Feeds

back to article Ready or not, IPv6 is coming

Google last week touted the benefits and ease of switching to IPv6, the next generation internet protocol, while the IT world in general remains resolutely indifferent about the technology. Uptake of IPv6 is low, despite predictions that IPv4 numbers will become used up in as little as two years. A recent survey by the Internet …

COMMENTS

This topic is closed for new posts.

Page:

We

We have to disable it on our servers otherwise it messes with PHP's picking up of IP addresses (returns "::1"), or it's IIS that doesn't like it. Either way, causes issues. I hear Exchange doesn't like it either.

Apolgies if this was on page 2 or 3, got lunch to eat and boring technical comments to impart :)

0
0
jon
Paris Hilton

Opinion

I think most system admins and general IT bods would be happy to use IPv6 at home and work as long as their ISPs supported it, which they don't, so well, meh.

OFCOM should give them a quick poke :) Once Bloody Terrible (BT) and Vermin Media are forced onboard, then the rest will follow.

Paris; cause she can could show OFCOM how to...

0
0

IPv6 is a Value Subtract Service

The trouble is, from a business rather than techie point of view IPv6 is a "Value Subtract Service".

Its mostly ISPs who need to implement it (little point in buying IPv6 endgear without transit), but

IPv6 was designed as "just a small fix" : the same functionality, almost, as IPv4, but you no longer

get a side-market in static IP addresses. You only have to pay extra for dual-stack gear.

So ISPs only move to IPv6 when the pain is sufficient, such as Asians running out of IPv4,

or US cable modem giants for who 10.0.0.0/8 NAT isn't large enough.

The techie problem with NAT, though is the way it breaks so many apps, and routing: You really don't want lots of /32 servers out there.

0
0

Memory Problems

The youngsters may be OK but old farts like me can just about manage to remember something like 192.168.3.11 and would be unlikely to be able to cope with longer addresses.

Have a nice weekend.

0
0
Stop

Google and IPv6?

$ host www.google.com

www.google.com is an alias for www.l.google.com.

www.l.google.com has address 209.85.229.147

www.l.google.com has address 209.85.229.99

www.l.google.com has address 209.85.229.103

www.l.google.com has address 209.85.229.104

I see no IPv6 address.

0
0

Expiry date

As they state on their site, Intec NetCore get the data for their countdown timer from the analysis at http://www.potaroo.net/tools/ipv4/index.html

Another use of this data is at http://atchoo.org/ipv4/ , where I started logging the date predictions. It shows that the predicted date is extending into the future, for better or worse.

0
0
Stop

Well, no, it's not coming

IPv6 is one of the biggest fiascos in modern technology history. It was a horrible design that totally avoided the real issues that needed to be addressed. It encourages route proliferation, overloading the backbone. Any objective evaluation would throw it out as a low-quality undergraduate paper. Indeed it was glommed together by the "F-troop" of a committee (the people who knew what they were taking about left the IPNG project because it was being run by the fundies). Yet the IETF and the Internet Magisterium have been peddling this sack of rot since before the Internet was even open to the general public. Nobody's buying.

For what it's worth, most IPv4 addresses are not in use. What are running out are virgin homestead addresses. So what? We sell land that the King once issued to somebody long dead. Why shouldn't IPv4 addresses be recycled? But wait -- IPv6 has NO compatibility with IPv4, so EVERY SITE that uses IPv6 MUST have an IPv4 address or not be reached by IPv4 users. So until 100% of the world is on V6, which even the IPv6 backers think will take a decade, they all need IPv4 addresses anyway. (NAT can help conserve them, regardless of any IPv6 transition.) But if they all have v4 addresses, why go to v6? No chickens or eggs.

The Internet world needs to rethink its protocol suite, and stop listening to the box peddlers who see gold in hardware-intensive, service-intensive disasters like IPv6 and IMS.

0
0
Jobs Halo

IPv6 and the iPhone

The iPhone doesn't support IPv6 which is a bit ironic as it is one of the offenders that is leading to the demise of IPv4 address space.

I want to run IPv6 at home - why? Because I can. I'm not sure if the Acer Aspire One with the Linux build supports IPv6. I'll tell you if it does when the iPhone does.

The "IPv4 Exhaustion Counter" looks fun. Something I'll be checking on regularly.

0
0
Anonymous Coward

porn first

If all the porn went to v6 then home users would be beating on the doors of ISPs demanding an upgrade. You can practically hear the chants of the masses as they storm their local ISP.

"What do we want?

IPv6 PORN!

When do we want it?

NOW!"

0
0
Stop

The exhaustion counters is bunk, though

I started following it in November. At that time it was reading 789 days.

Today, 6 months later, it's reading 790 days.

It just isn't going down... either we aren't running out (logically you'd think we would be) or these counters are basically making up numbers, and aren't useful.

My own personal betting is we've got 10 years - we'll need it given the work that's required to convert applications, upgrade routers, firewalls, etc. that has barely begun and doesn't look like it's going to speed up any time soon (nobody has yet come up with a business case for ipv6, and business isn't going to move until there's a pretty solid case).

0
0
Thumb Down

It's simple...

The way to get any technology or product into the business, or even home, markets is simple. You make it available to the techs who have to install/support it and you show them a reason why they could possibly want it.

So far the opinions I've heard/seen are as follows:

1. IPv6 involves long awkward addresses that we have no idea how to force to be static, or even how to remember them for each device. It's difficult enough remembering the IPv4 addresses for the 8 devices on this 100-machine network let alone what the IPv6 addresses would be.

2. IPv6 causes horrible horrible problems. Applications, DNS queries (even on brand newly installed networks), and general network connectivity goes down the pan when you're trying to co-exist IPv4 and IPv6. IPv6-only networks just don't work either. How are we going to prepare and support things that just don't work?

3. What we have works. It's that simple. In the case of NAT situations all we need is an IPv6 address for the external devices that translate at the firewall and are forwarded onto the IPv4 address. From current experience we don't believe that is going to work.

4. We can't see why a simpler system couldn't have been used. I know the obvious complaints and negativity about it, but why isn't it possible for the current IPv4 system to just be extended? This (and I know the main reasons) could include separation by nation, for example - that way identification of where the intrusion attempts and spam are coming from (coughEasternEuropeAfricaandFarEastcoughsplutter) could be isolated more easily and those who don't want communication with those nations could block them by choice and only open up specific addresses for the times someone they want to communicate with was available.

We aren't against new systems, but when they seem this crap we see no reason to take it up.

0
0

Fred makes a good point.

And not only for the needless route proliferation.

There is no way to have a PI address in v6, which makes it useless for those of us that have more useful things to do with the internet than look at porn.

0
0
Thumb Down

The only good IPv6 is a dead IPv6

See also RFC5514.

0
0
Gold badge

Good luck with...

...persuading Grandma to either buy a new router to replace one that is working fine or upgrading the firmware in it to support a protocol that her ISP isn't offering yet and has no incentive to offer because there's no-one at EITHER end of the pipe.

Now if someone were to make IPv6 support a legal requirement (wouldn't need to be worldwide, doing it in any large market would result in the code being developed and tested, at which point it may as well be shipped everywhere) then it would at least be possible for a slow drift to occur.

I don't know if that's a good thing, though. The obvious "service" that might drive IPv6 is the fact that IPv4+NAT makes peer-to-peer such a bind. Increased adoption of IPv6 is therefore likely to result in millions of ill-secured boxes (currently hidden behind the non-addressability of NAT) directly on the web.

0
0

Same old same old

We've been running out of ip address space for years. Standard scare story. Until its made backwards compatible this baby ain't going nowhere.

Here's a thought, audit ISPs of their use of existing IP address space. How about getting back all the class Bs that were given out in the early days for instance.

0
0

@Ian Chard - that's because it's not as simple as that

See : http://www.google.com/intl/en/ipv6/

It depends which DNS server you're using. Even if you're not one of the 'qualified servers' you can still use ipv6.google.com :

$ nslookup -q=aaaa ipv6.google.com

[..snip..]

Non-authoritative answer:

ipv6.google.com canonical name = ipv6.l.google.com.

ipv6.l.google.com has AAAA address 2001:4860:a003::68

It only works if you have IPV6.

There is absolutely no way IPV6 will be popular in two years even with a decent business driver. There's only one ISP in the UK that'll supply IPV6 by default. The IPV6 tunnel brokers are not trivial to set up, simple to apply to or completely without limitations in some cases. ISP's supplying IPV6 will require equipment upgrades and it has no use for 99.999% of users.

Not to mention that the predominant OS (XP) does not enable IPV6 by default. Vista, Windows 7 and pretty much all modern Unixes do, but it'll take a while for them to become the majority. Consumer level embedded routers/firewalls don't support IPV6, either, so this is going to remain a server/business class technology for at least 5-10 years.

If you're a techie user, there's no reason not to fiddle around with it - choose a free tunnel broker and go through the hassle of applying and either setting up a tunnel directly to a system (danger! firewalling required!), or better make your own firewall which routes IPV6 traffic over the tunnel. Some tunnel brokers are rather crap, though, and it's not fun trying to figure out whether the fault in establishing a connection is at their end or yours..

0
0
Pirate

on the other hand...

Think about the people who are being helped by the delay. Do you think the Anti-P2P group Bluetack Internet Security Services (bluetack.co.uk) could really convert their blocklists from blocking 30% of the IPv4 space, to IPv6? and how would they do it?? They'll have to make up whole new lists from scratch!

It's these followon effects that harm small UK businesses like Bluetack, that are often overlooked....

0
0
Happy

@Google and IPv6

Google is running IPv6 alright, but you can't see that because you're not on a privileged network. :-)

http://www.google.com/intl/en/ipv6/

@Fred: It's coming, ready or not. You almost make it sound like IPv4 had no flaws. :-) Many things in the IPv6 standard are sub optimal, but saying that no good people contributed to it makes you look like you don't know anything about how the protocol was/is being developed. And on reclaiming IPv4 address space: How do you know what address space is unused? Please don't make the conclusion that unannounced and unused is the same.

The chicken/egg thing about IPv6 is readily solvable: Dual stack implementations.

0
0
Anonymous Coward

Uptake

"Uptake of IPv6 is low, despite predictions that IPv4 numbers will become used up in as little as two years."

Maybe that's because I've been hearing this for at least 6 years. Go ahead, cry "wolf!" again...

0
0
Stop

Come on guys....

Let me get this straight... enough IP addresses for everybody on the planet, no NAT....

One doesn't need to be a genius why a behavioural advertiser would be enthusiastic about IPV6.

Or maybe I'm just a sad old cynic?

0
0
Bronze badge

Give users the option and they might take it.

Look at the very existence of the dynamic DNS services - they aren't out there as interesting ideas, but are being put to use doing real work. Why? Because people want to address their machines remotely for whatever reason and need to know their machine's IP address. Of course there is going to be an overlap period while both protocols are in use but if you offer the user something on IPv6 that they can't have on v4 - a static IP address - people will gladly take it so they can remotely access their file system, printer or whatever. Right now there are too many hoops to jump through and so the technology does not catch on.

If users have an address that they can use - even an IPv6 one - then surely you will see new developments allowing people to genuinely use their home equipment as a server and access it remotely. The carrot for the end user is there - the blame lies squarely with the ISPs and telcos for not supporting and promoting the new protocol.

0
0
Mo

Running it here

My home network has a /48 allocated to it. When I hit Google, I do so over IPv6, because my upstream DNS resolver is registered in Google's v6 programme as one of the resolvers it should always return AAAA records for (as opposed to normal, where they only return them if you look up ipv6.google.com to avoid breakage):

[mo@pip ~]$ host www.google.com

www.google.com is an alias for www.l.google.com.

www.l.google.com has address 209.85.135.99

www.l.google.com has address 209.85.135.104

www.l.google.com has address 209.85.135.147

www.l.google.com has address 209.85.135.103

www.l.google.com has IPv6 address 2001:4860:a003::68

Excepting my iPod touch (see iPhone comments from Jez above - and rdar 6747399) and PSP, I think every device on this network has a public, routeable […and firewalled] v6 address. I'd be reading this via IPv6 now if El Reg had v6 transit to its servers. Even The Pirate Bay has an IPv6 tracker.

Indeed, that's the problem: hosting providers aren't willing to support v6. I asked ours and they told us they had no plans at all. MInd you, the more people who ask, the more providers will start to think about it. Same with ISPs (though it's arguably easier to get a tunnel into your network that's suitable for browsing as compared to one for hosting critical stuff).

I think the point of Google's statements isn't that 2009 will be the year of IPv6, but that it'll be the year that IPv6 gets talked about a lot more, and will probably see a lot more growth than it has previously. Lots of people *are* taking an interest, and a lot of the hassles in getting set up from years gone by just don't exist anymore. Getting a tunnel is easy, if you know how.

0
0
Silver badge

Where I work...

...we use most of a class-B space, but our new test-infrastructure is running on 10.x.x.x behind a NAT. Presumably we will eventually be able to trade in our Class-B on a Class-C address space and release most of those 64k addresses back into the wild.

We explicitly don't want P2P traveling off our local network, so NAT makes perfect sense in that case.

Freeing up more class A/B spaces for ISPs to divy up as /28 and/or /29 blocks to small users wanting a static IP and big NAT users could keep compact addresses going even longer. My TAFE netcomms teacher always claimed that we are not really running out of v4 addresses so much as large blocks of addresses are being hoarded by organisations who have long since gone NAT for security reasons and could do just as well on a class-C address.

0
0
Dead Vulture

Come on, El Reg

Why can't I access El Reg via IPv6?

I've been using IPv6 (dual stacked) for quite a while, and it's disappointing that so few content providers aren't up and running yet. Here's an inconvenient truth: whatever form of denial people are in, we *will* run out of IPv4 addresses in the next few years; get over it.

For Google, try ipv6.google.com. Their regular DNS names only resolve to IPv6 addresses if your ISP is one that they recognise to be IPv6-capable. If you really want to know, try http://[2001:4860:b003::68], but only if you know you have good IPv6 connectivity.

0
0
Boffin

One of the first things you do to speed up ubuntu

Is disable it ... meh

0
0
Thumb Up

It's simple

@Paul Charters:

1. 128 bits is indeed hard to remember. But do you remember all the the IPv4 addresses of the websites you visit? No, you use DNS, like you don't remember all the phone numbers in your phone. You use the names in your phone book. DNS works with IPv6.

2. Can you back your claim up? I run both IPv6 and IPv4 in parallel and I have no problems.

3. What we have, works, but badly. It is a pain in the ass to connect two computers who are both behind NAT to connect. Ever tried to connect your 192.168.0.1 to my 192.168.0.1? You need a bunch of tricks to get it to work. The result is slow and error prone connections that sort of work.

4. IPv6 *is* simpler than IPv4. IPv6 was developed to address short comings in the IPv4 protocol. Please look up IPv4 and IPv6 on wikipedia and take a look at the header format. You'll notice that IPv4's protocol header looks cluttered and IPv6's protocol header look much simpler. Simpler is better, faster. Extending IPv4 would make it even more complicated and cluttered. Separating by nation defeats the purpose of internet, i.e. to connect everything with everything, regardless of location.

0
0
Thumb Down

Artificial shortage

For over a decade I've been saying that we are not running out of IP addresses but we are running out of routes and history keeps driving that point home as the routers between major networks keep getting overloaded. My idea from the lear 90s was to assign only /24 blocks and tell the ISPs and the router manufactures they they are just going to have to cope with 16 million routes in their routers and get over it. AT&T built a router to do just this sometime in 1995 so its not that hard.

0
0

making IPv6 a requirement

The US DoD decided to transition to IPv6 by 2008. I don't know if they met their deadline though...

0
0
Coat

The G20 of IT

Just get together and make it work or else sod off, simple.

0
0
Unhappy

Not that well thought out

v6 is a messy protocol that greatly increases the ratio of overhead to useful data in a transaction. The arguments for it are not that convincing which is why the takeup's been so slow. We were getting dire warnings about the imminent end of the available v4 address space a decade ago but it never really came to much because most people aren't doing peer-to-peer transactions (not directly, anyway).

I am resigned to having to move to v6 sooner rather than later.

0
0
Thumb Up

v6 in two hours.

Hi,

Google getting front to back support in 18 calendar months is impressive, but people will smaller infrastructures will be fine. I got it rolled out across our backbone in 2 hours, and our systems team are rolling out v6 support to our services in turn. We have a new rule that any new services need to be available via dual stack. It will take us 3 months to fully roll out v6 support everywhere.

0
0
Anonymous Coward

A bit late in the day ..

In Japan and Far East they're using it (AFAIK) rather extensively. Why? Well, the US wasn't going to give those people a sensible size IP address allocation so they had to - the result is that they are about a decade ahead in their use of IPv6 and causes the US political grief because some other nation is technologically ahead.

History repeats itself: the US restricted technology access to other places they didn't like. The Russians and Chinese couldn't get decent computers or software, so they had to figure out how things worked themselves. They thus more or less self-trained to be a lot more efficient and inventive with what they had. And didn't quite fall for MS in the way the US friends and family clubs did - that's a double advantage right there.

God help us if the US starts restricting the Taliban.

Ah..

0
0
Thumb Up

Coming to Russia this year

One of Russia's largest ISPs, Stream, is making it available to all subscribers this year:

"Now at any point of our network, which interacts with the Internet, is IPv4, and IPv6. To our client- operators we already allow above the IPv4- connection IPv6- transit into the global IPv6- Internet. Important clients, who have the distributed corporate networks, have begun to manifest interest in this. In this year we intend to give access into the IPv6- Internet to all subscribers of Stream, although for this it is necessary to solve an array of problems, first of all with the support Of iPv6 on the service equipment."

Translated from the end of an article that also goes into the negatives:

http://www.iksmedia.ru/issue/2009/2/2540873.html

0
0

@Ken Hagan

>> Now if someone were to make IPv6 support a legal requirement...

Is that a hint for us to all write to our MPs? If it were the motor industry, they would have no problem legislating.

0
0

Routers

Anyone out there sell a home ADSL router with native ipv6 for less than three hundred quid?

Last time i looked i couldn't find one. That's what's stopping me going ipv6.

0
0

@same old same old

I agree entirely. How long should ISPs retain unused addresses before allocating them to someone else?

I just queried ripe.net and found that several ranges we used to use are still allocated to us, but we haven't used them for over 5 years, 8 years in some cases. Some of the ranges had 128 addresses, so for us alone there are a few hundred unsed addresses just sat there (from EasyNet, Virgin, RM Plc).

So I dare say if some time was spent checking unused addresses they'd claw back a few thousand at least. Assuming there isn't a rule somewhere that states they lie unsed for a certain number of years.

0
0
Stop

Clues are on sale this month. Buy now.

There's a lot of rubbish argument going on in the comments regarding IPv6. Lets discuss some of them:

1) IP addresses are too long.

So was the digit count in the year before 2000. We used '99' instead. We all remember the joy of Y2K (even though in the end nothing happened). The reason the IP address is so mind-numbingly long is so that in another 10 years time you don't all complain about the lack of IP addresses and we have to start down another road to IPv47 or something.

There is more than just IP count thats responsible for the 128 bits length too. If you actually bothered investigating IPv6 (oh wait.. that requires you have sense doesn't it...) you'd see that the bits are logically divided to provide adequate addressing in logical units.

For example, it is accepted that no network segment should be smaller than a /64. This gives you 2^64 IP addresses for your company network, and allows stateless autoconfiguration by munging your MAC address into an IP address. This is good design. It means IPv6 autoconfiguration is easy.

2) Route profileration contaminates the internet.

Again, you haven't been reading. When PROPERLY CONFIGURED these kind of packets should only exist on local internal networks. Backbones, etc. should be statically configured, as you'd expect from a professional level.

3) "We had problems and had to disable IPv6".

No, you had misconfigured software. PHP (even on Windows) handles IPv6 just fine, its more likely your system just wasn't configured correctly. True, I can't speak for ASP. If you have problems because of IPv6, its because of software configuration.

4) Nobody's using it.

Actually, Akamai (one of the internet's biggest content distribution networks) recently registered an IPv6 BGP table entry. Clearly they're taking IPv6 seriously.

5) Why bother? There's plenty of IPv4 space.

No, there isn't. It runs out next year by most estimates.

6) Why don't we just reclaim unused space?

Firstly, how do you plan to do this? Legal enforcement? You'll be in courts for years and not see a single IP come back. And why should organisations give them back? They paid good money for them, they have a right to keep them in "storage" until needed. You have no right to say to them "Look, you're not using and we've run out. We can't be bothered to install the next generation IP, so we're nicking you address."

7) IPv6 sucks. <insert reasons here>

I can't refute any claim of any particular feature or the protocol on a whole "sucking". However, I would ask a question. Where's your paper on an alternative protocol? Oh wait, you haven't got one. So shut up. Until you can suggest a better idea that the world will go for, you can't talk about anything.

8) There is no chicken and egg situation; IPv6 is just not wanted.

Wrong again. IPv6 hardware requires investment. Investment requires being able to see a return. Where's the return if no ISP customers use IPv6 ?

Where's the return if router manufacturers sell to customers who's ISP doesn't use IPv6 ?

One chicken and egg scenario. Fortunately, this has been mitigated a little lately by tunnel brokers that provide IPv6 connectivity over an IPv4 link. This helps get it into use, but not everyone can have an IPv4 address as an endpoint.

By the way, I use both IPv4 and v6 at home and have NO TROUBLE WHATSOEVER. Maybe thats because I know what I'm doing, but for me it just works. Firefox looks up host details for a website. Sees an IPv6 address. Sees I have a public IPv6 address. It makes the connection. No AAAA record? It uses IPv4 instead. Most IPv6-enabled applications work in the same way. Again, if you're having trouble ITS NOT IPV6S FAULT!

Oh, and something else that other people might want to know, if you get weird DNS issues or timeouts when you enable IPv6, thats because your router is programmed by monkeys. This is a well known issue where some routers mishandle the AAAA records for DNS and return "nonexistent domain" instead of passing the records on properly. The solution? Get a proper router or run your own DNS server. Its not hard. You can get simple free caching DNS servers for Windows that will sort this one out.

So, can we stop spreading FUD, myths and Unbelievable Bullshit(tm) about IPv6 ? You'll only slow down the take up of an otherwise perfectly acceptable protocol. And when we do run out of addresses, it'll be all of you going "oh shit! we should have done something about this!" as find bits of the internet are accessible to your IPv4 only connection.

-- Richard

0
0
Bronze badge

Availability

I have three colocated (virtual) servers (different companies and data centres) and a home ADSL connection. My ISP was quite happy to enable native IPv6 on request, as was one hosting provider; a second server is tunnelled, since that provider's upstream provider offers free tunnels from that data centre, one hop away.

IPv6 isn't hard to get or use - the tough bit is getting a working IPv6 only setup which can access IPv4-only resources reliably. A dual-stack setup is easy enough, but does nothing to conserve IPv4 addresses!

Perhaps universities, big companies etc could switch to NATted IPv4 with routeable IPv6; somehow, though, I suspect IPv4 will keep going as it is for quite a few years. The /8 top level blocks will run out eventually, then the regional registries will get squeezed, and finally organisations will start feeling a push to make changes - but not until then. As long as there are still IPv4 addresses available, why bother?

With NAT, having "only" 4 billion addresses for whatever subset of the 6 billion people actually have Internet connections doesn't seem that bad.

0
0
Silver badge

Bah!

Why on Earth would we need new addresses anyway? They'll only get snapped up by Russians, Nigerians and Bosnians so they can run yet more spambomb farms, XCSS attack batteries and phishing barrages. Why spend all that effort on "proper" confuguration of routers if 99% of what they route is pernicious, anti-personnel crap?

The *problem* with the internet isn't that it's too small. It's that we have no way of identifying and disposing of the sewage BEFORE it has clogged the pipes we need for legitimate pron viewing, "e-commerce" (a web 1.0 term for buying bondage gear over the net) or video-on-demand (a web 1.5 term for viewing pay-per-view pron movies over the web).

"A million addresses per person"? I thought that the New World Order was all about thinking smarter, not just moving the problem horizon until we can't imagine seeing it again in our lifetimes. There's no point in my having a million addresses if every one of them is a constant torrent of Pen1z P1llz ads or begging letters from the Nigerian Finance Minister. Nor am I particularly interested in having a million times the places gits can stash the stolen copies of my credit card information.

"It's broke, but no-one will know that if we make it hucking fuge"?

This sounds like Hawkwind thinking to me; if the instruments are out of tune, play louder.

0
1
Unhappy

How many ????

3 Billion ????

That's NOWHERE near enough addresses when all those 'developing countries' spend the G20 Billions.

Apparently, there are 6 Billion peeps in the world NOW !!!!!.

What about their intelligent fridges etc. ?????

0
0

worried

I'm worried XP might need to be rebooted after enabling this ipv6 thing.

/because if linksys (as my router maker) and my ISP are not totally incompetent that is all...

0
0
Stop

IPv6 and Security?

I have recently setup IPv6 in our testlab (including multiple subnets and all the routing) and did the IPv6 compliance testing for an upcoming release of a product.

IPv6 is not particularly hard to setup, but it doesn't improve security in any way.

It happily works with normal unsigned DNS, and it doesn't enhance the security for applications either. It's simply another addressing scheme and people need to stop peddling the lie that IPv6 will magically make the internet more safe or secure.

My ISP's actually does support IPv6, but only via tunnels (as most DSL router can't handle it), but I don't want tunnels bypassing my perimeter firewall so I've not bothered with it (that and the fact I don't need / want internet routable addresses for every node in my home network - NAT is another layer of security as far as I'm concerned).

It's also inaccurate to say that IPv4 numbers are close to running out. The truth is that there are a lot of organizations out there sitting on allocations that they don't need which they refuse to return to the pool (like IBM with it's 9.x.x.x/8 class A allocation that it uses internally).

0
0
Boffin

@LaeMi Qian

"our new test-infrastructure is running on 10.x.x.x behind a NAT."

That works well for quite a while... putting your entire network on a 10.x.x.x network. Until one day you find that a data sharing agreement with a customer, supplier, or new business partner (due to a company merger) needs to share some data, and you have to provide some mutual network access. "No problem", you think, "I'll just set up a VLAN, and we're good to go!" Until you discover that they too are running on 10.x.x.x. D'oh!

Now you have to run ANOTHER layer of NAT to connect the two networks. Ok, if it only happens one time, that's not too terrible (I've had it happen several times, myself, thanks to a merger and a couple of customer requests). Of course, even if it's just one extra NAT step, when you go to your new partner facility and try to remember the IP of your machine... oops, I'm on this side of the network now, what's my new NATed address?

How about internal DNS? Oops, now I need to convince the DNS admins to set up an oddball scope, or some specialized servers. That stinks!

Corporate web proxy: got to bug another group for special rules.

Boffin icon, because I've had to fight those battles before...

0
0
Black Helicopters

Tin Foil Hat angle

So, the IPv4's are running out?

Can someone please tell me how I can stockpile them in my basement next to all the beans and ammo? I think they could be useful as currency once the global monetary system collapses.

0
0
Thumb Up

OSI Returns

Back in the day the larger OSI address space was forestalled by the "IP Bigots" with the use of NAT. This was a cludge which is now showing its age. IPv6 borrows heavily from OSI and it will work. Give it up and do some reading. Network protocols prior to TCP/IP had much smaller address spaces and had to resort to a number of subterfuges to allow national and international networks. The world has not always been IPv4. The Internet must continue to evolve. And I would not at all be surprised if IPv6 is modified as it continues to be deployed.

0
0
Silver badge

IPv6 and security

You're right, IPv6 doesn't improve security. It does, however, make it easier for people to create better security. The security extensions in IPv4 are all optional - you can't rely on the stacks at both ends being able to support signed or encrypted packets, so you may need to install additional software before it will work.

With IPv6 it's all built in and support for encryption, authentication etc is mandatory. Whether or not people will choose to take advantage of this, is another matter.

BTW it's a bit unfair to IBM (I can't believe I just wrote that!) and others in a similar position to claim they're 'sitting' on Class A addresses. As you point out, they're using them internally (quite legitimately). I'm sure if someone was prepared to reimburse them for the costs of moving to 10.0.0.0/8, they'd be prepared to consider doing so. Anyone who's undertaken a transition from public to private IP addresses will know the cost of doing so on a large network is far from trivial.

0
0
Silver badge

Home Routers?

How about encouraging all the router manufacturers to include code to handle IPv4 on the LAN and IPv6 on the WAN side of their routers? Do it in a simple-enough manner that it's not hard for users to carry on as before with a default local 192.168.0.0 subnet while presenting IPv6 to the outside world, and things could carry on for some time. More advanced users could configure the router to allow either a mix of v4 and v6 or choose to go completely v6.

As far as I know, Linux can do all of this anyway, and as most routers seem to run some version of Linux, they should be adaptable. OK, it might break the flash/RAM limits, but memory is getting ever cheaper/larger.

0
0
Silver badge
Joke

Compromise solution?

Can't we agree to use IPv5?

0
0
Orv
Thumb Down

@Francis Fish:

Windows Vista, too. Where I work a lot of departments disable IPv6 on their Vista machines because network access is so slow with it enabled. Lots of delays and timeouts.

I once saw a comment that IPv6 attempts to solve the problems of 1995 today. It's sort of true. Somewhere along the line everyone realized that connecting every printer, PC, and refrigerator directly to the Internet is a bad idea from a security standpoint. Once you have a firewall in place, NAT is a trivial thing to add, and IP space exhaustion becomes a lot less scary.

0
0
Thumb Down

IPv6 not a reliable protocol

IPv6 not a reliable protocol, we are working on it and have found many drawback on it.

0
1

Page:

This topic is closed for new posts.