back to article IPv6 networking: Bad news for small biz

IPv6 is traditionally a networking topic. Yet IPv6 is as much a business consideration as it is a technical one. As world IPv6 day rolls around again, we're going to see an ever-increasing amount of technical IPv6 coverage. Before we do, I think a business interjection is warranted. IPv6 was neither designed for small biz nor …

COMMENTS

This topic is closed for new posts.
  1. Christian Berger Silver badge
    Facepalm

    Uhm....

    First of all, there are still site local addresses, and those can be used easily for local stuff. Remember on IPv6 you usually have multiple addresses.

    This also means that your internal servers simply can be configured to not listen on their global IPv6, but only on the site local one... which is actually even the default for many systems.

    Changing ISPs is a hassle, but not to hard. You simply re-assign your global IPv6 addresses, leaving the local ones as they were. That's essentially automatic, and your home router will do that for you... automatically.

    You can assign the local IPv6 addresses statically if you want, BTW. There is little harm in that. Otherwise they will be defined by your MAC address, which rarely changes.

    1. a walker
      Happy

      Re: Uhm....

      Site Local addresses fec0::/10 deprecated in favour Unique Local Unicast due the problem of defining a site. The relevant description is cover in RFC 3879 which covers the addressing range fc00::/7

      1. Christian Berger Silver badge

        Re: Uhm....

        My bad, I apologize.

        However I stand my case that there are local addressing ranges, and those can be used to provide local services, completely independent of the Internet.

  2. Matt Bryant Silver badge
    Boffin

    For the wary....

    Whilst we have DHCP for production IPv6 interfaces, we have each and every device that has a management LAN interface have a fixed IPv4 address on that management interface, so we can at least get to them and dish out fixed IPs if required. We have been bitten before by DHCP and DNS failures.

    1. a walker

      Re: For the wary....

      Given that IPv6 permits multiple addresses per interface, you can configure the link local address either be assigned statefully (statically) or statelessly (auto generated), similarly the Unique Local Unicast can be assigned statefully (statically) or statelessly (auto generated) and like the Link Local are non routable addresses. In the same Global routable addresses can be assigned statefully or statelessly. Should stateful assignment be selected then this includes manual assignment or DHCPv6. Unfortunately configuring the computer system to do this is generally not just a tick box for each of the address types; which is more a limitation of the operating system and not the IPv6 standards

  3. Bluenose

    Like the EU the IETF is full of academics

    The problem with the IETF, the EU and all these other standards and other rule making bodies is that they start from an academic (read purist) position and do their utmost to avoid allowing any changes to what is a great theoretical approach so long as everything is the same or at least vaguely similar. The problems arise when the real world tries to interfere and points out that few if anything is the same for everyone and therefore you need a scalable model which may mean that you have inter-interoperability between sat IPv^ on your ISP provided firewall but IPv4 private addresses on your servers and other network connected devices for consumer or small business types. Although to be honest I think even biggish companies would appreciate that type of flexibility.

    However the issue is that it breaks the purists view of the world and therefore it should not be allowed. Business impact assessments need to be carried out when we develop these new standards and the models to do the business impact assessment must reflect ALL user types and not just the big boys with the budgets.

    1. Amonynous

      Re: Like the EU the IETF is full of academics

      " Although to be honest I think even biggish companies would appreciate that type of flexibility."

      Too right. We can afford Ci$co in the big offices, but in our business model, the small ones have to stand on their own two feet financially with no/minimal subsidy from the centre. E.g, try setting up a two man and a dog branch office in the UAE and watch your local profit go down the drain if you aren't prepared to settle for a domestic-grade dynamic IP4 address ASDL connection.

    2. fajensen Silver badge
      Mushroom

      Re: Like the EU the IETF is full of academics

      Err: IETF standards just happens to be written by "the real world" doing the real work: Companies like CISCO, Ericsson, Juniper and countless independent developers. If you, personally, dislike something because it is not real-world-ly enough for you, you can trot over and contribute by writing up your own proposals exactly like everyone else had to do. It is an entirely open process.

      1. Tom 13

        @fajensen: Written like somebody who has never been present

        when the standards committee meets.

        I have been. I wasn't the policy wonk. I was the guy who got to translate it back into regular words when they were done. They all claimed they were engineers not academics. It wasn't too terribly long after I'd actually graduated from uni. And if you'd have put them in a room with academics and told me to sort them out, I couldn't.

    3. Chris 3

      Re: Like the EU the IETF is full of academics

      The problem with the IETF, the EU and all these other standards and other rule making bodies is that they start from an academic (read purist) position

      Ahem

      http://www.ietf.org/tao.html

      "In many ways, the IETF runs on the beliefs of its participants. One of the "founding beliefs" is embodied in an early quote about the IETF from David Clark: "We reject kings, presidents and voting. We believe in rough consensus and running code". Another early quote that has become a commonly-held belief in the IETF comes from Jon Postel: "Be conservative in what you send and liberal in what you accept"."

      1. Anonymous Coward
        Anonymous Coward

        Re: Like the EU the IETF is full of academics

        "We reject kings, presidents and voting. We believe in rough consensus and running code"

        How do you know you have a consensus unless you perform a rough proxy of what is termed "a vote"?

  4. Cunningly Linguistic
    Thumb Down

    They can have my IPv4 static IP...

    ...when they prise it from my cold, dead router,

  5. Harry Sheppard
    WTF?

    Non-issue

    I've been using IPv6 at home for a couple of years now with no ill effects, initially with a Hurricane Electric v6 tunnel and then native v6 from A&A.

    I don't see the problem, I really don't, and I've rolled out v6 in a commercial scenario and then changed ISP with very little hassle. As Mr. Berger above says, judicious use of link- or site-local addressing sidesteps the majority of the problems.

    In a domestic situation, do you care if your IP address changes? No. uPNP, rendezvous, DLNA etc take care of most firewall / "finding things" issues and so once again it becomes a non-issue.

    Obviously just my experiences, but with very little effort v6 has been deployed both domestically and commercially with essentially zero fallout on networks I deal with.

    And I don't use Cisco or Juniper kit anywhere...

    1. Yes Me Silver badge
      Happy

      Re: Non-issue

      Well said. The article's premise was "IPv6 was neither designed for small biz nor consumers. " That's dead wrong. Actually it was true of IPv4, and that got all kinds of add-ons as a result (DHCP and NAT, for example). IPv6 was designed at the time when Appletalk was all the rage for small biz and consumers - that's why IPv6 has had address autoconfiguration since the first commercial release (in 1996, when DHCP was hardly deployable). Etc.

      What is true is that IPv6 opens all sorts of new possibilities for home and small office networks. They haven't all been worked out yet.

      1. Anonymous Coward
        Anonymous Coward

        Re: since 1996

        "IPv6 has had address autoconfiguration since the first commercial release (in 1996"

        But the article surely says "It's been 13 years since the original RFC for IPv6 was published"

        How can this be?

      2. Mark 65

        Re: Non-issue

        "What is true is that IPv6 opens all sorts of new possibilities for home and small office networks. They haven't all been worked out yet."

        The opportunity for all your direct connected devices to get owned? I'm sure that's been worked on well in advance.

    2. Anonymous Coward
      Anonymous Coward

      Absolutely right...

      ... the original article is wrong on so many counts it's not worth commenting on.

  6. Anonymous Coward
    Anonymous Coward

    Damn, I was looking forward to not having to deal with NAT or anything remotely like it ever again.

    - Anon network engineer.

    1. Anonymous Coward
      Anonymous Coward

      It's not implementing part of NAT which is a pain, it's the Manager telling me some obscure protocol doesn't work (and sometimes less obscure ones), and that I have to make it work not tell the Manager to get stuffed.

      - Anon network engineer.

      1. Ken Hagan Gold badge

        Re: the Manager

        I don't think that will change.

    2. Gerhard Mack

      not as bad

      To be fair LPT/SNAT are a *lot* less annoying to deal with than ipv4's DNAT since it is a 1:1 mapping rather than trying to map ports to multiple machines. With a 1:1 mapping the router will automatically know where to route the packet even if it's a new connection from the outside.

      1. Trygve Henriksen

        es, that bad!

        There isn't supposed to BE any 'new connection from the outside', at least not to anything behind a NAT Firewall.

        A 1:1 mapping as indicated with the ::1234 gives the attacker a straight path into the network without even knowing the 'Internal' addresses. (That's what it looks to me at least. May be wrong. Haven't read that much about it as all IPv6 docs give me a headache.) Which means that even the slightest programming error in the Firewall can have potentially disastrous results...

        1. Gerhard Mack

          Re: es, that bad!

          You might want to consider that there is more to this world than just web browsing. VOIP is already hugely encumbered with ugly hacks just to work around NAT and there are things I just can't do with the current setup. With IPv6 you can still leave the firewall to no incoming connections by default and enable privacy extensions if you are worried about people knowing the internal address of your machines.

          Not that it matters much anyways, we have long since past the point where even windows tends to be mostly secure port wise and the most common attack vectors are browser plugins and tainted downloads.

  7. itzman

    crazy academic led BS as usual?

    There is absolutely NO WAY the consumer world is going to transition to IPV6 without a NAT router that hides IPV4 addresses behind and IPV6 NAT router.

    Big companies may have the resources to implement IPV6 internally but not Mrs Jones in her council flat. She wants to plug and play.

    So I am sure that IETF approved or not, the consumer router companies will do some sort of NAT solution..

    1. Simon Neill

      Re: crazy academic led BS as usual?

      Exactly, it'll be like switching to digital tv.

      There will be thousands or millions of devices that still don't support ipv6 and are not getting replaced any time soon.

      1. Christian Berger Silver badge

        Re: crazy academic led BS as usual?

        Nope with TVs you actually had devices relying on television network access. So it mattered if your kitchen TV had access to television or not.

        However most IPv4 devices in the typical household do not need Internet access. Your printer doesn't need to be able to talk to the Internet, therefore it will still be usable if the IPv4 Internet should get closed down.

        In fact, for local services you will probably be able to run IPv4 for a _long_ time. The company I work at still uses NetBEUI, others use IPX. On your local network you can do whatever you want.

        1. Tom 35 Silver badge

          Re: crazy academic led BS as usual?

          "However most IPv4 devices in the typical household do not need Internet access."

          My less then one year old Blu Ray player has internet features from software upgrades to playing content from the internet. It's IPv4 only...

          Are there any "smart" TVs that support IPv6?

          1. Voland's right hand Silver badge
            Devil

            Re: crazy academic led BS as usual?

            Q: Are there any "smart" TVs that support IPv6?

            Yes - Samsung. All of their recent TVs are Android inside which has native support for IPv6. No idea if it is enabled or not though.

            In any case, there are a lot of untruths and half-truths in the article. The "Holy Church" of IETF is actually actively looking into all of this - the relevant workgroup is called homenet with the most active participants being Linksys, Dlink, Apple and other classic "consumer" device vendors.

        2. MacRat
          Happy

          Re: crazy academic led BS as usual?

          "Your printer doesn't need to be able to talk to the Internet"

          It comes in handy when I want to send my printer a page when I'm not home.

          1. Allan George Dyer Silver badge
            Joke

            Re: crazy academic led BS as usual?

            @MacRat - can I print to you're printer too? I've run out of paper. It's only a few reams.

      2. Ian 35
        Thumb Up

        Re: crazy academic led BS as usual?

        What devices don't support IPv6? Windows XP does back to SP1 I think, OSX does back to about 10.4, even old iPhones done, iPads do, everything with Linux back to God Knows When either does or can, etc, etc.. There's problems in enterprise, but in residential environments most kit, apart from the router which is often the ISP's anyway, will support IPv6 perfectly happily, and is probably chatting amongst itself behind your back already.

        1. Thomas Kenyon

          Re: crazy academic led BS as usual?

          IPv6 is available in Windows 2000 as well, you only need to switch it on.

          Also I know certain not especially new printers that talk IPv6, I have some xerox printers here that do. (again, only needs to be switched on).

    2. TomS_
      Stop

      Re: crazy academic led BS as usual?

      Tell that to Internode, an Australian ISP that has been offering native dual stack connectivity for years, and the IPv6 portion is done without NAT - 100% pure and natural IPv6.

      Would pay to do a little research before making any claims... :-)

    3. Daniel B.
      Boffin

      You fail at IPv6.

      By definition, end-users will get a 64-bit host segment with IPv6, which means you will always have at least a 2^64 address range, eliminating the need for NAT in most consumer markets. Consumer routers can simply implement the same firewall rules they do today, but they'll get a load off their back on preserving state for NATted connections.

      Local connectivity can be done with link-local addresses or the site-local ones if you really need to subnet the local IPv6 addys.

      And contrary to what this article's poster said, you *can* set up static addresses on IPv6.

      1. Ilgaz

        Lets pay for toaster ip too eh?

        Call a consumer grade isp and ask how much they charge for "fixed ip", nothing else.

        Now imagine having to pay for every single internet connected device.

        1. Martin 71 Silver badge

          Re: Lets pay for toaster ip too eh?

          Static IP from my isp? Free, on request.

          Admittedly it's 1 step above cheapo el crappo sky or virgin, but it's still domestic DSL...

        2. Jim Morrow

          Re: Lets pay for toaster ip too eh?

          > Call a consumer grade isp and ask how much they charge for "fixed ip", nothing else.

          > Now imagine having to pay for every single internet connected device.

          FFS! If someone is stupid enough to pay money to an ISP with a stupid business model, that's their problem. Both for the user and the ISP.

          You also appear to have no understanding of how IP addressing works.

          IPv4 addresses are almost exhausted, so ISPs are forced to suppress demand. That's why there's this abortion of private address space and NAT hard-coded into most CPE and also embedded in the mindset of ISPs serving the DSL and cable markets. Another aspect of this brain-damage is charging extra for customers who want fixed IP addresses. Or no NAT. These mean the ISP has less address space to make available for general use on demand. So they charge extra for something that should be already included in their base offering. But because they don't and customers value these things, the ISPs charge for them. Marketroids even have a term for this sort of evil: functional pricing.

          With IPv6, the *minimum* address space a customer will get is a /64. This gives each customer 2**64 addresses to play with: 4 billion times the size of the entire IPv4 Internet's address space. Almost none of that customer-specific address space will ever need to be "managed" and everything on the local network will have a fixed IPv6 address. There's no need for NAT or IPv4 style renumbering if you move providers either. A device on the home network will almost certainly use SLAAC, so the bottom 48 bits of the IPv6 address come from the MAC address of its wi-fi or ethernet interface. This will just work automatically. There's no need or reason to "ration" fixed IPv6 addressess or charge for them. The high end bits of the IPv4 address come from the /64 prefix given to you by the ISP, which leaves you with 16 bits to use for your own subnets.

          No ISP - not even the fuckwits at BT or TalkTalk - is going to build systems and procedures so they can provision the IPv6 addresses of every domestic appliance, beer can or mains socket that each one of their customers has allowed to connect to their domestic IPv6 net.

      2. Khoos
        Thumb Down

        Re: You fail at IPv6.

        The whole article reads like the author just wanted to rant about IPv6 and was not willing to get technical details in the way of a nice rant and/or trolling. Other publications hire better authors to write about IPv6.

    4. Ilgaz

      They don't seem to care, why would they?

      I mean, I was shopping for cheap router, wireless stuff. While the companies doing cheap stuff have great quality software and run Linux which is trivial to use ipv6, there is nothing on configuration etc.

      They don't seem to care and funny is, I didn't care too. If it matters? Buy another cheap thing.

      Ipv6 should have something that will impress end users and small companies. A lot of people have thrown away or (wisely) demoted their 28k modems to fax once 56k shipped.

      Or, like vhs to dvd.

      Let me tell the real elephant in the room which is way bigger than "internet" we talk about. Cell phone networks. If they pushed ipv6 to cell networking and give real ip to cell phones, ipv6 would see explosive adaptation. Just the idea of extra income from smart phone users for fixed ip instead of mad trickery and natural extension to home/ business net would convince them. Home users and 3 PC networks will adapt once they never have to do nat or even dmz trickery to access their screen/ media etc.

      1. Anonymous Coward
        Anonymous Coward

        Re: They don't seem to care, why would they?

        Actually, my Verion Wireless Android phone already gets an IPv6 IP automagically. My MiFi, not so much.

    5. Ian 35
      Happy

      MS Office still dominates?

      But IPv6 is working in houses anyway. I only found by accident that my AppleTV was talking to my iMac over IPv6 because I happened to look with an analyser (geek) and found that even my iPhone was talking to the AppleTV to run "Remote" over IPv6. One of the Windows machines was talking IPv6 as well, even to the Internet once I had a tunnel up. IPv6 autoconf is extremely effective.

    6. Jim Morrow
      FAIL

      Re: crazy academic led BS as usual?

      You lack IPv6 clue. If/when the consumer world gets IPv6, they will have no need for NAT AT ALL.

      Mrs Jones in her council flat will just plug and play: devices will just automatically get IPv6 addresses when they get plugged in. It will all just work.

      However she might have some stuff that's only IPv4 capable and this will need NAT or proxies, just as at present. She might well be surprised at how much stuff at home is already capable of speaking IPv6 if it was given the chance: printers, cameras, TVs, tablets, smartphones, etc.

      Anyone who talks of NAT in the context of IPv6 is like someone who expects mp3 players to stop and turn over an album half way through, just like was done in the days of vinyl LPs. Kids, ask your grandparents about 33rpm long-playing records.

      IPv6 is a game-changer. It doesn't need or use the assumptions that sadly seem to be held by some blinkered IPv4 users who are clinging on to horrors like NAT that belong in the same 1980s graveyard as dot matrix printers, X.25 and rotary phones.

      1. Anonymous Coward
        Anonymous Coward

        Re: crazy academic led BS as usual?

        You lack real day-to-day administration experience of networking.

        We have to have firewalls. Why? Back in the dream days of IPv4 nobody expected routine spam, port scanning, and hack attempts. Now one wouldn't dare plug their Windows computer directly into the Internet without at least a router in the way.

    7. Anonymous Coward
      Anonymous Coward

      Re: crazy academic led BS as usual?

      What OS are you running?

      Windows XP has the poorest of the IPv6 implementations (it's not there out of the box, you have to add it in later). IPv6 was there in Vista. Windows 7 and 2008 server both have IPv6. Solaris does. I think all the Linux distros have IPv6 support, certainly all the ones I have used do. MacOS and iOS both have IPv6 support. What is that I need?

      A NAT router that hides IPv4 addresses behind an IPv6 NAT router? Er, no. You don't. If you have some antique bit of kit that can't do IPv6 then IPv6 to IPv4 translation is a straightforward operation at the router. You don't need IPv6 NAT at home because your ISP gives you a prefix that you can use for all your machines at home. You need a firewall, just like you do now, it just doesn't need to be able to do NAT. (There is a use case for IPv6 address translation, but this isn't it.)

    8. Ru
      Facepalm

      "Mrs Jones in her council flat"

      Oh, not this tired old argument again. Mrs. Jones won't care, because one day she'll get a new router in the post with a note attached saying 'please swap this for your old router or your internet will stop working'. IPv6 is already plug and play in simple deployments; IPv4/IPv6 translating proxies have been available for some time now and work just fine for basic email and web traffic which is all that Mrs. Jones wants.

      The problems the article highlights are entire suffered by 'power users' and small businesses with complex requirements and without the wherewithal (financial, technical or both) to implement suitable solutions. Mrs. Jones does not need multiple ISPs. Mrs. Jones does not need to open any ports on her router. Mrs. Jones does not want to be able to use her home printer when she is out. Mrs. Jones wants no part of your technical arguments.

  8. John Sager

    *very* few IPv6-supporting domestic & SME router firewalls

    The lack of these is the main problem. Cheap domestic adsl routers are usually cpu-challenged and are probably also running out of memory footprint. Moore's law is curing that but probably not fast enough. And it'll be a chicken & egg situation - no demand so no supply. The low-cost ISPs will probably also start using RFC1918 internally & double NAT, like the mobile providers, suppressing demand even further.

    Having built my own router on a Alix board & Leaf-Bering Linux, once I ironed out the build bugs, it worked fine. It only took me less than an hour to change IPv6 prefix after I lost the old one due to some ISP cock-up. So it is possible to do IPv6 plug & play solutions for domestic use.

    If I were a small business with diverse routing, then 1:1 NPT at the border routers might be quite useful, and the internal routing protocol probably wouldn't even need to know about it.

    1. a walker

      Re: *very* few IPv6-supporting domestic & SME router firewalls

      Billion BiPAC 7800 ADSL+ Dual WAN router is cheap router which supports IPv6 and it is possible to tweak the ADSL modem settings to maximise performance. Since upgrading and tweaking the modem settings I have never failed to get the maximum connection rate. The Ethernet WAN connection will allow connection to VDSL or Fibre modems.

    2. Anonymous Coward
      Anonymous Coward

      Re: *very* few IPv6-supporting domestic & SME router firewalls

      "Cheap domestic adsl routers are usually cpu-challenged and are probably also running out of memory footprint. Moore's law is curing that but probably not fast enough."

      Moore's Law has nothing to do with it. Sure the some/most of the products are CPU challenged, but that is because they are using the cheapest processor and the least amount of memory in the devices. All they need to do is buy more memory and a better CPU. How about a newer ARM core. You still have products using an Intel Xscale processor; ones launched in 2003!!!!!!! Using Moore's Law, how much more powerful do you think a processor that is 9 years newer is? Why not a Cortex A8 or A9 to replace that old processor with. How much RAM do some of these products have; 16 or 32MB. Surely they could install more than 32MB; look at the current RAM chips (not modules), they are far more than 32MB. Look at the ASA line from Cisco, it is x86 based and they are using multi-core processors.

      It comes down to that the manufacturers buying the cheapest components they can and maximizing their profit; Moore's Law has nothing to do with it.

    3. Christian Berger Silver badge

      But those are popular

      For example the Fritz!Box routers which support IPv6 (except for really old ones) and they are usually the ones ISPs hand out because, although they may be more expensive, they are very reliable. Mine currently has an uptime of nearly a year.

      That's why they have a quite high market share.

  9. Jon Press

    Having been involved...

    ... both in the DECnet Phase V debacle and in the early days of IPv6 (and we're talking around 20 years that this has been in gestation), the failure to acknowledge the painful nature of transitions of this kind has a long history.

    DECnet Phase V (essentially based on ISO CLNS) was supposed to "fix" the 16-bit limitation of DECnet IV addresses in much the same way as IPv6 is supposed to "fix" IPv4. In theory, Digital should have had an easier time of it being a single vendor, but it didn't work out like that. Two of the many problems were finding people to take ownership of transition in a large organisation and finding money to spend on major changes that brought no immediate benefit. People inside Digital were deaf to the warnings because they saw no alternative except losing out to TCP/IP. And when the same warnings were sounded about IPv6, people in the IETF were deaf because TCP/IP had beaten DECnet and that's all they wanted to hear.

    In many ways, IPv6 is less complex (Phase V was more than a network-layer change), but the problem of co-ordination and proof of benefit is much bigger because the Internet is now so large and the existing user base doesn't see the problem. How do you get individual end users to replace their IPv4 routers? If you're a new business and you can't get an IPv4 address because they've run out, that's your problem as far as your clients are concerned - they can get to everyone else and they're not going to spend money just to solve your problem. Expecting incumbents to pay up to make way for new entrants is just not a workable strategy.

    Most end users, whether they be individuals or small businesses or bigger businesses, are going to do nothing. And, unless the ISPs want to deal with the support calls when the result of doing nothing is that stuff breaks, a solution will have to be found in which the result of most people doing nothing is that everything continues to work. However many layer violations are required...

    1. Yes Me Silver badge

      Still involved...

      "How do you get individual end users to replace their IPv4 routers? "

      You don't bother. But next time their box breaks, they get a new one that *does* support IPv6. IPv4 and IPv6 will co-exist for many years, and any service provider or content provider that doesn't have their co-existence strategy in place is risking their future revenue. This is what the non-academics in the IETF have been working on for the last couple of years. You can't compare it to the DECnet transition, where prolonged coexistence wasn't part of the design. Which is why Phase V didn't deploy except in a few odd corners, by which time DEC had vanished anyway.

      1. Jon Press

        Re: Still involved...

        There was provision in DECnet Phase V for Phase IV nodes to continue to exist but the issue of "prolonged coexistence" is essentially the same for IPv4: once you have addresses that cannot be represented in 16/32-bits then you have a partitioned network.

        The argument that IPv4 and IPv6 will co-exist for many years was a viable one 20 years ago when IPv6 was being designed and address-space exhaustion was a relatively long way off. It's only viable now assuming either:

        a) Ways are found to extend the life of the IPv4 address space untl a transition is complete

        b) Ways are found to work around the partitioning outside the network layer

        And, of course, that the rest of the network behind the router can be made IPv6 compliant in good time.

        The problem is that the longer you extend the life of the IPv4 address space, the less is the incentive to make any active change. If you're confident it'll hold up until there are so few Windows 95, Windows 98 and Windows 2000 machines left - and sufficient IPv4-only personal firewalls, wireless adapters and TVs, Internet radios, CCTV systems et al have expired - that ISP's customer support lines can cope with the residual calls, then fine. I just think that point might be further away than is currently envisaged.

        1. Jon Press

          PS:

          YA Brian AICMFP

    2. Anonymous Coward
      Anonymous Coward

      Re: Having been involved...

      "finding money to spend on major changes that brought no immediate benefit."

      Finding money when there's no demonstrable business benefit (except maybe "everyone else is doing it") is never a problem for the certified Microsoft dependent folks. Why the difference with IPv6?

      OSI networking and protocols (and Phase V for DEC) was going to be the answer to all the world's shop floor networking problems (MAP, Siemens AP, etc - not to mention TOP for CAD/CAM etc). Whatever happened to them?

      1. Roland6 Silver badge

        Re: Having been involved...

        >Whatever happened to MAP/TOP/GOSIP/OSI et al.?

        A very good question, particularly as the Enterprise Networking Event in June'88 demonstrated over 120 different vendors systems interoperating using 7-layers of MAP/TOP/OSI.

        The short answer (in my opinion) is that users discovered that Unix vendors were shipping TCP/IP (at this time the key application services were: Telnet, Sendmail/SMTP and FTP) for free, add in Sun's NFS and many connectivity and basic file sharing problems were resolved, particularly as TCP/IP+NFS was also available at reasonable cost for the PC, IBM mainframe, DEC etc. With the hard work done by tech's at various Interop events through the late 1980's a high level of interoperability between differing vendors offerings had also been achieved.

        Whilst TCP/IP is inferior to ISO/OSI in many ways - personal bias showing here :) the fact of the matter is that it worked and was readily available for many platforms and satisfied the immediate needs of many businesses (as the UK MAP/TOP/OSI confirmance test centre my company used TCP/IP+NFS both internally and to transfer images of OSI protocol stacks!) - with the arrival of the web in the mid-1990's the rest is history.

        1. Trevor_Pott Gold badge
          Unhappy

          Whilst TCP/IP [was] inferior...it worked and was readily available...

          You mean, people choose simple, easy and extant over complicated, expensive and reliant on future technologies and products that "the market will deliver?"

          Colour me shocked.

          </snark>

          Sorry, but I've been debating this topic (and BYOD!) with enough purists for the past few weeks that I'm a tad bitter. The divide is interesting. The purists rarely get the point of the article at all: they see only the technical arguments. They simply can't see past "but that's not right!"

          Worse, they are terrible are articulating why it isn't right, because they have been surrounded by people who think exactly like them for so long that they have simply never had to explain their position in a comprehensible fashion before.

          I was really hoping this article would spur a few of them to be able to defend their take better, maybe even produce the relevant products and technologies. Instead, they've made the same old mistakes over again, and I still fear we will end up with a NAT66 world.

          How sad.

  10. Anonymous Coward
    Anonymous Coward

    Now, Trevor, what IS stopping you from wearing a shiny hat?

    I often enough wear one explicitly, right here.

    IPv6 always struck me as... well, the addresses were offensively unreadable and far too large, for one. And apparently a lot of other people thought about it more or less the same way. Bit of a pity that the people designing the mess (and it is a mess) were looking so far beyond everyone else that they failed to notice the massive "meh" and didn't fix the flaws in the system. By the same argument that they started early, they had enough time to address the failure of techie consensus to connect with the rest of the world, and thus they failed early.

    Then again, I don't fully agree with your logic. We did well enough with NAT until we needed it because, er, that was the quick fix for which IPv6 was supposed to give the real fix. Had we not gone the cheap route everyone'd be used to dealing with the problems you evoke. Nothing stopping you from configuring the local parts as you like, static, dynamic, however, and having the router distribute the network parts. So basically that's the "temporary" fix and now you're denouncing the real fix for not living up to the temporary one's rough edges. Er.

    Besides, having had to switch a public IPv4 network from one block to another twice in short succession, in a SME, I can tell you it's doable in the same sense that running a network is doable: Once it's more than a few machines, you move as many as you can to DHCP. If that's not the case at your shop the problems aren't due to IPv6, it's due to an unorganised shop.

    Of course, many SMEs have router boxes that are "optimised" for NAT, can't do anything else, can't even do IPv6 at all. They do do DHCP, but only in a very basic, limited sense, not fit to actually run more than two desktop environment emulators on. In other words, they suck. But I daresay that's nothing but those el cheapo boxes' fault.

    I do agree that IPv6 is a bit of a botch. An unexiting botch that "feels" heavy and clunky enough that I'd rather avoid it altogether. But I don't agree that NAT must necessarily be the answer. Without, people'll adapt. Maybe we'll get home/sme integrated router boxes that suck less out of it. For their DHCP and other features generally suck, and needlessly so. Here's to wishful thinking. You don't need full BGP though, didn't need it then, don't need it now, won't be needing it going forward, to do last mile routing. It doesn't cross AS borders. How often does your prefix change? Stick it in the uplink edge and have it propagate from there. Or get it from the upstream via dhcp6 or ppp(oe) options or what have you. There are exceptions, of course, but those tend to be rather rare, so not very useful as a general argument.

    Anyhow. The high priests of networking are entirely right that NAT is to be avoided, though in practice not at all costs. But if anything it is used more than strictly necessary today. The reasons are only partly technical. They could have been less priestly and more practical in the past decade or so, that certainly is true. There could've been a workable IPv6 that people actually wanted to, and easily could, deploy. We don't have that. That certainly is a real problem.

  11. Neil Alexander
    Thumb Down

    Re: This leads into the other major issue with IPv6: the inability to do multihoming.

    Wrong.

    IPv4 and IPv6 multihoming is not any different whatsoever. Multihoming is the ability to route the same address space through multiple logically independent networks. The requirement for a "carrier-independent" address is exactly the same in both IPv4 and IPv6 if you want to perform true multihoming in the Internet BGP sense of the word.

    Don't blur the thick black line between multihoming and load balancing.

    1. Anonymous Coward
      Anonymous Coward

      Re: This leads into the other major issue with IPv6: the inability to do multihoming.

      That is only one definition:

      http://en.wikipedia.org/wiki/Multihoming

  12. Anonymous Coward
    FAIL

    The author ignores a key issue.

    Namely that it is perfectly doable to use both IPv6 and IPv4 together. So if you have a local infrastructure then you simply set that up in a way you always have. Then when its time to setup the /external/ (outside) connections then yes, something is going to change.

    But the described scenario where companies would have to change everything (routers, printers, etc.) is preposterous.

  13. Chris 211

    problem?

    ..and what is the problem with small companys remaining on ipv4 connecting to the wider world with ipv6 on the outside interface.

    1. Anonymous Coward
      Anonymous Coward

      Re: problem?

      And how does your IPv4 internal system specify that it wants to connect to an external host that has only an IPv6 address?

  14. Daniel B.
    Boffin

    The author hasn't really checked out IPv6.

    link-local and other types of address remove the need for NAT, which used to be "I need private addys to connect to my junk w/o being ISP dependant".

    The mandatory 64-bit host segment removes the need for NAT in consumer networks, as you have 2^64 IP addys to use from your ISP, and it'll work automagically.

    The only thing you don't have with IPv6 is the "hide my public IP address", which is mostly security theater. The real protection you have with "NAT" is actually the fact that all NAT implementing devices will also have firewall rules by default that block outside traffic from the inside.

    1. Old Handle
      Paris Hilton

      Re: The author hasn't really checked out IPv6.

      And that's another thing. Why on earth did they think we'd have a local network 4 billion times bigger than the current internet?

      It would seem more practical to make the local section smaller, use multiple network classes, have four tiers of networks within networks, or almost anything except what they actually did.

      1. pixl97

        Re: The author hasn't really checked out IPv6.

        Biggest reason for the (64)+(64) format is routing aggregation. There are already a lot of documents on how ISPs and such should address their networks as not to fill up the memory on the backbones routers. So your question really boils down to 'why didn't they make IPv6 addresses smaller?' like a (32)+(32) address. Much of it was the rate of change they had witnessed in their lifetimes. They went from no bit cpus (as in no digital computers) to 64 bit machines in a short period of time. Even in the 90s we realized that every limit we put on computer systems was being hit in short periods of time. Every time we hit one of those limits we have to upgrade to new systems to surpass the limit and layer 'hacks' to make the old systems work. Each of those boundaries costs a lot for the entire industry to overcome. Just think how fast 8 bit, then 16 bit, then 32 bit, and now 64 bit software and systems have arrived. They wanted to push the 'end' of ipv6 so far out that we'd have other issues to worry about, like the heat death of the universe, or capturing all the solar output for power generation. And some time in the future that forward looking will save us untold billions/trillions in not having to upgrade every device on our planet again.

        Also, you 'can' address smaller then a /64, but none of the advanced features of IPv6 work. There is an RFC on using /126's on PtP links.

        1. Dr. Mouse Silver badge

          Re: The author hasn't really checked out IPv6.

          "They wanted to push the 'end' of ipv6 so far out that we'd have other issues to worry about, like the heat death of the universe, or capturing all the solar output for power generation. And some time in the future that forward looking will save us untold billions/trillions in not having to upgrade every device on our planet again."

          Plus, the nanobots will only have devoured half our planet.

          http://3d.xkcd.com/865/

      2. -tim

        Re: The author hasn't really checked out IPv6.

        The / notation started out as a way to steal bits from the source and destination ports. So a network address 192.168.1.0/34 would take a 2 bits from the 32 normally used for ports addresses and allow 4 times as many hosts to networks. Things work fine up to about /48 where they start getting messy allowing 65,536 times more machines on existing IPv4 address space. The other cool thing about that solution is that most network gear moves the packets without a problem and you can configure very old machines to work by just playing with port numbers.

  15. jubtastic1
    Stop

    This topic always depresses me

    I admin a number of small networks, IPv4 addressing allows workstations to have a meaningfull, memorable and deduceable address, based off the workstation ID, VPN to a site and remoting onto a workstation is easy.

    If time is wasted, it's finding machines on DHCP, or sorting problems associated with broken leases or DNS, my clients don't have the budget for kit that works flawlessly, hence the bulletproof static addressing, with DHCP left for mobile equipment.

    It's not just that IPv6 isn't going to solve any problems for my clients, it's going to create them, it's going to increase their IT costs, it's going to make finding machines on DHCP harder, lengthening support calls and it's going to smother their networks with additional complexity that none of them are ever going to understand, or even want to understand. This last point may seem counterintuitive given that their lack of knowledge is what keeps my rent paid, but the value of having someone on site that has basic IT skills cannot be overstated.

    IPv6 addresses seem to have been designed to infuriate, we're clearly not supposed to remember them or try and make them relevant to the equipment they're assigned to, instead we're apparently supposed to trust a service to track where everything is, I suppose that makes perfect sense when there's thousands, millions of things to track and the equipment doing the tracking is appropriately priced, but when you've got less than 30 workstations to a site it's not just overkill, it's insane.

    1. Random K
      Thumb Up

      Re: This topic always depresses me

      Amen brother! I've only got maybe 80-90 IPs to manage. Hell, I've memorized most of them. Sub-netting even lets me keep the workstations from having access to the IP phones, since VLANs aren't possible with the low end kit we have in the office. This means no users f*cking around with the custom extensions and such the manufacturer so graciously decided to make available via web interface, but forgot to include any sort of user authentication. Of course scenarios like this are everywhere in the SME space. We just cobble together something that works using whatever we happen to have on hand.

      To make matters worse, all my workstations need static IPs, since SBS 2008's DNS never seems to know what the DHCP server (on the same bloody machine) is doing. I can't use DHCP now, and this is supposed to get better how exactly? So I get to send my boss a bill for manually entering and testing all these long incomprehensible IP6 addresses (several of which I am sure to enter incorrectly and have to troubleshoot), and we gain absolutely nothing. Yeah he'll love that.

    2. Christian Berger Silver badge

      Re: This topic always depresses me

      You do know that you can assign IPv6 addresses manually and encode lots of information into that. You can easily have addresses based on room numbers, or even serial numbers of the computers. You don't need to distribute the scarce of IPv4 numbers, you can just use a ::room-number:employee-number:count scheme, or whatever does the job for you. Hey you have 64 bits, you can even encode the host name of the computer into the address if you like.

      1. Anonymous Coward
        Anonymous Coward

        Re: This topic always depresses me

        You can register some private address space here:

        http://www.sixxs.net/tools/grh/ula/

        These addresses can then be statically assigned or via DHCP for internal use.

  16. Trevor_Pott Gold badge
    Trollface

    Note to those folks who feel I am "recommending NPT66" here.

    I'm not. In fact, I only have the one network with it at the moment; one I set up specifically so that I could figure out how it worked for the article. At the moment I have 16 IPv6 networks up, 4 of which are isolated testbeds. (8 new networks planned for this year alone!)

    The article exists for one reason: to let the high priests of the internet know “oh, BTW, that NPT66 thing that? It’s in products and in use in SME shops all over the damned place already.” In other words: the utter failure of the priesthood to engage care for the issues faced by SME outfits resulted in them (shockingly!) going out and choosing the cheap and simple alternative that actually already existed! Note the two key words: “cheap” and “simple.”

    “Right” and “wrong” aren’t in there. Surprisingly, SMEs and consumers don’t give a damn about IP morality.

    I see a lot of talk about “use link local or ULA for internal addressing, and that solves everything.” No. It doesn’t. You would still have to re-address all your external-facing servers. I don’t think you quite grasp what that entails. Let me spell it out for you:

    For ages upon ages, the big thing holding any SME back from spewing an unlimited number of servers all over the internet has been that they just can’t enough external IPs. They had to be conservative. They had to put time and effort into using as few servers as possible to use as few IPs as possible.

    In an IPv6 world, we have functionally unlimited addresses at a time where we also have the ability to spin up hundreds of VMs on a single physical box. So what do these people do when you give them this ability? They spin up an instance of $server for every conceivable need, attach it to $external_ip and virtual sprawl sits on the internet to a magnitude you cannot possibly comprehend.

    Renumbering these servers is an absolute bitch. It’s lunacy. Madness of the sort that makes SME admins pale, and then spontaneously vomit. “Flag days” are simply not allowed in 2012.

    In a NPT66 environment, you don’t have to renumber. Ever. Because none of those servers have an external IP address. The only thing holding an external anything is the firewall. It holds the external subnet. It then 1:1 maps addresses back to the servers. The address issues NPT66 solves are not for internal use, but the addresses they will use to serve content to the outside world. Cheaply and simply.

    Could you sit there and berate these admins for being “wrong?” Tell them they “aren’t doing it right” and that they need “education” to understand your point of view? Well…you could try. They don’t – and won’t – ever care to hear what you have to say. They are generally overstretched, working against impossible budget constraints, and usually have IT as a secondary or tertiary job.

    The article is an exercise in pointing this out. That 13 years of belittling and berating instead of addressing cheap and simple are now biting everyone in the ass. Do I want the high priests angry? Yes. I want to slap each and every one across the face with their own hubris. That is 100% the intent.

    Mocking and belittling me will earn you nothing. I am one individual. There are millions of SME admins out there, and I seriously doubt that the priesthood has the time to chasten and belittle each and every one of them thoroughly enough to cause them to change.

    No; quit the opposite. The solution to this problem must come from the priesthood itself. You need to get your nerdrage on. You need to get out there and solve cheap and simple with extreme prejudice. You need to advocate and educate that your cheap and simple solution works, works well and works as easy as the alternatives.

    Because cheap and simple IPv6 has shown up on our doorstep. And it is NPT66. 13 years of abject failure to address the practical issues have resulted in NAT being the easy choice for millions.

    So hey, insult me if it makes you feel better. Question my manhood, technical ability, parentage, DNA sequencing and whatever else gets your happy on. I’m from the internet, I can handle it.

    But when you’re done venting your spleen…please go make those cheap and simple products that the SME space needs, okay? Otherwise NAT will quite simply never die.

    Cheers!

    1. Trevor_Pott Gold badge
      Mushroom

      [expletive] typothetans.

      Quit = quite. There are others, I am sure. I blame the lack of coffee. In fact, that sounds like a great coffeecoffeecoffeecoffeecoffeecoffeecoffeecoffeecoffee...

  17. Fred Goldstein
    FAIL

    A total waste of time and money

    There is never any justification for using IPv6 for anything, period. It was a colossal mistake in the first place, made after IAB accepted TUBA, then took it back because the k1ddi3z at IETF didn't like it because it was tainted by having been related to OSI. The good folks on the IPNG project left and the B team, given bad instructions, cadged together IPv6. All that before the Internet was a widespread public service.

    The correct answer for the intermediate term is to stick with IPv4 and use more NAT and more private addresses. Net 10 is pretty big. NAT only breaks broken applications. View IP addresses as internal to that layer and the application-name as canonical, and suddenly it all works. Besides, a v6 internet won't be as useful as a v4 internet because all public sites are on v4, not all are on v6, so you need v4 anyway, thus v6 will never catch up. Plus v4 space is inefficiently used, so it can last forever with a modest market in address blocks.

    In the long term we retire TCP/IP itself and develop a cleaner protocol suite. It was, after all, a 1970s lab project that just worked too well to be thrown out, but it was not meant to scale to today's use.

    1. Jon Press

      Re: A total waste of time and money

      I'm afraid you're largely right. If there were any real merit in IPv6 it would have been deployed by now and noone would have noticed. It was pretty clear even 20 years ago that using the same protocol end-to-end suited small robust military networks - in which every route was valid and throughput was not the primary goal - but wasn't really the obvious solution for a heterogeneous global backbone where policy and payment became critical in routing decisions and quality of service and billing would be significant issues for the end-user interface. Unfortunately, the fact that CCITT had realised this too and hopelessly over-engineered their solution has made even discussing the basis of the TCP/IP "standard model" taboo within the IETF and blighted anything tainted by ISO, as you say. Ironically, of course, the whole reason that the connectionless model of networking was being pushed in ISO was to effectively fix the bugs in TCP/IP and have an international standard alternative to X.25.

      IPv4 will remain the main access protocol for the foreseeable future with a few larger outfits using IPv6. The backbone(s) will increasingly run different things, including but not limited to IPv6 and at some point there will be other access protocols. The time for IPv6 to be a ubiquitous protocol has long since passed.

      I'm not quite as sanguine that "v4 space ... can last forever with a modest market in address blocks" but if it doesn't the problem can largely be solved by hybrid hacks involving v4/v6 NAT and DNS. And the hacks will emerge when they're needed.

      1. Jim Morrow
        FAIL

        Re: A total waste of time and money

        > I'm not quite as sanguine that "v4 space ... can last forever with a modest market in address blocks" but if it doesn't the problem can largely be solved by hybrid hacks involving v4/v6 NAT and DNS. And the hacks will emerge when they're needed.

        There's no need for hacks or NAT. Just deploy IPv6. This will be cheaper and simpler. Bodging workarounds will create needless complexity and extra costs in network design and operations. In some cases, these hacks will not work. [Good luck getting two or more simultaneous audio/video streams to run via your NAT box.] And who's to say if the Next Big Thing on the interweb will not work with NAT at all? If you stick to this IPv4/NAT bodging, you will go the way of DECnet and X.25.

        1. Jon Press
          Gimp

          Re: A total waste of time and money

          "Just deploy IPv6. This will be cheaper and simpler."

          The cheapest and simplest option for me is to do nothing, that's the fundamental problem. It's also the cheapest and simplest option for everyone else who already has an IPv4 address. Especially if they're still running Windows 95, Windows 98, Windows 2000 or have (as the majority of people seem to do) a router than doesn't actually support IPv6 at all.

          Even if ISPs send out IPv6 routers to every end user, they'll go in cupboards or end up on eBay and even if they didn't, they wouldn't ensure 100% of customers were 100% connected.

          The Internet is no longer a bunch of research organisations with large capital budgets, network support departments and allocated cisco salesmen. It's mostly homes and small businesses with little or no networking expertise, largely unidentified equipment and paying small numbers of pounds per month for service.

          You might wish that for the greater good that customers would accept or even understand that IPv6 was their problem, but they won't. That's just the way things are, whatever the greater good. This is not ultimately a technical problem at all, it's a problem of human behaviour and the humans in this process are not going to "just deploy IPv6" however hard you try to persuade them and the ISPs don't have the money to deal with the individual problems that will arise if they tried.

    2. Neil Alexander
      WTF?

      Re: A total waste of time and money

      "The correct answer for the intermediate term is to stick with IPv4 and use more NAT and more private addresses."

      No. No no no. No no no no no, never ever. Never!

      NAT is a dirty hack which never should have existed in the first place. The Internet is designed to make machines globally routable. NAT breaks that very philosophy.

      If my ISP ever put me behind carrier NAT, I will cancel my service.

    3. Mike Pellatt

      Re: A total waste of time and money

      " NAT only breaks broken applications"

      That statement, I'm afraid, led me to ignore everything else you said. It's so, so, so wrong.

      "NAT breaks the network" is the correct statement. It's a horrible, horrible hack.

  18. moiety

    I don't get the problem. IPv6 just gives an address for the front door. You can do whatever you like inside.

    1. Jon Press

      Suppose your SatNav only accepts 7-character postcodes. Then in the future, Royal Mail decides that postcodes have to have 10 characters to improve address locality.

      WA143Q1C02 may be "just" the postcode of the address of a front door, but you can no longer enter it into your SatNav. The address may exist, but you cannot represent it and therefore cannot find a route to it.

      1. fajensen Silver badge
        Facepalm

        Then buy a new SatNav! A shiny brand new one costs less than the damn subscription for the annual software upgrades to the old one - at least it does with TomTom!! The yobs here don't even bother to nick them any more!

        The same principle applies to all the little shitty Netgear routers and cheap HP switches people have been running:

        If the kit is more than 3-4 years old, well: Its been written off already and the new gear gives so much more Bang/Watt that it is just plain retarded to keep relying on ancient stuff from long-dead product lines where there is neither support nor warranty.

        In many cases a years worth use of electricity for running the old crap will pay for the new crap!

        1. Anonymous Coward
          Anonymous Coward

          Written off in 3-4 years?

          Yes indeed. Every 4 years my employer says "lets chuck out the old stuff and get in brand new shiny kit for everyone".

          Does he bollocks!

          In the small business world, kit is retained until it is no longer usable or used. "Written off" for small business means as in as in middle car of a 10 car shu

          1. Trevor_Pott Gold badge
            Mushroom

            Re: Written off in 3-4 years?

            Amen.

            I find it completely fascinating how stark the divide is on this topic. Individuals from large enterprises, government departments or academic institutions all burble with uncontained rage. Flinging ad hominem attacks left and right, they demand retraction of the article followed by seppuku and erasure of all traces of my bloodline from the face of the earth.

            SME admins and business owners meanwhile nearly universally show support and understanding. I have had far – by a wide margin – more people thank me for writing about this topic and bringing the issues to light than I have had people demanding my blood for sacrificial use at the next Cisco Core Router christening.

            The issue at hand was never a question of what is technically correct. Obviously IPv6 the way it is designed now was designed by the brightest networking minds of three generations.

            The point that needs ramming home however is that this is completely irrelevant. SMEs and consumers who are living on the frugal edge don’t care about the technical purity of the solution. They don’t care about the “right” implementation versus the “wrong” one. They are not interested in anything except making their equipment do what it needs to do right now, today. They’ll cross whatever other bridges need crossing when they come upon them, if they happen to encounter them.

            What’s the net result? The net result is that a bunch people have started to buy equipment and implement technologies that save them money. How?

            1) The upfront cost is essentially nonexistent. A pfsense firewall works on that beat up old P-III…

            2) The maintenance cost is nonexistent. No retraining, no “replace things every 3-4 years,” no flag days for renumbering, no having to baby firewalls on every single device...

            Businesses demanded this stuff. And suppliers acknowledged this. Then they went to the IETF and shoved the NPT66 RFC down their throats. Now we have NPT66 working in the real world.

            Why? Because the SMEs and consumers in question aren’t just consumers of content. You’ll see a great deal of posts here in this thread about “just plug it in, and you can get on the IPv6 internet!”

            Not good enough. There’s more to it than simply accessing the internet. These people want to host things. They want control over their own servers without having to configure each and ever individual server’s firewall and remap the edge system each and every time the address assignment changes.

            Note that “they want control thing.” It doesn’t matter if you believe they shouldn’t have complete control. They want it. Cheaply and simply. And they won’t buy any solution that removes the control they have, degrades ease of use on establishing and maintaining that control or costs more than what they currently use.

            But the thing that doesn’t matter is the opinion of “right” and “wrong” held by nerds. And the fact that the nerds cannot understand this…that their only solution to this dilemma is to deride, belittle and launch ad homenim attacks means that businesses have taken the decision about what the future of the internet will look like out of their hands. They don’t get a say any more. The people with money have spoken, and that is the only group of people that matter.

            The technical point of view? It doesn’t matter.

            So get ready to welcome your NPT66 overlords. They’re here to stay. And no, these companies won’t be going out of business because they refuse to implement IPv6 the way that nerds feel it should be implemented.

            Quite the opposite: companies that refuse to supply these businesses with the goods they want won’t sell equipment, and they will go out of business. Websites that refuse to play ball simply won’t get users.

            The money is what talks. And the disharmonious chanting and warnings of doom heard in the distance?

            Nobody cares.

  19. Aqua Marina
    Happy

    I've always viewed...

    ...World IPV6 day, the same way I've always viewed World Esperanto day.

    Something that will never achieve anything in my lifetime :)

  20. Christian Berger Silver badge

    It's funny that....

    ...the people complaining the most about IPv6 don't seem to even have tried it yet, while the people who have tried it generally report no problems.

    But of course the anti IPv6 crowd happily dismisses everything that doesn't work with NA(P)T as "broken". I'm sorry, if you don't want the Internet, stick with Compuserve or X.25 networks, but please leave the net alone.

    1. Tom Maddox Silver badge
      Facepalm

      Re: It's funny that....

      You want to know how I know you didn't read the article?

    2. Anonymous Coward
      Anonymous Coward

      @Christian Berger - Re: It's funny that....

      NAT/PAT is just fine, fix the crappy apps that don't work with it and leave the net alone. Why would I want a Chinese guy have a direct route to my toaster ?

      1. Anonymous Coward
        Anonymous Coward

        Re: @Christian Berger - It's funny that....

        Because you are to dumb or too cheap to run a firewall?

  21. Camilla Smythe

    It's only two more fricking Bytes

    Speaking as someone who knows bugger fuck all about this 'shite' then IPV4 gave you,

    255*255*255*255 Blah Fucking IP addresses.

    Ergo moving from IPV4 to IPV6 gives you two more Bytes and you get

    255*255*255*255*255*255 Blah Fucking IP addresses.

    Fuck me if I call it 'not' rocket science but next up you will want IPV7 and IPV8 for 'scalability'.

    Stick another byte on the front end and you can scale up to IPV255

    Yadda Yadda Yadda.

    As stated I know bugger fuck all but would someone please NOT try to explain to me how it is so shit fucking hard to add another two bytes to an IP address in a manner that does not....

    Naturally you need not bother.

    As a self subscribed 'knuckle scraper' my brane processing power is mostly used to deal with extracting fluff from my navel should my eye things spot where it is and something to do with fingers and nails.

    1. Robert Heffernan
      Trollface

      Re: It's only two more fricking Bytes

      Honestly, I don't know if you are trolling or not but IPv6 does NOT add another 2 bytes, it adds another 12 bytes!

      Using your terminology (not the correct one for IPv6 by the way) the address would be...

      255.255.255.255.255.255.255.255.255.255.255.255.255.255.255.255

      1. frank ly Silver badge

        Re: It's only two more fricking Bytes

        6 - 4 = 2, so it sounds like she's talking sense to me.

        1. Destroy All Monsters Silver badge
          Trollface

          Re: It's only two more fricking Bytes

          Camilla is a man's name!

          1. This post has been deleted by its author

    2. tcpnetworks

      Re: It's only two more fricking Bytes

      You couldn't be any more incorrect if you tried!

      The addressing is not just a few more bytes.

      Read up on the topic before commenting.

      1. Camilla Smythe

        Re: It's only two more fricking Bytes

        @ TCP Networks

        No!

        255*255*255*255 is 4,228,250,625 addresses.

        This equates to 'about' 1 per person on Planet Earth.

        255*255*255*255*255*255 is 274,941,996,890,625 addresses.

        This represents a 65,025, probably plus a bit, increase in the population of Planet Earth.

        Not very fucking likely...

        Everyone gets one and 'nats', or whatever, the rest for their fridge/tv/vibrator plus gives www.gov the opportunity to snout.

        As for adding another 12 fricking bytes. Which dumb fuck came up with that idea?

  22. Oliprof
    FAIL

    NPT66 is NOT a solution

    So, more FUD about IPv6 with an article that totally fails to grasp key IPv6 concepts.

    1) NPT66 is still hardly more than an RFC, there are *no* trivially accessible implementations of this (as in, for the low-end folks), and sure as shizz not in home routers or even the latest build of OpenWRT - the only way you're going to get it is by merging a bunch of currently unstable Netfilter patches into the Linux kernel source and building yourself.

    2) It's largely unnecessary anyway - ISPs can delegate prefixes of /64 or larger to clients (either through RAs and/or DHCPv6-PD) which could then be announced on the LAN side for assignment to clients (something that could be achieved with ISC'd DHCP client and/or a bash script to invoke radvd and optionally dhcpd)

    3) Don't confuse multihoming with poor-man's load balancing involving round-robin SNAT on multiple separate IPv4 addresses - exactly the same tosh can be done with IPv6 but the responsibility moves to the endpoint (i.e. you give a machine an IP in every one of your subnets and configure it to use them in some per-connection rotated fashion) - of course, I have no doubt the plebiscites will be utilising round-robin IPv6 SNAT once it gets mainlined into the kernel.

    4) Suggesting the use of BGP to be a bad idea because of an issue in China is mentally retarded when you take a moment to that your provider, or their provider MUST BE USING BGP since, y'know, it's the backbone protocol of the *entire* Internet and therefore, any upstream prefix hijacking is basically *unavoidable* - on the contrary, at least if you do BGP yourself, you have the option of using stuff like pgBGP to at least have a chance of handling prefix hijacks.

    5) You can actually get a free IPv6 BGP tunnel from companies like HE providing you have your own ASn and subnet assignment from an RIR which is generally affordable if you get it via a sponsoring LIR, but also only something either an enthusiast or small business would do.

    1. Christian Berger Silver badge

      Re: NPT66 is NOT a solution

      Full ACK, however in companies you are likely to use a Proxy server anyhow so you can do content filtering and other things. You can also do poor-man's load balancing that way.

      BTW, point 2 is already done by consumer IPv6 routers. It seems to work quite well.

  23. Anonymous Coward
    Anonymous Coward

    IPv6 isn't happening any time soon

    Which organisations want to be allocated only IPv6 addresses? None - because their website(s) would be invisible to the majority of Internet users.

    No organisation is likely to authorise an IPv6 migration (a disruptive and expensive proposition) without some significant benefit i.e. because they really have to. Those who already have IPv4 allocations are not likely to migrate at all. In the last ten years, I have been asked to check that existing kit is IPv6 capable and to ensure that any new kit to be procured is IPv6 capable - but an actual IPv6 migration is not even on the horizon.

    There are plenty of IPv4 addresses but there is currently no sensible process to recover unused address space. My previous employers had only 500 employees but use a handful of addresses in 3 out of 4 Class C networks and have an entire Class B completely unused.

    1. pixl97
      Holmes

      Re: IPv6 isn't happening any time soon

      >There are plenty of IPv4 addresses but there is currently no sensible process to recover unused address space.

      There will be in the future... The value of that class B will become a way to boost the balance sheets. By what others have paid, it's worth $786,408US so far, a price not likely to go down. Now two things will happen, your company would feel retarded not selling a multi-million dollar asset they aren't using, or the government will find a way to tax you for your IPv4 holdings. If IPv4 addresses suddenly started costing their holders 1% of their market value a year that more funds would suddenly appear for v6 migration (just wait till IP4s are selling for $100 each on the market). Since I can sign up for about as many free ipv6 tunnels as I want and request a /48 for free, I'd say the taxable value of v6 will be $0 for some time.

    2. Christian Berger Silver badge
      Facepalm

      Re: IPv6 isn't happening any time soon

      Hmm, I think Facebook already uses both IPv6 and IPv4, so do many if not all Google services. You'd be surprised to see how many services are already available via IPv6.

      You also seem to misunderstand that it's not a "migration". Just like companies who got e-mail didn't turn off their fax machines. Of companies that got fax machines didn't stop receiving letters. People will keep their old IPv4 connections, just like mobile phone users still keep SMS and GSM telephony around.

      However it's so much easier to start new services via IPv6. For example building a decentralized network is a pain on IPv4, however it makes sense if you want to do things like social networks. With IPv6 this can be done trivially.

      Recovering old IPv4 ranges might save you a few months, but that would actually be a migration effort. You'd need to change the IP-adresses which is a _lot_ of work.

      1. JohnG

        Re: IPv6 isn't happening any time soon

        "People will keep their old IPv4 connections, just like mobile phone users still keep SMS and GSM telephony around."

        In which case, everything still works on IPv4, then there is no need for IPv6 and companies won't expend resources on it. That's the point - and it is the current reality. Whilst a few companies (e.g. Google) may be implementing IPv6 alongside their IPv4 offerings, the vast majority are not and have no plans to do so because there is no benefit in such expenditure.

        Recovering unused IPv4 ranges doesn't involve changing addresses because, we are discussing the reallocation of entire unused address ranges from one organisation (often defunct) to another. What has changed is that increased memory in routers allows for larger routing tables that arise when allocations are made in smaller chunks.

  24. Anonymous Coward
    Meh

    The short version

    If we move to another ISP under IPV6, private NATed devices would require re-configuring and also IPV6 breaks multihoming.

  25. pixl97
    Headmaster

    Can't wait for IPissV4 to go.

    IPv4 was fine for the small internet of the '90s, but its time has passed. Anyone who thinks that any type of one to many type of NAT is a good idea needs beat with FTP, VOIP, and numerous other P2P protocols (does it hurt to get bludgeoned with a protocol?, I hope so.) The number of hacks in all kinds of protocols has wasted more developer time and caused plenty of problems (SSL, Name based virtual hosting/HTTP)

    We will go from NAT being our firewall to a 'real' firewall being our firewall which needs to be properly addressed on lower end routers. A lot of home/small business users do dumb crap like disable their firewalls so edge protection is going to be important. By default they should block incoming traffic and a upnp like service from the workstation should say that it wants access to certain ports opened just to it.... With the benefit that every user can get the port they want without it being in use.

    As for some of the other issues I'm seeing people talking about... Address length/number of wasted addresses. The first for sets of colons are the important ones, Yes 2001:c3fd:000f:123a will be hard to learn, but after that your router will probably be 2001:c3fd:000f:123a::1, your desktop 2001:c3fd:000f:123a::2, your printer 2001:c3fd:000f:123a::3 assuming like many sme networks that you only deal with one subnet (/64 in this case). Now there are reasons not to address like that too, such as it makes it easier for hackers to scan your network.

    As for people saying we should have went with smaller addresses... So you want a Y2K38 or a Y2.1K problem? In the future there will be 100's of billions of devices capable of speaking on the internet, when the IPv4 was created we didn't realize that it would come to that. Seems smarter to use a solution that will keep from running out for the foreseeable future.

    1. Christian Berger Silver badge

      Re: Can't wait for IPissV4 to go.

      Well I know it's hard to defend the IPv6 opponents, but their views are entirely different than yours. They want the Internet to be split into 2 parties. One is Amazacegooglebook, the sole provider of services. They need about one half of the IPv4 space for their load balancers, while the rest of the addresses will be allocated to NA(P)T routers to allow users to access the services of Amazacegooglebook. All Information on the Internet needs to pass through them, because of the nature of NA(P)T. Direct communication is of course impossible.

      While this reminds anyone who has seen online services like Compuserve, Quantumlink, MSN and AOL (the later 2 having moved to the Internet) of the reasons why the Internet took off while those services gradually disappeared, this seems to be what IPv6 opponents want. That's why they spread FUD about IPv6.

      One lucky thing about this, is that the people who already have IPv6 can enjoy a network free of those people. It is, in many ways, a lot like the Internet used to be in the early 1990s, only faster.

  26. Herby Silver badge

    So, when do we migrate to IPv7 (or IPv8)?

    Maybe it is time to just regard IPv6 as broken, and start all over with something that will actually WORK. For the most part the first step is to have all the nice consumer grade routers to at least do IPv6 on the WAN side. Then I can deal with the IPv4 on my own local side. Unfortunately, my routers that I use (4 sites) don't have a clue. I use an "obsolete" router that has ALL sorts of nice features, like being a print server and allowing VPNs between the various routers. Oh, one additional thing, there is code in the router to setup dynamic DNS names so if the address on the WAN side changes (which it does if I restart the router) I can keep accessing my internal NAT stuff from the "outside".

    Currently most DSL lines here use PPPoE to get their address and this might continue when my ISP thinks about IPv6.

    Of course, we can go back/forward to IPv5, but to do that we'll need to talk to academics down the street (Stanford University) to find out what it actually does.

    Summary: Oh what a tangled web we weave, when first we practice to deceive.

  27. This post has been deleted by its author

  28. Stephen 11
    FAIL

    Ci$co and IPv6

    I have to call FAIL on the Ci$co's IPv6 support. Recently bought a RV220w which Ci$co claims supports IPv6, when the implementation does not actually support prefix delegation. This makes it impossible to obtain a native IPv6 address from our ISP.

    If enterprise hardware companies like Cisco still don't fully support IPv6 properly, what hope do home and small/medium business users have?

    /frustrated customer

    //purchased Cisco router specifically for its (claimed) IPv6 support.

    1. AskOllie.com

      Re: Ci$co and IPv6

      Sorry chap, but the RV220W is not a 'real' Cisco product. Says Cisco on the box, but this is a continuation of the product development done by Linksys previously. Designed as an easy-to-use (i.e. graphical user interface) product, and not a 'proper' network device.

      For less than £100 more, you could have bought a 'proper' Cisco router/firewall, like an 861W, and had 'proper' IPv6 support.

  29. James Anderson Bronze badge

    enterprises dont spend the money either

    Its not just small companies that balk at the costs if ip v 6.

    Most enterprise it departments have done the analysis. Cost high, disruption to business high, risk of outages high, benefits too small to measure.

  30. tcpnetworks

    Ok - you aren't living in reality..

    IPv6 NAT? Do you actually understand WHY NAT was developed? NAT was developed to stave off the problems of the old 32-bit address space running out, all the way back in 1994!

    NAT is not, will never be, and should never be considered by anyone with half-a-clue, as a security mechanism. NAT is easily over-ridden, tricked, fooled and generally countermanded by those who know what they are doing. NAT is about as much as a security mechanism as ITV is to fact-based entertainment.... Pointless.

    Ok - so IPv6 has a few flaws. There needs to be more done to make it work. This reminds me of the good ol' days of IPv4 in the 1990's. The whole reason we are getting onto IPv6 now is that the protocol is way over due for replacement. The problems inherent in v4 were significant, most of all there aren't any addressable spaces left now. Oah - how do we deal with multicast again? lets not get started on stateful security and DNS!!

    As technologies change to support the protocol (and we are only talking layer 3 and a bit of layer 4 here) then everything will be made simpler.

    To a point, many manufacturers are releasing IPv6-enabled hardware. Those who don't will end up having to sooner or later.

    This story is more a beat-up than anything else. I've put 43 sites onto Internode by IPv6, and they are performing flawlessly - two sites even have a dedicated AAAA with a www and mail sitting process sitting there.

    As the IPv6 infrastructure rolls-in, there will be a few that decide to beat their Neanderthal chests and do the usual "woah is me!" crap. But we hear this with every change.

  31. Baldy

    o_o

    will there be any such thing as public access points? at mickey-D's or anywhere else?

  32. The Chopper
    Megaphone

    IPv6 CPEs

    The Billion and Draytek routers that do IPv6 are financially out of reach of home users, but fortunately there are IPv6 capable low end CPEs - The Thomson TG582n and Zyxel AMG1202 routers, both coming in at under £40, are 'IPv6 ready' and will have IPv6 firmware released for public consumption very soon now.

  33. Peter Dawe
    Pirate

    The can-do engineers left IETF nearly 20 years ago!

    AS one of the Internet (IPv4) pioneers, I had the privilege to work with the pragmatic engineers who deployed and evolved the Internet infrastructure over the first 10 year. By the end of the first 10 years, the IETF and other standards committees were becoming stuffed with "Goers" who's role was to push corporate self interest, rather than the community interest. Most of the "Doers" gave up and retired to do work away from these stuffed committees. (E.g. Vint Cerf went off to do Inter-planetary Internet, ). It is ever thus!

    The non-deployment of IPv6 has been in the interests of the corporate ISPs as it meant they could sweat their assets until they lie totally exhausted. (This is still the case!).

    The truth is all we needed was to extend the IPv4 address space by 8 bytes! Simple!! But then the network hardware companies wouldn't be able to require all the infrastructure to be replaced. Guess who sits on many of the IETF committees?

    I really dislike companies that work against community interests, but I guess it is ever thus

    Good Luck

    Peter Dawe

    Founder and ex CEO PIPEX

  34. bnorddahl

    I am sure one can find some usecase for NAT66. Things like proxy servers are not dead either. Or load balancers. It all does the same job of redirecting traffic from one IP address to another.

    BUT - the article is dead wrong about the small office with multiple internet connections. The answer in this case is much much simpler: Attach two routers to the network; DONE. Its that simple. It will work. No NAT66 needed.

    With IPv6 both routers will announce themselves to the network. All computers will pick up two addresses, one for each router. All computers will continuously monitor the health of each router and within 30 seconds of a failure switch to the other.

    And yes, the office printer will also just work. The software knows about the automatic renumbering, it is smart enough to use link local addressing, which never changes, for talking to the printer. And using multicast for device discovery on the network.

    What about serving content to the public internet? The author links to a convoluted IPv4 NAT solution which does not provide a good solution for that either. Currently the only way to be true multihomed as a content provider is to use BGP - the same for both IPv4 and IPv6. But this is changing with the LISP proposal: http://www.lisp4.net/

    I believe LISP will basically solve everything the author is complaining about. No it is not mature yet, neither is NAT66 really. LISP is a MUCH nicer solution however with many other benefits too.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019