Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How Feds are Dropping the Ball on IPv6

CmdrTaco posted more than 6 years ago | from the go-long-go-long dept.

The Internet 299

BobB-NW writes "U.S. federal agencies have six months to meet a deadline to support IPv6, an upgrade to the Internet's main communications protocol known as IPv4. But most agencies are not grabbing hold of the new technology and running with it, industry observers say. Instead, most federal CIOs are doing the bare minimum required by law to meet the IPv6 mandate, and they aren't planning to use the new network protocol for the foreseeable future."

cancel ×

299 comments

As things go ... (5, Interesting)

foobsr (693224) | more than 6 years ago | (#21725978)

Regional registry IPv4 address exhaustion in... 1442 Days, 07 Hours, 42 Minutes, 42 Seconds. ( http://penrose.uk6x.com/ [uk6x.com] )

So there is plenty time for someone to wake up, wanting it yesterday.

CC.

Re:As things go ... (1, Insightful)

rubycodez (864176) | more than 6 years ago | (#21726038)

plenty of unused space can be reclaimed from horribly overbooked holders, it's five years or more, back to sleep everyone, we don't need ip6 this decade, and people that want to play can tunnel.

Re:As things go ... (1)

cheater512 (783349) | more than 6 years ago | (#21726298)

But I want my own personal /24 block now. :(

Its bloody useful. No need to skimp on IPs with it.

Re:As things go ... (1)

Denis Lemire (27713) | more than 6 years ago | (#21726414)

At the very least, in IPv6 you'll get your own /64 prefix - the equivalent of 72,057,594,037,927,936 /24's.

Re:As things go ... (0)

Anonymous Coward | more than 6 years ago | (#21726620)

plenty of unused space can be reclaimed

Care to put a price tag on that? By now everybody probably realizes that IPv4 address space has tremendous economic value. The unused space you mention exists primarily in portable allocations, which are practically owned by the organizations/businesses who got them. They will not give them up without a fight only to see the addresses sold on the open market by someone else.

Re:As things go ... (2, Interesting)

anticypher (48312) | more than 6 years ago | (#21726646)

plenty of unused space can be reclaimed from horribly overbooked holders

The last of the freely available /8's will be allocated from IANA/ICANN to the RIRs in May 2010. It will take approximately 9-15 months for those freely available address to be allocated to end users. After that point, all new allocations will come from reclaimed space.

If all the unused/unannounced/reserved /8 blocks were to be reclaimed without any difficulties, like law suits, it would extend the allocation pool by a maximum of 23 months.

The uneducated people on /. really need to look at the numbers [potaroo.net] . There isn't decades worth of IPv4 out there, there are 2 to 3 years at which point there will be longer and longer delays to get on the old IPv4 internet.

All the RIRs changed their IPv6 policies recently, and it's growth has really taken off.

the AC

Re:As things go ... (1)

Cally (10873) | more than 6 years ago | (#21726074)

Of course, pointy-haired-bosses are going to start reading about the inevitable IPv4 address-space exhaustion in in-flight magazines a couple of years before this date (which is 2011 IIRC) and will be banging on your door demanding to know what you're going to do about it well before. You want IP6 experience on your CV a long time before that happens.

Re:As things go ... (4, Funny)

Glowing Fish (155236) | more than 6 years ago | (#21726076)

But before that happens, we are going to hit peak oil anyway, and people will be too busy killing their neighbors with their bare fingernails to steal his tree bark to eat to worry about the fact that everyone in the family's laptops, palmtops and wired household appliances can't have their own IP addresses.

Re:As things go ... (1, Troll)

Cally (10873) | more than 6 years ago | (#21726182)

I think peak oil already happened mate [tradingcharts.com] . Where've you been for the last ten years?

Re:As things go ... (1)

coolGuyZak (844482) | more than 6 years ago | (#21726398)

Could you please explain how the price of oil fully explains that we've hit peak oil? That chart doesn't differentiate between supply and demand, it only lists the price oil is selling at... and demand has increased dramatically over the past several years.

Re:As things go ... (1)

somersault (912633) | more than 6 years ago | (#21726210)

Meh, hide all your household appliances behind a gateway!! *shakes fist* And keep your hands off my trees you long fingernailed hippy! You can chew on these damned polar bears that keep migrating here to get away from all that global warming, since it's so frackin freezing here right now..

Re:As things go ... (0)

Anonymous Coward | more than 6 years ago | (#21726434)

I don't think attackong a polar bear with just bare fingernails is going to work too well (except for the polar bear that is.)

Re:As things go ... (1)

somersault (912633) | more than 6 years ago | (#21726556)

That's why god invented shotguns, son. Or was it Abraham Lincoln? Meh, I can't remember.

End of the internet... (3, Funny)

Howitzer86 (964585) | more than 6 years ago | (#21726162)

So 2012 then?

Re:End of the internet... (1)

joeytmann (664434) | more than 6 years ago | (#21726382)

Or maybe End of days? http://en.wikipedia.org/wiki/End_times#Maya [wikipedia.org]

Re:End of the internet... (1)

Howitzer86 (964585) | more than 6 years ago | (#21726632)

Unless you're suggesting that the Earth will in fact stop spinning... no.

Re:As things go ... (0)

Anonymous Coward | more than 6 years ago | (#21726166)

So there is plenty time for someone to wake up, wanting it yesterday.
Indeed, there are plenty of IP addresses avail... NO CARRIER

Re:As things go ... (2, Insightful)

Tony Hoyle (11698) | more than 6 years ago | (#21726494)

The problem with that site is it's counting down... in the last few years more address space has been released than claimed, so it should be static or counting up.

ipv6 has been needed 'real soon now' for 20 years. Yes we'll need it eventually, but it's so far from commercial deployment that it's just not an option - most infrastructure simply doesn't support it (in fact trying to run ipv6 over active directory will utterly screw it up because of the conflict between xp supporting ipv6 ad clients and 2003 not supporting them.. everything runs horrendously slow or breaks).

I don't blame anyone for avoiding IPv6, (5, Insightful)

yagu (721525) | more than 6 years ago | (#21725992)

I don't blame anyone, even government in this case, for avoiding the hassle of getting everything converted to IPv6. Maybe eventually we all will have to be there, but there always seems to be workarounds that work for everyone, minimal hassle, minimal pain.

If you wanted a Starbucks coffee, and it was one street down, and someone told you you had to go through the in-between building, climb up and down its twenty flights of stairs just to get to the next street for you coffee, and you knew you could just walk around the building on the sidewalk, what would you do? Now, if the building were only two stories high, and the block to walk around were 600 ft each side, it might be a different choice.

An interesting aside, meeting the mandate only requires they are IPv6 capable, not running it. This is the same height bar the government set for Microsoft in the early nineties when Microsoft delivered the DOA POSIX-compliant (never to be really used) NT. NT, with its barely implemented POSIX subsystem (only implemented the library portion, btw, not the user interface) got to put a check in the POSIX checkbox for government contracts.

Lesson to be learned? If you want to make an effective mandate, make it a mandate for implementation, not capability.

The government:

  • couldn't do metric
  • couldn't do POSIX
  • isn't doing IPv6

Re:I don't blame anyone for avoiding IPv6, (0, Offtopic)

cthulu_mt (1124113) | more than 6 years ago | (#21726036)

And people expect them to make Federalized Healthcare work. I guess its all about what agendas you push.

Good points though yagu.

Re:I don't blame anyone for avoiding IPv6, (0, Offtopic)

Leftist Troll (825839) | more than 6 years ago | (#21726170)

And people expect them to make Federalized Healthcare work. I guess its all about what agendas you push.

National Healthcare does work. Ever wonder why the US has a lower life expectancy than the UK, France, or even Cuba?

Re:I don't blame anyone for avoiding IPv6, (-1, Flamebait)

plague3106 (71849) | more than 6 years ago | (#21726314)

Ever wonder why the US has a lower life expectancy than the UK, France, or even Cuba?

Because Americans are so lazy and just want to keep shoving donuts down their throats that they diet from obesity releated diseases? Just a hunch.

Re:I don't blame anyone for avoiding IPv6, (-1, Flamebait)

Leftist Troll (825839) | more than 6 years ago | (#21726374)

Ever been to the UK? They don't exactly eat healthy [wikipedia.org] there either.

Re:I don't blame anyone for avoiding IPv6, (1)

plague3106 (71849) | more than 6 years ago | (#21726488)

Ever been to the US? When > 75% of your population is obese, you have a problem.

Re:I don't blame anyone for avoiding IPv6, (1)

Tony Hoyle (11698) | more than 6 years ago | (#21726726)

Part of the national healthcare budget goes on educating the population so that you don't have 75% obesity.. when you have a system designed so that it's in the interests of the medical profession that the population is unhealthy (as they pay more money) then that's what you get.

Re:I don't blame anyone for avoiding IPv6, (0)

Anonymous Coward | more than 6 years ago | (#21726582)

a decently made Chip [french fry] sandwich isn't actually particularly unhealthy compared to the industrial waste americans seem to mistake for food. Sure, it's basically a block of carbohydrate and a little fat (properly cooked chips aren't all that fatty), but it's not the same order of unhealthiness as a "twinkie" (which in the UK, beware means flamboyant homosexual, I'm talking about the american sponge-like-substance filled with cream-like-substance that would survive a nuclear blast) washed down with an american high-fructose corn syrup "coke".

Re:I don't blame anyone for avoiding IPv6, (0)

Anonymous Coward | more than 6 years ago | (#21726344)

High homicide rate?

Re:I don't blame anyone for avoiding IPv6, (1)

CastrTroy (595695) | more than 6 years ago | (#21726578)

Oh, I know. Is it because they send so many young people to die in wars that they shouldn't be involved in in the first place?

Re:I don't blame anyone for avoiding IPv6, (0, Troll)

ColdWetDog (752185) | more than 6 years ago | (#21726624)

Ever wonder why the US has a lower life expectancy than the UK, France, or even Cuba?

It's George Bush's fault. Everything is. Once he's gone - poof - we're all living into the nineties. Just you watch.

What is IPv6 compliance? (4, Interesting)

Midnight Thunder (17205) | more than 6 years ago | (#21726100)

IPv6 isn't that complicated to set up, especially since most recent desktops support IPv6 out of the box, though that doesn't mean that there aren't a few hurdles, including:
    - Upgrading routers, firewalls et al to support IPv6.
    - Some application software still not being fully IPv6 ready.
    - A large number of sites still don't have IPv6 DNS addresses

I think the problem, like many government proposals is not the recommendation, but the lack of research guidelines or instructions on how to make the infrastructure IPv6 compliant or what it means to be IPv6 compliant. For example is simply having a 6to4 gateway considered IPv6 compliance.

All this said and done, has anyone here on /. actually upgraded a network to be IPv6 compliant and what can you tell us about real world experience.

Re:What is IPv6 compliance? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21726240)

Not to mention the PRO and CONS of swtiching to ipv6 [myminicity.com]

Re:What is IPv6 compliance? (1)

nschubach (922175) | more than 6 years ago | (#21726504)

If anyone has mod points, the parent is not "pros and cons of IPv6" but a link to "myminicity.com" (which should be listed as spam for all that matters...)

Re:What is IPv6 compliance? (1)

djupedal (584558) | more than 6 years ago | (#21726280)

"All this said and done, has anyone here on /. actually upgraded a network to be IPv6 compliant and what can you tell us about real world experience."

Apple uses IPv6 for Bonjour...printer sharing, etc. Been that way for some time. China & Europe have large networks in action as well.

Re:What is IPv6 compliance? (2, Insightful)

TechHawk (570290) | more than 6 years ago | (#21726318)

IPv6 isn't that complicated to set up, especially since most recent desktops support IPv6 out of the box

You're assuming that

1: They are using "recent desktops"

2: The image that they are loading onto the desktop will support IPv6

Neither of those assumptions are anything resembling a "sure bet".

I'd bet on the Dolphins beating the Patriots next weekend before I'd bet on the above.

Re:What is IPv6 compliance? (1)

TubeSteak (669689) | more than 6 years ago | (#21726330)

I think the problem, like many government proposals is not the recommendation, but the lack of research guidelines or instructions on how to make the infrastructure IPv6 compliant or what it means to be IPv6 compliant.
My guess is that there was a lack of money to make this happen.

The Mandate probably didn't come with any funding attached to it and it gives the Agencies a cheap way out... what do you think they're going to do?

Re:What is IPv6 compliance? (1)

jd (1658) | more than 6 years ago | (#21726380)

Yes, it took me a few months, running 2.4.20 and the IPv6 patches, back in 1996. Since then, the software has improved, support in applications is so much better, and many grey areas have been cleaned up. It would probably take a few days to migrate a network of reasonable size today. Maybe a week at most.

(By comparison, it took about 1.5 years for the US Navy to switch from one e-mail system to a more secure alternative, due to reliability issues, security problems and brain-dead contracting.)

Re:What is IPv6 compliance? (1)

Midnight Thunder (17205) | more than 6 years ago | (#21726508)

A question for those who know:
    - Upgrading an IPv4 CISCO network device, such as router, gateway or firewall, is this: 100% software, hardware upgrade and are does CISCO charge you for the pleasure:
    - Other than Apple Airport Extreme, are there any IPv6 ready ADSL/Cable routers?

Re:What is IPv6 compliance? (1)

Tony Hoyle (11698) | more than 6 years ago | (#21726682)

- Upgrading an IPv4 CISCO network device, such as router, gateway or firewall, is this: 100% software, hardware upgrade and are does CISCO charge you for the pleasure:


Well it depends on the device.. you'd need a recent IOS if your image doesn't support it.

Presumably you have a support contract on the device so you can download it directly.. of course there's the whole QA, Testing thing you have to do before deployment. It's not a 5 minute job.

Ciscos ipv6 firewall is actually quite passable, but you can only configure it by the command line.. no SDM weenies allowed :p

I've chosen not to be IPv6 compliant (1)

davidwr (791652) | more than 6 years ago | (#21726520)

My home network will not run IPv6 until

* I've got a firewall that blocks all unsolicited incoming IPv6 traffic except what I specifically want to get through. For IPv4 my current NAT router does this.
* I can justify spending the time and money to turn it on safely

I don't run the same externally-visible service on more than one machine at home so that NAT limitation isn't important to me.

Re:What is IPv6 compliance? (2, Interesting)

CastrTroy (595695) | more than 6 years ago | (#21726546)

You would be surprise how many applications don't support IPV6. And how hard it would be to upgrade these applications. Most organizations, government or private, are filled with tons of custom software which was developed many years ago. Many of the applications are an every day part of doing business. A large percentage of these applications probably don't even have source code available to the company, and if they do, the people who originally worked on it have long since moved on. It may just be a simple matter of upgrading a library, and hoping that nothing breaks, but even searching through the code to find the stuff that needs to be fixed would take many man hours.

Routers can be a big issue (5, Informative)

Sycraft-fu (314770) | more than 6 years ago | (#21726564)

That is the reason why we don't do IPv6 where I work (university). A lot of people think it is easier, and more importantly cheaper, than it really is because they've worked on small networks, or have been at a place that did IPv6 wrong.

What happens on a large, high speed, network is that your routers rely on hardware acceleration to be able to pass traffic as quickly as you want, while still implementing all the rules you want. What that means is there are ASICs of various kinds that can handle various kinds of traffic. On older hardware (and some newer too), these are for IPv4. So anything else has to be handled by the router's CPU, which really isn't very powerful.

So, what that means is that you can technically support IPv6 by just turning it on, but only if you are willing to do it poorly. If we enabled it on all the routers, we would effectively support IPv6 internally. Great, and initially everything would work fine. However if any significant number of people actually decided to use it, network performance issues would come up in a hurry.

To really support it we have to buy new routers that support IPv6 in hardware. This could be done, but it would be expensive. Last time it was looked at the price tag was over $5 million. As you can probably guess, the university wasn't that interested in spending money like that for what was perceived to be no gain at all.

So while in a smaller network, where there's only an edge router and it isn't very high speed, yes IPv6 can be as simple as some software updates and turning it on for all devices. However when you have a larger, higher performance, network, you often need new hardware. That's a lot of money, and it is hard to justify that being spent for no real gain.

Re:What is IPv6 compliance? (4, Interesting)

Tony Hoyle (11698) | more than 6 years ago | (#21726572)

IPv6 isn't that complicated to set up

Yes it is.

Desktops are only the start.
Your servers need it (no ipv6 AD support).
No ipv6 network printer support.
No ipv6 VOIP support.
Poor to nonexistant ipv6 router support, and of those that do most of them don't support firewalling it.
Poor to nonexistant connectivity. Try asking the average ISP for an ipv6 address and they'll just look at you funny. It's not just consumer ISPs either - this business park I'm in at the moment has *no idea* what ipv6 is and has no timescale to look at it either.

Then there's the bits and pieces.. Dies Blackberry support ipv6? I know iphone doesn't, and Symbian's implementation is broken (relies on a dhcpv6 server and even then seems to need some kind of proprietary extension to that).

Re:I don't blame anyone for avoiding IPv6, (1)

Bert64 (520050) | more than 6 years ago | (#21726110)

// If you wanted a Starbucks coffee, and it was one street down, and someone told you you had to go through the in-between building, climb up and down its twenty flights of stairs // just to get to the next street for you coffee, and you knew you could just walk around the building on the sidewalk, what would you do? Now, if the building were only two stories // high, and the block to walk around were 600 ft each side, it might be a different choice.

I don't know, what is the weather like? What's the crime rate in the area?

Blame Yourself (1)

fm6 (162816) | more than 6 years ago | (#21726396)

If you wanted a Starbucks coffee, and it was one street down, and someone told you you had to go through the in-between building, climb up and down its twenty flights of stairs just to get to the next street for you coffee, and you knew you could just walk around the building on the sidewalk, what would you do? Now, if the building were only two stories high, and the block to walk around were 600 ft each side, it might be a different choice.
Well, what if somebody told you that if you didn't start doing that there'd eventually be no coffee for anybody?

That's a contorted metaphor, but so is yours. You're not going and buy an consumer good that somebody else grows, processes, and distributes. You're part of a network of people providing IP service not just to your own users, but to everybody they connect to. In order to make that service continue to work, we have to stop kludging around obsolete technology. Yeah, it's difficult. So what?

Let's drag Starbucks back into the story. Suppose you're a Starbucks manager, and you're told that you have to make sure there's no rat droppings in the beans. Now, there might be any number of reasons this is hard to do. But it doesn't matter how difficult it is, you have to do it.

But screw Starbucks. Their beans are not particularly high quality, and they roast them too long. Even Safeway's house brand French Roast is better! Their coffee is only good for adding to sugared beverages, which I guess is most of their business. I only go there when I desperately need a caffeine fix and there's nothing else around. A classic demonstration of how good marketing and branding can move a worthless product.

Re:Blame Yourself (1)

Tony Hoyle (11698) | more than 6 years ago | (#21726626)

Well, what if somebody told you that if you didn't start doing that there'd eventually be no coffee for anybody?

I'd tell them that firsly a few rich people had hoarded all the coffee and they needed to give it back, and everyone else can just share cups until that happens. Oh and in the worst case the coffee isn't going to run out for 10 years plus anyway.

Re:Blame Yourself (1)

fm6 (162816) | more than 6 years ago | (#21726842)

There's a lot more to IPv6 than a bigger address space.

Re:I don't blame anyone for avoiding IPv6, (1)

dubl-u (51156) | more than 6 years ago | (#21726796)

I don't blame anyone, even government in this case, for avoiding the hassle of getting everything converted to IPv6.

You're right that it's all about hassle avoidance.

A pal of mine in government called me up in 1998 because some department was refusing to change a network-based app until after the IPv6 transition was complete. Not because it needed any of the IPv6 features or anything. They just claimed that since it was an IP-based app, it would be better to wait for the new protocol version to come out.

Wait, that's not even hassle avoidance. It's just work avoidance. Sigh.

I wish I were dead. (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21726018)

Dead.

Re:I wish I were dead. (1)

davidwr (791652) | more than 6 years ago | (#21726570)

#ping anonymouscoward.slashdot.org
Pinging anonymouscoward.slashdot.org [66.35.250.151] with 32 bytes of data:

No reply. I guess you got your wish.

No real drive (4, Interesting)

Marillion (33728) | more than 6 years ago | (#21726034)

I also look at the industry as a whole. I don't see any real drive, a critical mass if you will, for getting off of IPv4. My ISP doesn't offer IPv6. My company doesn't use IPv6. It's little wonder that the government is dragging it's feet.

I think AOL will be the first (1)

grahamsz (150076) | more than 6 years ago | (#21726118)

I expect some mass-market ISP will be the first to make the switch to IPv6. Most of their customers couldn't tell an IP address from a hole in the ground, so it might be the perfect testbed. Particularly if AOL could go on to sell their now free IPv4 allocations.

Re:I think AOL will be the first (2, Insightful)

Joe The Dragon (967727) | more than 6 years ago | (#21726168)

It bad idea as IPv6 kills NAT and ISP like COMCRAP will love to make you pay per system that you have on your network.

Re:I think AOL will be the first (2, Insightful)

grahamsz (150076) | more than 6 years ago | (#21726340)

Is there a technical reason why you can't do NAT over IPv6?

I can't see any reason it wouldn't work.

Re:I think AOL will be the first (1)

gclef (96311) | more than 6 years ago | (#21726600)

There is no technical reason, but there are some *very* strongly-held philosophical ones. Many of the designers of IPv6 felt that NAT is bad (approaching evil), and have steadfastly resisted anything that might resemble NAT in IPv6. Whether the market will overrule them or not remains to be seen.

Re:I think AOL will be the first (2, Interesting)

Tony Hoyle (11698) | more than 6 years ago | (#21726756)

ipv6 NAT exists. Cisco routers support it.

Re:I think AOL will be the first (1)

jd (1658) | more than 6 years ago | (#21726732)

You can. It's the underpinning of NEMO (NEtwork MObility), provided the means by which Telebit routers allowed you to make network segmentation totally invisible to the routing protocol, is fundamental to IPv4/IPv6 mapping, is key to creating private networks, and is built in to the notion of transient addressing schemes. It's one thing if people don't want to use the mechanisms that exist, but it's another to imagine that non-use is the same as non-presence. That's more than a bit unfair.

Existing $29 NAT boxes aren't upgradeable (1)

billstewart (78916) | more than 6 years ago | (#21726822)

The problem isn't that users need NAT and IPv6 doesn't support it - the problem is that the user's existing NAT box either isn't upgradeable or requires reading instructions that are too complicated for the average user, if the user even kept them around after the first installation. Also, some users have DSL/cable boxes that are routers, and aren't necessarily upgradeable, while others have bridges so they don't care.


IPv6's designers didn't expect users to need NAT - they're providing a /64 or bigger, so there's plenty of address space. But NAT boxes are really providing multiple functions - NAT, and Crude Firewalling, and sometimes DHCP. The end users are still going to need a crude firewall, and may need DHCP as well.

Re:I think AOL will be the first (1)

doctorcisco (815096) | more than 6 years ago | (#21726750)

Ummmm, no. IPv6 does not "kill NAT." NAT devices and web proxies won't be disappearing anytime soon. IPv6 potentially eliminates the need to use NAT, because adequate address space will finally be available.

Since NAT is often a very big pain in the a$$ in actual, real-world corporate networking, this is a very good thing.

doc

Re:I think AOL will be the first - nope (1)

neutrino38 (1037806) | more than 6 years ago | (#21726768)

In France, the ISP Free telecom offers the possibility [journaldunet.com] [fr] to migrate to IP V6 already.

Re:No real drive (0)

Anonymous Coward | more than 6 years ago | (#21726120)

Does your ISP give you your own IPV4 address? Do they make you pay extra for the privilege of being able to use the internet in both directions?

Re:No real drive (1)

Bert64 (520050) | more than 6 years ago | (#21726232)

Very few ISPs offer IPv6, and those that do often don't advertise it because most of the customers wouldn't even understand what it was.

The ISP i use offers native IPv6 over any connection you can get from them (dsl, dialup, leased line, colo, iptransit etc)... But getting a DSL router that actually supports v6 was a pain, i had to buy a pricey cisco in the end.

Re:No real drive (1)

jandrese (485) | more than 6 years ago | (#21726308)

Yeah, this has been the major stumbling block for me. Since my ISP does not support it why should I bother trying to switch over? Sure there are 4to6 gateways, but that requires someone else on the other end running another gateway. There are solutions for home users on the internet, but they're mostly designed for people who have static IP addresses (not your average home user). Until ISP support is such that you can flip on the IPv6 switch and have it work (a switch that is on by default in most major OSes these days I might add), then IPv6 support is of course going to be slow.

Right now for most people IPv6 support is a "you can make your network way more complicated and hard to secure for no benefit to you. Enjoy setting up tunnels!" feature. It's no surprise people are reluctant to upgrade it.

Bussiness dont want ipv6 (1)

12357bd (686909) | more than 6 years ago | (#21726062)

They are just making too much money managing the current ipv4 limitations, that's the problem.

The U.S.A. (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21726116)


has collapsed. Your criminal Congress has simply decided NOT to inform their "constituencies".

P.S. : Defend Freedom - Detain Bush [whitehouse.org] .

Cheers,
K.

A rough guide as to why... (3, Interesting)

jd (1658) | more than 6 years ago | (#21726136)

...this is important (beyond the address count issue) for the Feds specifically:

  • IPv6 has better security provisions within the protocol itself, making the usual run of D- through to F- on Federal security audits less likely.
  • The protocol incorporates many of the features back-engineered into IPv4 as standard, producing a cleaner design with fewer compromises and fewer flaws
  • Built-in support for protocol expansion means future updates should have less impact and be adoptable faster
  • Automatic configuration means fewer errors and less maintenance
  • Alignment of entries in the header means potentially greater throughput
  • Skript Kiddies will end up jumping off bridges as they won't know what to do
  • Software contracting firms are located in regions in which elections are due, creating excellent opportunities on both sides of the table

Re:A rough guide as to why... (1)

Bert64 (520050) | more than 6 years ago | (#21726270)

Script kiddies have been using IPv6 for years...
Just look at Efnet or IRCnet, lots of kiddies using ipv6 there.
From their perspective, larger number of IPs freely available means easier vanity hosts for ircing from, and it makes it a little harder for other kiddies to dos them offline.

Re:A rough guide as to why... (4, Interesting)

jandrese (485) | more than 6 years ago | (#21726352)

IPv6 has better security provisions within the protocol itself, making the usual run of D- through to F- on Federal security audits less likely.
This has not been my experience with it. IPv6 is way more complex and poorly understood than IPv4 and as a result it is a lot more likely to have an unexpected security hole when set up by actual human beings than IPv4.

Re:A rough guide as to why... (1)

gclef (96311) | more than 6 years ago | (#21726436)

A few comments (as someone who's pretty familiar with both IPv6 and gov't work):

Grades: I'm almost certain that none of IPv6's security enhancements will help the Agency's grades in the slightest. They're not graded on whether they're hacked or not...they're graded on how well or how badly they're keeping up and managing security. It is entirely possible (and quite probable) that the Feds will still manage security badly, even if they're on IPv6.

Automatic configuration: no one is going to run stateless autoconf. I'm sorry to say it, but realistically, everyone on a desktop user network is going to need DHCP (DNS servers are pretty important, and I can't get them automatically assigned with stateless autoconf). Once it's decided that you have to have DHCP, there's really no point to using stateless autoconf (yes, you can use them together, but why bother?). It was a nice idea, but the desktop networks won't use it (DHCP) and the server networks won't use it (static addressing)...and I don't see any other networks crying out for it.

script kiddies (I assume you're talking about huge networks making scans take insanely long times): honestly, the hackers have mostly moved on anyway...phishing and DNS attacks are the thing these days. Worms really aren't hammering networks the way they used to 3 or 4 years ago. While it'll be nice to make network scanning take impossibly long times, the biggest loser there won't be the script kiddies: it'll be the internal auditing groups, who won't be able to find their own stuff, either.

Given all this, there really isn't that much of a gain for the Feds...in some cases (self-scanning & discovery of unauthorized systems), there's even a loss.

Re:A rough guide as to why... (0)

Anonymous Coward | more than 6 years ago | (#21726882)

Ah, but can we trust Microsoft to implement a proper autoconfig? Somehow I doubt it.

This presumes that IPV6 is a good idea (2, Insightful)

postbigbang (761081) | more than 6 years ago | (#21726144)

and many would argue that it's not. The IPV6 address space is beyond reasonable, and the onerous idea of tracking every conceivable device right down to bullets fired (look it up) is staggeringly senseless overkill. We still have huge Class B spaces taken up by various hoarders that need to give it up and use some common sense. There are loads of CIDR blocks that need to be used or pushed back into the pools of available IPV4 space.

Those that do only the minimum to achieve IPV6 addressing are in my personal and technical opinion, doing nothing incorrectly beyond violating the spirit of mind-numbing nonsensical regulation. Even if IPV6 addressing were rational, then managing that space still needs work-- even after more than a decade of implementation.

Re:This presumes that IPV6 is a good idea (1)

hauntingthunder (985246) | more than 6 years ago | (#21726412)

Id say they where being prudent with the taxpayers money

Re:This presumes that IPV6 is a good idea (1)

jd (1658) | more than 6 years ago | (#21726560)

Addressing is this teeny tiny eenie weenie ittie bittie fragment of the changes involved in IPv6. I wish people would stop going on about it, it's an utterly insignificant component. And even if it were important, addressing is heirarchical by design (provided you use automatic addressing) and the bulk of problems involving it were considered solved by the 6Bone group at the time the protocol went native on the backbone. Routing on IPv6 is far simpler than on IPv4. It's also faster, because routing tables can be much smaller, which in turn is largely because there are far fewer special cases to consider.

But if you do want to delve into addressing, why not consider the greater range of multicast addresses? Or the fact that the automatic addressing scheme is ideal for mobile networking? Or the fact that automatic configuration eliminates many of the problems with network administrating? Or the fact that sparse address tables are easier to maintain?

Hell, if you only want to consider the addressing aspect, why not be relieved that TUBA was abandoned as the IP-ng protocol?

Re:This presumes that IPV6 is a good idea (4, Informative)

coolGuyZak (844482) | more than 6 years ago | (#21726658)

the onerous idea of tracking every conceivable device right down to bullets fired (look it up) is staggeringly senseless overkill.

I tried to look up the result on Google [google.com] multiple [google.com] times [google.com] and wikipedia [wikipedia.org] , finding nothing. Interestingly enough, your post is the first quote in the first google search.

If you're going to ask us to research something ourselves, please have the courtesy to provide enough information for the search.

Re:This presumes that IPV6 is a good idea (0)

Anonymous Coward | more than 6 years ago | (#21726710)

The IPV6 address space is beyond reasonable, and the onerous idea of tracking every conceivable device right down to bullets fired (look it up) is staggeringly senseless overkill. We still have huge Class B spaces taken up by various hoarders that need to give it..
Yeah, and 640K should be enough for anyone. You'll be singing a different tune when they yank your precious IP address due to shortage - "Priorities you see, someone more important than you needs them", is what they'll tell you, and there's always someone more important than you. I've already seen it happen here in Sweden. In any case, it would only be a temporary solution because the internet is here to stay and it'll just keep on growing. Go ahead, try to make them give the addresses up. They're not going to give it up without a fight because the address space is like real-estate with a value that's about to sky-rocket (once we run out). Would you give up the IP addresses knowing what they could be worth soon?

Look, I'm not an idiot, even I know that IPv6 isn't the solution to everything and there are aspects of IPv6 that I don't like but we are going to need more addresses soon and that's one thing IPv6 is guaranteed to deliver.

Re:This presumes that IPV6 is a good idea (3, Insightful)

fizzbin (110016) | more than 6 years ago | (#21726844)

How do you propose to get Class B hoarders (to say nothing of Class A hoarders who got their blocks in the 80s and early 90s) to turn loose of them? Other threads have talked about lawsuits being necessary. What do you know that they don't?

In any case, there is no incentive for government, business or anyone else to adopt IPv6 unless and until it costs them to get IPv4 addresses. ARIN and the other RIRs need to announce *now* that by, say, 2009, they will start charging for IPv4 address allocations. Then you'll see IPv6 take off. If the RIRs don't start charging, then in 2010 or thereabouts they will run out of space and IPv4 users will have to go to those address hoarders who most definitely will charge them. And the result will be a LOT more chaotic for the Internet.

Where is the carrot? (3, Insightful)

Slashdot Parent (995749) | more than 6 years ago | (#21726200)

What benefit does your average government agency get for switching to IPv6, and does it outweigh the costs?

Obviously not, because if the benefits outweighed the costs, no mandate would be necessary. Agencies would have long ago switched on their own.

And since costs outweigh the benefits, who can blame agencies for doing the bare minimum to achieve compliance? The writeup makes it sound like agency obstinance, but I view it is good budget stewardship. Agencies don't seem to want to flush good budget down the IPv6 toilet.

Re:Where is the carrot? (1)

Bert64 (520050) | more than 6 years ago | (#21726310)

You dont need to "switch" per se, you can use v4 and v6 at the same time easily.

It's a chicken and egg situation, organisations don't switch because other organisations/individuals they deal with haven't either.
On the other hand, if you enable v6 now you get a step ahead. Eventually the v4 addresses will run out, and people will have no alternative but to start using v6. Those of us who already use v6 will be good to go by then, and already have the kinks ironed out of our setups.

Re:Where is the carrot? (1)

Slashdot Parent (995749) | more than 6 years ago | (#21726440)

You dont need to "switch" per se
I agree with you that "switch" was a bad choice of words.

But my point still remains. If agencies felt they could benefit from the adoption of IPv6 more than said adoption would cost, no mandate would be necessary. So who can blame agencies for doing the bare minimum to comply with this mandate?

Re:Where is the carrot? (1)

Bert64 (520050) | more than 6 years ago | (#21726630)

Well, there are few short term benefits but plenty of long term ones.
These agencies don't care about long term, since their budgets are done on a yearly basis. That's where the problem lies.

*you* be the pioneer ... just remember the saying (0)

Anonymous Coward | more than 6 years ago | (#21726614)

"You know how to spot a pioneer? They're the ones with all the arrows sticking out of their back."

Look, being the guy who experiences ironing the kinks out of a new technology is great ... for your personal resume but it stinks for the organization that has to fund it if they aren't in the business of that technology.

I, for one, applaud those governmental agencies that are saving my tax dollars (to spend on other stuff, ha!) by waiting until IPv6 is well and truly out of the pioneering stage.

Re:Where is the carrot? (1)

Tony Hoyle (11698) | more than 6 years ago | (#21726860)

You dont need to "switch" per se, you can use v4 and v6 at the same time easily.

In which case why bother? You don't need two protocols to connect.. only one.

You *do* need ipv4 because a lot of applications, services, even websites are strictly ipv4 only - and for bespoke applications probably always will be.

There are no ipv6 only applications, services or websites. So you're just spending money for zero benefit.

Show a sound business case for adoption of ipv6 and you'll get adoption. Until that happens you won't.

Expect propaganda about the Cisco Kid any day now. (1, Funny)

infonography (566403) | more than 6 years ago | (#21726218)

Since Iraq and Afghanistan didn't go so well and Iran isn't popular expect the Bush administration to declare war on the 10.0.0.0 addresses.

Banner to read TRANSMISSION ACCOMPLISHED

I got the karma go ahead and troll me.

Dropping the ball? (1)

chriscoolc (954268) | more than 6 years ago | (#21726252)

Relax. They have six months to pick up the ball, and even at that who cares?

Perhaps they are rightly spending time on critical issues such as people running live wires into passenger jet fuel tanks, which -- on the face of it -- seems like a really bad idea.

Re:Dropping the ball? (0)

Anonymous Coward | more than 6 years ago | (#21726462)

Maybe they are waiting just a bit to upgrade. Ya' know with IPv7 just on the horizon.

By the way (1)

ValiSystem (845610) | more than 6 years ago | (#21726256)

One of the major french ISP has activated IPv6 last week, with autoconfiguration of user lan with global scope address. It's the first step for IPv6 here in france, and only geeks activated that option, but if a major application has success with IPv6 (read : a P2P file sharing that work well and only in IPv6), It is very likely that many people will activate it. The major problem is that people use their NAT as an "automatic" firewall, and i wonder the impact of global scope IPv6 address will have on machines corruption. Certainly a few impact at this time, but for the future, i don't know.

Anyway, get prepared for more and more IPv6 traffic, at least from france :)

Trying to push IPv6 (1)

Besna (1175279) | more than 6 years ago | (#21726258)

Where I work, I'm trying to push IPv6. Some are reluctant--only considering in face of federal policy. We're not really too far into networking, but there's room in both product and IT for it. You have to beat down the thick molasses when upgrading.

Why bother? (2, Insightful)

davidwr (791652) | more than 6 years ago | (#21726266)

As much as people hate stop-gaps like NAT, in some environments it is a cheap solution to several problems and doesn't introduce new ones.

Besides, how long did it take government computer networks to switch from proprietary systems like IBM's SNA, Microsoft's NetBIOS, Banyan's VINES, Digital's DECNET, Apple's Appletalk, and others to IPv4? IPv4 came out in the early '80s. I'd venture to say more than one government office was still using a completely-non-IPv4 network well into the '90s.

No, unless there is a big benefit that justifies the cost, most System Administrators are going to do as little as they can get away with, both in the government and in Corporate America.

Now, if you are in a shop where it's cost-effective to be on IPv6 then by all means why aren't you there already?

Re:Why bother? (3, Insightful)

Antique Geekmeister (740220) | more than 6 years ago | (#21726826)

Oh, NAT is more useful in several ways. It provides a single router or entry point that you can monitor for security reasons, it prevents people from running announced services such as HTTP, SMTP, or file sharing from their internal machines, and it draws a useful curtain of obscurity against activities you don't want traced back to their source.

Switching to IPv6 often involves hardware switchovers and the elimination of old services that simply cannot interoperate with it because they weren't designed to, and should have been discarded years ago but haven't been, and the original author has very much moved on.

why not an IPv4.1 (2)

FudRucker (866063) | more than 6 years ago | (#21726272)

add a nation tag to the end of IP addresses like 123.456.78.90.usa or 123.456.78.90.cn for China, would this be possible to implement @ the root backbone servers?

Re:why not an IPv4.1 (1)

plague3106 (71849) | more than 6 years ago | (#21726422)

because you can't fit "usa" into a single byte?

Re:why not an IPv4.1 (4, Informative)

jandrese (485) | more than 6 years ago | (#21726454)

Because there is no space in the IP header for that, and no router support. This means you'd have to extend the IP packet header by creating a new protocol number and once you get all of that stuff done and implemented, you have done just as much work as you would have done to switch over to IPv6 (which is afterall just another protocol number). One of the primary design goals of IPv6 was to avoid ever having to make this transition again (look how painful it has been already), so halfassed solutions that will require us to make yet another transition down the road are less than appealing.

It's already done, it's called 10. (1)

davidwr (791652) | more than 6 years ago | (#21726694)

More than a few insitutions use 10. for their own private /24 walled-garden "national" oops I mean institutional network.

Just be aware that NAT has its advantages and disadvantages. Unless you know you can live with the disadvantages this is not recommended.

IPv6 Changes (1)

GodCandy (1132301) | more than 6 years ago | (#21726286)

Having worked for a web hosting provider at one point, migration to anything new is scary. In our case it was more like will our clients sites still function correctly after they are migrated. Thus far they have put off migrating hoping that someone else would be the gunni pig on this one. I don't know of too many larger networks running on the IPV6 protocols yet. Hopefully in the near future someone will suck it up and convert. I think that someone will have to be the test bed and hopefully there migration will serve as a wakeup call to all providers who are still waiting to see what will happen. I honestly don't see a worldwide usage of ipv6 any time in the next few years. Maybe someone will prove me wrong. We will see.

Doesn't matter... (1, Insightful)

HogGeek (456673) | more than 6 years ago | (#21726290)

... The world is going to end December 21st, 2012.

We should have enough to get us there...

Academic Attitude (5, Insightful)

jeremiahbell (522050) | more than 6 years ago | (#21726292)

During this last college semester I expressed my disappointment that IPv6 wasn't being implemented as widely as I thought it should be. I also subtly hinted at my disappoint that IPv6 wasn't covered at all (except one half a page of 405). My teacher said "I think it will take a new generation of Network Tech to implement IPv6". How in the hell are we going to have a new generation implementing it when it isn't even taught? I just took that joke of a Network+ test and now I'm certified, and I don't know diddly-squat about IPv6. Thankfully Wikipedia is there to explain a little bit of it to me.

b.itch (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21726302)

they Are ComE be a cock-sucking

What doesn't support IPv6 these days? (2, Informative)

anticypher (48312) | more than 6 years ago | (#21726356)

Every major OS has IPv6 installed and enabled. Vista and XP, MacOS-X, all the BSDs, all the major Linux distros, Solaris. Older OSes like XP-SP1 or Win2k can get IPv6 installed or enabled with little trouble. It's a package install on Linux if it isn't there already.

Every major networking equipment supplier has IPv6 support on their product lines, although some still charge for turning it on. All the high-end Cisco routers and switches support it natively, but charge extra for the IOS image that can use it. Foundry's current product line supports it everywhere. Juniper has pretty much always had IPv6. Working down the list of less popular suppliers shows most of them have some level of IPv6 support. Sure, most of the older networking equipment can't deal with v6 traffic, and the useful life for old kit is long enough that it's still probably 70% of the installed base.

Most internet enabled mobile phones have IPv6 built in, but it tends to be invisible to the user because the phone companies are only using it for local communications, if at all. All the Nokias support IPv6 in their network stack, but I haven't seen one system that takes advantage, yet. iPhones and iPod Touches have v6 enabled by default, and if they connect to a WiFi system that has v6 router announcements, they'll autoconfigure and Safari will use it transparently.

Where IPv6 support falls down is in super-cheap consumer networking products. All those little $40 DSL modem+firewall+4 port switch boxes just don't support v6 at all. The only good news is from when I was in discussions with the Chinese company behind many of these boxes. The versions released in China are all IPv6, it's only the versions sold outside China where they just don't include it because there is no market demand.

The only real problem right now is with ISPs. Until the engineering staff inside ISPs and hosting companies take the responsibility to start turning it on, sales and marketing will remain blissfully unaware that it can be sold.

One of the largest IPSs in Europe turned on IPv6 to all 8 million users this week. They've done the right thing and made it opt-in for now, their customers have to go to their control panel web page and turn it on, but almost 50,000 people did in the first 24 hours. They turned it on, and their Macs and Win machines started using IPv6 with no need to do anything other than tell Firefox and Tbird to start using IPv6 for DNS lookups. Because this one major ISP did this, their main competitor has been forced to make plans to enable IPv6 in January. After that, any ISP that doesn't have IPv6 turned on will be branded as "obsolete" or "incompetent".

the AC

IPv6 still does nothing (2, Insightful)

Russ Nelson (33911) | more than 6 years ago | (#21726394)

IPv6 still does nothing for me. Until I can reach everybody who is listen()'ing for me using IPv6, having an IPv6 address, or IPv6 stack, or IPv6 routing doesn't help me one bit.

Until that happens, NOBODY can adopt IPv6. That's the law, and no legislation can change that.

who cares? (1)

moracity (925736) | more than 6 years ago | (#21726602)

Does it really matter if we run out of IP4 address space? A majority of the internet is either a waste or a joke - myspace, facebook, etc...it's all pointless crap.

Why not reclaim all the wasted, unused existing space? Adding IPv6 seems akin to raising taxes instead of controlling spending. It's going to cost a shitload of money and Regular Joe won't see any benefit.

Miredo (1)

Midnight Thunder (17205) | more than 6 years ago | (#21726808)

If you are interested in playing with IPv6 and are behind a NAT, then Teredo provides the necessary solution. There are certainly other 6to4 solutions, but they usually fail behind a NAT or require that your local gateway lets through certain packet types. Windows Vista already supports Teredo, from what I understand, but for other platforms an implemenation is available in the form of Miredo [remlab.net] . Its GPL licensed, for those who care.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...