Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

One Year After World IPv6 Launch — Are We There Yet?

samzenpus posted about a year ago | from the state-of-things dept.

The Internet 246

darthcamaro writes "One year ago today was the the official 'Launch Day' of IPv6. The idea was that IPv6 would get turned on and stay on at major carriers and website. So where are we now? Only 1.27% of Google traffic comes from IPv6 and barely 12 percent of the Alexa Top 1000 sites are even accessible via IPv6. In general though, the Internet Society is pleased with the progress over the last year. '"The good news is that almost everywhere we look, IPv6 is increasing," Phil Roberts,technology program manager at the Internet Society said. "It seems to be me that it's now at the groundswell stage and it all looks like everything is up and to the right."'"

cancel ×

246 comments

But its still difficult (4, Informative)

Chrisq (894406) | about a year ago | (#43934637)

But its still difficult to get an ipv6 home connection in many areas. I can see that for years to come we will have an ipv6 backbone, ipv6 in amjor organisations but most people connected via NAT and an IPv4 isp

Re:But its still difficult (1)

Anonymous Coward | about a year ago | (#43934685)

your typical home router that is still being bundled by ISPs doesn't support IPv6, it seems only 'high end' or after-market routers tend to do that, probably because the amount of firmware memory in these cheap routers is limited. ISPs don't want to have to go and replace all those home routers. That said, they should make sure that their own network can route IPv6 sensibly and natively, and that any services they offer needs to support IPv6 as well.

There's no good reason why the mobile providers aren't doing IPv6 now for 3G/4G networks. Maybe they've grown fond of their carrier-grade NAT boxes? Maybe their crazy usage metering systems that give different pricing for different packet destinations, don't work with it?

Re:But its still difficult (3)

Chrisq (894406) | about a year ago | (#43934739)

your typical home router that is still being bundled by ISPs doesn't support IPv6, it seems only 'high end' or after-market routers tend to do that, probably because the amount of firmware memory in these cheap routers is limited.

Is the firmware for IPv6 necessarily much larger than that for IPv4? I would have thought that the complexity would be similar. On the one hand you don't need NAT, but on the other you need more complex filtering [arstechnica.com] .

Just do it on the router (2)

dbIII (701233) | about a year ago | (#43934823)

If you don't have much stuff on the inside of your firewall it's not really any harder. Actually if you have a lot it's not really harder either since it's still all ports and addresses. The fuckup you've linked to is due to separate teams working on separate firewalls for IPv6 and v4 and is a management issue which only affects the endpoint. If you've got the network under the adult supervision of even a cheap and nasty ADSL IPv6 aware router the filtering should just work without having to care about problems due to internal empire building at Microsoft or Apple. "Block all except ports X,Y,Z" is not that hard to do on any sort of sane interface, and if you have to do it twice due to an unforgivable fault of UI design from office politics it's still not that bad.

Re:But its still difficult (1)

nine-times (778537) | about a year ago | (#43935097)

I would think that ISPs would, for the course of a transition, support both IPv4 and IPv6 in some form. Since it would still need to handle all the IPv4 stuff it has been handling and then IPv6 in addition, I'd expect that supporting both might require larger and more complex firmware, and perhaps even more computing power.

I don't really know what I'm talking about, though.

Re:But its still difficult (1)

Alioth (221270) | about a year ago | (#43936057)

The stuff at the ISP end (routers and the like) have supported IPv6 for years.

Re:But its still difficult (2)

julesh (229690) | about a year ago | (#43936357)

The stuff at the ISP end (routers and the like) have supported IPv6 for years.

Depends on where you are. Here in the UK, BT wholesale only started upgrading their network to support IPv6 some time last year. That's despite having rolled out a complete replacement "21st century" network only a few years previously -- somehow, they failed to realise that IPv6 support might be a useful feature.

Re:But its still difficult (1)

datavirtue (1104259) | about a year ago | (#43936411)

Indeed, at this point it is a matter of clearing away the cob-webs of ignorance and configuring your damn device for a modern networking protocol.

Re:But its still difficult (1)

petermgreen (876956) | about a year ago | (#43935315)

A stateful firewall is in general less complex than a NAT. A stateful firewall has to understand what the higher level protocols are doing to a sufficient extent to decide what to block. A NAT has to understand what the higher levels are doing and know enough about the packets to alter them.

But that is beside the point. Between servers that aren't available on v6 and residual end systems that don't support IPv6 out of the box (if at all) home routers are going to have to keep doing IPv4 for the forseeable future. So when considering the requirements of IPv6 we need to consider the requirements of adding IPv6 support. Not the requirements of replacing IPv4 support with IPv6 support.

Re:But its still difficult (1)

Bengie (1121981) | about a year ago | (#43935371)

My ISP didn't give me a router, they gave me Gigabit Ethernet Switch+Bridge+Fiber Transceiver. It's like a big LAN, where each customer gets their own vLAN with a gateway which is the chassis. Except, instead of a regular 48 port switch, it's a 480 port Layer3 IPv4/IPv6 chassis with a 2Tb backplane and 4x100Gb uplinks.

My question is what do they plug those uplink ports into. Each chassis can only support 480 people and there are thousands. What does an aggregate switch for 100Gb ports look like? And what router accepts 100Gb ports?

Re:But its still difficult (1)

silas_moeckel (234313) | about a year ago | (#43935911)

Juniper T and Cisco Nexus mostly. 100gb ports are really not that uncommon, sub 10k TOR switches can be had with 48 ports of 10ge and a few 40/100 uplinks. Gigabit has been a server standard since the end of the 90's 10ge nics are fairly cheap options at this point.

Re:But its still difficult (1)

LordNelsonthe2nd (2817893) | about a year ago | (#43935379)

At least the Fritz!Boxes of the last years all support IPv6 (They're what you get from pretty much every ISP in germany except for the really crappy providers). Not sure when they've added support, the one I got about two years ago had it. My ISP (m-net) also provides native IPv6 for all customers, but it's one of the few that do so (Also not sure how long, the 2 years I have my router for at least). Especially the large ISPs are really lazy when it comes to IPv6 support, guess it may take a few more years for them to even start thinking about it...

Re:But its still difficult (1)

jampola (1994582) | about a year ago | (#43934731)

I live in Thailand. There isn't a single ISP that offers residential services that pushes IPv6. When I call and ask about it, I get the usual "huh? IP what?" -- So yeah, that gives you a sure indication of where we're at!

Re:But its still difficult (1)

compro01 (777531) | about a year ago | (#43936007)

One would think they'd be a bit more proactive given that APNIC has already run down to their last /8 and is only giving out one /22 per customer now.

Re:But its still difficult (1)

CastrTroy (595695) | about a year ago | (#43934831)

Haven't done any shopping lately, but do most people's home routers support IPV6? I'm pretty sure mine doesn't. I think this is part of the problem with ISPs rolling out IPV6. Many of the customers don't have the hardware at home to deal with it.

Re:But its still difficult (1)

bill_mcgonigle (4333) | about a year ago | (#43935779)

Many of the customers don't have the hardware at home to deal with it.

It hardly matters. I signed up for the Comcast IPv6 trial years ago - downtown business-class connection - they're not even rolling it out in this area yet. There are a few tiny areas where you can get one on a residential service, but mostly no - most people only have access to IPV4. Until IPv6 is available from the prevalent carriers, I'm not going to worry too much about end-users not adopting.

If the device manufacturers would just skin OpenWRT instead of shipping their horrendous proprietary firmwares, then the 802.11ac upgrade cycle would take care of a lot of this automagically. But no...

Re:But its still difficult (2)

FireFury03 (653718) | about a year ago | (#43934987)

But its still difficult to get an ipv6 home connection in many areas. I can see that for years to come we will have an ipv6 backbone, ipv6 in amjor organisations but most people connected via NAT and an IPv4 isp

In the UK at least, it isn't difficult to get an IPv6 connection. However, you need to know you want one when you shop around, as the majority of ISPs still don't do it. If you're an "average user" and therefore know nothing of IPv6 or how the internet works, adoption is at rock bottom because:
1. You need to be clued up enough to ask an ISP if they offer v6 (the "big 4" don't)
2. You need to be clued up enough to know when the ISP is lieing
3. You need to be clued up enough to buy an IPv6 capable router (most still don't, even the ones that are labelled "ipv6 ready", which actually means "no IPv6 support at all but we might issue a firmware upgrade at some point in the future if we can be arsed, which we probably can't)

Given all of these factors, the chances of the clueless masses getting IPv6 connectivity are extremely slim.

Things are quite bad with the ISP-side adoption - PlusNet seem to have decided not to roll out IPv6 at all (they pulled the plug on all the v6 trials, announced CGNAT and don't seem to have made any comment about IPv6 since). Virgin Media are going to roll out IPv6 in 2012! (yes, that didn't happen either, despite all their press about it, and like plusnet they've gone very quiet on the subject).

ISP's telling porkies is a problem too; although that's more on the corporate connections side. I had a customer looking for a new 100Mbps leased line internet connection. We advised them that purchasing anything that doesn't do IPv6 would be silly, so they asked the prospective ISPs. Eclipse said they did IPv6, so they went with them, paid quite a lot up-front to get the line laid, etc. Then it transpired that Eclipse didn't offer v6 at all - Eclipse clarified that their network is IPv6 capable but they don't offer IPv6 connections to customers (i.e. they lied in order to get the contract). 2 years later and there's still no IPv6 on that connection.

Re:But its still difficult (2)

Shavano (2541114) | about a year ago | (#43935171)

Where is the advantage to home users if they use IPv6? If you buy a router that is interoperable with IPv6, what difference does it make to you if the network provides a IPv4 or IPv6 connection to your local network?

Re:But its still difficult (1)

somersault (912633) | about a year ago | (#43935269)

All modern operating systems support IPv6, since it's a software issue rather than a hardware one. So everyone can already do IPv6 on their local network.

What we're talking about here is IPv6 for the WAN interface on your router. Pretty much nobody should need IPv6 internally right now.

Re:But its still difficult (1)

FireFury03 (653718) | about a year ago | (#43935637)

What we're talking about here is IPv6 for the WAN interface on your router. Pretty much nobody should need IPv6 internally right now.

That doesn't really make sense. Unless you're going to do some horrendous ALG on the router, you are going to need IPv6 both internally and externally in order to talk to IPv6 services - running IPv6 on the router's WAN interface but only IPv4 internally isn't going to help you (also there's almost no reason not to run IPv6 internally anyway)

Re:But its still difficult (1)

Bill, Shooter of Bul (629286) | about a year ago | (#43935525)

Its marginal, to be sure, right now. There *can* be some websites that are IPv6 only that you won't be able to access if you only have ipv4. As far as I know there aren't any that are worth while visiting. Also, If large websites support IPv6 in addition to v4, if on eis down you should be able to access the other if they are on different servers. So you might have more uptime?

There are other things that Ipv6 is good at that probably wouldn't matter to most home users. Like having mutliple machines externally accessible on the same port.

Re:But its still difficult (1)

FireFury03 (653718) | about a year ago | (#43935583)

Where is the advantage to home users if they use IPv6?

Well, this is the problem. For the majority of home users there is very little advantage _at the moment_, so even if they know enough to shop around for a v6 connection they probably won't bother. And the vast majority of users don't know the first thing about how the internet works, so wouldn't know to shop around for a v6 connection anyway.

Its basically a chicken & egg problem: The people who are going to have problems with the IPv4 address shortage are the server operators, who would want to roll out IPv6-only services. However, the server operators aren't going to be able to roll out v6-only services while the consumers don't have v6 connections. Similarly, until there are v6-only services there's little reason for end users to go to the effort of implementing ipv6 on their own networks.

So the only way this problem is really going to get solved is for IPv6 connections to be rolled out relatively transparently for the users. This is all doable - the ISP can implement IPv6 on their networks so the users don't have to know to shop around for an ISP that does v6; the ISPs can start shipping out v6-capable routers to their new customers instead of continuing to ship IPv4-only routers. Unfortunately, it seems a lot of the ISPs are also not interested in investing in their infrastructure (they cite the face that their users aren't actively asking for it, which of course they aren't). My personal preference is to avoid ISPs that aren't implementing IPv6 infrastructure, because it seems incredibly short-sighted, but of course most people won't know anything about this.

For a very restricted subset of users, IPv6 will be useful - it allows devices inside the network to be directly addressed from outside the network, which is certainly useful. But as mentioned, this is a very small number of users.

Advantages of IPv6 (1)

unixisc (2429386) | about a year ago | (#43935817)

To home users, it provides a whole host of IP addresses that can be used to enhance their security. For instance, if someone sets up a DHCP to pool a certain set of addresses to his laptop, that would exceed anything that was available when IPv4 was not in such a shortage. For instance, one could set it up so that the laptop would pool 65,536 addresses within a certain range, while addresses outside that can be static for certain devices.

To business users, plenty, since it blows up the number of routable IP addresses available to set up a whole host of things, from IP phones to varous servers and so on. A company located in a single site with just a single /64 would have all the addresses it would ever need for every internet facing service that it uses.

If you buy a router that supports IPv6, it is a waste if the network provides a NATed IPv4 connection. But if they provide a dual stack connection, you can through that link have every internet device that you own connected directly to the internet.

Re:But its still difficult (1)

AmiMoJo (196126) | about a year ago | (#43934989)

I use a VPN service (Mullvad) to block spying (it's just too creepy) and censorship. Mullvad has some IPv6 support but it is still beta.

Re:But its still difficult (1)

Alain Williams (2972) | about a year ago | (#43935111)

I changed ISP a couple of years ago because of that. Going IPv6 at home was not hard but needed some work and some duplication (firewall, DHCP range, ...). Hosted servers that I look after have had IPv6 addresses for several years.

Re:But its still difficult (0)

Anonymous Coward | about a year ago | (#43935841)

But its still difficult to get an ipv6 home connection in many areas.

Saying that it's "difficult" is misleading. In reality, it's simply non-existent.

And it's not "many areas" -- it's a vast, vast majority of areas.

There is no need to understate the severity of the problem. At 1% adoption after 12 years, it's clear that ipv6 is a non-starter. Maybe that will begin to change once ipv4 address start costing USD$50 per month to rent -- but as of right now, ipv6 is simply a non-starter.

Re:But its still difficult (0)

Anonymous Coward | about a year ago | (#43935973)

We have manage stage 1: it is finally possible to run a PC with IPv6 enabled without constantly running into connectivity issues and misconfigured webservers. So dual-stack clients are feasible, but not of much use. Well, you get individual IPv6 addresses...

That means we can progress with stage 2: deploy dual stack web-servers. This has some use - it allows unique client IPv6 addresses, some of the advanced features of IPv6 etc. But the pressure is about to go up with ...

Stage 3: IPv6-only clients become popular. In some countries this is already happening. A good compatibility solution would held, and NAT64 may just be what is needed to make this more feasible. Advantage: no IPv4 required.

Stage 4: IPv4 becomes legacy technology.

Re:But its still difficult (1)

datavirtue (1104259) | about a year ago | (#43936381)

Everyone is waiting on everyone else to force them to change to IPv6. I think it could be used a security tool, but none of our "security conscious" idiot admins will admit it because they are really just ignorant of IPv6 and treat as some type of alternate configuration. I've seen way more labor put into disabling IPv6 than anything else. Kind of stupid and frustrating.

I always thought... (1)

SpasticWeasel (897004) | about a year ago | (#43934649)

that it was back and to the left.

Re:I always thought... (0)

Big Hairy Ian (1155547) | about a year ago | (#43934753)

But what do we do in 20 years when the IPv6 address space starts to run out? Think I'm kidding? I can remember when people thought they'd never fill a 20mb because it was so huge!

Re:I always thought... (4, Interesting)

Alioth (221270) | about a year ago | (#43934847)

IPv6 space won't run out in 20 years. "Well", you say, "It's inefficiently doled out - each user gets a /64 under how it's supposed to work even if their network has just one device!"

However, the amount of /64 prefixes theoretically available is 2^32 (4 billion) times larger than the address space of the *entire* IPv4 address space. Four billion times larger. Even if only 48 bits of those were usable for whatever reason, that would still be 65536 times larger than the *entire global IPv4 space*. However, there's more than 48 bits usable.

Re:I always thought... (3, Insightful)

Alioth (221270) | about a year ago | (#43934891)

Oops 2^64 times larger than the entire IPv4 address space. That'll teach me to preview....

Incidentally, there are enough /48s that you can give every man, woman and child on the planet over 4000 /48 allocations each before IANA even has to think about releasing some of the currently undefined address space.

Re:I always thought... (1)

zevans (101778) | about a year ago | (#43936037)

Meanwhile, I believe IPv5 was abandoned due to a design fault in the hull.

Re:I always thought... (1)

unixisc (2429386) | about a year ago | (#43936123)

However, with IPv6, every virtual machine can have its own routable address, and direct access to the internet. Now, that is not strictly a function of physical entities, although the system configurations of servers would limit the number of virtual machines running at any time. However, I do see space constraint issues appear as IPv6 tries to simplify routing by assigning more space to the routing and less to the subnets. That's where a time could come where they'd want the entire top half of the address, and have the subnet address come out of what's currently the interface ID. So that instead of 48:16:64, you could have 64:16:48 or something like that. Also, autoconfiguration doesn't have to be tied to other identifying parameters, like Ethernet Mac addresses & so on.

Re:I always thought... (1)

Anonymous Coward | about a year ago | (#43934849)

No. Just no.

http://itsnobody.wordpress.com/2012/02/17/how-many-addresses-can-ipv6-hold/

Re:I always thought... (5, Informative)

Dins (2538550) | about a year ago | (#43934897)

But what do we do in 20 years when the IPv6 address space starts to run out? Think I'm kidding? I can remember when people thought they'd never fill a 20mb because it was so huge!

There are enough IPv6 addresses available to give each and every of the 7+ Billion humans alive today 4.6 x 10^28 addresses

Or as someone else put it, The earth's surface area is about 510 trillion square meters. If a typical computer has a footprint of about a tenth of a square meter, and we stacked computers 10 billion high blanketing the entire surface of the earth, that would use up one trillionth of the address space.

I seriously doubt we're in danger of running out in the next millennium or two.

Re:I always thought... (1)

Dins (2538550) | about a year ago | (#43934949)

Also: Clever troll is clever.

Re:I always thought... (2)

complete loony (663508) | about a year ago | (#43935369)

I prefer this [tcpipguide.com] visualisation;

I wanted to make a cool graphic to show the relative sizes of the IPv4 and IPv6 address spaces. You know, where I’d show the IPv6 address space as a big box and the IPv4 address space as a tiny one. The problem is that the IPv6 address space is so much larger than the IPv4 space that there is no way to show it to scale! To make this diagram to scale, imagine the IPv4 address space is the 1.6-inch square above. In that case, the IPv6 address space would be represented by a square the size of the solar system.

Re:I always thought... (0)

Anonymous Coward | about a year ago | (#43934985)

Isn't it obvious? IPv8!!!

Re:I always thought... (1)

Bengie (1121981) | about a year ago | (#43935459)

If we consumed 1,000,000 /64s per second, it would take about 585,000 years to deplete IPv6. That is 1.8447x10^25 ip address per second for 580 millennia.

Re:I always thought... (1)

compro01 (777531) | about a year ago | (#43936083)

https://xkcd.com/865/ [xkcd.com] offers a handy visualization of how big the IPv6 address space is.

Did they observe... (1)

unixisc (2429386) | about a year ago | (#43936133)

....IPv6 day this year as well? What did they do different from the last 2 years, if anything?

I feel like this is HDTV all over again (1)

Anonymous Coward | about a year ago | (#43934663)

Remember in 1992 when they told us that HDTV would be the standard in like 3 years, then in 1995 they said it was 5 years away. The biggest issue is that there aren't easy migration options, and there aren't, yet, many compelling reasons to switch to v6.

Yea the ability to address every molecule on the planet is nice, but I don't have internet for them right now. At best, right now, in my house, I have about a dozen ip addressable things. Only one do I trust with a publicly addressable ip, and that's my router. As we've seen the shitty security practices of the past two decades with security primarily through obscurity, we have reached a point where it would look something like Die Hard 4 if you placed all things on the internet with publicly addressable ips. No thank you.

Re:I feel like this is HDTV all over again (2)

fearlezz (594718) | about a year ago | (#43935095)

Publicly addressable does not always mean "reachable". Most routers will probably have a firewall by default to filter incoming connections.

Only 17 years after its official release (0)

Anonymous Coward | about a year ago | (#43934697)

IPv6 is ready for hockey stick growth, as Phil Roberts (ex-Surface RT marketing manager?) points out.

Re:Only 17 years after its official release (1)

Chrisq (894406) | about a year ago | (#43934759)

IPv6 is ready for hockey stick growth, as Phil Roberts (ex-Surface RT marketing manager?) points out.

What, you mean there is a correlation between global warming and ipV6 take-up?

In soviet Cuba (0)

Anonymous Coward | about a year ago | (#43934721)

paquets arrive before they are sent.

Or at least IPv6 packets have a latency respect IPv4 of -20.

http://www.google.com/ipv6/statistics.html#tab=per-country-ipv6-adoption

Re:In soviet Cuba (1)

petermgreen (876956) | about a year ago | (#43935483)

IS that "latency impact" comparing v4 and v6 connections from the same user (and ignoring users who only used one type of connection) or is it comparing all v6 packets to all v4 packets.

In the latter case it could just be that those on bad connections are more likely to lack IPv6 support.

What groundswell? (5, Interesting)

Antique Geekmeister (740220) | about a year ago | (#43934729)

Not a single business partner, client, or home user that I've dealt with for the last 3 year has an active IPv6 DNS registration. _None_.

The critical factor for IPv4 exhaustion was the lack of "/24" addres spaces for businesses and buildings. This has been impressively ameliorated by the use of NAT, which shares numerous intenral and protected IP addresses behind a single or pair of public addresses and should be the _default_ configuraiton in most businesses and organizaitons, simply to reduce the constant external vulnerability scanning of any host directly connected to the Internet.

The growth of high capacity load balancers for web servers and other network services has also helped tremendously, allowing a wide set of behind the scenes hosts to be serviced by a single exposed device and reducing the IPv4 footprint of these services. Also, people have learned how to economize in the ir IPv4 use: They _do no tneed_ a different IP address for their email server, their FTP server, their web server, their phone server, their chat server, and their IRC server. The services are being easily funneled through a single exposed router or firewall, far more efficiently than before.

The result has been that the great need for IPv6 simply has not yet occurred, and is unlikely to occur for another 10 years. The foundation of the need for IPv6 is basically that of ubiquitous comuputing: the idea that every single device scattered around the home or around the workplace will have its own IP address for remote communications, and they _should not have_ public IP addresses. Providing public, routable IP addresses puts them at risk of attack at all times: putting them in the unroutable, easily tracked and maintained IPv4 address space handles almost all internal network needs quie effectively and is a signigicant security advantage and eases scanning and tracking of local resources.

Re:What groundswell? (4, Informative)

Alioth (221270) | about a year ago | (#43934813)

That's tremendously short sighted. Should we wait until IPv4 exhaustion is actually causing us lots of problems, or should we get things ready in advance, and make an orderly transition and avoid the problems (arguably the problems started already with all the issues NAT brings when you want to actually establish end to end connections - especially when you discover the guys at the far end happened to use exactly the same RFC1918 netblocks as you did and now someone has to renumber their internal network. We avoided that one by the skin of our teeth - we have a Very Expensive Piece Of Machinery that gets remote support from Siemens who made it. The netblocks they use for their internal networks are the same as ours - it was just blind luck our network addressing didn't end up overlapping, and their network was an adjacent /24 of RFC1918 space to one of our internal networks!)

Re:What groundswell? (1)

AmiMoJo (196126) | about a year ago | (#43935995)

Should we wait until IPv4 exhaustion is actually causing us lots of problems, or should we get things ready in advance, and make an orderly transition and avoid the problems

Yes, we should. Unfortunately I will have to pay a lot extra to get a broadband connection that supports IPv6 so I'm in no hurry.

Re:What groundswell? (1)

Anonymous Coward | about a year ago | (#43934929)

Providing public, routable IP addresses puts them at risk of attack at all times: putting them in the unroutable, easily tracked and maintained IPv4 address space handles almost all internal network needs quie effectively and is a signigicant security advantage and eases scanning and tracking of local resources.

I see little difference between sensible defaults on a stateful firewall with ipv6 and NAT on ipv4. There are arguments for using the same address space for all branches (as you are making) but there are also arguments against, for instance potential renumbering or complex NAT schemes when organizations merge.

The 'scanning and tracking of local resources' statement is interesting, but i would argue that there are far better ways of handling device management than by IP address alone.

Security through Obscurity is a fallacy, and NAT should not be viewed as better than a stateful firewall for security.
http://en.wikipedia.org/wiki/Security_through_obscurity

I'm a little bit biased toward ipv6 though.

Re:What groundswell? (0)

Anonymous Coward | about a year ago | (#43935245)

Security through Obscurity is a fallacy, and NAT should not be viewed as better than a stateful firewall for security.

Let's retire this tired old idiom, shall we? Security through obscurity is a very VALID layer in the many layers needed for secure systems.

The fact that there is a brain dead simply, always on, one way "check valve" at the perimeter of the network that prevents outsiders from reaching an internal host is a highly effective security measure. Its reliability, strength and security has been irrefutably proven over the past decade or more and I'm sick of bandwagon twats regurgitating some old fallacious Schnierism as immutable fact.

NAT has proven to be a great benefit! The fact that it breaks crappy applications and protocols doesn't make it any less effective or beneficial.

Re:What groundswell? (1)

fearlezz (594718) | about a year ago | (#43935659)

NAT has proven to be a great benefit!

Indeed, it has. It even kept some attackers out.
Then came UPnP.

Perhaps it is because ipv6 is buggy? (-1)

Anonymous Coward | about a year ago | (#43934941)

There are a number of reasons why dealing with the IPv4 address space is preferable to IPv6: Bugs in the IP stack mean that we will have yet another 5-10 years of land, teardrop, ping-of-death, and other attacks. IPv6 has zero crypto support, so things in upper layers have to bolt it on somehow. IPv6 also exposes your entire intranet to anyone who wants to look at your address space for vulnerable machines. NAT sucks, but it does a good job at keeping what is private, private, assuming a good SPI firewall.

Most businesses don't want to get hacked, nor have everything visible and reachable for anyone who wants to attack their internal networks.

At best, IPv6 is an edge protocol.

Re:Perhaps it is because ipv6 is buggy? (1)

unixisc (2429386) | about a year ago | (#43935999)

How would IPv6 expose one's intranet? Just like you have local addresses in IPv4, you have link-local addresses as well as site-unique addresses in IPv6 that achieve the same thing. And just b'cos every node has a public IPv6 address does not imply that it has to be accessable - it'll still be behind a firewall. Also, if one doesn't want a certain computer to access the external internet, one can simply not assign it any routable IPv6 address, but just assign it the link-local address and be done with it.

Also, scanning that /64 address space would take forever, but even without that, a good DHCP set-up would enable the user to have a pool of any number of dynamic addresses within the /64 space, and keep changing it at regular intervals (say 1 hour) making it practically impossible to breach.

Re:What groundswell? (2)

divisionbyzero (300681) | about a year ago | (#43934961)

Not a single business partner, client, or home user that I've dealt with for the last 3 year has an active IPv6 DNS registration. _None_.

The critical factor for IPv4 exhaustion was the lack of "/24" addres spaces for businesses and buildings. This has been impressively ameliorated by the use of NAT, which shares numerous intenral and protected IP addresses behind a single or pair of public addresses and should be the _default_ configuraiton in most businesses and organizaitons, simply to reduce the constant external vulnerability scanning of any host directly connected to the Internet.

The growth of high capacity load balancers for web servers and other network services has also helped tremendously, allowing a wide set of behind the scenes hosts to be serviced by a single exposed device and reducing the IPv4 footprint of these services. Also, people have learned how to economize in the ir IPv4 use: They _do no tneed_ a different IP address for their email server, their FTP server, their web server, their phone server, their chat server, and their IRC server. The services are being easily funneled through a single exposed router or firewall, far more efficiently than before.

The result has been that the great need for IPv6 simply has not yet occurred, and is unlikely to occur for another 10 years. The foundation of the need for IPv6 is basically that of ubiquitous comuputing: the idea that every single device scattered around the home or around the workplace will have its own IP address for remote communications, and they _should not have_ public IP addresses. Providing public, routable IP addresses puts them at risk of attack at all times: putting them in the unroutable, easily tracked and maintained IPv4 address space handles almost all internal network needs quie effectively and is a signigicant security advantage and eases scanning and tracking of local resources.

Um, yeah, creating a single bottleneck and point of attack to the internet seems like a great idea... It's not that your ideas don't have merit (although you do over state and misstate some of them) but that they only address the needs of a certain set of users. NAT is not an unmitigated good. NAT has significant shortcomings.

Re:What groundswell? (1)

Antique Geekmeister (740220) | about a year ago | (#43935027)

I wasn't going to get into this, but the single bottleneck is why you deploy them in high availability failover pairs, or multi-hosted sites for international high availability environments. IPv6 doesn't really help this problem in any way: you still need some kind of a router to protect your publicly exposed services, unless you're interested in maintaining local routers for _every single exposed environment_.

The support benefits, and corporate political benefits, of having a chokepoint for all Internat services is profound and extremely helpful to large environment management.

Re:What groundswell? (4, Interesting)

dbIII (701233) | about a year ago | (#43934963)

This myth again - you should know better. Nobody is suggesting removing the firewalls that can prevent the constant external vulnerability scanning of any host directly connected to the Internet. They can do it quite well without the utter pain in the neck that is NAT. Yes, NAT saves newbies arses, but so now does the default configuration of even cheap and nasty ADSL routers so taking it away probably will make zero difference.

They _do no tneed_ a different IP address for their email server, their FTP server, their web server, their phone server, their chat server, and their IRC server.

Are you seriously making such a suggestion in 2013 when we are knee deep in virtual machines or are you joking? It doesn't take much complexity before you end up wanting to have two separate things running the same service and then you've got to do some arcane mucking about with non-standard ports and port forwarding if you've only got one real IP address. You've also got to be sure that the ports you've chosen are not being blocked at the other end and that can very seriously limit your choices, to the point where people connecting through mobile/cell networks have to be allowed all the way in to an almost unprotected network by VPN since you have run out of ports the telco allows. In such a case NAT becomes the security risk instead of the security solution you are trying to convince the gullible it is.

The services are being easily funneled through a single exposed router or firewall

Nobody is suggesting changing that. You still get all that filtering only without the constriction of NAT.

Re:What groundswell? (1)

Antique Geekmeister (740220) | about a year ago | (#43935165)

> Yes, NAT saves newbies arses

Yes, it really does. Many of the groups I work with are staffed by newbies, even in their IT departments. Maintaining Internet exposed firewalls is as fragile, and dangerous, as handling electrical power directly off the power grid before it's been stepped down to 120 Volt. Errors are very common, and profoundly dangerous. It should be avoided by anyone who doesn't absolutely need it

> Are you seriously making such a suggestion in 2013 when we are knee deep in virtual machines or are you joking? It doesn't take much complexity before you end up wanting to have two separate things running the same service and then you've got to do some arcane mucking about with non-standard ports and port forwarding if you've only got one real IP address.

No, I'm suggesting that in 2013 we have load balancers and proxies that do an excellent job of distributing exposed services to arbitrary numbers of internal hosts. The hosts generally have no need, or excuse, to be exposed directly to the Internet. Therefore they do not need a routable IP address. There are a few services, such as SMTP, that deal well with multiple available public IP addresses. And there are some web services that deal very well with multi-homed IP addresses in multiple physical locations. Google is an excellent example of that.

But none of those services require anything approaching the number of exposed IP addresses as the number of back end hosts, easily managed with even the simplest of load balancers or proxies. And those, coupled with the effective use of NAT to conceal internal IPv4 addresses, have effectively pushed back the requirement for IPv6 by years. It's only when the need for 24x7 externally exposed unique addresses approaches 2^32 that we'll actually need IPv6, and we've simply not hit that threshold yet.

Re:What groundswell? (0)

Anonymous Coward | about a year ago | (#43935527)

> Yes, NAT saves newbies arses

Yes, it really does. Many of the groups I work with are staffed by newbies, even in their IT departments. Maintaining Internet exposed firewalls is as fragile, and dangerous, as handling electrical power directly off the power grid before it's been stepped down to 120 Volt. Errors are very common, and profoundly dangerous. It should be avoided by anyone who doesn't absolutely need it

That's better solved by making good default installation for gateways. NATs are very bad for Internet infrastructure. It can make p2p connection really expensive or impossible. It imposes a server-client architecture which is really suboptimal in many situations. Meanwhile, I don't think NAT helps the newbie to run a secure network anyway. Bad configured workstations and servers are the weak link in any network, NAT does not protected against it. NAT makes it even easier for one compromised node to attack the rest of the network. Once you're inside a private network it's really easy to figure out the IPs of the other machines in the network through simple scanning.

It may be late but please try to wake up a bit (0)

dbIII (701233) | about a year ago | (#43936077)

No, I'm suggesting that in 2013 we have load balancers and proxies

You've completely and utterly missed a very simple point and missed those words "two separate things" - the word "separate" indicates things that are supposed to be apart and not dealt with by load balancers or proxies. It usually means different people wanting to do different things instead of running it all on one box - hence knee deep in virtual machines or some other way to keep other people's stuff from getting in their way.

It's not hard, but it appears that for some reason you are currently not in a state to grasp the topic and are instead spewing misleading drivel that's going to fool some newbies into thinking it has value. Giving some rambling lecture about apache and sendmail virtual hosts that only the absolute newbies are unaware of is just wasting space and showing you didn't bother to read and understand my reply.

Re:What groundswell? (1)

unixisc (2429386) | about a year ago | (#43936251)

No, I'm suggesting that in 2013 we have load balancers and proxies that do an excellent job of distributing exposed services to arbitrary numbers of internal hosts. The hosts generally have no need, or excuse, to be exposed directly to the Internet. Therefore they do not need a routable IP address. There are a few services, such as SMTP, that deal well with multiple available public IP addresses. And there are some web services that deal very well with multi-homed IP addresses in multiple physical locations. Google is an excellent example of that.

But that is precisely what IPv4 is running out of - having multiple available public IP addresses. Even for NAT, when they do Port Address Translation, they prefer to have more than 1 public address for the purpose, especially for load balancing. This is the very thing that IPv6 addresses so well that the need to have NAT disappears.

Also, it is a good idea to have separate routable IP addresses for different virtual machines, as well as for imap servers, smtp servers, ftp servers, web servers, irc servers and so on. In fact, virtual web hosting, while still possible, is no longer needed, since each virtual website can now have completely different addresses, and as a result, get separated more easily as available resources grow. The scope is unlimited.

Re:What groundswell? (0)

Anonymous Coward | about a year ago | (#43936183)

They can do it quite well without the utter pain in the neck that is NAT.

I have always found NAT to be quick and easy to use.

If NAT causes problems for you, then don't use it. But there is no need to denigrate a solution that works very well for some people.

Re:What groundswell? (1)

Botchomorales (2944795) | about a year ago | (#43935041)

NAT does not significantly increase security, the firewall on the device that is performing the NAT does. I think these concepts are often conflated and NAT gets the credit for the firewall's work. If there is no pair in the NAT table, then yes traffic will not be forwarded. Traffic will not be forwarded if a sanely configured border device is performing SPI with internal public addresses, so the point is moot. Unfortunately, direct attacks are not the vector for most attackers when considering a private scenario anyway; nor would it be even if the vast majority of users had "public" IPs. Private users going to the bad guys through the web is far too awesome. I am pretty sure NAT was intended to be a stopgap measure while a better solution (IPv6) underwent the engineering effort. It just has had a side effect of prolonging adoption and complicating network administration unnecessarily since it was pretty effective.

Re:What groundswell? (1)

Bengie (1121981) | about a year ago | (#43935849)

NAT does not significantly increase security

^^

Paint on a tank, it makes the tank more resistant to attack. Think of all of the energy dissipated when the paint flakes off from a rocket hitting the armor!

NAT = Paint
Firewall = Armor

home router firmware sucks (1)

yoghurt (2090) | about a year ago | (#43936179)

In theory, you are correct. In practice, the home router firmware is a lousy piece of work and is seldom, if ever, updated. A bug in the NAT implementation will usually cause things to to not connect. These bugs are obvious and get fixed. A bug in the stateful firewall can easily leave it open. The bug is not as obvious. It will never get fixed.

Re:What groundswell? (2)

FireFury03 (653718) | about a year ago | (#43935227)

This has been impressively ameliorated by the use of NAT, which shares numerous intenral and protected IP addresses behind a single or pair of public addresses and should be the _default_ configuraiton in most businesses and organizaitons, simply to reduce the constant external vulnerability scanning of any host directly connected to the Internet.

A simple stateful firewall will mitegate the dangers of scanners just as well as a NAT. In fact, the extensive address-space in IPv6 actually makes scanning much less effective since the vast majority of the addresses a scanner is going to try aren't even in use.

The growth of high capacity load balancers for web servers and other network services has also helped tremendously

And the growth of virtualisation has done the exact opposite.

The result has been that the great need for IPv6 simply has not yet occurred, and is unlikely to occur for another 10 years.

The great need on the consumer end has indeed not yet occurred, and probably won't for some time. On the ISP side too, most of the ISPs still have plenty of IPv4 addresses to go around, and can start reclaiming them off internal systems when they start feeling the pinch.

On the datacentre side, things are a bit different though. The people who are going to feel the pinch are the people operating the servers - that is where running out of IP addresses is going to be a real problem that won't be solvable with NAT (in some cases you'll be able to use an ALG to reduce problems, in other cases you won't).

On the consumer side, going forward the requirement for IPv6 will be twofold:
1. Accessing services that are IPv6-only. This *will* happen simply by virtue of the server operators not having enough v4 addresses. We'll probably see "reduced services" on IPv4 with extra features available for IPv6 users. This is especially true where the services are only intended to serve the local area - for example, a recent analysis of Google's data showed that over 10% of users in switzerland have IPv6 access, whilst only 0.22% in the UK do. Given a naive linear extrapolation, we might say that at some point in the future switzerland could have 99% of users with IPv6 access whilst the UK has around 2%. This would mean launching an IPv6-only service aimed at the swiss would be viable (and probably common), but would be inaccessible to most people in the UK. Splitting the internet like that would certainly be a bad thing, and people feeling increasingly cut off from useful services is what will drive both the ISPs and the end users to implement IPv6.
2. An increasing number of technologies just don't play well with NAT (and there are good reasons for this - this isn't just "short sighted designers of broken protocols"). And those technologies are becoming more popular. There is motivation there for people to eliminate the NAT problem by switching to v6.

Providing public, routable IP addresses puts them at risk of attack at all times

No; putting things on the internet with no firewall in front of them puts them at risk of attack. If you think your RFC1918 address is unroutable or that NAT is in any way protecting you, I suggest you go re-educate yourself. The *only* thing NAT does is place a requirement on people to run a stateful firewall (since that's required for NAT to work); running the firewall without NAT would give you exactly the same protection with none of the headaches that NAT causes.

Re:What groundswell? (1)

nine-times (778537) | about a year ago | (#43935287)

This has been impressively ameliorated by the use of NAT... The growth of high capacity load balancers for web servers and other network services has also helped tremendously... people have learned how to economize in the ir IPv4 use... The result has been that the great need for IPv6 simply has not yet occurred, and is unlikely to occur for another 10 years.

I'm trying to think of a good analogy here. Maybe something like this: The holes in our boat has been impressively patched with paper, and the bucket brigade has helped tremendously by emptying the water out of the inside of our boat. Because of this, the sinking of our boat has simply not yet occurred, and is unlikely to occur for another 10 days.

It's not a great analogy, but do you see what I'm saying here? You have a serious problem that could be catastrophic. So far, we've mitigated the problem and kept it closer to the level of "inconvenience" than "catastrophe". So far. That doesn't justify a blasé attitude toward the problem.

The foundation of the need for IPv6 is basically that of ubiquitous comuputing: the idea that every single device scattered around the home or around the workplace will have its own IP address for remote communications, and they _should not have_ public IP addresses. Providing public, routable IP addresses puts them at risk of attack at all times: putting them in the unroutable, easily tracked and maintained IPv4 address space handles almost all internal network needs quie effectively and is a signigicant security advantage and eases scanning and tracking of local resources.

NAT isn't a good security solution. Firewalls are. You can put up a firewall and block IPv6 traffic. No doubt, giving everything a public IP address should cause you to consider the security implications, but if you were relying on NAT to keep your devices secure, you're doing it wrong.

The definition of "derp" (0)

spectrokid (660550) | about a year ago | (#43935293)

And in every single Fucking IPV6 discussion this comes up again. Using NAT as a safety is like removing your wheels as a brake. A better solution exists; it is called a firewall. Look it up! Instead of biting the bullet and going IPV6, we are adding layer upon layer of crap and "optimisations" which are hard to maintain and hard to learn. And a billion chinese smartphones, you gonna NAT them as well? The only future of NAT is as a (very long term) transition protocol running in parallel with IPV6. I want my home PC on IPV6, and my smart-TV can then download updates over NAT. Unfortunately I can't get that here in Denmark (yet).

Re:What groundswell? (1, Flamebait)

Bengie (1121981) | about a year ago | (#43935513)

This has been impressively ameliorated by the use of NAT, which shares numerous intenral and protected IP addresses behind a single or pair of public addresses

Yet another person who doesn't understand NAT. How do these people get jobs in networking?!

Re:What groundswell? (0)

Anonymous Coward | about a year ago | (#43936043)

NAT ... should be the _default_ configuraiton in most businesses and organizaitons, simply to reduce the constant external vulnerability scanning of any host directly connected to the Internet.

Agreed.

And, for precisely that reason, NAT should be continued in ipv6 deployments as well.

I am dismayed by how many people think that ipv6 will (or should) put an end to NAT.

It's true that ipv6 will eliminate one of the reasons for using NAT, but it has no effect on NAT's role as a crucial security tool.

Re: What groundswell? (0)

Anonymous Coward | about a year ago | (#43936297)

NAT is a workaround. It violates the end to end principle and generally makes life in networking difficult.

Betteridge's Law of Headlines (3, Insightful)

Anonymous Coward | about a year ago | (#43934781)

I can't think of a better place to cite it. I mean come on, I don't even have to click through and RTFA. It's right there in the summary that no, we aren't there yet.

Pot, kettle, and all that... (0)

Anonymous Coward | about a year ago | (#43934787)

What's the AAAA record for slashdot.org?

Oh....

Long ways out (0)

Anonymous Coward | about a year ago | (#43934791)

Unfortunately, this should of happened 10 years ago, probably the only way to make this switch is a mandated date, like the US TV digital broadcast change.

IPv6: Who gives a shit? (3, Interesting)

Anonymous Coward | about a year ago | (#43934803)

The Chinese government loves IPv6 because it provides extra granularity for surveillance of their citizens. Fuck that. They can kiss my shiny metal NAT.

Re:IPv6: Who gives a shit? (1)

pe1rxq (141710) | about a year ago | (#43934851)

There is this new thingy called 'privacy extensions', is only 12 years old so you might not have heard about it yet.....

static & dynamic IPv6 addresses (1)

unixisc (2429386) | about a year ago | (#43936331)

From what I've read, privacy extensions seems to be IPv6's equivalent of dynamic addresses in IPv4. Essentially, it's one alternative to using EAU-64. But a better idea is to configure a DHCP server so that services that need static IP addresses have them, and services that need dynamic IP addresses have them as well.

It's the providers fault... (0)

Anonymous Coward | about a year ago | (#43934873)

I consider myself LATE, WAY LATE to the ipv6 game, and I've had my tunnel for a year.

Meanwhile comcast business STILL hasn't provided native ipv6 to me.

Re:It's the providers fault... (1)

ZerXes (1986108) | about a year ago | (#43935231)

actually, Comcast is offering a very good 6RD [wikipedia.org] service to its customers. 6RD is my favorite IPv6 tunneling technology as it is more or less as good as native. It gives you your own globaly routed /64 v6 prefixes from you ISPs v6-pool and if configured correctly it is as effective as native v6 would be. I work at a major ISP in Sweden and we are currently looking in to deploying 6RD to be able to deliver IPv6 to all of our customers within the near future. More about Comcasts 6RD here: http://www.comcast6.net/index.php/6rd-config [comcast6.net]

Increasing (3, Funny)

BlindRobin (768267) | about a year ago | (#43934877)

'"The good news is that almost everywhere we look, IPv6 is increasing,"
Every time we measure it the mean distance between the Earth and its moon is increasing. Wooooo Hoooooo.

Huh?! (2)

bradgoodman (964302) | about a year ago | (#43935025)

IPv6 has gone "live"? First I've heard of it! :-O

att wants to you pay for a IPv6 modem (-1, Redundant)

Joe_Dragon (2206452) | about a year ago | (#43935031)

att wants to you pay for a IPv6 modem

Re:att wants to you pay for a IPv6 modem (0)

Anonymous Coward | about a year ago | (#43935265)

att wants to you pay for a IPv6 modem

screw that, I'm not paying a 50% premium when my old IPv4 kit just works.

There may be nigh infinite addresses (0)

Anonymous Coward | about a year ago | (#43935051)

Call me crazy but I still want NAT with IPv6.

Re:There may be nigh infinite addresses (1)

bn-7bc (909819) | about a year ago | (#43935241)

Well why dou you want nat in ipv6 what is the use case for you?

IPv6 is Fail (0)

Anonymous Coward | about a year ago | (#43935145)

Well, maybe that's a bit dramatic. How about: IPv6 day is a failure.

It will be a long few years of slow IPv6 roll outs. It will likely be a decade or more of dual stack IPv4 and 6 and then IPv4 will SLOWLY fade away.

1.27% is not bad. it is exponential growth (0)

Anonymous Coward | about a year ago | (#43935191)

It seems to double every year. At this rate Google will have 10% ip6 traffic in 3 years and 40% in 5 years.

Re:1.27% is not bad. it is exponential growth (1)

Bengie (1121981) | about a year ago | (#43935981)

10% is the tipping point when a new technology "explodes" is use. So by year 4/5, IPv6 will be nearly everywhere.

And the root cause is... (5, Insightful)

stove (38601) | about a year ago | (#43935247)

Me: "Hello, big boss! I'd like to go to IPv6 soon!"

BB: "What will that take?"

Me: "Oh, probably a couple of months worth of completely dedicated work from your best network folks. If you don't exclusively task them, could take a year."

BB: "Sounds complex. Is it risky?"

Me: "Absolutely! We could totally drop off the internet or lose internal connectivity for quite a while if we mess it up."

BB: "What, exactly, am I getting from this expensive and risky thing?"

Me: "More or less what you have now. The features it does you don't really care about."

BB: "So it's expensive and risky and I get nothing out of it."

Me: "Yep! When can I start?"

*doorslam*

I suspect it'll take a while. (2)

applematt84 (1135009) | about a year ago | (#43935255)

IPv4 is the backbone of nearly all networked systems and applications; to expect EVERYONE to switch over to IPv6 immediately is a bit naive. It's not just the service providers (Quest, Lightbound, AT&T, Verizon, etc) that have to update their WHOLE infrastructure, but applications and operating systems have to natively support IPv6. Many home users cannot afford to upgrade their hardware and software on a whim and won't have a budget to do so for a few more years (mostly due to slow economy and unemployed consumers). I suspect it will take five to 10 years before we start seeing IPv6 make its way into mainstream services. I have a VM with Rackspace and it has a public IPv6 address, but the only service that I've found useful (or even readily available) are the primary Debian mirrors. Having worked as an IT Consultant for small businesses, a SysAdmin in the ISP vector (gaining insight from a vendor aspect) and now as a SysAdmin for a software company (consumer aspect), I have first hand experience at witnessing the readiness from two different ends of the spectrum. The insight I've gained tells me that NO ONE is ready to simply flip a switch; it's going to be a painful, multi-year migration.

Re:I suspect it'll take a while. (1)

Bengie (1121981) | about a year ago | (#43936091)

Good news, the Internet backbone has been IPv6 for over 10 years now and Cable modem and DSL hardware in the past 5-8 years have all supported IPv6 natively also.

As for "most software". Well, the most commonly used software is the web-browser, which has been IPv6 for a while now also. Most people purchase new hardware on a 5-8 year cycle and nearly all networking hardware in the past few years has been IPv6.

All 4g smartphones are IPv6, it is a requirement for 4g.

IPv6 ISPs? (0)

Anonymous Coward | about a year ago | (#43935373)

As a consumer, I'm really looking forward to the switch. But the reality is that we don't have any ISP around who provides IPv6 access as their standard service package. I want to move on, but I also don't want to pay a double/triple of what I'm paying only for a longer IP address on my router.

It's here, and it's not. (1)

ternarybit (1363339) | about a year ago | (#43935539)

I recently took an exam that covered IP6, so I was *determined* to get it working through a tunnel broker or some such means, just to say I did. I fired up test-ip6.com and...I was already on it.

My shared office had recently upgraded their modem from AT&T, which apparently supports v6 out of the box. Absolutely zero manual config on the router or client. Found out later, it's the same with Comcast where I live (northern California).

OTOH, I work at an ISP that has IP6 nowhere on its radar. I haven't raised the issue yet because I'm so new, but I have a few guesses:

  • - We still have a lot of unused v4 addresses in several public /24s. Address depletion is, well, pretty much the only major driving force behind v6.
  • - We are an education network, servicing only schools and school sites, so our number of clients are relatively few, and each client maybe only needs 2-3 public IPs (1 for NATing traffic, and maybe 1 or 2 for public-facing servers)
  • - Potential security risk (I'm not talking about the FUD that NAT=security, I'm talking about things like the v6 flood that, well, crashes any Windows box with v6 enabled[1])
  • - Huge cost to ensure that *every* device, server and router can handle v6, that all network staff are adequately trained, etc.

So, it comes down to huge cost with little to no appreciable gain (for our organization). Sure, routing gets simpler, no NAT overhead, but it's not like v4 is going to disappear overnight. Dual stack is the way it's going to be for a very, very long time. My grandkids may see widespread native v6. Maybe.

[1] http://samsclass.info/ipv6/proj/flood-router6a.htm [samsclass.info]

"everything is up and to the right" (1)

Zinho (17895) | about a year ago | (#43935703)

FTFS:

it all looks like everything is up and to the right

I'm confused, is up and left an option? I'd love it if my graphs with negative slope indicated time travel instead of a decrease over time!

Hardware limitations (2)

rcoxdav (648172) | about a year ago | (#43935731)

I have been looking at the IP v6 specs for enterprise level hardware, top of the line products from Cisco and the likes. The last I check, a few months ago, the accelerated routing on their top of the line Layer 3+ switch had about 1/2 the aggregate routing for IPv6 as it did IPv4, and older hardware is much worse.

Until the hardware ASIC's are acellarated as much for IPv6, I think businesses will lag unless they need to use IPv6 due to contract requirements (military and the likes). Why would they pay more for modern hardware that is slower than what they have to adopt IPv6 when IPv4 is satisfying their needs, even if NAT is a gimped solution. It still works, and is pretty fast.

No, ipv6 is a pipedream (-1)

Anonymous Coward | about a year ago | (#43935883)

No matter how much a few people want to force that shit solution down everyone's throats, it simply is not going to happen. Get over it and come up with something good.

IPv6 == Epic Fail (0, Troll)

Anonymous Coward | about a year ago | (#43935991)

I don't think there has ever been a computer industry failure as large as IPv6. It was actually launched twenty years ago and it's gone nowhere. Why is that? It's because the committee that designed it screwed up in the largest way possible. They decided the easiest way to fix the relatively trivial problem of address exhaustion was to create an entirely new network protocol and have the entire world switch to it.

I'm sure that someone on that committee must have had at least average intelligence. That guy must have known that the whole idea was a non-starter. What must it have been like listening to a bunch of engineers getting excited about a totally unworkable solution.

not quite there yet (4, Insightful)

ei4anb (625481) | about a year ago | (#43936229)

$ nslookup -type=AAAA google.com
Name: google.com
Address: 2a00:1450:4007:80a::1001

$ nslookup -type=AAAA slashdot.org
Name: slashdot.org
$
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...