In terms of the general public, nobody cares about IPv6. They just want the internet, and at this point "the internet" is effectively synonymous with IPv4.

Which in turn probably has something to do with the ratio of IPv6-only sites and services to IPv4-only sites and services, a ratio that is so close to zero you'd need scientific notation to make it fit on one line. You can't use IPv6 to access the internet, in practice: a few sites work, but bazillions of other sites don't. Even if you could access most or all of the internet with IPv6, there still wouldn't be any real concrete advantage, because, you can *also* use IPv4 to access pretty much every single thing.

Thus, IPv6 provides... no benefit whatsoever to the individual and no benefit whatsoever to businesses either. In other words, it's Blu-Ray. The advantage to releasing a popular movie in Blu-Ray format is, you can make the Blu-Ray advocates happy for twelve seconds. The advantage to releasing it on DVD is, you can sell millions of copies. Coming from the consumer side, the advantage of buying a Blu-Ray player is even less compelling. IPv6 is in the same boat.

Re:I blame the ISPs (1)

Desler (1608317) | about 2 years ago | (#41493777)

So you've never heard of Comcast, Verizon, or AT&T? They've been constantly expanding their IPv6 rollouts since late 2011. Time Warner has been running trials as well.

Re:I blame the ISPs (0)

Anonymous Coward | about 2 years ago | (#41494025)

And how many millions of routers are they going to have to send to their customers, and how about all those mobile devices that don't get OS updates?

Re:I blame the ISPs (0)

Anonymous Coward | about 2 years ago | (#41494149)

None and no problem.

Re:I blame the ISPs (1)

kermidge (2221646) | about 2 years ago | (#41494489)

In talking with a tier-2 tech yesterday on unrelated matter, he said so far as he knew TW had IPv6 (and DOCSIS 3) enabled or ready "pretty much everywhere" end-to-end, but it requires new equipment and higher service level at ~$30 more per month. I can't afford it so don't know if it's true or not (although he offered to switch me to customer service to place the order.)

Re:I blame the ISPs (1)

Anonymous Coward | about 2 years ago | (#41493907)

Your BluRay statement is pretty wrong. Let's compare sales for some recent movies:

Hunger Games: 5.6 million DVD sales. 3.9 million BluRay sales.
The Lorax: 3 million DVD sales. 2.4 million BluRay sales.
Snow White and The Huntsman: 730k DVD sales. 890k BluRay sales.
Battleship: 600k DVD sales. 793k BluRay sales.

So the gap between the two is not what you would have people believe. Source is the-numbers.com

Re:I blame the ISPs (0)

Anonymous Coward | about 2 years ago | (#41493919)

In addition to those ISPs listed by the sibling, T-Mobile's 3G gives out IPv6 addresses.

Yes, you point out the eternal chicken-and-egg problem associated with the IPv6 transition: nothing uses it because nothing uses it. Of course, if/when the transition actually happens, the internet will work better because it will mean every node can potentially act as a server making things like VOIP/video chat easier as well as other peer-to-peer applications which haven't been getting developed because everyone is stuck behind a NAT.

Re:I blame the ISPs (0)

Anonymous Coward | about 2 years ago | (#41495117)

Comcast has been testing IPv6 for a while now.. just like DNSSEC. I tried to sign up with the beta test they had years ago, but my area wasn't one of the test areas in the end.

Re:I blame the ISPs (1)

RazzleDazzle (442937) | about 2 years ago | (#41494127)

The public facing resources of the government agencies need to be IPv6 enabled, not the internal and external workings of the networks within the various organizations. This simply means in most cases, inbound email servers and web servers need to be hosted on machines somewhere in the world that have full IPv6 access, then the respective DNS records need to be in place for said services, which translates to add "AAAA" records. I bet Akamai is loving this mandate because they are a popular choice for government agencies to turn to for IPv6 enabled hosting but Akamai is not the only company that will do IPv6 hosting.

Re:I blame the ISPs (0)

Anonymous Coward | about 2 years ago | (#41495481)

Hurricane Electric tunnels (or any other 6-in-4 tunnel provider) should allow them to meet this mandate even with only IPv4 available.

Romney sez (-1)

Anonymous Coward | about 2 years ago | (#41492813)

IPv4 is good enough for "those people".

Re:Romney sez (0)

Anonymous Coward | about 2 years ago | (#41493891)

No, Romney says you can only have it after you've been driven half way across the country in a crate lashed to the top of his luxury vehicle. But don't worry, he'll hose the shit and vomit off you when you get there, and you'll be as good as new!

Romney is such a complete tool. It floors me that *anyone* would vote for him; but I'm grateful, because it identifies the OTHER tools out there, and there's no way in heck he can win anyway.

Re:Romney sez (1)

camperdave (969942) | about 2 years ago | (#41495397)

Yes, America! Send a message to Washington and the big parties. Don't vote for either Obama or Romney. Vote for Virgil.

Nice to see (1)

jbolden (176878) | about 2 years ago | (#41492841)

I've been following the federal government on this. It is wonderful to see the government taking the lead and helping to drive a technology. We often talk about complaints with government but they deserve kudos for doing some hard and doing it right.

Re:Nice to see (2)

Medievalist (16032) | about 2 years ago | (#41493357)

Given a choice, I'd rather see them stop forcing private citizens to use proprietary formats (like Microsoft Word) instead of organizing large payouts of taxpayer dollars to favored tech companies.

Re:Nice to see (1)

jbolden (176878) | about 2 years ago | (#41493487)

Given that Microsoft is an American company I'd say it is doubtful there is going to be a huge USA led shift away from Microsoft. Probably better looking at Europe to lead the way for desktop, there and things didn't go so well with the European initiatives. OTOH Apple and Google are both American companies so you might see iOS/Android being the ticket.

Re:Nice to see (1)

DarwinSurvivor (1752106) | about 2 years ago | (#41494219)

It's kind of pointless though if they aren't mandating ISP's to at least provide dual-stack support for both protocols. What's the point of government websites being IPv6 if the country is still stuck on IPv4?

Re:Nice to see (2, Insightful)

Anonymous Coward | about 2 years ago | (#41494787)

It's kind of pointless though if they aren't mandating ISP's to at least provide dual-stack support for both protocols. What's the point of government websites being IPv6 if the country is still stuck on IPv4?

To enable a smooth transition. By making sure that all government websites are IPv6 compatible it will be safe for consumers to make the transition without having to worry that they will be locked out from vital services.
The problem is that unless there are IPv6 only hosts there is no point for consumers to make the transition and without a lot of IPv6 only consumers it makes no sense for hosts to invest in IPv6 servers.
This is pretty much the government taking a step to move society out of a hen-egg deadlock.

Re:Nice to see (1)

jbolden (176878) | about 2 years ago | (#41494943)

ARIN which is quasi governmental is handling that part of switching over ISPs. But there is a chicken and egg problem some people have to go first.

IPv6 too complex (-1, Troll)

Anonymous Coward | about 2 years ago | (#41492885)

All they had to do was make Internet addresses twice as long 0.0.0.0.0.0.0.0 to 255.255.255.255.255.255.255.255 and it would have fixed the problem. Device makers could easily update the logic to do that in future products as well. Plus, you can use IP4 addresses at the same time by making software see them as 192.168.0.1.0.0.0.0

Keep it simple.

Re:IPv6 too complex (0)

Anonymous Coward | about 2 years ago | (#41492903)

Um, ASIC logic isn't that simple. Try a little harder.

Re:IPv6 too complex (0)

Anonymous Coward | about 2 years ago | (#41493211)

ahahaha good troll

Re:IPv6 too complex (0)

Anonymous Coward | about 2 years ago | (#41493325)

Twice as long? Why bother with that when there are all those wasted numbers ager 255!

Re:IPv6 too complex (1)

Anonymous Coward | about 2 years ago | (#41493965)

All they had to do was make Internet addresses twice as long 0.0.0.0.0.0.0.0 to 255.255.255.255.255.255.255.255 and it would have fixed the problem

Yes it would but IPv6 addresses are more fun and easier to remember. You get to use hex sp33k and the zero compression schemes get rid of unecessary zeros. My public 16-octet IPv6 address is much smaller and easier to remember than your 8 octet solution.

Device makers could easily update the logic to do that in future products as well.

It does not matter if it is a single extra bit or 96 extra bits the cost and global effort is the same.

Plus, you can use IP4 addresses at the same time by making software see them as 192.168.0.1.0.0.0.0

::192.168.0.1 is valid IPv6 and looks less complex than your 8-octet version. Just because you can do something does not mean there is a valid reason to do it. There is no benefit to playing this subset superset game. This is an operational nonstarter.

actually it's ::ffff:192168.0.1 (1)

Chirs (87576) | about 2 years ago | (#41494327)

The one you quote is deprecated.

Re:actually it's ::ffff:192168.0.1 (1)

camperdave (969942) | about 2 years ago | (#41495581)

The one you quote is deprecated.

... and that is why IPv6 isn't being rolled out. We haven't even gotten started, and already parts are deprecated. IPv6 is in too much of a state of flux. Is what I've learned and am learning about IPv6 even valid anymore? How can I roll out a solution if I can't know that it is the Right Way (TM) to do things? There needs to be a feature freeze so that the folks who build end user equipment can implement IPv6.

Too Complicated (0)

Anonymous Coward | about 2 years ago | (#41493005)

IPv6 is too complex, which is what has hampered its slow adoption from the beginning. Instead of simple address space extension, the brains behind it decided to add all sorts of fun features to it that just aren't necessary, thus leading to people not wanting to put the effort in to figure it out. Since those features have died off, it's getting less terrible, but now it's a moving target.

KISS would have gotten us to IPv6 5 years ago.

Re:Too Complicated (5, Informative)

kasperd (592156) | about 2 years ago | (#41493327)

IPv6 is too complex, which is what has hampered its slow adoption from the beginning.

IPv6 is simpler than IPv4.

Instead of simple address space extension, the brains behind it decided to add all sorts of fun features to it that just aren't necessary, thus leading to people not wanting to put the effort in to figure it out.

That's just a lame excuse. There are some new features, but those are mainly important to the endpoints. For routers in between, the job they need to do became simpler. And it is the network, which has been lacking, not the endpoints. The excuse that it is too complicated has mainly been used by those who didn't need to deal with the complexity.

Since those features have died off, it's getting less terrible, but now it's a moving target.

Name one change that affected a network provider, who just has to move packets between two endpoints.

KISS would have gotten us to IPv6 5 years ago.

No. There were only two approaches that could have speeded it up. Top down regulation or customer demand. But both of those were in the hands of people who won't understand the problem until they can no longer get online. Actually, there is one other thing that could have speeded it up. If we had never gotten any sort of NAT for IPv4 in the first place, then the transition would have gone faster.

Re:Too Complicated (2)

j2.718ff (2441884) | about 2 years ago | (#41494363)

IPv6 is too complex, which is what has hampered its slow adoption from the beginning.

IPv6 is simpler than IPv4.

True, but dual stack is more complex than either.
I don't see flipping a switch and transitioning from IPv4 to IPv6. Instead, I see living with a dual-stack environment for a while. It will not be pretty.

Re:Too Complicated (0)

Anonymous Coward | about 2 years ago | (#41495511)

I agree dual stack is twice as much management overhead. Every firewall policy requires 2 entries. That being said, it is really unavoidable until all the ISPs get off their duffs and re-invest some of those millions/billions in profit back into their infrastructure. That, however would cut into their excutive vaction funds.

US Gov't a leader (1)

fa2k (881632) | about 2 years ago | (#41493023)

This makes the US government a technology leader, at least in one respect. Try to go v6 only some time, and watch all the "Cannot connect to server" messages.. Only big ones like Google and Facebook seem to be available on IPv6 (it certainly cuts down on distractions to remove the IPv4 default route, but I can't even get to my email)

And on Monday, the headline will be (0, Troll)

SmurfButcher Bob (313810) | about 2 years ago | (#41493175)

..."At least 2,000 US Federal Government sites were hacked when it was discovered that they were not behind a NAT anymore."

Re:And on Monday, the headline will be (5, Informative)

heypete (60671) | about 2 years ago | (#41493243)

Why would a publicly-facing web server be behind NAT? That doesn't make any sense. NAT offers no security benefits.

Please note that "NAT" != "stateful firewall", though the two functions are often combined in a single piece of hardware.

My home network has been dual-stack for years (with NATed IPv4 and IPv6). All the systems on the network are behind a stateful firewall and even though my internal devices have globally-unique IPv6 addresses none of them are accessible from the outside world.

Re:And on Monday, the headline will be (-1)

Anonymous Coward | about 2 years ago | (#41493667)

Wow your a dumb fucking cock....

Re:And on Monday, the headline will be (1)

bill_mcgonigle (4333) | about 2 years ago | (#41494949)

Why would a publicly-facing web server be behind NAT? That doesn't make any sense.

When you have more services than public IP's. I have 5 IP's at the office, and run over a dozen services from them. These days, you spin up a VM for each service, for isolation, and NAT the ports where they need to go.

Re:And on Monday, the headline will be (0)

Anonymous Coward | about 2 years ago | (#41495877)

When you have more services than public IP's. I have 5 IP's at the office, and run over a dozen services from them. These days, you spin up a VM for each service, for isolation, and NAT the ports where they need to go.

Which of course doesn't apply in the case of IPv6, since you can't possibly have more services than IPv6 addresses.

Re:And on Monday, the headline will be (4, Informative)

cbhacking (979169) | about 2 years ago | (#41493329)

I can't tell if you're a troll or just spouting off about things you don't understand in the least, but...

It's a hell of a lot easier to find a vulnerable machine behind NAT than it is to find one across a search space 40 bits wide (which is wider than the entire IPv4 search space, and less than a cube root of the search space of IPv6 as a protocol).

NAT is not a security measure. You can (and should) still have a firewall with IPv6; your firewall box just won't also have to perform NAT. That's fine, though; a NAT has a maximum search space of 24 bits (10.0.0.0/8) while IPv6 has enough addresses to assign one to every atom in the solar system, and no, that's no an exaggeration, guess, or line of BS.

Re:And on Monday, the headline will be (1)

bytesex (112972) | about 2 years ago | (#41493967)

Your argument is all about the lack of bits in an IPv4 address, not about NAT per se.

Re:And on Monday, the headline will be (1)

bytesex (112972) | about 2 years ago | (#41494053)

Besides that, NAT *is* effectively a security measure - it masks your source address. It's like half-tunnel mode.

Re:And on Monday, the headline will be (0)

Anonymous Coward | about 2 years ago | (#41494217)

LOL. If NAT *is* effectively a security measure it is a terrible one. Easier to break them Windows 95.

Re:And on Monday, the headline will be (1)

squiggleslash (241428) | about 2 years ago | (#41493489)

NAT is not a firewall. And anyone deploying IPv6 should be doing so on a machine modern enough to have a strong, centrally administered, software firewall.

Re:And on Monday, the headline will be (2)

bytesex (112972) | about 2 years ago | (#41493903)

Yes it is. Because inverse NAT requires you to specify where to send the traffic *to*. I'm a great proponent of IPv6 myself, but this argument of the IETF is bogus. Besides, 'centrally administered firewall' on each machine ? I think I see a flaw in your method.

Re:And on Monday, the headline will be (0)

Anonymous Coward | about 2 years ago | (#41494259)

You should look into this. Hacking a device that is only behind a NAT, hard to find these days since most routers have build in firewalls also, is not much more difficult than a system directly connected to the network. NAT is easy to bypass without a firewall.

NAT implies a firewall (1)

Chirs (87576) | about 2 years ago | (#41494345)

but you can also just implement the firewall without NAT and get the same level of security.

Re:And on Monday, the headline will be (1)

rjr162 (69736) | about 2 years ago | (#41495151)

you could use link local and site local IPv6 address to help with this.. or better yet setup your router, switch (if managed), and/or firewall to do this for you.

Public facing only... (2)

Bugler412 (2610815) | about 2 years ago | (#41493267)

Recently worked in a govt facility on a project, they are just as far as most everyone else from being ipv6 ready internally, perhaps a lot farther away than many. Additionally, as you might expect, no one is budgeting for the replacement of infrastructure (like 20 year old printers for instance) that need to go to make it happen. Even though they have a mandate to be ready internally in two years. That mandate ain't gonna fly.

Re:Public facing only... (1)

Dagger2 (1177377) | about 2 years ago | (#41495225)

There's a difference between IPv6-ready and IPv6-only. Those 20-year-old printers that only work on v4 will continue to work on the v4 part of the dual-stacked internal network; replacing them isn't a requirement for deploying v6. (It is a requirement for removing v4, but that's the long-term goal, not the immediate one.)

Slashdot and IPv6 (0)

Anonymous Coward | about 2 years ago | (#41493735)

Z0MG!!1! I pinged www.slashdot.org and it returned an IPv6 address!!! ... then I woke up..

This time it really is happenning (4, Informative)

kevmeister (979231) | about 2 years ago | (#41493741)

I work for the NSP for a large number of government research facilities. Our network has had full IPv6 support for several years, but no IPv6 customers (other than ourselves). The prior IPv6 mandate was primarily satisfied by bring up an IPv6 connection with the customer and their pinging our router, then deconfiguring the IPv6. That was really all the mandate required.

This time we are bringing up full IPv6 connectivity with them. It really is happening this time and it mostly seems to be working.

The mandate is also pressing other providers to get IPv6 up and running. Under the mandate, if you have a provider that can't support IPv6 on Oct. 1, you need to change providers. In simple terms, the general public must be able to access your web services and all publicly linked pages as well as DNS via IPv6 if they have IPv6 connectivity to the Internet. (Admittedly, this is a fairly small subset of Internet users.) The federal governments is a rather large customer of several major providers, so this has probably been the biggest cause of several of them getting IPv6 running, though some still don't offer IPv6 to non-governmental customers.

Between the U.S. Government and Comcast, IPv6 seems to really be happening. Traffic is clearly increasing rapidly, though still very tiny compared to IPv4.

Re:This time it really is happenning (1)

Anonymous Coward | about 2 years ago | (#41493929)

Traffic is clearly increasing rapidly, though still very tiny compared to IPv4.

On my gateway, I use a IPv6 tunnel to get my IPv6 address. My IPv6 usage is not "tiny" anymore. It was few months ago, but it is growing quite quickly.

In August, total traffic was 20GB and 2GB (10%) was IPv6.
In September, total traffic was 17GB so far and IPv6 was 35% or almost 6GB.

This is primarily due to IPv6 website availability. Heck, yesterday 50% of all traffic was IPv6.

The sad part is, my ISP does not even have IPv6 on their internet backbone, never mind providing IPv6 to their customers.

Re:This time it really is happenning (0)

Anonymous Coward | about 2 years ago | (#41494647)

HAHAHAHAHA.. "My IPv6 usage is not tiny".. "I used 6gb of bandwidth this month"

HAHAHA

Re:This time it really is happenning (1)

j2.718ff (2441884) | about 2 years ago | (#41494391)

The mandate is also pressing other providers to get IPv6 up and running. Under the mandate, if you have a provider that can't support IPv6 on Oct. 1, you need to change providers

Yes, this sort of thing does actually have some effect. I work for a company that sells to the government. They are requiring that our products support IPv6. They admit they aren't likely to be using them on an IPv6 network any time soon, but if we don't support IPv6, they won't buy from us.

Re:This time it really is happenning (0)

Anonymous Coward | about 2 years ago | (#41495111)

I've been asking for IPv6 transit since I started working at my local government employer two years ago. We're small potatoes with just a DS3 to each provider, but we're still a paying customer. AT&T basically offered to sell us consulting services, but couldn't offer any transit or even give a guestimate as to when they could. VZN said, "We're upgrading your POP soon," but that was over a year ago.

If I don't convert, what will you do? (1)

Compaqt (1758360) | about 2 years ago | (#41493745)

That's the question which a lot of overworked federal agency heads might be asking.

I.e., "What's in it for me?"

And, "If we miss the deadline, what will happen." It would be nice if every federal agency just did whatever they were told to do, as if they were merely the organs of one single body. But actually, they are multiple bodies. And if the answer to the question is "nothing", then some wily agency heads will choose to simply ignore the directive.

Re:If I don't convert, what will you do? (4, Interesting)

kevmeister (979231) | about 2 years ago | (#41493837)

This is an Office of Management and Budget (OMB) mandate. They can reduce or completely halt funding. It has been made very clear that, while there will be failures and missed dates, they better not be because you were not trying. Oddly, management tends to take the possibility of losing funding very, very seriously.

Dueling mandates (1)

winmonster (515415) | about 2 years ago | (#41493875)

Some people are saying, "Yeah, providers will give you IPv6 addresses for your DIA circuits. I don't see an issue." But they aren't fully aware of other mandates that influence civilian agencies' abilities to meet the IPv6 mandate. Namely, this one: http://www.dhs.gov/trusted-internet-connections-tic. None of the TIC provider's are offering IPv6 connectivity that I'm aware of, but they are all in various stages of getting there. The agencies that are ready most likely host their own MTIPS offering or (more likely) using hosting companies to get there.

Re:Dueling mandates (1)

geddo (1412061) | about 2 years ago | (#41495261)

From a link on the website you posted- The following vendors have been approved to offer TIC compliant MTIPS services through the Networx contract: AT&T, CenturyLink (formerly Qwest), Sprint, Verizon Business. Last I checked AT&T, CL and Verizon all offer IPv6/4 dual stack DIA, I don't know about Spint's offering but that's 3 options. In any case, no one is saying its easy but it is a good first step for the government to mandate this stuff, no one really took it seriously until they said all IPv6 hardware and software they bought had to be compliant (loosely quoted), then every company that wanted to do business with the government took it seriously.

Re:Dueling mandates (1)

winmonster (515415) | about 2 years ago | (#41495561)

You can get IPv6 DIA from them, but not IPv6 TIC. They are not the same. All of the agencies that moved to provider-based TIC cannot get IPv6 service in time for the mandate.

Re:Dueling mandates (1)

sfprairie (626602) | about 2 years ago | (#41496295)

You can get IPv6 DIA from them, but not IPv6 TIC. They are not the same. All of the agencies that moved to provider-based TIC cannot get IPv6 service in time for the mandate.

That is very correct. We will not be compliant with our own hosted sites because of our TIC provider can not support ipv6 yet. The sites that are hosted on Akamai are ipv6 compliant and have been for some time. I think there are about three, maybe four comments here from people who know what the actual civilian Fed requirements are capabilities are, and are familiar with TIC. All the other comments are from people who have no idea.

cheerleading? (1)

nurb432 (527695) | about 2 years ago | (#41494023)

I don't know if id call forced deadlines as 'cheerleading'.

'bout time. (0)

Anonymous Coward | about 2 years ago | (#41494785)

So when is Slashdot gonna bite the bullet?

ipv6.user@fe80::feed:babe:beef:abed

Yeah... (0)

Anonymous Coward | about 2 years ago | (#41495105)

Not gonna happen

The university I work at... (1)

rjr162 (69736) | about 2 years ago | (#41495167)

has IPv6 enabled, and things are working fine there. The exception are some of the branch campuses that have older switches and such where turning on IPv6 in Windows 7 seems to really slow the whole network at these locations down.

Most Agencies Have Made "No Progress" (1)

PineHall (206441) | about 2 years ago | (#41495237)

NIST statistics [nist.gov] show that over half the agencies have made "no progress" in their IPv6 deployment. It is good that the government is doing this, but too many agencies are asleep at the wheel [gcn.com] . It does no good when the agencies will not do what they are required to do.

IPV12 Openprojects - Freenode (1)

NSN A392-99-964-5927 (1559367) | about 2 years ago | (#41495565)

When I was oper on OpenProjects.net now freenode I campaigned for IPV12 or 16 pushing forward the argument that IPV6 was rather short sightedness and that was 10 years ago. Some people did not like my ideas and I was booted as my ideas were too "Outlandish".

It appears that anything descent gets "scotched" http://www.thefreedictionary.com/Scotching [thefreedictionary.com] (please refer to definition Scotch1) "1. To put an abrupt end to: The prime minister scotched the rumors of her illness with a public appearance".

Nonetheless, this issue raises its ugly head once again.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...